1 /* $NetBSD: clientloop.c,v 1.34 2021/09/27 17:03:13 christos Exp $ */ 2 /* $OpenBSD: clientloop.c,v 1.370 2021/08/29 23:44:07 djm Exp $ */ 3 4 /* 5 * Author: Tatu Ylonen <ylo@cs.hut.fi> 6 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 7 * All rights reserved 8 * The main loop for the interactive session (client side). 9 * 10 * As far as I am concerned, the code I have written for this software 11 * can be used freely for any purpose. Any derived versions of this 12 * software must be clearly marked as such, and if the derived work is 13 * incompatible with the protocol description in the RFC file, it must be 14 * called by a name other than "ssh" or "Secure Shell". 15 * 16 * 17 * Copyright (c) 1999 Theo de Raadt. All rights reserved. 18 * 19 * Redistribution and use in source and binary forms, with or without 20 * modification, are permitted provided that the following conditions 21 * are met: 22 * 1. Redistributions of source code must retain the above copyright 23 * notice, this list of conditions and the following disclaimer. 24 * 2. Redistributions in binary form must reproduce the above copyright 25 * notice, this list of conditions and the following disclaimer in the 26 * documentation and/or other materials provided with the distribution. 27 * 28 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 29 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 30 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 31 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 32 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 33 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38 * 39 * 40 * SSH2 support added by Markus Friedl. 41 * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. 42 * 43 * Redistribution and use in source and binary forms, with or without 44 * modification, are permitted provided that the following conditions 45 * are met: 46 * 1. Redistributions of source code must retain the above copyright 47 * notice, this list of conditions and the following disclaimer. 48 * 2. Redistributions in binary form must reproduce the above copyright 49 * notice, this list of conditions and the following disclaimer in the 50 * documentation and/or other materials provided with the distribution. 51 * 52 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 53 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 54 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 55 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 56 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 57 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 58 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 59 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 60 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 61 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 62 */ 63 64 #include "includes.h" 65 __RCSID("$NetBSD: clientloop.c,v 1.34 2021/09/27 17:03:13 christos Exp $"); 66 67 #include <sys/types.h> 68 #include <sys/ioctl.h> 69 #include <sys/stat.h> 70 #include <sys/socket.h> 71 #include <sys/time.h> 72 #include <sys/queue.h> 73 74 #include <ctype.h> 75 #include <errno.h> 76 #include <paths.h> 77 #include <signal.h> 78 #include <stdio.h> 79 #include <stdlib.h> 80 #include <string.h> 81 #include <stdarg.h> 82 #include <termios.h> 83 #include <pwd.h> 84 #include <unistd.h> 85 #include <limits.h> 86 87 #include "xmalloc.h" 88 #include "ssh.h" 89 #include "ssh2.h" 90 #include "packet.h" 91 #include "sshbuf.h" 92 #include "compat.h" 93 #include "channels.h" 94 #include "dispatch.h" 95 #include "sshkey.h" 96 #include "cipher.h" 97 #include "kex.h" 98 #include "myproposal.h" 99 #include "log.h" 100 #include "misc.h" 101 #include "readconf.h" 102 #include "clientloop.h" 103 #include "sshconnect.h" 104 #include "authfd.h" 105 #include "atomicio.h" 106 #include "sshpty.h" 107 #include "match.h" 108 #include "msg.h" 109 #include "getpeereid.h" 110 #include "ssherr.h" 111 #include "hostfile.h" 112 113 /* import options */ 114 extern Options options; 115 116 /* Control socket */ 117 extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */ 118 119 /* 120 * Name of the host we are connecting to. This is the name given on the 121 * command line, or the Hostname specified for the user-supplied name in a 122 * configuration file. 123 */ 124 extern char *host; 125 126 /* 127 * If this field is not NULL, the ForwardAgent socket is this path and different 128 * instead of SSH_AUTH_SOCK. 129 */ 130 extern char *forward_agent_sock_path; 131 132 /* 133 * Flag to indicate that we have received a window change signal which has 134 * not yet been processed. This will cause a message indicating the new 135 * window size to be sent to the server a little later. This is volatile 136 * because this is updated in a signal handler. 137 */ 138 static volatile sig_atomic_t received_window_change_signal = 0; 139 static volatile sig_atomic_t received_signal = 0; 140 141 /* Time when backgrounded control master using ControlPersist should exit */ 142 static time_t control_persist_exit_time = 0; 143 144 /* Common data for the client loop code. */ 145 volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */ 146 static int last_was_cr; /* Last character was a newline. */ 147 static int exit_status; /* Used to store the command exit status. */ 148 static struct sshbuf *stderr_buffer; /* Used for final exit message. */ 149 static int connection_in; /* Connection to server (input). */ 150 static int connection_out; /* Connection to server (output). */ 151 static int need_rekeying; /* Set to non-zero if rekeying is requested. */ 152 static int session_closed; /* In SSH2: login session closed. */ 153 static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ 154 static time_t server_alive_time; /* Time to do server_alive_check */ 155 156 static void client_init_dispatch(struct ssh *ssh); 157 int session_ident = -1; 158 159 /* Track escape per proto2 channel */ 160 struct escape_filter_ctx { 161 int escape_pending; 162 int escape_char; 163 }; 164 165 /* Context for channel confirmation replies */ 166 struct channel_reply_ctx { 167 const char *request_type; 168 int id; 169 enum confirm_action action; 170 }; 171 172 /* Global request success/failure callbacks */ 173 /* XXX move to struct ssh? */ 174 struct global_confirm { 175 TAILQ_ENTRY(global_confirm) entry; 176 global_confirm_cb *cb; 177 void *ctx; 178 int ref_count; 179 }; 180 TAILQ_HEAD(global_confirms, global_confirm); 181 static struct global_confirms global_confirms = 182 TAILQ_HEAD_INITIALIZER(global_confirms); 183 184 void ssh_process_session2_setup(int, int, int, struct sshbuf *); 185 186 /* 187 * Signal handler for the window change signal (SIGWINCH). This just sets a 188 * flag indicating that the window has changed. 189 */ 190 /*ARGSUSED */ 191 static void 192 window_change_handler(int sig) 193 { 194 received_window_change_signal = 1; 195 } 196 197 /* 198 * Signal handler for signals that cause the program to terminate. These 199 * signals must be trapped to restore terminal modes. 200 */ 201 /*ARGSUSED */ 202 static void 203 signal_handler(int sig) 204 { 205 received_signal = sig; 206 quit_pending = 1; 207 } 208 209 /* 210 * Sets control_persist_exit_time to the absolute time when the 211 * backgrounded control master should exit due to expiry of the 212 * ControlPersist timeout. Sets it to 0 if we are not a backgrounded 213 * control master process, or if there is no ControlPersist timeout. 214 */ 215 static void 216 set_control_persist_exit_time(struct ssh *ssh) 217 { 218 if (muxserver_sock == -1 || !options.control_persist 219 || options.control_persist_timeout == 0) { 220 /* not using a ControlPersist timeout */ 221 control_persist_exit_time = 0; 222 } else if (channel_still_open(ssh)) { 223 /* some client connections are still open */ 224 if (control_persist_exit_time > 0) 225 debug2_f("cancel scheduled exit"); 226 control_persist_exit_time = 0; 227 } else if (control_persist_exit_time <= 0) { 228 /* a client connection has recently closed */ 229 control_persist_exit_time = monotime() + 230 (time_t)options.control_persist_timeout; 231 debug2_f("schedule exit in %d seconds", 232 options.control_persist_timeout); 233 } 234 /* else we are already counting down to the timeout */ 235 } 236 237 #define SSH_X11_VALID_DISPLAY_CHARS ":/.-_" 238 static int 239 client_x11_display_valid(const char *display) 240 { 241 size_t i, dlen; 242 243 if (display == NULL) 244 return 0; 245 246 dlen = strlen(display); 247 for (i = 0; i < dlen; i++) { 248 if (!isalnum((u_char)display[i]) && 249 strchr(SSH_X11_VALID_DISPLAY_CHARS, display[i]) == NULL) { 250 debug("Invalid character '%c' in DISPLAY", display[i]); 251 return 0; 252 } 253 } 254 return 1; 255 } 256 257 #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" 258 #define X11_TIMEOUT_SLACK 60 259 int 260 client_x11_get_proto(struct ssh *ssh, const char *display, 261 const char *xauth_path, u_int trusted, u_int timeout, 262 char **_proto, char **_data) 263 { 264 char *cmd, line[512], xdisplay[512]; 265 char xauthfile[PATH_MAX], xauthdir[PATH_MAX]; 266 static char proto[512], data[512]; 267 FILE *f; 268 int got_data = 0, generated = 0, do_unlink = 0, r; 269 struct stat st; 270 u_int now, x11_timeout_real; 271 272 *_proto = proto; 273 *_data = data; 274 proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0'; 275 276 if (!client_x11_display_valid(display)) { 277 if (display != NULL) 278 logit("DISPLAY \"%s\" invalid; disabling X11 forwarding", 279 display); 280 return -1; 281 } 282 if (xauth_path != NULL && stat(xauth_path, &st) == -1) { 283 debug("No xauth program."); 284 xauth_path = NULL; 285 } 286 287 if (xauth_path != NULL) { 288 /* 289 * Handle FamilyLocal case where $DISPLAY does 290 * not match an authorization entry. For this we 291 * just try "xauth list unix:displaynum.screennum". 292 * XXX: "localhost" match to determine FamilyLocal 293 * is not perfect. 294 */ 295 if (strncmp(display, "localhost:", 10) == 0) { 296 if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s", 297 display + 10)) < 0 || 298 (size_t)r >= sizeof(xdisplay)) { 299 error_f("display name too long"); 300 return -1; 301 } 302 display = xdisplay; 303 } 304 if (trusted == 0) { 305 /* 306 * Generate an untrusted X11 auth cookie. 307 * 308 * The authentication cookie should briefly outlive 309 * ssh's willingness to forward X11 connections to 310 * avoid nasty fail-open behaviour in the X server. 311 */ 312 mktemp_proto(xauthdir, sizeof(xauthdir)); 313 if (mkdtemp(xauthdir) == NULL) { 314 error_f("mkdtemp: %s", strerror(errno)); 315 return -1; 316 } 317 do_unlink = 1; 318 if ((r = snprintf(xauthfile, sizeof(xauthfile), 319 "%s/xauthfile", xauthdir)) < 0 || 320 (size_t)r >= sizeof(xauthfile)) { 321 error_f("xauthfile path too long"); 322 rmdir(xauthdir); 323 return -1; 324 } 325 326 if (timeout == 0) { 327 /* auth doesn't time out */ 328 xasprintf(&cmd, "%s -f %s generate %s %s " 329 "untrusted 2>%s", 330 xauth_path, xauthfile, display, 331 SSH_X11_PROTO, _PATH_DEVNULL); 332 } else { 333 /* Add some slack to requested expiry */ 334 if (timeout < UINT_MAX - X11_TIMEOUT_SLACK) 335 x11_timeout_real = timeout + 336 X11_TIMEOUT_SLACK; 337 else { 338 /* Don't overflow on long timeouts */ 339 x11_timeout_real = UINT_MAX; 340 } 341 xasprintf(&cmd, "%s -f %s generate %s %s " 342 "untrusted timeout %u 2>%s", 343 xauth_path, xauthfile, display, 344 SSH_X11_PROTO, x11_timeout_real, 345 _PATH_DEVNULL); 346 } 347 debug2_f("xauth command: %s", cmd); 348 349 if (timeout != 0 && x11_refuse_time == 0) { 350 now = monotime() + 1; 351 if (UINT_MAX - timeout < now) 352 x11_refuse_time = UINT_MAX; 353 else 354 x11_refuse_time = now + timeout; 355 channel_set_x11_refuse_time(ssh, 356 x11_refuse_time); 357 } 358 if (system(cmd) == 0) 359 generated = 1; 360 free(cmd); 361 } 362 363 /* 364 * When in untrusted mode, we read the cookie only if it was 365 * successfully generated as an untrusted one in the step 366 * above. 367 */ 368 if (trusted || generated) { 369 xasprintf(&cmd, 370 "%s %s%s list %s 2>" _PATH_DEVNULL, 371 xauth_path, 372 generated ? "-f " : "" , 373 generated ? xauthfile : "", 374 display); 375 debug2("x11_get_proto: %s", cmd); 376 f = popen(cmd, "r"); 377 if (f && fgets(line, sizeof(line), f) && 378 sscanf(line, "%*s %511s %511s", proto, data) == 2) 379 got_data = 1; 380 if (f) 381 pclose(f); 382 free(cmd); 383 } 384 } 385 386 if (do_unlink) { 387 unlink(xauthfile); 388 rmdir(xauthdir); 389 } 390 391 /* Don't fall back to fake X11 data for untrusted forwarding */ 392 if (!trusted && !got_data) { 393 error("Warning: untrusted X11 forwarding setup failed: " 394 "xauth key data not generated"); 395 return -1; 396 } 397 398 /* 399 * If we didn't get authentication data, just make up some 400 * data. The forwarding code will check the validity of the 401 * response anyway, and substitute this data. The X11 402 * server, however, will ignore this fake data and use 403 * whatever authentication mechanisms it was using otherwise 404 * for the local connection. 405 */ 406 if (!got_data) { 407 u_int8_t rnd[16]; 408 u_int i; 409 410 logit("Warning: No xauth data; " 411 "using fake authentication data for X11 forwarding."); 412 strlcpy(proto, SSH_X11_PROTO, sizeof proto); 413 arc4random_buf(rnd, sizeof(rnd)); 414 for (i = 0; i < sizeof(rnd); i++) { 415 snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", 416 rnd[i]); 417 } 418 } 419 420 return 0; 421 } 422 423 /* 424 * Checks if the client window has changed, and sends a packet about it to 425 * the server if so. The actual change is detected elsewhere (by a software 426 * interrupt on Unix); this just checks the flag and sends a message if 427 * appropriate. 428 */ 429 430 static void 431 client_check_window_change(struct ssh *ssh) 432 { 433 if (!received_window_change_signal) 434 return; 435 received_window_change_signal = 0; 436 debug2_f("changed"); 437 channel_send_window_changes(ssh); 438 } 439 440 static int 441 client_global_request_reply(int type, u_int32_t seq, struct ssh *ssh) 442 { 443 struct global_confirm *gc; 444 445 if ((gc = TAILQ_FIRST(&global_confirms)) == NULL) 446 return 0; 447 if (gc->cb != NULL) 448 gc->cb(ssh, type, seq, gc->ctx); 449 if (--gc->ref_count <= 0) { 450 TAILQ_REMOVE(&global_confirms, gc, entry); 451 freezero(gc, sizeof(*gc)); 452 } 453 454 ssh_packet_set_alive_timeouts(ssh, 0); 455 return 0; 456 } 457 458 static void 459 schedule_server_alive_check(void) 460 { 461 if (options.server_alive_interval > 0) 462 server_alive_time = monotime() + options.server_alive_interval; 463 } 464 465 static void 466 server_alive_check(struct ssh *ssh) 467 { 468 int r; 469 470 if (ssh_packet_inc_alive_timeouts(ssh) > options.server_alive_count_max) { 471 logit("Timeout, server %s not responding.", host); 472 cleanup_exit(255); 473 } 474 if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || 475 (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) != 0 || 476 (r = sshpkt_put_u8(ssh, 1)) != 0 || /* boolean: want reply */ 477 (r = sshpkt_send(ssh)) != 0) 478 fatal_fr(r, "send packet"); 479 /* Insert an empty placeholder to maintain ordering */ 480 client_register_global_confirm(NULL, NULL); 481 schedule_server_alive_check(); 482 } 483 484 /* 485 * Waits until the client can do something (some data becomes available on 486 * one of the file descriptors). 487 */ 488 static void 489 client_wait_until_can_do_something(struct ssh *ssh, 490 fd_set **readsetp, fd_set **writesetp, 491 int *maxfdp, u_int *nallocp, int rekeying) 492 { 493 struct timeval tv, *tvp; 494 int timeout_secs; 495 time_t minwait_secs = 0, now = monotime(); 496 int r, ret; 497 498 /* Add any selections by the channel mechanism. */ 499 channel_prepare_select(ssh, readsetp, writesetp, maxfdp, 500 nallocp, &minwait_secs); 501 502 /* channel_prepare_select could have closed the last channel */ 503 if (session_closed && !channel_still_open(ssh) && 504 !ssh_packet_have_data_to_write(ssh)) { 505 /* clear mask since we did not call select() */ 506 memset(*readsetp, 0, *nallocp); 507 memset(*writesetp, 0, *nallocp); 508 return; 509 } 510 511 FD_SET(connection_in, *readsetp); 512 513 /* Select server connection if have data to write to the server. */ 514 if (ssh_packet_have_data_to_write(ssh)) 515 FD_SET(connection_out, *writesetp); 516 517 /* 518 * Wait for something to happen. This will suspend the process until 519 * some selected descriptor can be read, written, or has some other 520 * event pending, or a timeout expires. 521 */ 522 523 timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ 524 if (options.server_alive_interval > 0) 525 timeout_secs = MAXIMUM(server_alive_time - now, 0); 526 if (options.rekey_interval > 0 && !rekeying) 527 timeout_secs = MINIMUM(timeout_secs, 528 ssh_packet_get_rekey_timeout(ssh)); 529 set_control_persist_exit_time(ssh); 530 if (control_persist_exit_time > 0) { 531 timeout_secs = MINIMUM(timeout_secs, 532 control_persist_exit_time - now); 533 if (timeout_secs < 0) 534 timeout_secs = 0; 535 } 536 if (minwait_secs != 0) 537 timeout_secs = MINIMUM(timeout_secs, (int)minwait_secs); 538 if (timeout_secs == INT_MAX) 539 tvp = NULL; 540 else { 541 tv.tv_sec = timeout_secs; 542 tv.tv_usec = 0; 543 tvp = &tv; 544 } 545 546 ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); 547 if (ret == -1) { 548 /* 549 * We have to clear the select masks, because we return. 550 * We have to return, because the mainloop checks for the flags 551 * set by the signal handlers. 552 */ 553 memset(*readsetp, 0, *nallocp); 554 memset(*writesetp, 0, *nallocp); 555 if (errno == EINTR) 556 return; 557 /* Note: we might still have data in the buffers. */ 558 if ((r = sshbuf_putf(stderr_buffer, 559 "select: %s\r\n", strerror(errno))) != 0) 560 fatal_fr(r, "sshbuf_putf"); 561 quit_pending = 1; 562 } else if (options.server_alive_interval > 0 && !FD_ISSET(connection_in, 563 *readsetp) && monotime() >= server_alive_time) 564 /* 565 * ServerAlive check is needed. We can't rely on the select 566 * timing out since traffic on the client side such as port 567 * forwards can keep waking it up. 568 */ 569 server_alive_check(ssh); 570 } 571 572 static void 573 client_suspend_self(struct sshbuf *bin, struct sshbuf *bout, struct sshbuf *berr) 574 { 575 /* Flush stdout and stderr buffers. */ 576 if (sshbuf_len(bout) > 0) 577 atomicio(vwrite, fileno(stdout), sshbuf_mutable_ptr(bout), 578 sshbuf_len(bout)); 579 if (sshbuf_len(berr) > 0) 580 atomicio(vwrite, fileno(stderr), sshbuf_mutable_ptr(berr), 581 sshbuf_len(berr)); 582 583 leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 584 585 sshbuf_reset(bin); 586 sshbuf_reset(bout); 587 sshbuf_reset(berr); 588 589 /* Send the suspend signal to the program itself. */ 590 kill(getpid(), SIGTSTP); 591 592 /* Reset window sizes in case they have changed */ 593 received_window_change_signal = 1; 594 595 enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 596 } 597 598 static void 599 client_process_net_input(struct ssh *ssh, fd_set *readset) 600 { 601 char buf[8192]; 602 int r, len; 603 604 /* 605 * Read input from the server, and add any such data to the buffer of 606 * the packet subsystem. 607 */ 608 if (FD_ISSET(connection_in, readset)) { 609 schedule_server_alive_check(); 610 /* Read as much as possible. */ 611 len = read(connection_in, buf, sizeof(buf)); 612 if (len == 0) { 613 /* 614 * Received EOF. The remote host has closed the 615 * connection. 616 */ 617 if ((r = sshbuf_putf(stderr_buffer, 618 "Connection to %.300s closed by remote host.\r\n", 619 host)) != 0) 620 fatal_fr(r, "sshbuf_putf"); 621 quit_pending = 1; 622 return; 623 } 624 /* 625 * There is a kernel bug on Solaris that causes select to 626 * sometimes wake up even though there is no data available. 627 */ 628 if (len == -1 && (errno == EAGAIN || errno == EINTR)) 629 len = 0; 630 631 if (len == -1) { 632 /* 633 * An error has encountered. Perhaps there is a 634 * network problem. 635 */ 636 if ((r = sshbuf_putf(stderr_buffer, 637 "Read from remote host %.300s: %.100s\r\n", 638 host, strerror(errno))) != 0) 639 fatal_fr(r, "sshbuf_putf"); 640 quit_pending = 1; 641 return; 642 } 643 ssh_packet_process_incoming(ssh, buf, len); 644 } 645 } 646 647 static void 648 client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx) 649 { 650 struct channel_reply_ctx *cr = (struct channel_reply_ctx *)ctx; 651 char errmsg[256]; 652 int r, tochan; 653 654 /* 655 * If a TTY was explicitly requested, then a failure to allocate 656 * one is fatal. 657 */ 658 if (cr->action == CONFIRM_TTY && 659 (options.request_tty == REQUEST_TTY_FORCE || 660 options.request_tty == REQUEST_TTY_YES)) 661 cr->action = CONFIRM_CLOSE; 662 663 /* XXX suppress on mux _client_ quietmode */ 664 tochan = options.log_level >= SYSLOG_LEVEL_ERROR && 665 c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE; 666 667 if (type == SSH2_MSG_CHANNEL_SUCCESS) { 668 debug2("%s request accepted on channel %d", 669 cr->request_type, c->self); 670 } else if (type == SSH2_MSG_CHANNEL_FAILURE) { 671 if (tochan) { 672 snprintf(errmsg, sizeof(errmsg), 673 "%s request failed\r\n", cr->request_type); 674 } else { 675 snprintf(errmsg, sizeof(errmsg), 676 "%s request failed on channel %d", 677 cr->request_type, c->self); 678 } 679 /* If error occurred on primary session channel, then exit */ 680 if (cr->action == CONFIRM_CLOSE && c->self == session_ident) 681 fatal("%s", errmsg); 682 /* 683 * If error occurred on mux client, append to 684 * their stderr. 685 */ 686 if (tochan) { 687 debug3_f("channel %d: mux request: %s", c->self, 688 cr->request_type); 689 if ((r = sshbuf_put(c->extended, errmsg, 690 strlen(errmsg))) != 0) 691 fatal_fr(r, "sshbuf_put"); 692 } else 693 error("%s", errmsg); 694 if (cr->action == CONFIRM_TTY) { 695 /* 696 * If a TTY allocation error occurred, then arrange 697 * for the correct TTY to leave raw mode. 698 */ 699 if (c->self == session_ident) 700 leave_raw_mode(0); 701 else 702 mux_tty_alloc_failed(ssh, c); 703 } else if (cr->action == CONFIRM_CLOSE) { 704 chan_read_failed(ssh, c); 705 chan_write_failed(ssh, c); 706 } 707 } 708 free(cr); 709 } 710 711 static void 712 client_abandon_status_confirm(struct ssh *ssh, Channel *c, void *ctx) 713 { 714 free(ctx); 715 } 716 717 void 718 client_expect_confirm(struct ssh *ssh, int id, const char *request, 719 enum confirm_action action) 720 { 721 struct channel_reply_ctx *cr = xcalloc(1, sizeof(*cr)); 722 723 cr->request_type = request; 724 cr->action = action; 725 726 channel_register_status_confirm(ssh, id, client_status_confirm, 727 client_abandon_status_confirm, cr); 728 } 729 730 void 731 client_register_global_confirm(global_confirm_cb *cb, void *ctx) 732 { 733 struct global_confirm *gc, *last_gc; 734 735 /* Coalesce identical callbacks */ 736 last_gc = TAILQ_LAST(&global_confirms, global_confirms); 737 if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) { 738 if (++last_gc->ref_count >= INT_MAX) 739 fatal_f("last_gc->ref_count = %d", 740 last_gc->ref_count); 741 return; 742 } 743 744 gc = xcalloc(1, sizeof(*gc)); 745 gc->cb = cb; 746 gc->ctx = ctx; 747 gc->ref_count = 1; 748 TAILQ_INSERT_TAIL(&global_confirms, gc, entry); 749 } 750 751 static void 752 process_cmdline(struct ssh *ssh) 753 { 754 void (*handler)(int); 755 char *s, *cmd; 756 int ok, delete = 0, local = 0, remote = 0, dynamic = 0; 757 struct Forward fwd; 758 759 memset(&fwd, 0, sizeof(fwd)); 760 761 leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 762 handler = ssh_signal(SIGINT, SIG_IGN); 763 cmd = s = read_passphrase("\r\nssh> ", RP_ECHO); 764 if (s == NULL) 765 goto out; 766 while (isspace((u_char)*s)) 767 s++; 768 if (*s == '-') 769 s++; /* Skip cmdline '-', if any */ 770 if (*s == '\0') 771 goto out; 772 773 if (*s == 'h' || *s == 'H' || *s == '?') { 774 logit("Commands:"); 775 logit(" -L[bind_address:]port:host:hostport " 776 "Request local forward"); 777 logit(" -R[bind_address:]port:host:hostport " 778 "Request remote forward"); 779 logit(" -D[bind_address:]port " 780 "Request dynamic forward"); 781 logit(" -KL[bind_address:]port " 782 "Cancel local forward"); 783 logit(" -KR[bind_address:]port " 784 "Cancel remote forward"); 785 logit(" -KD[bind_address:]port " 786 "Cancel dynamic forward"); 787 if (!options.permit_local_command) 788 goto out; 789 logit(" !args " 790 "Execute local command"); 791 goto out; 792 } 793 794 if (*s == '!' && options.permit_local_command) { 795 s++; 796 ssh_local_cmd(s); 797 goto out; 798 } 799 800 if (*s == 'K') { 801 delete = 1; 802 s++; 803 } 804 if (*s == 'L') 805 local = 1; 806 else if (*s == 'R') 807 remote = 1; 808 else if (*s == 'D') 809 dynamic = 1; 810 else { 811 logit("Invalid command."); 812 goto out; 813 } 814 815 while (isspace((u_char)*++s)) 816 ; 817 818 /* XXX update list of forwards in options */ 819 if (delete) { 820 /* We pass 1 for dynamicfwd to restrict to 1 or 2 fields. */ 821 if (!parse_forward(&fwd, s, 1, 0)) { 822 logit("Bad forwarding close specification."); 823 goto out; 824 } 825 if (remote) 826 ok = channel_request_rforward_cancel(ssh, &fwd) == 0; 827 else if (dynamic) 828 ok = channel_cancel_lport_listener(ssh, &fwd, 829 0, &options.fwd_opts) > 0; 830 else 831 ok = channel_cancel_lport_listener(ssh, &fwd, 832 CHANNEL_CANCEL_PORT_STATIC, 833 &options.fwd_opts) > 0; 834 if (!ok) { 835 logit("Unknown port forwarding."); 836 goto out; 837 } 838 logit("Canceled forwarding."); 839 } else { 840 if (!parse_forward(&fwd, s, dynamic, remote)) { 841 logit("Bad forwarding specification."); 842 goto out; 843 } 844 if (local || dynamic) { 845 if (!channel_setup_local_fwd_listener(ssh, &fwd, 846 &options.fwd_opts)) { 847 logit("Port forwarding failed."); 848 goto out; 849 } 850 } else { 851 if (channel_request_remote_forwarding(ssh, &fwd) < 0) { 852 logit("Port forwarding failed."); 853 goto out; 854 } 855 } 856 logit("Forwarding port."); 857 } 858 859 out: 860 ssh_signal(SIGINT, handler); 861 enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 862 free(cmd); 863 free(fwd.listen_host); 864 free(fwd.listen_path); 865 free(fwd.connect_host); 866 free(fwd.connect_path); 867 } 868 869 /* reasons to suppress output of an escape command in help output */ 870 #define SUPPRESS_NEVER 0 /* never suppress, always show */ 871 #define SUPPRESS_MUXCLIENT 1 /* don't show in mux client sessions */ 872 #define SUPPRESS_MUXMASTER 2 /* don't show in mux master sessions */ 873 #define SUPPRESS_SYSLOG 4 /* don't show when logging to syslog */ 874 struct escape_help_text { 875 const char *cmd; 876 const char *text; 877 unsigned int flags; 878 }; 879 static struct escape_help_text esc_txt[] = { 880 {".", "terminate session", SUPPRESS_MUXMASTER}, 881 {".", "terminate connection (and any multiplexed sessions)", 882 SUPPRESS_MUXCLIENT}, 883 {"B", "send a BREAK to the remote system", SUPPRESS_NEVER}, 884 {"C", "open a command line", SUPPRESS_MUXCLIENT}, 885 {"R", "request rekey", SUPPRESS_NEVER}, 886 {"V/v", "decrease/increase verbosity (LogLevel)", SUPPRESS_MUXCLIENT}, 887 {"^Z", "suspend ssh", SUPPRESS_MUXCLIENT}, 888 {"#", "list forwarded connections", SUPPRESS_NEVER}, 889 {"&", "background ssh (when waiting for connections to terminate)", 890 SUPPRESS_MUXCLIENT}, 891 {"?", "this message", SUPPRESS_NEVER}, 892 }; 893 894 static void 895 print_escape_help(struct sshbuf *b, int escape_char, int mux_client, 896 int using_stderr) 897 { 898 unsigned int i, suppress_flags; 899 int r; 900 901 if ((r = sshbuf_putf(b, 902 "%c?\r\nSupported escape sequences:\r\n", escape_char)) != 0) 903 fatal_fr(r, "sshbuf_putf"); 904 905 suppress_flags = 906 (mux_client ? SUPPRESS_MUXCLIENT : 0) | 907 (mux_client ? 0 : SUPPRESS_MUXMASTER) | 908 (using_stderr ? 0 : SUPPRESS_SYSLOG); 909 910 for (i = 0; i < sizeof(esc_txt)/sizeof(esc_txt[0]); i++) { 911 if (esc_txt[i].flags & suppress_flags) 912 continue; 913 if ((r = sshbuf_putf(b, " %c%-3s - %s\r\n", 914 escape_char, esc_txt[i].cmd, esc_txt[i].text)) != 0) 915 fatal_fr(r, "sshbuf_putf"); 916 } 917 918 if ((r = sshbuf_putf(b, 919 " %c%c - send the escape character by typing it twice\r\n" 920 "(Note that escapes are only recognized immediately after " 921 "newline.)\r\n", escape_char, escape_char)) != 0) 922 fatal_fr(r, "sshbuf_putf"); 923 } 924 925 /* 926 * Process the characters one by one. 927 */ 928 static int 929 process_escapes(struct ssh *ssh, Channel *c, 930 struct sshbuf *bin, struct sshbuf *bout, struct sshbuf *berr, 931 const char *buf, int len) 932 { 933 pid_t pid; 934 int r, bytes = 0; 935 u_int i; 936 u_char ch; 937 char *s; 938 struct escape_filter_ctx *efc = c->filter_ctx == NULL ? 939 NULL : (struct escape_filter_ctx *)c->filter_ctx; 940 941 if (c->filter_ctx == NULL) 942 return 0; 943 944 if (len <= 0) 945 return (0); 946 947 for (i = 0; i < (u_int)len; i++) { 948 /* Get one character at a time. */ 949 ch = buf[i]; 950 951 if (efc->escape_pending) { 952 /* We have previously seen an escape character. */ 953 /* Clear the flag now. */ 954 efc->escape_pending = 0; 955 956 /* Process the escaped character. */ 957 switch (ch) { 958 case '.': 959 /* Terminate the connection. */ 960 if ((r = sshbuf_putf(berr, "%c.\r\n", 961 efc->escape_char)) != 0) 962 fatal_fr(r, "sshbuf_putf"); 963 if (c && c->ctl_chan != -1) { 964 chan_read_failed(ssh, c); 965 chan_write_failed(ssh, c); 966 if (c->detach_user) { 967 c->detach_user(ssh, 968 c->self, NULL); 969 } 970 c->type = SSH_CHANNEL_ABANDONED; 971 sshbuf_reset(c->input); 972 chan_ibuf_empty(ssh, c); 973 return 0; 974 } else 975 quit_pending = 1; 976 return -1; 977 978 case 'Z' - 64: 979 /* XXX support this for mux clients */ 980 if (c && c->ctl_chan != -1) { 981 char b[16]; 982 noescape: 983 if (ch == 'Z' - 64) 984 snprintf(b, sizeof b, "^Z"); 985 else 986 snprintf(b, sizeof b, "%c", ch); 987 if ((r = sshbuf_putf(berr, 988 "%c%s escape not available to " 989 "multiplexed sessions\r\n", 990 efc->escape_char, b)) != 0) 991 fatal_fr(r, "sshbuf_putf"); 992 continue; 993 } 994 /* Suspend the program. Inform the user */ 995 if ((r = sshbuf_putf(berr, 996 "%c^Z [suspend ssh]\r\n", 997 efc->escape_char)) != 0) 998 fatal_fr(r, "sshbuf_putf"); 999 1000 /* Restore terminal modes and suspend. */ 1001 client_suspend_self(bin, bout, berr); 1002 1003 /* We have been continued. */ 1004 continue; 1005 1006 case 'B': 1007 if ((r = sshbuf_putf(berr, 1008 "%cB\r\n", efc->escape_char)) != 0) 1009 fatal_fr(r, "sshbuf_putf"); 1010 channel_request_start(ssh, c->self, "break", 0); 1011 if ((r = sshpkt_put_u32(ssh, 1000)) != 0 || 1012 (r = sshpkt_send(ssh)) != 0) 1013 fatal_fr(r, "send packet"); 1014 continue; 1015 1016 case 'R': 1017 if (ssh->compat & SSH_BUG_NOREKEY) 1018 logit("Server does not " 1019 "support re-keying"); 1020 else 1021 need_rekeying = 1; 1022 continue; 1023 1024 case 'V': 1025 /* FALLTHROUGH */ 1026 case 'v': 1027 if (c && c->ctl_chan != -1) 1028 goto noescape; 1029 if (!log_is_on_stderr()) { 1030 if ((r = sshbuf_putf(berr, 1031 "%c%c [Logging to syslog]\r\n", 1032 efc->escape_char, ch)) != 0) 1033 fatal_fr(r, "sshbuf_putf"); 1034 continue; 1035 } 1036 if (ch == 'V' && options.log_level > 1037 SYSLOG_LEVEL_QUIET) 1038 log_change_level(--options.log_level); 1039 if (ch == 'v' && options.log_level < 1040 SYSLOG_LEVEL_DEBUG3) 1041 log_change_level(++options.log_level); 1042 if ((r = sshbuf_putf(berr, 1043 "%c%c [LogLevel %s]\r\n", 1044 efc->escape_char, ch, 1045 log_level_name(options.log_level))) != 0) 1046 fatal_fr(r, "sshbuf_putf"); 1047 continue; 1048 1049 case '&': 1050 if (c && c->ctl_chan != -1) 1051 goto noescape; 1052 /* 1053 * Detach the program (continue to serve 1054 * connections, but put in background and no 1055 * more new connections). 1056 */ 1057 /* Restore tty modes. */ 1058 leave_raw_mode( 1059 options.request_tty == REQUEST_TTY_FORCE); 1060 1061 /* Stop listening for new connections. */ 1062 channel_stop_listening(ssh); 1063 1064 if ((r = sshbuf_putf(berr, "%c& " 1065 "[backgrounded]\n", efc->escape_char)) != 0) 1066 fatal_fr(r, "sshbuf_putf"); 1067 1068 /* Fork into background. */ 1069 pid = fork(); 1070 if (pid == -1) { 1071 error("fork: %.100s", strerror(errno)); 1072 continue; 1073 } 1074 if (pid != 0) { /* This is the parent. */ 1075 /* The parent just exits. */ 1076 exit(0); 1077 } 1078 /* The child continues serving connections. */ 1079 /* fake EOF on stdin */ 1080 if ((r = sshbuf_put_u8(bin, 4)) != 0) 1081 fatal_fr(r, "sshbuf_put_u8"); 1082 return -1; 1083 case '?': 1084 print_escape_help(berr, efc->escape_char, 1085 (c && c->ctl_chan != -1), 1086 log_is_on_stderr()); 1087 continue; 1088 1089 case '#': 1090 if ((r = sshbuf_putf(berr, "%c#\r\n", 1091 efc->escape_char)) != 0) 1092 fatal_fr(r, "sshbuf_putf"); 1093 s = channel_open_message(ssh); 1094 if ((r = sshbuf_put(berr, s, strlen(s))) != 0) 1095 fatal_fr(r, "sshbuf_put"); 1096 free(s); 1097 continue; 1098 1099 case 'C': 1100 if (c && c->ctl_chan != -1) 1101 goto noescape; 1102 process_cmdline(ssh); 1103 continue; 1104 1105 default: 1106 if (ch != efc->escape_char) { 1107 if ((r = sshbuf_put_u8(bin, 1108 efc->escape_char)) != 0) 1109 fatal_fr(r, "sshbuf_put_u8"); 1110 bytes++; 1111 } 1112 /* Escaped characters fall through here */ 1113 break; 1114 } 1115 } else { 1116 /* 1117 * The previous character was not an escape char. 1118 * Check if this is an escape. 1119 */ 1120 if (last_was_cr && ch == efc->escape_char) { 1121 /* 1122 * It is. Set the flag and continue to 1123 * next character. 1124 */ 1125 efc->escape_pending = 1; 1126 continue; 1127 } 1128 } 1129 1130 /* 1131 * Normal character. Record whether it was a newline, 1132 * and append it to the buffer. 1133 */ 1134 last_was_cr = (ch == '\r' || ch == '\n'); 1135 if ((r = sshbuf_put_u8(bin, ch)) != 0) 1136 fatal_fr(r, "sshbuf_put_u8"); 1137 bytes++; 1138 } 1139 return bytes; 1140 } 1141 1142 /* 1143 * Get packets from the connection input buffer, and process them as long as 1144 * there are packets available. 1145 * 1146 * Any unknown packets received during the actual 1147 * session cause the session to terminate. This is 1148 * intended to make debugging easier since no 1149 * confirmations are sent. Any compatible protocol 1150 * extensions must be negotiated during the 1151 * preparatory phase. 1152 */ 1153 1154 static void 1155 client_process_buffered_input_packets(struct ssh *ssh) 1156 { 1157 ssh_dispatch_run_fatal(ssh, DISPATCH_NONBLOCK, &quit_pending); 1158 } 1159 1160 /* scan buf[] for '~' before sending data to the peer */ 1161 1162 /* Helper: allocate a new escape_filter_ctx and fill in its escape char */ 1163 void * 1164 client_new_escape_filter_ctx(int escape_char) 1165 { 1166 struct escape_filter_ctx *ret; 1167 1168 ret = xcalloc(1, sizeof(*ret)); 1169 ret->escape_pending = 0; 1170 ret->escape_char = escape_char; 1171 return (void *)ret; 1172 } 1173 1174 /* Free the escape filter context on channel free */ 1175 void 1176 client_filter_cleanup(struct ssh *ssh, int cid, void *ctx) 1177 { 1178 free(ctx); 1179 } 1180 1181 int 1182 client_simple_escape_filter(struct ssh *ssh, Channel *c, const char *buf, 1183 int len) 1184 { 1185 if (c->extended_usage != CHAN_EXTENDED_WRITE) 1186 return 0; 1187 1188 return process_escapes(ssh, c, c->input, c->output, c->extended, 1189 buf, len); 1190 } 1191 1192 static void 1193 client_channel_closed(struct ssh *ssh, int id, void *arg) 1194 { 1195 channel_cancel_cleanup(ssh, id); 1196 session_closed = 1; 1197 leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 1198 } 1199 1200 /* 1201 * Implements the interactive session with the server. This is called after 1202 * the user has been authenticated, and a command has been started on the 1203 * remote host. If escape_char != SSH_ESCAPECHAR_NONE, it is the character 1204 * used as an escape character for terminating or suspending the session. 1205 */ 1206 int 1207 client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, 1208 int ssh2_chan_id) 1209 { 1210 fd_set *readset = NULL, *writeset = NULL; 1211 double start_time, total_time; 1212 int r, max_fd = 0, max_fd2 = 0, len; 1213 u_int64_t ibytes, obytes; 1214 u_int nalloc = 0; 1215 1216 debug("Entering interactive session."); 1217 1218 #ifdef __OpenBSD__ 1219 if (options.control_master && 1220 !option_clear_or_none(options.control_path)) { 1221 debug("pledge: id"); 1222 if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty", 1223 NULL) == -1) 1224 fatal_f("pledge(): %s", strerror(errno)); 1225 1226 } else if (options.forward_x11 || options.permit_local_command) { 1227 debug("pledge: exec"); 1228 if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty", 1229 NULL) == -1) 1230 fatal_f("pledge(): %s", strerror(errno)); 1231 1232 } else if (options.update_hostkeys) { 1233 debug("pledge: filesystem full"); 1234 if (pledge("stdio rpath wpath cpath unix inet dns proc tty", 1235 NULL) == -1) 1236 fatal_f("pledge(): %s", strerror(errno)); 1237 1238 } else if (!option_clear_or_none(options.proxy_command) || 1239 options.fork_after_authentication) { 1240 debug("pledge: proc"); 1241 if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1) 1242 fatal_f("pledge(): %s", strerror(errno)); 1243 1244 } else { 1245 debug("pledge: network"); 1246 if (pledge("stdio unix inet dns proc tty", NULL) == -1) 1247 fatal_f("pledge(): %s", strerror(errno)); 1248 } 1249 #endif 1250 1251 start_time = monotime_double(); 1252 1253 /* Initialize variables. */ 1254 last_was_cr = 1; 1255 exit_status = -1; 1256 connection_in = ssh_packet_get_connection_in(ssh); 1257 connection_out = ssh_packet_get_connection_out(ssh); 1258 max_fd = MAXIMUM(connection_in, connection_out); 1259 1260 quit_pending = 0; 1261 1262 /* Initialize buffer. */ 1263 if ((stderr_buffer = sshbuf_new()) == NULL) 1264 fatal_f("sshbuf_new failed"); 1265 1266 client_init_dispatch(ssh); 1267 1268 /* 1269 * Set signal handlers, (e.g. to restore non-blocking mode) 1270 * but don't overwrite SIG_IGN, matches behaviour from rsh(1) 1271 */ 1272 if (ssh_signal(SIGHUP, SIG_IGN) != SIG_IGN) 1273 ssh_signal(SIGHUP, signal_handler); 1274 if (ssh_signal(SIGINT, SIG_IGN) != SIG_IGN) 1275 ssh_signal(SIGINT, signal_handler); 1276 if (ssh_signal(SIGQUIT, SIG_IGN) != SIG_IGN) 1277 ssh_signal(SIGQUIT, signal_handler); 1278 if (ssh_signal(SIGTERM, SIG_IGN) != SIG_IGN) 1279 ssh_signal(SIGTERM, signal_handler); 1280 ssh_signal(SIGWINCH, window_change_handler); 1281 1282 if (have_pty) 1283 enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 1284 1285 session_ident = ssh2_chan_id; 1286 if (session_ident != -1) { 1287 if (escape_char_arg != SSH_ESCAPECHAR_NONE) { 1288 channel_register_filter(ssh, session_ident, 1289 client_simple_escape_filter, NULL, 1290 client_filter_cleanup, 1291 client_new_escape_filter_ctx( 1292 escape_char_arg)); 1293 } 1294 channel_register_cleanup(ssh, session_ident, 1295 client_channel_closed, 0); 1296 } 1297 1298 schedule_server_alive_check(); 1299 1300 /* Main loop of the client for the interactive session mode. */ 1301 while (!quit_pending) { 1302 1303 /* Process buffered packets sent by the server. */ 1304 client_process_buffered_input_packets(ssh); 1305 1306 if (session_closed && !channel_still_open(ssh)) 1307 break; 1308 1309 if (ssh_packet_is_rekeying(ssh)) { 1310 debug("rekeying in progress"); 1311 } else if (need_rekeying) { 1312 /* manual rekey request */ 1313 debug("need rekeying"); 1314 if ((r = kex_start_rekex(ssh)) != 0) 1315 fatal_fr(r, "kex_start_rekex"); 1316 need_rekeying = 0; 1317 } else { 1318 /* 1319 * Make packets from buffered channel data, and 1320 * enqueue them for sending to the server. 1321 */ 1322 if (ssh_packet_not_very_much_data_to_write(ssh)) 1323 channel_output_poll(ssh); 1324 1325 /* 1326 * Check if the window size has changed, and buffer a 1327 * message about it to the server if so. 1328 */ 1329 client_check_window_change(ssh); 1330 1331 if (quit_pending) 1332 break; 1333 } 1334 /* 1335 * Wait until we have something to do (something becomes 1336 * available on one of the descriptors). 1337 */ 1338 max_fd2 = max_fd; 1339 client_wait_until_can_do_something(ssh, &readset, &writeset, 1340 &max_fd2, &nalloc, ssh_packet_is_rekeying(ssh)); 1341 1342 if (quit_pending) 1343 break; 1344 1345 /* Do channel operations unless rekeying in progress. */ 1346 if (!ssh_packet_is_rekeying(ssh)) 1347 channel_after_select(ssh, readset, writeset); 1348 1349 /* Buffer input from the connection. */ 1350 client_process_net_input(ssh, readset); 1351 1352 if (quit_pending) 1353 break; 1354 1355 /* A timeout may have triggered rekeying */ 1356 if ((r = ssh_packet_check_rekey(ssh)) != 0) 1357 fatal_fr(r, "cannot start rekeying"); 1358 1359 /* 1360 * Send as much buffered packet data as possible to the 1361 * sender. 1362 */ 1363 if (FD_ISSET(connection_out, writeset)) { 1364 if ((r = ssh_packet_write_poll(ssh)) < 0) { 1365 sshpkt_fatal(ssh, r, 1366 "%s: ssh_packet_write_poll", __func__); 1367 } 1368 } 1369 1370 /* 1371 * If we are a backgrounded control master, and the 1372 * timeout has expired without any active client 1373 * connections, then quit. 1374 */ 1375 if (control_persist_exit_time > 0) { 1376 if (monotime() >= control_persist_exit_time) { 1377 debug("ControlPersist timeout expired"); 1378 break; 1379 } 1380 } 1381 } 1382 free(readset); 1383 free(writeset); 1384 1385 /* Terminate the session. */ 1386 1387 /* Stop watching for window change. */ 1388 ssh_signal(SIGWINCH, SIG_DFL); 1389 1390 if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 || 1391 (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_BY_APPLICATION)) != 0 || 1392 (r = sshpkt_put_cstring(ssh, "disconnected by user")) != 0 || 1393 (r = sshpkt_put_cstring(ssh, "")) != 0 || /* language tag */ 1394 (r = sshpkt_send(ssh)) != 0 || 1395 (r = ssh_packet_write_wait(ssh)) < 0) 1396 fatal_fr(r, "send disconnect"); 1397 1398 channel_free_all(ssh); 1399 1400 if (have_pty) 1401 leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 1402 1403 /* 1404 * If there was no shell or command requested, there will be no remote 1405 * exit status to be returned. In that case, clear error code if the 1406 * connection was deliberately terminated at this end. 1407 */ 1408 if (options.session_type == SESSION_TYPE_NONE && 1409 received_signal == SIGTERM) { 1410 received_signal = 0; 1411 exit_status = 0; 1412 } 1413 1414 if (received_signal) { 1415 verbose("Killed by signal %d.", (int) received_signal); 1416 cleanup_exit(255); 1417 } 1418 1419 /* 1420 * In interactive mode (with pseudo tty) display a message indicating 1421 * that the connection has been closed. 1422 */ 1423 if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) { 1424 if ((r = sshbuf_putf(stderr_buffer, 1425 "Connection to %.64s closed.\r\n", host)) != 0) 1426 fatal_fr(r, "sshbuf_putf"); 1427 } 1428 1429 /* Output any buffered data for stderr. */ 1430 if (sshbuf_len(stderr_buffer) > 0) { 1431 len = atomicio(vwrite, fileno(stderr), 1432 sshbuf_mutable_ptr(stderr_buffer), 1433 sshbuf_len(stderr_buffer)); 1434 if (len < 0 || (u_int)len != sshbuf_len(stderr_buffer)) 1435 error("Write failed flushing stderr buffer."); 1436 else if ((r = sshbuf_consume(stderr_buffer, len)) != 0) 1437 fatal_fr(r, "sshbuf_consume"); 1438 } 1439 1440 /* Clear and free any buffers. */ 1441 sshbuf_free(stderr_buffer); 1442 1443 /* Report bytes transferred, and transfer rates. */ 1444 total_time = monotime_double() - start_time; 1445 ssh_packet_get_bytes(ssh, &ibytes, &obytes); 1446 verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds", 1447 (unsigned long long)obytes, (unsigned long long)ibytes, total_time); 1448 if (total_time > 0) 1449 verbose("Bytes per second: sent %.1f, received %.1f", 1450 obytes / total_time, ibytes / total_time); 1451 /* Return the exit status of the program. */ 1452 debug("Exit status %d", exit_status); 1453 return exit_status; 1454 } 1455 1456 /*********/ 1457 1458 static Channel * 1459 client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type, 1460 int rchan, u_int rwindow, u_int rmaxpack) 1461 { 1462 Channel *c = NULL; 1463 struct sshbuf *b = NULL; 1464 char *listen_address, *originator_address; 1465 u_int listen_port, originator_port; 1466 int r; 1467 1468 /* Get rest of the packet */ 1469 if ((r = sshpkt_get_cstring(ssh, &listen_address, NULL)) != 0 || 1470 (r = sshpkt_get_u32(ssh, &listen_port)) != 0 || 1471 (r = sshpkt_get_cstring(ssh, &originator_address, NULL)) != 0 || 1472 (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || 1473 (r = sshpkt_get_end(ssh)) != 0) 1474 fatal_fr(r, "parse packet"); 1475 1476 debug_f("listen %s port %d, originator %s port %d", 1477 listen_address, listen_port, originator_address, originator_port); 1478 1479 if (listen_port > 0xffff) 1480 error_f("invalid listen port"); 1481 else if (originator_port > 0xffff) 1482 error_f("invalid originator port"); 1483 else { 1484 c = channel_connect_by_listen_address(ssh, 1485 listen_address, listen_port, "forwarded-tcpip", 1486 originator_address); 1487 } 1488 1489 if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { 1490 if ((b = sshbuf_new()) == NULL) { 1491 error_f("alloc reply"); 1492 goto out; 1493 } 1494 /* reconstruct and send to muxclient */ 1495 if ((r = sshbuf_put_u8(b, 0)) != 0 || /* padlen */ 1496 (r = sshbuf_put_u8(b, SSH2_MSG_CHANNEL_OPEN)) != 0 || 1497 (r = sshbuf_put_cstring(b, request_type)) != 0 || 1498 (r = sshbuf_put_u32(b, rchan)) != 0 || 1499 (r = sshbuf_put_u32(b, rwindow)) != 0 || 1500 (r = sshbuf_put_u32(b, rmaxpack)) != 0 || 1501 (r = sshbuf_put_cstring(b, listen_address)) != 0 || 1502 (r = sshbuf_put_u32(b, listen_port)) != 0 || 1503 (r = sshbuf_put_cstring(b, originator_address)) != 0 || 1504 (r = sshbuf_put_u32(b, originator_port)) != 0 || 1505 (r = sshbuf_put_stringb(c->output, b)) != 0) { 1506 error_fr(r, "compose for muxclient"); 1507 goto out; 1508 } 1509 } 1510 1511 out: 1512 sshbuf_free(b); 1513 free(originator_address); 1514 free(listen_address); 1515 return c; 1516 } 1517 1518 static Channel * 1519 client_request_forwarded_streamlocal(struct ssh *ssh, 1520 const char *request_type, int rchan) 1521 { 1522 Channel *c = NULL; 1523 char *listen_path; 1524 int r; 1525 1526 /* Get the remote path. */ 1527 if ((r = sshpkt_get_cstring(ssh, &listen_path, NULL)) != 0 || 1528 (r = sshpkt_get_string(ssh, NULL, NULL)) != 0 || /* reserved */ 1529 (r = sshpkt_get_end(ssh)) != 0) 1530 fatal_fr(r, "parse packet"); 1531 1532 debug_f("request: %s", listen_path); 1533 1534 c = channel_connect_by_listen_path(ssh, listen_path, 1535 "forwarded-streamlocal@openssh.com", "forwarded-streamlocal"); 1536 free(listen_path); 1537 return c; 1538 } 1539 1540 static Channel * 1541 client_request_x11(struct ssh *ssh, const char *request_type, int rchan) 1542 { 1543 Channel *c = NULL; 1544 char *originator; 1545 u_int originator_port; 1546 int r, sock; 1547 1548 if (!options.forward_x11) { 1549 error("Warning: ssh server tried X11 forwarding."); 1550 error("Warning: this is probably a break-in attempt by a " 1551 "malicious server."); 1552 return NULL; 1553 } 1554 if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) { 1555 verbose("Rejected X11 connection after ForwardX11Timeout " 1556 "expired"); 1557 return NULL; 1558 } 1559 if ((r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 || 1560 (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || 1561 (r = sshpkt_get_end(ssh)) != 0) 1562 fatal_fr(r, "parse packet"); 1563 /* XXX check permission */ 1564 /* XXX range check originator port? */ 1565 debug("client_request_x11: request from %s %u", originator, 1566 originator_port); 1567 free(originator); 1568 sock = x11_connect_display(ssh); 1569 if (sock < 0) 1570 return NULL; 1571 /* again is this really necessary for X11? */ 1572 if (options.hpn_disabled) 1573 c = channel_new(ssh, "x11", 1574 SSH_CHANNEL_X11_OPEN, sock, sock, -1, 1575 CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); 1576 else 1577 c = channel_new(ssh, "x11", 1578 SSH_CHANNEL_X11_OPEN, sock, sock, -1, 1579 options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1); 1580 c->force_drain = 1; 1581 return c; 1582 } 1583 1584 static Channel * 1585 client_request_agent(struct ssh *ssh, const char *request_type, int rchan) 1586 { 1587 Channel *c = NULL; 1588 int r, sock; 1589 1590 if (!options.forward_agent) { 1591 error("Warning: ssh server tried agent forwarding."); 1592 error("Warning: this is probably a break-in attempt by a " 1593 "malicious server."); 1594 return NULL; 1595 } 1596 if (forward_agent_sock_path == NULL) { 1597 r = ssh_get_authentication_socket(&sock); 1598 } else { 1599 r = ssh_get_authentication_socket_path(forward_agent_sock_path, &sock); 1600 } 1601 if (r != 0) { 1602 if (r != SSH_ERR_AGENT_NOT_PRESENT) 1603 debug_fr(r, "ssh_get_authentication_socket"); 1604 return NULL; 1605 } 1606 if (options.hpn_disabled) 1607 c = channel_new(ssh, "authentication agent connection", 1608 SSH_CHANNEL_OPEN, sock, sock, -1, 1609 CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, 1610 "authentication agent connection", 1); 1611 else 1612 c = channel_new(ssh, "authentication agent connection", 1613 SSH_CHANNEL_OPEN, sock, sock, -1, 1614 options.hpn_buffer_size, options.hpn_buffer_size, 0, 1615 "authentication agent connection", 1); 1616 c->force_drain = 1; 1617 return c; 1618 } 1619 1620 char * 1621 client_request_tun_fwd(struct ssh *ssh, int tun_mode, 1622 int local_tun, int remote_tun, channel_open_fn *cb, void *cbctx) 1623 { 1624 Channel *c; 1625 int r, fd; 1626 char *ifname = NULL; 1627 1628 if (tun_mode == SSH_TUNMODE_NO) 1629 return 0; 1630 1631 debug("Requesting tun unit %d in mode %d", local_tun, tun_mode); 1632 1633 /* Open local tunnel device */ 1634 if ((fd = tun_open(local_tun, tun_mode, &ifname)) == -1) { 1635 error("Tunnel device open failed."); 1636 return NULL; 1637 } 1638 debug("Tunnel forwarding using interface %s", ifname); 1639 1640 if(options.hpn_disabled) 1641 c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1, 1642 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); 1643 else 1644 c = channel_new(ssh, "tun", SSH_CHANNEL_OPENING, fd, fd, -1, 1645 options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1); 1646 c->datagram = 1; 1647 1648 if (cb != NULL) 1649 channel_register_open_confirm(ssh, c->self, cb, cbctx); 1650 1651 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN)) != 0 || 1652 (r = sshpkt_put_cstring(ssh, "tun@openssh.com")) != 0 || 1653 (r = sshpkt_put_u32(ssh, c->self)) != 0 || 1654 (r = sshpkt_put_u32(ssh, c->local_window_max)) != 0 || 1655 (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || 1656 (r = sshpkt_put_u32(ssh, tun_mode)) != 0 || 1657 (r = sshpkt_put_u32(ssh, remote_tun)) != 0 || 1658 (r = sshpkt_send(ssh)) != 0) 1659 sshpkt_fatal(ssh, r, "%s: send reply", __func__); 1660 1661 return ifname; 1662 } 1663 1664 /* XXXX move to generic input handler */ 1665 static int 1666 client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh) 1667 { 1668 Channel *c = NULL; 1669 char *ctype = NULL; 1670 int r; 1671 u_int rchan; 1672 size_t len; 1673 u_int rmaxpack, rwindow; 1674 1675 if ((r = sshpkt_get_cstring(ssh, &ctype, &len)) != 0 || 1676 (r = sshpkt_get_u32(ssh, &rchan)) != 0 || 1677 (r = sshpkt_get_u32(ssh, &rwindow)) != 0 || 1678 (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0) 1679 goto out; 1680 1681 debug("client_input_channel_open: ctype %s rchan %d win %d max %d", 1682 ctype, rchan, rwindow, rmaxpack); 1683 1684 if (strcmp(ctype, "forwarded-tcpip") == 0) { 1685 c = client_request_forwarded_tcpip(ssh, ctype, rchan, rwindow, 1686 rmaxpack); 1687 } else if (strcmp(ctype, "forwarded-streamlocal@openssh.com") == 0) { 1688 c = client_request_forwarded_streamlocal(ssh, ctype, rchan); 1689 } else if (strcmp(ctype, "x11") == 0) { 1690 c = client_request_x11(ssh, ctype, rchan); 1691 } else if (strcmp(ctype, "auth-agent@openssh.com") == 0) { 1692 c = client_request_agent(ssh, ctype, rchan); 1693 } 1694 if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) { 1695 debug3("proxied to downstream: %s", ctype); 1696 } else if (c != NULL) { 1697 debug("confirm %s", ctype); 1698 c->remote_id = rchan; 1699 c->have_remote_id = 1; 1700 c->remote_window = rwindow; 1701 c->remote_maxpacket = rmaxpack; 1702 if (c->type != SSH_CHANNEL_CONNECTING) { 1703 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION)) != 0 || 1704 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 1705 (r = sshpkt_put_u32(ssh, c->self)) != 0 || 1706 (r = sshpkt_put_u32(ssh, c->local_window)) != 0 || 1707 (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 || 1708 (r = sshpkt_send(ssh)) != 0) 1709 sshpkt_fatal(ssh, r, "%s: send reply", __func__); 1710 } 1711 } else { 1712 debug("failure %s", ctype); 1713 if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 || 1714 (r = sshpkt_put_u32(ssh, rchan)) != 0 || 1715 (r = sshpkt_put_u32(ssh, SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED)) != 0 || 1716 (r = sshpkt_put_cstring(ssh, "open failed")) != 0 || 1717 (r = sshpkt_put_cstring(ssh, "")) != 0 || 1718 (r = sshpkt_send(ssh)) != 0) 1719 sshpkt_fatal(ssh, r, "%s: send failure", __func__); 1720 } 1721 r = 0; 1722 out: 1723 free(ctype); 1724 return r; 1725 } 1726 1727 static int 1728 client_input_channel_req(int type, u_int32_t seq, struct ssh *ssh) 1729 { 1730 Channel *c = NULL; 1731 char *rtype = NULL; 1732 u_char reply; 1733 u_int id, exitval; 1734 int r, success = 0; 1735 1736 if ((r = sshpkt_get_u32(ssh, &id)) != 0) 1737 return r; 1738 if (id <= INT_MAX) 1739 c = channel_lookup(ssh, id); 1740 if (channel_proxy_upstream(c, type, seq, ssh)) 1741 return 0; 1742 if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 || 1743 (r = sshpkt_get_u8(ssh, &reply)) != 0) 1744 goto out; 1745 1746 debug("client_input_channel_req: channel %u rtype %s reply %d", 1747 id, rtype, reply); 1748 1749 if (c == NULL) { 1750 error("client_input_channel_req: channel %d: " 1751 "unknown channel", id); 1752 } else if (strcmp(rtype, "eow@openssh.com") == 0) { 1753 if ((r = sshpkt_get_end(ssh)) != 0) 1754 goto out; 1755 chan_rcvd_eow(ssh, c); 1756 } else if (strcmp(rtype, "exit-status") == 0) { 1757 if ((r = sshpkt_get_u32(ssh, &exitval)) != 0) 1758 goto out; 1759 if (c->ctl_chan != -1) { 1760 mux_exit_message(ssh, c, exitval); 1761 success = 1; 1762 } else if ((int)id == session_ident) { 1763 /* Record exit value of local session */ 1764 success = 1; 1765 exit_status = exitval; 1766 } else { 1767 /* Probably for a mux channel that has already closed */ 1768 debug_f("no sink for exit-status on channel %d", 1769 id); 1770 } 1771 if ((r = sshpkt_get_end(ssh)) != 0) 1772 goto out; 1773 } 1774 if (reply && c != NULL && !(c->flags & CHAN_CLOSE_SENT)) { 1775 if (!c->have_remote_id) 1776 fatal_f("channel %d: no remote_id", c->self); 1777 if ((r = sshpkt_start(ssh, success ? 1778 SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 || 1779 (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || 1780 (r = sshpkt_send(ssh)) != 0) 1781 sshpkt_fatal(ssh, r, "%s: send failure", __func__); 1782 } 1783 r = 0; 1784 out: 1785 free(rtype); 1786 return r; 1787 } 1788 1789 struct hostkeys_update_ctx { 1790 /* The hostname and (optionally) IP address string for the server */ 1791 char *host_str, *ip_str; 1792 1793 /* 1794 * Keys received from the server and a flag for each indicating 1795 * whether they already exist in known_hosts. 1796 * keys_match is filled in by hostkeys_find() and later (for new 1797 * keys) by client_global_hostkeys_private_confirm(). 1798 */ 1799 struct sshkey **keys; 1800 u_int *keys_match; /* mask of HKF_MATCH_* from hostfile.h */ 1801 int *keys_verified; /* flag for new keys verified by server */ 1802 size_t nkeys, nnew, nincomplete; /* total, new keys, incomplete match */ 1803 1804 /* 1805 * Keys that are in known_hosts, but were not present in the update 1806 * from the server (i.e. scheduled to be deleted). 1807 * Filled in by hostkeys_find(). 1808 */ 1809 struct sshkey **old_keys; 1810 size_t nold; 1811 1812 /* Various special cases. */ 1813 int complex_hostspec; /* wildcard or manual pattern-list host name */ 1814 int ca_available; /* saw CA key for this host */ 1815 int old_key_seen; /* saw old key with other name/addr */ 1816 int other_name_seen; /* saw key with other name/addr */ 1817 }; 1818 1819 static void 1820 hostkeys_update_ctx_free(struct hostkeys_update_ctx *ctx) 1821 { 1822 size_t i; 1823 1824 if (ctx == NULL) 1825 return; 1826 for (i = 0; i < ctx->nkeys; i++) 1827 sshkey_free(ctx->keys[i]); 1828 free(ctx->keys); 1829 free(ctx->keys_match); 1830 free(ctx->keys_verified); 1831 for (i = 0; i < ctx->nold; i++) 1832 sshkey_free(ctx->old_keys[i]); 1833 free(ctx->old_keys); 1834 free(ctx->host_str); 1835 free(ctx->ip_str); 1836 free(ctx); 1837 } 1838 1839 /* 1840 * Returns non-zero if a known_hosts hostname list is not of a form that 1841 * can be handled by UpdateHostkeys. These include wildcard hostnames and 1842 * hostnames lists that do not follow the form host[,ip]. 1843 */ 1844 static int 1845 hostspec_is_complex(const char *hosts) 1846 { 1847 char *cp; 1848 1849 /* wildcard */ 1850 if (strchr(hosts, '*') != NULL || strchr(hosts, '?') != NULL) 1851 return 1; 1852 /* single host/ip = ok */ 1853 if ((cp = strchr(hosts, ',')) == NULL) 1854 return 0; 1855 /* more than two entries on the line */ 1856 if (strchr(cp + 1, ',') != NULL) 1857 return 1; 1858 /* XXX maybe parse cp+1 and ensure it is an IP? */ 1859 return 0; 1860 } 1861 1862 /* callback to search for ctx->keys in known_hosts */ 1863 static int 1864 hostkeys_find(struct hostkey_foreach_line *l, void *_ctx) 1865 { 1866 struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; 1867 size_t i; 1868 struct sshkey **tmp; 1869 1870 if (l->key == NULL) 1871 return 0; 1872 if (l->status != HKF_STATUS_MATCHED) { 1873 /* Record if one of the keys appears on a non-matching line */ 1874 for (i = 0; i < ctx->nkeys; i++) { 1875 if (sshkey_equal(l->key, ctx->keys[i])) { 1876 ctx->other_name_seen = 1; 1877 debug3_f("found %s key under different " 1878 "name/addr at %s:%ld", 1879 sshkey_ssh_name(ctx->keys[i]), 1880 l->path, l->linenum); 1881 return 0; 1882 } 1883 } 1884 return 0; 1885 } 1886 /* Don't proceed if revocation or CA markers are present */ 1887 /* XXX relax this */ 1888 if (l->marker != MRK_NONE) { 1889 debug3_f("hostkeys file %s:%ld has CA/revocation marker", 1890 l->path, l->linenum); 1891 ctx->complex_hostspec = 1; 1892 return 0; 1893 } 1894 1895 /* If CheckHostIP is enabled, then check for mismatched hostname/addr */ 1896 if (ctx->ip_str != NULL && strchr(l->hosts, ',') != NULL) { 1897 if ((l->match & HKF_MATCH_HOST) == 0) { 1898 /* Record if address matched a different hostname. */ 1899 ctx->other_name_seen = 1; 1900 debug3_f("found address %s against different hostname " 1901 "at %s:%ld", ctx->ip_str, l->path, l->linenum); 1902 return 0; 1903 } else if ((l->match & HKF_MATCH_IP) == 0) { 1904 /* Record if hostname matched a different address. */ 1905 ctx->other_name_seen = 1; 1906 debug3_f("found hostname %s against different address " 1907 "at %s:%ld", ctx->host_str, l->path, l->linenum); 1908 } 1909 } 1910 1911 /* 1912 * UpdateHostkeys is skipped for wildcard host names and hostnames 1913 * that contain more than two entries (ssh never writes these). 1914 */ 1915 if (hostspec_is_complex(l->hosts)) { 1916 debug3_f("hostkeys file %s:%ld complex host specification", 1917 l->path, l->linenum); 1918 ctx->complex_hostspec = 1; 1919 return 0; 1920 } 1921 1922 /* Mark off keys we've already seen for this host */ 1923 for (i = 0; i < ctx->nkeys; i++) { 1924 if (!sshkey_equal(l->key, ctx->keys[i])) 1925 continue; 1926 debug3_f("found %s key at %s:%ld", 1927 sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum); 1928 ctx->keys_match[i] |= l->match; 1929 return 0; 1930 } 1931 /* This line contained a key that not offered by the server */ 1932 debug3_f("deprecated %s key at %s:%ld", sshkey_ssh_name(l->key), 1933 l->path, l->linenum); 1934 if ((tmp = recallocarray(ctx->old_keys, ctx->nold, ctx->nold + 1, 1935 sizeof(*ctx->old_keys))) == NULL) 1936 fatal_f("recallocarray failed nold = %zu", ctx->nold); 1937 ctx->old_keys = tmp; 1938 ctx->old_keys[ctx->nold++] = l->key; 1939 l->key = NULL; 1940 1941 return 0; 1942 } 1943 1944 /* callback to search for ctx->old_keys in known_hosts under other names */ 1945 static int 1946 hostkeys_check_old(struct hostkey_foreach_line *l, void *_ctx) 1947 { 1948 struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; 1949 size_t i; 1950 int hashed; 1951 1952 /* only care about lines that *don't* match the active host spec */ 1953 if (l->status == HKF_STATUS_MATCHED || l->key == NULL) 1954 return 0; 1955 1956 hashed = l->match & (HKF_MATCH_HOST_HASHED|HKF_MATCH_IP_HASHED); 1957 for (i = 0; i < ctx->nold; i++) { 1958 if (!sshkey_equal(l->key, ctx->old_keys[i])) 1959 continue; 1960 debug3_f("found deprecated %s key at %s:%ld as %s", 1961 sshkey_ssh_name(ctx->old_keys[i]), l->path, l->linenum, 1962 hashed ? "[HASHED]" : l->hosts); 1963 ctx->old_key_seen = 1; 1964 break; 1965 } 1966 return 0; 1967 } 1968 1969 /* 1970 * Check known_hosts files for deprecated keys under other names. Returns 0 1971 * on success or -1 on failure. Updates ctx->old_key_seen if deprecated keys 1972 * exist under names other than the active hostname/IP. 1973 */ 1974 static int 1975 check_old_keys_othernames(struct hostkeys_update_ctx *ctx) 1976 { 1977 size_t i; 1978 int r; 1979 1980 debug2_f("checking for %zu deprecated keys", ctx->nold); 1981 for (i = 0; i < options.num_user_hostfiles; i++) { 1982 debug3_f("searching %s for %s / %s", 1983 options.user_hostfiles[i], ctx->host_str, 1984 ctx->ip_str ? ctx->ip_str : "(none)"); 1985 if ((r = hostkeys_foreach(options.user_hostfiles[i], 1986 hostkeys_check_old, ctx, ctx->host_str, ctx->ip_str, 1987 HKF_WANT_PARSE_KEY, 0)) != 0) { 1988 if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) { 1989 debug_f("hostkeys file %s does not exist", 1990 options.user_hostfiles[i]); 1991 continue; 1992 } 1993 error_fr(r, "hostkeys_foreach failed for %s", 1994 options.user_hostfiles[i]); 1995 return -1; 1996 } 1997 } 1998 return 0; 1999 } 2000 2001 static void 2002 hostkey_change_preamble(LogLevel loglevel) 2003 { 2004 do_log2(loglevel, "The server has updated its host keys."); 2005 do_log2(loglevel, "These changes were verified by the server's " 2006 "existing trusted key."); 2007 } 2008 2009 static void 2010 update_known_hosts(struct hostkeys_update_ctx *ctx) 2011 { 2012 int r, was_raw = 0, first = 1; 2013 int asking = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK; 2014 LogLevel loglevel = asking ? SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE; 2015 char *fp, *response; 2016 size_t i; 2017 struct stat sb; 2018 2019 for (i = 0; i < ctx->nkeys; i++) { 2020 if (!ctx->keys_verified[i]) 2021 continue; 2022 if ((fp = sshkey_fingerprint(ctx->keys[i], 2023 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) 2024 fatal_f("sshkey_fingerprint failed"); 2025 if (first && asking) 2026 hostkey_change_preamble(loglevel); 2027 do_log2(loglevel, "Learned new hostkey: %s %s", 2028 sshkey_type(ctx->keys[i]), fp); 2029 first = 0; 2030 free(fp); 2031 } 2032 for (i = 0; i < ctx->nold; i++) { 2033 if ((fp = sshkey_fingerprint(ctx->old_keys[i], 2034 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) 2035 fatal_f("sshkey_fingerprint failed"); 2036 if (first && asking) 2037 hostkey_change_preamble(loglevel); 2038 do_log2(loglevel, "Deprecating obsolete hostkey: %s %s", 2039 sshkey_type(ctx->old_keys[i]), fp); 2040 first = 0; 2041 free(fp); 2042 } 2043 if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK) { 2044 if (get_saved_tio() != NULL) { 2045 leave_raw_mode(1); 2046 was_raw = 1; 2047 } 2048 response = NULL; 2049 for (i = 0; !quit_pending && i < 3; i++) { 2050 free(response); 2051 response = read_passphrase("Accept updated hostkeys? " 2052 "(yes/no): ", RP_ECHO); 2053 if (strcasecmp(response, "yes") == 0) 2054 break; 2055 else if (quit_pending || response == NULL || 2056 strcasecmp(response, "no") == 0) { 2057 options.update_hostkeys = 0; 2058 break; 2059 } else { 2060 do_log2(loglevel, "Please enter " 2061 "\"yes\" or \"no\""); 2062 } 2063 } 2064 if (quit_pending || i >= 3 || response == NULL) 2065 options.update_hostkeys = 0; 2066 free(response); 2067 if (was_raw) 2068 enter_raw_mode(1); 2069 } 2070 if (options.update_hostkeys == 0) 2071 return; 2072 /* 2073 * Now that all the keys are verified, we can go ahead and replace 2074 * them in known_hosts (assuming SSH_UPDATE_HOSTKEYS_ASK didn't 2075 * cancel the operation). 2076 */ 2077 for (i = 0; i < options.num_user_hostfiles; i++) { 2078 /* 2079 * NB. keys are only added to hostfiles[0], for the rest we 2080 * just delete the hostname entries. 2081 */ 2082 if (stat(options.user_hostfiles[i], &sb) != 0) { 2083 if (errno == ENOENT) { 2084 debug_f("known hosts file %s does not " 2085 "exist", options.user_hostfiles[i]); 2086 } else { 2087 error_f("known hosts file %s " 2088 "inaccessible: %s", 2089 options.user_hostfiles[i], strerror(errno)); 2090 } 2091 continue; 2092 } 2093 if ((r = hostfile_replace_entries(options.user_hostfiles[i], 2094 ctx->host_str, ctx->ip_str, 2095 i == 0 ? ctx->keys : NULL, i == 0 ? ctx->nkeys : 0, 2096 options.hash_known_hosts, 0, 2097 options.fingerprint_hash)) != 0) { 2098 error_fr(r, "hostfile_replace_entries failed for %s", 2099 options.user_hostfiles[i]); 2100 } 2101 } 2102 } 2103 2104 static void 2105 client_global_hostkeys_private_confirm(struct ssh *ssh, int type, 2106 u_int32_t seq, void *_ctx) 2107 { 2108 struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; 2109 size_t i, ndone; 2110 struct sshbuf *signdata; 2111 int r, kexsigtype, use_kexsigtype; 2112 const u_char *sig; 2113 size_t siglen; 2114 2115 if (ctx->nnew == 0) 2116 fatal_f("ctx->nnew == 0"); /* sanity */ 2117 if (type != SSH2_MSG_REQUEST_SUCCESS) { 2118 error("Server failed to confirm ownership of " 2119 "private host keys"); 2120 hostkeys_update_ctx_free(ctx); 2121 return; 2122 } 2123 kexsigtype = sshkey_type_plain( 2124 sshkey_type_from_name(ssh->kex->hostkey_alg)); 2125 2126 if ((signdata = sshbuf_new()) == NULL) 2127 fatal_f("sshbuf_new failed"); 2128 /* 2129 * Expect a signature for each of the ctx->nnew private keys we 2130 * haven't seen before. They will be in the same order as the 2131 * ctx->keys where the corresponding ctx->keys_match[i] == 0. 2132 */ 2133 for (ndone = i = 0; i < ctx->nkeys; i++) { 2134 if (ctx->keys_match[i]) 2135 continue; 2136 /* Prepare data to be signed: session ID, unique string, key */ 2137 sshbuf_reset(signdata); 2138 if ( (r = sshbuf_put_cstring(signdata, 2139 "hostkeys-prove-00@openssh.com")) != 0 || 2140 (r = sshbuf_put_stringb(signdata, 2141 ssh->kex->session_id)) != 0 || 2142 (r = sshkey_puts(ctx->keys[i], signdata)) != 0) 2143 fatal_fr(r, "compose signdata"); 2144 /* Extract and verify signature */ 2145 if ((r = sshpkt_get_string_direct(ssh, &sig, &siglen)) != 0) { 2146 error_fr(r, "parse sig"); 2147 goto out; 2148 } 2149 /* 2150 * For RSA keys, prefer to use the signature type negotiated 2151 * during KEX to the default (SHA1). 2152 */ 2153 use_kexsigtype = kexsigtype == KEY_RSA && 2154 sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA; 2155 debug3_f("verify %s key %zu using %s sigalg", 2156 sshkey_type(ctx->keys[i]), i, 2157 use_kexsigtype ? ssh->kex->hostkey_alg : "default"); 2158 if ((r = sshkey_verify(ctx->keys[i], sig, siglen, 2159 sshbuf_ptr(signdata), sshbuf_len(signdata), 2160 use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0, 2161 NULL)) != 0) { 2162 error_fr(r, "server gave bad signature for %s key %zu", 2163 sshkey_type(ctx->keys[i]), i); 2164 goto out; 2165 } 2166 /* Key is good. Mark it as 'seen' */ 2167 ctx->keys_verified[i] = 1; 2168 ndone++; 2169 } 2170 /* Shouldn't happen */ 2171 if (ndone != ctx->nnew) 2172 fatal_f("ndone != ctx->nnew (%zu / %zu)", ndone, ctx->nnew); 2173 if ((r = sshpkt_get_end(ssh)) != 0) { 2174 error_f("protocol error"); 2175 goto out; 2176 } 2177 2178 /* Make the edits to known_hosts */ 2179 update_known_hosts(ctx); 2180 out: 2181 hostkeys_update_ctx_free(ctx); 2182 } 2183 2184 /* 2185 * Returns non-zero if the key is accepted by HostkeyAlgorithms. 2186 * Made slightly less trivial by the multiple RSA signature algorithm names. 2187 */ 2188 static int 2189 key_accepted_by_hostkeyalgs(const struct sshkey *key) 2190 { 2191 const char *ktype = sshkey_ssh_name(key); 2192 const char *hostkeyalgs = options.hostkeyalgorithms; 2193 2194 if (key == NULL || key->type == KEY_UNSPEC) 2195 return 0; 2196 if (key->type == KEY_RSA && 2197 (match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 || 2198 match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1)) 2199 return 1; 2200 return match_pattern_list(ktype, hostkeyalgs, 0) == 1; 2201 } 2202 2203 /* 2204 * Handle hostkeys-00@openssh.com global request to inform the client of all 2205 * the server's hostkeys. The keys are checked against the user's 2206 * HostkeyAlgorithms preference before they are accepted. 2207 */ 2208 static int 2209 client_input_hostkeys(struct ssh *ssh) 2210 { 2211 const u_char *blob = NULL; 2212 size_t i, len = 0; 2213 struct sshbuf *buf = NULL; 2214 struct sshkey *key = NULL, **tmp; 2215 int r; 2216 char *fp; 2217 static int hostkeys_seen = 0; /* XXX use struct ssh */ 2218 extern struct sockaddr_storage hostaddr; /* XXX from ssh.c */ 2219 struct hostkeys_update_ctx *ctx = NULL; 2220 u_int want; 2221 2222 if (hostkeys_seen) 2223 fatal_f("server already sent hostkeys"); 2224 if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK && 2225 options.batch_mode) 2226 return 1; /* won't ask in batchmode, so don't even try */ 2227 if (!options.update_hostkeys || options.num_user_hostfiles <= 0) 2228 return 1; 2229 2230 ctx = xcalloc(1, sizeof(*ctx)); 2231 while (ssh_packet_remaining(ssh) > 0) { 2232 sshkey_free(key); 2233 key = NULL; 2234 if ((r = sshpkt_get_string_direct(ssh, &blob, &len)) != 0) { 2235 error_fr(r, "parse key"); 2236 goto out; 2237 } 2238 if ((r = sshkey_from_blob(blob, len, &key)) != 0) { 2239 do_log2_fr(r, r == SSH_ERR_KEY_TYPE_UNKNOWN ? 2240 SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_ERROR, 2241 "convert key"); 2242 continue; 2243 } 2244 fp = sshkey_fingerprint(key, options.fingerprint_hash, 2245 SSH_FP_DEFAULT); 2246 debug3_f("received %s key %s", sshkey_type(key), fp); 2247 free(fp); 2248 2249 if (!key_accepted_by_hostkeyalgs(key)) { 2250 debug3_f("%s key not permitted by " 2251 "HostkeyAlgorithms", sshkey_ssh_name(key)); 2252 continue; 2253 } 2254 /* Skip certs */ 2255 if (sshkey_is_cert(key)) { 2256 debug3_f("%s key is a certificate; skipping", 2257 sshkey_ssh_name(key)); 2258 continue; 2259 } 2260 /* Ensure keys are unique */ 2261 for (i = 0; i < ctx->nkeys; i++) { 2262 if (sshkey_equal(key, ctx->keys[i])) { 2263 error_f("received duplicated %s host key", 2264 sshkey_ssh_name(key)); 2265 goto out; 2266 } 2267 } 2268 /* Key is good, record it */ 2269 if ((tmp = recallocarray(ctx->keys, ctx->nkeys, ctx->nkeys + 1, 2270 sizeof(*ctx->keys))) == NULL) 2271 fatal_f("recallocarray failed nkeys = %zu", 2272 ctx->nkeys); 2273 ctx->keys = tmp; 2274 ctx->keys[ctx->nkeys++] = key; 2275 key = NULL; 2276 } 2277 2278 if (ctx->nkeys == 0) { 2279 debug_f("server sent no hostkeys"); 2280 goto out; 2281 } 2282 2283 if ((ctx->keys_match = calloc(ctx->nkeys, 2284 sizeof(*ctx->keys_match))) == NULL || 2285 (ctx->keys_verified = calloc(ctx->nkeys, 2286 sizeof(*ctx->keys_verified))) == NULL) 2287 fatal_f("calloc failed"); 2288 2289 get_hostfile_hostname_ipaddr(host, 2290 options.check_host_ip ? (struct sockaddr *)&hostaddr : NULL, 2291 options.port, &ctx->host_str, 2292 options.check_host_ip ? &ctx->ip_str : NULL); 2293 2294 /* Find which keys we already know about. */ 2295 for (i = 0; i < options.num_user_hostfiles; i++) { 2296 debug_f("searching %s for %s / %s", 2297 options.user_hostfiles[i], ctx->host_str, 2298 ctx->ip_str ? ctx->ip_str : "(none)"); 2299 if ((r = hostkeys_foreach(options.user_hostfiles[i], 2300 hostkeys_find, ctx, ctx->host_str, ctx->ip_str, 2301 HKF_WANT_PARSE_KEY, 0)) != 0) { 2302 if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) { 2303 debug_f("hostkeys file %s does not exist", 2304 options.user_hostfiles[i]); 2305 continue; 2306 } 2307 error_fr(r, "hostkeys_foreach failed for %s", 2308 options.user_hostfiles[i]); 2309 goto out; 2310 } 2311 } 2312 2313 /* Figure out if we have any new keys to add */ 2314 ctx->nnew = ctx->nincomplete = 0; 2315 want = HKF_MATCH_HOST | ( options.check_host_ip ? HKF_MATCH_IP : 0); 2316 for (i = 0; i < ctx->nkeys; i++) { 2317 if (ctx->keys_match[i] == 0) 2318 ctx->nnew++; 2319 if ((ctx->keys_match[i] & want) != want) 2320 ctx->nincomplete++; 2321 } 2322 2323 debug3_f("%zu server keys: %zu new, %zu retained, " 2324 "%zu incomplete match. %zu to remove", ctx->nkeys, ctx->nnew, 2325 ctx->nkeys - ctx->nnew - ctx->nincomplete, 2326 ctx->nincomplete, ctx->nold); 2327 2328 if (ctx->nnew == 0 && ctx->nold == 0) { 2329 debug_f("no new or deprecated keys from server"); 2330 goto out; 2331 } 2332 2333 /* Various reasons why we cannot proceed with the update */ 2334 if (ctx->complex_hostspec) { 2335 debug_f("CA/revocation marker, manual host list or wildcard " 2336 "host pattern found, skipping UserKnownHostsFile update"); 2337 goto out; 2338 } 2339 if (ctx->other_name_seen) { 2340 debug_f("host key found matching a different name/address, " 2341 "skipping UserKnownHostsFile update"); 2342 goto out; 2343 } 2344 /* 2345 * If removing keys, check whether they appear under different 2346 * names/addresses and refuse to proceed if they do. This avoids 2347 * cases such as hosts with multiple names becoming inconsistent 2348 * with regards to CheckHostIP entries. 2349 * XXX UpdateHostkeys=force to override this (and other) checks? 2350 */ 2351 if (ctx->nold != 0) { 2352 if (check_old_keys_othernames(ctx) != 0) 2353 goto out; /* error already logged */ 2354 if (ctx->old_key_seen) { 2355 debug_f("key(s) for %s%s%s exist under other names; " 2356 "skipping UserKnownHostsFile update", 2357 ctx->host_str, ctx->ip_str == NULL ? "" : ",", 2358 ctx->ip_str == NULL ? "" : ctx->ip_str); 2359 goto out; 2360 } 2361 } 2362 2363 if (ctx->nnew == 0) { 2364 /* 2365 * We have some keys to remove or fix matching for. 2366 * We can proceed to do this without requiring a fresh proof 2367 * from the server. 2368 */ 2369 update_known_hosts(ctx); 2370 goto out; 2371 } 2372 /* 2373 * We have received previously-unseen keys from the server. 2374 * Ask the server to confirm ownership of the private halves. 2375 */ 2376 debug3_f("asking server to prove ownership for %zu keys", ctx->nnew); 2377 if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || 2378 (r = sshpkt_put_cstring(ssh, 2379 "hostkeys-prove-00@openssh.com")) != 0 || 2380 (r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */ 2381 fatal_fr(r, "prepare hostkeys-prove"); 2382 if ((buf = sshbuf_new()) == NULL) 2383 fatal_f("sshbuf_new"); 2384 for (i = 0; i < ctx->nkeys; i++) { 2385 if (ctx->keys_match[i]) 2386 continue; 2387 sshbuf_reset(buf); 2388 if ((r = sshkey_putb(ctx->keys[i], buf)) != 0 || 2389 (r = sshpkt_put_stringb(ssh, buf)) != 0) 2390 fatal_fr(r, "assemble hostkeys-prove"); 2391 } 2392 if ((r = sshpkt_send(ssh)) != 0) 2393 fatal_fr(r, "send hostkeys-prove"); 2394 client_register_global_confirm( 2395 client_global_hostkeys_private_confirm, ctx); 2396 ctx = NULL; /* will be freed in callback */ 2397 2398 /* Success */ 2399 out: 2400 hostkeys_update_ctx_free(ctx); 2401 sshkey_free(key); 2402 sshbuf_free(buf); 2403 /* 2404 * NB. Return success for all cases. The server doesn't need to know 2405 * what the client does with its hosts file. 2406 */ 2407 return 1; 2408 } 2409 2410 static int 2411 client_input_global_request(int type, u_int32_t seq, struct ssh *ssh) 2412 { 2413 char *rtype; 2414 u_char want_reply; 2415 int r, success = 0; 2416 2417 if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 || 2418 (r = sshpkt_get_u8(ssh, &want_reply)) != 0) 2419 goto out; 2420 debug("client_input_global_request: rtype %s want_reply %d", 2421 rtype, want_reply); 2422 if (strcmp(rtype, "hostkeys-00@openssh.com") == 0) 2423 success = client_input_hostkeys(ssh); 2424 if (want_reply) { 2425 if ((r = sshpkt_start(ssh, success ? SSH2_MSG_REQUEST_SUCCESS : 2426 SSH2_MSG_REQUEST_FAILURE)) != 0 || 2427 (r = sshpkt_send(ssh)) != 0 || 2428 (r = ssh_packet_write_wait(ssh)) != 0) 2429 goto out; 2430 } 2431 r = 0; 2432 out: 2433 free(rtype); 2434 return r; 2435 } 2436 2437 static void 2438 client_send_env(struct ssh *ssh, int id, const char *name, const char *val) 2439 { 2440 int r; 2441 2442 debug("channel %d: setting env %s = \"%s\"", id, name, val); 2443 channel_request_start(ssh, id, "env", 0); 2444 if ((r = sshpkt_put_cstring(ssh, name)) != 0 || 2445 (r = sshpkt_put_cstring(ssh, val)) != 0 || 2446 (r = sshpkt_send(ssh)) != 0) 2447 fatal_fr(r, "send setenv"); 2448 } 2449 2450 void 2451 client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem, 2452 const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd, 2453 char **env) 2454 { 2455 int i, j, matched, len, r; 2456 char *name, *val; 2457 Channel *c = NULL; 2458 2459 debug2_f("id %d", id); 2460 2461 if ((c = channel_lookup(ssh, id)) == NULL) 2462 fatal_f("channel %d: unknown channel", id); 2463 2464 ssh_packet_set_interactive(ssh, want_tty, 2465 options.ip_qos_interactive, options.ip_qos_bulk); 2466 2467 if (want_tty) { 2468 struct winsize ws; 2469 2470 /* Store window size in the packet. */ 2471 if (ioctl(in_fd, TIOCGWINSZ, &ws) == -1) 2472 memset(&ws, 0, sizeof(ws)); 2473 2474 channel_request_start(ssh, id, "pty-req", 1); 2475 client_expect_confirm(ssh, id, "PTY allocation", CONFIRM_TTY); 2476 if ((r = sshpkt_put_cstring(ssh, term != NULL ? term : "")) 2477 != 0 || 2478 (r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 || 2479 (r = sshpkt_put_u32(ssh, (u_int)ws.ws_row)) != 0 || 2480 (r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 || 2481 (r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0) 2482 fatal_fr(r, "build pty-req"); 2483 if (tiop == NULL) 2484 tiop = get_saved_tio(); 2485 ssh_tty_make_modes(ssh, -1, tiop); 2486 if ((r = sshpkt_send(ssh)) != 0) 2487 fatal_fr(r, "send pty-req"); 2488 /* XXX wait for reply */ 2489 c->client_tty = 1; 2490 } 2491 2492 /* Transfer any environment variables from client to server */ 2493 if (options.num_send_env != 0 && env != NULL) { 2494 debug("Sending environment."); 2495 for (i = 0; env[i] != NULL; i++) { 2496 /* Split */ 2497 name = xstrdup(env[i]); 2498 if ((val = strchr(name, '=')) == NULL) { 2499 free(name); 2500 continue; 2501 } 2502 *val++ = '\0'; 2503 2504 matched = 0; 2505 for (j = 0; j < options.num_send_env; j++) { 2506 if (match_pattern(name, options.send_env[j])) { 2507 matched = 1; 2508 break; 2509 } 2510 } 2511 if (!matched) { 2512 debug3("Ignored env %s", name); 2513 free(name); 2514 continue; 2515 } 2516 client_send_env(ssh, id, name, val); 2517 free(name); 2518 } 2519 } 2520 for (i = 0; i < options.num_setenv; i++) { 2521 /* Split */ 2522 name = xstrdup(options.setenv[i]); 2523 if ((val = strchr(name, '=')) == NULL) { 2524 free(name); 2525 continue; 2526 } 2527 *val++ = '\0'; 2528 client_send_env(ssh, id, name, val); 2529 free(name); 2530 } 2531 2532 len = sshbuf_len(cmd); 2533 if (len > 0) { 2534 if (len > 900) 2535 len = 900; 2536 if (want_subsystem) { 2537 debug("Sending subsystem: %.*s", 2538 len, (const u_char*)sshbuf_ptr(cmd)); 2539 channel_request_start(ssh, id, "subsystem", 1); 2540 client_expect_confirm(ssh, id, "subsystem", 2541 CONFIRM_CLOSE); 2542 } else { 2543 debug("Sending command: %.*s", 2544 len, (const u_char*)sshbuf_ptr(cmd)); 2545 channel_request_start(ssh, id, "exec", 1); 2546 client_expect_confirm(ssh, id, "exec", CONFIRM_CLOSE); 2547 } 2548 if ((r = sshpkt_put_stringb(ssh, cmd)) != 0 || 2549 (r = sshpkt_send(ssh)) != 0) 2550 fatal_fr(r, "send command"); 2551 } else { 2552 channel_request_start(ssh, id, "shell", 1); 2553 client_expect_confirm(ssh, id, "shell", CONFIRM_CLOSE); 2554 if ((r = sshpkt_send(ssh)) != 0) 2555 fatal_fr(r, "send shell"); 2556 } 2557 } 2558 2559 static void 2560 client_init_dispatch(struct ssh *ssh) 2561 { 2562 ssh_dispatch_init(ssh, &dispatch_protocol_error); 2563 2564 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose); 2565 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_DATA, &channel_input_data); 2566 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EOF, &channel_input_ieof); 2567 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data); 2568 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN, &client_input_channel_open); 2569 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); 2570 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); 2571 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_REQUEST, &client_input_channel_req); 2572 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); 2573 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm); 2574 ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm); 2575 ssh_dispatch_set(ssh, SSH2_MSG_GLOBAL_REQUEST, &client_input_global_request); 2576 2577 /* rekeying */ 2578 ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); 2579 2580 /* global request reply messages */ 2581 ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_FAILURE, &client_global_request_reply); 2582 ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_SUCCESS, &client_global_request_reply); 2583 } 2584 2585 void 2586 client_stop_mux(void) 2587 { 2588 if (options.control_path != NULL && muxserver_sock != -1) 2589 unlink(options.control_path); 2590 /* 2591 * If we are in persist mode, or don't have a shell, signal that we 2592 * should close when all active channels are closed. 2593 */ 2594 if (options.control_persist || options.session_type == SESSION_TYPE_NONE) { 2595 session_closed = 1; 2596 setproctitle("[stopped mux]"); 2597 } 2598 } 2599 2600 /* client specific fatal cleanup */ 2601 void 2602 cleanup_exit(int i) 2603 { 2604 leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE); 2605 if (options.control_path != NULL && muxserver_sock != -1) 2606 unlink(options.control_path); 2607 ssh_kill_proxy_command(); 2608 _exit(i); 2609 } 2610