serverloop.c revision cd7d5faf5bbb52336a6f85578a90b31a648ac3fa
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* Server main loop for handling the interactive session.
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*
* SSH2 support by Markus Friedl.
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include "includes.h"
RCSID("$OpenBSD: serverloop.c,v 1.104 2002/09/19 16:03:15 stevesk Exp $");
#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
#include "log.h"
#include "servconf.h"
#include "canohost.h"
#include "sshpty.h"
#include "channels.h"
#include "compat.h"
#include "ssh1.h"
#include "ssh2.h"
#include "auth.h"
#include "session.h"
#include "dispatch.h"
#include "auth-options.h"
#include "serverloop.h"
#include "misc.h"
#include "kex.h"
#ifdef ALTPRIVSEP
#include "altprivsep.h"
#endif /* ALTPRIVSEP*/
extern ServerOptions options;
/* XXX */
static Authctxt *xxx_authctxt;
static int fdin; /* Descriptor for stdin (for writing) */
static int fdout; /* Descriptor for stdout (for reading);
May be same number as fdin. */
static int fderr; /* Descriptor for stderr. May be -1. */
static long stdin_bytes = 0; /* Number of bytes written to stdin. */
static long stdout_bytes = 0; /* Number of stdout bytes sent to client. */
static long stderr_bytes = 0; /* Number of stderr bytes sent to client. */
static long fdout_bytes = 0; /* Number of stdout bytes read from program. */
static int stdin_eof = 0; /* EOF message received from client. */
static int fdout_eof = 0; /* EOF encountered reading from fdout. */
static int fderr_eof = 0; /* EOF encountered readung from fderr. */
static int fdin_is_tty = 0; /* fdin points to a tty. */
static int connection_in; /* Connection to client (input). */
static int connection_out; /* Connection to client (output). */
static int connection_closed = 0; /* Connection to client closed. */
static int client_alive_timeouts = 0;
/*
* This SIGCHLD kludge is used to detect when the child exits. The server
* will exit after that, as soon as forwarded connections have terminated.
*/
/* prototypes */
static void server_init_dispatch(void);
/*
* we write to this pipe if a SIGCHLD is caught in order to avoid
* the race between select() and child_terminated
*/
static int notify_pipe[2];
static void
notify_setup(void)
{
if (pipe(notify_pipe) < 0) {
(void) close(notify_pipe[0]);
} else {
set_nonblock(notify_pipe[0]);
return;
}
}
static void
notify_parent(void)
{
}
static void
{
if (notify_pipe[0] != -1)
}
static void
{
char c;
debug2("notify_done: reading");
}
static void
sigchld_handler(int sig)
{
int save_errno = errno;
debug("Received SIGCHLD.");
child_terminated = 1;
#ifndef _UNICOS
#endif
errno = save_errno;
}
/*
* Make packets from buffered stderr data, and buffer it for sending
* to the client.
*/
static void
{
int len;
/* Send buffered stderr data to the client. */
while (buffer_len(&stderr_buffer) > 0 &&
if (packet_is_interactive()) {
if (len > 512)
len = 512;
} else {
/* Keep the packets at reasonable size. */
if (len > packet_get_maxsize())
len = packet_get_maxsize();
}
packet_send();
stderr_bytes += len;
}
}
/*
* Make packets from buffered stdout data, and buffer it for sending to the
* client.
*/
static void
{
int len;
/* Send buffered stdout data to the client. */
while (buffer_len(&stdout_buffer) > 0 &&
if (packet_is_interactive()) {
if (len > 512)
len = 512;
} else {
/* Keep the packets at reasonable size. */
if (len > packet_get_maxsize())
len = packet_get_maxsize();
}
packet_send();
stdout_bytes += len;
}
}
static void
client_alive_check(void)
{
static int had_channel = 0;
int id;
id = channel_find_open();
if (id == -1) {
if (!had_channel)
return;
packet_disconnect("No open channels after timeout!");
}
had_channel = 1;
/* timeout, check to see how many we have had */
packet_disconnect("Timeout, your session not responding.");
/*
* send a bogus channel request with "wantreply",
* we should get back a failure
*/
packet_send();
}
/*
* Sleep in select() until we can do something. This will initialize the
* select masks. Upon return, the masks will indicate which descriptors
* have data or can accept data. Optionally, a maximum time can be specified
* for the duration of the wait (0 = infinite).
*/
static void
{
int ret;
int client_alive_scheduled = 0;
/*
* if using client_alive, set the max timeout accordingly,
* and indicate that this particular timeout was for client
* alive by setting the client_alive_scheduled flag.
*
* this could be randomized somewhat to make traffic
* analysis more difficult, but we're not doing it yet.
*/
if (compat20 &&
}
/* Allocate and update select() masks for channel descriptors. */
if (compat20) {
#ifdef ALTPRIVSEP
int pipe_fd;
}
#endif /* ALTPRIVSEP */
#if 0
/* wrong: bad condition XXX */
#endif
} else {
/*
* Read packets from the client unless we have too much
* buffered stdin or channel data.
*/
/*
* If there is not too much data already buffered going to
* the client, try to get some more data from the program.
*/
if (packet_not_very_much_data_to_write()) {
if (!fdout_eof)
if (!fderr_eof)
}
/*
* If we have buffered data, try to write some of that data
* to the program.
*/
}
/*
* If we have buffered packet data going to the client, mark that
* descriptor.
*/
if (packet_have_data_to_write())
/*
* If child has terminated and there is enough buffer space to read
* from it, then read as much as is available and exit.
*/
if (max_time_milliseconds == 0 || client_alive_scheduled)
max_time_milliseconds = 100;
if (max_time_milliseconds == 0)
else {
}
/* Wait for something to happen, or the timeout to expire. */
if (ret == -1) {
} else if (ret == 0 && client_alive_scheduled)
}
/*
* Processes input from the client and the program. Input data is stored
* in buffers and processed later.
*/
static void
{
int len;
char buf[16384];
/* Read and buffer any input data from the client. */
if (len == 0) {
if (packet_is_monitor()) {
debug("child closed the communication pipe");
} else {
verbose("Connection closed by %.100s",
}
connection_closed = 1;
if (compat20)
return;
} else if (len < 0) {
verbose("Read error from remote host "
"%.100s: %.100s",
}
} else {
/* Buffer any received data. */
}
}
if (compat20)
return;
/* Read and buffer any available stdout data from the program. */
/* EMPTY */
} else if (len <= 0) {
fdout_eof = 1;
} else {
fdout_bytes += len;
}
}
/* Read and buffer any available stderr data from the program. */
/* EMPTY */
} else if (len <= 0) {
fderr_eof = 1;
} else {
}
}
}
/*
* Sends data from internal buffers to client program stdin.
*/
static void
{
int len;
/* Write buffered data to program stdin. */
/* EMPTY */
} else if (len <= 0) {
else
fdin = -1;
} else {
/* Successful write. */
/*
* Simulate echo to reduce the impact of
* traffic analysis
*/
packet_send();
}
/* Consume the data from the buffer. */
/* Update the count of bytes written to the program. */
stdin_bytes += len;
}
}
/* Send any buffered packet data to the client. */
}
/*
* Wait until all buffered output has been sent to the client.
* This is used when the program terminates.
*/
static void
drain_output(void)
{
/* Send any buffered stdout data to the client. */
if (buffer_len(&stdout_buffer) > 0) {
packet_send();
/* Update the count of sent bytes. */
}
/* Send any buffered stderr data to the client. */
if (buffer_len(&stderr_buffer) > 0) {
packet_send();
/* Update the count of sent bytes. */
}
/* Wait until all buffered data has been written to the client. */
}
static void
{
}
/*
* Performs the interactive session. This handles data transmission between
* the client and the program. Note that the notion of stdin, stdout, and
* stderr in this function is sort of reversed: this function writes to
* stdin (of the child program), and reads from stdout and stderr (of the
* child program).
*/
void
{
int wait_status; /* Status returned by wait(). */
int waiting_termination = 0; /* Have displayed waiting close message. */
int type;
debug("Entering interactive session.");
/* Initialize the SIGCHLD kludge. */
child_terminated = 0;
/* Initialize our global variables. */
/* nonblocking IO */
/* we don't have stderr for interactive terminal sessions, see below */
if (fderr != -1)
fdin_is_tty = 1;
notify_setup();
/* Set approximate I/O buffer size. */
if (packet_is_interactive())
buffer_high = 4096;
else
#if 0
/* Initialize max_fd to the maximum of the known file descriptors. */
if (fderr != -1)
#endif
/* Initialize Initialize buffers. */
/*
* If we have no separate fderr (which is the case when we have a pty
* - there we cannot make difference between data sent to stdout and
* stderr), indicate that we have seen an EOF from stderr. This way
* we don\'t need to check the descriptor everywhere.
*/
if (fderr == -1)
fderr_eof = 1;
/* Main loop of the server for the interactive session mode. */
for (;;) {
/* Process buffered packets from the client. */
/*
* If we have received eof, and there is no more pending
* input data, cause a real eof by closing fdin.
*/
else
fdin = -1;
}
/* Make packets from buffered stderr data to send to the client. */
/*
* Make packets from buffered stdout data to send to the
* client. If there is very little to send, this arranges to
* not send them now, but to wait a short while to see if we
* are getting more data. This is necessary, as some systems
* wake up readers from a pty after each separate character.
*/
/* try again after a while */
max_time_milliseconds = 10;
} else {
/* Send it now. */
}
/* Send channel data to the client. */
/*
* Bail out of the loop if the program has closed its output
* descriptors, and we have no more data to send to the
* client, and there is no pending buffered data.
*/
if (!channel_still_open())
break;
if (!waiting_termination) {
const char *s = "Waiting for forwarded connections to terminate...\r\n";
char *cp;
waiting_termination = 1;
/* Display list of open channels. */
cp = channel_open_message();
}
}
/* Sleep in select() until we can do something. */
/* Process any channel events. */
/* Process output to the client and to program stdin. */
}
if (readset)
if (writeset)
/* Cleanup and termination code. */
/* Wait until all output has been sent to the client. */
drain_output();
debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
/* Free and clear the buffers. */
/* Close the file descriptors. */
if (fdout != -1)
fdout = -1;
fdout_eof = 1;
if (fderr != -1)
fderr = -1;
fderr_eof = 1;
if (fdin != -1)
fdin = -1;
/* We no longer want our SIGCHLD handler to be called. */
error("Strange, wait returned pid %ld, expected %ld",
/* Check if it exited normally. */
if (WIFEXITED(wait_status)) {
/* Yes, normal exit. Get exit status and send it to the client. */
packet_send();
/*
* Wait for exit confirmation. Note that there might be
* other packets coming before it; however, the program has
* already died so we just ignore them. The client is
* supposed to respond with the confirmation when it receives
* the exit status.
*/
do {
type = packet_read();
}
while (type != SSH_CMSG_EXIT_CONFIRMATION);
debug("Received exit confirmation.");
return;
}
/* Check if the program terminated due to a signal. */
if (WIFSIGNALED(wait_status))
packet_disconnect("Command terminated on signal %d.",
/* Some weird exit cause. Just exit. */
/* NOTREACHED */
}
static void
collect_children(void)
{
int status;
/* block SIGCHLD while we check for dead children */
(void) sigemptyset(&nset);
if (child_terminated) {
if (pid > 0)
child_terminated = 0;
}
}
#ifdef ALTPRIVSEP
/*
* For ALTPRIVSEP the wait_until_can_do_something function is very
* simple: select() on the read side of the pipe, and if there's packets
* to send, on the write side, and on the read side of the SIGCHLD
* handler pipe. That's it.
*/
static void
{
int ret;
/*
* Use channel_prepare_select() to make the fd sets.
*
* This is cheating, really, since because the last argument in
* this call is '1' nothing related to channels will be done --
* we're using this function only to callocate the fd sets.
*/
if ((connection_in = packet_get_connection_in()) >= 0 &&
if ((connection_out = packet_get_connection_out()) >= 0 &&
/* Wait for something to happen, or the timeout to expire. */
if (ret == -1) {
}
}
/*
* Slightly different than collect_children, aps_collect_child() has
* only the unprivileged sshd to wait for, no sessions, no channells,
* just one process.
*/
static int
{
int status;
/* block SIGCHLD while we check for dead children */
(void) sigemptyset(&nset);
if (child_terminated) {
return (1);
}
child_terminated = 0;
}
return (0);
}
static int killed = 0;
static void
{
int save_errno = errno;
killed = 1;
errno = save_errno;
}
static void
{
int save_errno = errno;
debug("Monitor received SIGCHLD.");
child_terminated = 1;
errno = save_errno;
}
void
{
debug("Entering monitor loop.");
/*
* Awful hack follows: fake compat20 == 1 to cause process_input()
* and process_output() to behave as they would for SSHv2 because that's
* the behaviour we need in SSHv2.
*
* This same hack is done in packet.c
*/
child_terminated = 0;
notify_setup();
for (;;) {
&nalloc, 0);
if (aps_collect_child(child_pid))
break;
if (killed) {
/* fatal cleanups will kill child, audit logout */
log("Monitor killed; exiting");
}
/*
* Unlike server_loop2() we don't care if connection_closed
* since we still want to wait for the monitor's child.
*/
}
packet_close();
}
#endif /* ALTPRIVSEP */
/*
* This server loop is for unprivileged child only. Our monitor runs its own
* aps_monitor_loop() funtion.
*/
void
{
debug("Entering interactive session for SSH2.");
child_terminated = 0;
notify_setup();
for (;;) {
if (!rekeying && packet_not_very_much_data_to_write())
&nalloc, 0);
if (!rekeying) {
if (packet_need_rekeying()) {
debug("rekey limit reached, need rekeying");
debug("poking the monitor to start "
"key re-exchange");
}
}
#ifdef ALTPRIVSEP
else
#endif /* ALTPRIVSEP */
if (connection_closed)
break;
}
if (readset)
if (writeset)
/* free all channels, no more reads and writes */
/* free remaining sessions, e.g. remove wtmp entries */
}
static void
{
debug("Got CHANNEL_FAILURE for keepalive");
/*
* reset timeout, since we got a sane answer from the client.
* even if this was generated by something other than
* the bogus CHANNEL_REQUEST we send for keepalives.
*/
}
static void
{
char *data;
/* Stdin data from the client. Append it to the buffer. */
/* Ignore any data if the client has closed stdin. */
if (fdin == -1)
return;
}
static void
{
/*
* Eof from the client. The stdin descriptor to the
* program will be closed when all buffered data has
* drained.
*/
debug("EOF received for stdin.");
stdin_eof = 1;
}
static void
{
int row = packet_get_int();
int col = packet_get_int();
int xpixel = packet_get_int();
int ypixel = packet_get_int();
debug("Window change received.");
if (fdin != -1)
}
static Channel *
server_request_direct_tcpip(char *ctype)
{
Channel *c;
int sock;
char *target, *originator;
int target_port, originator_port;
debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
/* XXX check permission */
if (sock < 0)
return NULL;
return c;
}
static Channel *
server_request_session(char *ctype)
{
Channel *c;
debug("input_session_request");
/*
* A server session has no fd to read or write until a
* CHANNEL_REQUEST for a shell is made, so we set the type to
* SSH_CHANNEL_LARVAL. Additionally, a callback for handling all
* CHANNEL_REQUEST messages is registered.
*/
channel_free(c);
return NULL;
}
return c;
}
static void
{
char *ctype;
int rchan;
rchan = packet_get_int();
rwindow = packet_get_int();
rmaxpack = packet_get_int();
debug("server_input_channel_open: ctype %s rchan %d win %d max %d",
c = server_request_session(ctype);
}
if (c != NULL) {
c->remote_window = rwindow;
c->remote_maxpacket = rmaxpack;
if (c->type != SSH_CHANNEL_CONNECTING) {
packet_put_int(c->remote_id);
packet_put_int(c->self);
packet_send();
}
} else {
if (!(datafellows & SSH_BUG_OPENFAILURE)) {
packet_put_cstring("open failed");
packet_put_cstring("");
}
packet_send();
}
}
static void
{
char *rtype;
int want_reply;
int success = 0;
/* -R style forwarding */
char *listen_address;
pw = auth_get_user();
fatal("server_input_global_request: no user");
debug("server_input_global_request: tcpip-forward listen %s port %d",
/* check permissions */
if (!options.allow_tcp_forwarding ||
#ifndef NO_IPPORT_RESERVED_CONCEPT
#endif
) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
/* Start listening on the port */
}
char *cancel_address;
}
if (want_reply) {
packet_send();
}
}
static void
{
Channel *c;
char *rtype;
id = packet_get_int();
reply = packet_get_char();
debug("server_input_channel_req: channel %d request %s reply %d",
packet_disconnect("server_input_channel_req: "
"unknown channel %d", id);
if (reply) {
packet_put_int(c->remote_id);
packet_send();
}
}
static void
server_init_dispatch_20(void)
{
debug("server_init_dispatch_20");
/* client_alive */
/* rekeying */
#ifdef ALTPRIVSEP
/* unprivileged sshd has a kex packet handler that must not be reset */
debug3("server_init_dispatch_20 -- should we dispatch_set(KEXINIT) here? %d && !%d",
if (packet_is_server() && !packet_is_monitor()) {
debug3("server_init_dispatch_20 -- skipping dispatch_set(KEXINIT) in unpriv proc");
return;
}
#endif /* ALTPRIVSEP */
}
static void
server_init_dispatch_13(void)
{
debug("server_init_dispatch_13");
}
static void
server_init_dispatch_15(void)
{
debug("server_init_dispatch_15");
}
static void
server_init_dispatch(void)
{
if (compat20)
else if (compat13)
else
}