channel.c 58 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
/* channel.c
 *
 */

/* lsh, an implementation of the ssh protocol
 *
 * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
J.H.M. Dassen's avatar
J.H.M. Dassen committed
21
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
Niels Möller's avatar
Niels Möller committed
22
23
 */

24
25
26
27
28
29
30
#if HAVE_CONFIG_H
#include "config.h"
#endif

#include <assert.h>
#include <string.h>

Niels Möller's avatar
Niels Möller committed
31
32
33
#include "channel.h"

#include "format.h"
34
#include "io.h"
Niels Möller's avatar
Niels Möller committed
35
#include "read_data.h"
Niels Möller's avatar
Niels Möller committed
36
37
38
39
#include "ssh.h"
#include "werror.h"
#include "xalloc.h"

40
#define GABA_DEFINE
41
#include "channel.h.x"
42
#undef GABA_DEFINE
43

44
45
#include "channel.c.x"

46
struct exception *
47
make_channel_open_exception(uint32_t error_code, const char *msg)
Niels Möller's avatar
Niels Möller committed
48
49
{
  NEW(channel_open_exception, self);
Niels Möller's avatar
Niels Möller committed
50
51
52
53
54
55
56
57
58
59
60
61
62
63

#define MAX_ERROR 4
  static const char *msgs[MAX_ERROR + 1] = {
    "",
    "Administratively prohibited",
    "Connect failed",
    "Unknown channel type",
    "Resource shortage"
  };

  assert(error_code > 0);
  assert(error_code <= MAX_ERROR);
#undef MAX_ERROR
  
Niels Möller's avatar
Niels Möller committed
64
  self->super.type = EXC_CHANNEL_OPEN;
Niels Möller's avatar
Niels Möller committed
65
  self->super.msg = msg ? msg : msgs[error_code];
Niels Möller's avatar
Niels Möller committed
66
67
68
69
70
  self->error_code = error_code;

  return &self->super;
}

71

72
73
struct lsh_string *
format_global_failure(void)
Niels Möller's avatar
Niels Möller committed
74
75
76
77
{
  return ssh_format("%c", SSH_MSG_REQUEST_FAILURE);
}

78
79
struct lsh_string *
format_global_success(void)
80
81
82
83
{
  return ssh_format("%c", SSH_MSG_REQUEST_SUCCESS);
}

84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/* The advertised rec_max_size must be a little smaller than SSH_MAX_PACKET,
 * to make sure that our peer won't send us packets exceeding our limit for
 * the connection. */

/* NOTE: It would make some sense to use the connection's
 * rec_max_packet instead of the SSH_MAX_PACKET constant. */

#define SSH_MAX_DATA_SIZE (SSH_MAX_PACKET - SSH_CHANNEL_MAX_PACKET_FUZZ)

static void
check_rec_max_packet(struct ssh_channel *channel)
{
  /* Never advertise a larger rec_max_packet than we're willing to
   * handle. */

  if (channel->rec_max_packet > SSH_MAX_DATA_SIZE)
    {
      debug("check_rec_max_packet: Reduced rec_max_packet from %i to %i.\n",
	    channel->rec_max_packet, SSH_MAX_DATA_SIZE);
      channel->rec_max_packet = SSH_MAX_DATA_SIZE;
    }
}

107
108
struct lsh_string *
format_open_confirmation(struct ssh_channel *channel,
109
			 uint32_t channel_number,
110
			 const char *format, ...)
111
112
{
  va_list args;
113
  uint32_t l1, l2;
114
  struct lsh_string *packet;
115
  
116
#define CONFIRM_FORMAT "%c%i%i%i%i"
117
118
#define CONFIRM_ARGS \
  SSH_MSG_CHANNEL_OPEN_CONFIRMATION, channel->channel_number, \
119
120
  channel_number, channel->rec_window_size, channel->rec_max_packet
    
121
122
  check_rec_max_packet(channel);

123
  debug("format_open_confirmation: rec_window_size = %i,\n"
124
	"                          rec_max_packet = %i,\n",
125
       channel->rec_window_size,
126
       channel->rec_max_packet);
127
128
129
130
131
132
133
134
135
136
137
  l1 = ssh_format_length(CONFIRM_FORMAT, CONFIRM_ARGS);

  va_start(args, format);
  l2 = ssh_vformat_length(format, args);
  va_end(args);

  packet = lsh_string_alloc(l1 + l2);

  ssh_format_write(CONFIRM_FORMAT, l1, packet->data, CONFIRM_ARGS);

  va_start(args, format);
138
  ssh_vformat_write(format, l2, packet->data+l1, args);
139
140
141
142
143
144
145
  va_end(args);

  return packet;
#undef CONFIRM_FORMAT
#undef CONFIRM_ARGS
}

146
struct lsh_string *
147
format_open_failure(uint32_t channel, uint32_t reason,
148
		    const char *msg, const char *language)
Niels Möller's avatar
Niels Möller committed
149
150
151
152
153
{
  return ssh_format("%c%i%i%z%z", SSH_MSG_CHANNEL_OPEN_FAILURE,
		    channel, reason, msg, language);
}

154
struct lsh_string *
155
format_channel_success(uint32_t channel)
156
157
158
159
{
  return ssh_format("%c%i", SSH_MSG_CHANNEL_SUCCESS, channel);
}

160
struct lsh_string *
161
format_channel_failure(uint32_t channel)
Niels Möller's avatar
Niels Möller committed
162
163
164
165
{
  return ssh_format("%c%i", SSH_MSG_CHANNEL_FAILURE, channel);
}

166
167
struct lsh_string *
prepare_window_adjust(struct ssh_channel *channel,
168
		      uint32_t add)
169
170
171
172
173
174
175
176
{
  channel->rec_window_size += add;
  
  return ssh_format("%c%i%i",
		    SSH_MSG_CHANNEL_WINDOW_ADJUST,
		    channel->channel_number, add);
}

Niels Möller's avatar
Niels Möller committed
177
178
179
180
181
/* GABA:
   (class
     (name exc_finish_channel_handler)
     (super exception_handler)
     (vars
182
       (connection object ssh_connection)
183
184
       ; Non-zero if the channel has already been deallocated.
       (dead . int)
Niels Möller's avatar
Niels Möller committed
185
       ; Local channel number 
186
       (channel_number . uint32_t)))
Niels Möller's avatar
Niels Möller committed
187
188
*/

189
190
191
static void
do_exc_finish_channel_handler(struct exception_handler *s,
			      const struct exception *e)
Niels Möller's avatar
Niels Möller committed
192
193
194
195
196
{
  CAST(exc_finish_channel_handler, self, s);

  switch (e->type)
    {
Niels Möller's avatar
Niels Möller committed
197
    case EXC_FINISH_PENDING:
198
199
      if (self->dead)
	werror("channel.c: EXC_FINISH_PENDING on dead channel.\n");
Niels Möller's avatar
Niels Möller committed
200

201
      self->connection->table->pending_close = 1;
202
203
204
205
206

      /* NOTE: We don't need to raise a EXC_FINISH_READ here. Only
       * code in a live channel is supposed to raise
       * EXC_FINISH_PENDING. The typical caller is a channel's
       * CHANNEL_CLOSE callback that is called below. */
Niels Möller's avatar
Niels Möller committed
207
208
      break;
      
Niels Möller's avatar
Niels Möller committed
209
210
    case EXC_FINISH_CHANNEL:
      /* NOTE: This type of exception must be handled only once.
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
       * However, there is at least one case where it is difficult to
       * ensure that the exception is raised only once.
       *
       * For instance, in do_channel_close, the CHANNEL_EOF callback
       * can decide to call close_channel, which might raise this
       * exception. When control gets back to do_channel_close, and
       * CHANNEL_SENT_CLOSE is true, it raises the exception again.
       *
       * To get this right, we set a flag when the channel is
       * deallocated. */
      if (self->dead)
	debug("EXC_FINISH_CHANNEL on dead channel.\n");
      else
	{
	  struct ssh_channel *channel
226
	    = self->connection->table->channels[self->channel_number];
227
228
229
230
231
232
233
234

	  assert(channel);
	  assert(channel->resources->super.alive);

	  if (channel->close)
	    CHANNEL_CLOSE(channel);
	
	  KILL_RESOURCE_LIST(channel->resources);
Niels Möller's avatar
Niels Möller committed
235
	
236
	  dealloc_channel(self->connection->table, self->channel_number);
237
238
	  self->dead = 1;

239
	  if (self->connection->table->pending_close &&
240
	      !self->connection->table->channel_count)
241
242
	    {
	      /* FIXME: Send a SSH_DISCONNECT_BY_APPLICATION message? */
243
	      EXCEPTION_RAISE(self->connection->e, &finish_read_exception);
244
245
	    }
	}
Niels Möller's avatar
Niels Möller committed
246
247
248
249
250
251
252
      break;
    default:
      EXCEPTION_RAISE(self->super.parent, e);
    }
}

static struct exception_handler *
253
make_exc_finish_channel_handler(struct ssh_connection *connection,
254
				uint32_t channel_number,
255
256
				struct exception_handler *e,
				const char *context)
Niels Möller's avatar
Niels Möller committed
257
258
259
260
{
  NEW(exc_finish_channel_handler, self);
  self->super.parent = e;
  self->super.raise = do_exc_finish_channel_handler;
261
  self->super.context = context;
Niels Möller's avatar
Niels Möller committed
262

263
  self->connection = connection;
264
  self->channel_number = channel_number;
265
  self->dead = 0;
266
  
Niels Möller's avatar
Niels Möller committed
267
  return &self->super;
Niels Möller's avatar
Niels Möller committed
268
269
270
}
				

271
/* Channel objects */
Niels Möller's avatar
Niels Möller committed
272
273
274
275
276

#define INITIAL_CHANNELS 32
/* Arbitrary limit */
#define MAX_CHANNELS (1L<<17)

277
278
struct channel_table *
make_channel_table(void)
Niels Möller's avatar
Niels Möller committed
279
{
280
  NEW(channel_table, table);
Niels Möller's avatar
Niels Möller committed
281

282
  table->channels = lsh_space_alloc(sizeof(struct ssh_channel *)
283
				      * INITIAL_CHANNELS);
Niels Möller's avatar
Niels Möller committed
284
285
  table->in_use = lsh_space_alloc(INITIAL_CHANNELS);
  
286
287
  table->allocated_channels = INITIAL_CHANNELS;
  table->used_channels = 0;
288
289
290
  table->next_channel = 0;
  table->channel_count = 0;
  
291
  table->max_channels = MAX_CHANNELS;
Niels Möller's avatar
Niels Möller committed
292

Niels Möller's avatar
Niels Möller committed
293
  table->pending_close = 0;
294

295
296
  table->global_requests = make_alist(0, -1);
  table->channel_types = make_alist(0, -1);
297
  table->open_fallback = NULL;
298
  
299
300
  object_queue_init(&table->local_ports);
  object_queue_init(&table->remote_ports);
301
  table->x11_display = NULL;
302
  
303
304
  object_queue_init(&table->active_global_requests);
  object_queue_init(&table->pending_global_requests);
Niels Möller's avatar
Niels Möller committed
305
  
306
  return table;
307
}
Niels Möller's avatar
Niels Möller committed
308
309

/* Returns -1 if allocation fails */
310
311
312
/* NOTE: This function returns locally chosen channel numbers, which
 * are always small integers. So there's no problem fitting them in
 * a signed int. */
313
314
int
alloc_channel(struct channel_table *table)
Niels Möller's avatar
Niels Möller committed
315
{
316
  uint32_t i;
317
  
318
  for(i = table->next_channel; i < table->used_channels; i++)
Niels Möller's avatar
Niels Möller committed
319
    {
320
      if (table->in_use[i] == CHANNEL_FREE)
Niels Möller's avatar
Niels Möller committed
321
	{
Niels Möller's avatar
Niels Möller committed
322
	  assert(!table->channels[i]);
323
	  table->in_use[i] = CHANNEL_RESERVED;
324
	  table->next_channel = i+1;
325

326
	  goto success;
Niels Möller's avatar
Niels Möller committed
327
328
	}
    }
329
  if (i == table->max_channels)
Niels Möller's avatar
Niels Möller committed
330
    return -1;
331

332
  if (i == table->allocated_channels) 
Niels Möller's avatar
Niels Möller committed
333
    {
334
      uint32_t new_size = table->allocated_channels * 2;
Niels Möller's avatar
Niels Möller committed
335
      struct ssh_channel **new_channels;
336
      uint8_t *new_in_use;
Niels Möller's avatar
Niels Möller committed
337

Niels Möller's avatar
Niels Möller committed
338
339
340
      new_channels = lsh_space_alloc(sizeof(struct ssh_channel *)
				     * new_size);
      memcpy(new_channels, table->channels,
341
	     sizeof(struct ssh_channel *) * table->used_channels);
Niels Möller's avatar
Niels Möller committed
342
343
344
      lsh_space_free(table->channels);
      table->channels = new_channels;

345
      /* FIXME: Use realloc(). */
Niels Möller's avatar
Niels Möller committed
346
347
348
349
350
      new_in_use = lsh_space_alloc(new_size);
      memcpy(new_in_use, table->in_use, table->used_channels);
      lsh_space_free(table->in_use);
      table->in_use = new_in_use;

351
      table->allocated_channels = new_size;
Niels Möller's avatar
Niels Möller committed
352
353
    }

354
  table->next_channel = table->used_channels = i+1;
Niels Möller's avatar
Niels Möller committed
355

356
  table->in_use[i] = CHANNEL_RESERVED;
357
358
  table->channels[i] = NULL;
  
359
360
 success:
  table->channel_count++;
361
  verbose("Allocated local channel number %i\n", i);
362

Niels Möller's avatar
Niels Möller committed
363
364
365
  return i;
}

366
367
void
dealloc_channel(struct channel_table *table, int i)
Niels Möller's avatar
Niels Möller committed
368
369
{
  assert(i >= 0);
370
  assert( (unsigned) i < table->used_channels);
371
372
  assert(table->channel_count);
  
373
  verbose("Deallocating local channel %i\n", i);
374
  table->channels[i] = NULL;
375
  table->in_use[i] = CHANNEL_FREE;
376
377

  table->channel_count--;
Niels Möller's avatar
Niels Möller committed
378
  
379
  if ( (unsigned) i < table->next_channel)
380
381
382
    table->next_channel = i;
}

383
384
void
use_channel(struct ssh_connection *connection,
385
	    uint32_t local_channel_number)
386
387
388
389
390
391
392
393
394
395
396
{
  struct channel_table *table = connection->table;
  struct ssh_channel *channel = table->channels[local_channel_number];

  assert(channel);
  assert(table->in_use[local_channel_number] == CHANNEL_RESERVED);
  
  table->in_use[local_channel_number] = CHANNEL_IN_USE;
  verbose("Taking channel %i in use, (local %i).\n",
	  channel->channel_number, local_channel_number);
}
397

398
void
399
register_channel(uint32_t local_channel_number,
400
401
		 struct ssh_channel *channel,
		 int take_into_use)
402
{
403
  struct channel_table *table = channel->connection->table;
404
  
405
  assert(table->in_use[local_channel_number] == CHANNEL_RESERVED);
Niels Möller's avatar
Niels Möller committed
406
  assert(!table->channels[local_channel_number]);
407

408
409
410
  verbose("Registering local channel %i.\n",
	  local_channel_number);
  
411
  /* NOTE: Is this the right place to install this exception handler? */
412
  channel->e =
413
    make_exc_finish_channel_handler(channel->connection,
414
				    local_channel_number,
415
416
				    (channel->e ? channel->e
				     : channel->connection->e),
417
418
419
				    HANDLER_CONTEXT);

  table->channels[local_channel_number] = channel;
420

421
  if (take_into_use)
422
    use_channel(channel->connection, local_channel_number);
423
  
424
  remember_resource(channel->connection->resources,
425
		    &channel->resources->super);
Niels Möller's avatar
Niels Möller committed
426
427
}

428
struct ssh_channel *
429
lookup_channel(struct channel_table *table, uint32_t i)
430
431
432
433
434
435
436
{
  return ( (i < table->used_channels)
	   && (table->in_use[i] == CHANNEL_IN_USE))
    ? table->channels[i] : NULL;
}

struct ssh_channel *
437
lookup_channel_reserved(struct channel_table *table, uint32_t i)
Niels Möller's avatar
Niels Möller committed
438
{
439
440
  return ( (i < table->used_channels)
	   && (table->in_use[i] == CHANNEL_RESERVED))
441
    ? table->channels[i] : NULL;
Niels Möller's avatar
Niels Möller committed
442
443
}

444

445
446
/* FIXME: It seems suboptimal to send a window adjust message for
 * *every* write that we do. A better scheme might be as follows:
447
448
449
450
451
452
453
 *
 * Delay window adjust messages, keeping track of both the locally
 * maintained window size, which is updated after each write, and the
 * size that has been reported to the remote end. When the difference
 * between these two values gets large enough (say, larger than one
 * half or one third of the maximum window size), we send a
 * window_adjust message to sync them. */
454
static void
455
adjust_rec_window(struct flow_controlled *f, uint32_t written)
456
{
457
458
  CAST_SUBTYPE(ssh_channel, channel, f);

459
460
461
462
  /* NOTE: The channel object (referenced as a flow-control callback)
   * may live longer than the actual channel. */
  if (! (channel->flags & (CHANNEL_RECEIVED_EOF | CHANNEL_RECEIVED_CLOSE
			   | CHANNEL_SENT_CLOSE)))
463
    C_WRITE(channel->connection,
464
	    prepare_window_adjust(channel, written));
465
466
}

467
468
void
channel_start_receive(struct ssh_channel *channel,
469
		      uint32_t initial_window_size)
470
{
471
  if (channel->rec_window_size < initial_window_size)
472
    C_WRITE(channel->connection,
473
474
	    prepare_window_adjust
	    (channel, initial_window_size - channel->rec_window_size));
475
476
}

Niels Möller's avatar
Niels Möller committed
477
/* Channel related messages */
478
479
480

/* GABA:
   (class
481
     (name request_status)
482
483
484
485
486
487
488
     (vars
       ; -1 for still active requests,
       ; 0 for failure,
       ; 1 for success
       (status . int)))
*/

489
490
static struct request_status *
make_request_status(void)
491
{
492
  NEW(request_status, self);
493
494
495
496
497
498
499
  self->status = -1;

  return self;
}

/* GABA:
   (class
500
501
     (name global_request_continuation)
     (super command_continuation)
502
     (vars
503
504
       (connection object ssh_connection)
       (active object request_status)))
505
506
*/

507
508
509
static void 
send_global_request_responses(struct ssh_connection *connection, 
			      struct object_queue *q)
510
{
511
512
513
514
515
516
   for (;;)
     {
       CAST(request_status, n, object_queue_peek_head(q));
       if (!n || (n->status < 0))
	 break;
 
517
      object_queue_remove_head(q);
Niels Möller's avatar
Niels Möller committed
518

519
      C_WRITE(connection,
Niels Möller's avatar
Niels Möller committed
520
521
	      (n->status
	       ? format_global_success()
522
	       : format_global_failure()));
523
524
525
    }
}

526
527
528
static void
do_global_request_response(struct command_continuation *s,
			   struct lsh_object *x UNUSED)
529
{
530
531
  CAST(global_request_continuation, self, s);
  struct object_queue *q = &self->connection->table->active_global_requests;
532

533
534
535
536
  assert(self->active->status == -1);
  assert(!object_queue_is_empty(q));
	  
  self->active->status = 1;
537

538
539
  send_global_request_responses(self->connection, q);
}
540

541
542
543
544
545
546
547
548
549
550
static struct command_continuation *
make_global_request_response(struct ssh_connection *connection,
			     struct request_status *active)
{
  NEW(global_request_continuation, self);

  self->super.c = do_global_request_response;
  self->connection = connection;
  self->active = active;
   
551
552
  return &self->super;
}
553
554
555
556
557
558
559
560
561
562
563
564
565


/* GABA:
   (class
     (name global_request_exception_handler)
     (super exception_handler)
     (vars
       (connection object ssh_connection)
       (active object request_status)))
*/

/* NOTE: We handle *only* EXC_GLOBAL_REQUEST */
static void 
566
do_exc_global_request_handler(struct exception_handler *c,
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
			  const struct exception *e)
{
  CAST(global_request_exception_handler, self, c);
  if (e->type == EXC_GLOBAL_REQUEST)
    {
      struct object_queue *q = &self->connection->table->active_global_requests;
      
      assert(self->active->status == -1);
      assert(!object_queue_is_empty(q));

      self->active->status = 0;
  
      send_global_request_responses(self->connection, q);
    }
  else
    EXCEPTION_RAISE(c->parent, e);
}

static struct exception_handler *
make_global_request_exception_handler(struct ssh_connection *connection,
				      struct request_status *active,
				      struct exception_handler *h,
				      const char *context)
Niels Möller's avatar
Niels Möller committed
590
{
591
592
  NEW(global_request_exception_handler, self);

593
  self->super.raise = do_exc_global_request_handler;
594
595
596
597
598
599
  self->super.context = context;
  self->super.parent = h;
  self->active = active;
  self->connection = connection;
  return &self->super;
}
Niels Möller's avatar
Niels Möller committed
600

601
DEFINE_PACKET_HANDLER(static, global_request_handler, connection, packet)
602
{
Niels Möller's avatar
Niels Möller committed
603
  struct simple_buffer buffer;
604
  unsigned msg_number;
Niels Möller's avatar
Niels Möller committed
605
606
607
608
609
610
611
612
613
614
  int name;
  int want_reply;
  
  simple_buffer_init(&buffer, packet->length, packet->data);

  if (parse_uint8(&buffer, &msg_number)
      && (msg_number == SSH_MSG_GLOBAL_REQUEST)
      && parse_atom(&buffer, &name)
      && parse_boolean(&buffer, &want_reply))
    {
615
      struct global_request *req = NULL;
616
617
      struct command_continuation *c = &discard_continuation;
      struct exception_handler *e = connection->e;
618
619
620
621
622
623
624
625
626

      if (name && connection->table->global_requests)
	{
	  CAST_SUBTYPE(global_request, r,
		       ALIST_GET(connection->table->global_requests,
				 name));
	  req = r;
	}
      if (!req)
627
	{
Niels Möller's avatar
Niels Möller committed
628
629
	  C_WRITE(connection, format_global_failure());
	  return;
Niels Möller's avatar
Niels Möller committed
630
631
632
633
634
	}
      else
	{
	  if (want_reply)
	    {
635
	      struct request_status *a = make_request_status();
Niels Möller's avatar
Niels Möller committed
636
	      
Niels Möller's avatar
Niels Möller committed
637
	      object_queue_add_tail(&connection->table->active_global_requests,
Niels Möller's avatar
Niels Möller committed
638
639
640
				    &a->super);
	      
	      c = make_global_request_response(connection, a);
641
642
643
644
645
	      e = make_global_request_exception_handler(connection, a, e, HANDLER_CONTEXT);
	    }
	  else
	    {
	      /* We should ignore failures. */
646
	      static const struct report_exception_info global_req_ignore =
647
648
649
650
651
		STATIC_REPORT_EXCEPTION_INFO(EXC_ALL, EXC_GLOBAL_REQUEST,
					     "Ignored:");
	      
	      e = make_report_exception_handler(&global_req_ignore,
						e, HANDLER_CONTEXT);
Niels Möller's avatar
Niels Möller committed
652
	    }
653
	  GLOBAL_REQUEST(req, connection, name, want_reply, &buffer, c, e);
654
	}
Niels Möller's avatar
Niels Möller committed
655
    }
Niels Möller's avatar
Niels Möller committed
656
  else
657
    PROTOCOL_ERROR(connection->e, "Invalid SSH_MSG_GLOBAL_REQUEST message.");
Niels Möller's avatar
Niels Möller committed
658
659
}

660
661
DEFINE_PACKET_HANDLER(static, global_success_handler,
		      connection, packet)
662
663
{
  if (packet->length != 1)
Niels Möller's avatar
Niels Möller committed
664
    {
665
      PROTOCOL_ERROR(connection->e, "Invalid GLOBAL_REQUEST_SUCCESS message.");
666
      return;
Niels Möller's avatar
Niels Möller committed
667
    }
668
669
670

  assert(packet->data[0] == SSH_MSG_REQUEST_SUCCESS);

Niels Möller's avatar
Niels Möller committed
671
  if (object_queue_is_empty(&connection->table->pending_global_requests))
672
673
    {
      werror("do_global_request_success: Unexpected message, ignoring.\n");
Niels Möller's avatar
Niels Möller committed
674
      return;
675
676
    }
  {
677
    CAST_SUBTYPE(command_context, ctx,
Niels Möller's avatar
Niels Möller committed
678
679
		 object_queue_remove_head(&connection->table->pending_global_requests));
    COMMAND_RETURN(ctx->c, connection);
680
681
682
  }
}

683
684
685
struct exception global_request_exception =
STATIC_EXCEPTION(EXC_GLOBAL_REQUEST, "Global request failed");

686
687
DEFINE_PACKET_HANDLER(static, global_failure_handler,
		      connection, packet)
688
689
{
  if (packet->length != 1)
Niels Möller's avatar
Niels Möller committed
690
    {
691
      PROTOCOL_ERROR(connection->e, "Invalid GLOBAL_REQUEST_FAILURE message.");
692
      return;
Niels Möller's avatar
Niels Möller committed
693
    }
694
695
696

  assert(packet->data[0] == SSH_MSG_REQUEST_FAILURE);

Niels Möller's avatar
Niels Möller committed
697
  if (object_queue_is_empty(&connection->table->pending_global_requests))
698
699
700
    {
      werror("do_global_request_failure: Unexpected message, ignoring.\n");
    }
Niels Möller's avatar
Niels Möller committed
701
702
703
704
705
706
  else
    {
      CAST_SUBTYPE(command_context, ctx,
		   object_queue_remove_head(&connection->table->pending_global_requests));
      EXCEPTION_RAISE(ctx->e, &global_request_exception);
    }
707
708
}

709
710
711
712
713
714
715
716
717
718
719
720
721
722
/* FIXME: Don't store the channel here, instead have it passed as the
 * argument of the continuation. This might also allow some
 * unification with the handling of global_requests. */

/* GABA:
   (class
     (name channel_request_continuation)
     (super command_continuation)
     (vars
       (channel object ssh_channel)
       (active object request_status)))
*/

static void
723
send_channel_request_responses(struct ssh_channel *channel,
724
725
726
727
728
729
730
731
732
733
			       struct object_queue *q)
{
  for (;;)
    {
      CAST(request_status, n, object_queue_peek_head(q));
      if (!n || (n->status < 0))
	break;

      object_queue_remove_head(q);

734
      C_WRITE(channel->connection,
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
	      (n->status
	       ? format_channel_success(channel->channel_number)
	       : format_channel_failure(channel->channel_number)));
    }
}

static void
do_channel_request_response(struct command_continuation *s,
			    struct lsh_object *x UNUSED)
{
  CAST(channel_request_continuation, self, s);
  struct object_queue *q = &self->channel->active_requests;

  assert(self->active->status == -1);
  assert(!object_queue_is_empty(q));
	  
  self->active->status = 1;

753
  send_channel_request_responses(self->channel, q);
754
755
756
}

static struct command_continuation *
757
make_channel_request_response(struct ssh_channel *channel,
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
			      struct request_status *active)
{
  NEW(channel_request_continuation, self);

  self->super.c = do_channel_request_response;
  self->channel = channel;
  self->active = active;

  return &self->super;
}

/* GABA:
   (class
     (name channel_request_exception_handler)
     (super exception_handler)
     (vars
       (channel object ssh_channel)
       (active object request_status)))
*/

/* NOTE: We handle *only* EXC_CHANNEL_REQUEST */
static void 
780
781
do_exc_channel_request_handler(struct exception_handler *c,
			       const struct exception *e)
782
783
784
785
786
787
788
789
790
791
792
{
  CAST(channel_request_exception_handler, self, c);
  if (e->type == EXC_CHANNEL_REQUEST)
    {
      struct object_queue *q = &self->channel->active_requests;

      assert(self->active->status == -1);
      assert(!object_queue_is_empty(q));
      
      self->active->status = 0;
      
793
      send_channel_request_responses(self->channel, q);
794
795
796
797
798
799
    }
  else
    EXCEPTION_RAISE(c->parent, e);
}

static struct exception_handler *
800
make_channel_request_exception_handler(struct ssh_channel *channel,
801
802
803
804
805
806
				       struct request_status *active,
				       struct exception_handler *h,
				       const char *context)
{
  NEW(channel_request_exception_handler, self);

807
  self->super.raise = do_exc_channel_request_handler;
808
809
  self->super.parent = h;
  self->super.context = context;
810

811
812
813
814
815
816
  self->channel = channel;
  self->active = active;

  return &self->super;
}

817
818
static int
parse_channel_request(struct simple_buffer *buffer,
819
		      uint32_t *channel_number,
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
		      struct channel_request_info *info)
{
  unsigned msg_number;

  if (parse_uint8(buffer, &msg_number)
      && (msg_number == SSH_MSG_CHANNEL_REQUEST)
      && parse_uint32(buffer, channel_number)
      && parse_string(buffer,
		      &info->type_length, &info->type_data)
      && parse_boolean(buffer, &info->want_reply))
    {
      info->type = lookup_atom(info->type_length, info->type_data);
      return 1;
    }
  else
    return 0;
}

838
839
DEFINE_PACKET_HANDLER(static, channel_request_handler,
		      connection, packet)
840
841
{
  struct simple_buffer buffer;
842
  struct channel_request_info info;
843
  uint32_t channel_number;
844
845
846
  
  simple_buffer_init(&buffer, packet->length, packet->data);

847
  if (parse_channel_request(&buffer, &channel_number, &info))
848
849
850
851
852
853
854
855
856
857
    {
      struct ssh_channel *channel = lookup_channel(connection->table,
						   channel_number);

      /* NOTE: We can't free packet yet, because it is not yet fully
       * parsed. There may be some more arguments, which are parsed by
       * the CHANNEL_REQUEST method below. */

      if (channel)
	{
858
	  struct channel_request *req = NULL;
859
860
861
	  struct command_continuation *c = &discard_continuation;
	  struct exception_handler *e = channel->e;

862
	  if (info.type && channel->request_types)
863
864
	    {
	      CAST_SUBTYPE(channel_request, r,
865
			   ALIST_GET(channel->request_types, info.type));
866
867
	      req = r;
	    }
868
869
870
	  if (!req)
	    req = channel->request_fallback;
	  
871
	  if (req)
872
	    {
873
	      if (info.want_reply)
874
875
876
877
878
879
		{
		  struct request_status *a = make_request_status();
		  
		  object_queue_add_tail(&channel->active_requests,
					&a->super);
		  
880
881
		  c = make_channel_request_response(channel, a);
		  e = make_channel_request_exception_handler(channel, a, e, HANDLER_CONTEXT);
882
883
884
885
		}
	      else
		{
		  /* We should ignore failures. */
886
887
		  static const struct report_exception_info
		    channel_req_ignore =
888
889
890
891
892
893
894
		    STATIC_REPORT_EXCEPTION_INFO(EXC_ALL, EXC_CHANNEL_REQUEST,
						 "Ignored:");
		  
		  e = make_report_exception_handler(&channel_req_ignore,
						    e, HANDLER_CONTEXT);
		}
	      
895
	      CHANNEL_REQUEST(req, channel, &info, &buffer, c, e);
896
897
898
	    }
	  else
	    {
899
	      if (info.want_reply)
900
901
902
903
904
905
		C_WRITE(connection,
			format_channel_failure(channel->channel_number));
	    }
	}
      else
	{
906
907
	  werror("SSH_MSG_CHANNEL_REQUEST on nonexistant channel %i: %xS\n",
		 channel_number, packet);
908
909
910
911
912
913
914
	}
    }
  else
    PROTOCOL_ERROR(connection->e, "Invalid SSH_MSG_CHANNEL_REQUEST message.");
}


Niels Möller's avatar
Niels Möller committed
915
/* GABA:
916
917
918
919
920
   (class
     (name channel_open_continuation)
     (super command_continuation)
     (vars
       (connection object ssh_connection)
921
922
923
924
       (local_channel_number . uint32_t)
       (remote_channel_number . uint32_t)
       (send_window_size . uint32_t)
       (send_max_packet . uint32_t)))
925
*/
926

Niels Möller's avatar
Niels Möller committed
927
928
929
static void
do_channel_open_continue(struct command_continuation *c,
			 struct lsh_object *value)
930
931
{
  CAST(channel_open_continuation, self, c);
Niels Möller's avatar
Niels Möller committed
932
933
934
935
936
937
938
  CAST_SUBTYPE(ssh_channel, channel, value);

  assert(channel);

  /* FIXME: This copying could just as well be done by the
   * CHANNEL_OPEN handler? Then we can remove the corresponding fields
   * from the closure as well. */
939
940
  channel->send_window_size = self->send_window_size;
  channel->send_max_packet = self->send_max_packet;
Niels Möller's avatar
Niels Möller committed
941
942
  channel->channel_number = self->remote_channel_number;

943
944
945
946
  channel->connection = self->connection;
  
  register_channel(self->local_channel_number,
		   channel,
947
		   1);
Niels Möller's avatar
Niels Möller committed
948
949
950
951
952

  /* FIXME: Doesn't support sending extra arguments with the
   * confirmation message. */

  C_WRITE(self->connection,
Niels Möller's avatar
Niels Möller committed
953
	  format_open_confirmation(channel, self->local_channel_number, ""));
954
}
Niels Möller's avatar
Niels Möller committed
955

Niels Möller's avatar
Niels Möller committed
956
static struct command_continuation *
Niels Möller's avatar
Niels Möller committed
957
make_channel_open_continuation(struct ssh_connection *connection,
958
959
960
961
			       uint32_t local_channel_number,
			       uint32_t remote_channel_number,
			       uint32_t send_window_size,
			       uint32_t send_max_packet)
Niels Möller's avatar
Niels Möller committed
962
963
{
  NEW(channel_open_continuation, self);
Niels Möller's avatar
Niels Möller committed
964

Niels Möller's avatar
Niels Möller committed
965
966
967
968
  self->super.c = do_channel_open_continue;
  self->connection = connection;
  self->local_channel_number = local_channel_number;
  self->remote_channel_number = remote_channel_number;
969
970
  self->send_window_size = send_window_size;
  self->send_max_packet = send_max_packet;
Niels Möller's avatar
Niels Möller committed
971

Niels Möller's avatar
Niels Möller committed
972
  return &self->super;
Niels Möller's avatar
Niels Möller committed
973
974
975
976
977
978
979
980
}
			       
/* GABA:
   (class
     (name exc_channel_open_handler)
     (super exception_handler)
     (vars
       (connection object ssh_connection)
981
982
       (local_channel_number . uint32_t)
       (remote_channel_number . uint32_t)))
Niels Möller's avatar
Niels Möller committed
983
984
*/

985
986
987
static void
do_exc_channel_open_handler(struct exception_handler *s,
			    const struct exception *e)
Niels Möller's avatar
Niels Möller committed
988
989
990
991
992
993
994
995
{
  CAST(exc_channel_open_handler, self, s);

  switch (e->type)
    {
    case EXC_CHANNEL_OPEN:
      {
	CAST_SUBTYPE(channel_open_exception, exc, e);
Niels Möller's avatar
Niels Möller committed
996
	struct channel_table *table = self->connection->table;
Niels Möller's avatar
Niels Möller committed
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
	
	assert(table->in_use[self->local_channel_number]);
	assert(!table->channels[self->local_channel_number]);

	dealloc_channel(table, self->local_channel_number);
	
        C_WRITE(self->connection,
		format_open_failure(self->remote_channel_number,
				    exc->error_code, e->msg, ""));
	break;
      }
    default:
      EXCEPTION_RAISE(self->super.parent, e);
    }      
}

static struct exception_handler *
make_exc_channel_open_handler(struct ssh_connection *connection,
1015
1016
			      uint32_t local_channel_number,
			      uint32_t remote_channel_number,
1017
1018
			      struct exception_handler *parent,
			      const char *context)
Niels Möller's avatar
Niels Möller committed
1019
{
Niels Möller's avatar
Niels Möller committed
1020
  NEW(exc_channel_open_handler, self);
Niels Möller's avatar
Niels Möller committed
1021
  self->super.parent = parent;
Niels Möller's avatar
Niels Möller committed
1022
  self->super.raise = do_exc_channel_open_handler;
1023
1024
  self->super.context = context;
  
Niels Möller's avatar
Niels Möller committed
1025
  self->connection = connection;
Niels Möller's avatar
Niels Möller committed
1026
1027
1028
1029
1030
1031
  self->local_channel_number = local_channel_number;
  self->remote_channel_number = remote_channel_number;

  return &self->super;
}

1032
1033
1034
1035
1036
1037
1038
1039
static int
parse_channel_open(struct simple_buffer *buffer,
		   struct channel_open_info *info)
{
  unsigned msg_number;

  if (parse_uint8(buffer, &msg_number)
      && (msg_number == SSH_MSG_CHANNEL_OPEN)
1040
      && parse_string(buffer, &info->type_length, &info->type_data)
1041
1042
1043
1044
      && parse_uint32(buffer, &info->remote_channel_number)
      && parse_uint32(buffer, &info->send_window_size)
      && parse_uint32(buffer, &info->send_max_packet))
    {
1045
      info->type = lookup_atom(info->type_length, info->type_data);
1046
1047

      /* We don't support larger packets than the default,
1048
1049
       * SSH_MAX_PACKET. */
      if (info->send_max_packet > SSH_MAX_PACKET)
1050
1051
	{
	  werror("do_channel_open: The remote end asked for really large packets.\n");
1052
	  info->send_max_packet = SSH_MAX_PACKET;
1053
1054
1055
1056
1057
1058
1059
1060
1061
	}

      return 1;
    }
  else
    return 0;
}


1062
1063
DEFINE_PACKET_HANDLER(static, channel_open_handler,
		      connection, packet)
Niels Möller's avatar
Niels Möller committed
1064
1065
{
  struct simple_buffer buffer;
1066
1067
  struct channel_open_info info;
  
Niels Möller's avatar
Niels Möller committed
1068
  simple_buffer_init(&buffer, packet->length, packet->data);
1069

1070
  if (parse_channel_open(&buffer, &info))
Niels Möller's avatar
Niels Möller committed
1071
    {
1072
      struct channel_open *open = NULL;
Niels Möller's avatar
Niels Möller committed
1073

Niels Möller's avatar
Niels Möller committed
1074
1075
1076
1077
      /* NOTE: We can't free the packet yet, as the buffer is passed
       * to the CHANNEL_OPEN method later. */

      if (connection->table->pending_close)
Niels Möller's avatar
Niels Möller committed
1078
1079
1080
1081
	{
	  /* We are waiting for channels to close. Don't open any new ones. */

	  C_WRITE(connection,
1082
		  format_open_failure(info.remote_channel_number,
Niels Möller's avatar
Niels Möller committed
1083
1084
1085
1086
1087
				      SSH_OPEN_ADMINISTRATIVELY_PROHIBITED,
				      "Waiting for channels to close.", ""));
	}
      else
	{
1088
	  if (info.type)
1089
	    {
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
	      CAST_SUBTYPE(channel_open, o,
			   ALIST_GET(connection->table->channel_types,
				     info.type));
	      open = o;
	    }

	  if (!open)
	    open = connection->table->open_fallback;
	  
	  if (!open)
	    {
	      C_WRITE(connection,
		      format_open_failure(info.remote_channel_number,
					  SSH_OPEN_UNKNOWN_CHANNEL_TYPE,
					  "Unknown channel type", ""));
	    }
	  else
	    {
	      int local_number = alloc_channel(connection->table);

	      if (local_number < 0)
		C_WRITE(connection,
			format_open_failure(info.remote_channel_number,
					    SSH_OPEN_RESOURCE_SHORTAGE,
					    "Channel limit exceeded.", ""));

	      CHANNEL_OPEN(open, connection,
			   &info,
			   &buffer,
			   make_channel_open_continuation(connection,
							  local_number,
							  info.remote_channel_number,
							  info.send_window_size,
							  info.send_max_packet),
			   make_exc_channel_open_handler(connection,
							 local_number,
							 info.remote_channel_number,
							 connection->e,
							 HANDLER_CONTEXT));

1130
	    }
Niels Möller's avatar
Niels Möller committed
1131
	}
Niels Möller's avatar
Niels Möller committed
1132
    }
Niels Möller's avatar
Niels Möller committed
1133
  else
1134
    PROTOCOL_ERROR(connection->e, "Invalid SSH_MSG_CHANNEL_OPEN message.");
Niels Möller's avatar
Niels Möller committed
1135
1136
}     

1137
1138
DEFINE_PACKET_HANDLER(static, window_adjust_handler,
		      connection, packet)
Niels Möller's avatar
Niels Möller committed
1139
1140
{
  struct simple_buffer buffer;
1141
  unsigned msg_number;
1142
1143
  uint32_t channel_number;
  uint32_t size;
Niels Möller's avatar
Niels Möller committed
1144
1145
1146
1147
1148

  simple_buffer_init(&buffer, packet->length, packet->data);

  if (parse_uint8(&buffer, &msg_number)
      && (msg_number == SSH_MSG_CHANNEL_WINDOW_ADJUST)
1149
      && parse_uint32(&buffer, &channel_number)
Niels Möller's avatar
Niels Möller committed
1150
1151
1152
      && parse_uint32(&buffer, &size)
      && parse_eod(&buffer))
    {