1 /* $OpenBSD: mux.c,v 1.44 2013/07/12 00:19:58 djm Exp $ */
3 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 /* ssh session multiplexing support */
22 * - Better signalling from master to slave, especially passing of
24 * - Better fall-back from mux slave error to new connection.
25 * - ExitOnForwardingFailure
26 * - Maybe extension mechanisms for multi-X11/multi-agent forwarding
27 * - Support ~^Z in mux slaves.
28 * - Inspect or control sessions in master.
29 * - If we ever support the "signal" channel request, send signals on
35 #include <sys/types.h>
36 #include <sys/param.h>
38 #include <sys/socket.h>
57 # ifdef HAVE_SYS_POLL_H
58 # include <sys/poll.h>
66 #include "openbsd-compat/sys-queue.h"
71 #include "pathnames.h"
78 #include "monitor_fdpass.h"
82 #include "clientloop.h"
86 extern Options options;
87 extern int stdin_null_flag;
89 extern int subsystem_flag;
90 extern Buffer command;
91 extern volatile sig_atomic_t quit_pending;
92 extern char *stdio_forward_host;
93 extern int stdio_forward_port;
95 /* Context for session open confirmation callback */
96 struct mux_session_confirm_ctx {
100 u_int want_agent_fwd;
108 /* Context for global channel callback */
109 struct mux_channel_confirm_ctx {
110 u_int cid; /* channel id */
111 u_int rid; /* request id */
112 int fid; /* forward id */
115 /* fd to control socket */
116 int muxserver_sock = -1;
118 /* client request id */
119 u_int muxclient_request_id = 0;
121 /* Multiplexing control command */
122 u_int muxclient_command = 0;
124 /* Set when signalled. */
125 static volatile sig_atomic_t muxclient_terminate = 0;
127 /* PID of multiplex server */
128 static u_int muxserver_pid = 0;
130 static Channel *mux_listener_channel = NULL;
132 struct mux_master_state {
136 /* mux protocol messages */
137 #define MUX_MSG_HELLO 0x00000001
138 #define MUX_C_NEW_SESSION 0x10000002
139 #define MUX_C_ALIVE_CHECK 0x10000004
140 #define MUX_C_TERMINATE 0x10000005
141 #define MUX_C_OPEN_FWD 0x10000006
142 #define MUX_C_CLOSE_FWD 0x10000007
143 #define MUX_C_NEW_STDIO_FWD 0x10000008
144 #define MUX_C_STOP_LISTENING 0x10000009
145 #define MUX_S_OK 0x80000001
146 #define MUX_S_PERMISSION_DENIED 0x80000002
147 #define MUX_S_FAILURE 0x80000003
148 #define MUX_S_EXIT_MESSAGE 0x80000004
149 #define MUX_S_ALIVE 0x80000005
150 #define MUX_S_SESSION_OPENED 0x80000006
151 #define MUX_S_REMOTE_PORT 0x80000007
152 #define MUX_S_TTY_ALLOC_FAIL 0x80000008
154 /* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
155 #define MUX_FWD_LOCAL 1
156 #define MUX_FWD_REMOTE 2
157 #define MUX_FWD_DYNAMIC 3
159 static void mux_session_confirm(int, int, void *);
161 static int process_mux_master_hello(u_int, Channel *, Buffer *, Buffer *);
162 static int process_mux_new_session(u_int, Channel *, Buffer *, Buffer *);
163 static int process_mux_alive_check(u_int, Channel *, Buffer *, Buffer *);
164 static int process_mux_terminate(u_int, Channel *, Buffer *, Buffer *);
165 static int process_mux_open_fwd(u_int, Channel *, Buffer *, Buffer *);
166 static int process_mux_close_fwd(u_int, Channel *, Buffer *, Buffer *);
167 static int process_mux_stdio_fwd(u_int, Channel *, Buffer *, Buffer *);
168 static int process_mux_stop_listening(u_int, Channel *, Buffer *, Buffer *);
170 static const struct {
172 int (*handler)(u_int, Channel *, Buffer *, Buffer *);
173 } mux_master_handlers[] = {
174 { MUX_MSG_HELLO, process_mux_master_hello },
175 { MUX_C_NEW_SESSION, process_mux_new_session },
176 { MUX_C_ALIVE_CHECK, process_mux_alive_check },
177 { MUX_C_TERMINATE, process_mux_terminate },
178 { MUX_C_OPEN_FWD, process_mux_open_fwd },
179 { MUX_C_CLOSE_FWD, process_mux_close_fwd },
180 { MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd },
181 { MUX_C_STOP_LISTENING, process_mux_stop_listening },
185 /* Cleanup callback fired on closure of mux slave _session_ channel */
188 mux_master_session_cleanup_cb(int cid, void *unused)
190 Channel *cc, *c = channel_by_id(cid);
192 debug3("%s: entering for channel %d", __func__, cid);
194 fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
195 if (c->ctl_chan != -1) {
196 if ((cc = channel_by_id(c->ctl_chan)) == NULL)
197 fatal("%s: channel %d missing control channel %d",
198 __func__, c->self, c->ctl_chan);
201 chan_rcvd_oclose(cc);
203 channel_cancel_cleanup(c->self);
206 /* Cleanup callback fired on closure of mux slave _control_ channel */
209 mux_master_control_cleanup_cb(int cid, void *unused)
211 Channel *sc, *c = channel_by_id(cid);
213 debug3("%s: entering for channel %d", __func__, cid);
215 fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
216 if (c->remote_id != -1) {
217 if ((sc = channel_by_id(c->remote_id)) == NULL)
218 fatal("%s: channel %d missing session channel %d",
219 __func__, c->self, c->remote_id);
222 if (sc->type != SSH_CHANNEL_OPEN &&
223 sc->type != SSH_CHANNEL_OPENING) {
224 debug2("%s: channel %d: not open", __func__, sc->self);
227 if (sc->istate == CHAN_INPUT_OPEN)
228 chan_read_failed(sc);
229 if (sc->ostate == CHAN_OUTPUT_OPEN)
230 chan_write_failed(sc);
233 channel_cancel_cleanup(c->self);
236 /* Check mux client environment variables before passing them to mux master. */
238 env_permitted(char *env)
241 char name[1024], *cp;
243 if ((cp = strchr(env, '=')) == NULL || cp == env)
245 ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
246 if (ret <= 0 || (size_t)ret >= sizeof(name)) {
247 error("env_permitted: name '%.100s...' too long", env);
251 for (i = 0; i < options.num_send_env; i++)
252 if (match_pattern(name, options.send_env[i]))
258 /* Mux master protocol message handlers */
261 process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r)
264 struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
267 fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self);
268 if (state->hello_rcvd) {
269 error("%s: HELLO received twice", __func__);
272 if (buffer_get_int_ret(&ver, m) != 0) {
274 error("%s: malformed message", __func__);
277 if (ver != SSHMUX_VER) {
278 error("Unsupported multiplexing protocol version %d "
279 "(expected %d)", ver, SSHMUX_VER);
282 debug2("%s: channel %d slave version %u", __func__, c->self, ver);
284 /* No extensions are presently defined */
285 while (buffer_len(m) > 0) {
286 char *name = buffer_get_string_ret(m, NULL);
287 char *value = buffer_get_string_ret(m, NULL);
289 if (name == NULL || value == NULL) {
294 debug2("Unrecognised slave extension \"%s\"", name);
298 state->hello_rcvd = 1;
303 process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
306 struct mux_session_confirm_ctx *cctx;
307 char *reserved, *cmd, *cp;
308 u_int i, j, len, env_len, escape_char, window, packetmax;
311 /* Reply for SSHMUX_COMMAND_OPEN */
312 cctx = xcalloc(1, sizeof(*cctx));
315 cmd = reserved = NULL;
318 if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
319 buffer_get_int_ret(&cctx->want_tty, m) != 0 ||
320 buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 ||
321 buffer_get_int_ret(&cctx->want_agent_fwd, m) != 0 ||
322 buffer_get_int_ret(&cctx->want_subsys, m) != 0 ||
323 buffer_get_int_ret(&escape_char, m) != 0 ||
324 (cctx->term = buffer_get_string_ret(m, &len)) == NULL ||
325 (cmd = buffer_get_string_ret(m, &len)) == NULL) {
329 for (j = 0; j < env_len; j++)
334 error("%s: malformed message", __func__);
340 while (buffer_len(m) > 0) {
341 #define MUX_MAX_ENV_VARS 4096
342 if ((cp = buffer_get_string_ret(m, &len)) == NULL)
344 if (!env_permitted(cp)) {
348 cctx->env = xrealloc(cctx->env, env_len + 2,
350 cctx->env[env_len++] = cp;
351 cctx->env[env_len] = NULL;
352 if (env_len > MUX_MAX_ENV_VARS) {
353 error(">%d environment variables received, ignoring "
354 "additional", MUX_MAX_ENV_VARS);
359 debug2("%s: channel %d: request tty %d, X %d, agent %d, subsys %d, "
360 "term \"%s\", cmd \"%s\", env %u", __func__, c->self,
361 cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd,
362 cctx->want_subsys, cctx->term, cmd, env_len);
364 buffer_init(&cctx->cmd);
365 buffer_append(&cctx->cmd, cmd, strlen(cmd));
369 /* Gather fds from client */
370 for(i = 0; i < 3; i++) {
371 if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
372 error("%s: failed to receive fd %d from slave",
374 for (j = 0; j < i; j++)
376 for (j = 0; j < env_len; j++)
380 buffer_free(&cctx->cmd);
384 buffer_put_int(r, MUX_S_FAILURE);
385 buffer_put_int(r, rid);
386 buffer_put_cstring(r,
387 "did not receive file descriptors");
392 debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
393 new_fd[0], new_fd[1], new_fd[2]);
395 /* XXX support multiple child sessions in future */
396 if (c->remote_id != -1) {
397 debug2("%s: session already open", __func__);
399 buffer_put_int(r, MUX_S_FAILURE);
400 buffer_put_int(r, rid);
401 buffer_put_cstring(r, "Multiple sessions not supported");
408 for (i = 0; i < env_len; i++)
412 buffer_free(&cctx->cmd);
417 if (options.control_master == SSHCTL_MASTER_ASK ||
418 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
419 if (!ask_permission("Allow shared connection to %s? ", host)) {
420 debug2("%s: session refused by user", __func__);
422 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
423 buffer_put_int(r, rid);
424 buffer_put_cstring(r, "Permission denied");
429 /* Try to pick up ttymodes from client before it goes raw */
430 if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
431 error("%s: tcgetattr: %s", __func__, strerror(errno));
433 /* enable nonblocking unless tty */
434 if (!isatty(new_fd[0]))
435 set_nonblock(new_fd[0]);
436 if (!isatty(new_fd[1]))
437 set_nonblock(new_fd[1]);
438 if (!isatty(new_fd[2]))
439 set_nonblock(new_fd[2]);
441 window = CHAN_SES_WINDOW_DEFAULT;
442 packetmax = CHAN_SES_PACKET_DEFAULT;
443 if (cctx->want_tty) {
448 nc = channel_new("session", SSH_CHANNEL_OPENING,
449 new_fd[0], new_fd[1], new_fd[2], window, packetmax,
450 CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
452 nc->ctl_chan = c->self; /* link session -> control channel */
453 c->remote_id = nc->self; /* link control -> session channel */
455 if (cctx->want_tty && escape_char != 0xffffffff) {
456 channel_register_filter(nc->self,
457 client_simple_escape_filter, NULL,
458 client_filter_cleanup,
459 client_new_escape_filter_ctx((int)escape_char));
462 debug2("%s: channel_new: %d linked to control channel %d",
463 __func__, nc->self, nc->ctl_chan);
465 channel_send_open(nc->self);
466 channel_register_open_confirm(nc->self, mux_session_confirm, cctx);
467 c->mux_pause = 1; /* stop handling messages until open_confirm done */
468 channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1);
470 /* reply is deferred, sent by mux_session_confirm */
475 process_mux_alive_check(u_int rid, Channel *c, Buffer *m, Buffer *r)
477 debug2("%s: channel %d: alive check", __func__, c->self);
480 buffer_put_int(r, MUX_S_ALIVE);
481 buffer_put_int(r, rid);
482 buffer_put_int(r, (u_int)getpid());
488 process_mux_terminate(u_int rid, Channel *c, Buffer *m, Buffer *r)
490 debug2("%s: channel %d: terminate request", __func__, c->self);
492 if (options.control_master == SSHCTL_MASTER_ASK ||
493 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
494 if (!ask_permission("Terminate shared connection to %s? ",
496 debug2("%s: termination refused by user", __func__);
497 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
498 buffer_put_int(r, rid);
499 buffer_put_cstring(r, "Permission denied");
505 buffer_put_int(r, MUX_S_OK);
506 buffer_put_int(r, rid);
507 /* XXX exit happens too soon - message never makes it to client */
512 format_forward(u_int ftype, Forward *fwd)
518 xasprintf(&ret, "local forward %.200s:%d -> %.200s:%d",
519 (fwd->listen_host == NULL) ?
520 (options.gateway_ports ? "*" : "LOCALHOST") :
521 fwd->listen_host, fwd->listen_port,
522 fwd->connect_host, fwd->connect_port);
524 case MUX_FWD_DYNAMIC:
525 xasprintf(&ret, "dynamic forward %.200s:%d -> *",
526 (fwd->listen_host == NULL) ?
527 (options.gateway_ports ? "*" : "LOCALHOST") :
528 fwd->listen_host, fwd->listen_port);
531 xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d",
532 (fwd->listen_host == NULL) ?
533 "LOCALHOST" : fwd->listen_host,
535 fwd->connect_host, fwd->connect_port);
538 fatal("%s: unknown forward type %u", __func__, ftype);
544 compare_host(const char *a, const char *b)
546 if (a == NULL && b == NULL)
548 if (a == NULL || b == NULL)
550 return strcmp(a, b) == 0;
554 compare_forward(Forward *a, Forward *b)
556 if (!compare_host(a->listen_host, b->listen_host))
558 if (a->listen_port != b->listen_port)
560 if (!compare_host(a->connect_host, b->connect_host))
562 if (a->connect_port != b->connect_port)
569 mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
571 struct mux_channel_confirm_ctx *fctx = ctxt;
572 char *failmsg = NULL;
577 if ((c = channel_by_id(fctx->cid)) == NULL) {
578 /* no channel for reply */
579 error("%s: unknown channel", __func__);
583 if (fctx->fid >= options.num_remote_forwards) {
584 xasprintf(&failmsg, "unknown forwarding id %d", fctx->fid);
587 rfwd = &options.remote_forwards[fctx->fid];
588 debug("%s: %s for: listen %d, connect %s:%d", __func__,
589 type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
590 rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
591 if (type == SSH2_MSG_REQUEST_SUCCESS) {
592 if (rfwd->listen_port == 0) {
593 rfwd->allocated_port = packet_get_int();
594 logit("Allocated port %u for mux remote forward"
595 " to %s:%d", rfwd->allocated_port,
596 rfwd->connect_host, rfwd->connect_port);
597 buffer_put_int(&out, MUX_S_REMOTE_PORT);
598 buffer_put_int(&out, fctx->rid);
599 buffer_put_int(&out, rfwd->allocated_port);
600 channel_update_permitted_opens(rfwd->handle,
601 rfwd->allocated_port);
603 buffer_put_int(&out, MUX_S_OK);
604 buffer_put_int(&out, fctx->rid);
608 if (rfwd->listen_port == 0)
609 channel_update_permitted_opens(rfwd->handle, -1);
610 xasprintf(&failmsg, "remote port forwarding failed for "
611 "listen port %d", rfwd->listen_port);
614 error("%s: %s", __func__, failmsg);
615 buffer_put_int(&out, MUX_S_FAILURE);
616 buffer_put_int(&out, fctx->rid);
617 buffer_put_cstring(&out, failmsg);
620 buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out));
622 if (c->mux_pause <= 0)
623 fatal("%s: mux_pause %d", __func__, c->mux_pause);
624 c->mux_pause = 0; /* start processing messages again */
628 process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
631 char *fwd_desc = NULL;
634 int i, ret = 0, freefwd = 1;
636 fwd.listen_host = fwd.connect_host = NULL;
637 if (buffer_get_int_ret(&ftype, m) != 0 ||
638 (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
639 buffer_get_int_ret(&lport, m) != 0 ||
640 (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
641 buffer_get_int_ret(&cport, m) != 0 ||
642 lport > 65535 || cport > 65535) {
643 error("%s: malformed message", __func__);
647 fwd.listen_port = lport;
648 fwd.connect_port = cport;
649 if (*fwd.listen_host == '\0') {
650 free(fwd.listen_host);
651 fwd.listen_host = NULL;
653 if (*fwd.connect_host == '\0') {
654 free(fwd.connect_host);
655 fwd.connect_host = NULL;
658 debug2("%s: channel %d: request %s", __func__, c->self,
659 (fwd_desc = format_forward(ftype, &fwd)));
661 if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE &&
662 ftype != MUX_FWD_DYNAMIC) {
663 logit("%s: invalid forwarding type %u", __func__, ftype);
665 free(fwd.listen_host);
666 free(fwd.connect_host);
667 buffer_put_int(r, MUX_S_FAILURE);
668 buffer_put_int(r, rid);
669 buffer_put_cstring(r, "Invalid forwarding request");
672 if (fwd.listen_port >= 65536) {
673 logit("%s: invalid listen port %u", __func__,
677 if (fwd.connect_port >= 65536 || (ftype != MUX_FWD_DYNAMIC &&
678 ftype != MUX_FWD_REMOTE && fwd.connect_port == 0)) {
679 logit("%s: invalid connect port %u", __func__,
683 if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL) {
684 logit("%s: missing connect host", __func__);
688 /* Skip forwards that have already been requested */
691 case MUX_FWD_DYNAMIC:
692 for (i = 0; i < options.num_local_forwards; i++) {
693 if (compare_forward(&fwd,
694 options.local_forwards + i)) {
696 debug2("%s: found existing forwarding",
698 buffer_put_int(r, MUX_S_OK);
699 buffer_put_int(r, rid);
705 for (i = 0; i < options.num_remote_forwards; i++) {
706 if (compare_forward(&fwd,
707 options.remote_forwards + i)) {
708 if (fwd.listen_port != 0)
710 debug2("%s: found allocated port",
712 buffer_put_int(r, MUX_S_REMOTE_PORT);
713 buffer_put_int(r, rid);
715 options.remote_forwards[i].allocated_port);
722 if (options.control_master == SSHCTL_MASTER_ASK ||
723 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
724 if (!ask_permission("Open %s on %s?", fwd_desc, host)) {
725 debug2("%s: forwarding refused by user", __func__);
726 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
727 buffer_put_int(r, rid);
728 buffer_put_cstring(r, "Permission denied");
733 if (ftype == MUX_FWD_LOCAL || ftype == MUX_FWD_DYNAMIC) {
734 if (!channel_setup_local_fwd_listener(fwd.listen_host,
735 fwd.listen_port, fwd.connect_host, fwd.connect_port,
736 options.gateway_ports)) {
738 logit("slave-requested %s failed", fwd_desc);
739 buffer_put_int(r, MUX_S_FAILURE);
740 buffer_put_int(r, rid);
741 buffer_put_cstring(r, "Port forwarding failed");
744 add_local_forward(&options, &fwd);
747 struct mux_channel_confirm_ctx *fctx;
749 fwd.handle = channel_request_remote_forwarding(fwd.listen_host,
750 fwd.listen_port, fwd.connect_host, fwd.connect_port);
753 add_remote_forward(&options, &fwd);
754 fctx = xcalloc(1, sizeof(*fctx));
757 fctx->fid = options.num_remote_forwards - 1;
758 client_register_global_confirm(mux_confirm_remote_forward,
761 c->mux_pause = 1; /* wait for mux_confirm_remote_forward */
762 /* delayed reply in mux_confirm_remote_forward */
765 buffer_put_int(r, MUX_S_OK);
766 buffer_put_int(r, rid);
770 free(fwd.listen_host);
771 free(fwd.connect_host);
777 process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
779 Forward fwd, *found_fwd;
780 char *fwd_desc = NULL;
781 const char *error_reason = NULL;
783 int i, listen_port, ret = 0;
786 fwd.listen_host = fwd.connect_host = NULL;
787 if (buffer_get_int_ret(&ftype, m) != 0 ||
788 (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
789 buffer_get_int_ret(&lport, m) != 0 ||
790 (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
791 buffer_get_int_ret(&cport, m) != 0 ||
792 lport > 65535 || cport > 65535) {
793 error("%s: malformed message", __func__);
797 fwd.listen_port = lport;
798 fwd.connect_port = cport;
800 if (*fwd.listen_host == '\0') {
801 free(fwd.listen_host);
802 fwd.listen_host = NULL;
804 if (*fwd.connect_host == '\0') {
805 free(fwd.connect_host);
806 fwd.connect_host = NULL;
809 debug2("%s: channel %d: request cancel %s", __func__, c->self,
810 (fwd_desc = format_forward(ftype, &fwd)));
812 /* make sure this has been requested */
816 case MUX_FWD_DYNAMIC:
817 for (i = 0; i < options.num_local_forwards; i++) {
818 if (compare_forward(&fwd,
819 options.local_forwards + i)) {
820 found_fwd = options.local_forwards + i;
826 for (i = 0; i < options.num_remote_forwards; i++) {
827 if (compare_forward(&fwd,
828 options.remote_forwards + i)) {
829 found_fwd = options.remote_forwards + i;
836 if (found_fwd == NULL)
837 error_reason = "port not forwarded";
838 else if (ftype == MUX_FWD_REMOTE) {
840 * This shouldn't fail unless we confused the host/port
841 * between options.remote_forwards and permitted_opens.
842 * However, for dynamic allocated listen ports we need
843 * to lookup the actual listen port.
845 listen_port = (fwd.listen_port == 0) ?
846 found_fwd->allocated_port : fwd.listen_port;
847 if (channel_request_rforward_cancel(fwd.listen_host,
849 error_reason = "port not in permitted opens";
850 } else { /* local and dynamic forwards */
852 if (channel_cancel_lport_listener(fwd.listen_host,
853 fwd.listen_port, fwd.connect_port,
854 options.gateway_ports) == -1)
855 error_reason = "port not found";
858 if (error_reason == NULL) {
859 buffer_put_int(r, MUX_S_OK);
860 buffer_put_int(r, rid);
862 free(found_fwd->listen_host);
863 free(found_fwd->connect_host);
864 found_fwd->listen_host = found_fwd->connect_host = NULL;
865 found_fwd->listen_port = found_fwd->connect_port = 0;
867 buffer_put_int(r, MUX_S_FAILURE);
868 buffer_put_int(r, rid);
869 buffer_put_cstring(r, error_reason);
873 free(fwd.listen_host);
874 free(fwd.connect_host);
880 process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
883 char *reserved, *chost;
887 chost = reserved = NULL;
888 if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
889 (chost = buffer_get_string_ret(m, NULL)) == NULL ||
890 buffer_get_int_ret(&cport, m) != 0) {
893 error("%s: malformed message", __func__);
898 debug2("%s: channel %d: request stdio fwd to %s:%u",
899 __func__, c->self, chost, cport);
901 /* Gather fds from client */
902 for(i = 0; i < 2; i++) {
903 if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
904 error("%s: failed to receive fd %d from slave",
906 for (j = 0; j < i; j++)
911 buffer_put_int(r, MUX_S_FAILURE);
912 buffer_put_int(r, rid);
913 buffer_put_cstring(r,
914 "did not receive file descriptors");
919 debug3("%s: got fds stdin %d, stdout %d", __func__,
920 new_fd[0], new_fd[1]);
922 /* XXX support multiple child sessions in future */
923 if (c->remote_id != -1) {
924 debug2("%s: session already open", __func__);
926 buffer_put_int(r, MUX_S_FAILURE);
927 buffer_put_int(r, rid);
928 buffer_put_cstring(r, "Multiple sessions not supported");
936 if (options.control_master == SSHCTL_MASTER_ASK ||
937 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
938 if (!ask_permission("Allow forward to %s:%u? ",
940 debug2("%s: stdio fwd refused by user", __func__);
942 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
943 buffer_put_int(r, rid);
944 buffer_put_cstring(r, "Permission denied");
949 /* enable nonblocking unless tty */
950 if (!isatty(new_fd[0]))
951 set_nonblock(new_fd[0]);
952 if (!isatty(new_fd[1]))
953 set_nonblock(new_fd[1]);
955 nc = channel_connect_stdio_fwd(chost, cport, new_fd[0], new_fd[1]);
957 nc->ctl_chan = c->self; /* link session -> control channel */
958 c->remote_id = nc->self; /* link control -> session channel */
960 debug2("%s: channel_new: %d linked to control channel %d",
961 __func__, nc->self, nc->ctl_chan);
963 channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1);
966 /* XXX defer until channel confirmed */
967 buffer_put_int(r, MUX_S_SESSION_OPENED);
968 buffer_put_int(r, rid);
969 buffer_put_int(r, nc->self);
975 process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r)
977 debug("%s: channel %d: stop listening", __func__, c->self);
979 if (options.control_master == SSHCTL_MASTER_ASK ||
980 options.control_master == SSHCTL_MASTER_AUTO_ASK) {
981 if (!ask_permission("Disable further multiplexing on shared "
982 "connection to %s? ", host)) {
983 debug2("%s: stop listen refused by user", __func__);
984 buffer_put_int(r, MUX_S_PERMISSION_DENIED);
985 buffer_put_int(r, rid);
986 buffer_put_cstring(r, "Permission denied");
991 if (mux_listener_channel != NULL) {
992 channel_free(mux_listener_channel);
994 free(options.control_path);
995 options.control_path = NULL;
996 mux_listener_channel = NULL;
1001 buffer_put_int(r, MUX_S_OK);
1002 buffer_put_int(r, rid);
1007 /* Channel callbacks fired on read/write from mux slave fd */
1009 mux_master_read_cb(Channel *c)
1011 struct mux_master_state *state = (struct mux_master_state *)c->mux_ctx;
1014 u_int type, rid, have, i;
1018 if (c->mux_ctx == NULL) {
1019 state = xcalloc(1, sizeof(*state));
1021 channel_register_cleanup(c->self,
1022 mux_master_control_cleanup_cb, 0);
1026 buffer_put_int(&out, MUX_MSG_HELLO);
1027 buffer_put_int(&out, SSHMUX_VER);
1029 buffer_put_string(&c->output, buffer_ptr(&out),
1032 debug3("%s: channel %d: hello sent", __func__, c->self);
1039 /* Channel code ensures that we receive whole packets */
1040 if ((ptr = buffer_get_string_ptr_ret(&c->input, &have)) == NULL) {
1042 error("%s: malformed message", __func__);
1045 buffer_append(&in, ptr, have);
1047 if (buffer_get_int_ret(&type, &in) != 0)
1049 debug3("%s: channel %d packet type 0x%08x len %u",
1050 __func__, c->self, type, buffer_len(&in));
1052 if (type == MUX_MSG_HELLO)
1055 if (!state->hello_rcvd) {
1056 error("%s: expected MUX_MSG_HELLO(0x%08x), "
1057 "received 0x%08x", __func__, MUX_MSG_HELLO, type);
1060 if (buffer_get_int_ret(&rid, &in) != 0)
1064 for (i = 0; mux_master_handlers[i].handler != NULL; i++) {
1065 if (type == mux_master_handlers[i].type) {
1066 ret = mux_master_handlers[i].handler(rid, c, &in, &out);
1070 if (mux_master_handlers[i].handler == NULL) {
1071 error("%s: unsupported mux message 0x%08x", __func__, type);
1072 buffer_put_int(&out, MUX_S_FAILURE);
1073 buffer_put_int(&out, rid);
1074 buffer_put_cstring(&out, "unsupported request");
1077 /* Enqueue reply packet */
1078 if (buffer_len(&out) != 0) {
1079 buffer_put_string(&c->output, buffer_ptr(&out),
1089 mux_exit_message(Channel *c, int exitval)
1094 debug3("%s: channel %d: exit message, exitval %d", __func__, c->self,
1097 if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
1098 fatal("%s: channel %d missing mux channel %d",
1099 __func__, c->self, c->ctl_chan);
1101 /* Append exit message packet to control socket output queue */
1103 buffer_put_int(&m, MUX_S_EXIT_MESSAGE);
1104 buffer_put_int(&m, c->self);
1105 buffer_put_int(&m, exitval);
1107 buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
1112 mux_tty_alloc_failed(Channel *c)
1117 debug3("%s: channel %d: TTY alloc failed", __func__, c->self);
1119 if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
1120 fatal("%s: channel %d missing mux channel %d",
1121 __func__, c->self, c->ctl_chan);
1123 /* Append exit message packet to control socket output queue */
1125 buffer_put_int(&m, MUX_S_TTY_ALLOC_FAIL);
1126 buffer_put_int(&m, c->self);
1128 buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
1132 /* Prepare a mux master to listen on a Unix domain socket. */
1134 muxserver_listen(void)
1136 struct sockaddr_un addr;
1139 char *orig_control_path = options.control_path;
1143 if (options.control_path == NULL ||
1144 options.control_master == SSHCTL_MASTER_NO)
1147 debug("setting up multiplex master socket");
1150 * Use a temporary path before listen so we can pseudo-atomically
1151 * establish the listening socket in its final location to avoid
1152 * other processes racing in between bind() and listen() and hitting
1153 * an unready socket.
1155 for (i = 0; i < sizeof(rbuf) - 1; i++) {
1156 r = arc4random_uniform(26+26+10);
1157 rbuf[i] = (r < 26) ? 'a' + r :
1158 (r < 26*2) ? 'A' + r - 26 :
1161 rbuf[sizeof(rbuf) - 1] = '\0';
1162 options.control_path = NULL;
1163 xasprintf(&options.control_path, "%s.%s", orig_control_path, rbuf);
1164 debug3("%s: temporary control path %s", __func__, options.control_path);
1166 memset(&addr, '\0', sizeof(addr));
1167 addr.sun_family = AF_UNIX;
1168 sun_len = offsetof(struct sockaddr_un, sun_path) +
1169 strlen(options.control_path) + 1;
1171 if (strlcpy(addr.sun_path, options.control_path,
1172 sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) {
1173 error("ControlPath \"%s\" too long for Unix domain socket",
1174 options.control_path);
1175 goto disable_mux_master;
1178 if ((muxserver_sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1179 fatal("%s socket(): %s", __func__, strerror(errno));
1181 old_umask = umask(0177);
1182 if (bind(muxserver_sock, (struct sockaddr *)&addr, sun_len) == -1) {
1183 if (errno == EINVAL || errno == EADDRINUSE) {
1184 error("ControlSocket %s already exists, "
1185 "disabling multiplexing", options.control_path);
1187 if (muxserver_sock != -1) {
1188 close(muxserver_sock);
1189 muxserver_sock = -1;
1191 free(orig_control_path);
1192 free(options.control_path);
1193 options.control_path = NULL;
1194 options.control_master = SSHCTL_MASTER_NO;
1197 fatal("%s bind(): %s", __func__, strerror(errno));
1201 if (listen(muxserver_sock, 64) == -1)
1202 fatal("%s listen(): %s", __func__, strerror(errno));
1204 /* Now atomically "move" the mux socket into position */
1205 if (link(options.control_path, orig_control_path) != 0) {
1206 if (errno != EEXIST) {
1207 fatal("%s: link mux listener %s => %s: %s", __func__,
1208 options.control_path, orig_control_path,
1211 error("ControlSocket %s already exists, disabling multiplexing",
1213 unlink(options.control_path);
1214 goto disable_mux_master;
1216 unlink(options.control_path);
1217 free(options.control_path);
1218 options.control_path = orig_control_path;
1220 set_nonblock(muxserver_sock);
1222 mux_listener_channel = channel_new("mux listener",
1223 SSH_CHANNEL_MUX_LISTENER, muxserver_sock, muxserver_sock, -1,
1224 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
1225 0, options.control_path, 1);
1226 mux_listener_channel->mux_rcb = mux_master_read_cb;
1227 debug3("%s: mux listener channel %d fd %d", __func__,
1228 mux_listener_channel->self, mux_listener_channel->sock);
1231 /* Callback on open confirmation in mux master for a mux client session. */
1233 mux_session_confirm(int id, int success, void *arg)
1235 struct mux_session_confirm_ctx *cctx = arg;
1236 const char *display;
1242 fatal("%s: cctx == NULL", __func__);
1243 if ((c = channel_by_id(id)) == NULL)
1244 fatal("%s: no channel for id %d", __func__, id);
1245 if ((cc = channel_by_id(c->ctl_chan)) == NULL)
1246 fatal("%s: channel %d lacks control channel %d", __func__,
1250 debug3("%s: sending failure reply", __func__);
1252 buffer_init(&reply);
1253 buffer_put_int(&reply, MUX_S_FAILURE);
1254 buffer_put_int(&reply, cctx->rid);
1255 buffer_put_cstring(&reply, "Session open refused by peer");
1259 display = getenv("DISPLAY");
1260 if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
1263 /* Get reasonable local authentication information. */
1264 client_x11_get_proto(display, options.xauth_location,
1265 options.forward_x11_trusted, options.forward_x11_timeout,
1267 /* Request forwarding with authentication spoofing. */
1268 debug("Requesting X11 forwarding with authentication "
1270 x11_request_forwarding_with_spoofing(id, display, proto,
1272 client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
1273 /* XXX exit_on_forward_failure */
1276 if (cctx->want_agent_fwd && options.forward_agent) {
1277 debug("Requesting authentication agent forwarding.");
1278 channel_request_start(id, "auth-agent-req@openssh.com", 0);
1282 client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
1283 cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env);
1285 debug3("%s: sending success reply", __func__);
1287 buffer_init(&reply);
1288 buffer_put_int(&reply, MUX_S_SESSION_OPENED);
1289 buffer_put_int(&reply, cctx->rid);
1290 buffer_put_int(&reply, c->self);
1294 buffer_put_string(&cc->output, buffer_ptr(&reply), buffer_len(&reply));
1295 buffer_free(&reply);
1297 if (cc->mux_pause <= 0)
1298 fatal("%s: mux_pause %d", __func__, cc->mux_pause);
1299 cc->mux_pause = 0; /* start processing messages again */
1300 c->open_confirm_ctx = NULL;
1301 buffer_free(&cctx->cmd);
1303 if (cctx->env != NULL) {
1304 for (i = 0; cctx->env[i] != NULL; i++)
1311 /* ** Multiplexing client support */
1313 /* Exit signal handler */
1315 control_client_sighandler(int signo)
1317 muxclient_terminate = signo;
1321 * Relay signal handler - used to pass some signals from mux client to
1325 control_client_sigrelay(int signo)
1327 int save_errno = errno;
1329 if (muxserver_pid > 1)
1330 kill(muxserver_pid, signo);
1336 mux_client_read(int fd, Buffer *b, u_int need)
1344 pfd.events = POLLIN;
1345 p = buffer_append_space(b, need);
1346 for (have = 0; have < need; ) {
1347 if (muxclient_terminate) {
1351 len = read(fd, p + have, need - have);
1354 #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
1358 (void)poll(&pfd, 1, -1);
1376 mux_client_write_packet(int fd, Buffer *m)
1385 pfd.events = POLLOUT;
1386 buffer_init(&queue);
1387 buffer_put_string(&queue, buffer_ptr(m), buffer_len(m));
1389 need = buffer_len(&queue);
1390 ptr = buffer_ptr(&queue);
1392 for (have = 0; have < need; ) {
1393 if (muxclient_terminate) {
1394 buffer_free(&queue);
1398 len = write(fd, ptr + have, need - have);
1401 #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
1405 (void)poll(&pfd, 1, -1);
1411 buffer_free(&queue);
1417 buffer_free(&queue);
1423 buffer_free(&queue);
1428 mux_client_read_packet(int fd, Buffer *m)
1435 buffer_init(&queue);
1436 if (mux_client_read(fd, &queue, 4) != 0) {
1437 if ((oerrno = errno) == EPIPE)
1438 debug3("%s: read header failed: %s", __func__,
1440 buffer_free(&queue);
1444 need = get_u32(buffer_ptr(&queue));
1445 if (mux_client_read(fd, &queue, need) != 0) {
1447 debug3("%s: read body failed: %s", __func__, strerror(errno));
1448 buffer_free(&queue);
1452 ptr = buffer_get_string_ptr(&queue, &have);
1453 buffer_append(m, ptr, have);
1454 buffer_free(&queue);
1459 mux_client_hello_exchange(int fd)
1465 buffer_put_int(&m, MUX_MSG_HELLO);
1466 buffer_put_int(&m, SSHMUX_VER);
1469 if (mux_client_write_packet(fd, &m) != 0)
1470 fatal("%s: write packet: %s", __func__, strerror(errno));
1474 /* Read their HELLO */
1475 if (mux_client_read_packet(fd, &m) != 0) {
1480 type = buffer_get_int(&m);
1481 if (type != MUX_MSG_HELLO)
1482 fatal("%s: expected HELLO (%u) received %u",
1483 __func__, MUX_MSG_HELLO, type);
1484 ver = buffer_get_int(&m);
1485 if (ver != SSHMUX_VER)
1486 fatal("Unsupported multiplexing protocol version %d "
1487 "(expected %d)", ver, SSHMUX_VER);
1488 debug2("%s: master version %u", __func__, ver);
1489 /* No extensions are presently defined */
1490 while (buffer_len(&m) > 0) {
1491 char *name = buffer_get_string(&m, NULL);
1492 char *value = buffer_get_string(&m, NULL);
1494 debug2("Unrecognised master extension \"%s\"", name);
1503 mux_client_request_alive(int fd)
1507 u_int pid, type, rid;
1509 debug3("%s: entering", __func__);
1512 buffer_put_int(&m, MUX_C_ALIVE_CHECK);
1513 buffer_put_int(&m, muxclient_request_id);
1515 if (mux_client_write_packet(fd, &m) != 0)
1516 fatal("%s: write packet: %s", __func__, strerror(errno));
1520 /* Read their reply */
1521 if (mux_client_read_packet(fd, &m) != 0) {
1526 type = buffer_get_int(&m);
1527 if (type != MUX_S_ALIVE) {
1528 e = buffer_get_string(&m, NULL);
1529 fatal("%s: master returned error: %s", __func__, e);
1532 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1533 fatal("%s: out of sequence reply: my id %u theirs %u",
1534 __func__, muxclient_request_id, rid);
1535 pid = buffer_get_int(&m);
1538 debug3("%s: done pid = %u", __func__, pid);
1540 muxclient_request_id++;
1546 mux_client_request_terminate(int fd)
1552 debug3("%s: entering", __func__);
1555 buffer_put_int(&m, MUX_C_TERMINATE);
1556 buffer_put_int(&m, muxclient_request_id);
1558 if (mux_client_write_packet(fd, &m) != 0)
1559 fatal("%s: write packet: %s", __func__, strerror(errno));
1563 /* Read their reply */
1564 if (mux_client_read_packet(fd, &m) != 0) {
1565 /* Remote end exited already */
1566 if (errno == EPIPE) {
1570 fatal("%s: read from master failed: %s",
1571 __func__, strerror(errno));
1574 type = buffer_get_int(&m);
1575 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1576 fatal("%s: out of sequence reply: my id %u theirs %u",
1577 __func__, muxclient_request_id, rid);
1581 case MUX_S_PERMISSION_DENIED:
1582 e = buffer_get_string(&m, NULL);
1583 fatal("Master refused termination request: %s", e);
1585 e = buffer_get_string(&m, NULL);
1586 fatal("%s: termination request failed: %s", __func__, e);
1588 fatal("%s: unexpected response from master 0x%08x",
1592 muxclient_request_id++;
1596 mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd)
1602 fwd_desc = format_forward(ftype, fwd);
1603 debug("Requesting %s %s",
1604 cancel_flag ? "cancellation of" : "forwarding of", fwd_desc);
1608 buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD);
1609 buffer_put_int(&m, muxclient_request_id);
1610 buffer_put_int(&m, ftype);
1611 buffer_put_cstring(&m,
1612 fwd->listen_host == NULL ? "" : fwd->listen_host);
1613 buffer_put_int(&m, fwd->listen_port);
1614 buffer_put_cstring(&m,
1615 fwd->connect_host == NULL ? "" : fwd->connect_host);
1616 buffer_put_int(&m, fwd->connect_port);
1618 if (mux_client_write_packet(fd, &m) != 0)
1619 fatal("%s: write packet: %s", __func__, strerror(errno));
1623 /* Read their reply */
1624 if (mux_client_read_packet(fd, &m) != 0) {
1629 type = buffer_get_int(&m);
1630 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1631 fatal("%s: out of sequence reply: my id %u theirs %u",
1632 __func__, muxclient_request_id, rid);
1636 case MUX_S_REMOTE_PORT:
1638 fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__);
1639 fwd->allocated_port = buffer_get_int(&m);
1640 logit("Allocated port %u for remote forward to %s:%d",
1641 fwd->allocated_port,
1642 fwd->connect_host ? fwd->connect_host : "",
1644 if (muxclient_command == SSHMUX_COMMAND_FORWARD)
1645 fprintf(stdout, "%u\n", fwd->allocated_port);
1647 case MUX_S_PERMISSION_DENIED:
1648 e = buffer_get_string(&m, NULL);
1650 error("Master refused forwarding request: %s", e);
1653 e = buffer_get_string(&m, NULL);
1655 error("%s: forwarding request failed: %s", __func__, e);
1658 fatal("%s: unexpected response from master 0x%08x",
1663 muxclient_request_id++;
1668 mux_client_forwards(int fd, int cancel_flag)
1672 debug3("%s: %s forwardings: %d local, %d remote", __func__,
1673 cancel_flag ? "cancel" : "request",
1674 options.num_local_forwards, options.num_remote_forwards);
1676 /* XXX ExitOnForwardingFailure */
1677 for (i = 0; i < options.num_local_forwards; i++) {
1678 if (mux_client_forward(fd, cancel_flag,
1679 options.local_forwards[i].connect_port == 0 ?
1680 MUX_FWD_DYNAMIC : MUX_FWD_LOCAL,
1681 options.local_forwards + i) != 0)
1684 for (i = 0; i < options.num_remote_forwards; i++) {
1685 if (mux_client_forward(fd, cancel_flag, MUX_FWD_REMOTE,
1686 options.remote_forwards + i) != 0)
1693 mux_client_request_session(int fd)
1697 u_int i, rid, sid, esid, exitval, type, exitval_seen;
1698 extern char **environ;
1699 int devnull, rawmode;
1701 debug3("%s: entering", __func__);
1703 if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1704 error("%s: master alive request failed", __func__);
1708 signal(SIGPIPE, SIG_IGN);
1710 if (stdin_null_flag) {
1711 if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1712 fatal("open(/dev/null): %s", strerror(errno));
1713 if (dup2(devnull, STDIN_FILENO) == -1)
1714 fatal("dup2: %s", strerror(errno));
1715 if (devnull > STDERR_FILENO)
1719 term = getenv("TERM");
1722 buffer_put_int(&m, MUX_C_NEW_SESSION);
1723 buffer_put_int(&m, muxclient_request_id);
1724 buffer_put_cstring(&m, ""); /* reserved */
1725 buffer_put_int(&m, tty_flag);
1726 buffer_put_int(&m, options.forward_x11);
1727 buffer_put_int(&m, options.forward_agent);
1728 buffer_put_int(&m, subsystem_flag);
1729 buffer_put_int(&m, options.escape_char == SSH_ESCAPECHAR_NONE ?
1730 0xffffffff : (u_int)options.escape_char);
1731 buffer_put_cstring(&m, term == NULL ? "" : term);
1732 buffer_put_string(&m, buffer_ptr(&command), buffer_len(&command));
1734 if (options.num_send_env > 0 && environ != NULL) {
1735 /* Pass environment */
1736 for (i = 0; environ[i] != NULL; i++) {
1737 if (env_permitted(environ[i])) {
1738 buffer_put_cstring(&m, environ[i]);
1743 if (mux_client_write_packet(fd, &m) != 0)
1744 fatal("%s: write packet: %s", __func__, strerror(errno));
1746 /* Send the stdio file descriptors */
1747 if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1748 mm_send_fd(fd, STDOUT_FILENO) == -1 ||
1749 mm_send_fd(fd, STDERR_FILENO) == -1)
1750 fatal("%s: send fds failed", __func__);
1752 debug3("%s: session request sent", __func__);
1754 /* Read their reply */
1756 if (mux_client_read_packet(fd, &m) != 0) {
1757 error("%s: read from master failed: %s",
1758 __func__, strerror(errno));
1763 type = buffer_get_int(&m);
1764 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1765 fatal("%s: out of sequence reply: my id %u theirs %u",
1766 __func__, muxclient_request_id, rid);
1768 case MUX_S_SESSION_OPENED:
1769 sid = buffer_get_int(&m);
1770 debug("%s: master session id: %u", __func__, sid);
1772 case MUX_S_PERMISSION_DENIED:
1773 e = buffer_get_string(&m, NULL);
1775 error("Master refused session request: %s", e);
1778 e = buffer_get_string(&m, NULL);
1780 error("%s: session request failed: %s", __func__, e);
1784 error("%s: unexpected response from master 0x%08x",
1788 muxclient_request_id++;
1790 signal(SIGHUP, control_client_sighandler);
1791 signal(SIGINT, control_client_sighandler);
1792 signal(SIGTERM, control_client_sighandler);
1793 signal(SIGWINCH, control_client_sigrelay);
1797 enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1800 * Stick around until the controlee closes the client_fd.
1801 * Before it does, it is expected to write an exit message.
1802 * This process must read the value and wait for the closure of
1803 * the client_fd; if this one closes early, the multiplex master will
1804 * terminate early too (possibly losing data).
1806 for (exitval = 255, exitval_seen = 0;;) {
1808 if (mux_client_read_packet(fd, &m) != 0)
1810 type = buffer_get_int(&m);
1812 case MUX_S_TTY_ALLOC_FAIL:
1813 if ((esid = buffer_get_int(&m)) != sid)
1814 fatal("%s: tty alloc fail on unknown session: "
1815 "my id %u theirs %u",
1816 __func__, sid, esid);
1817 leave_raw_mode(options.request_tty ==
1821 case MUX_S_EXIT_MESSAGE:
1822 if ((esid = buffer_get_int(&m)) != sid)
1823 fatal("%s: exit on unknown session: "
1824 "my id %u theirs %u",
1825 __func__, sid, esid);
1827 fatal("%s: exitval sent twice", __func__);
1828 exitval = buffer_get_int(&m);
1832 e = buffer_get_string(&m, NULL);
1833 fatal("%s: master returned error: %s", __func__, e);
1839 leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1841 if (muxclient_terminate) {
1842 debug2("Exiting on signal %ld", (long)muxclient_terminate);
1844 } else if (!exitval_seen) {
1845 debug2("Control master terminated unexpectedly");
1848 debug2("Received exit status from master %d", exitval);
1850 if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
1851 fprintf(stderr, "Shared connection to %s closed.\r\n", host);
1857 mux_client_request_stdio_fwd(int fd)
1861 u_int type, rid, sid;
1864 debug3("%s: entering", __func__);
1866 if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
1867 error("%s: master alive request failed", __func__);
1871 signal(SIGPIPE, SIG_IGN);
1873 if (stdin_null_flag) {
1874 if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1875 fatal("open(/dev/null): %s", strerror(errno));
1876 if (dup2(devnull, STDIN_FILENO) == -1)
1877 fatal("dup2: %s", strerror(errno));
1878 if (devnull > STDERR_FILENO)
1883 buffer_put_int(&m, MUX_C_NEW_STDIO_FWD);
1884 buffer_put_int(&m, muxclient_request_id);
1885 buffer_put_cstring(&m, ""); /* reserved */
1886 buffer_put_cstring(&m, stdio_forward_host);
1887 buffer_put_int(&m, stdio_forward_port);
1889 if (mux_client_write_packet(fd, &m) != 0)
1890 fatal("%s: write packet: %s", __func__, strerror(errno));
1892 /* Send the stdio file descriptors */
1893 if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
1894 mm_send_fd(fd, STDOUT_FILENO) == -1)
1895 fatal("%s: send fds failed", __func__);
1897 debug3("%s: stdio forward request sent", __func__);
1899 /* Read their reply */
1902 if (mux_client_read_packet(fd, &m) != 0) {
1903 error("%s: read from master failed: %s",
1904 __func__, strerror(errno));
1909 type = buffer_get_int(&m);
1910 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1911 fatal("%s: out of sequence reply: my id %u theirs %u",
1912 __func__, muxclient_request_id, rid);
1914 case MUX_S_SESSION_OPENED:
1915 sid = buffer_get_int(&m);
1916 debug("%s: master session id: %u", __func__, sid);
1918 case MUX_S_PERMISSION_DENIED:
1919 e = buffer_get_string(&m, NULL);
1921 fatal("Master refused stdio forwarding request: %s", e);
1923 e = buffer_get_string(&m, NULL);
1925 fatal("%s: stdio forwarding request failed: %s", __func__, e);
1928 error("%s: unexpected response from master 0x%08x",
1932 muxclient_request_id++;
1934 signal(SIGHUP, control_client_sighandler);
1935 signal(SIGINT, control_client_sighandler);
1936 signal(SIGTERM, control_client_sighandler);
1937 signal(SIGWINCH, control_client_sigrelay);
1940 * Stick around until the controlee closes the client_fd.
1943 if (mux_client_read_packet(fd, &m) != 0) {
1944 if (errno == EPIPE ||
1945 (errno == EINTR && muxclient_terminate != 0))
1947 fatal("%s: mux_client_read_packet: %s",
1948 __func__, strerror(errno));
1950 fatal("%s: master returned unexpected message %u", __func__, type);
1954 mux_client_request_stop_listening(int fd)
1960 debug3("%s: entering", __func__);
1963 buffer_put_int(&m, MUX_C_STOP_LISTENING);
1964 buffer_put_int(&m, muxclient_request_id);
1966 if (mux_client_write_packet(fd, &m) != 0)
1967 fatal("%s: write packet: %s", __func__, strerror(errno));
1971 /* Read their reply */
1972 if (mux_client_read_packet(fd, &m) != 0)
1973 fatal("%s: read from master failed: %s",
1974 __func__, strerror(errno));
1976 type = buffer_get_int(&m);
1977 if ((rid = buffer_get_int(&m)) != muxclient_request_id)
1978 fatal("%s: out of sequence reply: my id %u theirs %u",
1979 __func__, muxclient_request_id, rid);
1983 case MUX_S_PERMISSION_DENIED:
1984 e = buffer_get_string(&m, NULL);
1985 fatal("Master refused stop listening request: %s", e);
1987 e = buffer_get_string(&m, NULL);
1988 fatal("%s: stop listening request failed: %s", __func__, e);
1990 fatal("%s: unexpected response from master 0x%08x",
1994 muxclient_request_id++;
1997 /* Multiplex client main loop. */
1999 muxclient(const char *path)
2001 struct sockaddr_un addr;
2006 if (muxclient_command == 0) {
2007 if (stdio_forward_host != NULL)
2008 muxclient_command = SSHMUX_COMMAND_STDIO_FWD;
2010 muxclient_command = SSHMUX_COMMAND_OPEN;
2013 switch (options.control_master) {
2014 case SSHCTL_MASTER_AUTO:
2015 case SSHCTL_MASTER_AUTO_ASK:
2016 debug("auto-mux: Trying existing master");
2018 case SSHCTL_MASTER_NO:
2024 memset(&addr, '\0', sizeof(addr));
2025 addr.sun_family = AF_UNIX;
2026 sun_len = offsetof(struct sockaddr_un, sun_path) +
2029 if (strlcpy(addr.sun_path, path,
2030 sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
2031 fatal("ControlPath too long");
2033 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
2034 fatal("%s socket(): %s", __func__, strerror(errno));
2036 if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) {
2037 switch (muxclient_command) {
2038 case SSHMUX_COMMAND_OPEN:
2039 case SSHMUX_COMMAND_STDIO_FWD:
2042 fatal("Control socket connect(%.100s): %s", path,
2045 if (errno == ECONNREFUSED &&
2046 options.control_master != SSHCTL_MASTER_NO) {
2047 debug("Stale control socket %.100s, unlinking", path);
2049 } else if (errno == ENOENT) {
2050 debug("Control socket \"%.100s\" does not exist", path);
2052 error("Control socket connect(%.100s): %s", path,
2060 if (mux_client_hello_exchange(sock) != 0) {
2061 error("%s: master hello exchange failed", __func__);
2066 switch (muxclient_command) {
2067 case SSHMUX_COMMAND_ALIVE_CHECK:
2068 if ((pid = mux_client_request_alive(sock)) == 0)
2069 fatal("%s: master alive check failed", __func__);
2070 fprintf(stderr, "Master running (pid=%d)\r\n", pid);
2072 case SSHMUX_COMMAND_TERMINATE:
2073 mux_client_request_terminate(sock);
2074 fprintf(stderr, "Exit request sent.\r\n");
2076 case SSHMUX_COMMAND_FORWARD:
2077 if (mux_client_forwards(sock, 0) != 0)
2078 fatal("%s: master forward request failed", __func__);
2080 case SSHMUX_COMMAND_OPEN:
2081 if (mux_client_forwards(sock, 0) != 0) {
2082 error("%s: master forward request failed", __func__);
2085 mux_client_request_session(sock);
2087 case SSHMUX_COMMAND_STDIO_FWD:
2088 mux_client_request_stdio_fwd(sock);
2090 case SSHMUX_COMMAND_STOP:
2091 mux_client_request_stop_listening(sock);
2092 fprintf(stderr, "Stop listening request sent.\r\n");
2094 case SSHMUX_COMMAND_CANCEL_FWD:
2095 if (mux_client_forwards(sock, 1) != 0)
2096 error("%s: master cancel forward request failed",
2100 fatal("unrecognised muxclient_command %d", muxclient_command);
projects / FreeBSD / releng / 10.0.git / blob