cli-chansession.c 11.5 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
/*
 * Dropbear SSH
 * 
 * Copyright (c) 2002,2003 Matt Johnston
 * Copyright (c) 2004 by Mihnea Stoenescu
 * All rights reserved.
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE. */

26
27
28
29
30
31
32
33
#include "includes.h"
#include "packet.h"
#include "buffer.h"
#include "session.h"
#include "dbutil.h"
#include "channel.h"
#include "ssh.h"
#include "runopts.h"
34
#include "termcodes.h"
35
#include "chansession.h"
Matt Johnston's avatar
Matt Johnston committed
36
#include "agentfwd.h"
37
38
39

static void cli_closechansess(struct Channel *channel);
static int cli_initchansess(struct Channel *channel);
40
static void cli_chansessreq(struct Channel *channel);
41
42
static void send_chansess_pty_req(struct Channel *channel);
static void send_chansess_shell_req(struct Channel *channel);
43
static void cli_escape_handler(struct Channel *channel, unsigned char* buf, int *len);
Matt Johnston's avatar
Matt Johnston committed
44
static int cli_init_netcat(struct Channel *channel);
45

Francois Perrad's avatar
Francois Perrad committed
46
static void cli_tty_setup(void);
47

Matt Johnston's avatar
Nasty.    
Matt Johnston committed
48
const struct ChanType clichansess = {
49
50
51
52
	0, /* sepfds */
	"session", /* name */
	cli_initchansess, /* inithandler */
	NULL, /* checkclosehandler */
53
	cli_chansessreq, /* reqhandler */
54
55
56
	cli_closechansess, /* closehandler */
};

57
58
static void cli_chansessreq(struct Channel *channel) {

59
	char* type = NULL;
60
61
	int wantreply;

62
	TRACE(("enter cli_chansessreq"))
63

64
	type = buf_getstring(ses.payload, NULL);
65
	wantreply = buf_getbool(ses.payload);
66

67
68
69
70
71
72
	if (strcmp(type, "exit-status") == 0) {
		cli_ses.retval = buf_getint(ses.payload);
		TRACE(("got exit-status of '%d'", cli_ses.retval))
	} else if (strcmp(type, "exit-signal") == 0) {
		TRACE(("got exit-signal, ignoring it"))
	} else {
73
		TRACE(("unknown request '%s'", type))
74
75
76
		if (wantreply) {
			send_msg_channel_failure(channel);
		}
77
78
79
80
81
82
83
84
		goto out;
	}
		
out:
	m_free(type);
}
	

85
/* If the main session goes, we close it up */
86
static void cli_closechansess(struct Channel *UNUSED(channel)) {
87
	cli_tty_cleanup(); /* Restore tty modes etc */
88
89
90
91
92
93
94
95
96
97
98
99
100

	/* This channel hasn't gone yet, so we have > 1 */
	if (ses.chancount > 1) {
		dropbear_log(LOG_INFO, "Waiting for other channels to close...");
	}
}

/* Taken from OpenSSH's sshtty.c:
 * RCSID("OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp "); */
static void cli_tty_setup() {

	struct termios tio;

101
	TRACE(("enter cli_pty_setup"))
102
103

	if (cli_ses.tty_raw_mode == 1) {
104
		TRACE(("leave cli_tty_setup: already in raw mode!"))
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
		return;
	}

	if (tcgetattr(STDIN_FILENO, &tio) == -1) {
		dropbear_exit("Failed to set raw TTY mode");
	}

	/* make a copy */
	cli_ses.saved_tio = tio;

	tio.c_iflag |= IGNPAR;
	tio.c_iflag &= ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
#ifdef IUCLC
	tio.c_iflag &= ~IUCLC;
#endif
	tio.c_lflag &= ~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL);
#ifdef IEXTEN
	tio.c_lflag &= ~IEXTEN;
#endif
	tio.c_oflag &= ~OPOST;
	tio.c_cc[VMIN] = 1;
	tio.c_cc[VTIME] = 0;
	if (tcsetattr(STDIN_FILENO, TCSADRAIN, &tio) == -1) {
		dropbear_exit("Failed to set raw TTY mode");
	}

	cli_ses.tty_raw_mode = 1;
132
	TRACE(("leave cli_tty_setup"))
133
134
}

135
void cli_tty_cleanup() {
136

137
	TRACE(("enter cli_tty_cleanup"))
138
139

	if (cli_ses.tty_raw_mode == 0) {
140
		TRACE(("leave cli_tty_cleanup: not in raw mode"))
141
		return;
142
143
144
145
146
147
148
149
	}

	if (tcsetattr(STDIN_FILENO, TCSADRAIN, &cli_ses.saved_tio) == -1) {
		dropbear_log(LOG_WARNING, "Failed restoring TTY");
	} else {
		cli_ses.tty_raw_mode = 0; 
	}

150
	TRACE(("leave cli_tty_cleanup"))
151
152
}

153
154
155
156
157
158
159
160
161
162
static void put_termcodes() {

	struct termios tio;
	unsigned int sshcode;
	const struct TermCode *termcode;
	unsigned int value;
	unsigned int mapcode;

	unsigned int bufpos1, bufpos2;

163
164
	TRACE(("enter put_termcodes"))

165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
	if (tcgetattr(STDIN_FILENO, &tio) == -1) {
		dropbear_log(LOG_WARNING, "Failed reading termmodes");
		buf_putint(ses.writepayload, 1); /* Just the terminator */
		buf_putbyte(ses.writepayload, 0); /* TTY_OP_END */
		return;
	}

	bufpos1 = ses.writepayload->pos;
	buf_putint(ses.writepayload, 0); /* A placeholder for the final length */

	/* As with Dropbear server, we ignore baud rates for now */
	for (sshcode = 1; sshcode < MAX_TERMCODE; sshcode++) {

		termcode = &termcodes[sshcode];
		mapcode = termcode->mapcode;

		switch (termcode->type) {

			case TERMCODE_NONE:
				continue;

			case TERMCODE_CONTROLCHAR:
				value = tio.c_cc[mapcode];
				break;

			case TERMCODE_INPUT:
				value = tio.c_iflag & mapcode;
				break;

			case TERMCODE_OUTPUT:
				value = tio.c_oflag & mapcode;
				break;

			case TERMCODE_LOCAL:
				value = tio.c_lflag & mapcode;
				break;

			case TERMCODE_CONTROL:
				value = tio.c_cflag & mapcode;
				break;

			default:
				continue;

		}

		/* If we reach here, we have something to say */
		buf_putbyte(ses.writepayload, sshcode);
		buf_putint(ses.writepayload, value);
	}

	buf_putbyte(ses.writepayload, 0); /* THE END, aka TTY_OP_END */

	/* Put the string length at the start of the buffer */
	bufpos2 = ses.writepayload->pos;

	buf_setpos(ses.writepayload, bufpos1); /* Jump back */
222
	buf_putint(ses.writepayload, bufpos2 - bufpos1 - 4); /* len(termcodes) */
223
224
	buf_setpos(ses.writepayload, bufpos2); /* Back where we were */

225
	TRACE(("leave put_termcodes"))
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
}

static void put_winsize() {

	struct winsize ws;

	if (ioctl(STDIN_FILENO, TIOCGWINSZ, &ws) < 0) {
		/* Some sane defaults */
		ws.ws_row = 25;
		ws.ws_col = 80;
		ws.ws_xpixel = 0;
		ws.ws_ypixel = 0;
	}

	buf_putint(ses.writepayload, ws.ws_col); /* Cols */
	buf_putint(ses.writepayload, ws.ws_row); /* Rows */
	buf_putint(ses.writepayload, ws.ws_xpixel); /* Width */
	buf_putint(ses.writepayload, ws.ws_ypixel); /* Height */

}

247
static void sigwinch_handler(int UNUSED(unused)) {
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263

	cli_ses.winchange = 1;

}

void cli_chansess_winchange() {

	unsigned int i;
	struct Channel *channel = NULL;

	for (i = 0; i < ses.chansize; i++) {
		channel = ses.channels[i];
		if (channel != NULL && channel->type == &clichansess) {
			CHECKCLEARTOWRITE();
			buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
			buf_putint(ses.writepayload, channel->remotechan);
264
			buf_putstring(ses.writepayload, "window-change", 13);
265
266
267
268
269
270
271
272
			buf_putbyte(ses.writepayload, 0); /* FALSE says the spec */
			put_winsize();
			encrypt_packet();
		}
	}
	cli_ses.winchange = 0;
}

273
274
static void send_chansess_pty_req(struct Channel *channel) {

275
	char* term = NULL;
276

277
	TRACE(("enter send_chansess_pty_req"))
278

279
	start_send_channel_request(channel, "pty-req");
280

281
282
283
284
	/* Don't want replies */
	buf_putbyte(ses.writepayload, 0);

	/* Get the terminal */
285
286
	term = getenv("TERM");
	if (term == NULL) {
287
		term = "vt100"; /* Seems a safe default */
288
	}
289
	buf_putstring(ses.writepayload, term, strlen(term));
290

291
292
293
294
295
	/* Window size */
	put_winsize();

	/* Terminal mode encoding */
	put_termcodes();
296
297

	encrypt_packet();
298
299
300

	/* Set up a window-change handler */
	if (signal(SIGWINCH, sigwinch_handler) == SIG_ERR) {
301
		dropbear_exit("Signal error");
302
	}
303
	TRACE(("leave send_chansess_pty_req"))
304
305
306
307
}

static void send_chansess_shell_req(struct Channel *channel) {

308
	char* reqtype = NULL;
309

310
	TRACE(("enter send_chansess_shell_req"))
311
312

	if (cli_opts.cmd) {
313
314
315
316
317
		if (cli_opts.is_subsystem) {
			reqtype = "subsystem";
		} else {
			reqtype = "exec";
		}
318
319
320
321
	} else {
		reqtype = "shell";
	}

322
	start_send_channel_request(channel, reqtype);
323
324
325
326

	/* XXX TODO */
	buf_putbyte(ses.writepayload, 0); /* Don't want replies */
	if (cli_opts.cmd) {
327
		buf_putstring(ses.writepayload, cli_opts.cmd, strlen(cli_opts.cmd));
328
329
330
	}

	encrypt_packet();
331
	TRACE(("leave send_chansess_shell_req"))
332
333
}

334
335
/* Shared for normal client channel and netcat-alike */
static int cli_init_stdpipe_sess(struct Channel *channel) {
336
	channel->writefd = STDOUT_FILENO;
337
338
	setnonblocking(STDOUT_FILENO);

339
	channel->readfd = STDIN_FILENO;
340
341
	setnonblocking(STDIN_FILENO);

Matt Johnston's avatar
Nasty.    
Matt Johnston committed
342
	channel->errfd = STDERR_FILENO;
343
344
	setnonblocking(STDERR_FILENO);

345
	channel->extrabuf = cbuf_new(opts.recv_window);
346
347
348
	return 0;
}

Matt Johnston's avatar
Matt Johnston committed
349
350
351
352
353
static int cli_init_netcat(struct Channel *channel) {
	channel->prio = DROPBEAR_CHANNEL_PRIO_UNKNOWABLE;
	return cli_init_stdpipe_sess(channel);
}

354
355
356
static int cli_initchansess(struct Channel *channel) {

	cli_init_stdpipe_sess(channel);
357

358
#if DROPBEAR_CLI_AGENTFWD
Matt Johnston's avatar
Matt Johnston committed
359
360
361
362
363
	if (cli_opts.agent_fwd) {
		cli_setup_agent(channel);
	}
#endif

364
365
	if (cli_opts.wantpty) {
		send_chansess_pty_req(channel);
Matt Johnston's avatar
Matt Johnston committed
366
		channel->prio = DROPBEAR_CHANNEL_PRIO_INTERACTIVE;
367
	} else {
Matt Johnston's avatar
Matt Johnston committed
368
		channel->prio = DROPBEAR_CHANNEL_PRIO_BULK;
369
370
371
372
373
374
	}

	send_chansess_shell_req(channel);

	if (cli_opts.wantpty) {
		cli_tty_setup();
375
376
377
		channel->read_mangler = cli_escape_handler;
		cli_ses.last_char = '\r';
	}	
378
379
380
381

	return 0; /* Success */
}

382
#if DROPBEAR_CLI_NETCAT
383

Matt Johnston's avatar
Matt Johnston committed
384
static const struct ChanType cli_chan_netcat = {
385
386
	0, /* sepfds */
	"direct-tcpip",
Matt Johnston's avatar
Matt Johnston committed
387
	cli_init_netcat, /* inithandler */
388
389
390
391
392
	NULL,
	NULL,
	cli_closechansess
};

393
void cli_send_netcat_request() {
394

395
	const char* source_host = "127.0.0.1";
396
	const int source_port = 22;
397

398
	TRACE(("enter cli_send_netcat_request"))
399
400
401
	cli_opts.wantpty = 0;

	if (send_msg_channel_open_init(STDIN_FILENO, &cli_chan_netcat) 
402
403
404
405
			== DROPBEAR_FAILURE) {
		dropbear_exit("Couldn't open initial channel");
	}

406
	buf_putstring(ses.writepayload, cli_opts.netcat_host,
407
408
			strlen(cli_opts.netcat_host));
	buf_putint(ses.writepayload, cli_opts.netcat_port);
409

410
	/* originator ip - localhost is accurate enough */
411
	buf_putstring(ses.writepayload, source_host, strlen(source_host));
412
	buf_putint(ses.writepayload, source_port);
413

414
	encrypt_packet();
415
	TRACE(("leave cli_send_netcat_request"))
416
417
}
#endif
418

419
void cli_send_chansess_request() {
420

421
422
423
424
425
426
427
428
	TRACE(("enter cli_send_chansess_request"))

	if (send_msg_channel_open_init(STDIN_FILENO, &clichansess) 
			== DROPBEAR_FAILURE) {
		dropbear_exit("Couldn't open initial channel");
	}

	/* No special channel request data */
429
	encrypt_packet();
430
	TRACE(("leave cli_send_chansess_request"))
431
432

}
433

Matt Johnston's avatar
Matt Johnston committed
434
/* returns 1 if the character should be consumed, 0 to pass through */
435
436
437
438
439
440
441
static int
do_escape(unsigned char c) {
	switch (c) {
		case '.':
			dropbear_exit("Terminated");
			return 1;
		case 0x1a:
Matt Johnston's avatar
Matt Johnston committed
442
			/* ctrl-z */
443
444
			cli_tty_cleanup();
			kill(getpid(), SIGTSTP);
Matt Johnston's avatar
Matt Johnston committed
445
			/* after continuation */
446
447
448
			cli_tty_setup();
			cli_ses.winchange = 1;
			return 1;
Francois Perrad's avatar
Francois Perrad committed
449
450
		default:
			return 0;
451
452
453
454
	}
}

static
455
void cli_escape_handler(struct Channel* UNUSED(channel), unsigned char* buf, int *len) {
456
457
458
	char c;
	int skip_char = 0;

Matt Johnston's avatar
Matt Johnston committed
459
460
	/* only handle escape characters if they are read one at a time. simplifies 
	   the code and avoids nasty people putting ~. at the start of a line to paste  */
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
	if (*len != 1) {
		cli_ses.last_char = 0x0;
		return;
	}

	c = buf[0];

	if (cli_ses.last_char == DROPBEAR_ESCAPE_CHAR) {
		skip_char = do_escape(c);
		cli_ses.last_char = 0x0;
	} else {
		if (c == DROPBEAR_ESCAPE_CHAR) {
			if (cli_ses.last_char == '\r') {
				cli_ses.last_char = DROPBEAR_ESCAPE_CHAR;
				skip_char = 1;
			} else {
				cli_ses.last_char = 0x0;
			}
		} else {
			cli_ses.last_char = c;
		}
	}

	if (skip_char) {
		*len = 0;
	}
}