gtsocial-umbx

channel.go (16166B)

---

 // Copyright 2011 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
 package ssh
 
 import (
 	"encoding/binary"
 	"errors"
 	"fmt"
 	"io"
 	"log"
 	"sync"
 )
 
 const (
 	minPacketLength = 9
 	// channelMaxPacket contains the maximum number of bytes that will be
 	// sent in a single packet. As per RFC 4253, section 6.1, 32k is also
 	// the minimum.
 	channelMaxPacket = 1 << 15
 	// We follow OpenSSH here.
 	channelWindowSize = 64 * channelMaxPacket
 )
 
 // NewChannel represents an incoming request to a channel. It must either be
 // accepted for use by calling Accept, or rejected by calling Reject.
 type NewChannel interface {
 	// Accept accepts the channel creation request. It returns the Channel
 	// and a Go channel containing SSH requests. The Go channel must be
 	// serviced otherwise the Channel will hang.
 	Accept() (Channel, <-chan *Request, error)
 
 	// Reject rejects the channel creation request. After calling
 	// this, no other methods on the Channel may be called.
 	Reject(reason RejectionReason, message string) error
 
 	// ChannelType returns the type of the channel, as supplied by the
 	// client.
 	ChannelType() string
 
 	// ExtraData returns the arbitrary payload for this channel, as supplied
 	// by the client. This data is specific to the channel type.
 	ExtraData() []byte
 }
 
 // A Channel is an ordered, reliable, flow-controlled, duplex stream
 // that is multiplexed over an SSH connection.
 type Channel interface {
 	// Read reads up to len(data) bytes from the channel.
 	Read(data []byte) (int, error)
 
 	// Write writes len(data) bytes to the channel.
 	Write(data []byte) (int, error)
 
 	// Close signals end of channel use. No data may be sent after this
 	// call.
 	Close() error
 
 	// CloseWrite signals the end of sending in-band
 	// data. Requests may still be sent, and the other side may
 	// still send data
 	CloseWrite() error
 
 	// SendRequest sends a channel request.  If wantReply is true,
 	// it will wait for a reply and return the result as a
 	// boolean, otherwise the return value will be false. Channel
 	// requests are out-of-band messages so they may be sent even
 	// if the data stream is closed or blocked by flow control.
 	// If the channel is closed before a reply is returned, io.EOF
 	// is returned.
 	SendRequest(name string, wantReply bool, payload []byte) (bool, error)
 
 	// Stderr returns an io.ReadWriter that writes to this channel
 	// with the extended data type set to stderr. Stderr may
 	// safely be read and written from a different goroutine than
 	// Read and Write respectively.
 	Stderr() io.ReadWriter
 }
 
 // Request is a request sent outside of the normal stream of
 // data. Requests can either be specific to an SSH channel, or they
 // can be global.
 type Request struct {
 	Type      string
 	WantReply bool
 	Payload   []byte
 
 	ch  *channel
 	mux *mux
 }
 
 // Reply sends a response to a request. It must be called for all requests
 // where WantReply is true and is a no-op otherwise. The payload argument is
 // ignored for replies to channel-specific requests.
 func (r *Request) Reply(ok bool, payload []byte) error {
 	if !r.WantReply {
 		return nil
 	}
 
 	if r.ch == nil {
 		return r.mux.ackRequest(ok, payload)
 	}
 
 	return r.ch.ackRequest(ok)
 }
 
 // RejectionReason is an enumeration used when rejecting channel creation
 // requests. See RFC 4254, section 5.1.
 type RejectionReason uint32
 
 const (
 	Prohibited RejectionReason = iota + 1
 	ConnectionFailed
 	UnknownChannelType
 	ResourceShortage
 )
 
 // String converts the rejection reason to human readable form.
 func (r RejectionReason) String() string {
 	switch r {
 	case Prohibited:
 		return "administratively prohibited"
 	case ConnectionFailed:
 		return "connect failed"
 	case UnknownChannelType:
 		return "unknown channel type"
 	case ResourceShortage:
 		return "resource shortage"
 	}
 	return fmt.Sprintf("unknown reason %d", int(r))
 }
 
 func min(a uint32, b int) uint32 {
 	if a < uint32(b) {
 		return a
 	}
 	return uint32(b)
 }
 
 type channelDirection uint8
 
 const (
 	channelInbound channelDirection = iota
 	channelOutbound
 )
 
 // channel is an implementation of the Channel interface that works
 // with the mux class.
 type channel struct {
 	// R/O after creation
 	chanType          string
 	extraData         []byte
 	localId, remoteId uint32
 
 	// maxIncomingPayload and maxRemotePayload are the maximum
 	// payload sizes of normal and extended data packets for
 	// receiving and sending, respectively. The wire packet will
 	// be 9 or 13 bytes larger (excluding encryption overhead).
 	maxIncomingPayload uint32
 	maxRemotePayload   uint32
 
 	mux *mux
 
 	// decided is set to true if an accept or reject message has been sent
 	// (for outbound channels) or received (for inbound channels).
 	decided bool
 
 	// direction contains either channelOutbound, for channels created
 	// locally, or channelInbound, for channels created by the peer.
 	direction channelDirection
 
 	// Pending internal channel messages.
 	msg chan interface{}
 
 	// Since requests have no ID, there can be only one request
 	// with WantReply=true outstanding.  This lock is held by a
 	// goroutine that has such an outgoing request pending.
 	sentRequestMu sync.Mutex
 
 	incomingRequests chan *Request
 
 	sentEOF bool
 
 	// thread-safe data
 	remoteWin  window
 	pending    *buffer
 	extPending *buffer
 
 	// windowMu protects myWindow, the flow-control window.
 	windowMu sync.Mutex
 	myWindow uint32
 
 	// writeMu serializes calls to mux.conn.writePacket() and
 	// protects sentClose and packetPool. This mutex must be
 	// different from windowMu, as writePacket can block if there
 	// is a key exchange pending.
 	writeMu   sync.Mutex
 	sentClose bool
 
 	// packetPool has a buffer for each extended channel ID to
 	// save allocations during writes.
 	packetPool map[uint32][]byte
 }
 
 // writePacket sends a packet. If the packet is a channel close, it updates
 // sentClose. This method takes the lock c.writeMu.
 func (ch *channel) writePacket(packet []byte) error {
 	ch.writeMu.Lock()
 	if ch.sentClose {
 		ch.writeMu.Unlock()
 		return io.EOF
 	}
 	ch.sentClose = (packet[0] == msgChannelClose)
 	err := ch.mux.conn.writePacket(packet)
 	ch.writeMu.Unlock()
 	return err
 }
 
 func (ch *channel) sendMessage(msg interface{}) error {
 	if debugMux {
 		log.Printf("send(%d): %#v", ch.mux.chanList.offset, msg)
 	}
 
 	p := Marshal(msg)
 	binary.BigEndian.PutUint32(p[1:], ch.remoteId)
 	return ch.writePacket(p)
 }
 
 // WriteExtended writes data to a specific extended stream. These streams are
 // used, for example, for stderr.
 func (ch *channel) WriteExtended(data []byte, extendedCode uint32) (n int, err error) {
 	if ch.sentEOF {
 		return 0, io.EOF
 	}
 	// 1 byte message type, 4 bytes remoteId, 4 bytes data length
 	opCode := byte(msgChannelData)
 	headerLength := uint32(9)
 	if extendedCode > 0 {
 		headerLength += 4
 		opCode = msgChannelExtendedData
 	}
 
 	ch.writeMu.Lock()
 	packet := ch.packetPool[extendedCode]
 	// We don't remove the buffer from packetPool, so
 	// WriteExtended calls from different goroutines will be
 	// flagged as errors by the race detector.
 	ch.writeMu.Unlock()
 
 	for len(data) > 0 {
 		space := min(ch.maxRemotePayload, len(data))
 		if space, err = ch.remoteWin.reserve(space); err != nil {
 			return n, err
 		}
 		if want := headerLength + space; uint32(cap(packet)) < want {
 			packet = make([]byte, want)
 		} else {
 			packet = packet[:want]
 		}
 
 		todo := data[:space]
 
 		packet[0] = opCode
 		binary.BigEndian.PutUint32(packet[1:], ch.remoteId)
 		if extendedCode > 0 {
 			binary.BigEndian.PutUint32(packet[5:], uint32(extendedCode))
 		}
 		binary.BigEndian.PutUint32(packet[headerLength-4:], uint32(len(todo)))
 		copy(packet[headerLength:], todo)
 		if err = ch.writePacket(packet); err != nil {
 			return n, err
 		}
 
 		n += len(todo)
 		data = data[len(todo):]
 	}
 
 	ch.writeMu.Lock()
 	ch.packetPool[extendedCode] = packet
 	ch.writeMu.Unlock()
 
 	return n, err
 }
 
 func (ch *channel) handleData(packet []byte) error {
 	headerLen := 9
 	isExtendedData := packet[0] == msgChannelExtendedData
 	if isExtendedData {
 		headerLen = 13
 	}
 	if len(packet) < headerLen {
 		// malformed data packet
 		return parseError(packet[0])
 	}
 
 	var extended uint32
 	if isExtendedData {
 		extended = binary.BigEndian.Uint32(packet[5:])
 	}
 
 	length := binary.BigEndian.Uint32(packet[headerLen-4 : headerLen])
 	if length == 0 {
 		return nil
 	}
 	if length > ch.maxIncomingPayload {
 		// TODO(hanwen): should send Disconnect?
 		return errors.New("ssh: incoming packet exceeds maximum payload size")
 	}
 
 	data := packet[headerLen:]
 	if length != uint32(len(data)) {
 		return errors.New("ssh: wrong packet length")
 	}
 
 	ch.windowMu.Lock()
 	if ch.myWindow < length {
 		ch.windowMu.Unlock()
 		// TODO(hanwen): should send Disconnect with reason?
 		return errors.New("ssh: remote side wrote too much")
 	}
 	ch.myWindow -= length
 	ch.windowMu.Unlock()
 
 	if extended == 1 {
 		ch.extPending.write(data)
 	} else if extended > 0 {
 		// discard other extended data.
 	} else {
 		ch.pending.write(data)
 	}
 	return nil
 }
 
 func (c *channel) adjustWindow(n uint32) error {
 	c.windowMu.Lock()
 	// Since myWindow is managed on our side, and can never exceed
 	// the initial window setting, we don't worry about overflow.
 	c.myWindow += uint32(n)
 	c.windowMu.Unlock()
 	return c.sendMessage(windowAdjustMsg{
 		AdditionalBytes: uint32(n),
 	})
 }
 
 func (c *channel) ReadExtended(data []byte, extended uint32) (n int, err error) {
 	switch extended {
 	case 1:
 		n, err = c.extPending.Read(data)
 	case 0:
 		n, err = c.pending.Read(data)
 	default:
 		return 0, fmt.Errorf("ssh: extended code %d unimplemented", extended)
 	}
 
 	if n > 0 {
 		err = c.adjustWindow(uint32(n))
 		// sendWindowAdjust can return io.EOF if the remote
 		// peer has closed the connection, however we want to
 		// defer forwarding io.EOF to the caller of Read until
 		// the buffer has been drained.
 		if n > 0 && err == io.EOF {
 			err = nil
 		}
 	}
 
 	return n, err
 }
 
 func (c *channel) close() {
 	c.pending.eof()
 	c.extPending.eof()
 	close(c.msg)
 	close(c.incomingRequests)
 	c.writeMu.Lock()
 	// This is not necessary for a normal channel teardown, but if
 	// there was another error, it is.
 	c.sentClose = true
 	c.writeMu.Unlock()
 	// Unblock writers.
 	c.remoteWin.close()
 }
 
 // responseMessageReceived is called when a success or failure message is
 // received on a channel to check that such a message is reasonable for the
 // given channel.
 func (ch *channel) responseMessageReceived() error {
 	if ch.direction == channelInbound {
 		return errors.New("ssh: channel response message received on inbound channel")
 	}
 	if ch.decided {
 		return errors.New("ssh: duplicate response received for channel")
 	}
 	ch.decided = true
 	return nil
 }
 
 func (ch *channel) handlePacket(packet []byte) error {
 	switch packet[0] {
 	case msgChannelData, msgChannelExtendedData:
 		return ch.handleData(packet)
 	case msgChannelClose:
 		ch.sendMessage(channelCloseMsg{PeersID: ch.remoteId})
 		ch.mux.chanList.remove(ch.localId)
 		ch.close()
 		return nil
 	case msgChannelEOF:
 		// RFC 4254 is mute on how EOF affects dataExt messages but
 		// it is logical to signal EOF at the same time.
 		ch.extPending.eof()
 		ch.pending.eof()
 		return nil
 	}
 
 	decoded, err := decode(packet)
 	if err != nil {
 		return err
 	}
 
 	switch msg := decoded.(type) {
 	case *channelOpenFailureMsg:
 		if err := ch.responseMessageReceived(); err != nil {
 			return err
 		}
 		ch.mux.chanList.remove(msg.PeersID)
 		ch.msg <- msg
 	case *channelOpenConfirmMsg:
 		if err := ch.responseMessageReceived(); err != nil {
 			return err
 		}
 		if msg.MaxPacketSize < minPacketLength || msg.MaxPacketSize > 1<<31 {
 			return fmt.Errorf("ssh: invalid MaxPacketSize %d from peer", msg.MaxPacketSize)
 		}
 		ch.remoteId = msg.MyID
 		ch.maxRemotePayload = msg.MaxPacketSize
 		ch.remoteWin.add(msg.MyWindow)
 		ch.msg <- msg
 	case *windowAdjustMsg:
 		if !ch.remoteWin.add(msg.AdditionalBytes) {
 			return fmt.Errorf("ssh: invalid window update for %d bytes", msg.AdditionalBytes)
 		}
 	case *channelRequestMsg:
 		req := Request{
 			Type:      msg.Request,
 			WantReply: msg.WantReply,
 			Payload:   msg.RequestSpecificData,
 			ch:        ch,
 		}
 
 		ch.incomingRequests <- &req
 	default:
 		ch.msg <- msg
 	}
 	return nil
 }
 
 func (m *mux) newChannel(chanType string, direction channelDirection, extraData []byte) *channel {
 	ch := &channel{
 		remoteWin:        window{Cond: newCond()},
 		myWindow:         channelWindowSize,
 		pending:          newBuffer(),
 		extPending:       newBuffer(),
 		direction:        direction,
 		incomingRequests: make(chan *Request, chanSize),
 		msg:              make(chan interface{}, chanSize),
 		chanType:         chanType,
 		extraData:        extraData,
 		mux:              m,
 		packetPool:       make(map[uint32][]byte),
 	}
 	ch.localId = m.chanList.add(ch)
 	return ch
 }
 
 var errUndecided = errors.New("ssh: must Accept or Reject channel")
 var errDecidedAlready = errors.New("ssh: can call Accept or Reject only once")
 
 type extChannel struct {
 	code uint32
 	ch   *channel
 }
 
 func (e *extChannel) Write(data []byte) (n int, err error) {
 	return e.ch.WriteExtended(data, e.code)
 }
 
 func (e *extChannel) Read(data []byte) (n int, err error) {
 	return e.ch.ReadExtended(data, e.code)
 }
 
 func (ch *channel) Accept() (Channel, <-chan *Request, error) {
 	if ch.decided {
 		return nil, nil, errDecidedAlready
 	}
 	ch.maxIncomingPayload = channelMaxPacket
 	confirm := channelOpenConfirmMsg{
 		PeersID:       ch.remoteId,
 		MyID:          ch.localId,
 		MyWindow:      ch.myWindow,
 		MaxPacketSize: ch.maxIncomingPayload,
 	}
 	ch.decided = true
 	if err := ch.sendMessage(confirm); err != nil {
 		return nil, nil, err
 	}
 
 	return ch, ch.incomingRequests, nil
 }
 
 func (ch *channel) Reject(reason RejectionReason, message string) error {
 	if ch.decided {
 		return errDecidedAlready
 	}
 	reject := channelOpenFailureMsg{
 		PeersID:  ch.remoteId,
 		Reason:   reason,
 		Message:  message,
 		Language: "en",
 	}
 	ch.decided = true
 	return ch.sendMessage(reject)
 }
 
 func (ch *channel) Read(data []byte) (int, error) {
 	if !ch.decided {
 		return 0, errUndecided
 	}
 	return ch.ReadExtended(data, 0)
 }
 
 func (ch *channel) Write(data []byte) (int, error) {
 	if !ch.decided {
 		return 0, errUndecided
 	}
 	return ch.WriteExtended(data, 0)
 }
 
 func (ch *channel) CloseWrite() error {
 	if !ch.decided {
 		return errUndecided
 	}
 	ch.sentEOF = true
 	return ch.sendMessage(channelEOFMsg{
 		PeersID: ch.remoteId})
 }
 
 func (ch *channel) Close() error {
 	if !ch.decided {
 		return errUndecided
 	}
 
 	return ch.sendMessage(channelCloseMsg{
 		PeersID: ch.remoteId})
 }
 
 // Extended returns an io.ReadWriter that sends and receives data on the given,
 // SSH extended stream. Such streams are used, for example, for stderr.
 func (ch *channel) Extended(code uint32) io.ReadWriter {
 	if !ch.decided {
 		return nil
 	}
 	return &extChannel{code, ch}
 }
 
 func (ch *channel) Stderr() io.ReadWriter {
 	return ch.Extended(1)
 }
 
 func (ch *channel) SendRequest(name string, wantReply bool, payload []byte) (bool, error) {
 	if !ch.decided {
 		return false, errUndecided
 	}
 
 	if wantReply {
 		ch.sentRequestMu.Lock()
 		defer ch.sentRequestMu.Unlock()
 	}
 
 	msg := channelRequestMsg{
 		PeersID:             ch.remoteId,
 		Request:             name,
 		WantReply:           wantReply,
 		RequestSpecificData: payload,
 	}
 
 	if err := ch.sendMessage(msg); err != nil {
 		return false, err
 	}
 
 	if wantReply {
 		m, ok := (<-ch.msg)
 		if !ok {
 			return false, io.EOF
 		}
 		switch m.(type) {
 		case *channelRequestFailureMsg:
 			return false, nil
 		case *channelRequestSuccessMsg:
 			return true, nil
 		default:
 			return false, fmt.Errorf("ssh: unexpected response to channel request: %#v", m)
 		}
 	}
 
 	return false, nil
 }
 
 // ackRequest either sends an ack or nack to the channel request.
 func (ch *channel) ackRequest(ok bool) error {
 	if !ch.decided {
 		return errUndecided
 	}
 
 	var msg interface{}
 	if !ok {
 		msg = channelRequestFailureMsg{
 			PeersID: ch.remoteId,
 		}
 	} else {
 		msg = channelRequestSuccessMsg{
 			PeersID: ch.remoteId,
 		}
 	}
 	return ch.sendMessage(msg)
 }
 
 func (ch *channel) ChannelType() string {
 	return ch.chanType
 }
 
 func (ch *channel) ExtraData() []byte {
 	return ch.extraData
 }