Changing Channels #674
Closed
Changing Channels #674
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JacobBarthelmeh
requested changes
Apr 15, 2024
| #endif | ||
| } | ||
| break; | ||
| do { |
There was a problem hiding this comment.
needs sanity check on ret value to account for error in getting user info, before entering do while loop
There was a problem hiding this comment.
will this handle a peer just closing down the socket and disconnecting?
There was a problem hiding this comment.
If the client application authenticates the user then closes the socket, we should just close down. The client should also be able to send a MSG_DISCONNECT and the server should close out the connection.
There was a problem hiding this comment.
And you are right about the check on the return value.
There was a problem hiding this comment.
I probably should have been more clear about the peer just closing down. Disconnected as in the Ethernet wire was pulled or internet connection shut off. I think this do while loop would continue spinning on in that case since the channel is never opened?
| wolfSSH_Log(WS_LOG_INFO, "[SSHD] Entering exec session [%s]", | ||
| wolfSSH_GetSessionCommand(ssh)); | ||
| SHELL_Subsystem(conn, ssh, pPasswd, usrConf, | ||
| wolfSSH_GetSessionCommand(ssh)); | ||
| } |
There was a problem hiding this comment.
would be nice to have a final else case to log that an unknown/unsupported channel type was recieved
There was a problem hiding this comment.
wolfSSHd's channel request callbacks set those flags after the channel is created, it's guaranteed. Having a channel pointer and none of the three "do" flags sets is definitely an error condition. Adding the else clause.
1. Add the code from wolfsshd that initially sets up the terminal settings to the echoserver. 2. Add the WOLFSSH_TERM flag to the build of the echoserver.
1. Add the new Channel Open callback support APIs. 2. Insert a demonstration channel open callback into the echoserver.
1. Add channel open callback APIs to support two client callback functions, Channel Open Conf and Fail. 2. Put in example callbacks to the example echoserver and port forwarding client.
1. Added callbacks for receiving a Channel EOF message and a Channel Close message. 2. Added accessors for the new callback's ctx parameters. 3. Add some missing comments on the channel open callbacks.
1. Add a state to forwarding for when direct connections are connected. This separates it from a remote forwarding connection. 2. Split up several forwarding closing actions into separate actions for remote and direct forwarding. 3. Fix issue where direct forwarding was closing and transitioning to listening with a fd of -1. Should be idle (init), not listening. 4. Some WIP changes to be updated later.
1. Add callback for the "shell" Channel Request message for the server. 2. Whitespace and braces changes. 3. Relabel the string for administratively prohibited channel opens. 4. Add some comment.
1. Update the configure.ac for an incorrect flag. 2. Rearrange utility functions for the shell support. 3. Add a wrapper struct for shell information in the thread ctx. 4. Move the shell startup code into the shell start callback function. 5. Whitespace changes. 6. Strip some unused code and removed unneeded guards. 7. Update callback setups with the correct ctx. 8. Removed debugging strings.
1. Whitespace cleanup. 2. Remove redundant NO_BREAK from the accept state machine switch case.
1. Add demo callbacks for Channel EOF and Channel Close and set them. 2. Only select on fwdListenFd if it is set. Only check it if it is set. 3. Add checks for the Channel EOF or Close callbacks to the Do functions for those messages, and call them.
1. Move the session types earlier in the ssh.h header. 2. Add functions wolfSSH_ChannelGetSessionType() and wolfSSH_ChannelGetSessionCommand() to requestion information about a session. 3. Add a callback for when a subsystem channel is requested.
1. Remove the unused channel status callbacks from the echoserver. 2. Add a flag to the threadCtx to be set if the channel is to be SFTP. 3. Modify the subsystem start callback to set the SFTP flag if the subsystem is sftp. 4. ssh_worker to return WS_SFTP_COMPLETE if the SFTP flag is set. 5. If worker returns SFTP complete, run the SFTP accept and start stfp_worker.
1. Modify the testsuite to leave out the echo test if the shell build is disabled. The testsuite hangs because the shell code is missing. 2. Modify the echoserver's call to wolfSSH_SFTP_accept() to handle non-blocking better. Needs to check for want_read.
1. Add a callback hook for channel requests of the exec type. 2. Add callback for echoserver for exec channel requests to check for SCP and set a flag. 3. Move the code for SCP from the handshake state machine into the echoserver. 4. Export the function wolfSSH_SCP_DoRequest as a public API. 5. Remove the function DoScpRequest as a local API.
In DoChannelRequest(), rearrange the test cases. Start with the requests that are always expected as possible, and make the optional ones follow.
1. Add flags for shell, sftp, scp, and exec to the wolfSSH connection tracker structure. 2. Add a channel request callback function that can tell if we are running a shell, SFTP, SCP, or trying to exec another command, and sets the flag in the connection tracker. 3. When processing the SFTP connection, and the stream peek returns 0, set a timeout for the select. (Stops it from spinning.) 4. The wolfSSH accept state machine is shorter now, it ends after user authentication, leaving the application to deal with new channels. Remove the handling of the return codes specifically for SFTP and SCP, as they are handled elsewhere. 5. Whitespace.
1. Round out the updates to SCP support in wolfSSHd. 2. Add a select around the SFTP application accept. 3. Removed no-op with the conn in the scp handler as it is used.
1. Treat any non-zero response from any of the channel request callback functions as a rejection of the channel request. 2. If a channel request reply is wanted, return the failure message if the callback function had rejected the request.
1. Allow some of the shell code in the echoserver for handling echo. 2. Add check for echo to the shell start cb to skip forking a child process to handle the shell. 3. Always all the echo test in the testsuite. 4. Check a return value on execv of the shell in the echoserver. 5. Whitespace.
1. Remove the now unused states from the accept state list. Update the state machine to finish on ACCEPT_DONE. 2. Replace the exFds set with writeFds. Call worker if writeFds also set for the ssh socket. 3. If the worker returns WS_WANT_WRITE, WS_WANT_READ, or WS_REKEYING, go ahead and call select again then worker. 4. Handle doing SCP or SFTP later after handling the socket. 5. Add some missing "\n" on error logging in the echoserver. 6. In the sftp test script, clean recommendations from shellcheck. Removed the "-e" options from the echos while removing the newlines; echos with newlines get an additional echo. Removed redundant calls to the pwd program when PWD is already set.
ejohnstown
force-pushed
the
changing-channels
branch
from
7d9d827 to
233be30
Compare
|
This PR is now broken into several others, and one incomplete branch. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This set of commits changes how the server code handles a connection accept and channel opening. Originally, opening a channel is part of the accept state machine. The server code now completes the accept after user authentication. This PR introduces a set of callback function hooks for channel opening, end-of-file, and closing, success and failure, as well as various channel requests. On top of this, the echoserver and wolfSSHd are updated to take advantage of the new callbacks.