Implement SSH Phase 13.3: Channel.rs support for port forwarding channels
- Modify Channel struct to add direct_tcpip and forwarded_tcpip fields - Modify handle_channel_open to support 'direct-tcpip' and 'forwarded-tcpip' channel types - Add handle_session_channel_open() function (Phase 6) - Add handle_direct_tcpip_channel_open() function (Phase 13.3: Remote port forwarding) - Add handle_forwarded_tcpip_channel_open() function (Phase 13.3: Local port forwarding) - Integrate security validation in direct-tcpip channel open - Modify server.rs to pass security_config to handle_channel_open - Add 128 lines of new channel handling functions - All compilation tests passed successfully Phase 13.1-13.3 completed: Enterprise security + Global request + Channel support
This commit is contained in:
Warren
@@ -88,6 +88,134 @@ impl ChannelManager {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/// 处理session channel open(Phase 6)
|
||||
fn handle_session_channel_open(&mut self, sender_channel: u32, initial_window_size: u32, maximum_packet_size: u32) -> Result<SshPacket> {
|
||||
info!("Processing session channel open");
|
||||
|
||||
let server_channel = self.next_channel_id;
|
||||
self.next_channel_id += 1;
|
||||
|
||||
let channel = Channel {
|
||||
server_channel,
|
||||
sender_channel,
|
||||
channel_type: "session".to_string(),
|
||||
window_size: initial_window_size,
|
||||
maximum_packet_size,
|
||||
state: ChannelState::Open,
|
||||
output_buffer: None,
|
||||
sftp_handler: None,
|
||||
scp_handler: None,
|
||||
rsync_handler: None,
|
||||
direct_tcpip: None,
|
||||
forwarded_tcpip: None,
|
||||
};
|
||||
|
||||
self.channels.insert(server_channel, channel);
|
||||
|
||||
info!("Session channel created: server_channel={}, sender_channel={}", server_channel, sender_channel);
|
||||
|
||||
self.build_channel_open_confirmation(server_channel, sender_channel, initial_window_size, maximum_packet_size)
|
||||
}
|
||||
|
||||
/// 处理direct-tcpip channel open(Phase 13.3: Remote port forwarding)
|
||||
fn handle_direct_tcpip_channel_open(
|
||||
&mut self,
|
||||
packet: &SshPacket,
|
||||
sender_channel: u32,
|
||||
initial_window_size: u32,
|
||||
maximum_packet_size: u32,
|
||||
security_config: Option<&SshSecurityConfig>,
|
||||
) -> Result<SshPacket> {
|
||||
info!("Processing direct-tcpip channel open");
|
||||
|
||||
// 解析direct-tcpip参数
|
||||
let mut port_forward_manager = PortForwardManager::new();
|
||||
let direct_tcpip = port_forward_manager.handle_direct_tcpip_channel(&packet.payload)?;
|
||||
|
||||
// Phase 13.3: 安全配置验证
|
||||
if let Some(security) = security_config {
|
||||
if let Err(e) = security.validate_direct_tcpip_channel(&direct_tcpip.host_to_connect, direct_tcpip.port_to_connect) {
|
||||
warn!("direct-tcpip security validation failed: {}", e);
|
||||
return self.build_channel_open_failure(
|
||||
sender_channel,
|
||||
2, // SSH_OPEN_CONNECT_FAILED
|
||||
"Security validation failed",
|
||||
"en"
|
||||
);
|
||||
}
|
||||
info!("direct-tcpip security validation passed");
|
||||
}
|
||||
|
||||
let server_channel = self.next_channel_id;
|
||||
self.next_channel_id += 1;
|
||||
|
||||
let channel = Channel {
|
||||
server_channel,
|
||||
sender_channel,
|
||||
channel_type: "direct-tcpip".to_string(),
|
||||
window_size: initial_window_size,
|
||||
maximum_packet_size,
|
||||
state: ChannelState::Open,
|
||||
output_buffer: None,
|
||||
sftp_handler: None,
|
||||
scp_handler: None,
|
||||
rsync_handler: None,
|
||||
direct_tcpip: Some(direct_tcpip),
|
||||
forwarded_tcpip: None,
|
||||
};
|
||||
|
||||
self.channels.insert(server_channel, channel);
|
||||
|
||||
info!("direct-tcpip channel created: server_channel={}, host={}, port={}",
|
||||
server_channel,
|
||||
self.channels.get(&server_channel).unwrap().direct_tcpip.as_ref().unwrap().host_to_connect,
|
||||
self.channels.get(&server_channel).unwrap().direct_tcpip.as_ref().unwrap().port_to_connect);
|
||||
|
||||
self.build_channel_open_confirmation(server_channel, sender_channel, initial_window_size, maximum_packet_size)
|
||||
}
|
||||
|
||||
/// 处理forwarded-tcpip channel open(Phase 13.3: Local port forwarding)
|
||||
fn handle_forwarded_tcpip_channel_open(
|
||||
&mut self,
|
||||
packet: &SshPacket,
|
||||
sender_channel: u32,
|
||||
initial_window_size: u32,
|
||||
maximum_packet_size: u32,
|
||||
) -> Result<SshPacket> {
|
||||
info!("Processing forwarded-tcpip channel open");
|
||||
|
||||
// 解析forwarded-tcpip参数
|
||||
let mut port_forward_manager = PortForwardManager::new();
|
||||
let forwarded_tcpip = port_forward_manager.handle_forwarded_tcpip_channel(&packet.payload)?;
|
||||
|
||||
let server_channel = self.next_channel_id;
|
||||
self.next_channel_id += 1;
|
||||
|
||||
let channel = Channel {
|
||||
server_channel,
|
||||
sender_channel,
|
||||
channel_type: "forwarded-tcpip".to_string(),
|
||||
window_size: initial_window_size,
|
||||
maximum_packet_size,
|
||||
state: ChannelState::Open,
|
||||
output_buffer: None,
|
||||
sftp_handler: None,
|
||||
scp_handler: None,
|
||||
rsync_handler: None,
|
||||
direct_tcpip: None,
|
||||
forwarded_tcpip: Some(forwarded_tcpip),
|
||||
};
|
||||
|
||||
self.channels.insert(server_channel, channel);
|
||||
|
||||
info!("forwarded-tcpip channel created: server_channel={}, bind={}, originator={}",
|
||||
server_channel,
|
||||
self.channels.get(&server_channel).unwrap().forwarded_tcpip.as_ref().unwrap().bind_port,
|
||||
self.channels.get(&server_channel).unwrap().forwarded_tcpip.as_ref().unwrap().originator_address);
|
||||
|
||||
self.build_channel_open_confirmation(server_channel, sender_channel, initial_window_size, maximum_packet_size)
|
||||
}
|
||||
/// 处理SSH_MSG_CHANNEL_REQUEST(参考OpenSSH channel.c: channel_request())
|
||||
pub fn handle_channel_request(&mut self, packet: &SshPacket) -> Result<Option<SshPacket>> {
|
||||
info!("Processing SSH_MSG_CHANNEL_REQUEST");
|
||||
|
||||
Reference in New Issue
Block a user