2004-08-30 13:11:17 +00:00
|
|
|
/*
|
|
|
|
|
* Routines to do cryptographic interaction with proxies in PuTTY.
|
|
|
|
|
* This is in a separate module from proxy.c, so that it can be
|
|
|
|
|
* conveniently removed in PuTTYtel by replacing this module with
|
|
|
|
|
* the stub version nocproxy.c.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
#include <ctype.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include "putty.h"
|
|
|
|
|
#include "ssh.h" /* For MD5 support */
|
|
|
|
|
#include "network.h"
|
|
|
|
|
#include "proxy.h"
|
2021-11-19 10:33:57 +00:00
|
|
|
#include "socks.h"
|
2018-05-24 12:30:16 +00:00
|
|
|
#include "marshal.h"
|
2004-08-30 13:11:17 +00:00
|
|
|
|
|
|
|
|
static void hmacmd5_chap(const unsigned char *challenge, int challen,
|
2019-09-08 19:29:00 +00:00
|
|
|
const char *passwd, unsigned char *response)
|
2004-08-30 13:11:17 +00:00
|
|
|
{
|
2019-01-20 16:18:49 +00:00
|
|
|
mac_simple(&ssh_hmac_md5, ptrlen_from_asciz(passwd),
|
|
|
|
|
make_ptrlen(challenge, challen), response);
|
2004-08-30 13:11:17 +00:00
|
|
|
}
|
|
|
|
|
|
2018-05-24 12:30:16 +00:00
|
|
|
void proxy_socks5_offerencryptedauth(BinarySink *bs)
|
2004-08-30 13:11:17 +00:00
|
|
|
{
|
2021-11-19 10:33:57 +00:00
|
|
|
put_byte(bs, SOCKS5_AUTH_CHAP);
|
2004-08-30 13:11:17 +00:00
|
|
|
}
|
|
|
|
|
|
2021-11-19 10:14:43 +00:00
|
|
|
int proxy_socks5_handlechap (ProxySocket *ps)
|
2004-08-30 13:11:17 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/* CHAP authentication reply format:
|
|
|
|
|
* version number (1 bytes) = 1
|
|
|
|
|
* number of commands (1 byte)
|
|
|
|
|
*
|
|
|
|
|
* For each command:
|
|
|
|
|
* command identifier (1 byte)
|
|
|
|
|
* data length (1 byte)
|
|
|
|
|
*/
|
|
|
|
|
unsigned char data[260];
|
|
|
|
|
unsigned char outbuf[20];
|
|
|
|
|
|
2021-11-19 10:14:43 +00:00
|
|
|
while(ps->chap_num_attributes == 0 ||
|
|
|
|
|
ps->chap_num_attributes_processed < ps->chap_num_attributes) {
|
|
|
|
|
if (ps->chap_num_attributes == 0 ||
|
|
|
|
|
ps->chap_current_attribute == -1) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* CHAP normally reads in two bytes, either at the
|
|
|
|
|
* beginning or for each attribute/value pair. But if
|
|
|
|
|
* we're waiting for the value's data, we might not want
|
|
|
|
|
* to read 2 bytes.
|
|
|
|
|
*/
|
|
|
|
|
|
2021-11-19 10:14:43 +00:00
|
|
|
if (bufchain_size(&ps->pending_input_data) < 2)
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1; /* not got anything yet */
|
|
|
|
|
|
|
|
|
|
/* get the response */
|
2021-11-19 10:14:43 +00:00
|
|
|
bufchain_fetch(&ps->pending_input_data, data, 2);
|
|
|
|
|
bufchain_consume(&ps->pending_input_data, 2);
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
|
|
|
|
|
2021-11-19 10:14:43 +00:00
|
|
|
if (ps->chap_num_attributes == 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* If there are no attributes, this is our first msg
|
|
|
|
|
* with the server, where we negotiate version and
|
|
|
|
|
* number of attributes
|
|
|
|
|
*/
|
2021-11-19 10:33:57 +00:00
|
|
|
if (data[0] != SOCKS5_AUTH_CHAP_VERSION) {
|
2021-11-19 10:14:43 +00:00
|
|
|
plug_closing_error(ps->plug, "Proxy error: SOCKS proxy wants "
|
Convenience wrappers on plug_closing().
Having a single plug_closing() function covering various kinds of
closure is reasonably convenient from the point of view of Plug
implementations, but it's annoying for callers, who all have to fill
in pointless NULL and 0 parameters in the cases where they're not
used.
Added some inline helper functions in network.h alongside the main
plug_closing() dispatch wrappers, so that each kind of connection
closure can present a separate API for the Socket side of the
interface, without complicating the vtable for the Plug side.
Also, added OS-specific extra helpers in the Unix and Windows
directories, which centralise the job of taking an OS error code (of
whatever kind) and translating it into its error message.
In passing, this removes the horrible ad-hoc made-up error codes in
proxy.h, which is OK, because nothing checked for them anyway, and
also I'm about to do an API change to plug_closing proper that removes
the need for them.
2021-11-06 13:25:42 +00:00
|
|
|
"a different CHAP version");
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
if (data[1] == 0x00) {
|
2021-11-19 10:14:43 +00:00
|
|
|
plug_closing_error(ps->plug, "Proxy error: SOCKS proxy won't "
|
Convenience wrappers on plug_closing().
Having a single plug_closing() function covering various kinds of
closure is reasonably convenient from the point of view of Plug
implementations, but it's annoying for callers, who all have to fill
in pointless NULL and 0 parameters in the cases where they're not
used.
Added some inline helper functions in network.h alongside the main
plug_closing() dispatch wrappers, so that each kind of connection
closure can present a separate API for the Socket side of the
interface, without complicating the vtable for the Plug side.
Also, added OS-specific extra helpers in the Unix and Windows
directories, which centralise the job of taking an OS error code (of
whatever kind) and translating it into its error message.
In passing, this removes the horrible ad-hoc made-up error codes in
proxy.h, which is OK, because nothing checked for them anyway, and
also I'm about to do an API change to plug_closing proper that removes
the need for them.
2021-11-06 13:25:42 +00:00
|
|
|
"negotiate CHAP with us");
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
2021-11-19 10:14:43 +00:00
|
|
|
ps->chap_num_attributes = data[1];
|
2019-09-08 19:29:00 +00:00
|
|
|
} else {
|
2021-11-19 10:14:43 +00:00
|
|
|
if (ps->chap_current_attribute == -1) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* We have to read in each attribute/value pair -
|
|
|
|
|
* those we don't understand can be ignored, but
|
|
|
|
|
* there are a few we'll need to handle.
|
|
|
|
|
*/
|
2021-11-19 10:14:43 +00:00
|
|
|
ps->chap_current_attribute = data[0];
|
|
|
|
|
ps->chap_current_datalen = data[1];
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
2021-11-19 10:14:43 +00:00
|
|
|
if (bufchain_size(&ps->pending_input_data) <
|
|
|
|
|
ps->chap_current_datalen)
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1; /* not got everything yet */
|
|
|
|
|
|
|
|
|
|
/* get the response */
|
2021-11-19 10:14:43 +00:00
|
|
|
bufchain_fetch(&ps->pending_input_data, data,
|
|
|
|
|
ps->chap_current_datalen);
|
2019-09-08 19:29:00 +00:00
|
|
|
|
2021-11-19 10:14:43 +00:00
|
|
|
bufchain_consume(&ps->pending_input_data,
|
|
|
|
|
ps->chap_current_datalen);
|
2019-09-08 19:29:00 +00:00
|
|
|
|
2021-11-19 10:14:43 +00:00
|
|
|
switch (ps->chap_current_attribute) {
|
2021-11-19 10:33:57 +00:00
|
|
|
case SOCKS5_AUTH_CHAP_ATTR_STATUS:
|
2019-09-08 19:29:00 +00:00
|
|
|
/* Successful authentication */
|
|
|
|
|
if (data[0] == 0x00)
|
2021-11-19 10:14:43 +00:00
|
|
|
ps->state = 2;
|
2019-09-08 19:29:00 +00:00
|
|
|
else {
|
2021-11-19 10:14:43 +00:00
|
|
|
plug_closing_error(ps->plug, "Proxy error: SOCKS proxy "
|
Convenience wrappers on plug_closing().
Having a single plug_closing() function covering various kinds of
closure is reasonably convenient from the point of view of Plug
implementations, but it's annoying for callers, who all have to fill
in pointless NULL and 0 parameters in the cases where they're not
used.
Added some inline helper functions in network.h alongside the main
plug_closing() dispatch wrappers, so that each kind of connection
closure can present a separate API for the Socket side of the
interface, without complicating the vtable for the Plug side.
Also, added OS-specific extra helpers in the Unix and Windows
directories, which centralise the job of taking an OS error code (of
whatever kind) and translating it into its error message.
In passing, this removes the horrible ad-hoc made-up error codes in
proxy.h, which is OK, because nothing checked for them anyway, and
also I'm about to do an API change to plug_closing proper that removes
the need for them.
2021-11-06 13:25:42 +00:00
|
|
|
"refused CHAP authentication");
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
break;
|
2021-11-19 10:33:57 +00:00
|
|
|
case SOCKS5_AUTH_CHAP_ATTR_CHALLENGE:
|
|
|
|
|
outbuf[0] = SOCKS5_AUTH_CHAP_VERSION;
|
2019-09-08 19:29:00 +00:00
|
|
|
outbuf[1] = 0x01; /* One attribute */
|
2021-11-19 10:33:57 +00:00
|
|
|
outbuf[2] = SOCKS5_AUTH_CHAP_ATTR_RESPONSE;
|
2019-09-08 19:29:00 +00:00
|
|
|
outbuf[3] = 0x10; /* Length */
|
2021-11-19 10:14:43 +00:00
|
|
|
hmacmd5_chap(data, ps->chap_current_datalen,
|
|
|
|
|
conf_get_str(ps->conf, CONF_proxy_password),
|
2019-09-08 19:29:00 +00:00
|
|
|
&outbuf[4]);
|
2021-11-19 10:14:43 +00:00
|
|
|
sk_write(ps->sub_socket, outbuf, 20);
|
2019-09-08 19:29:00 +00:00
|
|
|
break;
|
2021-11-19 10:33:57 +00:00
|
|
|
case SOCKS5_AUTH_CHAP_ATTR_ALGLIST:
|
2019-09-08 19:29:00 +00:00
|
|
|
/* Chose a protocol */
|
2021-11-19 10:33:57 +00:00
|
|
|
if (data[0] != SOCKS5_AUTH_CHAP_ALG_HMACMD5) {
|
2021-11-19 10:14:43 +00:00
|
|
|
plug_closing_error(ps->plug, "Proxy error: Server chose "
|
Convenience wrappers on plug_closing().
Having a single plug_closing() function covering various kinds of
closure is reasonably convenient from the point of view of Plug
implementations, but it's annoying for callers, who all have to fill
in pointless NULL and 0 parameters in the cases where they're not
used.
Added some inline helper functions in network.h alongside the main
plug_closing() dispatch wrappers, so that each kind of connection
closure can present a separate API for the Socket side of the
interface, without complicating the vtable for the Plug side.
Also, added OS-specific extra helpers in the Unix and Windows
directories, which centralise the job of taking an OS error code (of
whatever kind) and translating it into its error message.
In passing, this removes the horrible ad-hoc made-up error codes in
proxy.h, which is OK, because nothing checked for them anyway, and
also I'm about to do an API change to plug_closing proper that removes
the need for them.
2021-11-06 13:25:42 +00:00
|
|
|
"CHAP of other than HMAC-MD5 but we "
|
|
|
|
|
"didn't offer it!");
|
2019-09-08 19:29:00 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
2021-11-19 10:14:43 +00:00
|
|
|
ps->chap_current_attribute = -1;
|
|
|
|
|
ps->chap_num_attributes_processed++;
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
2021-11-19 10:14:43 +00:00
|
|
|
if (ps->state == 8 &&
|
|
|
|
|
ps->chap_num_attributes_processed >= ps->chap_num_attributes) {
|
|
|
|
|
ps->chap_num_attributes = 0;
|
|
|
|
|
ps->chap_num_attributes_processed = 0;
|
|
|
|
|
ps->chap_current_datalen = 0;
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
2004-08-30 13:11:17 +00:00
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-19 10:14:43 +00:00
|
|
|
int proxy_socks5_selectchap(ProxySocket *ps)
|
2004-08-30 13:11:17 +00:00
|
|
|
{
|
2021-11-19 10:14:43 +00:00
|
|
|
char *username = conf_get_str(ps->conf, CONF_proxy_username);
|
|
|
|
|
char *password = conf_get_str(ps->conf, CONF_proxy_password);
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
if (username[0] || password[0]) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char chapbuf[514];
|
|
|
|
|
int ulen;
|
2021-11-19 10:33:57 +00:00
|
|
|
chapbuf[0] = SOCKS5_AUTH_CHAP_VERSION;
|
2019-09-08 19:29:00 +00:00
|
|
|
chapbuf[1] = '\x02'; /* Number of attributes sent */
|
2021-11-19 10:33:57 +00:00
|
|
|
chapbuf[2] = SOCKS5_AUTH_CHAP_ATTR_ALGLIST;
|
2019-09-08 19:29:00 +00:00
|
|
|
chapbuf[3] = '\x01'; /* Only one CHAP algorithm */
|
2021-11-19 10:33:57 +00:00
|
|
|
chapbuf[4] = SOCKS5_AUTH_CHAP_ALG_HMACMD5;
|
|
|
|
|
chapbuf[5] = SOCKS5_AUTH_CHAP_ATTR_USERNAME;
|
2019-09-08 19:29:00 +00:00
|
|
|
|
|
|
|
|
ulen = strlen(username);
|
|
|
|
|
if (ulen > 255) ulen = 255;
|
|
|
|
|
if (ulen < 1) ulen = 1;
|
|
|
|
|
|
|
|
|
|
chapbuf[6] = ulen;
|
|
|
|
|
memcpy(chapbuf+7, username, ulen);
|
|
|
|
|
|
2021-11-19 10:14:43 +00:00
|
|
|
sk_write(ps->sub_socket, chapbuf, ulen + 7);
|
|
|
|
|
ps->chap_num_attributes = 0;
|
|
|
|
|
ps->chap_num_attributes_processed = 0;
|
|
|
|
|
ps->chap_current_attribute = -1;
|
|
|
|
|
ps->chap_current_datalen = 0;
|
2019-09-08 19:29:00 +00:00
|
|
|
|
2021-11-19 10:14:43 +00:00
|
|
|
ps->state = 8;
|
2019-09-08 19:29:00 +00:00
|
|
|
} else
|
2021-11-19 10:14:43 +00:00
|
|
|
plug_closing_error(ps->plug, "Proxy error: Server chose "
|
Convenience wrappers on plug_closing().
Having a single plug_closing() function covering various kinds of
closure is reasonably convenient from the point of view of Plug
implementations, but it's annoying for callers, who all have to fill
in pointless NULL and 0 parameters in the cases where they're not
used.
Added some inline helper functions in network.h alongside the main
plug_closing() dispatch wrappers, so that each kind of connection
closure can present a separate API for the Socket side of the
interface, without complicating the vtable for the Plug side.
Also, added OS-specific extra helpers in the Unix and Windows
directories, which centralise the job of taking an OS error code (of
whatever kind) and translating it into its error message.
In passing, this removes the horrible ad-hoc made-up error codes in
proxy.h, which is OK, because nothing checked for them anyway, and
also I'm about to do an API change to plug_closing proper that removes
the need for them.
2021-11-06 13:25:42 +00:00
|
|
|
"CHAP authentication but we didn't offer it!");
|
2004-08-30 13:11:17 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|