xref: /freebsd/crypto/openssh/nchan.c (revision f856af0466c076beef4ea9b15d088e1119a945b8)
1 /* $OpenBSD: nchan.c,v 1.57 2006/08/03 03:34:42 deraadt Exp $ */
2 /*
3  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #include "includes.h"
27 
28 #include <sys/types.h>
29 #include <sys/socket.h>
30 
31 #include <errno.h>
32 #include <string.h>
33 #include <stdarg.h>
34 
35 #include "ssh1.h"
36 #include "ssh2.h"
37 #include "buffer.h"
38 #include "packet.h"
39 #include "channels.h"
40 #include "compat.h"
41 #include "log.h"
42 
43 /*
44  * SSH Protocol 1.5 aka New Channel Protocol
45  * Thanks to Martina, Axel and everyone who left Erlangen, leaving me bored.
46  * Written by Markus Friedl in October 1999
47  *
48  * Protocol versions 1.3 and 1.5 differ in the handshake protocol used for the
49  * tear down of channels:
50  *
51  * 1.3:	strict request-ack-protocol:
52  *	CLOSE	->
53  *		<-  CLOSE_CONFIRM
54  *
55  * 1.5:	uses variations of:
56  *	IEOF	->
57  *		<-  OCLOSE
58  *		<-  IEOF
59  *	OCLOSE	->
60  *	i.e. both sides have to close the channel
61  *
62  * 2.0: the EOF messages are optional
63  *
64  * See the debugging output from 'ssh -v' and 'sshd -d' of
65  * ssh-1.2.27 as an example.
66  *
67  */
68 
69 /* functions manipulating channel states */
70 /*
71  * EVENTS update channel input/output states execute ACTIONS
72  */
73 /*
74  * ACTIONS: should never update the channel states
75  */
76 static void	chan_send_ieof1(Channel *);
77 static void	chan_send_oclose1(Channel *);
78 static void	chan_send_close2(Channel *);
79 static void	chan_send_eof2(Channel *);
80 
81 /* helper */
82 static void	chan_shutdown_write(Channel *);
83 static void	chan_shutdown_read(Channel *);
84 
85 static char *ostates[] = { "open", "drain", "wait_ieof", "closed" };
86 static char *istates[] = { "open", "drain", "wait_oclose", "closed" };
87 
88 static void
89 chan_set_istate(Channel *c, u_int next)
90 {
91 	if (c->istate > CHAN_INPUT_CLOSED || next > CHAN_INPUT_CLOSED)
92 		fatal("chan_set_istate: bad state %d -> %d", c->istate, next);
93 	debug2("channel %d: input %s -> %s", c->self, istates[c->istate],
94 	    istates[next]);
95 	c->istate = next;
96 }
97 static void
98 chan_set_ostate(Channel *c, u_int next)
99 {
100 	if (c->ostate > CHAN_OUTPUT_CLOSED || next > CHAN_OUTPUT_CLOSED)
101 		fatal("chan_set_ostate: bad state %d -> %d", c->ostate, next);
102 	debug2("channel %d: output %s -> %s", c->self, ostates[c->ostate],
103 	    ostates[next]);
104 	c->ostate = next;
105 }
106 
107 /*
108  * SSH1 specific implementation of event functions
109  */
110 
111 static void
112 chan_rcvd_oclose1(Channel *c)
113 {
114 	debug2("channel %d: rcvd oclose", c->self);
115 	switch (c->istate) {
116 	case CHAN_INPUT_WAIT_OCLOSE:
117 		chan_set_istate(c, CHAN_INPUT_CLOSED);
118 		break;
119 	case CHAN_INPUT_OPEN:
120 		chan_shutdown_read(c);
121 		chan_send_ieof1(c);
122 		chan_set_istate(c, CHAN_INPUT_CLOSED);
123 		break;
124 	case CHAN_INPUT_WAIT_DRAIN:
125 		/* both local read_failed and remote write_failed  */
126 		chan_send_ieof1(c);
127 		chan_set_istate(c, CHAN_INPUT_CLOSED);
128 		break;
129 	default:
130 		error("channel %d: protocol error: rcvd_oclose for istate %d",
131 		    c->self, c->istate);
132 		return;
133 	}
134 }
135 void
136 chan_read_failed(Channel *c)
137 {
138 	debug2("channel %d: read failed", c->self);
139 	switch (c->istate) {
140 	case CHAN_INPUT_OPEN:
141 		chan_shutdown_read(c);
142 		chan_set_istate(c, CHAN_INPUT_WAIT_DRAIN);
143 		break;
144 	default:
145 		error("channel %d: chan_read_failed for istate %d",
146 		    c->self, c->istate);
147 		break;
148 	}
149 }
150 void
151 chan_ibuf_empty(Channel *c)
152 {
153 	debug2("channel %d: ibuf empty", c->self);
154 	if (buffer_len(&c->input)) {
155 		error("channel %d: chan_ibuf_empty for non empty buffer",
156 		    c->self);
157 		return;
158 	}
159 	switch (c->istate) {
160 	case CHAN_INPUT_WAIT_DRAIN:
161 		if (compat20) {
162 			if (!(c->flags & CHAN_CLOSE_SENT))
163 				chan_send_eof2(c);
164 			chan_set_istate(c, CHAN_INPUT_CLOSED);
165 		} else {
166 			chan_send_ieof1(c);
167 			chan_set_istate(c, CHAN_INPUT_WAIT_OCLOSE);
168 		}
169 		break;
170 	default:
171 		error("channel %d: chan_ibuf_empty for istate %d",
172 		    c->self, c->istate);
173 		break;
174 	}
175 }
176 static void
177 chan_rcvd_ieof1(Channel *c)
178 {
179 	debug2("channel %d: rcvd ieof", c->self);
180 	switch (c->ostate) {
181 	case CHAN_OUTPUT_OPEN:
182 		chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
183 		break;
184 	case CHAN_OUTPUT_WAIT_IEOF:
185 		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
186 		break;
187 	default:
188 		error("channel %d: protocol error: rcvd_ieof for ostate %d",
189 		    c->self, c->ostate);
190 		break;
191 	}
192 }
193 static void
194 chan_write_failed1(Channel *c)
195 {
196 	debug2("channel %d: write failed", c->self);
197 	switch (c->ostate) {
198 	case CHAN_OUTPUT_OPEN:
199 		chan_shutdown_write(c);
200 		chan_send_oclose1(c);
201 		chan_set_ostate(c, CHAN_OUTPUT_WAIT_IEOF);
202 		break;
203 	case CHAN_OUTPUT_WAIT_DRAIN:
204 		chan_shutdown_write(c);
205 		chan_send_oclose1(c);
206 		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
207 		break;
208 	default:
209 		error("channel %d: chan_write_failed for ostate %d",
210 		    c->self, c->ostate);
211 		break;
212 	}
213 }
214 void
215 chan_obuf_empty(Channel *c)
216 {
217 	debug2("channel %d: obuf empty", c->self);
218 	if (buffer_len(&c->output)) {
219 		error("channel %d: chan_obuf_empty for non empty buffer",
220 		    c->self);
221 		return;
222 	}
223 	switch (c->ostate) {
224 	case CHAN_OUTPUT_WAIT_DRAIN:
225 		chan_shutdown_write(c);
226 		if (!compat20)
227 			chan_send_oclose1(c);
228 		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
229 		break;
230 	default:
231 		error("channel %d: internal error: obuf_empty for ostate %d",
232 		    c->self, c->ostate);
233 		break;
234 	}
235 }
236 static void
237 chan_send_ieof1(Channel *c)
238 {
239 	debug2("channel %d: send ieof", c->self);
240 	switch (c->istate) {
241 	case CHAN_INPUT_OPEN:
242 	case CHAN_INPUT_WAIT_DRAIN:
243 		packet_start(SSH_MSG_CHANNEL_INPUT_EOF);
244 		packet_put_int(c->remote_id);
245 		packet_send();
246 		break;
247 	default:
248 		error("channel %d: cannot send ieof for istate %d",
249 		    c->self, c->istate);
250 		break;
251 	}
252 }
253 static void
254 chan_send_oclose1(Channel *c)
255 {
256 	debug2("channel %d: send oclose", c->self);
257 	switch (c->ostate) {
258 	case CHAN_OUTPUT_OPEN:
259 	case CHAN_OUTPUT_WAIT_DRAIN:
260 		buffer_clear(&c->output);
261 		packet_start(SSH_MSG_CHANNEL_OUTPUT_CLOSE);
262 		packet_put_int(c->remote_id);
263 		packet_send();
264 		break;
265 	default:
266 		error("channel %d: cannot send oclose for ostate %d",
267 		    c->self, c->ostate);
268 		break;
269 	}
270 }
271 
272 /*
273  * the same for SSH2
274  */
275 static void
276 chan_rcvd_close2(Channel *c)
277 {
278 	debug2("channel %d: rcvd close", c->self);
279 	if (c->flags & CHAN_CLOSE_RCVD)
280 		error("channel %d: protocol error: close rcvd twice", c->self);
281 	c->flags |= CHAN_CLOSE_RCVD;
282 	if (c->type == SSH_CHANNEL_LARVAL) {
283 		/* tear down larval channels immediately */
284 		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
285 		chan_set_istate(c, CHAN_INPUT_CLOSED);
286 		return;
287 	}
288 	switch (c->ostate) {
289 	case CHAN_OUTPUT_OPEN:
290 		/*
291 		 * wait until a data from the channel is consumed if a CLOSE
292 		 * is received
293 		 */
294 		chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
295 		break;
296 	}
297 	switch (c->istate) {
298 	case CHAN_INPUT_OPEN:
299 		chan_shutdown_read(c);
300 		chan_set_istate(c, CHAN_INPUT_CLOSED);
301 		break;
302 	case CHAN_INPUT_WAIT_DRAIN:
303 		chan_send_eof2(c);
304 		chan_set_istate(c, CHAN_INPUT_CLOSED);
305 		break;
306 	}
307 }
308 static void
309 chan_rcvd_eof2(Channel *c)
310 {
311 	debug2("channel %d: rcvd eof", c->self);
312 	c->flags |= CHAN_EOF_RCVD;
313 	if (c->ostate == CHAN_OUTPUT_OPEN)
314 		chan_set_ostate(c, CHAN_OUTPUT_WAIT_DRAIN);
315 }
316 static void
317 chan_write_failed2(Channel *c)
318 {
319 	debug2("channel %d: write failed", c->self);
320 	switch (c->ostate) {
321 	case CHAN_OUTPUT_OPEN:
322 	case CHAN_OUTPUT_WAIT_DRAIN:
323 		chan_shutdown_write(c);
324 		chan_set_ostate(c, CHAN_OUTPUT_CLOSED);
325 		break;
326 	default:
327 		error("channel %d: chan_write_failed for ostate %d",
328 		    c->self, c->ostate);
329 		break;
330 	}
331 }
332 static void
333 chan_send_eof2(Channel *c)
334 {
335 	debug2("channel %d: send eof", c->self);
336 	switch (c->istate) {
337 	case CHAN_INPUT_WAIT_DRAIN:
338 		packet_start(SSH2_MSG_CHANNEL_EOF);
339 		packet_put_int(c->remote_id);
340 		packet_send();
341 		c->flags |= CHAN_EOF_SENT;
342 		break;
343 	default:
344 		error("channel %d: cannot send eof for istate %d",
345 		    c->self, c->istate);
346 		break;
347 	}
348 }
349 static void
350 chan_send_close2(Channel *c)
351 {
352 	debug2("channel %d: send close", c->self);
353 	if (c->ostate != CHAN_OUTPUT_CLOSED ||
354 	    c->istate != CHAN_INPUT_CLOSED) {
355 		error("channel %d: cannot send close for istate/ostate %d/%d",
356 		    c->self, c->istate, c->ostate);
357 	} else if (c->flags & CHAN_CLOSE_SENT) {
358 		error("channel %d: already sent close", c->self);
359 	} else {
360 		packet_start(SSH2_MSG_CHANNEL_CLOSE);
361 		packet_put_int(c->remote_id);
362 		packet_send();
363 		c->flags |= CHAN_CLOSE_SENT;
364 	}
365 }
366 
367 /* shared */
368 
369 void
370 chan_rcvd_ieof(Channel *c)
371 {
372 	if (compat20)
373 		chan_rcvd_eof2(c);
374 	else
375 		chan_rcvd_ieof1(c);
376 	if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN &&
377 	    buffer_len(&c->output) == 0 &&
378 	    !CHANNEL_EFD_OUTPUT_ACTIVE(c))
379 		chan_obuf_empty(c);
380 }
381 void
382 chan_rcvd_oclose(Channel *c)
383 {
384 	if (compat20)
385 		chan_rcvd_close2(c);
386 	else
387 		chan_rcvd_oclose1(c);
388 }
389 void
390 chan_write_failed(Channel *c)
391 {
392 	if (compat20)
393 		chan_write_failed2(c);
394 	else
395 		chan_write_failed1(c);
396 }
397 
398 void
399 chan_mark_dead(Channel *c)
400 {
401 	c->type = SSH_CHANNEL_ZOMBIE;
402 }
403 
404 int
405 chan_is_dead(Channel *c, int do_send)
406 {
407 	if (c->type == SSH_CHANNEL_ZOMBIE) {
408 		debug2("channel %d: zombie", c->self);
409 		return 1;
410 	}
411 	if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED)
412 		return 0;
413 	if (!compat20) {
414 		debug2("channel %d: is dead", c->self);
415 		return 1;
416 	}
417 	if ((datafellows & SSH_BUG_EXTEOF) &&
418 	    c->extended_usage == CHAN_EXTENDED_WRITE &&
419 	    c->efd != -1 &&
420 	    buffer_len(&c->extended) > 0) {
421 		debug2("channel %d: active efd: %d len %d",
422 		    c->self, c->efd, buffer_len(&c->extended));
423 		return 0;
424 	}
425 	if (!(c->flags & CHAN_CLOSE_SENT)) {
426 		if (do_send) {
427 			chan_send_close2(c);
428 		} else {
429 			/* channel would be dead if we sent a close */
430 			if (c->flags & CHAN_CLOSE_RCVD) {
431 				debug2("channel %d: almost dead",
432 				    c->self);
433 				return 1;
434 			}
435 		}
436 	}
437 	if ((c->flags & CHAN_CLOSE_SENT) &&
438 	    (c->flags & CHAN_CLOSE_RCVD)) {
439 		debug2("channel %d: is dead", c->self);
440 		return 1;
441 	}
442 	return 0;
443 }
444 
445 /* helper */
446 static void
447 chan_shutdown_write(Channel *c)
448 {
449 	buffer_clear(&c->output);
450 	if (compat20 && c->type == SSH_CHANNEL_LARVAL)
451 		return;
452 	/* shutdown failure is allowed if write failed already */
453 	debug2("channel %d: close_write", c->self);
454 	if (c->sock != -1) {
455 		if (shutdown(c->sock, SHUT_WR) < 0)
456 			debug2("channel %d: chan_shutdown_write: "
457 			    "shutdown() failed for fd%d: %.100s",
458 			    c->self, c->sock, strerror(errno));
459 	} else {
460 		if (channel_close_fd(&c->wfd) < 0)
461 			logit("channel %d: chan_shutdown_write: "
462 			    "close() failed for fd%d: %.100s",
463 			    c->self, c->wfd, strerror(errno));
464 	}
465 }
466 static void
467 chan_shutdown_read(Channel *c)
468 {
469 	if (compat20 && c->type == SSH_CHANNEL_LARVAL)
470 		return;
471 	debug2("channel %d: close_read", c->self);
472 	if (c->sock != -1) {
473 		/*
474 		 * shutdown(sock, SHUT_READ) may return ENOTCONN if the
475 		 * write side has been closed already. (bug on Linux)
476 		 * HP-UX may return ENOTCONN also.
477 		 */
478 		if (shutdown(c->sock, SHUT_RD) < 0
479 		    && errno != ENOTCONN)
480 			error("channel %d: chan_shutdown_read: "
481 			    "shutdown() failed for fd%d [i%d o%d]: %.100s",
482 			    c->self, c->sock, c->istate, c->ostate,
483 			    strerror(errno));
484 	} else {
485 		if (channel_close_fd(&c->rfd) < 0)
486 			logit("channel %d: chan_shutdown_read: "
487 			    "close() failed for fd%d: %.100s",
488 			    c->self, c->rfd, strerror(errno));
489 	}
490 }
491