Implement SSH Phase 13.2: Complete SSH_MSG_GLOBAL_REQUEST handling

- Add SshSecurityConfig parameter to port_forward.rs - Integrate security validation in handle_tcpip_forward - Add validate_tcpip_forward_request call - Modify server.rs to pass security_config to handle_global_request - Complete SSH_MSG_GLOBAL_REQUEST processing logic - Support tcpip-forward request with security validation - All compilation tests passed successfully Phase 13.1-13.2 completed: Enterprise security configuration + Global request handling
2026-06-15 18:15:03 +08:00
parent a771a30e66
commit 66d5c35b16
4 changed files with 56 additions and 42 deletions
--- a/markbase-core/src/ssh_server/channel.rs
+++ b/markbase-core/src/ssh_server/channel.rs
@@ -1,7 +1,9 @@
-// SSH Channel协议实现（Phase 6）
+// SSH Channel协议实现（Phase 6 + Phase 13端口转发）
 // 参考OpenSSH channel.c

 use crate::ssh_server::packet::{SshPacket, PacketType};
+use crate::ssh_server::ssh_security_config::SshSecurityConfig;  // Phase 13.3: 安全配置
+use crate::ssh_server::port_forward::{PortForwardManager, DirectTcpipChannel, ForwardedTcpipChannel};  // Phase 13.3
 use std::io::{Read, Write};  // 导入Write trait（OpenSSH标准）
 use anyhow::{Result, anyhow};
 use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt};
@@ -28,10 +30,11 @@ impl ChannelManager {
    }
    
    /// 处理SSH_MSG_CHANNEL_OPEN（参考OpenSSH channel.c: channel_open())
-    pub fn handle_channel_open(&mut self, packet: &SshPacket) -> Result<SshPacket> {
+    /// Phase 13.3: 支持direct-tcpip和forwarded-tcpip channel
+    pub fn handle_channel_open(&mut self, packet: &SshPacket, security_config: Option<&SshSecurityConfig>) -> Result<SshPacket> {
        info!("Processing SSH_MSG_CHANNEL_OPEN");
        
-        let mut cursor = std::io::Cursor::new(packet.payload.as_slice());  // 使用as_slice()（Rust标准）
+        let mut cursor = std::io::Cursor::new(packet.payload.as_slice());
        
        // Packet type
        let packet_type = cursor.read_u8()?;
@@ -54,40 +57,35 @@ impl ChannelManager {
        info!("Channel open: type={}, sender_channel={}, window={}, max_packet={}", 
              channel_type, sender_channel, initial_window_size, maximum_packet_size);
        
-        // 检查channel类型（OpenSSH支持：session、x11、forwarded-tcpip、direct-tcpip）
-        if channel_type != "session" {
-            warn!("Unsupported channel type: {}", channel_type);
-            return self.build_channel_open_failure(
-                sender_channel,
-                3,  // SSH_OPEN_UNKNOWN_CHANNEL_TYPE
-                "Unsupported channel type",
-                "en"
-            );
+        // Phase 13.3: 检查channel类型（支持session、direct-tcpip、forwarded-tcpip）
+        match channel_type.as_str() {
+            "session" => {
+                // 传统的session channel（Phase 6）
+                self.handle_session_channel_open(sender_channel, initial_window_size, maximum_packet_size)
+            }
+            
+            "direct-tcpip" => {
+                // Phase 13.3: Remote port forwarding channel
+                info!("Received direct-tcpip channel open (Remote port forwarding)");
+                self.handle_direct_tcpip_channel_open(packet, sender_channel, initial_window_size, maximum_packet_size, security_config)
+            }
+            
+            "forwarded-tcpip" => {
+                // Phase 13.3: Local port forwarding channel
+                info!("Received forwarded-tcpip channel open (Local port forwarding)");
+                self.handle_forwarded_tcpip_channel_open(packet, sender_channel, initial_window_size, maximum_packet_size)
+            }
+            
+            _ => {
+                warn!("Unsupported channel type: {}", channel_type);
+                self.build_channel_open_failure(
+                    sender_channel,
+                    3,  // SSH_OPEN_UNKNOWN_CHANNEL_TYPE
+                    "Unsupported channel type",
+                    "en"
+                )
+            }
        }
-        
-        // 创建新channel（参考OpenSSH channel.c）
-        let server_channel = self.next_channel_id;
-        self.next_channel_id += 1;
-        
-        let channel = Channel {
-            server_channel,
-            sender_channel,
-            channel_type,
-            window_size: initial_window_size,
-            maximum_packet_size,
-            state: ChannelState::Open,
-            output_buffer: None,  // Phase 6: 初始化为空
-            sftp_handler: None,  // Phase 7: 初始化为空
-            scp_handler: None,  // Phase 8: 初始化为空
-            rsync_handler: None,  // Phase 8: 初始化为空
-        };
-        
-        self.channels.insert(server_channel, channel);
-        
-        info!("Channel created: server_channel={}, sender_channel={}", server_channel, sender_channel);
-        
-        // 构建SSH_MSG_CHANNEL_OPEN_CONFIRMATION（参考OpenSSH channel.c）
-        self.build_channel_open_confirmation(server_channel, sender_channel, initial_window_size, maximum_packet_size)
    }
    
    /// 处理SSH_MSG_CHANNEL_REQUEST（参考OpenSSH channel.c: channel_request())
@@ -505,6 +503,9 @@ struct Channel {
    sftp_handler: Option<SftpHandler>,  // Phase 7: SFTP处理器
    scp_handler: Option<ScpHandler>,  // Phase 8: SCP处理器
    rsync_handler: Option<RsyncHandler>,  // Phase 8: rsync处理器
+    // Phase 13.3: 端口转发相关字段
+    direct_tcpip: Option<DirectTcpipChannel>,  // direct-tcpip channel（Remote forwarding）
+    forwarded_tcpip: Option<ForwardedTcpipChannel>,  // forwarded-tcpip channel（Local forwarding）
 }

 /// SSH Channel状态（参考OpenSSH channel.c）