Blame - mux.c - platform/external/openssh

blob: cdc01bd4fff5f3a19798f0b89b5abd4c49a28e93 [file] [log] [blame]

djm@openbsd.org	ca430d4	2015-05-01 04:03:20 +0000	[diff] [blame]	1	/* $OpenBSD: mux.c,v 1.53 2015/05/01 04:03:20 djm Exp $ */
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2	/*
				3	* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
				4	*
				5	* Permission to use, copy, modify, and distribute this software for any
				6	* purpose with or without fee is hereby granted, provided that the above
				7	* copyright notice and this permission notice appear in all copies.
				8	*
				9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
				10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
				11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
				12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
				13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
				14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
				15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
				16	*/
				17
				18	/* ssh session multiplexing support */
				19
Darren Tucker	2fb66ca	2008-06-13 04:49:33 +1000	[diff] [blame]	20	/*
				21	* TODO:
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	22	* - Better signalling from master to slave, especially passing of
Darren Tucker	2fb66ca	2008-06-13 04:49:33 +1000	[diff] [blame]	23	* error messages
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	24	* - Better fall-back from mux slave error to new connection.
				25	* - ExitOnForwardingFailure
				26	* - Maybe extension mechanisms for multi-X11/multi-agent forwarding
				27	* - Support ~^Z in mux slaves.
				28	* - Inspect or control sessions in master.
				29	* - If we ever support the "signal" channel request, send signals on
				30	* sessions in master.
Darren Tucker	2fb66ca	2008-06-13 04:49:33 +1000	[diff] [blame]	31	*/
				32
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	33	#include "includes.h"
				34
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	35	#include <sys/types.h>
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	36	#include <sys/stat.h>
				37	#include <sys/socket.h>
				38	#include <sys/un.h>
				39
				40	#include <errno.h>
				41	#include <fcntl.h>
				42	#include <signal.h>
				43	#include <stdarg.h>
				44	#include <stddef.h>
				45	#include <stdlib.h>
				46	#include <stdio.h>
				47	#include <string.h>
				48	#include <unistd.h>
Darren Tucker	ce38d82	2008-06-07 06:25:15 +1000	[diff] [blame]	49	#ifdef HAVE_PATHS_H
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	50	#include <paths.h>
Darren Tucker	ce38d82	2008-06-07 06:25:15 +1000	[diff] [blame]	51	#endif
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	52
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	53	#ifdef HAVE_POLL_H
				54	#include <poll.h>
				55	#else
				56	# ifdef HAVE_SYS_POLL_H
				57	# include <sys/poll.h>
				58	# endif
				59	#endif
				60
Damien Miller	a7058ec	2008-05-20 08:57:06 +1000	[diff] [blame]	61	#ifdef HAVE_UTIL_H
				62	# include <util.h>
				63	#endif
				64
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	65	#include "openbsd-compat/sys-queue.h"
				66	#include "xmalloc.h"
				67	#include "log.h"
				68	#include "ssh.h"
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	69	#include "ssh2.h"
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	70	#include "pathnames.h"
				71	#include "misc.h"
				72	#include "match.h"
				73	#include "buffer.h"
				74	#include "channels.h"
				75	#include "msg.h"
				76	#include "packet.h"
				77	#include "monitor_fdpass.h"
				78	#include "sshpty.h"
				79	#include "key.h"
				80	#include "readconf.h"
				81	#include "clientloop.h"
				82
				83	/* from ssh.c */
				84	extern int tty_flag;
				85	extern Options options;
				86	extern int stdin_null_flag;
				87	extern char *host;
Darren Tucker	8ec4fd8	2009-10-07 08:39:57 +1100	[diff] [blame]	88	extern int subsystem_flag;
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	89	extern Buffer command;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	90	extern volatile sig_atomic_t quit_pending;
				91	extern char *stdio_forward_host;
				92	extern int stdio_forward_port;
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	93
Darren Tucker	2fb66ca	2008-06-13 04:49:33 +1000	[diff] [blame]	94	/* Context for session open confirmation callback */
				95	struct mux_session_confirm_ctx {
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	96	u_int want_tty;
				97	u_int want_subsys;
				98	u_int want_x_fwd;
				99	u_int want_agent_fwd;
Darren Tucker	2fb66ca	2008-06-13 04:49:33 +1000	[diff] [blame]	100	Buffer cmd;
				101	char *term;
				102	struct termios tio;
				103	char **env;
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	104	u_int rid;
Darren Tucker	2fb66ca	2008-06-13 04:49:33 +1000	[diff] [blame]	105	};
				106
Damien Miller	357610d	2014-07-18 15:04:10 +1000	[diff] [blame]	107	/* Context for stdio fwd open confirmation callback */
				108	struct mux_stdio_confirm_ctx {
				109	u_int rid;
				110	};
				111
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	112	/* Context for global channel callback */
				113	struct mux_channel_confirm_ctx {
				114	u_int cid; /* channel id */
				115	u_int rid; /* request id */
				116	int fid; /* forward id */
				117	};
				118
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	119	/* fd to control socket */
				120	int muxserver_sock = -1;
				121
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	122	/* client request id */
				123	u_int muxclient_request_id = 0;
				124
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	125	/* Multiplexing control command */
				126	u_int muxclient_command = 0;
				127
				128	/* Set when signalled. */
				129	static volatile sig_atomic_t muxclient_terminate = 0;
				130
				131	/* PID of multiplex server */
				132	static u_int muxserver_pid = 0;
				133
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	134	static Channel *mux_listener_channel = NULL;
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	135
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	136	struct mux_master_state {
				137	int hello_rcvd;
				138	};
				139
				140	/* mux protocol messages */
				141	#define MUX_MSG_HELLO 0x00000001
				142	#define MUX_C_NEW_SESSION 0x10000002
				143	#define MUX_C_ALIVE_CHECK 0x10000004
				144	#define MUX_C_TERMINATE 0x10000005
				145	#define MUX_C_OPEN_FWD 0x10000006
				146	#define MUX_C_CLOSE_FWD 0x10000007
				147	#define MUX_C_NEW_STDIO_FWD 0x10000008
Damien Miller	6c3eec7	2011-05-05 14:16:22 +1000	[diff] [blame]	148	#define MUX_C_STOP_LISTENING 0x10000009
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	149	#define MUX_S_OK 0x80000001
				150	#define MUX_S_PERMISSION_DENIED 0x80000002
				151	#define MUX_S_FAILURE 0x80000003
				152	#define MUX_S_EXIT_MESSAGE 0x80000004
				153	#define MUX_S_ALIVE 0x80000005
				154	#define MUX_S_SESSION_OPENED 0x80000006
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	155	#define MUX_S_REMOTE_PORT 0x80000007
Damien Miller	555f3b8	2011-05-15 08:48:05 +1000	[diff] [blame]	156	#define MUX_S_TTY_ALLOC_FAIL 0x80000008
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	157
				158	/* type codes for MUX_C_OPEN_FWD and MUX_C_CLOSE_FWD */
				159	#define MUX_FWD_LOCAL 1
				160	#define MUX_FWD_REMOTE 2
				161	#define MUX_FWD_DYNAMIC 3
				162
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	163	static void mux_session_confirm(int, int, void *);
Damien Miller	357610d	2014-07-18 15:04:10 +1000	[diff] [blame]	164	static void mux_stdio_confirm(int, int, void *);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	165
				166	static int process_mux_master_hello(u_int, Channel , Buffer , Buffer *);
				167	static int process_mux_new_session(u_int, Channel , Buffer , Buffer *);
				168	static int process_mux_alive_check(u_int, Channel , Buffer , Buffer *);
				169	static int process_mux_terminate(u_int, Channel , Buffer , Buffer *);
				170	static int process_mux_open_fwd(u_int, Channel , Buffer , Buffer *);
				171	static int process_mux_close_fwd(u_int, Channel , Buffer , Buffer *);
				172	static int process_mux_stdio_fwd(u_int, Channel , Buffer , Buffer *);
Damien Miller	6c3eec7	2011-05-05 14:16:22 +1000	[diff] [blame]	173	static int process_mux_stop_listening(u_int, Channel , Buffer , Buffer *);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	174
				175	static const struct {
				176	u_int type;
				177	int (handler)(u_int, Channel , Buffer , Buffer );
				178	} mux_master_handlers[] = {
				179	{ MUX_MSG_HELLO, process_mux_master_hello },
				180	{ MUX_C_NEW_SESSION, process_mux_new_session },
				181	{ MUX_C_ALIVE_CHECK, process_mux_alive_check },
				182	{ MUX_C_TERMINATE, process_mux_terminate },
				183	{ MUX_C_OPEN_FWD, process_mux_open_fwd },
				184	{ MUX_C_CLOSE_FWD, process_mux_close_fwd },
				185	{ MUX_C_NEW_STDIO_FWD, process_mux_stdio_fwd },
Damien Miller	6c3eec7	2011-05-05 14:16:22 +1000	[diff] [blame]	186	{ MUX_C_STOP_LISTENING, process_mux_stop_listening },
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	187	{ 0, NULL }
				188	};
				189
				190	/* Cleanup callback fired on closure of mux slave _session_ channel */
				191	/* ARGSUSED */
Darren Tucker	ea8342c	2013-06-06 08:11:40 +1000	[diff] [blame]	192	static void
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	193	mux_master_session_cleanup_cb(int cid, void *unused)
				194	{
				195	Channel cc, c = channel_by_id(cid);
				196
				197	debug3("%s: entering for channel %d", __func__, cid);
				198	if (c == NULL)
				199	fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
				200	if (c->ctl_chan != -1) {
				201	if ((cc = channel_by_id(c->ctl_chan)) == NULL)
				202	fatal("%s: channel %d missing control channel %d",
				203	__func__, c->self, c->ctl_chan);
				204	c->ctl_chan = -1;
				205	cc->remote_id = -1;
				206	chan_rcvd_oclose(cc);
				207	}
				208	channel_cancel_cleanup(c->self);
				209	}
				210
				211	/* Cleanup callback fired on closure of mux slave _control_ channel */
				212	/* ARGSUSED */
				213	static void
				214	mux_master_control_cleanup_cb(int cid, void *unused)
				215	{
				216	Channel sc, c = channel_by_id(cid);
				217
				218	debug3("%s: entering for channel %d", __func__, cid);
				219	if (c == NULL)
				220	fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
				221	if (c->remote_id != -1) {
				222	if ((sc = channel_by_id(c->remote_id)) == NULL)
Damien Miller	601a23c	2010-04-16 15:54:01 +1000	[diff] [blame]	223	fatal("%s: channel %d missing session channel %d",
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	224	__func__, c->self, c->remote_id);
				225	c->remote_id = -1;
				226	sc->ctl_chan = -1;
Damien Miller	172859c	2013-04-23 15:19:27 +1000	[diff] [blame]	227	if (sc->type != SSH_CHANNEL_OPEN &&
				228	sc->type != SSH_CHANNEL_OPENING) {
Damien Miller	a21cdfa	2010-01-28 06:26:59 +1100	[diff] [blame]	229	debug2("%s: channel %d: not open", __func__, sc->self);
Damien Miller	133d9d3	2010-01-30 17:30:04 +1100	[diff] [blame]	230	chan_mark_dead(sc);
Damien Miller	a21cdfa	2010-01-28 06:26:59 +1100	[diff] [blame]	231	} else {
Damien Miller	0dac03f	2010-01-30 17:36:33 +1100	[diff] [blame]	232	if (sc->istate == CHAN_INPUT_OPEN)
				233	chan_read_failed(sc);
				234	if (sc->ostate == CHAN_OUTPUT_OPEN)
				235	chan_write_failed(sc);
Damien Miller	a21cdfa	2010-01-28 06:26:59 +1100	[diff] [blame]	236	}
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	237	}
				238	channel_cancel_cleanup(c->self);
				239	}
				240
				241	/* Check mux client environment variables before passing them to mux master. */
				242	static int
				243	env_permitted(char *env)
				244	{
				245	int i, ret;
				246	char name[1024], *cp;
				247
				248	if ((cp = strchr(env, '=')) == NULL \|\| cp == env)
				249	return 0;
				250	ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
				251	if (ret <= 0 \|\| (size_t)ret >= sizeof(name)) {
				252	error("env_permitted: name '%.100s...' too long", env);
				253	return 0;
				254	}
				255
				256	for (i = 0; i < options.num_send_env; i++)
				257	if (match_pattern(name, options.send_env[i]))
				258	return 1;
				259
				260	return 0;
				261	}
				262
				263	/* Mux master protocol message handlers */
				264
				265	static int
				266	process_mux_master_hello(u_int rid, Channel c, Buffer m, Buffer *r)
				267	{
				268	u_int ver;
				269	struct mux_master_state state = (struct mux_master_state )c->mux_ctx;
				270
				271	if (state == NULL)
				272	fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self);
				273	if (state->hello_rcvd) {
				274	error("%s: HELLO received twice", __func__);
				275	return -1;
				276	}
				277	if (buffer_get_int_ret(&ver, m) != 0) {
				278	malf:
				279	error("%s: malformed message", __func__);
				280	return -1;
				281	}
				282	if (ver != SSHMUX_VER) {
				283	error("Unsupported multiplexing protocol version %d "
				284	"(expected %d)", ver, SSHMUX_VER);
				285	return -1;
				286	}
				287	debug2("%s: channel %d slave version %u", __func__, c->self, ver);
				288
				289	/* No extensions are presently defined */
				290	while (buffer_len(m) > 0) {
				291	char *name = buffer_get_string_ret(m, NULL);
				292	char *value = buffer_get_string_ret(m, NULL);
				293
				294	if (name == NULL \|\| value == NULL) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	295	free(name);
Darren Tucker	746e906	2013-06-06 08:20:13 +1000	[diff] [blame]	296	free(value);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	297	goto malf;
				298	}
				299	debug2("Unrecognised slave extension \"%s\"", name);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	300	free(name);
				301	free(value);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	302	}
				303	state->hello_rcvd = 1;
				304	return 0;
				305	}
				306
				307	static int
				308	process_mux_new_session(u_int rid, Channel c, Buffer m, Buffer *r)
				309	{
				310	Channel *nc;
				311	struct mux_session_confirm_ctx *cctx;
				312	char reserved, cmd, *cp;
				313	u_int i, j, len, env_len, escape_char, window, packetmax;
				314	int new_fd[3];
				315
				316	/* Reply for SSHMUX_COMMAND_OPEN */
				317	cctx = xcalloc(1, sizeof(*cctx));
				318	cctx->term = NULL;
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	319	cctx->rid = rid;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	320	cmd = reserved = NULL;
Damien Miller	ab523b0	2012-07-06 13:44:43 +1000	[diff] [blame]	321	cctx->env = NULL;
				322	env_len = 0;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	323	if ((reserved = buffer_get_string_ret(m, NULL)) == NULL \|\|
				324	buffer_get_int_ret(&cctx->want_tty, m) != 0 \|\|
				325	buffer_get_int_ret(&cctx->want_x_fwd, m) != 0 \|\|
				326	buffer_get_int_ret(&cctx->want_agent_fwd, m) != 0 \|\|
				327	buffer_get_int_ret(&cctx->want_subsys, m) != 0 \|\|
				328	buffer_get_int_ret(&escape_char, m) != 0 \|\|
				329	(cctx->term = buffer_get_string_ret(m, &len)) == NULL \|\|
				330	(cmd = buffer_get_string_ret(m, &len)) == NULL) {
				331	malf:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	332	free(cmd);
				333	free(reserved);
Damien Miller	ab523b0	2012-07-06 13:44:43 +1000	[diff] [blame]	334	for (j = 0; j < env_len; j++)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	335	free(cctx->env[j]);
				336	free(cctx->env);
				337	free(cctx->term);
				338	free(cctx);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	339	error("%s: malformed message", __func__);
				340	return -1;
				341	}
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	342	free(reserved);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	343	reserved = NULL;
				344
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	345	while (buffer_len(m) > 0) {
				346	#define MUX_MAX_ENV_VARS 4096
Damien Miller	2ec0342	2012-02-11 08:16:28 +1100	[diff] [blame]	347	if ((cp = buffer_get_string_ret(m, &len)) == NULL)
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	348	goto malf;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	349	if (!env_permitted(cp)) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	350	free(cp);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	351	continue;
				352	}
deraadt@openbsd.org	657a5fb	2015-04-24 01:36:00 +0000	[diff] [blame]	353	cctx->env = xreallocarray(cctx->env, env_len + 2,
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	354	sizeof(*cctx->env));
				355	cctx->env[env_len++] = cp;
				356	cctx->env[env_len] = NULL;
				357	if (env_len > MUX_MAX_ENV_VARS) {
				358	error(">%d environment variables received, ignoring "
				359	"additional", MUX_MAX_ENV_VARS);
				360	break;
				361	}
				362	}
				363
				364	debug2("%s: channel %d: request tty %d, X %d, agent %d, subsys %d, "
				365	"term \"%s\", cmd \"%s\", env %u", __func__, c->self,
				366	cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd,
				367	cctx->want_subsys, cctx->term, cmd, env_len);
				368
				369	buffer_init(&cctx->cmd);
				370	buffer_append(&cctx->cmd, cmd, strlen(cmd));
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	371	free(cmd);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	372	cmd = NULL;
				373
				374	/* Gather fds from client */
				375	for(i = 0; i < 3; i++) {
				376	if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
				377	error("%s: failed to receive fd %d from slave",
				378	__func__, i);
				379	for (j = 0; j < i; j++)
				380	close(new_fd[j]);
				381	for (j = 0; j < env_len; j++)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	382	free(cctx->env[j]);
				383	free(cctx->env);
				384	free(cctx->term);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	385	buffer_free(&cctx->cmd);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	386	free(cctx);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	387
				388	/* prepare reply */
				389	buffer_put_int(r, MUX_S_FAILURE);
				390	buffer_put_int(r, rid);
				391	buffer_put_cstring(r,
				392	"did not receive file descriptors");
				393	return -1;
				394	}
				395	}
				396
				397	debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
				398	new_fd[0], new_fd[1], new_fd[2]);
				399
				400	/* XXX support multiple child sessions in future */
				401	if (c->remote_id != -1) {
				402	debug2("%s: session already open", __func__);
				403	/* prepare reply */
				404	buffer_put_int(r, MUX_S_FAILURE);
				405	buffer_put_int(r, rid);
				406	buffer_put_cstring(r, "Multiple sessions not supported");
				407	cleanup:
				408	close(new_fd[0]);
				409	close(new_fd[1]);
				410	close(new_fd[2]);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	411	free(cctx->term);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	412	if (env_len != 0) {
				413	for (i = 0; i < env_len; i++)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	414	free(cctx->env[i]);
				415	free(cctx->env);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	416	}
				417	buffer_free(&cctx->cmd);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	418	free(cctx);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	419	return 0;
				420	}
				421
				422	if (options.control_master == SSHCTL_MASTER_ASK \|\|
				423	options.control_master == SSHCTL_MASTER_AUTO_ASK) {
				424	if (!ask_permission("Allow shared connection to %s? ", host)) {
				425	debug2("%s: session refused by user", __func__);
				426	/* prepare reply */
				427	buffer_put_int(r, MUX_S_PERMISSION_DENIED);
				428	buffer_put_int(r, rid);
				429	buffer_put_cstring(r, "Permission denied");
				430	goto cleanup;
				431	}
				432	}
				433
				434	/* Try to pick up ttymodes from client before it goes raw */
				435	if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
				436	error("%s: tcgetattr: %s", __func__, strerror(errno));
				437
				438	/* enable nonblocking unless tty */
				439	if (!isatty(new_fd[0]))
				440	set_nonblock(new_fd[0]);
				441	if (!isatty(new_fd[1]))
				442	set_nonblock(new_fd[1]);
				443	if (!isatty(new_fd[2]))
				444	set_nonblock(new_fd[2]);
				445
				446	window = CHAN_SES_WINDOW_DEFAULT;
				447	packetmax = CHAN_SES_PACKET_DEFAULT;
				448	if (cctx->want_tty) {
				449	window >>= 1;
				450	packetmax >>= 1;
				451	}
				452
				453	nc = channel_new("session", SSH_CHANNEL_OPENING,
				454	new_fd[0], new_fd[1], new_fd[2], window, packetmax,
				455	CHAN_EXTENDED_WRITE, "client-session", /nonblock/0);
				456
				457	nc->ctl_chan = c->self; /* link session -> control channel */
				458	c->remote_id = nc->self; /* link control -> session channel */
				459
				460	if (cctx->want_tty && escape_char != 0xffffffff) {
				461	channel_register_filter(nc->self,
				462	client_simple_escape_filter, NULL,
				463	client_filter_cleanup,
				464	client_new_escape_filter_ctx((int)escape_char));
				465	}
				466
				467	debug2("%s: channel_new: %d linked to control channel %d",
				468	__func__, nc->self, nc->ctl_chan);
				469
				470	channel_send_open(nc->self);
				471	channel_register_open_confirm(nc->self, mux_session_confirm, cctx);
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	472	c->mux_pause = 1; /* stop handling messages until open_confirm done */
Damien Miller	85c50d7	2010-05-10 11:53:02 +1000	[diff] [blame]	473	channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	474
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	475	/* reply is deferred, sent by mux_session_confirm */
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	476	return 0;
				477	}
				478
				479	static int
				480	process_mux_alive_check(u_int rid, Channel c, Buffer m, Buffer *r)
				481	{
				482	debug2("%s: channel %d: alive check", __func__, c->self);
				483
				484	/* prepare reply */
				485	buffer_put_int(r, MUX_S_ALIVE);
				486	buffer_put_int(r, rid);
				487	buffer_put_int(r, (u_int)getpid());
				488
				489	return 0;
				490	}
				491
				492	static int
				493	process_mux_terminate(u_int rid, Channel c, Buffer m, Buffer *r)
				494	{
				495	debug2("%s: channel %d: terminate request", __func__, c->self);
				496
				497	if (options.control_master == SSHCTL_MASTER_ASK \|\|
				498	options.control_master == SSHCTL_MASTER_AUTO_ASK) {
				499	if (!ask_permission("Terminate shared connection to %s? ",
				500	host)) {
				501	debug2("%s: termination refused by user", __func__);
				502	buffer_put_int(r, MUX_S_PERMISSION_DENIED);
				503	buffer_put_int(r, rid);
				504	buffer_put_cstring(r, "Permission denied");
				505	return 0;
				506	}
				507	}
				508
				509	quit_pending = 1;
				510	buffer_put_int(r, MUX_S_OK);
				511	buffer_put_int(r, rid);
				512	/* XXX exit happens too soon - message never makes it to client */
				513	return 0;
				514	}
				515
				516	static char *
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	517	format_forward(u_int ftype, struct Forward *fwd)
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	518	{
				519	char *ret;
				520
				521	switch (ftype) {
				522	case MUX_FWD_LOCAL:
				523	xasprintf(&ret, "local forward %.200s:%d -> %.200s:%d",
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	524	(fwd->listen_path != NULL) ? fwd->listen_path :
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	525	(fwd->listen_host == NULL) ?
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	526	(options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	527	fwd->listen_host, fwd->listen_port,
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	528	(fwd->connect_path != NULL) ? fwd->connect_path :
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	529	fwd->connect_host, fwd->connect_port);
				530	break;
				531	case MUX_FWD_DYNAMIC:
				532	xasprintf(&ret, "dynamic forward %.200s:%d -> *",
				533	(fwd->listen_host == NULL) ?
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	534	(options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	535	fwd->listen_host, fwd->listen_port);
				536	break;
				537	case MUX_FWD_REMOTE:
				538	xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d",
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	539	(fwd->listen_path != NULL) ? fwd->listen_path :
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	540	(fwd->listen_host == NULL) ?
				541	"LOCALHOST" : fwd->listen_host,
				542	fwd->listen_port,
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	543	(fwd->connect_path != NULL) ? fwd->connect_path :
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	544	fwd->connect_host, fwd->connect_port);
				545	break;
				546	default:
				547	fatal("%s: unknown forward type %u", __func__, ftype);
				548	}
				549	return ret;
				550	}
				551
				552	static int
				553	compare_host(const char a, const char b)
				554	{
				555	if (a == NULL && b == NULL)
				556	return 1;
				557	if (a == NULL \|\| b == NULL)
				558	return 0;
				559	return strcmp(a, b) == 0;
				560	}
				561
				562	static int
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	563	compare_forward(struct Forward a, struct Forward b)
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	564	{
				565	if (!compare_host(a->listen_host, b->listen_host))
				566	return 0;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	567	if (!compare_host(a->listen_path, b->listen_path))
				568	return 0;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	569	if (a->listen_port != b->listen_port)
				570	return 0;
				571	if (!compare_host(a->connect_host, b->connect_host))
				572	return 0;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	573	if (!compare_host(a->connect_path, b->connect_path))
				574	return 0;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	575	if (a->connect_port != b->connect_port)
				576	return 0;
				577
				578	return 1;
				579	}
				580
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	581	static void
				582	mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
				583	{
				584	struct mux_channel_confirm_ctx *fctx = ctxt;
				585	char *failmsg = NULL;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	586	struct Forward *rfwd;
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	587	Channel *c;
				588	Buffer out;
				589
				590	if ((c = channel_by_id(fctx->cid)) == NULL) {
				591	/* no channel for reply */
				592	error("%s: unknown channel", __func__);
				593	return;
				594	}
				595	buffer_init(&out);
djm@openbsd.org	ca430d4	2015-05-01 04:03:20 +0000	[diff] [blame]	596	if (fctx->fid >= options.num_remote_forwards \|\|
				597	(options.remote_forwards[fctx->fid].connect_path == NULL &&
				598	options.remote_forwards[fctx->fid].connect_host == NULL)) {
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	599	xasprintf(&failmsg, "unknown forwarding id %d", fctx->fid);
				600	goto fail;
				601	}
				602	rfwd = &options.remote_forwards[fctx->fid];
				603	debug("%s: %s for: listen %d, connect %s:%d", __func__,
				604	type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	605	rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path :
				606	rfwd->connect_host, rfwd->connect_port);
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	607	if (type == SSH2_MSG_REQUEST_SUCCESS) {
				608	if (rfwd->listen_port == 0) {
				609	rfwd->allocated_port = packet_get_int();
djm@openbsd.org	8312cfb	2015-05-01 04:01:58 +0000	[diff] [blame]	610	debug("Allocated port %u for mux remote forward"
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	611	" to %s:%d", rfwd->allocated_port,
				612	rfwd->connect_host, rfwd->connect_port);
				613	buffer_put_int(&out, MUX_S_REMOTE_PORT);
				614	buffer_put_int(&out, fctx->rid);
				615	buffer_put_int(&out, rfwd->allocated_port);
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	616	channel_update_permitted_opens(rfwd->handle,
				617	rfwd->allocated_port);
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	618	} else {
				619	buffer_put_int(&out, MUX_S_OK);
				620	buffer_put_int(&out, fctx->rid);
				621	}
				622	goto out;
				623	} else {
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	624	if (rfwd->listen_port == 0)
				625	channel_update_permitted_opens(rfwd->handle, -1);
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	626	if (rfwd->listen_path != NULL)
				627	xasprintf(&failmsg, "remote port forwarding failed for "
				628	"listen path %s", rfwd->listen_path);
				629	else
				630	xasprintf(&failmsg, "remote port forwarding failed for "
				631	"listen port %d", rfwd->listen_port);
djm@openbsd.org	ca430d4	2015-05-01 04:03:20 +0000	[diff] [blame]	632
				633	debug2("%s: clearing registered forwarding for listen %d, "
				634	"connect %s:%d", __func__, rfwd->listen_port,
				635	rfwd->connect_path ? rfwd->connect_path :
				636	rfwd->connect_host, rfwd->connect_port);
				637
				638	free(rfwd->listen_host);
				639	free(rfwd->listen_path);
				640	free(rfwd->connect_host);
				641	free(rfwd->connect_path);
				642	memset(rfwd, 0, sizeof(*rfwd));
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	643	}
				644	fail:
				645	error("%s: %s", __func__, failmsg);
				646	buffer_put_int(&out, MUX_S_FAILURE);
				647	buffer_put_int(&out, fctx->rid);
				648	buffer_put_cstring(&out, failmsg);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	649	free(failmsg);
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	650	out:
				651	buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out));
				652	buffer_free(&out);
				653	if (c->mux_pause <= 0)
				654	fatal("%s: mux_pause %d", __func__, c->mux_pause);
				655	c->mux_pause = 0; /* start processing messages again */
				656	}
				657
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	658	static int
				659	process_mux_open_fwd(u_int rid, Channel c, Buffer m, Buffer *r)
				660	{
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	661	struct Forward fwd;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	662	char *fwd_desc = NULL;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	663	char listen_addr, connect_addr;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	664	u_int ftype;
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	665	u_int lport, cport;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	666	int i, ret = 0, freefwd = 1;
				667
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	668	/* XXX - lport/cport check redundant */
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	669	if (buffer_get_int_ret(&ftype, m) != 0 \|\|
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	670	(listen_addr = buffer_get_string_ret(m, NULL)) == NULL \|\|
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	671	buffer_get_int_ret(&lport, m) != 0 \|\|
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	672	(connect_addr = buffer_get_string_ret(m, NULL)) == NULL \|\|
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	673	buffer_get_int_ret(&cport, m) != 0 \|\|
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	674	(lport != (u_int)PORT_STREAMLOCAL && lport > 65535) \|\|
				675	(cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	676	error("%s: malformed message", __func__);
				677	ret = -1;
				678	goto out;
				679	}
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	680	if (*listen_addr == '\0') {
				681	free(listen_addr);
				682	listen_addr = NULL;
				683	}
				684	if (*connect_addr == '\0') {
				685	free(connect_addr);
				686	connect_addr = NULL;
				687	}
				688
				689	memset(&fwd, 0, sizeof(fwd));
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	690	fwd.listen_port = lport;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	691	if (fwd.listen_port == PORT_STREAMLOCAL)
				692	fwd.listen_path = listen_addr;
				693	else
				694	fwd.listen_host = listen_addr;
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	695	fwd.connect_port = cport;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	696	if (fwd.connect_port == PORT_STREAMLOCAL)
				697	fwd.connect_path = connect_addr;
				698	else
				699	fwd.connect_host = connect_addr;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	700
				701	debug2("%s: channel %d: request %s", __func__, c->self,
				702	(fwd_desc = format_forward(ftype, &fwd)));
				703
				704	if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE &&
				705	ftype != MUX_FWD_DYNAMIC) {
				706	logit("%s: invalid forwarding type %u", __func__, ftype);
				707	invalid:
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	708	free(listen_addr);
				709	free(connect_addr);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	710	buffer_put_int(r, MUX_S_FAILURE);
				711	buffer_put_int(r, rid);
				712	buffer_put_cstring(r, "Invalid forwarding request");
				713	return 0;
				714	}
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	715	if (ftype == MUX_FWD_DYNAMIC && fwd.listen_path) {
				716	logit("%s: streamlocal and dynamic forwards "
				717	"are mutually exclusive", __func__);
				718	goto invalid;
				719	}
				720	if (fwd.listen_port != PORT_STREAMLOCAL && fwd.listen_port >= 65536) {
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	721	logit("%s: invalid listen port %u", __func__,
				722	fwd.listen_port);
				723	goto invalid;
				724	}
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	725	if ((fwd.connect_port != PORT_STREAMLOCAL && fwd.connect_port >= 65536)
				726	\|\| (ftype != MUX_FWD_DYNAMIC && ftype != MUX_FWD_REMOTE && fwd.connect_port == 0)) {
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	727	logit("%s: invalid connect port %u", __func__,
				728	fwd.connect_port);
				729	goto invalid;
				730	}
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	731	if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL && fwd.connect_path == NULL) {
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	732	logit("%s: missing connect host", __func__);
				733	goto invalid;
				734	}
				735
				736	/* Skip forwards that have already been requested */
				737	switch (ftype) {
				738	case MUX_FWD_LOCAL:
				739	case MUX_FWD_DYNAMIC:
				740	for (i = 0; i < options.num_local_forwards; i++) {
				741	if (compare_forward(&fwd,
				742	options.local_forwards + i)) {
				743	exists:
				744	debug2("%s: found existing forwarding",
				745	__func__);
				746	buffer_put_int(r, MUX_S_OK);
				747	buffer_put_int(r, rid);
				748	goto out;
				749	}
				750	}
				751	break;
				752	case MUX_FWD_REMOTE:
				753	for (i = 0; i < options.num_remote_forwards; i++) {
				754	if (compare_forward(&fwd,
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	755	options.remote_forwards + i)) {
				756	if (fwd.listen_port != 0)
				757	goto exists;
				758	debug2("%s: found allocated port",
				759	__func__);
				760	buffer_put_int(r, MUX_S_REMOTE_PORT);
				761	buffer_put_int(r, rid);
				762	buffer_put_int(r,
				763	options.remote_forwards[i].allocated_port);
				764	goto out;
				765	}
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	766	}
				767	break;
				768	}
				769
				770	if (options.control_master == SSHCTL_MASTER_ASK \|\|
				771	options.control_master == SSHCTL_MASTER_AUTO_ASK) {
				772	if (!ask_permission("Open %s on %s?", fwd_desc, host)) {
				773	debug2("%s: forwarding refused by user", __func__);
				774	buffer_put_int(r, MUX_S_PERMISSION_DENIED);
				775	buffer_put_int(r, rid);
				776	buffer_put_cstring(r, "Permission denied");
				777	goto out;
				778	}
				779	}
				780
				781	if (ftype == MUX_FWD_LOCAL \|\| ftype == MUX_FWD_DYNAMIC) {
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	782	if (!channel_setup_local_fwd_listener(&fwd,
				783	&options.fwd_opts)) {
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	784	fail:
				785	logit("slave-requested %s failed", fwd_desc);
				786	buffer_put_int(r, MUX_S_FAILURE);
				787	buffer_put_int(r, rid);
				788	buffer_put_cstring(r, "Port forwarding failed");
				789	goto out;
				790	}
				791	add_local_forward(&options, &fwd);
				792	freefwd = 0;
				793	} else {
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	794	struct mux_channel_confirm_ctx *fctx;
				795
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	796	fwd.handle = channel_request_remote_forwarding(&fwd);
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	797	if (fwd.handle < 0)
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	798	goto fail;
				799	add_remote_forward(&options, &fwd);
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	800	fctx = xcalloc(1, sizeof(*fctx));
				801	fctx->cid = c->self;
				802	fctx->rid = rid;
Damien Miller	232cfb1	2010-06-26 09:50:30 +1000	[diff] [blame]	803	fctx->fid = options.num_remote_forwards - 1;
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	804	client_register_global_confirm(mux_confirm_remote_forward,
				805	fctx);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	806	freefwd = 0;
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	807	c->mux_pause = 1; /* wait for mux_confirm_remote_forward */
				808	/* delayed reply in mux_confirm_remote_forward */
				809	goto out;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	810	}
				811	buffer_put_int(r, MUX_S_OK);
				812	buffer_put_int(r, rid);
				813	out:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	814	free(fwd_desc);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	815	if (freefwd) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	816	free(fwd.listen_host);
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	817	free(fwd.listen_path);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	818	free(fwd.connect_host);
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	819	free(fwd.connect_path);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	820	}
				821	return ret;
				822	}
				823
				824	static int
				825	process_mux_close_fwd(u_int rid, Channel c, Buffer m, Buffer *r)
				826	{
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	827	struct Forward fwd, *found_fwd;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	828	char *fwd_desc = NULL;
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	829	const char *error_reason = NULL;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	830	char listen_addr = NULL, connect_addr = NULL;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	831	u_int ftype;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	832	int i, ret = 0;
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	833	u_int lport, cport;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	834
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	835	if (buffer_get_int_ret(&ftype, m) != 0 \|\|
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	836	(listen_addr = buffer_get_string_ret(m, NULL)) == NULL \|\|
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	837	buffer_get_int_ret(&lport, m) != 0 \|\|
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	838	(connect_addr = buffer_get_string_ret(m, NULL)) == NULL \|\|
Damien Miller	ce98654	2013-07-18 16:12:44 +1000	[diff] [blame]	839	buffer_get_int_ret(&cport, m) != 0 \|\|
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	840	(lport != (u_int)PORT_STREAMLOCAL && lport > 65535) \|\|
				841	(cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	842	error("%s: malformed message", __func__);
				843	ret = -1;
				844	goto out;
				845	}
				846
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	847	if (*listen_addr == '\0') {
				848	free(listen_addr);
				849	listen_addr = NULL;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	850	}
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	851	if (*connect_addr == '\0') {
				852	free(connect_addr);
				853	connect_addr = NULL;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	854	}
				855
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	856	memset(&fwd, 0, sizeof(fwd));
				857	fwd.listen_port = lport;
				858	if (fwd.listen_port == PORT_STREAMLOCAL)
				859	fwd.listen_path = listen_addr;
				860	else
				861	fwd.listen_host = listen_addr;
				862	fwd.connect_port = cport;
				863	if (fwd.connect_port == PORT_STREAMLOCAL)
				864	fwd.connect_path = connect_addr;
				865	else
				866	fwd.connect_host = connect_addr;
				867
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	868	debug2("%s: channel %d: request cancel %s", __func__, c->self,
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	869	(fwd_desc = format_forward(ftype, &fwd)));
				870
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	871	/* make sure this has been requested */
				872	found_fwd = NULL;
				873	switch (ftype) {
				874	case MUX_FWD_LOCAL:
				875	case MUX_FWD_DYNAMIC:
				876	for (i = 0; i < options.num_local_forwards; i++) {
				877	if (compare_forward(&fwd,
				878	options.local_forwards + i)) {
				879	found_fwd = options.local_forwards + i;
				880	break;
				881	}
				882	}
				883	break;
				884	case MUX_FWD_REMOTE:
				885	for (i = 0; i < options.num_remote_forwards; i++) {
				886	if (compare_forward(&fwd,
				887	options.remote_forwards + i)) {
				888	found_fwd = options.remote_forwards + i;
				889	break;
				890	}
				891	}
				892	break;
				893	}
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	894
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	895	if (found_fwd == NULL)
				896	error_reason = "port not forwarded";
				897	else if (ftype == MUX_FWD_REMOTE) {
				898	/*
				899	* This shouldn't fail unless we confused the host/port
				900	* between options.remote_forwards and permitted_opens.
Darren Tucker	68afb8c	2011-10-02 18:59:03 +1100	[diff] [blame]	901	* However, for dynamic allocated listen ports we need
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	902	* to use the actual listen port.
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	903	*/
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	904	if (channel_request_rforward_cancel(found_fwd) == -1)
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	905	error_reason = "port not in permitted opens";
				906	} else { /* local and dynamic forwards */
				907	/* Ditto */
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	908	if (channel_cancel_lport_listener(&fwd, fwd.connect_port,
				909	&options.fwd_opts) == -1)
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	910	error_reason = "port not found";
				911	}
				912
				913	if (error_reason == NULL) {
				914	buffer_put_int(r, MUX_S_OK);
				915	buffer_put_int(r, rid);
				916
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	917	free(found_fwd->listen_host);
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	918	free(found_fwd->listen_path);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	919	free(found_fwd->connect_host);
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	920	free(found_fwd->connect_path);
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	921	found_fwd->listen_host = found_fwd->connect_host = NULL;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	922	found_fwd->listen_path = found_fwd->connect_path = NULL;
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	923	found_fwd->listen_port = found_fwd->connect_port = 0;
				924	} else {
				925	buffer_put_int(r, MUX_S_FAILURE);
				926	buffer_put_int(r, rid);
				927	buffer_put_cstring(r, error_reason);
				928	}
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	929	out:
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	930	free(fwd_desc);
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	931	free(listen_addr);
				932	free(connect_addr);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	933
				934	return ret;
				935	}
				936
				937	static int
				938	process_mux_stdio_fwd(u_int rid, Channel c, Buffer m, Buffer *r)
				939	{
				940	Channel *nc;
				941	char reserved, chost;
				942	u_int cport, i, j;
				943	int new_fd[2];
Damien Miller	357610d	2014-07-18 15:04:10 +1000	[diff] [blame]	944	struct mux_stdio_confirm_ctx *cctx;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	945
				946	chost = reserved = NULL;
				947	if ((reserved = buffer_get_string_ret(m, NULL)) == NULL \|\|
				948	(chost = buffer_get_string_ret(m, NULL)) == NULL \|\|
				949	buffer_get_int_ret(&cport, m) != 0) {
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	950	free(reserved);
				951	free(chost);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	952	error("%s: malformed message", __func__);
				953	return -1;
				954	}
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	955	free(reserved);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	956
				957	debug2("%s: channel %d: request stdio fwd to %s:%u",
				958	__func__, c->self, chost, cport);
				959
				960	/* Gather fds from client */
				961	for(i = 0; i < 2; i++) {
				962	if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
				963	error("%s: failed to receive fd %d from slave",
				964	__func__, i);
				965	for (j = 0; j < i; j++)
				966	close(new_fd[j]);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	967	free(chost);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	968
				969	/* prepare reply */
				970	buffer_put_int(r, MUX_S_FAILURE);
				971	buffer_put_int(r, rid);
				972	buffer_put_cstring(r,
				973	"did not receive file descriptors");
				974	return -1;
				975	}
				976	}
				977
				978	debug3("%s: got fds stdin %d, stdout %d", __func__,
				979	new_fd[0], new_fd[1]);
				980
				981	/* XXX support multiple child sessions in future */
				982	if (c->remote_id != -1) {
				983	debug2("%s: session already open", __func__);
				984	/* prepare reply */
				985	buffer_put_int(r, MUX_S_FAILURE);
				986	buffer_put_int(r, rid);
				987	buffer_put_cstring(r, "Multiple sessions not supported");
				988	cleanup:
				989	close(new_fd[0]);
				990	close(new_fd[1]);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	991	free(chost);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	992	return 0;
				993	}
				994
				995	if (options.control_master == SSHCTL_MASTER_ASK \|\|
				996	options.control_master == SSHCTL_MASTER_AUTO_ASK) {
Damien Miller	68512c0	2010-10-21 15:21:11 +1100	[diff] [blame]	997	if (!ask_permission("Allow forward to %s:%u? ",
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	998	chost, cport)) {
				999	debug2("%s: stdio fwd refused by user", __func__);
				1000	/* prepare reply */
				1001	buffer_put_int(r, MUX_S_PERMISSION_DENIED);
				1002	buffer_put_int(r, rid);
				1003	buffer_put_cstring(r, "Permission denied");
				1004	goto cleanup;
				1005	}
				1006	}
				1007
				1008	/* enable nonblocking unless tty */
				1009	if (!isatty(new_fd[0]))
				1010	set_nonblock(new_fd[0]);
				1011	if (!isatty(new_fd[1]))
				1012	set_nonblock(new_fd[1]);
				1013
				1014	nc = channel_connect_stdio_fwd(chost, cport, new_fd[0], new_fd[1]);
				1015
				1016	nc->ctl_chan = c->self; /* link session -> control channel */
				1017	c->remote_id = nc->self; /* link control -> session channel */
				1018
				1019	debug2("%s: channel_new: %d linked to control channel %d",
				1020	__func__, nc->self, nc->ctl_chan);
				1021
Damien Miller	85c50d7	2010-05-10 11:53:02 +1000	[diff] [blame]	1022	channel_register_cleanup(nc->self, mux_master_session_cleanup_cb, 1);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1023
Damien Miller	357610d	2014-07-18 15:04:10 +1000	[diff] [blame]	1024	cctx = xcalloc(1, sizeof(*cctx));
				1025	cctx->rid = rid;
				1026	channel_register_open_confirm(nc->self, mux_stdio_confirm, cctx);
				1027	c->mux_pause = 1; /* stop handling messages until open_confirm done */
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1028
Damien Miller	357610d	2014-07-18 15:04:10 +1000	[diff] [blame]	1029	/* reply is deferred, sent by mux_session_confirm */
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1030	return 0;
				1031	}
				1032
Damien Miller	357610d	2014-07-18 15:04:10 +1000	[diff] [blame]	1033	/* Callback on open confirmation in mux master for a mux stdio fwd session. */
				1034	static void
				1035	mux_stdio_confirm(int id, int success, void *arg)
				1036	{
				1037	struct mux_stdio_confirm_ctx *cctx = arg;
				1038	Channel c, cc;
				1039	Buffer reply;
				1040
				1041	if (cctx == NULL)
				1042	fatal("%s: cctx == NULL", __func__);
				1043	if ((c = channel_by_id(id)) == NULL)
				1044	fatal("%s: no channel for id %d", __func__, id);
				1045	if ((cc = channel_by_id(c->ctl_chan)) == NULL)
				1046	fatal("%s: channel %d lacks control channel %d", __func__,
				1047	id, c->ctl_chan);
				1048
				1049	if (!success) {
				1050	debug3("%s: sending failure reply", __func__);
				1051	/* prepare reply */
				1052	buffer_init(&reply);
				1053	buffer_put_int(&reply, MUX_S_FAILURE);
				1054	buffer_put_int(&reply, cctx->rid);
				1055	buffer_put_cstring(&reply, "Session open refused by peer");
				1056	goto done;
				1057	}
				1058
				1059	debug3("%s: sending success reply", __func__);
				1060	/* prepare reply */
				1061	buffer_init(&reply);
				1062	buffer_put_int(&reply, MUX_S_SESSION_OPENED);
				1063	buffer_put_int(&reply, cctx->rid);
				1064	buffer_put_int(&reply, c->self);
				1065
				1066	done:
				1067	/* Send reply */
				1068	buffer_put_string(&cc->output, buffer_ptr(&reply), buffer_len(&reply));
				1069	buffer_free(&reply);
				1070
				1071	if (cc->mux_pause <= 0)
				1072	fatal("%s: mux_pause %d", __func__, cc->mux_pause);
				1073	cc->mux_pause = 0; /* start processing messages again */
				1074	c->open_confirm_ctx = NULL;
				1075	free(cctx);
				1076	}
				1077
Damien Miller	6c3eec7	2011-05-05 14:16:22 +1000	[diff] [blame]	1078	static int
				1079	process_mux_stop_listening(u_int rid, Channel c, Buffer m, Buffer *r)
				1080	{
				1081	debug("%s: channel %d: stop listening", __func__, c->self);
				1082
				1083	if (options.control_master == SSHCTL_MASTER_ASK \|\|
				1084	options.control_master == SSHCTL_MASTER_AUTO_ASK) {
				1085	if (!ask_permission("Disable further multiplexing on shared "
				1086	"connection to %s? ", host)) {
				1087	debug2("%s: stop listen refused by user", __func__);
				1088	buffer_put_int(r, MUX_S_PERMISSION_DENIED);
				1089	buffer_put_int(r, rid);
				1090	buffer_put_cstring(r, "Permission denied");
				1091	return 0;
				1092	}
				1093	}
				1094
				1095	if (mux_listener_channel != NULL) {
				1096	channel_free(mux_listener_channel);
				1097	client_stop_mux();
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1098	free(options.control_path);
Damien Miller	6c3eec7	2011-05-05 14:16:22 +1000	[diff] [blame]	1099	options.control_path = NULL;
				1100	mux_listener_channel = NULL;
				1101	muxserver_sock = -1;
				1102	}
				1103
				1104	/* prepare reply */
				1105	buffer_put_int(r, MUX_S_OK);
				1106	buffer_put_int(r, rid);
				1107
				1108	return 0;
				1109	}
				1110
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1111	/* Channel callbacks fired on read/write from mux slave fd */
				1112	static int
				1113	mux_master_read_cb(Channel *c)
				1114	{
				1115	struct mux_master_state state = (struct mux_master_state )c->mux_ctx;
				1116	Buffer in, out;
Damien Miller	633de33	2014-05-15 13:48:26 +1000	[diff] [blame]	1117	const u_char *ptr;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1118	u_int type, rid, have, i;
				1119	int ret = -1;
				1120
				1121	/* Setup ctx and */
				1122	if (c->mux_ctx == NULL) {
Damien Miller	c094d1e	2010-06-26 09:36:34 +1000	[diff] [blame]	1123	state = xcalloc(1, sizeof(*state));
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1124	c->mux_ctx = state;
				1125	channel_register_cleanup(c->self,
				1126	mux_master_control_cleanup_cb, 0);
				1127
				1128	/* Send hello */
				1129	buffer_init(&out);
				1130	buffer_put_int(&out, MUX_MSG_HELLO);
				1131	buffer_put_int(&out, SSHMUX_VER);
				1132	/* no extensions */
				1133	buffer_put_string(&c->output, buffer_ptr(&out),
				1134	buffer_len(&out));
				1135	buffer_free(&out);
				1136	debug3("%s: channel %d: hello sent", __func__, c->self);
				1137	return 0;
				1138	}
				1139
				1140	buffer_init(&in);
				1141	buffer_init(&out);
				1142
				1143	/* Channel code ensures that we receive whole packets */
				1144	if ((ptr = buffer_get_string_ptr_ret(&c->input, &have)) == NULL) {
				1145	malf:
				1146	error("%s: malformed message", __func__);
				1147	goto out;
				1148	}
				1149	buffer_append(&in, ptr, have);
				1150
				1151	if (buffer_get_int_ret(&type, &in) != 0)
				1152	goto malf;
				1153	debug3("%s: channel %d packet type 0x%08x len %u",
				1154	__func__, c->self, type, buffer_len(&in));
				1155
				1156	if (type == MUX_MSG_HELLO)
				1157	rid = 0;
				1158	else {
				1159	if (!state->hello_rcvd) {
				1160	error("%s: expected MUX_MSG_HELLO(0x%08x), "
				1161	"received 0x%08x", __func__, MUX_MSG_HELLO, type);
				1162	goto out;
				1163	}
				1164	if (buffer_get_int_ret(&rid, &in) != 0)
				1165	goto malf;
				1166	}
				1167
				1168	for (i = 0; mux_master_handlers[i].handler != NULL; i++) {
				1169	if (type == mux_master_handlers[i].type) {
				1170	ret = mux_master_handlers[i].handler(rid, c, &in, &out);
				1171	break;
				1172	}
				1173	}
				1174	if (mux_master_handlers[i].handler == NULL) {
				1175	error("%s: unsupported mux message 0x%08x", __func__, type);
				1176	buffer_put_int(&out, MUX_S_FAILURE);
				1177	buffer_put_int(&out, rid);
				1178	buffer_put_cstring(&out, "unsupported request");
				1179	ret = 0;
				1180	}
				1181	/* Enqueue reply packet */
				1182	if (buffer_len(&out) != 0) {
				1183	buffer_put_string(&c->output, buffer_ptr(&out),
				1184	buffer_len(&out));
				1185	}
				1186	out:
				1187	buffer_free(&in);
				1188	buffer_free(&out);
				1189	return ret;
				1190	}
				1191
				1192	void
				1193	mux_exit_message(Channel *c, int exitval)
				1194	{
				1195	Buffer m;
				1196	Channel *mux_chan;
				1197
Damien Miller	bc02f16	2013-04-23 19:25:49 +1000	[diff] [blame]	1198	debug3("%s: channel %d: exit message, exitval %d", __func__, c->self,
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1199	exitval);
				1200
				1201	if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
				1202	fatal("%s: channel %d missing mux channel %d",
				1203	__func__, c->self, c->ctl_chan);
				1204
				1205	/* Append exit message packet to control socket output queue */
				1206	buffer_init(&m);
				1207	buffer_put_int(&m, MUX_S_EXIT_MESSAGE);
				1208	buffer_put_int(&m, c->self);
				1209	buffer_put_int(&m, exitval);
				1210
				1211	buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
				1212	buffer_free(&m);
				1213	}
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1214
Damien Miller	555f3b8	2011-05-15 08:48:05 +1000	[diff] [blame]	1215	void
				1216	mux_tty_alloc_failed(Channel *c)
				1217	{
				1218	Buffer m;
				1219	Channel *mux_chan;
				1220
				1221	debug3("%s: channel %d: TTY alloc failed", __func__, c->self);
				1222
				1223	if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
				1224	fatal("%s: channel %d missing mux channel %d",
				1225	__func__, c->self, c->ctl_chan);
				1226
				1227	/* Append exit message packet to control socket output queue */
				1228	buffer_init(&m);
				1229	buffer_put_int(&m, MUX_S_TTY_ALLOC_FAIL);
				1230	buffer_put_int(&m, c->self);
				1231
				1232	buffer_put_string(&mux_chan->output, buffer_ptr(&m), buffer_len(&m));
				1233	buffer_free(&m);
				1234	}
				1235
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1236	/* Prepare a mux master to listen on a Unix domain socket. */
				1237	void
				1238	muxserver_listen(void)
				1239	{
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1240	mode_t old_umask;
Damien Miller	603134e	2010-09-24 22:07:55 +1000	[diff] [blame]	1241	char *orig_control_path = options.control_path;
				1242	char rbuf[16+1];
				1243	u_int i, r;
Damien Miller	f42f768	2014-07-18 15:03:27 +1000	[diff] [blame]	1244	int oerrno;
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1245
				1246	if (options.control_path == NULL \|\|
				1247	options.control_master == SSHCTL_MASTER_NO)
				1248	return;
				1249
				1250	debug("setting up multiplex master socket");
				1251
Damien Miller	603134e	2010-09-24 22:07:55 +1000	[diff] [blame]	1252	/*
				1253	* Use a temporary path before listen so we can pseudo-atomically
				1254	* establish the listening socket in its final location to avoid
				1255	* other processes racing in between bind() and listen() and hitting
				1256	* an unready socket.
				1257	*/
				1258	for (i = 0; i < sizeof(rbuf) - 1; i++) {
				1259	r = arc4random_uniform(26+26+10);
				1260	rbuf[i] = (r < 26) ? 'a' + r :
				1261	(r < 26*2) ? 'A' + r - 26 :
				1262	'0' + r - 26 - 26;
				1263	}
				1264	rbuf[sizeof(rbuf) - 1] = '\0';
				1265	options.control_path = NULL;
				1266	xasprintf(&options.control_path, "%s.%s", orig_control_path, rbuf);
				1267	debug3("%s: temporary control path %s", __func__, options.control_path);
				1268
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1269	old_umask = umask(0177);
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1270	muxserver_sock = unix_listener(options.control_path, 64, 0);
Damien Miller	f42f768	2014-07-18 15:03:27 +1000	[diff] [blame]	1271	oerrno = errno;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1272	umask(old_umask);
				1273	if (muxserver_sock < 0) {
Damien Miller	f42f768	2014-07-18 15:03:27 +1000	[diff] [blame]	1274	if (oerrno == EINVAL \|\| oerrno == EADDRINUSE) {
Darren Tucker	ca19bfe	2008-06-13 10:24:03 +1000	[diff] [blame]	1275	error("ControlSocket %s already exists, "
				1276	"disabling multiplexing", options.control_path);
Damien Miller	603134e	2010-09-24 22:07:55 +1000	[diff] [blame]	1277	disable_mux_master:
Damien Miller	60432d8	2011-05-15 08:34:46 +1000	[diff] [blame]	1278	if (muxserver_sock != -1) {
				1279	close(muxserver_sock);
				1280	muxserver_sock = -1;
				1281	}
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1282	free(orig_control_path);
				1283	free(options.control_path);
Darren Tucker	ca19bfe	2008-06-13 10:24:03 +1000	[diff] [blame]	1284	options.control_path = NULL;
				1285	options.control_master = SSHCTL_MASTER_NO;
				1286	return;
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1287	} else {
				1288	/* unix_listener() logs the error */
				1289	cleanup_exit(255);
				1290	}
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1291	}
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1292
Damien Miller	603134e	2010-09-24 22:07:55 +1000	[diff] [blame]	1293	/* Now atomically "move" the mux socket into position */
				1294	if (link(options.control_path, orig_control_path) != 0) {
				1295	if (errno != EEXIST) {
				1296	fatal("%s: link mux listener %s => %s: %s", __func__,
				1297	options.control_path, orig_control_path,
				1298	strerror(errno));
				1299	}
				1300	error("ControlSocket %s already exists, disabling multiplexing",
				1301	orig_control_path);
Damien Miller	603134e	2010-09-24 22:07:55 +1000	[diff] [blame]	1302	unlink(options.control_path);
				1303	goto disable_mux_master;
				1304	}
				1305	unlink(options.control_path);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1306	free(options.control_path);
Damien Miller	603134e	2010-09-24 22:07:55 +1000	[diff] [blame]	1307	options.control_path = orig_control_path;
				1308
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1309	set_nonblock(muxserver_sock);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1310
				1311	mux_listener_channel = channel_new("mux listener",
				1312	SSH_CHANNEL_MUX_LISTENER, muxserver_sock, muxserver_sock, -1,
				1313	CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
Damien Miller	603134e	2010-09-24 22:07:55 +1000	[diff] [blame]	1314	0, options.control_path, 1);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1315	mux_listener_channel->mux_rcb = mux_master_read_cb;
				1316	debug3("%s: mux listener channel %d fd %d", __func__,
				1317	mux_listener_channel->self, mux_listener_channel->sock);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1318	}
				1319
				1320	/* Callback on open confirmation in mux master for a mux client session. */
				1321	static void
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	1322	mux_session_confirm(int id, int success, void *arg)
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1323	{
				1324	struct mux_session_confirm_ctx *cctx = arg;
				1325	const char *display;
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	1326	Channel c, cc;
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1327	int i;
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	1328	Buffer reply;
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1329
				1330	if (cctx == NULL)
				1331	fatal("%s: cctx == NULL", __func__);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1332	if ((c = channel_by_id(id)) == NULL)
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1333	fatal("%s: no channel for id %d", __func__, id);
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	1334	if ((cc = channel_by_id(c->ctl_chan)) == NULL)
				1335	fatal("%s: channel %d lacks control channel %d", __func__,
				1336	id, c->ctl_chan);
				1337
				1338	if (!success) {
				1339	debug3("%s: sending failure reply", __func__);
				1340	/* prepare reply */
				1341	buffer_init(&reply);
				1342	buffer_put_int(&reply, MUX_S_FAILURE);
				1343	buffer_put_int(&reply, cctx->rid);
				1344	buffer_put_cstring(&reply, "Session open refused by peer");
				1345	goto done;
				1346	}
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1347
				1348	display = getenv("DISPLAY");
				1349	if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
				1350	char proto, data;
Damien Miller	1ab6a51	2010-06-26 10:02:24 +1000	[diff] [blame]	1351
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1352	/* Get reasonable local authentication information. */
				1353	client_x11_get_proto(display, options.xauth_location,
Damien Miller	1ab6a51	2010-06-26 10:02:24 +1000	[diff] [blame]	1354	options.forward_x11_trusted, options.forward_x11_timeout,
				1355	&proto, &data);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1356	/* Request forwarding with authentication spoofing. */
Damien Miller	1ab6a51	2010-06-26 10:02:24 +1000	[diff] [blame]	1357	debug("Requesting X11 forwarding with authentication "
				1358	"spoofing.");
Damien Miller	6d7b437	2011-06-23 08:31:57 +1000	[diff] [blame]	1359	x11_request_forwarding_with_spoofing(id, display, proto,
				1360	data, 1);
				1361	client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
				1362	/* XXX exit_on_forward_failure */
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1363	}
				1364
				1365	if (cctx->want_agent_fwd && options.forward_agent) {
				1366	debug("Requesting authentication agent forwarding.");
				1367	channel_request_start(id, "auth-agent-req@openssh.com", 0);
				1368	packet_send();
				1369	}
				1370
				1371	client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
				1372	cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env);
				1373
Damien Miller	d530f5f	2010-05-21 14:57:10 +1000	[diff] [blame]	1374	debug3("%s: sending success reply", __func__);
				1375	/* prepare reply */
				1376	buffer_init(&reply);
				1377	buffer_put_int(&reply, MUX_S_SESSION_OPENED);
				1378	buffer_put_int(&reply, cctx->rid);
				1379	buffer_put_int(&reply, c->self);
				1380
				1381	done:
				1382	/* Send reply */
				1383	buffer_put_string(&cc->output, buffer_ptr(&reply), buffer_len(&reply));
				1384	buffer_free(&reply);
				1385
				1386	if (cc->mux_pause <= 0)
				1387	fatal("%s: mux_pause %d", __func__, cc->mux_pause);
				1388	cc->mux_pause = 0; /* start processing messages again */
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1389	c->open_confirm_ctx = NULL;
				1390	buffer_free(&cctx->cmd);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1391	free(cctx->term);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1392	if (cctx->env != NULL) {
				1393	for (i = 0; cctx->env[i] != NULL; i++)
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1394	free(cctx->env[i]);
				1395	free(cctx->env);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1396	}
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1397	free(cctx);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1398	}
				1399
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1400	/* ** Multiplexing client support */
				1401
				1402	/* Exit signal handler */
				1403	static void
				1404	control_client_sighandler(int signo)
				1405	{
				1406	muxclient_terminate = signo;
				1407	}
				1408
				1409	/*
				1410	* Relay signal handler - used to pass some signals from mux client to
				1411	* mux master.
				1412	*/
				1413	static void
				1414	control_client_sigrelay(int signo)
				1415	{
				1416	int save_errno = errno;
				1417
				1418	if (muxserver_pid > 1)
				1419	kill(muxserver_pid, signo);
				1420
				1421	errno = save_errno;
				1422	}
				1423
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1424	static int
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1425	mux_client_read(int fd, Buffer *b, u_int need)
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1426	{
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1427	u_int have;
				1428	ssize_t len;
				1429	u_char *p;
				1430	struct pollfd pfd;
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1431
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1432	pfd.fd = fd;
				1433	pfd.events = POLLIN;
				1434	p = buffer_append_space(b, need);
				1435	for (have = 0; have < need; ) {
				1436	if (muxclient_terminate) {
				1437	errno = EINTR;
				1438	return -1;
				1439	}
				1440	len = read(fd, p + have, need - have);
				1441	if (len < 0) {
				1442	switch (errno) {
				1443	#if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
				1444	case EWOULDBLOCK:
				1445	#endif
				1446	case EAGAIN:
				1447	(void)poll(&pfd, 1, -1);
				1448	/* FALLTHROUGH */
				1449	case EINTR:
				1450	continue;
				1451	default:
				1452	return -1;
				1453	}
				1454	}
				1455	if (len == 0) {
				1456	errno = EPIPE;
				1457	return -1;
				1458	}
				1459	have += (u_int)len;
				1460	}
				1461	return 0;
				1462	}
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1463
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1464	static int
				1465	mux_client_write_packet(int fd, Buffer *m)
				1466	{
				1467	Buffer queue;
				1468	u_int have, need;
				1469	int oerrno, len;
				1470	u_char *ptr;
				1471	struct pollfd pfd;
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	1472
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1473	pfd.fd = fd;
				1474	pfd.events = POLLOUT;
				1475	buffer_init(&queue);
				1476	buffer_put_string(&queue, buffer_ptr(m), buffer_len(m));
				1477
				1478	need = buffer_len(&queue);
				1479	ptr = buffer_ptr(&queue);
				1480
				1481	for (have = 0; have < need; ) {
				1482	if (muxclient_terminate) {
				1483	buffer_free(&queue);
				1484	errno = EINTR;
				1485	return -1;
				1486	}
				1487	len = write(fd, ptr + have, need - have);
				1488	if (len < 0) {
				1489	switch (errno) {
				1490	#if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
				1491	case EWOULDBLOCK:
				1492	#endif
				1493	case EAGAIN:
				1494	(void)poll(&pfd, 1, -1);
				1495	/* FALLTHROUGH */
				1496	case EINTR:
				1497	continue;
				1498	default:
				1499	oerrno = errno;
				1500	buffer_free(&queue);
				1501	errno = oerrno;
				1502	return -1;
				1503	}
				1504	}
				1505	if (len == 0) {
				1506	buffer_free(&queue);
				1507	errno = EPIPE;
				1508	return -1;
				1509	}
				1510	have += (u_int)len;
				1511	}
				1512	buffer_free(&queue);
				1513	return 0;
				1514	}
				1515
				1516	static int
				1517	mux_client_read_packet(int fd, Buffer *m)
				1518	{
				1519	Buffer queue;
				1520	u_int need, have;
Damien Miller	633de33	2014-05-15 13:48:26 +1000	[diff] [blame]	1521	const u_char *ptr;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1522	int oerrno;
				1523
				1524	buffer_init(&queue);
				1525	if (mux_client_read(fd, &queue, 4) != 0) {
				1526	if ((oerrno = errno) == EPIPE)
Darren Tucker	746e906	2013-06-06 08:20:13 +1000	[diff] [blame]	1527	debug3("%s: read header failed: %s", __func__,
				1528	strerror(errno));
				1529	buffer_free(&queue);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1530	errno = oerrno;
				1531	return -1;
				1532	}
				1533	need = get_u32(buffer_ptr(&queue));
				1534	if (mux_client_read(fd, &queue, need) != 0) {
				1535	oerrno = errno;
				1536	debug3("%s: read body failed: %s", __func__, strerror(errno));
Darren Tucker	746e906	2013-06-06 08:20:13 +1000	[diff] [blame]	1537	buffer_free(&queue);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1538	errno = oerrno;
				1539	return -1;
				1540	}
				1541	ptr = buffer_get_string_ptr(&queue, &have);
				1542	buffer_append(m, ptr, have);
				1543	buffer_free(&queue);
				1544	return 0;
				1545	}
				1546
				1547	static int
				1548	mux_client_hello_exchange(int fd)
				1549	{
				1550	Buffer m;
				1551	u_int type, ver;
				1552
				1553	buffer_init(&m);
				1554	buffer_put_int(&m, MUX_MSG_HELLO);
				1555	buffer_put_int(&m, SSHMUX_VER);
				1556	/* no extensions */
				1557
				1558	if (mux_client_write_packet(fd, &m) != 0)
				1559	fatal("%s: write packet: %s", __func__, strerror(errno));
				1560
				1561	buffer_clear(&m);
				1562
				1563	/* Read their HELLO */
				1564	if (mux_client_read_packet(fd, &m) != 0) {
				1565	buffer_free(&m);
				1566	return -1;
				1567	}
				1568
				1569	type = buffer_get_int(&m);
				1570	if (type != MUX_MSG_HELLO)
				1571	fatal("%s: expected HELLO (%u) received %u",
				1572	__func__, MUX_MSG_HELLO, type);
				1573	ver = buffer_get_int(&m);
				1574	if (ver != SSHMUX_VER)
				1575	fatal("Unsupported multiplexing protocol version %d "
				1576	"(expected %d)", ver, SSHMUX_VER);
				1577	debug2("%s: master version %u", __func__, ver);
				1578	/* No extensions are presently defined */
				1579	while (buffer_len(&m) > 0) {
				1580	char *name = buffer_get_string(&m, NULL);
				1581	char *value = buffer_get_string(&m, NULL);
				1582
				1583	debug2("Unrecognised master extension \"%s\"", name);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1584	free(name);
				1585	free(value);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1586	}
				1587	buffer_free(&m);
				1588	return 0;
				1589	}
				1590
				1591	static u_int
				1592	mux_client_request_alive(int fd)
				1593	{
				1594	Buffer m;
				1595	char *e;
				1596	u_int pid, type, rid;
				1597
				1598	debug3("%s: entering", __func__);
				1599
				1600	buffer_init(&m);
				1601	buffer_put_int(&m, MUX_C_ALIVE_CHECK);
				1602	buffer_put_int(&m, muxclient_request_id);
				1603
				1604	if (mux_client_write_packet(fd, &m) != 0)
				1605	fatal("%s: write packet: %s", __func__, strerror(errno));
				1606
				1607	buffer_clear(&m);
				1608
				1609	/* Read their reply */
				1610	if (mux_client_read_packet(fd, &m) != 0) {
				1611	buffer_free(&m);
				1612	return 0;
				1613	}
				1614
				1615	type = buffer_get_int(&m);
				1616	if (type != MUX_S_ALIVE) {
				1617	e = buffer_get_string(&m, NULL);
				1618	fatal("%s: master returned error: %s", __func__, e);
				1619	}
				1620
				1621	if ((rid = buffer_get_int(&m)) != muxclient_request_id)
				1622	fatal("%s: out of sequence reply: my id %u theirs %u",
				1623	__func__, muxclient_request_id, rid);
				1624	pid = buffer_get_int(&m);
				1625	buffer_free(&m);
				1626
				1627	debug3("%s: done pid = %u", __func__, pid);
				1628
				1629	muxclient_request_id++;
				1630
				1631	return pid;
				1632	}
				1633
				1634	static void
				1635	mux_client_request_terminate(int fd)
				1636	{
				1637	Buffer m;
				1638	char *e;
				1639	u_int type, rid;
				1640
				1641	debug3("%s: entering", __func__);
				1642
				1643	buffer_init(&m);
				1644	buffer_put_int(&m, MUX_C_TERMINATE);
				1645	buffer_put_int(&m, muxclient_request_id);
				1646
				1647	if (mux_client_write_packet(fd, &m) != 0)
				1648	fatal("%s: write packet: %s", __func__, strerror(errno));
				1649
				1650	buffer_clear(&m);
				1651
				1652	/* Read their reply */
				1653	if (mux_client_read_packet(fd, &m) != 0) {
				1654	/* Remote end exited already */
				1655	if (errno == EPIPE) {
				1656	buffer_free(&m);
				1657	return;
				1658	}
				1659	fatal("%s: read from master failed: %s",
				1660	__func__, strerror(errno));
				1661	}
				1662
				1663	type = buffer_get_int(&m);
				1664	if ((rid = buffer_get_int(&m)) != muxclient_request_id)
				1665	fatal("%s: out of sequence reply: my id %u theirs %u",
				1666	__func__, muxclient_request_id, rid);
				1667	switch (type) {
				1668	case MUX_S_OK:
				1669	break;
				1670	case MUX_S_PERMISSION_DENIED:
				1671	e = buffer_get_string(&m, NULL);
				1672	fatal("Master refused termination request: %s", e);
				1673	case MUX_S_FAILURE:
				1674	e = buffer_get_string(&m, NULL);
				1675	fatal("%s: termination request failed: %s", __func__, e);
				1676	default:
				1677	fatal("%s: unexpected response from master 0x%08x",
				1678	__func__, type);
				1679	}
				1680	buffer_free(&m);
				1681	muxclient_request_id++;
				1682	}
				1683
				1684	static int
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1685	mux_client_forward(int fd, int cancel_flag, u_int ftype, struct Forward *fwd)
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1686	{
				1687	Buffer m;
				1688	char e, fwd_desc;
				1689	u_int type, rid;
				1690
				1691	fwd_desc = format_forward(ftype, fwd);
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1692	debug("Requesting %s %s",
				1693	cancel_flag ? "cancellation of" : "forwarding of", fwd_desc);
Darren Tucker	a627d42	2013-06-02 07:31:17 +1000	[diff] [blame]	1694	free(fwd_desc);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1695
				1696	buffer_init(&m);
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1697	buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1698	buffer_put_int(&m, muxclient_request_id);
				1699	buffer_put_int(&m, ftype);
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1700	if (fwd->listen_path != NULL) {
				1701	buffer_put_cstring(&m, fwd->listen_path);
				1702	} else {
				1703	buffer_put_cstring(&m,
djm@openbsd.org	46ac2ed	2014-12-22 07:24:11 +0000	[diff] [blame]	1704	fwd->listen_host == NULL ? "" :
				1705	(fwd->listen_host == '\0' ? "" : fwd->listen_host));
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1706	}
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1707	buffer_put_int(&m, fwd->listen_port);
Damien Miller	7acefbb	2014-07-18 14:11:24 +1000	[diff] [blame]	1708	if (fwd->connect_path != NULL) {
				1709	buffer_put_cstring(&m, fwd->connect_path);
				1710	} else {
				1711	buffer_put_cstring(&m,
				1712	fwd->connect_host == NULL ? "" : fwd->connect_host);
				1713	}
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1714	buffer_put_int(&m, fwd->connect_port);
				1715
				1716	if (mux_client_write_packet(fd, &m) != 0)
				1717	fatal("%s: write packet: %s", __func__, strerror(errno));
				1718
				1719	buffer_clear(&m);
				1720
				1721	/* Read their reply */
				1722	if (mux_client_read_packet(fd, &m) != 0) {
				1723	buffer_free(&m);
				1724	return -1;
				1725	}
				1726
				1727	type = buffer_get_int(&m);
				1728	if ((rid = buffer_get_int(&m)) != muxclient_request_id)
				1729	fatal("%s: out of sequence reply: my id %u theirs %u",
				1730	__func__, muxclient_request_id, rid);
				1731	switch (type) {
				1732	case MUX_S_OK:
				1733	break;
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	1734	case MUX_S_REMOTE_PORT:
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1735	if (cancel_flag)
				1736	fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__);
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	1737	fwd->allocated_port = buffer_get_int(&m);
djm@openbsd.org	8312cfb	2015-05-01 04:01:58 +0000	[diff] [blame]	1738	verbose("Allocated port %u for remote forward to %s:%d",
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	1739	fwd->allocated_port,
				1740	fwd->connect_host ? fwd->connect_host : "",
				1741	fwd->connect_port);
				1742	if (muxclient_command == SSHMUX_COMMAND_FORWARD)
				1743	fprintf(stdout, "%u\n", fwd->allocated_port);
				1744	break;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1745	case MUX_S_PERMISSION_DENIED:
				1746	e = buffer_get_string(&m, NULL);
				1747	buffer_free(&m);
				1748	error("Master refused forwarding request: %s", e);
				1749	return -1;
				1750	case MUX_S_FAILURE:
				1751	e = buffer_get_string(&m, NULL);
				1752	buffer_free(&m);
Damien Miller	445c9a5	2011-01-14 12:01:29 +1100	[diff] [blame]	1753	error("%s: forwarding request failed: %s", __func__, e);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1754	return -1;
				1755	default:
				1756	fatal("%s: unexpected response from master 0x%08x",
				1757	__func__, type);
				1758	}
				1759	buffer_free(&m);
				1760
				1761	muxclient_request_id++;
				1762	return 0;
				1763	}
				1764
				1765	static int
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1766	mux_client_forwards(int fd, int cancel_flag)
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1767	{
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1768	int i, ret = 0;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1769
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1770	debug3("%s: %s forwardings: %d local, %d remote", __func__,
				1771	cancel_flag ? "cancel" : "request",
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1772	options.num_local_forwards, options.num_remote_forwards);
				1773
				1774	/* XXX ExitOnForwardingFailure */
				1775	for (i = 0; i < options.num_local_forwards; i++) {
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1776	if (mux_client_forward(fd, cancel_flag,
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1777	options.local_forwards[i].connect_port == 0 ?
				1778	MUX_FWD_DYNAMIC : MUX_FWD_LOCAL,
				1779	options.local_forwards + i) != 0)
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1780	ret = -1;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1781	}
				1782	for (i = 0; i < options.num_remote_forwards; i++) {
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1783	if (mux_client_forward(fd, cancel_flag, MUX_FWD_REMOTE,
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1784	options.remote_forwards + i) != 0)
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1785	ret = -1;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1786	}
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	1787	return ret;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1788	}
				1789
				1790	static int
				1791	mux_client_request_session(int fd)
				1792	{
				1793	Buffer m;
				1794	char e, term;
				1795	u_int i, rid, sid, esid, exitval, type, exitval_seen;
				1796	extern char **environ;
Damien Miller	555f3b8	2011-05-15 08:48:05 +1000	[diff] [blame]	1797	int devnull, rawmode;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1798
				1799	debug3("%s: entering", __func__);
				1800
				1801	if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
				1802	error("%s: master alive request failed", __func__);
				1803	return -1;
				1804	}
				1805
				1806	signal(SIGPIPE, SIG_IGN);
				1807
				1808	if (stdin_null_flag) {
				1809	if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
				1810	fatal("open(/dev/null): %s", strerror(errno));
				1811	if (dup2(devnull, STDIN_FILENO) == -1)
				1812	fatal("dup2: %s", strerror(errno));
				1813	if (devnull > STDERR_FILENO)
				1814	close(devnull);
				1815	}
				1816
				1817	term = getenv("TERM");
				1818
				1819	buffer_init(&m);
				1820	buffer_put_int(&m, MUX_C_NEW_SESSION);
				1821	buffer_put_int(&m, muxclient_request_id);
				1822	buffer_put_cstring(&m, ""); /* reserved */
				1823	buffer_put_int(&m, tty_flag);
				1824	buffer_put_int(&m, options.forward_x11);
				1825	buffer_put_int(&m, options.forward_agent);
				1826	buffer_put_int(&m, subsystem_flag);
				1827	buffer_put_int(&m, options.escape_char == SSH_ESCAPECHAR_NONE ?
				1828	0xffffffff : (u_int)options.escape_char);
				1829	buffer_put_cstring(&m, term == NULL ? "" : term);
				1830	buffer_put_string(&m, buffer_ptr(&command), buffer_len(&command));
				1831
				1832	if (options.num_send_env > 0 && environ != NULL) {
				1833	/* Pass environment */
				1834	for (i = 0; environ[i] != NULL; i++) {
				1835	if (env_permitted(environ[i])) {
				1836	buffer_put_cstring(&m, environ[i]);
				1837	}
				1838	}
				1839	}
				1840
				1841	if (mux_client_write_packet(fd, &m) != 0)
				1842	fatal("%s: write packet: %s", __func__, strerror(errno));
				1843
				1844	/* Send the stdio file descriptors */
				1845	if (mm_send_fd(fd, STDIN_FILENO) == -1 \|\|
				1846	mm_send_fd(fd, STDOUT_FILENO) == -1 \|\|
				1847	mm_send_fd(fd, STDERR_FILENO) == -1)
				1848	fatal("%s: send fds failed", __func__);
				1849
				1850	debug3("%s: session request sent", __func__);
				1851
				1852	/* Read their reply */
				1853	buffer_clear(&m);
				1854	if (mux_client_read_packet(fd, &m) != 0) {
				1855	error("%s: read from master failed: %s",
				1856	__func__, strerror(errno));
				1857	buffer_free(&m);
				1858	return -1;
				1859	}
				1860
				1861	type = buffer_get_int(&m);
				1862	if ((rid = buffer_get_int(&m)) != muxclient_request_id)
				1863	fatal("%s: out of sequence reply: my id %u theirs %u",
				1864	__func__, muxclient_request_id, rid);
				1865	switch (type) {
				1866	case MUX_S_SESSION_OPENED:
				1867	sid = buffer_get_int(&m);
				1868	debug("%s: master session id: %u", __func__, sid);
				1869	break;
				1870	case MUX_S_PERMISSION_DENIED:
				1871	e = buffer_get_string(&m, NULL);
				1872	buffer_free(&m);
Damien Miller	445c9a5	2011-01-14 12:01:29 +1100	[diff] [blame]	1873	error("Master refused session request: %s", e);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1874	return -1;
				1875	case MUX_S_FAILURE:
				1876	e = buffer_get_string(&m, NULL);
				1877	buffer_free(&m);
Damien Miller	445c9a5	2011-01-14 12:01:29 +1100	[diff] [blame]	1878	error("%s: session request failed: %s", __func__, e);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1879	return -1;
				1880	default:
				1881	buffer_free(&m);
				1882	error("%s: unexpected response from master 0x%08x",
				1883	__func__, type);
				1884	return -1;
				1885	}
				1886	muxclient_request_id++;
				1887
				1888	signal(SIGHUP, control_client_sighandler);
				1889	signal(SIGINT, control_client_sighandler);
				1890	signal(SIGTERM, control_client_sighandler);
				1891	signal(SIGWINCH, control_client_sigrelay);
				1892
Damien Miller	555f3b8	2011-05-15 08:48:05 +1000	[diff] [blame]	1893	rawmode = tty_flag;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1894	if (tty_flag)
Damien Miller	21771e2	2011-05-15 08:45:50 +1000	[diff] [blame]	1895	enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1896
				1897	/*
				1898	* Stick around until the controlee closes the client_fd.
				1899	* Before it does, it is expected to write an exit message.
				1900	* This process must read the value and wait for the closure of
				1901	* the client_fd; if this one closes early, the multiplex master will
				1902	* terminate early too (possibly losing data).
				1903	*/
				1904	for (exitval = 255, exitval_seen = 0;;) {
				1905	buffer_clear(&m);
				1906	if (mux_client_read_packet(fd, &m) != 0)
				1907	break;
				1908	type = buffer_get_int(&m);
Damien Miller	555f3b8	2011-05-15 08:48:05 +1000	[diff] [blame]	1909	switch (type) {
				1910	case MUX_S_TTY_ALLOC_FAIL:
				1911	if ((esid = buffer_get_int(&m)) != sid)
				1912	fatal("%s: tty alloc fail on unknown session: "
				1913	"my id %u theirs %u",
				1914	__func__, sid, esid);
				1915	leave_raw_mode(options.request_tty ==
				1916	REQUEST_TTY_FORCE);
				1917	rawmode = 0;
				1918	continue;
				1919	case MUX_S_EXIT_MESSAGE:
				1920	if ((esid = buffer_get_int(&m)) != sid)
				1921	fatal("%s: exit on unknown session: "
				1922	"my id %u theirs %u",
				1923	__func__, sid, esid);
				1924	if (exitval_seen)
				1925	fatal("%s: exitval sent twice", __func__);
				1926	exitval = buffer_get_int(&m);
				1927	exitval_seen = 1;
				1928	continue;
				1929	default:
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1930	e = buffer_get_string(&m, NULL);
				1931	fatal("%s: master returned error: %s", __func__, e);
				1932	}
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1933	}
				1934
				1935	close(fd);
Damien Miller	555f3b8	2011-05-15 08:48:05 +1000	[diff] [blame]	1936	if (rawmode)
				1937	leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	1938
				1939	if (muxclient_terminate) {
				1940	debug2("Exiting on signal %d", muxclient_terminate);
				1941	exitval = 255;
				1942	} else if (!exitval_seen) {
				1943	debug2("Control master terminated unexpectedly");
				1944	exitval = 255;
				1945	} else
				1946	debug2("Received exit status from master %d", exitval);
				1947
				1948	if (tty_flag && options.log_level != SYSLOG_LEVEL_QUIET)
				1949	fprintf(stderr, "Shared connection to %s closed.\r\n", host);
				1950
				1951	exit(exitval);
				1952	}
				1953
				1954	static int
				1955	mux_client_request_stdio_fwd(int fd)
				1956	{
				1957	Buffer m;
				1958	char *e;
				1959	u_int type, rid, sid;
				1960	int devnull;
				1961
				1962	debug3("%s: entering", __func__);
				1963
				1964	if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
				1965	error("%s: master alive request failed", __func__);
				1966	return -1;
				1967	}
				1968
				1969	signal(SIGPIPE, SIG_IGN);
				1970
				1971	if (stdin_null_flag) {
				1972	if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
				1973	fatal("open(/dev/null): %s", strerror(errno));
				1974	if (dup2(devnull, STDIN_FILENO) == -1)
				1975	fatal("dup2: %s", strerror(errno));
				1976	if (devnull > STDERR_FILENO)
				1977	close(devnull);
				1978	}
				1979
				1980	buffer_init(&m);
				1981	buffer_put_int(&m, MUX_C_NEW_STDIO_FWD);
				1982	buffer_put_int(&m, muxclient_request_id);
				1983	buffer_put_cstring(&m, ""); /* reserved */
				1984	buffer_put_cstring(&m, stdio_forward_host);
				1985	buffer_put_int(&m, stdio_forward_port);
				1986
				1987	if (mux_client_write_packet(fd, &m) != 0)
				1988	fatal("%s: write packet: %s", __func__, strerror(errno));
				1989
				1990	/* Send the stdio file descriptors */
				1991	if (mm_send_fd(fd, STDIN_FILENO) == -1 \|\|
				1992	mm_send_fd(fd, STDOUT_FILENO) == -1)
				1993	fatal("%s: send fds failed", __func__);
				1994
				1995	debug3("%s: stdio forward request sent", __func__);
				1996
				1997	/* Read their reply */
				1998	buffer_clear(&m);
				1999
				2000	if (mux_client_read_packet(fd, &m) != 0) {
				2001	error("%s: read from master failed: %s",
				2002	__func__, strerror(errno));
				2003	buffer_free(&m);
				2004	return -1;
				2005	}
				2006
				2007	type = buffer_get_int(&m);
				2008	if ((rid = buffer_get_int(&m)) != muxclient_request_id)
				2009	fatal("%s: out of sequence reply: my id %u theirs %u",
				2010	__func__, muxclient_request_id, rid);
				2011	switch (type) {
				2012	case MUX_S_SESSION_OPENED:
				2013	sid = buffer_get_int(&m);
				2014	debug("%s: master session id: %u", __func__, sid);
				2015	break;
				2016	case MUX_S_PERMISSION_DENIED:
				2017	e = buffer_get_string(&m, NULL);
				2018	buffer_free(&m);
Damien Miller	445c9a5	2011-01-14 12:01:29 +1100	[diff] [blame]	2019	fatal("Master refused stdio forwarding request: %s", e);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2020	case MUX_S_FAILURE:
				2021	e = buffer_get_string(&m, NULL);
				2022	buffer_free(&m);
Damien Miller	357610d	2014-07-18 15:04:10 +1000	[diff] [blame]	2023	fatal("Stdio forwarding request failed: %s", e);
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2024	default:
				2025	buffer_free(&m);
				2026	error("%s: unexpected response from master 0x%08x",
				2027	__func__, type);
				2028	return -1;
				2029	}
				2030	muxclient_request_id++;
				2031
				2032	signal(SIGHUP, control_client_sighandler);
				2033	signal(SIGINT, control_client_sighandler);
				2034	signal(SIGTERM, control_client_sighandler);
				2035	signal(SIGWINCH, control_client_sigrelay);
				2036
				2037	/*
				2038	* Stick around until the controlee closes the client_fd.
				2039	*/
				2040	buffer_clear(&m);
				2041	if (mux_client_read_packet(fd, &m) != 0) {
				2042	if (errno == EPIPE \|\|
				2043	(errno == EINTR && muxclient_terminate != 0))
				2044	return 0;
				2045	fatal("%s: mux_client_read_packet: %s",
				2046	__func__, strerror(errno));
				2047	}
				2048	fatal("%s: master returned unexpected message %u", __func__, type);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2049	}
				2050
Damien Miller	6c3eec7	2011-05-05 14:16:22 +1000	[diff] [blame]	2051	static void
				2052	mux_client_request_stop_listening(int fd)
				2053	{
				2054	Buffer m;
				2055	char *e;
				2056	u_int type, rid;
				2057
				2058	debug3("%s: entering", __func__);
				2059
				2060	buffer_init(&m);
				2061	buffer_put_int(&m, MUX_C_STOP_LISTENING);
				2062	buffer_put_int(&m, muxclient_request_id);
				2063
				2064	if (mux_client_write_packet(fd, &m) != 0)
				2065	fatal("%s: write packet: %s", __func__, strerror(errno));
				2066
				2067	buffer_clear(&m);
				2068
				2069	/* Read their reply */
				2070	if (mux_client_read_packet(fd, &m) != 0)
				2071	fatal("%s: read from master failed: %s",
				2072	__func__, strerror(errno));
				2073
				2074	type = buffer_get_int(&m);
				2075	if ((rid = buffer_get_int(&m)) != muxclient_request_id)
				2076	fatal("%s: out of sequence reply: my id %u theirs %u",
				2077	__func__, muxclient_request_id, rid);
				2078	switch (type) {
				2079	case MUX_S_OK:
				2080	break;
				2081	case MUX_S_PERMISSION_DENIED:
				2082	e = buffer_get_string(&m, NULL);
				2083	fatal("Master refused stop listening request: %s", e);
				2084	case MUX_S_FAILURE:
				2085	e = buffer_get_string(&m, NULL);
				2086	fatal("%s: stop listening request failed: %s", __func__, e);
				2087	default:
				2088	fatal("%s: unexpected response from master 0x%08x",
				2089	__func__, type);
				2090	}
				2091	buffer_free(&m);
				2092	muxclient_request_id++;
				2093	}
				2094
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2095	/* Multiplex client main loop. */
				2096	void
				2097	muxclient(const char *path)
				2098	{
				2099	struct sockaddr_un addr;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2100	socklen_t sun_len;
				2101	int sock;
				2102	u_int pid;
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2103
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2104	if (muxclient_command == 0) {
				2105	if (stdio_forward_host != NULL)
				2106	muxclient_command = SSHMUX_COMMAND_STDIO_FWD;
				2107	else
				2108	muxclient_command = SSHMUX_COMMAND_OPEN;
				2109	}
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2110
				2111	switch (options.control_master) {
				2112	case SSHCTL_MASTER_AUTO:
				2113	case SSHCTL_MASTER_AUTO_ASK:
				2114	debug("auto-mux: Trying existing master");
				2115	/* FALLTHROUGH */
				2116	case SSHCTL_MASTER_NO:
				2117	break;
				2118	default:
				2119	return;
				2120	}
				2121
				2122	memset(&addr, '\0', sizeof(addr));
				2123	addr.sun_family = AF_UNIX;
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2124	sun_len = offsetof(struct sockaddr_un, sun_path) +
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2125	strlen(path) + 1;
				2126
				2127	if (strlcpy(addr.sun_path, path,
				2128	sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
				2129	fatal("ControlPath too long");
				2130
				2131	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
				2132	fatal("%s socket(): %s", __func__, strerror(errno));
				2133
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2134	if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) {
				2135	switch (muxclient_command) {
				2136	case SSHMUX_COMMAND_OPEN:
				2137	case SSHMUX_COMMAND_STDIO_FWD:
				2138	break;
				2139	default:
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2140	fatal("Control socket connect(%.100s): %s", path,
				2141	strerror(errno));
				2142	}
Damien Miller	603134e	2010-09-24 22:07:55 +1000	[diff] [blame]	2143	if (errno == ECONNREFUSED &&
				2144	options.control_master != SSHCTL_MASTER_NO) {
				2145	debug("Stale control socket %.100s, unlinking", path);
				2146	unlink(path);
				2147	} else if (errno == ENOENT) {
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2148	debug("Control socket \"%.100s\" does not exist", path);
Damien Miller	603134e	2010-09-24 22:07:55 +1000	[diff] [blame]	2149	} else {
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2150	error("Control socket connect(%.100s): %s", path,
				2151	strerror(errno));
				2152	}
				2153	close(sock);
				2154	return;
				2155	}
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2156	set_nonblock(sock);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2157
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2158	if (mux_client_hello_exchange(sock) != 0) {
				2159	error("%s: master hello exchange failed", __func__);
Darren Tucker	ca19bfe	2008-06-13 10:24:03 +1000	[diff] [blame]	2160	close(sock);
Darren Tucker	ca19bfe	2008-06-13 10:24:03 +1000	[diff] [blame]	2161	return;
				2162	}
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2163
				2164	switch (muxclient_command) {
				2165	case SSHMUX_COMMAND_ALIVE_CHECK:
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2166	if ((pid = mux_client_request_alive(sock)) == 0)
				2167	fatal("%s: master alive check failed", __func__);
				2168	fprintf(stderr, "Master running (pid=%d)\r\n", pid);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2169	exit(0);
				2170	case SSHMUX_COMMAND_TERMINATE:
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2171	mux_client_request_terminate(sock);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2172	fprintf(stderr, "Exit request sent.\r\n");
				2173	exit(0);
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	2174	case SSHMUX_COMMAND_FORWARD:
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	2175	if (mux_client_forwards(sock, 0) != 0)
Damien Miller	388f6fc	2010-05-21 14:57:35 +1000	[diff] [blame]	2176	fatal("%s: master forward request failed", __func__);
				2177	exit(0);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2178	case SSHMUX_COMMAND_OPEN:
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	2179	if (mux_client_forwards(sock, 0) != 0) {
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2180	error("%s: master forward request failed", __func__);
				2181	return;
Darren Tucker	2fb66ca	2008-06-13 04:49:33 +1000	[diff] [blame]	2182	}
Damien Miller	e1537f9	2010-01-26 13:26:22 +1100	[diff] [blame]	2183	mux_client_request_session(sock);
				2184	return;
				2185	case SSHMUX_COMMAND_STDIO_FWD:
				2186	mux_client_request_stdio_fwd(sock);
				2187	exit(0);
Damien Miller	6c3eec7	2011-05-05 14:16:22 +1000	[diff] [blame]	2188	case SSHMUX_COMMAND_STOP:
				2189	mux_client_request_stop_listening(sock);
				2190	fprintf(stderr, "Stop listening request sent.\r\n");
				2191	exit(0);
Damien Miller	f6dff7c	2011-09-22 21:38:52 +1000	[diff] [blame]	2192	case SSHMUX_COMMAND_CANCEL_FWD:
				2193	if (mux_client_forwards(sock, 1) != 0)
				2194	error("%s: master cancel forward request failed",
				2195	__func__);
				2196	exit(0);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2197	default:
Darren Tucker	2fb66ca	2008-06-13 04:49:33 +1000	[diff] [blame]	2198	fatal("unrecognised muxclient_command %d", muxclient_command);
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2199	}
Damien Miller	b1cbfa2	2008-05-19 16:00:08 +1000	[diff] [blame]	2200	}