1/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */
2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 *                    All rights reserved
6 * The main loop for the interactive session (client side).
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose.  Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 *
14 *
15 * Copyright (c) 1999 Theo de Raadt.  All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 * 1. Redistributions of source code must retain the above copyright
21 *    notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 *    notice, this list of conditions and the following disclaimer in the
24 *    documentation and/or other materials provided with the distribution.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 *
37 *
38 * SSH2 support added by Markus Friedl.
39 * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
40 *
41 * Redistribution and use in source and binary forms, with or without
42 * modification, are permitted provided that the following conditions
43 * are met:
44 * 1. Redistributions of source code must retain the above copyright
45 *    notice, this list of conditions and the following disclaimer.
46 * 2. Redistributions in binary form must reproduce the above copyright
47 *    notice, this list of conditions and the following disclaimer in the
48 *    documentation and/or other materials provided with the distribution.
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
51 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
52 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
53 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
54 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
55 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
56 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
57 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
58 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
59 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
60 */
61
62#include "includes.h"
63
64#include <sys/types.h>
65#include <sys/ioctl.h>
66#include <sys/param.h>
67#ifdef HAVE_SYS_STAT_H
68# include <sys/stat.h>
69#endif
70#ifdef HAVE_SYS_TIME_H
71# include <sys/time.h>
72#endif
73#include <sys/socket.h>
74
75#include <ctype.h>
76#include <errno.h>
77#ifdef HAVE_PATHS_H
78#include <paths.h>
79#endif
80#include <signal.h>
81#include <stdarg.h>
82#include <stdio.h>
83#include <stdlib.h>
84#include <string.h>
85#include <termios.h>
86#include <pwd.h>
87#include <unistd.h>
88
89#include "openbsd-compat/sys-queue.h"
90#include "xmalloc.h"
91#include "ssh.h"
92#include "ssh1.h"
93#include "ssh2.h"
94#include "packet.h"
95#include "buffer.h"
96#include "compat.h"
97#include "channels.h"
98#include "dispatch.h"
99#include "key.h"
100#include "cipher.h"
101#include "kex.h"
102#include "log.h"
103#include "readconf.h"
104#include "clientloop.h"
105#include "sshconnect.h"
106#include "authfd.h"
107#include "atomicio.h"
108#include "sshpty.h"
109#include "misc.h"
110#include "match.h"
111#include "msg.h"
112#include "roaming.h"
113
114/* import options */
115extern Options options;
116
117/* Flag indicating that stdin should be redirected from /dev/null. */
118extern int stdin_null_flag;
119
120/* Flag indicating that no shell has been requested */
121extern int no_shell_flag;
122
123/* Control socket */
124extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */
125
126/*
127 * Name of the host we are connecting to.  This is the name given on the
128 * command line, or the HostName specified for the user-supplied name in a
129 * configuration file.
130 */
131extern char *host;
132
133/*
134 * Flag to indicate that we have received a window change signal which has
135 * not yet been processed.  This will cause a message indicating the new
136 * window size to be sent to the server a little later.  This is volatile
137 * because this is updated in a signal handler.
138 */
139static volatile sig_atomic_t received_window_change_signal = 0;
140static volatile sig_atomic_t received_signal = 0;
141
142/* Flag indicating whether the user's terminal is in non-blocking mode. */
143static int in_non_blocking_mode = 0;
144
145/* Time when backgrounded control master using ControlPersist should exit */
146static time_t control_persist_exit_time = 0;
147
148/* Common data for the client loop code. */
149volatile sig_atomic_t quit_pending; /* Set non-zero to quit the loop. */
150static int escape_char1;	/* Escape character. (proto1 only) */
151static int escape_pending1;	/* Last character was an escape (proto1 only) */
152static int last_was_cr;		/* Last character was a newline. */
153static int exit_status;		/* Used to store the command exit status. */
154static int stdin_eof;		/* EOF has been encountered on stderr. */
155static Buffer stdin_buffer;	/* Buffer for stdin data. */
156static Buffer stdout_buffer;	/* Buffer for stdout data. */
157static Buffer stderr_buffer;	/* Buffer for stderr data. */
158static u_int buffer_high;	/* Soft max buffer size. */
159static int connection_in;	/* Connection to server (input). */
160static int connection_out;	/* Connection to server (output). */
161static int need_rekeying;	/* Set to non-zero if rekeying is requested. */
162static int session_closed;	/* In SSH2: login session closed. */
163static int x11_refuse_time;	/* If >0, refuse x11 opens after this time. */
164
165static void client_init_dispatch(void);
166int	session_ident = -1;
167
168int	session_resumed = 0;
169
170/* Track escape per proto2 channel */
171struct escape_filter_ctx {
172	int escape_pending;
173	int escape_char;
174};
175
176/* Context for channel confirmation replies */
177struct channel_reply_ctx {
178	const char *request_type;
179	int id;
180	enum confirm_action action;
181};
182
183/* Global request success/failure callbacks */
184struct global_confirm {
185	TAILQ_ENTRY(global_confirm) entry;
186	global_confirm_cb *cb;
187	void *ctx;
188	int ref_count;
189};
190TAILQ_HEAD(global_confirms, global_confirm);
191static struct global_confirms global_confirms =
192    TAILQ_HEAD_INITIALIZER(global_confirms);
193
194/*XXX*/
195extern Kex *xxx_kex;
196
197void ssh_process_session2_setup(int, int, int, Buffer *);
198
199/* Restores stdin to blocking mode. */
200
201static void
202leave_non_blocking(void)
203{
204	if (in_non_blocking_mode) {
205		unset_nonblock(fileno(stdin));
206		in_non_blocking_mode = 0;
207	}
208}
209
210/* Puts stdin terminal in non-blocking mode. */
211
212static void
213enter_non_blocking(void)
214{
215	in_non_blocking_mode = 1;
216	set_nonblock(fileno(stdin));
217}
218
219/*
220 * Signal handler for the window change signal (SIGWINCH).  This just sets a
221 * flag indicating that the window has changed.
222 */
223/*ARGSUSED */
224static void
225window_change_handler(int sig)
226{
227	received_window_change_signal = 1;
228	signal(SIGWINCH, window_change_handler);
229}
230
231/*
232 * Signal handler for signals that cause the program to terminate.  These
233 * signals must be trapped to restore terminal modes.
234 */
235/*ARGSUSED */
236static void
237signal_handler(int sig)
238{
239	received_signal = sig;
240	quit_pending = 1;
241}
242
243/*
244 * Returns current time in seconds from Jan 1, 1970 with the maximum
245 * available resolution.
246 */
247
248static double
249get_current_time(void)
250{
251	struct timeval tv;
252	gettimeofday(&tv, NULL);
253	return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0;
254}
255
256/*
257 * Sets control_persist_exit_time to the absolute time when the
258 * backgrounded control master should exit due to expiry of the
259 * ControlPersist timeout.  Sets it to 0 if we are not a backgrounded
260 * control master process, or if there is no ControlPersist timeout.
261 */
262static void
263set_control_persist_exit_time(void)
264{
265	if (muxserver_sock == -1 || !options.control_persist
266	    || options.control_persist_timeout == 0) {
267		/* not using a ControlPersist timeout */
268		control_persist_exit_time = 0;
269	} else if (channel_still_open()) {
270		/* some client connections are still open */
271		if (control_persist_exit_time > 0)
272			debug2("%s: cancel scheduled exit", __func__);
273		control_persist_exit_time = 0;
274	} else if (control_persist_exit_time <= 0) {
275		/* a client connection has recently closed */
276		control_persist_exit_time = time(NULL) +
277			(time_t)options.control_persist_timeout;
278		debug2("%s: schedule exit in %d seconds", __func__,
279		    options.control_persist_timeout);
280	}
281	/* else we are already counting down to the timeout */
282}
283
284#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
285void
286client_x11_get_proto(const char *display, const char *xauth_path,
287    u_int trusted, u_int timeout, char **_proto, char **_data)
288{
289	char cmd[1024];
290	char line[512];
291	char xdisplay[512];
292	static char proto[512], data[512];
293	FILE *f;
294	int got_data = 0, generated = 0, do_unlink = 0, i;
295	char *xauthdir, *xauthfile;
296	struct stat st;
297	u_int now;
298
299	xauthdir = xauthfile = NULL;
300	*_proto = proto;
301	*_data = data;
302	proto[0] = data[0] = '\0';
303
304	if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
305		debug("No xauth program.");
306	} else {
307		if (display == NULL) {
308			debug("x11_get_proto: DISPLAY not set");
309			return;
310		}
311		/*
312		 * Handle FamilyLocal case where $DISPLAY does
313		 * not match an authorization entry.  For this we
314		 * just try "xauth list unix:displaynum.screennum".
315		 * XXX: "localhost" match to determine FamilyLocal
316		 *      is not perfect.
317		 */
318		if (strncmp(display, "localhost:", 10) == 0) {
319			snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
320			    display + 10);
321			display = xdisplay;
322		}
323		if (trusted == 0) {
324			xauthdir = xmalloc(MAXPATHLEN);
325			xauthfile = xmalloc(MAXPATHLEN);
326			mktemp_proto(xauthdir, MAXPATHLEN);
327			if (mkdtemp(xauthdir) != NULL) {
328				do_unlink = 1;
329				snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile",
330				    xauthdir);
331				snprintf(cmd, sizeof(cmd),
332				    "%s -f %s generate %s " SSH_X11_PROTO
333				    " untrusted timeout %u 2>" _PATH_DEVNULL,
334				    xauth_path, xauthfile, display, timeout);
335				debug2("x11_get_proto: %s", cmd);
336				if (system(cmd) == 0)
337					generated = 1;
338				if (x11_refuse_time == 0) {
339					now = time(NULL) + 1;
340					if (UINT_MAX - timeout < now)
341						x11_refuse_time = UINT_MAX;
342					else
343						x11_refuse_time = now + timeout;
344				}
345			}
346		}
347
348		/*
349		 * When in untrusted mode, we read the cookie only if it was
350		 * successfully generated as an untrusted one in the step
351		 * above.
352		 */
353		if (trusted || generated) {
354			snprintf(cmd, sizeof(cmd),
355			    "%s %s%s list %s 2>" _PATH_DEVNULL,
356			    xauth_path,
357			    generated ? "-f " : "" ,
358			    generated ? xauthfile : "",
359			    display);
360			debug2("x11_get_proto: %s", cmd);
361			f = popen(cmd, "r");
362			if (f && fgets(line, sizeof(line), f) &&
363			    sscanf(line, "%*s %511s %511s", proto, data) == 2)
364				got_data = 1;
365			if (f)
366				pclose(f);
367		} else
368			error("Warning: untrusted X11 forwarding setup failed: "
369			    "xauth key data not generated");
370	}
371
372	if (do_unlink) {
373		unlink(xauthfile);
374		rmdir(xauthdir);
375	}
376	if (xauthdir)
377		xfree(xauthdir);
378	if (xauthfile)
379		xfree(xauthfile);
380
381	/*
382	 * If we didn't get authentication data, just make up some
383	 * data.  The forwarding code will check the validity of the
384	 * response anyway, and substitute this data.  The X11
385	 * server, however, will ignore this fake data and use
386	 * whatever authentication mechanisms it was using otherwise
387	 * for the local connection.
388	 */
389	if (!got_data) {
390		u_int32_t rnd = 0;
391
392		logit("Warning: No xauth data; "
393		    "using fake authentication data for X11 forwarding.");
394		strlcpy(proto, SSH_X11_PROTO, sizeof proto);
395		for (i = 0; i < 16; i++) {
396			if (i % 4 == 0)
397				rnd = arc4random();
398			snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
399			    rnd & 0xff);
400			rnd >>= 8;
401		}
402	}
403}
404
405/*
406 * This is called when the interactive is entered.  This checks if there is
407 * an EOF coming on stdin.  We must check this explicitly, as select() does
408 * not appear to wake up when redirecting from /dev/null.
409 */
410
411static void
412client_check_initial_eof_on_stdin(void)
413{
414	int len;
415	char buf[1];
416
417	/*
418	 * If standard input is to be "redirected from /dev/null", we simply
419	 * mark that we have seen an EOF and send an EOF message to the
420	 * server. Otherwise, we try to read a single character; it appears
421	 * that for some files, such /dev/null, select() never wakes up for
422	 * read for this descriptor, which means that we never get EOF.  This
423	 * way we will get the EOF if stdin comes from /dev/null or similar.
424	 */
425	if (stdin_null_flag) {
426		/* Fake EOF on stdin. */
427		debug("Sending eof.");
428		stdin_eof = 1;
429		packet_start(SSH_CMSG_EOF);
430		packet_send();
431	} else {
432		enter_non_blocking();
433
434		/* Check for immediate EOF on stdin. */
435		len = read(fileno(stdin), buf, 1);
436		if (len == 0) {
437			/*
438			 * EOF.  Record that we have seen it and send
439			 * EOF to server.
440			 */
441			debug("Sending eof.");
442			stdin_eof = 1;
443			packet_start(SSH_CMSG_EOF);
444			packet_send();
445		} else if (len > 0) {
446			/*
447			 * Got data.  We must store the data in the buffer,
448			 * and also process it as an escape character if
449			 * appropriate.
450			 */
451			if ((u_char) buf[0] == escape_char1)
452				escape_pending1 = 1;
453			else
454				buffer_append(&stdin_buffer, buf, 1);
455		}
456		leave_non_blocking();
457	}
458}
459
460
461/*
462 * Make packets from buffered stdin data, and buffer them for sending to the
463 * connection.
464 */
465
466static void
467client_make_packets_from_stdin_data(void)
468{
469	u_int len;
470
471	/* Send buffered stdin data to the server. */
472	while (buffer_len(&stdin_buffer) > 0 &&
473	    packet_not_very_much_data_to_write()) {
474		len = buffer_len(&stdin_buffer);
475		/* Keep the packets at reasonable size. */
476		if (len > packet_get_maxsize())
477			len = packet_get_maxsize();
478		packet_start(SSH_CMSG_STDIN_DATA);
479		packet_put_string(buffer_ptr(&stdin_buffer), len);
480		packet_send();
481		buffer_consume(&stdin_buffer, len);
482		/* If we have a pending EOF, send it now. */
483		if (stdin_eof && buffer_len(&stdin_buffer) == 0) {
484			packet_start(SSH_CMSG_EOF);
485			packet_send();
486		}
487	}
488}
489
490/*
491 * Checks if the client window has changed, and sends a packet about it to
492 * the server if so.  The actual change is detected elsewhere (by a software
493 * interrupt on Unix); this just checks the flag and sends a message if
494 * appropriate.
495 */
496
497static void
498client_check_window_change(void)
499{
500	struct winsize ws;
501
502	if (! received_window_change_signal)
503		return;
504	/** XXX race */
505	received_window_change_signal = 0;
506
507	debug2("client_check_window_change: changed");
508
509	if (compat20) {
510		channel_send_window_changes();
511	} else {
512		if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
513			return;
514		packet_start(SSH_CMSG_WINDOW_SIZE);
515		packet_put_int((u_int)ws.ws_row);
516		packet_put_int((u_int)ws.ws_col);
517		packet_put_int((u_int)ws.ws_xpixel);
518		packet_put_int((u_int)ws.ws_ypixel);
519		packet_send();
520	}
521}
522
523static void
524client_global_request_reply(int type, u_int32_t seq, void *ctxt)
525{
526	struct global_confirm *gc;
527
528	if ((gc = TAILQ_FIRST(&global_confirms)) == NULL)
529		return;
530	if (gc->cb != NULL)
531		gc->cb(type, seq, gc->ctx);
532	if (--gc->ref_count <= 0) {
533		TAILQ_REMOVE(&global_confirms, gc, entry);
534		bzero(gc, sizeof(*gc));
535		xfree(gc);
536	}
537
538	packet_set_alive_timeouts(0);
539}
540
541static void
542server_alive_check(void)
543{
544	if (packet_inc_alive_timeouts() > options.server_alive_count_max) {
545		logit("Timeout, server %s not responding.", host);
546		cleanup_exit(255);
547	}
548	packet_start(SSH2_MSG_GLOBAL_REQUEST);
549	packet_put_cstring("keepalive@openssh.com");
550	packet_put_char(1);     /* boolean: want reply */
551	packet_send();
552	/* Insert an empty placeholder to maintain ordering */
553	client_register_global_confirm(NULL, NULL);
554}
555
556/*
557 * Waits until the client can do something (some data becomes available on
558 * one of the file descriptors).
559 */
560static void
561client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
562    int *maxfdp, u_int *nallocp, int rekeying)
563{
564	struct timeval tv, *tvp;
565	int timeout_secs;
566	int ret;
567
568	/* Add any selections by the channel mechanism. */
569	channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying);
570
571	if (!compat20) {
572		/* Read from the connection, unless our buffers are full. */
573		if (buffer_len(&stdout_buffer) < buffer_high &&
574		    buffer_len(&stderr_buffer) < buffer_high &&
575		    channel_not_very_much_buffered_data())
576			FD_SET(connection_in, *readsetp);
577		/*
578		 * Read from stdin, unless we have seen EOF or have very much
579		 * buffered data to send to the server.
580		 */
581		if (!stdin_eof && packet_not_very_much_data_to_write())
582			FD_SET(fileno(stdin), *readsetp);
583
584		/* Select stdout/stderr if have data in buffer. */
585		if (buffer_len(&stdout_buffer) > 0)
586			FD_SET(fileno(stdout), *writesetp);
587		if (buffer_len(&stderr_buffer) > 0)
588			FD_SET(fileno(stderr), *writesetp);
589	} else {
590		/* channel_prepare_select could have closed the last channel */
591		if (session_closed && !channel_still_open() &&
592		    !packet_have_data_to_write()) {
593			/* clear mask since we did not call select() */
594			memset(*readsetp, 0, *nallocp);
595			memset(*writesetp, 0, *nallocp);
596			return;
597		} else {
598			FD_SET(connection_in, *readsetp);
599		}
600	}
601
602	/* Select server connection if have data to write to the server. */
603	if (packet_have_data_to_write())
604		FD_SET(connection_out, *writesetp);
605
606	/*
607	 * Wait for something to happen.  This will suspend the process until
608	 * some selected descriptor can be read, written, or has some other
609	 * event pending, or a timeout expires.
610	 */
611
612	timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */
613	if (options.server_alive_interval > 0 && compat20)
614		timeout_secs = options.server_alive_interval;
615	set_control_persist_exit_time();
616	if (control_persist_exit_time > 0) {
617		timeout_secs = MIN(timeout_secs,
618			control_persist_exit_time - time(NULL));
619		if (timeout_secs < 0)
620			timeout_secs = 0;
621	}
622	if (timeout_secs == INT_MAX)
623		tvp = NULL;
624	else {
625		tv.tv_sec = timeout_secs;
626		tv.tv_usec = 0;
627		tvp = &tv;
628	}
629
630	ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
631	if (ret < 0) {
632		char buf[100];
633
634		/*
635		 * We have to clear the select masks, because we return.
636		 * We have to return, because the mainloop checks for the flags
637		 * set by the signal handlers.
638		 */
639		memset(*readsetp, 0, *nallocp);
640		memset(*writesetp, 0, *nallocp);
641
642		if (errno == EINTR)
643			return;
644		/* Note: we might still have data in the buffers. */
645		snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno));
646		buffer_append(&stderr_buffer, buf, strlen(buf));
647		quit_pending = 1;
648	} else if (ret == 0)
649		server_alive_check();
650}
651
652static void
653client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
654{
655	/* Flush stdout and stderr buffers. */
656	if (buffer_len(bout) > 0)
657		atomicio(vwrite, fileno(stdout), buffer_ptr(bout),
658		    buffer_len(bout));
659	if (buffer_len(berr) > 0)
660		atomicio(vwrite, fileno(stderr), buffer_ptr(berr),
661		    buffer_len(berr));
662
663	leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
664
665	/*
666	 * Free (and clear) the buffer to reduce the amount of data that gets
667	 * written to swap.
668	 */
669	buffer_free(bin);
670	buffer_free(bout);
671	buffer_free(berr);
672
673	/* Send the suspend signal to the program itself. */
674	kill(getpid(), SIGTSTP);
675
676	/* Reset window sizes in case they have changed */
677	received_window_change_signal = 1;
678
679	/* OK, we have been continued by the user. Reinitialize buffers. */
680	buffer_init(bin);
681	buffer_init(bout);
682	buffer_init(berr);
683
684	enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
685}
686
687static void
688client_process_net_input(fd_set *readset)
689{
690	int len, cont = 0;
691	char buf[SSH_IOBUFSZ];
692
693	/*
694	 * Read input from the server, and add any such data to the buffer of
695	 * the packet subsystem.
696	 */
697	if (FD_ISSET(connection_in, readset)) {
698		/* Read as much as possible. */
699		len = roaming_read(connection_in, buf, sizeof(buf), &cont);
700		if (len == 0 && cont == 0) {
701			/*
702			 * Received EOF.  The remote host has closed the
703			 * connection.
704			 */
705			snprintf(buf, sizeof buf,
706			    "Connection to %.300s closed by remote host.\r\n",
707			    host);
708			buffer_append(&stderr_buffer, buf, strlen(buf));
709			quit_pending = 1;
710			return;
711		}
712		/*
713		 * There is a kernel bug on Solaris that causes select to
714		 * sometimes wake up even though there is no data available.
715		 */
716		if (len < 0 &&
717		    (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
718			len = 0;
719
720		if (len < 0) {
721			/*
722			 * An error has encountered.  Perhaps there is a
723			 * network problem.
724			 */
725			snprintf(buf, sizeof buf,
726			    "Read from remote host %.300s: %.100s\r\n",
727			    host, strerror(errno));
728			buffer_append(&stderr_buffer, buf, strlen(buf));
729			quit_pending = 1;
730			return;
731		}
732		packet_process_incoming(buf, len);
733	}
734}
735
736static void
737client_status_confirm(int type, Channel *c, void *ctx)
738{
739	struct channel_reply_ctx *cr = (struct channel_reply_ctx *)ctx;
740	char errmsg[256];
741	int tochan;
742
743	/*
744	 * If a TTY was explicitly requested, then a failure to allocate
745	 * one is fatal.
746	 */
747	if (cr->action == CONFIRM_TTY &&
748	    (options.request_tty == REQUEST_TTY_FORCE ||
749	    options.request_tty == REQUEST_TTY_YES))
750		cr->action = CONFIRM_CLOSE;
751
752	/* XXX supress on mux _client_ quietmode */
753	tochan = options.log_level >= SYSLOG_LEVEL_ERROR &&
754	    c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE;
755
756	if (type == SSH2_MSG_CHANNEL_SUCCESS) {
757		debug2("%s request accepted on channel %d",
758		    cr->request_type, c->self);
759	} else if (type == SSH2_MSG_CHANNEL_FAILURE) {
760		if (tochan) {
761			snprintf(errmsg, sizeof(errmsg),
762			    "%s request failed\r\n", cr->request_type);
763		} else {
764			snprintf(errmsg, sizeof(errmsg),
765			    "%s request failed on channel %d",
766			    cr->request_type, c->self);
767		}
768		/* If error occurred on primary session channel, then exit */
769		if (cr->action == CONFIRM_CLOSE && c->self == session_ident)
770			fatal("%s", errmsg);
771		/*
772		 * If error occurred on mux client, append to
773		 * their stderr.
774		 */
775		if (tochan) {
776			buffer_append(&c->extended, errmsg,
777			    strlen(errmsg));
778		} else
779			error("%s", errmsg);
780		if (cr->action == CONFIRM_TTY) {
781			/*
782			 * If a TTY allocation error occurred, then arrange
783			 * for the correct TTY to leave raw mode.
784			 */
785			if (c->self == session_ident)
786				leave_raw_mode(0);
787			else
788				mux_tty_alloc_failed(c);
789		} else if (cr->action == CONFIRM_CLOSE) {
790			chan_read_failed(c);
791			chan_write_failed(c);
792		}
793	}
794	xfree(cr);
795}
796
797static void
798client_abandon_status_confirm(Channel *c, void *ctx)
799{
800	xfree(ctx);
801}
802
803void
804client_expect_confirm(int id, const char *request,
805    enum confirm_action action)
806{
807	struct channel_reply_ctx *cr = xmalloc(sizeof(*cr));
808
809	cr->request_type = request;
810	cr->action = action;
811
812	channel_register_status_confirm(id, client_status_confirm,
813	    client_abandon_status_confirm, cr);
814}
815
816void
817client_register_global_confirm(global_confirm_cb *cb, void *ctx)
818{
819	struct global_confirm *gc, *last_gc;
820
821	/* Coalesce identical callbacks */
822	last_gc = TAILQ_LAST(&global_confirms, global_confirms);
823	if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) {
824		if (++last_gc->ref_count >= INT_MAX)
825			fatal("%s: last_gc->ref_count = %d",
826			    __func__, last_gc->ref_count);
827		return;
828	}
829
830	gc = xmalloc(sizeof(*gc));
831	gc->cb = cb;
832	gc->ctx = ctx;
833	gc->ref_count = 1;
834	TAILQ_INSERT_TAIL(&global_confirms, gc, entry);
835}
836
837static void
838process_cmdline(void)
839{
840	void (*handler)(int);
841	char *s, *cmd, *cancel_host;
842	int delete = 0;
843	int local = 0, remote = 0, dynamic = 0;
844	int cancel_port;
845	Forward fwd;
846
847	bzero(&fwd, sizeof(fwd));
848	fwd.listen_host = fwd.connect_host = NULL;
849
850	leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
851	handler = signal(SIGINT, SIG_IGN);
852	cmd = s = read_passphrase("\r\nssh> ", RP_ECHO);
853	if (s == NULL)
854		goto out;
855	while (isspace(*s))
856		s++;
857	if (*s == '-')
858		s++;	/* Skip cmdline '-', if any */
859	if (*s == '\0')
860		goto out;
861
862	if (*s == 'h' || *s == 'H' || *s == '?') {
863		logit("Commands:");
864		logit("      -L[bind_address:]port:host:hostport    "
865		    "Request local forward");
866		logit("      -R[bind_address:]port:host:hostport    "
867		    "Request remote forward");
868		logit("      -D[bind_address:]port                  "
869		    "Request dynamic forward");
870		logit("      -KR[bind_address:]port                 "
871		    "Cancel remote forward");
872		if (!options.permit_local_command)
873			goto out;
874		logit("      !args                                  "
875		    "Execute local command");
876		goto out;
877	}
878
879	if (*s == '!' && options.permit_local_command) {
880		s++;
881		ssh_local_cmd(s);
882		goto out;
883	}
884
885	if (*s == 'K') {
886		delete = 1;
887		s++;
888	}
889	if (*s == 'L')
890		local = 1;
891	else if (*s == 'R')
892		remote = 1;
893	else if (*s == 'D')
894		dynamic = 1;
895	else {
896		logit("Invalid command.");
897		goto out;
898	}
899
900	if ((local || dynamic) && delete) {
901		logit("Not supported.");
902		goto out;
903	}
904	if (remote && delete && !compat20) {
905		logit("Not supported for SSH protocol version 1.");
906		goto out;
907	}
908
909	while (isspace(*++s))
910		;
911
912	/* XXX update list of forwards in options */
913	if (delete) {
914		cancel_port = 0;
915		cancel_host = hpdelim(&s);	/* may be NULL */
916		if (s != NULL) {
917			cancel_port = a2port(s);
918			cancel_host = cleanhostname(cancel_host);
919		} else {
920			cancel_port = a2port(cancel_host);
921			cancel_host = NULL;
922		}
923		if (cancel_port <= 0) {
924			logit("Bad forwarding close port");
925			goto out;
926		}
927		channel_request_rforward_cancel(cancel_host, cancel_port);
928	} else {
929		if (!parse_forward(&fwd, s, dynamic, remote)) {
930			logit("Bad forwarding specification.");
931			goto out;
932		}
933		if (local || dynamic) {
934			if (channel_setup_local_fwd_listener(fwd.listen_host,
935			    fwd.listen_port, fwd.connect_host,
936			    fwd.connect_port, options.gateway_ports) < 0) {
937				logit("Port forwarding failed.");
938				goto out;
939			}
940		} else {
941			if (channel_request_remote_forwarding(fwd.listen_host,
942			    fwd.listen_port, fwd.connect_host,
943			    fwd.connect_port) < 0) {
944				logit("Port forwarding failed.");
945				goto out;
946			}
947		}
948
949		logit("Forwarding port.");
950	}
951
952out:
953	signal(SIGINT, handler);
954	enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
955	if (cmd)
956		xfree(cmd);
957	if (fwd.listen_host != NULL)
958		xfree(fwd.listen_host);
959	if (fwd.connect_host != NULL)
960		xfree(fwd.connect_host);
961}
962
963/*
964 * Process the characters one by one, call with c==NULL for proto1 case.
965 */
966static int
967process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
968    char *buf, int len)
969{
970	char string[1024];
971	pid_t pid;
972	int bytes = 0;
973	u_int i;
974	u_char ch;
975	char *s;
976	int *escape_pendingp, escape_char;
977	struct escape_filter_ctx *efc;
978
979	if (c == NULL) {
980		escape_pendingp = &escape_pending1;
981		escape_char = escape_char1;
982	} else {
983		if (c->filter_ctx == NULL)
984			return 0;
985		efc = (struct escape_filter_ctx *)c->filter_ctx;
986		escape_pendingp = &efc->escape_pending;
987		escape_char = efc->escape_char;
988	}
989
990	if (len <= 0)
991		return (0);
992
993	for (i = 0; i < (u_int)len; i++) {
994		/* Get one character at a time. */
995		ch = buf[i];
996
997		if (*escape_pendingp) {
998			/* We have previously seen an escape character. */
999			/* Clear the flag now. */
1000			*escape_pendingp = 0;
1001
1002			/* Process the escaped character. */
1003			switch (ch) {
1004			case '.':
1005				/* Terminate the connection. */
1006				snprintf(string, sizeof string, "%c.\r\n",
1007				    escape_char);
1008				buffer_append(berr, string, strlen(string));
1009
1010				if (c && c->ctl_chan != -1) {
1011					chan_read_failed(c);
1012					chan_write_failed(c);
1013					return 0;
1014				} else
1015					quit_pending = 1;
1016				return -1;
1017
1018			case 'Z' - 64:
1019				/* XXX support this for mux clients */
1020				if (c && c->ctl_chan != -1) {
1021 noescape:
1022					snprintf(string, sizeof string,
1023					    "%c%c escape not available to "
1024					    "multiplexed sessions\r\n",
1025					    escape_char, ch);
1026					buffer_append(berr, string,
1027					    strlen(string));
1028					continue;
1029				}
1030				/* Suspend the program. Inform the user */
1031				snprintf(string, sizeof string,
1032				    "%c^Z [suspend ssh]\r\n", escape_char);
1033				buffer_append(berr, string, strlen(string));
1034
1035				/* Restore terminal modes and suspend. */
1036				client_suspend_self(bin, bout, berr);
1037
1038				/* We have been continued. */
1039				continue;
1040
1041			case 'B':
1042				if (compat20) {
1043					snprintf(string, sizeof string,
1044					    "%cB\r\n", escape_char);
1045					buffer_append(berr, string,
1046					    strlen(string));
1047					channel_request_start(session_ident,
1048					    "break", 0);
1049					packet_put_int(1000);
1050					packet_send();
1051				}
1052				continue;
1053
1054			case 'R':
1055				if (compat20) {
1056					if (datafellows & SSH_BUG_NOREKEY)
1057						logit("Server does not "
1058						    "support re-keying");
1059					else
1060						need_rekeying = 1;
1061				}
1062				continue;
1063
1064			case '&':
1065				if (c && c->ctl_chan != -1)
1066					goto noescape;
1067				/*
1068				 * Detach the program (continue to serve
1069				 * connections, but put in background and no
1070				 * more new connections).
1071				 */
1072				/* Restore tty modes. */
1073				leave_raw_mode(
1074				    options.request_tty == REQUEST_TTY_FORCE);
1075
1076				/* Stop listening for new connections. */
1077				channel_stop_listening();
1078
1079				snprintf(string, sizeof string,
1080				    "%c& [backgrounded]\n", escape_char);
1081				buffer_append(berr, string, strlen(string));
1082
1083				/* Fork into background. */
1084				pid = fork();
1085				if (pid < 0) {
1086					error("fork: %.100s", strerror(errno));
1087					continue;
1088				}
1089				if (pid != 0) {	/* This is the parent. */
1090					/* The parent just exits. */
1091					exit(0);
1092				}
1093				/* The child continues serving connections. */
1094				if (compat20) {
1095					buffer_append(bin, "\004", 1);
1096					/* fake EOF on stdin */
1097					return -1;
1098				} else if (!stdin_eof) {
1099					/*
1100					 * Sending SSH_CMSG_EOF alone does not
1101					 * always appear to be enough.  So we
1102					 * try to send an EOF character first.
1103					 */
1104					packet_start(SSH_CMSG_STDIN_DATA);
1105					packet_put_string("\004", 1);
1106					packet_send();
1107					/* Close stdin. */
1108					stdin_eof = 1;
1109					if (buffer_len(bin) == 0) {
1110						packet_start(SSH_CMSG_EOF);
1111						packet_send();
1112					}
1113				}
1114				continue;
1115
1116			case '?':
1117				if (c && c->ctl_chan != -1) {
1118					snprintf(string, sizeof string,
1119"%c?\r\n\
1120Supported escape sequences:\r\n\
1121  %c.  - terminate session\r\n\
1122  %cB  - send a BREAK to the remote system\r\n\
1123  %cR  - Request rekey (SSH protocol 2 only)\r\n\
1124  %c#  - list forwarded connections\r\n\
1125  %c?  - this message\r\n\
1126  %c%c  - send the escape character by typing it twice\r\n\
1127(Note that escapes are only recognized immediately after newline.)\r\n",
1128					    escape_char, escape_char,
1129					    escape_char, escape_char,
1130					    escape_char, escape_char,
1131					    escape_char, escape_char);
1132				} else {
1133					snprintf(string, sizeof string,
1134"%c?\r\n\
1135Supported escape sequences:\r\n\
1136  %c.  - terminate connection (and any multiplexed sessions)\r\n\
1137  %cB  - send a BREAK to the remote system\r\n\
1138  %cC  - open a command line\r\n\
1139  %cR  - Request rekey (SSH protocol 2 only)\r\n\
1140  %c^Z - suspend ssh\r\n\
1141  %c#  - list forwarded connections\r\n\
1142  %c&  - background ssh (when waiting for connections to terminate)\r\n\
1143  %c?  - this message\r\n\
1144  %c%c  - send the escape character by typing it twice\r\n\
1145(Note that escapes are only recognized immediately after newline.)\r\n",
1146					    escape_char, escape_char,
1147					    escape_char, escape_char,
1148					    escape_char, escape_char,
1149					    escape_char, escape_char,
1150					    escape_char, escape_char,
1151					    escape_char);
1152				}
1153				buffer_append(berr, string, strlen(string));
1154				continue;
1155
1156			case '#':
1157				snprintf(string, sizeof string, "%c#\r\n",
1158				    escape_char);
1159				buffer_append(berr, string, strlen(string));
1160				s = channel_open_message();
1161				buffer_append(berr, s, strlen(s));
1162				xfree(s);
1163				continue;
1164
1165			case 'C':
1166				if (c && c->ctl_chan != -1)
1167					goto noescape;
1168				process_cmdline();
1169				continue;
1170
1171			default:
1172				if (ch != escape_char) {
1173					buffer_put_char(bin, escape_char);
1174					bytes++;
1175				}
1176				/* Escaped characters fall through here */
1177				break;
1178			}
1179		} else {
1180			/*
1181			 * The previous character was not an escape char.
1182			 * Check if this is an escape.
1183			 */
1184			if (last_was_cr && ch == escape_char) {
1185				/*
1186				 * It is. Set the flag and continue to
1187				 * next character.
1188				 */
1189				*escape_pendingp = 1;
1190				continue;
1191			}
1192		}
1193
1194		/*
1195		 * Normal character.  Record whether it was a newline,
1196		 * and append it to the buffer.
1197		 */
1198		last_was_cr = (ch == '\r' || ch == '\n');
1199		buffer_put_char(bin, ch);
1200		bytes++;
1201	}
1202	return bytes;
1203}
1204
1205static void
1206client_process_input(fd_set *readset)
1207{
1208	int len;
1209	char buf[SSH_IOBUFSZ];
1210
1211	/* Read input from stdin. */
1212	if (FD_ISSET(fileno(stdin), readset)) {
1213		/* Read as much as possible. */
1214		len = read(fileno(stdin), buf, sizeof(buf));
1215		if (len < 0 &&
1216		    (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
1217			return;		/* we'll try again later */
1218		if (len <= 0) {
1219			/*
1220			 * Received EOF or error.  They are treated
1221			 * similarly, except that an error message is printed
1222			 * if it was an error condition.
1223			 */
1224			if (len < 0) {
1225				snprintf(buf, sizeof buf, "read: %.100s\r\n",
1226				    strerror(errno));
1227				buffer_append(&stderr_buffer, buf, strlen(buf));
1228			}
1229			/* Mark that we have seen EOF. */
1230			stdin_eof = 1;
1231			/*
1232			 * Send an EOF message to the server unless there is
1233			 * data in the buffer.  If there is data in the
1234			 * buffer, no message will be sent now.  Code
1235			 * elsewhere will send the EOF when the buffer
1236			 * becomes empty if stdin_eof is set.
1237			 */
1238			if (buffer_len(&stdin_buffer) == 0) {
1239				packet_start(SSH_CMSG_EOF);
1240				packet_send();
1241			}
1242		} else if (escape_char1 == SSH_ESCAPECHAR_NONE) {
1243			/*
1244			 * Normal successful read, and no escape character.
1245			 * Just append the data to buffer.
1246			 */
1247			buffer_append(&stdin_buffer, buf, len);
1248		} else {
1249			/*
1250			 * Normal, successful read.  But we have an escape
1251			 * character and have to process the characters one
1252			 * by one.
1253			 */
1254			if (process_escapes(NULL, &stdin_buffer,
1255			    &stdout_buffer, &stderr_buffer, buf, len) == -1)
1256				return;
1257		}
1258	}
1259}
1260
1261static void
1262client_process_output(fd_set *writeset)
1263{
1264	int len;
1265	char buf[100];
1266
1267	/* Write buffered output to stdout. */
1268	if (FD_ISSET(fileno(stdout), writeset)) {
1269		/* Write as much data as possible. */
1270		len = write(fileno(stdout), buffer_ptr(&stdout_buffer),
1271		    buffer_len(&stdout_buffer));
1272		if (len <= 0) {
1273			if (errno == EINTR || errno == EAGAIN ||
1274			    errno == EWOULDBLOCK)
1275				len = 0;
1276			else {
1277				/*
1278				 * An error or EOF was encountered.  Put an
1279				 * error message to stderr buffer.
1280				 */
1281				snprintf(buf, sizeof buf,
1282				    "write stdout: %.50s\r\n", strerror(errno));
1283				buffer_append(&stderr_buffer, buf, strlen(buf));
1284				quit_pending = 1;
1285				return;
1286			}
1287		}
1288		/* Consume printed data from the buffer. */
1289		buffer_consume(&stdout_buffer, len);
1290	}
1291	/* Write buffered output to stderr. */
1292	if (FD_ISSET(fileno(stderr), writeset)) {
1293		/* Write as much data as possible. */
1294		len = write(fileno(stderr), buffer_ptr(&stderr_buffer),
1295		    buffer_len(&stderr_buffer));
1296		if (len <= 0) {
1297			if (errno == EINTR || errno == EAGAIN ||
1298			    errno == EWOULDBLOCK)
1299				len = 0;
1300			else {
1301				/*
1302				 * EOF or error, but can't even print
1303				 * error message.
1304				 */
1305				quit_pending = 1;
1306				return;
1307			}
1308		}
1309		/* Consume printed characters from the buffer. */
1310		buffer_consume(&stderr_buffer, len);
1311	}
1312}
1313
1314/*
1315 * Get packets from the connection input buffer, and process them as long as
1316 * there are packets available.
1317 *
1318 * Any unknown packets received during the actual
1319 * session cause the session to terminate.  This is
1320 * intended to make debugging easier since no
1321 * confirmations are sent.  Any compatible protocol
1322 * extensions must be negotiated during the
1323 * preparatory phase.
1324 */
1325
1326static void
1327client_process_buffered_input_packets(void)
1328{
1329	dispatch_run(DISPATCH_NONBLOCK, &quit_pending,
1330	    compat20 ? xxx_kex : NULL);
1331}
1332
1333/* scan buf[] for '~' before sending data to the peer */
1334
1335/* Helper: allocate a new escape_filter_ctx and fill in its escape char */
1336void *
1337client_new_escape_filter_ctx(int escape_char)
1338{
1339	struct escape_filter_ctx *ret;
1340
1341	ret = xmalloc(sizeof(*ret));
1342	ret->escape_pending = 0;
1343	ret->escape_char = escape_char;
1344	return (void *)ret;
1345}
1346
1347/* Free the escape filter context on channel free */
1348void
1349client_filter_cleanup(int cid, void *ctx)
1350{
1351	xfree(ctx);
1352}
1353
1354int
1355client_simple_escape_filter(Channel *c, char *buf, int len)
1356{
1357	if (c->extended_usage != CHAN_EXTENDED_WRITE)
1358		return 0;
1359
1360	return process_escapes(c, &c->input, &c->output, &c->extended,
1361	    buf, len);
1362}
1363
1364static void
1365client_channel_closed(int id, void *arg)
1366{
1367	channel_cancel_cleanup(id);
1368	session_closed = 1;
1369	leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1370}
1371
1372/*
1373 * Implements the interactive session with the server.  This is called after
1374 * the user has been authenticated, and a command has been started on the
1375 * remote host.  If escape_char != SSH_ESCAPECHAR_NONE, it is the character
1376 * used as an escape character for terminating or suspending the session.
1377 */
1378
1379int
1380client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
1381{
1382	fd_set *readset = NULL, *writeset = NULL;
1383	double start_time, total_time;
1384	int max_fd = 0, max_fd2 = 0, len, rekeying = 0;
1385	u_int64_t ibytes, obytes;
1386	u_int nalloc = 0;
1387	char buf[100];
1388
1389	debug("Entering interactive session.");
1390
1391	start_time = get_current_time();
1392
1393	/* Initialize variables. */
1394	escape_pending1 = 0;
1395	last_was_cr = 1;
1396	exit_status = -1;
1397	stdin_eof = 0;
1398	buffer_high = 64 * 1024;
1399	connection_in = packet_get_connection_in();
1400	connection_out = packet_get_connection_out();
1401	max_fd = MAX(connection_in, connection_out);
1402
1403	if (!compat20) {
1404		/* enable nonblocking unless tty */
1405		if (!isatty(fileno(stdin)))
1406			set_nonblock(fileno(stdin));
1407		if (!isatty(fileno(stdout)))
1408			set_nonblock(fileno(stdout));
1409		if (!isatty(fileno(stderr)))
1410			set_nonblock(fileno(stderr));
1411		max_fd = MAX(max_fd, fileno(stdin));
1412		max_fd = MAX(max_fd, fileno(stdout));
1413		max_fd = MAX(max_fd, fileno(stderr));
1414	}
1415	quit_pending = 0;
1416	escape_char1 = escape_char_arg;
1417
1418	/* Initialize buffers. */
1419	buffer_init(&stdin_buffer);
1420	buffer_init(&stdout_buffer);
1421	buffer_init(&stderr_buffer);
1422
1423	client_init_dispatch();
1424
1425	/*
1426	 * Set signal handlers, (e.g. to restore non-blocking mode)
1427	 * but don't overwrite SIG_IGN, matches behaviour from rsh(1)
1428	 */
1429	if (signal(SIGHUP, SIG_IGN) != SIG_IGN)
1430		signal(SIGHUP, signal_handler);
1431	if (signal(SIGINT, SIG_IGN) != SIG_IGN)
1432		signal(SIGINT, signal_handler);
1433	if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
1434		signal(SIGQUIT, signal_handler);
1435	if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
1436		signal(SIGTERM, signal_handler);
1437	signal(SIGWINCH, window_change_handler);
1438
1439	if (have_pty)
1440		enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1441
1442	if (compat20) {
1443		session_ident = ssh2_chan_id;
1444		if (session_ident != -1) {
1445			if (escape_char_arg != SSH_ESCAPECHAR_NONE) {
1446				channel_register_filter(session_ident,
1447				    client_simple_escape_filter, NULL,
1448				    client_filter_cleanup,
1449				    client_new_escape_filter_ctx(
1450				    escape_char_arg));
1451			}
1452			channel_register_cleanup(session_ident,
1453			    client_channel_closed, 0);
1454		}
1455	} else {
1456		/* Check if we should immediately send eof on stdin. */
1457		client_check_initial_eof_on_stdin();
1458	}
1459
1460	/* Main loop of the client for the interactive session mode. */
1461	while (!quit_pending) {
1462
1463		/* Process buffered packets sent by the server. */
1464		client_process_buffered_input_packets();
1465
1466		if (compat20 && session_closed && !channel_still_open())
1467			break;
1468
1469		rekeying = (xxx_kex != NULL && !xxx_kex->done);
1470
1471		if (rekeying) {
1472			debug("rekeying in progress");
1473		} else {
1474			/*
1475			 * Make packets of buffered stdin data, and buffer
1476			 * them for sending to the server.
1477			 */
1478			if (!compat20)
1479				client_make_packets_from_stdin_data();
1480
1481			/*
1482			 * Make packets from buffered channel data, and
1483			 * enqueue them for sending to the server.
1484			 */
1485			if (packet_not_very_much_data_to_write())
1486				channel_output_poll();
1487
1488			/*
1489			 * Check if the window size has changed, and buffer a
1490			 * message about it to the server if so.
1491			 */
1492			client_check_window_change();
1493
1494			if (quit_pending)
1495				break;
1496		}
1497		/*
1498		 * Wait until we have something to do (something becomes
1499		 * available on one of the descriptors).
1500		 */
1501		max_fd2 = max_fd;
1502		client_wait_until_can_do_something(&readset, &writeset,
1503		    &max_fd2, &nalloc, rekeying);
1504
1505		if (quit_pending)
1506			break;
1507
1508		/* Do channel operations unless rekeying in progress. */
1509		if (!rekeying) {
1510			channel_after_select(readset, writeset);
1511			if (need_rekeying || packet_need_rekeying()) {
1512				debug("need rekeying");
1513				xxx_kex->done = 0;
1514				kex_send_kexinit(xxx_kex);
1515				need_rekeying = 0;
1516			}
1517		}
1518
1519		/* Buffer input from the connection.  */
1520		client_process_net_input(readset);
1521
1522		if (quit_pending)
1523			break;
1524
1525		if (!compat20) {
1526			/* Buffer data from stdin */
1527			client_process_input(readset);
1528			/*
1529			 * Process output to stdout and stderr.  Output to
1530			 * the connection is processed elsewhere (above).
1531			 */
1532			client_process_output(writeset);
1533		}
1534
1535		if (session_resumed) {
1536			connection_in = packet_get_connection_in();
1537			connection_out = packet_get_connection_out();
1538			max_fd = MAX(max_fd, connection_out);
1539			max_fd = MAX(max_fd, connection_in);
1540			session_resumed = 0;
1541		}
1542
1543		/*
1544		 * Send as much buffered packet data as possible to the
1545		 * sender.
1546		 */
1547		if (FD_ISSET(connection_out, writeset))
1548			packet_write_poll();
1549
1550		/*
1551		 * If we are a backgrounded control master, and the
1552		 * timeout has expired without any active client
1553		 * connections, then quit.
1554		 */
1555		if (control_persist_exit_time > 0) {
1556			if (time(NULL) >= control_persist_exit_time) {
1557				debug("ControlPersist timeout expired");
1558				break;
1559			}
1560		}
1561	}
1562	if (readset)
1563		xfree(readset);
1564	if (writeset)
1565		xfree(writeset);
1566
1567	/* Terminate the session. */
1568
1569	/* Stop watching for window change. */
1570	signal(SIGWINCH, SIG_DFL);
1571
1572	if (compat20) {
1573		packet_start(SSH2_MSG_DISCONNECT);
1574		packet_put_int(SSH2_DISCONNECT_BY_APPLICATION);
1575		packet_put_cstring("disconnected by user");
1576		packet_put_cstring(""); /* language tag */
1577		packet_send();
1578		packet_write_wait();
1579	}
1580
1581	channel_free_all();
1582
1583	if (have_pty)
1584		leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
1585
1586	/* restore blocking io */
1587	if (!isatty(fileno(stdin)))
1588		unset_nonblock(fileno(stdin));
1589	if (!isatty(fileno(stdout)))
1590		unset_nonblock(fileno(stdout));
1591	if (!isatty(fileno(stderr)))
1592		unset_nonblock(fileno(stderr));
1593
1594	/*
1595	 * If there was no shell or command requested, there will be no remote
1596	 * exit status to be returned.  In that case, clear error code if the
1597	 * connection was deliberately terminated at this end.
1598	 */
1599	if (no_shell_flag && received_signal == SIGTERM) {
1600		received_signal = 0;
1601		exit_status = 0;
1602	}
1603
1604	if (received_signal)
1605		fatal("Killed by signal %d.", (int) received_signal);
1606
1607	/*
1608	 * In interactive mode (with pseudo tty) display a message indicating
1609	 * that the connection has been closed.
1610	 */
1611	if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) {
1612		snprintf(buf, sizeof buf,
1613		    "Connection to %.64s closed.\r\n", host);
1614		buffer_append(&stderr_buffer, buf, strlen(buf));
1615	}
1616
1617	/* Output any buffered data for stdout. */
1618	if (buffer_len(&stdout_buffer) > 0) {
1619		len = atomicio(vwrite, fileno(stdout),
1620		    buffer_ptr(&stdout_buffer), buffer_len(&stdout_buffer));
1621		if (len < 0 || (u_int)len != buffer_len(&stdout_buffer))
1622			error("Write failed flushing stdout buffer.");
1623		else
1624			buffer_consume(&stdout_buffer, len);
1625	}
1626
1627	/* Output any buffered data for stderr. */
1628	if (buffer_len(&stderr_buffer) > 0) {
1629		len = atomicio(vwrite, fileno(stderr),
1630		    buffer_ptr(&stderr_buffer), buffer_len(&stderr_buffer));
1631		if (len < 0 || (u_int)len != buffer_len(&stderr_buffer))
1632			error("Write failed flushing stderr buffer.");
1633		else
1634			buffer_consume(&stderr_buffer, len);
1635	}
1636
1637	/* Clear and free any buffers. */
1638	memset(buf, 0, sizeof(buf));
1639	buffer_free(&stdin_buffer);
1640	buffer_free(&stdout_buffer);
1641	buffer_free(&stderr_buffer);
1642
1643	/* Report bytes transferred, and transfer rates. */
1644	total_time = get_current_time() - start_time;
1645	packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes);
1646	packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes);
1647	verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds",
1648	    (unsigned long long)obytes, (unsigned long long)ibytes, total_time);
1649	if (total_time > 0)
1650		verbose("Bytes per second: sent %.1f, received %.1f",
1651		    obytes / total_time, ibytes / total_time);
1652	/* Return the exit status of the program. */
1653	debug("Exit status %d", exit_status);
1654	return exit_status;
1655}
1656
1657/*********/
1658
1659static void
1660client_input_stdout_data(int type, u_int32_t seq, void *ctxt)
1661{
1662	u_int data_len;
1663	char *data = packet_get_string(&data_len);
1664	packet_check_eom();
1665	buffer_append(&stdout_buffer, data, data_len);
1666	memset(data, 0, data_len);
1667	xfree(data);
1668}
1669static void
1670client_input_stderr_data(int type, u_int32_t seq, void *ctxt)
1671{
1672	u_int data_len;
1673	char *data = packet_get_string(&data_len);
1674	packet_check_eom();
1675	buffer_append(&stderr_buffer, data, data_len);
1676	memset(data, 0, data_len);
1677	xfree(data);
1678}
1679static void
1680client_input_exit_status(int type, u_int32_t seq, void *ctxt)
1681{
1682	exit_status = packet_get_int();
1683	packet_check_eom();
1684	/* Acknowledge the exit. */
1685	packet_start(SSH_CMSG_EXIT_CONFIRMATION);
1686	packet_send();
1687	/*
1688	 * Must wait for packet to be sent since we are
1689	 * exiting the loop.
1690	 */
1691	packet_write_wait();
1692	/* Flag that we want to exit. */
1693	quit_pending = 1;
1694}
1695static void
1696client_input_agent_open(int type, u_int32_t seq, void *ctxt)
1697{
1698	Channel *c = NULL;
1699	int remote_id, sock;
1700
1701	/* Read the remote channel number from the message. */
1702	remote_id = packet_get_int();
1703	packet_check_eom();
1704
1705	/*
1706	 * Get a connection to the local authentication agent (this may again
1707	 * get forwarded).
1708	 */
1709	sock = ssh_get_authentication_socket();
1710
1711	/*
1712	 * If we could not connect the agent, send an error message back to
1713	 * the server. This should never happen unless the agent dies,
1714	 * because authentication forwarding is only enabled if we have an
1715	 * agent.
1716	 */
1717	if (sock >= 0) {
1718		c = channel_new("", SSH_CHANNEL_OPEN, sock, sock,
1719		    -1, 0, 0, 0, "authentication agent connection", 1);
1720		c->remote_id = remote_id;
1721		c->force_drain = 1;
1722	}
1723	if (c == NULL) {
1724		packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
1725		packet_put_int(remote_id);
1726	} else {
1727		/* Send a confirmation to the remote host. */
1728		debug("Forwarding authentication connection.");
1729		packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
1730		packet_put_int(remote_id);
1731		packet_put_int(c->self);
1732	}
1733	packet_send();
1734}
1735
1736static Channel *
1737client_request_forwarded_tcpip(const char *request_type, int rchan)
1738{
1739	Channel *c = NULL;
1740	char *listen_address, *originator_address;
1741	u_short listen_port, originator_port;
1742
1743	/* Get rest of the packet */
1744	listen_address = packet_get_string(NULL);
1745	listen_port = packet_get_int();
1746	originator_address = packet_get_string(NULL);
1747	originator_port = packet_get_int();
1748	packet_check_eom();
1749
1750	debug("client_request_forwarded_tcpip: listen %s port %d, "
1751	    "originator %s port %d", listen_address, listen_port,
1752	    originator_address, originator_port);
1753
1754	c = channel_connect_by_listen_address(listen_port,
1755	    "forwarded-tcpip", originator_address);
1756
1757	xfree(originator_address);
1758	xfree(listen_address);
1759	return c;
1760}
1761
1762static Channel *
1763client_request_x11(const char *request_type, int rchan)
1764{
1765	Channel *c = NULL;
1766	char *originator;
1767	u_short originator_port;
1768	int sock;
1769
1770	if (!options.forward_x11) {
1771		error("Warning: ssh server tried X11 forwarding.");
1772		error("Warning: this is probably a break-in attempt by a "
1773		    "malicious server.");
1774		return NULL;
1775	}
1776	if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) {
1777		verbose("Rejected X11 connection after ForwardX11Timeout "
1778		    "expired");
1779		return NULL;
1780	}
1781	originator = packet_get_string(NULL);
1782	if (datafellows & SSH_BUG_X11FWD) {
1783		debug2("buggy server: x11 request w/o originator_port");
1784		originator_port = 0;
1785	} else {
1786		originator_port = packet_get_int();
1787	}
1788	packet_check_eom();
1789	/* XXX check permission */
1790	debug("client_request_x11: request from %s %d", originator,
1791	    originator_port);
1792	xfree(originator);
1793	sock = x11_connect_display();
1794	if (sock < 0)
1795		return NULL;
1796	c = channel_new("x11",
1797	    SSH_CHANNEL_X11_OPEN, sock, sock, -1,
1798	    CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
1799	c->force_drain = 1;
1800	return c;
1801}
1802
1803static Channel *
1804client_request_agent(const char *request_type, int rchan)
1805{
1806	Channel *c = NULL;
1807	int sock;
1808
1809	if (!options.forward_agent) {
1810		error("Warning: ssh server tried agent forwarding.");
1811		error("Warning: this is probably a break-in attempt by a "
1812		    "malicious server.");
1813		return NULL;
1814	}
1815	sock = ssh_get_authentication_socket();
1816	if (sock < 0)
1817		return NULL;
1818	c = channel_new("authentication agent connection",
1819	    SSH_CHANNEL_OPEN, sock, sock, -1,
1820	    CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
1821	    "authentication agent connection", 1);
1822	c->force_drain = 1;
1823	return c;
1824}
1825
1826int
1827client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
1828{
1829	Channel *c;
1830	int fd;
1831
1832	if (tun_mode == SSH_TUNMODE_NO)
1833		return 0;
1834
1835	if (!compat20) {
1836		error("Tunnel forwarding is not supported for protocol 1");
1837		return -1;
1838	}
1839
1840	debug("Requesting tun unit %d in mode %d", local_tun, tun_mode);
1841
1842	/* Open local tunnel device */
1843	if ((fd = tun_open(local_tun, tun_mode)) == -1) {
1844		error("Tunnel device open failed.");
1845		return -1;
1846	}
1847
1848	c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
1849	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
1850	c->datagram = 1;
1851
1852#if defined(SSH_TUN_FILTER)
1853	if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
1854		channel_register_filter(c->self, sys_tun_infilter,
1855		    sys_tun_outfilter, NULL, NULL);
1856#endif
1857
1858	packet_start(SSH2_MSG_CHANNEL_OPEN);
1859	packet_put_cstring("tun@openssh.com");
1860	packet_put_int(c->self);
1861	packet_put_int(c->local_window_max);
1862	packet_put_int(c->local_maxpacket);
1863	packet_put_int(tun_mode);
1864	packet_put_int(remote_tun);
1865	packet_send();
1866
1867	return 0;
1868}
1869
1870/* XXXX move to generic input handler */
1871static void
1872client_input_channel_open(int type, u_int32_t seq, void *ctxt)
1873{
1874	Channel *c = NULL;
1875	char *ctype;
1876	int rchan;
1877	u_int rmaxpack, rwindow, len;
1878
1879	ctype = packet_get_string(&len);
1880	rchan = packet_get_int();
1881	rwindow = packet_get_int();
1882	rmaxpack = packet_get_int();
1883
1884	debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
1885	    ctype, rchan, rwindow, rmaxpack);
1886
1887	if (strcmp(ctype, "forwarded-tcpip") == 0) {
1888		c = client_request_forwarded_tcpip(ctype, rchan);
1889	} else if (strcmp(ctype, "x11") == 0) {
1890		c = client_request_x11(ctype, rchan);
1891	} else if (strcmp(ctype, "auth-agent@openssh.com") == 0) {
1892		c = client_request_agent(ctype, rchan);
1893	}
1894/* XXX duplicate : */
1895	if (c != NULL) {
1896		debug("confirm %s", ctype);
1897		c->remote_id = rchan;
1898		c->remote_window = rwindow;
1899		c->remote_maxpacket = rmaxpack;
1900		if (c->type != SSH_CHANNEL_CONNECTING) {
1901			packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
1902			packet_put_int(c->remote_id);
1903			packet_put_int(c->self);
1904			packet_put_int(c->local_window);
1905			packet_put_int(c->local_maxpacket);
1906			packet_send();
1907		}
1908	} else {
1909		debug("failure %s", ctype);
1910		packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
1911		packet_put_int(rchan);
1912		packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
1913		if (!(datafellows & SSH_BUG_OPENFAILURE)) {
1914			packet_put_cstring("open failed");
1915			packet_put_cstring("");
1916		}
1917		packet_send();
1918	}
1919	xfree(ctype);
1920}
1921static void
1922client_input_channel_req(int type, u_int32_t seq, void *ctxt)
1923{
1924	Channel *c = NULL;
1925	int exitval, id, reply, success = 0;
1926	char *rtype;
1927
1928	id = packet_get_int();
1929	rtype = packet_get_string(NULL);
1930	reply = packet_get_char();
1931
1932	debug("client_input_channel_req: channel %d rtype %s reply %d",
1933	    id, rtype, reply);
1934
1935	if (id == -1) {
1936		error("client_input_channel_req: request for channel -1");
1937	} else if ((c = channel_lookup(id)) == NULL) {
1938		error("client_input_channel_req: channel %d: "
1939		    "unknown channel", id);
1940	} else if (strcmp(rtype, "eow@openssh.com") == 0) {
1941		packet_check_eom();
1942		chan_rcvd_eow(c);
1943	} else if (strcmp(rtype, "exit-status") == 0) {
1944		exitval = packet_get_int();
1945		if (c->ctl_chan != -1) {
1946			mux_exit_message(c, exitval);
1947			success = 1;
1948		} else if (id == session_ident) {
1949			/* Record exit value of local session */
1950			success = 1;
1951			exit_status = exitval;
1952		} else {
1953			/* Probably for a mux channel that has already closed */
1954			debug("%s: no sink for exit-status on channel %d",
1955			    __func__, id);
1956		}
1957		packet_check_eom();
1958	}
1959	if (reply && c != NULL) {
1960		packet_start(success ?
1961		    SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
1962		packet_put_int(c->remote_id);
1963		packet_send();
1964	}
1965	xfree(rtype);
1966}
1967static void
1968client_input_global_request(int type, u_int32_t seq, void *ctxt)
1969{
1970	char *rtype;
1971	int want_reply;
1972	int success = 0;
1973
1974	rtype = packet_get_string(NULL);
1975	want_reply = packet_get_char();
1976	debug("client_input_global_request: rtype %s want_reply %d",
1977	    rtype, want_reply);
1978	if (want_reply) {
1979		packet_start(success ?
1980		    SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
1981		packet_send();
1982		packet_write_wait();
1983	}
1984	xfree(rtype);
1985}
1986
1987void
1988client_session2_setup(int id, int want_tty, int want_subsystem,
1989    const char *term, struct termios *tiop, int in_fd, Buffer *cmd, char **env)
1990{
1991	int len;
1992	Channel *c = NULL;
1993
1994	debug2("%s: id %d", __func__, id);
1995
1996	if ((c = channel_lookup(id)) == NULL)
1997		fatal("client_session2_setup: channel %d: unknown channel", id);
1998
1999	packet_set_interactive(want_tty,
2000	    options.ip_qos_interactive, options.ip_qos_bulk);
2001
2002	if (want_tty) {
2003		struct winsize ws;
2004
2005		/* Store window size in the packet. */
2006		if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0)
2007			memset(&ws, 0, sizeof(ws));
2008
2009		channel_request_start(id, "pty-req", 1);
2010		client_expect_confirm(id, "PTY allocation", CONFIRM_TTY);
2011		packet_put_cstring(term != NULL ? term : "");
2012		packet_put_int((u_int)ws.ws_col);
2013		packet_put_int((u_int)ws.ws_row);
2014		packet_put_int((u_int)ws.ws_xpixel);
2015		packet_put_int((u_int)ws.ws_ypixel);
2016		if (tiop == NULL)
2017			tiop = get_saved_tio();
2018		tty_make_modes(-1, tiop);
2019		packet_send();
2020		/* XXX wait for reply */
2021		c->client_tty = 1;
2022	}
2023
2024	/* Transfer any environment variables from client to server */
2025	if (options.num_send_env != 0 && env != NULL) {
2026		int i, j, matched;
2027		char *name, *val;
2028
2029		debug("Sending environment.");
2030		for (i = 0; env[i] != NULL; i++) {
2031			/* Split */
2032			name = xstrdup(env[i]);
2033			if ((val = strchr(name, '=')) == NULL) {
2034				xfree(name);
2035				continue;
2036			}
2037			*val++ = '\0';
2038
2039			matched = 0;
2040			for (j = 0; j < options.num_send_env; j++) {
2041				if (match_pattern(name, options.send_env[j])) {
2042					matched = 1;
2043					break;
2044				}
2045			}
2046			if (!matched) {
2047				debug3("Ignored env %s", name);
2048				xfree(name);
2049				continue;
2050			}
2051
2052			debug("Sending env %s = %s", name, val);
2053			channel_request_start(id, "env", 0);
2054			packet_put_cstring(name);
2055			packet_put_cstring(val);
2056			packet_send();
2057			xfree(name);
2058		}
2059	}
2060
2061	len = buffer_len(cmd);
2062	if (len > 0) {
2063		if (len > 900)
2064			len = 900;
2065		if (want_subsystem) {
2066			debug("Sending subsystem: %.*s",
2067			    len, (u_char*)buffer_ptr(cmd));
2068			channel_request_start(id, "subsystem", 1);
2069			client_expect_confirm(id, "subsystem", CONFIRM_CLOSE);
2070		} else {
2071			debug("Sending command: %.*s",
2072			    len, (u_char*)buffer_ptr(cmd));
2073			channel_request_start(id, "exec", 1);
2074			client_expect_confirm(id, "exec", CONFIRM_CLOSE);
2075		}
2076		packet_put_string(buffer_ptr(cmd), buffer_len(cmd));
2077		packet_send();
2078	} else {
2079		channel_request_start(id, "shell", 1);
2080		client_expect_confirm(id, "shell", CONFIRM_CLOSE);
2081		packet_send();
2082	}
2083}
2084
2085static void
2086client_init_dispatch_20(void)
2087{
2088	dispatch_init(&dispatch_protocol_error);
2089
2090	dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
2091	dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
2092	dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
2093	dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
2094	dispatch_set(SSH2_MSG_CHANNEL_OPEN, &client_input_channel_open);
2095	dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
2096	dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
2097	dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &client_input_channel_req);
2098	dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
2099	dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm);
2100	dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm);
2101	dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &client_input_global_request);
2102
2103	/* rekeying */
2104	dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
2105
2106	/* global request reply messages */
2107	dispatch_set(SSH2_MSG_REQUEST_FAILURE, &client_global_request_reply);
2108	dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &client_global_request_reply);
2109}
2110
2111static void
2112client_init_dispatch_13(void)
2113{
2114	dispatch_init(NULL);
2115	dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_close);
2116	dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, &channel_input_close_confirmation);
2117	dispatch_set(SSH_MSG_CHANNEL_DATA, &channel_input_data);
2118	dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
2119	dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
2120	dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
2121	dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
2122	dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
2123	dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
2124
2125	dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
2126	    &client_input_agent_open : &deny_input_open);
2127	dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
2128	    &x11_input_open : &deny_input_open);
2129}
2130
2131static void
2132client_init_dispatch_15(void)
2133{
2134	client_init_dispatch_13();
2135	dispatch_set(SSH_MSG_CHANNEL_CLOSE, &channel_input_ieof);
2136	dispatch_set(SSH_MSG_CHANNEL_CLOSE_CONFIRMATION, & channel_input_oclose);
2137}
2138
2139static void
2140client_init_dispatch(void)
2141{
2142	if (compat20)
2143		client_init_dispatch_20();
2144	else if (compat13)
2145		client_init_dispatch_13();
2146	else
2147		client_init_dispatch_15();
2148}
2149
2150void
2151client_stop_mux(void)
2152{
2153	if (options.control_path != NULL && muxserver_sock != -1)
2154		unlink(options.control_path);
2155	/*
2156	 * If we are in persist mode, signal that we should close when all
2157	 * active channels are closed.
2158	 */
2159	if (options.control_persist) {
2160		session_closed = 1;
2161		setproctitle("[stopped mux]");
2162	}
2163}
2164
2165/* client specific fatal cleanup */
2166void
2167cleanup_exit(int i)
2168{
2169	leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
2170	leave_non_blocking();
2171	if (options.control_path != NULL && muxserver_sock != -1)
2172		unlink(options.control_path);
2173	ssh_kill_proxy_command();
2174	_exit(i);
2175}
2176