1999-01-08 13:02:13 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
2000-06-22 12:18:34 +00:00
|
|
|
#include <stdarg.h>
|
|
|
|
#include <assert.h>
|
1999-01-08 13:02:13 +00:00
|
|
|
|
|
|
|
#include "putty.h"
|
2000-09-15 10:48:42 +00:00
|
|
|
#include "tree234.h"
|
2000-06-22 12:18:34 +00:00
|
|
|
#include "ssh.h"
|
1999-01-08 13:02:13 +00:00
|
|
|
|
|
|
|
#ifndef FALSE
|
|
|
|
#define FALSE 0
|
|
|
|
#endif
|
|
|
|
#ifndef TRUE
|
|
|
|
#define TRUE 1
|
|
|
|
#endif
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
#define SSH1_MSG_DISCONNECT 1 /* 0x1 */
|
|
|
|
#define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */
|
|
|
|
#define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */
|
|
|
|
#define SSH1_CMSG_USER 4 /* 0x4 */
|
|
|
|
#define SSH1_CMSG_AUTH_RSA 6 /* 0x6 */
|
|
|
|
#define SSH1_SMSG_AUTH_RSA_CHALLENGE 7 /* 0x7 */
|
|
|
|
#define SSH1_CMSG_AUTH_RSA_RESPONSE 8 /* 0x8 */
|
|
|
|
#define SSH1_CMSG_AUTH_PASSWORD 9 /* 0x9 */
|
|
|
|
#define SSH1_CMSG_REQUEST_PTY 10 /* 0xa */
|
|
|
|
#define SSH1_CMSG_WINDOW_SIZE 11 /* 0xb */
|
|
|
|
#define SSH1_CMSG_EXEC_SHELL 12 /* 0xc */
|
|
|
|
#define SSH1_CMSG_EXEC_CMD 13 /* 0xd */
|
|
|
|
#define SSH1_SMSG_SUCCESS 14 /* 0xe */
|
|
|
|
#define SSH1_SMSG_FAILURE 15 /* 0xf */
|
|
|
|
#define SSH1_CMSG_STDIN_DATA 16 /* 0x10 */
|
|
|
|
#define SSH1_SMSG_STDOUT_DATA 17 /* 0x11 */
|
|
|
|
#define SSH1_SMSG_STDERR_DATA 18 /* 0x12 */
|
|
|
|
#define SSH1_CMSG_EOF 19 /* 0x13 */
|
|
|
|
#define SSH1_SMSG_EXIT_STATUS 20 /* 0x14 */
|
|
|
|
#define SSH1_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* 0x15 */
|
|
|
|
#define SSH1_MSG_CHANNEL_OPEN_FAILURE 22 /* 0x16 */
|
|
|
|
#define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */
|
|
|
|
#define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */
|
|
|
|
#define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */
|
|
|
|
#define SSH1_SMSG_X11_OPEN 27 /* 0x1b */
|
|
|
|
#define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */
|
|
|
|
#define SSH1_MSG_PORT_OPEN 29 /* 0x1d */
|
|
|
|
#define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */
|
|
|
|
#define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */
|
|
|
|
#define SSH1_MSG_IGNORE 32 /* 0x20 */
|
|
|
|
#define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */
|
|
|
|
#define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */
|
|
|
|
#define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */
|
|
|
|
#define SSH1_MSG_DEBUG 36 /* 0x24 */
|
|
|
|
#define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */
|
|
|
|
#define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */
|
|
|
|
#define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */
|
|
|
|
#define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */
|
|
|
|
#define SSH1_CMSG_AUTH_CCARD 70 /* 0x46 */
|
|
|
|
#define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71 /* 0x47 */
|
|
|
|
#define SSH1_CMSG_AUTH_CCARD_RESPONSE 72 /* 0x48 */
|
|
|
|
|
|
|
|
#define SSH1_AUTH_TIS 5 /* 0x5 */
|
|
|
|
#define SSH1_AUTH_CCARD 16 /* 0x10 */
|
|
|
|
|
|
|
|
#define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
|
2001-03-16 11:58:54 +00:00
|
|
|
/* Mask for protoflags we will echo back to server if seen */
|
2001-05-06 14:35:20 +00:00
|
|
|
#define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
|
|
|
|
|
|
|
|
#define SSH2_MSG_DISCONNECT 1 /* 0x1 */
|
|
|
|
#define SSH2_MSG_IGNORE 2 /* 0x2 */
|
|
|
|
#define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
|
|
|
|
#define SSH2_MSG_DEBUG 4 /* 0x4 */
|
|
|
|
#define SSH2_MSG_SERVICE_REQUEST 5 /* 0x5 */
|
|
|
|
#define SSH2_MSG_SERVICE_ACCEPT 6 /* 0x6 */
|
|
|
|
#define SSH2_MSG_KEXINIT 20 /* 0x14 */
|
|
|
|
#define SSH2_MSG_NEWKEYS 21 /* 0x15 */
|
|
|
|
#define SSH2_MSG_KEXDH_INIT 30 /* 0x1e */
|
|
|
|
#define SSH2_MSG_KEXDH_REPLY 31 /* 0x1f */
|
|
|
|
#define SSH2_MSG_KEX_DH_GEX_REQUEST 30 /* 0x1e */
|
|
|
|
#define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
|
|
|
|
#define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
|
|
|
|
#define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
|
|
|
|
#define SSH2_MSG_USERAUTH_REQUEST 50 /* 0x32 */
|
|
|
|
#define SSH2_MSG_USERAUTH_FAILURE 51 /* 0x33 */
|
|
|
|
#define SSH2_MSG_USERAUTH_SUCCESS 52 /* 0x34 */
|
|
|
|
#define SSH2_MSG_USERAUTH_BANNER 53 /* 0x35 */
|
|
|
|
#define SSH2_MSG_USERAUTH_PK_OK 60 /* 0x3c */
|
|
|
|
#define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 /* 0x3c */
|
2001-08-09 20:13:17 +00:00
|
|
|
#define SSH2_MSG_USERAUTH_INFO_REQUEST 60 /* 0x3c */
|
|
|
|
#define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 /* 0x3d */
|
2001-05-06 14:35:20 +00:00
|
|
|
#define SSH2_MSG_GLOBAL_REQUEST 80 /* 0x50 */
|
|
|
|
#define SSH2_MSG_REQUEST_SUCCESS 81 /* 0x51 */
|
|
|
|
#define SSH2_MSG_REQUEST_FAILURE 82 /* 0x52 */
|
|
|
|
#define SSH2_MSG_CHANNEL_OPEN 90 /* 0x5a */
|
|
|
|
#define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 /* 0x5b */
|
|
|
|
#define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 /* 0x5c */
|
|
|
|
#define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 /* 0x5d */
|
|
|
|
#define SSH2_MSG_CHANNEL_DATA 94 /* 0x5e */
|
|
|
|
#define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 /* 0x5f */
|
|
|
|
#define SSH2_MSG_CHANNEL_EOF 96 /* 0x60 */
|
|
|
|
#define SSH2_MSG_CHANNEL_CLOSE 97 /* 0x61 */
|
|
|
|
#define SSH2_MSG_CHANNEL_REQUEST 98 /* 0x62 */
|
|
|
|
#define SSH2_MSG_CHANNEL_SUCCESS 99 /* 0x63 */
|
|
|
|
#define SSH2_MSG_CHANNEL_FAILURE 100 /* 0x64 */
|
|
|
|
|
2001-12-14 14:57:50 +00:00
|
|
|
/*
|
|
|
|
* Packet type contexts, so that ssh2_pkt_type can correctly decode
|
|
|
|
* the ambiguous type numbers back into the correct type strings.
|
|
|
|
*/
|
2004-12-22 10:53:58 +00:00
|
|
|
#define SSH2_PKTCTX_DHGROUP 0x0001
|
2001-12-14 14:57:50 +00:00
|
|
|
#define SSH2_PKTCTX_DHGEX 0x0002
|
|
|
|
#define SSH2_PKTCTX_PUBLICKEY 0x0010
|
|
|
|
#define SSH2_PKTCTX_PASSWORD 0x0020
|
|
|
|
#define SSH2_PKTCTX_KBDINTER 0x0040
|
|
|
|
#define SSH2_PKTCTX_AUTH_MASK 0x00F0
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
#define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
|
|
|
|
#define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
|
|
|
|
#define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
|
|
|
|
#define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
|
|
|
|
#define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
|
|
|
|
#define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
|
|
|
|
#define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
|
|
|
|
#define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
|
|
|
|
#define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
|
|
|
|
#define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
|
|
|
|
#define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
|
|
|
|
#define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
|
|
|
|
#define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
|
|
|
|
#define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
|
|
|
|
#define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
|
2001-04-16 09:10:34 +00:00
|
|
|
|
|
|
|
static const char *const ssh2_disconnect_reasons[] = {
|
|
|
|
NULL,
|
|
|
|
"SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT",
|
|
|
|
"SSH_DISCONNECT_PROTOCOL_ERROR",
|
|
|
|
"SSH_DISCONNECT_KEY_EXCHANGE_FAILED",
|
|
|
|
"SSH_DISCONNECT_HOST_AUTHENTICATION_FAILED",
|
|
|
|
"SSH_DISCONNECT_MAC_ERROR",
|
|
|
|
"SSH_DISCONNECT_COMPRESSION_ERROR",
|
|
|
|
"SSH_DISCONNECT_SERVICE_NOT_AVAILABLE",
|
|
|
|
"SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED",
|
|
|
|
"SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE",
|
|
|
|
"SSH_DISCONNECT_CONNECTION_LOST",
|
|
|
|
"SSH_DISCONNECT_BY_APPLICATION",
|
|
|
|
"SSH_DISCONNECT_TOO_MANY_CONNECTIONS",
|
|
|
|
"SSH_DISCONNECT_AUTH_CANCELLED_BY_USER",
|
|
|
|
"SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE",
|
|
|
|
"SSH_DISCONNECT_ILLEGAL_USER_NAME",
|
|
|
|
};
|
2000-10-26 13:10:47 +00:00
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
#define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
|
|
|
|
#define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
|
|
|
|
#define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
|
|
|
|
#define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
|
2000-09-20 14:29:52 +00:00
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
#define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
|
2000-06-22 12:18:34 +00:00
|
|
|
|
2001-03-06 10:32:28 +00:00
|
|
|
/*
|
|
|
|
* Various remote-bug flags.
|
|
|
|
*/
|
|
|
|
#define BUG_CHOKES_ON_SSH1_IGNORE 1
|
|
|
|
#define BUG_SSH2_HMAC 2
|
2001-10-27 10:39:54 +00:00
|
|
|
#define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
|
2002-02-27 22:41:31 +00:00
|
|
|
#define BUG_CHOKES_ON_RSA 8
|
2002-05-31 17:39:16 +00:00
|
|
|
#define BUG_SSH2_RSA_PADDING 16
|
2002-08-18 09:27:15 +00:00
|
|
|
#define BUG_SSH2_DERIVEKEY 32
|
2004-12-23 02:24:07 +00:00
|
|
|
/* 64 was BUG_SSH2_DH_GEX, now spare */
|
2003-02-04 13:02:51 +00:00
|
|
|
#define BUG_SSH2_PK_SESSIONID 128
|
2001-10-27 10:39:54 +00:00
|
|
|
|
2001-12-14 14:57:50 +00:00
|
|
|
#define translate(x) if (type == x) return #x
|
2002-10-25 11:30:33 +00:00
|
|
|
#define translatec(x,ctx) if (type == x && (pkt_ctx & ctx)) return #x
|
2003-01-05 23:01:43 +00:00
|
|
|
static char *ssh1_pkt_type(int type)
|
2001-12-14 14:57:50 +00:00
|
|
|
{
|
|
|
|
translate(SSH1_MSG_DISCONNECT);
|
|
|
|
translate(SSH1_SMSG_PUBLIC_KEY);
|
|
|
|
translate(SSH1_CMSG_SESSION_KEY);
|
|
|
|
translate(SSH1_CMSG_USER);
|
|
|
|
translate(SSH1_CMSG_AUTH_RSA);
|
|
|
|
translate(SSH1_SMSG_AUTH_RSA_CHALLENGE);
|
|
|
|
translate(SSH1_CMSG_AUTH_RSA_RESPONSE);
|
|
|
|
translate(SSH1_CMSG_AUTH_PASSWORD);
|
|
|
|
translate(SSH1_CMSG_REQUEST_PTY);
|
|
|
|
translate(SSH1_CMSG_WINDOW_SIZE);
|
|
|
|
translate(SSH1_CMSG_EXEC_SHELL);
|
|
|
|
translate(SSH1_CMSG_EXEC_CMD);
|
|
|
|
translate(SSH1_SMSG_SUCCESS);
|
|
|
|
translate(SSH1_SMSG_FAILURE);
|
|
|
|
translate(SSH1_CMSG_STDIN_DATA);
|
|
|
|
translate(SSH1_SMSG_STDOUT_DATA);
|
|
|
|
translate(SSH1_SMSG_STDERR_DATA);
|
|
|
|
translate(SSH1_CMSG_EOF);
|
|
|
|
translate(SSH1_SMSG_EXIT_STATUS);
|
|
|
|
translate(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION);
|
|
|
|
translate(SSH1_MSG_CHANNEL_OPEN_FAILURE);
|
|
|
|
translate(SSH1_MSG_CHANNEL_DATA);
|
|
|
|
translate(SSH1_MSG_CHANNEL_CLOSE);
|
|
|
|
translate(SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION);
|
|
|
|
translate(SSH1_SMSG_X11_OPEN);
|
|
|
|
translate(SSH1_CMSG_PORT_FORWARD_REQUEST);
|
|
|
|
translate(SSH1_MSG_PORT_OPEN);
|
|
|
|
translate(SSH1_CMSG_AGENT_REQUEST_FORWARDING);
|
|
|
|
translate(SSH1_SMSG_AGENT_OPEN);
|
|
|
|
translate(SSH1_MSG_IGNORE);
|
|
|
|
translate(SSH1_CMSG_EXIT_CONFIRMATION);
|
|
|
|
translate(SSH1_CMSG_X11_REQUEST_FORWARDING);
|
|
|
|
translate(SSH1_CMSG_AUTH_RHOSTS_RSA);
|
|
|
|
translate(SSH1_MSG_DEBUG);
|
|
|
|
translate(SSH1_CMSG_REQUEST_COMPRESSION);
|
|
|
|
translate(SSH1_CMSG_AUTH_TIS);
|
|
|
|
translate(SSH1_SMSG_AUTH_TIS_CHALLENGE);
|
|
|
|
translate(SSH1_CMSG_AUTH_TIS_RESPONSE);
|
|
|
|
translate(SSH1_CMSG_AUTH_CCARD);
|
|
|
|
translate(SSH1_SMSG_AUTH_CCARD_CHALLENGE);
|
|
|
|
translate(SSH1_CMSG_AUTH_CCARD_RESPONSE);
|
|
|
|
return "unknown";
|
|
|
|
}
|
2003-01-05 23:01:43 +00:00
|
|
|
static char *ssh2_pkt_type(int pkt_ctx, int type)
|
2001-12-14 14:57:50 +00:00
|
|
|
{
|
|
|
|
translate(SSH2_MSG_DISCONNECT);
|
|
|
|
translate(SSH2_MSG_IGNORE);
|
|
|
|
translate(SSH2_MSG_UNIMPLEMENTED);
|
|
|
|
translate(SSH2_MSG_DEBUG);
|
|
|
|
translate(SSH2_MSG_SERVICE_REQUEST);
|
|
|
|
translate(SSH2_MSG_SERVICE_ACCEPT);
|
|
|
|
translate(SSH2_MSG_KEXINIT);
|
|
|
|
translate(SSH2_MSG_NEWKEYS);
|
2004-12-22 10:53:58 +00:00
|
|
|
translatec(SSH2_MSG_KEXDH_INIT, SSH2_PKTCTX_DHGROUP);
|
|
|
|
translatec(SSH2_MSG_KEXDH_REPLY, SSH2_PKTCTX_DHGROUP);
|
2001-12-14 14:57:50 +00:00
|
|
|
translatec(SSH2_MSG_KEX_DH_GEX_REQUEST, SSH2_PKTCTX_DHGEX);
|
|
|
|
translatec(SSH2_MSG_KEX_DH_GEX_GROUP, SSH2_PKTCTX_DHGEX);
|
|
|
|
translatec(SSH2_MSG_KEX_DH_GEX_INIT, SSH2_PKTCTX_DHGEX);
|
|
|
|
translatec(SSH2_MSG_KEX_DH_GEX_REPLY, SSH2_PKTCTX_DHGEX);
|
|
|
|
translate(SSH2_MSG_USERAUTH_REQUEST);
|
|
|
|
translate(SSH2_MSG_USERAUTH_FAILURE);
|
|
|
|
translate(SSH2_MSG_USERAUTH_SUCCESS);
|
|
|
|
translate(SSH2_MSG_USERAUTH_BANNER);
|
|
|
|
translatec(SSH2_MSG_USERAUTH_PK_OK, SSH2_PKTCTX_PUBLICKEY);
|
|
|
|
translatec(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, SSH2_PKTCTX_PASSWORD);
|
|
|
|
translatec(SSH2_MSG_USERAUTH_INFO_REQUEST, SSH2_PKTCTX_KBDINTER);
|
|
|
|
translatec(SSH2_MSG_USERAUTH_INFO_RESPONSE, SSH2_PKTCTX_KBDINTER);
|
|
|
|
translate(SSH2_MSG_GLOBAL_REQUEST);
|
|
|
|
translate(SSH2_MSG_REQUEST_SUCCESS);
|
|
|
|
translate(SSH2_MSG_REQUEST_FAILURE);
|
|
|
|
translate(SSH2_MSG_CHANNEL_OPEN);
|
|
|
|
translate(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
|
|
|
|
translate(SSH2_MSG_CHANNEL_OPEN_FAILURE);
|
|
|
|
translate(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
|
|
|
|
translate(SSH2_MSG_CHANNEL_DATA);
|
|
|
|
translate(SSH2_MSG_CHANNEL_EXTENDED_DATA);
|
|
|
|
translate(SSH2_MSG_CHANNEL_EOF);
|
|
|
|
translate(SSH2_MSG_CHANNEL_CLOSE);
|
|
|
|
translate(SSH2_MSG_CHANNEL_REQUEST);
|
|
|
|
translate(SSH2_MSG_CHANNEL_SUCCESS);
|
|
|
|
translate(SSH2_MSG_CHANNEL_FAILURE);
|
|
|
|
return "unknown";
|
|
|
|
}
|
|
|
|
#undef translate
|
|
|
|
#undef translatec
|
2001-03-06 10:32:28 +00:00
|
|
|
|
2000-06-22 12:18:34 +00:00
|
|
|
#define GET_32BIT(cp) \
|
|
|
|
(((unsigned long)(unsigned char)(cp)[0] << 24) | \
|
|
|
|
((unsigned long)(unsigned char)(cp)[1] << 16) | \
|
|
|
|
((unsigned long)(unsigned char)(cp)[2] << 8) | \
|
|
|
|
((unsigned long)(unsigned char)(cp)[3]))
|
|
|
|
|
|
|
|
#define PUT_32BIT(cp, value) { \
|
|
|
|
(cp)[0] = (unsigned char)((value) >> 24); \
|
|
|
|
(cp)[1] = (unsigned char)((value) >> 16); \
|
|
|
|
(cp)[2] = (unsigned char)((value) >> 8); \
|
|
|
|
(cp)[3] = (unsigned char)(value); }
|
|
|
|
|
2004-10-02 00:33:27 +00:00
|
|
|
/* Enumeration values for fields in SSH-1 packets */
|
|
|
|
enum {
|
|
|
|
PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM,
|
|
|
|
/* These values are for communicating relevant semantics of
|
|
|
|
* fields to the packet logging code. */
|
|
|
|
PKTT_OTHER, PKTT_PASSWORD, PKTT_DATA
|
|
|
|
};
|
1999-11-08 17:36:08 +00:00
|
|
|
|
2003-03-03 16:35:45 +00:00
|
|
|
/*
|
|
|
|
* Coroutine mechanics for the sillier bits of the code. If these
|
|
|
|
* macros look impenetrable to you, you might find it helpful to
|
|
|
|
* read
|
|
|
|
*
|
|
|
|
* http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
|
|
|
|
*
|
|
|
|
* which explains the theory behind these macros.
|
2003-03-14 21:20:32 +00:00
|
|
|
*
|
|
|
|
* In particular, if you are getting `case expression not constant'
|
|
|
|
* errors when building with MS Visual Studio, this is because MS's
|
|
|
|
* Edit and Continue debugging feature causes their compiler to
|
|
|
|
* violate ANSI C. To disable Edit and Continue debugging:
|
|
|
|
*
|
|
|
|
* - right-click ssh.c in the FileView
|
|
|
|
* - click Settings
|
|
|
|
* - select the C/C++ tab and the General category
|
|
|
|
* - under `Debug info:', select anything _other_ than `Program
|
|
|
|
* Database for Edit and Continue'.
|
2003-03-03 16:35:45 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
#define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
|
|
|
|
#define crState(t) \
|
|
|
|
struct t *s; \
|
2003-03-29 16:14:26 +00:00
|
|
|
if (!ssh->t) ssh->t = snew(struct t); \
|
2002-10-25 11:30:33 +00:00
|
|
|
s = ssh->t;
|
|
|
|
#define crFinish(z) } *crLine = 0; return (z); }
|
|
|
|
#define crFinishV } *crLine = 0; return; }
|
1999-01-08 13:02:13 +00:00
|
|
|
#define crReturn(z) \
|
|
|
|
do {\
|
2002-10-25 11:30:33 +00:00
|
|
|
*crLine =__LINE__; return (z); case __LINE__:;\
|
1999-01-08 13:02:13 +00:00
|
|
|
} while (0)
|
|
|
|
#define crReturnV \
|
|
|
|
do {\
|
2002-10-25 11:30:33 +00:00
|
|
|
*crLine=__LINE__; return; case __LINE__:;\
|
1999-01-08 13:02:13 +00:00
|
|
|
} while (0)
|
2002-10-25 11:30:33 +00:00
|
|
|
#define crStop(z) do{ *crLine = 0; return (z); }while(0)
|
|
|
|
#define crStopV do{ *crLine = 0; return; }while(0)
|
2000-06-22 12:18:34 +00:00
|
|
|
#define crWaitUntil(c) do { crReturn(0); } while (!(c))
|
2000-09-07 16:33:49 +00:00
|
|
|
#define crWaitUntilV(c) do { crReturnV; } while (!(c))
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
typedef struct ssh_tag *Ssh;
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet;
|
|
|
|
|
|
|
|
static struct Packet *ssh2_pkt_init(int pkt_type);
|
|
|
|
static void ssh2_pkt_addbool(struct Packet *, unsigned char value);
|
|
|
|
static void ssh2_pkt_adduint32(struct Packet *, unsigned long value);
|
|
|
|
static void ssh2_pkt_addstring_start(struct Packet *);
|
|
|
|
static void ssh2_pkt_addstring_str(struct Packet *, char *data);
|
|
|
|
static void ssh2_pkt_addstring_data(struct Packet *, char *data, int len);
|
|
|
|
static void ssh2_pkt_addstring(struct Packet *, char *data);
|
2003-01-05 13:43:02 +00:00
|
|
|
static unsigned char *ssh2_mpint_fmt(Bignum b, int *len);
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_addmp(struct Packet *, Bignum b);
|
|
|
|
static int ssh2_pkt_construct(Ssh, struct Packet *);
|
|
|
|
static void ssh2_pkt_send(Ssh, struct Packet *);
|
2004-11-24 19:23:02 +00:00
|
|
|
static void ssh2_pkt_send_noqueue(Ssh, struct Packet *);
|
2004-11-24 18:45:52 +00:00
|
|
|
static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin);
|
|
|
|
static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin);
|
2002-01-10 19:50:53 +00:00
|
|
|
|
2001-08-25 17:09:23 +00:00
|
|
|
/*
|
|
|
|
* Buffer management constants. There are several of these for
|
|
|
|
* various different purposes:
|
|
|
|
*
|
|
|
|
* - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
|
|
|
|
* on a local data stream before we throttle the whole SSH
|
|
|
|
* connection (in SSH1 only). Throttling the whole connection is
|
|
|
|
* pretty drastic so we set this high in the hope it won't
|
|
|
|
* happen very often.
|
|
|
|
*
|
|
|
|
* - SSH_MAX_BACKLOG is the amount of backlog that must build up
|
|
|
|
* on the SSH connection itself before we defensively throttle
|
|
|
|
* _all_ local data streams. This is pretty drastic too (though
|
|
|
|
* thankfully unlikely in SSH2 since the window mechanism should
|
|
|
|
* ensure that the server never has any need to throttle its end
|
|
|
|
* of the connection), so we set this high as well.
|
|
|
|
*
|
|
|
|
* - OUR_V2_WINSIZE is the maximum window size we present on SSH2
|
|
|
|
* channels.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define SSH1_BUFFER_LIMIT 32768
|
|
|
|
#define SSH_MAX_BACKLOG 32768
|
|
|
|
#define OUR_V2_WINSIZE 16384
|
2001-08-08 20:44:35 +00:00
|
|
|
|
2001-03-02 17:13:36 +00:00
|
|
|
const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2002-10-25 12:51:28 +00:00
|
|
|
static void *nullmac_make_context(void)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
static void nullmac_free_context(void *handle)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
static void nullmac_key(void *handle, unsigned char *key)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
|
|
|
}
|
2002-10-25 12:51:28 +00:00
|
|
|
static void nullmac_generate(void *handle, unsigned char *blk, int len,
|
2001-05-06 14:35:20 +00:00
|
|
|
unsigned long seq)
|
|
|
|
{
|
|
|
|
}
|
2002-10-25 12:51:28 +00:00
|
|
|
static int nullmac_verify(void *handle, unsigned char *blk, int len,
|
|
|
|
unsigned long seq)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
|
|
|
return 1;
|
|
|
|
}
|
2000-09-29 08:43:47 +00:00
|
|
|
const static struct ssh_mac ssh_mac_none = {
|
2002-10-25 12:51:28 +00:00
|
|
|
nullmac_make_context, nullmac_free_context, nullmac_key,
|
|
|
|
nullmac_generate, nullmac_verify, "none", 0
|
2000-09-05 14:28:17 +00:00
|
|
|
};
|
2000-10-12 14:24:58 +00:00
|
|
|
const static struct ssh_mac *macs[] = {
|
2001-05-06 14:35:20 +00:00
|
|
|
&ssh_sha1, &ssh_md5, &ssh_mac_none
|
|
|
|
};
|
2000-10-12 14:24:58 +00:00
|
|
|
const static struct ssh_mac *buggymacs[] = {
|
2001-05-06 14:35:20 +00:00
|
|
|
&ssh_sha1_buggy, &ssh_md5, &ssh_mac_none
|
|
|
|
};
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2002-10-25 13:26:33 +00:00
|
|
|
static void *ssh_comp_none_init(void)
|
|
|
|
{
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
static void ssh_comp_none_cleanup(void *handle)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
|
|
|
}
|
2002-10-25 13:26:33 +00:00
|
|
|
static int ssh_comp_none_block(void *handle, unsigned char *block, int len,
|
2001-05-06 14:35:20 +00:00
|
|
|
unsigned char **outblock, int *outlen)
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2002-10-25 13:26:33 +00:00
|
|
|
static int ssh_comp_none_disable(void *handle)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2000-11-01 21:34:21 +00:00
|
|
|
return 0;
|
|
|
|
}
|
2000-09-29 08:43:47 +00:00
|
|
|
const static struct ssh_compress ssh_comp_none = {
|
2000-11-01 21:34:21 +00:00
|
|
|
"none",
|
2002-10-25 13:26:33 +00:00
|
|
|
ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
|
|
|
|
ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
|
|
|
|
ssh_comp_none_disable, NULL
|
2000-09-05 14:28:17 +00:00
|
|
|
};
|
2000-11-01 21:34:21 +00:00
|
|
|
extern const struct ssh_compress ssh_zlib;
|
|
|
|
const static struct ssh_compress *compressions[] = {
|
2001-05-06 14:35:20 +00:00
|
|
|
&ssh_zlib, &ssh_comp_none
|
|
|
|
};
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
enum { /* channel types */
|
2001-01-22 15:36:07 +00:00
|
|
|
CHAN_MAINSESSION,
|
|
|
|
CHAN_X11,
|
|
|
|
CHAN_AGENT,
|
2001-08-09 21:17:05 +00:00
|
|
|
CHAN_SOCKDATA,
|
|
|
|
CHAN_SOCKDATA_DORMANT /* one the remote hasn't confirmed */
|
2001-01-22 15:36:07 +00:00
|
|
|
};
|
|
|
|
|
2000-09-15 10:48:42 +00:00
|
|
|
/*
|
|
|
|
* 2-3-4 tree storing channels.
|
|
|
|
*/
|
|
|
|
struct ssh_channel {
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh; /* pointer back to main context */
|
2000-09-20 14:29:52 +00:00
|
|
|
unsigned remoteid, localid;
|
2000-09-15 10:48:42 +00:00
|
|
|
int type;
|
2002-09-15 13:24:00 +00:00
|
|
|
/*
|
|
|
|
* In SSH1, this value contains four bits:
|
|
|
|
*
|
|
|
|
* 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
|
|
|
|
* 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
|
|
|
|
* 4 We have received SSH1_MSG_CHANNEL_CLOSE.
|
|
|
|
* 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
|
|
|
|
*
|
|
|
|
* A channel is completely finished with when all four bits are set.
|
|
|
|
*/
|
2000-09-15 10:48:42 +00:00
|
|
|
int closes;
|
2001-08-25 17:09:23 +00:00
|
|
|
union {
|
|
|
|
struct ssh1_data_channel {
|
|
|
|
int throttling;
|
|
|
|
} v1;
|
|
|
|
struct ssh2_data_channel {
|
|
|
|
bufchain outbuffer;
|
|
|
|
unsigned remwindow, remmaxpkt;
|
|
|
|
unsigned locwindow;
|
|
|
|
} v2;
|
|
|
|
} v;
|
2000-09-15 10:48:42 +00:00
|
|
|
union {
|
2001-05-06 14:35:20 +00:00
|
|
|
struct ssh_agent_channel {
|
|
|
|
unsigned char *message;
|
|
|
|
unsigned char msglen[4];
|
2004-10-22 16:47:46 +00:00
|
|
|
unsigned lensofar, totallen;
|
2001-05-06 14:35:20 +00:00
|
|
|
} a;
|
|
|
|
struct ssh_x11_channel {
|
|
|
|
Socket s;
|
|
|
|
} x11;
|
2001-08-08 20:44:35 +00:00
|
|
|
struct ssh_pfd_channel {
|
|
|
|
Socket s;
|
|
|
|
} pfd;
|
2000-09-15 10:48:42 +00:00
|
|
|
} u;
|
|
|
|
};
|
2000-09-29 08:43:47 +00:00
|
|
|
|
2001-08-08 20:44:35 +00:00
|
|
|
/*
|
2001-08-09 21:17:05 +00:00
|
|
|
* 2-3-4 tree storing remote->local port forwardings. SSH 1 and SSH
|
|
|
|
* 2 use this structure in different ways, reflecting SSH 2's
|
|
|
|
* altogether saner approach to port forwarding.
|
|
|
|
*
|
|
|
|
* In SSH 1, you arrange a remote forwarding by sending the server
|
|
|
|
* the remote port number, and the local destination host:port.
|
|
|
|
* When a connection comes in, the server sends you back that
|
|
|
|
* host:port pair, and you connect to it. This is a ready-made
|
|
|
|
* security hole if you're not on the ball: a malicious server
|
|
|
|
* could send you back _any_ host:port pair, so if you trustingly
|
|
|
|
* connect to the address it gives you then you've just opened the
|
|
|
|
* entire inside of your corporate network just by connecting
|
|
|
|
* through it to a dodgy SSH server. Hence, we must store a list of
|
|
|
|
* host:port pairs we _are_ trying to forward to, and reject a
|
|
|
|
* connection request from the server if it's not in the list.
|
|
|
|
*
|
|
|
|
* In SSH 2, each side of the connection minds its own business and
|
|
|
|
* doesn't send unnecessary information to the other. You arrange a
|
|
|
|
* remote forwarding by sending the server just the remote port
|
|
|
|
* number. When a connection comes in, the server tells you which
|
|
|
|
* of its ports was connected to; and _you_ have to remember what
|
|
|
|
* local host:port pair went with that port number.
|
|
|
|
*
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
* Hence, in SSH 1 this structure is indexed by destination
|
|
|
|
* host:port pair, whereas in SSH 2 it is indexed by source port.
|
2001-08-08 20:44:35 +00:00
|
|
|
*/
|
2004-12-28 14:07:05 +00:00
|
|
|
struct ssh_portfwd; /* forward declaration */
|
|
|
|
|
2001-08-08 20:44:35 +00:00
|
|
|
struct ssh_rportfwd {
|
2001-08-09 21:17:05 +00:00
|
|
|
unsigned sport, dport;
|
|
|
|
char dhost[256];
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
char *sportdesc;
|
2004-12-28 14:07:05 +00:00
|
|
|
struct ssh_portfwd *pfrec;
|
2001-08-08 20:44:35 +00:00
|
|
|
};
|
2004-12-28 14:07:05 +00:00
|
|
|
#define free_rportfwd(pf) ( \
|
|
|
|
((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) )
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Separately to the rportfwd tree (which is for looking up port
|
|
|
|
* open requests from the server), a tree of _these_ structures is
|
|
|
|
* used to keep track of all the currently open port forwardings,
|
|
|
|
* so that we can reconfigure in mid-session if the user requests
|
|
|
|
* it.
|
|
|
|
*/
|
|
|
|
struct ssh_portfwd {
|
2004-12-30 17:48:35 +00:00
|
|
|
enum { DESTROY, KEEP, CREATE } status;
|
2004-12-28 14:07:05 +00:00
|
|
|
int type;
|
|
|
|
unsigned sport, dport;
|
|
|
|
char *saddr, *daddr;
|
2004-12-30 17:53:26 +00:00
|
|
|
char *sserv, *dserv;
|
2004-12-28 14:07:05 +00:00
|
|
|
struct ssh_rportfwd *remote;
|
2004-12-30 16:45:11 +00:00
|
|
|
int addressfamily;
|
2004-12-28 14:07:05 +00:00
|
|
|
void *local;
|
|
|
|
};
|
|
|
|
#define free_portfwd(pf) ( \
|
2004-12-30 17:53:26 +00:00
|
|
|
((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr), \
|
|
|
|
sfree((pf)->sserv), sfree((pf)->dserv)) : (void)0 ), sfree(pf) )
|
2001-08-08 20:44:35 +00:00
|
|
|
|
2000-09-29 08:43:47 +00:00
|
|
|
struct Packet {
|
|
|
|
long length;
|
|
|
|
int type;
|
2004-11-24 20:35:15 +00:00
|
|
|
unsigned long sequence;
|
2000-09-29 08:43:47 +00:00
|
|
|
unsigned char *data;
|
|
|
|
unsigned char *body;
|
|
|
|
long savedpos;
|
|
|
|
long maxlen;
|
2004-11-27 14:29:20 +00:00
|
|
|
long encrypted_len; /* for SSH2 total-size counting */
|
2004-11-24 18:45:52 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* State associated with packet logging
|
|
|
|
*/
|
|
|
|
int logmode;
|
|
|
|
int nblanks;
|
|
|
|
struct logblank_t *blanks;
|
2000-09-29 08:43:47 +00:00
|
|
|
};
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin);
|
|
|
|
static void ssh2_protocol(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin);
|
2004-11-24 20:35:15 +00:00
|
|
|
static void ssh1_protocol_setup(Ssh ssh);
|
|
|
|
static void ssh2_protocol_setup(Ssh ssh);
|
2002-10-25 11:30:33 +00:00
|
|
|
static void ssh_size(void *handle, int width, int height);
|
|
|
|
static void ssh_special(void *handle, Telnet_Special);
|
2001-08-25 17:09:23 +00:00
|
|
|
static int ssh2_try_send(struct ssh_channel *c);
|
2002-10-25 11:30:33 +00:00
|
|
|
static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len);
|
|
|
|
static void ssh_throttle_all(Ssh ssh, int enable, int bufsize);
|
2001-08-25 17:09:23 +00:00
|
|
|
static void ssh2_set_window(struct ssh_channel *c, unsigned newwin);
|
2002-10-25 11:30:33 +00:00
|
|
|
static int ssh_sendbuffer(void *handle);
|
2003-04-25 11:48:24 +00:00
|
|
|
static void ssh_do_close(Ssh ssh);
|
2004-11-24 18:45:52 +00:00
|
|
|
static unsigned long ssh_pkt_getuint32(struct Packet *pkt);
|
|
|
|
static int ssh2_pkt_getbool(struct Packet *pkt);
|
|
|
|
static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length);
|
2004-11-27 14:29:20 +00:00
|
|
|
static void ssh2_timer(void *ctx, long now);
|
|
|
|
static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin);
|
2000-09-29 08:43:47 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
struct rdpkt1_state_tag {
|
2000-09-29 08:43:47 +00:00
|
|
|
long len, pad, biglen, to_read;
|
|
|
|
unsigned long realcrc, gotcrc;
|
|
|
|
unsigned char *p;
|
|
|
|
int i;
|
|
|
|
int chunk;
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktin;
|
2002-10-25 11:30:33 +00:00
|
|
|
};
|
2000-09-29 08:43:47 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
struct rdpkt2_state_tag {
|
2000-09-29 15:56:33 +00:00
|
|
|
long len, pad, payload, packetlen, maclen;
|
|
|
|
int i;
|
|
|
|
int cipherblk;
|
|
|
|
unsigned long incoming_sequence;
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktin;
|
2002-10-25 11:30:33 +00:00
|
|
|
};
|
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
typedef void (*handler_fn_t)(Ssh ssh, struct Packet *pktin);
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
typedef void (*chandler_fn_t)(Ssh ssh, struct Packet *pktin, void *ctx);
|
|
|
|
|
|
|
|
struct queued_handler;
|
|
|
|
struct queued_handler {
|
|
|
|
int msg1, msg2;
|
|
|
|
chandler_fn_t handler;
|
|
|
|
void *ctx;
|
|
|
|
struct queued_handler *next;
|
|
|
|
};
|
2004-11-24 20:35:15 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
struct ssh_tag {
|
|
|
|
const struct plug_function_table *fn;
|
|
|
|
/* the above field _must_ be first in the structure */
|
|
|
|
|
|
|
|
SHA_State exhash, exhashbase;
|
|
|
|
|
|
|
|
Socket s;
|
|
|
|
|
2002-10-26 10:16:19 +00:00
|
|
|
void *ldisc;
|
2002-10-26 12:58:13 +00:00
|
|
|
void *logctx;
|
2002-10-26 10:16:19 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
unsigned char session_key[32];
|
|
|
|
int v1_compressing;
|
|
|
|
int v1_remote_protoflags;
|
|
|
|
int v1_local_protoflags;
|
|
|
|
int agentfwd_enabled;
|
|
|
|
int X11_fwd_enabled;
|
|
|
|
int remote_bugs;
|
|
|
|
const struct ssh_cipher *cipher;
|
2002-10-25 12:35:22 +00:00
|
|
|
void *v1_cipher_ctx;
|
2002-10-25 12:58:21 +00:00
|
|
|
void *crcda_ctx;
|
2002-10-25 11:30:33 +00:00
|
|
|
const struct ssh2_cipher *cscipher, *sccipher;
|
2002-10-25 12:35:22 +00:00
|
|
|
void *cs_cipher_ctx, *sc_cipher_ctx;
|
2002-10-25 11:30:33 +00:00
|
|
|
const struct ssh_mac *csmac, *scmac;
|
2002-10-25 12:51:28 +00:00
|
|
|
void *cs_mac_ctx, *sc_mac_ctx;
|
2002-10-25 11:30:33 +00:00
|
|
|
const struct ssh_compress *cscomp, *sccomp;
|
2002-10-25 13:26:33 +00:00
|
|
|
void *cs_comp_ctx, *sc_comp_ctx;
|
2002-10-25 11:30:33 +00:00
|
|
|
const struct ssh_kex *kex;
|
|
|
|
const struct ssh_signkey *hostkey;
|
|
|
|
unsigned char v2_session_id[20];
|
2002-10-25 13:08:01 +00:00
|
|
|
void *kex_ctx;
|
2002-10-25 11:30:33 +00:00
|
|
|
|
|
|
|
char *savedhost;
|
|
|
|
int savedport;
|
|
|
|
int send_ok;
|
|
|
|
int echoing, editing;
|
|
|
|
|
|
|
|
void *frontend;
|
|
|
|
|
2004-06-03 10:36:27 +00:00
|
|
|
int ospeed, ispeed; /* temporaries */
|
2002-10-25 11:30:33 +00:00
|
|
|
int term_width, term_height;
|
|
|
|
|
|
|
|
tree234 *channels; /* indexed by local id */
|
|
|
|
struct ssh_channel *mainchan; /* primary session channel */
|
|
|
|
int exitcode;
|
|
|
|
|
2004-12-28 14:07:05 +00:00
|
|
|
tree234 *rportfwds, *portfwds;
|
2002-10-25 11:30:33 +00:00
|
|
|
|
|
|
|
enum {
|
|
|
|
SSH_STATE_PREPACKET,
|
|
|
|
SSH_STATE_BEFORE_SIZE,
|
|
|
|
SSH_STATE_INTERMED,
|
|
|
|
SSH_STATE_SESSION,
|
|
|
|
SSH_STATE_CLOSED
|
|
|
|
} state;
|
|
|
|
|
|
|
|
int size_needed, eof_needed;
|
|
|
|
|
2004-11-24 19:23:02 +00:00
|
|
|
struct Packet **queue;
|
|
|
|
int queuelen, queuesize;
|
|
|
|
int queueing;
|
2002-10-25 11:30:33 +00:00
|
|
|
unsigned char *deferred_send_data;
|
|
|
|
int deferred_len, deferred_size;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Gross hack: pscp will try to start SFTP but fall back to
|
|
|
|
* scp1 if that fails. This variable is the means by which
|
|
|
|
* scp.c can reach into the SSH code and find out which one it
|
|
|
|
* got.
|
|
|
|
*/
|
|
|
|
int fallback_cmd;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Used for username and password input.
|
|
|
|
*/
|
|
|
|
char *userpass_input_buffer;
|
|
|
|
int userpass_input_buflen;
|
|
|
|
int userpass_input_bufpos;
|
|
|
|
int userpass_input_echo;
|
|
|
|
|
|
|
|
int pkt_ctx;
|
|
|
|
|
2002-10-26 11:23:15 +00:00
|
|
|
void *x11auth;
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
int version;
|
|
|
|
int v1_throttle_count;
|
|
|
|
int overall_bufsize;
|
|
|
|
int throttled_all;
|
|
|
|
int v1_stdout_throttling;
|
|
|
|
int v2_outgoing_sequence;
|
|
|
|
|
|
|
|
int ssh1_rdpkt_crstate;
|
|
|
|
int ssh2_rdpkt_crstate;
|
|
|
|
int do_ssh_init_crstate;
|
|
|
|
int ssh_gotdata_crstate;
|
|
|
|
int do_ssh1_login_crstate;
|
2004-11-24 20:35:15 +00:00
|
|
|
int do_ssh1_connection_crstate;
|
2002-10-25 11:30:33 +00:00
|
|
|
int do_ssh2_transport_crstate;
|
|
|
|
int do_ssh2_authconn_crstate;
|
|
|
|
|
|
|
|
void *do_ssh_init_state;
|
|
|
|
void *do_ssh1_login_state;
|
|
|
|
void *do_ssh2_transport_state;
|
|
|
|
void *do_ssh2_authconn_state;
|
|
|
|
|
|
|
|
struct rdpkt1_state_tag rdpkt1_state;
|
|
|
|
struct rdpkt2_state_tag rdpkt2_state;
|
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
/* ssh1 and ssh2 use this for different things, but both use it */
|
|
|
|
int protocol_initial_phase_done;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
void (*protocol) (Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pkt);
|
|
|
|
struct Packet *(*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
|
2003-01-12 14:48:29 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* We maintain a full _copy_ of a Config structure here, not
|
|
|
|
* merely a pointer to it. That way, when we're passed a new
|
|
|
|
* one for reconfiguration, we can check the differences and
|
|
|
|
* potentially reconfigure port forwardings etc in mid-session.
|
|
|
|
*/
|
|
|
|
Config cfg;
|
2003-04-28 11:41:39 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Used to transfer data back from async agent callbacks.
|
|
|
|
*/
|
|
|
|
void *agent_response;
|
|
|
|
int agent_response_len;
|
2004-11-24 20:35:15 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Dispatch table for packet types that we may have to deal
|
|
|
|
* with at any time.
|
|
|
|
*/
|
|
|
|
handler_fn_t packet_dispatch[256];
|
2004-11-27 13:20:21 +00:00
|
|
|
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
/*
|
|
|
|
* Queues of one-off handler functions for success/failure
|
|
|
|
* indications from a request.
|
|
|
|
*/
|
|
|
|
struct queued_handler *qhead, *qtail;
|
|
|
|
|
2004-11-27 13:20:21 +00:00
|
|
|
/*
|
|
|
|
* This module deals with sending keepalives.
|
|
|
|
*/
|
|
|
|
Pinger pinger;
|
2004-11-27 14:29:20 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Track incoming and outgoing data sizes and time, for
|
|
|
|
* size-based rekeys.
|
|
|
|
*/
|
|
|
|
unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
|
2004-12-24 13:39:32 +00:00
|
|
|
unsigned long max_data_size;
|
2004-11-27 14:29:20 +00:00
|
|
|
int kex_in_progress;
|
2004-12-28 14:10:32 +00:00
|
|
|
long next_rekey, last_rekey;
|
2002-10-25 11:30:33 +00:00
|
|
|
};
|
2000-09-29 15:56:33 +00:00
|
|
|
|
2002-12-19 14:24:28 +00:00
|
|
|
#define logevent(s) logevent(ssh->frontend, s)
|
2002-10-26 12:58:13 +00:00
|
|
|
|
|
|
|
/* logevent, only printf-formatted. */
|
2003-05-04 14:18:18 +00:00
|
|
|
static void logeventf(Ssh ssh, const char *fmt, ...)
|
2002-10-26 12:58:13 +00:00
|
|
|
{
|
|
|
|
va_list ap;
|
2002-11-07 19:49:03 +00:00
|
|
|
char *buf;
|
2002-10-26 12:58:13 +00:00
|
|
|
|
|
|
|
va_start(ap, fmt);
|
2002-11-07 19:49:03 +00:00
|
|
|
buf = dupvprintf(fmt, ap);
|
2002-10-26 12:58:13 +00:00
|
|
|
va_end(ap);
|
2002-11-07 19:49:03 +00:00
|
|
|
logevent(buf);
|
|
|
|
sfree(buf);
|
2002-10-26 12:58:13 +00:00
|
|
|
}
|
|
|
|
|
2003-03-31 11:22:30 +00:00
|
|
|
#define bombout(msg) \
|
|
|
|
do { \
|
|
|
|
char *text = dupprintf msg; \
|
2003-04-25 11:48:24 +00:00
|
|
|
ssh_do_close(ssh); \
|
2003-03-31 11:22:30 +00:00
|
|
|
logevent(text); \
|
|
|
|
connection_fatal(ssh->frontend, "%s", text); \
|
|
|
|
sfree(text); \
|
|
|
|
} while (0)
|
2002-10-26 12:58:13 +00:00
|
|
|
|
2004-10-02 00:33:27 +00:00
|
|
|
/* Functions to leave bits out of the SSH packet log file. */
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static void dont_log_password(Ssh ssh, struct Packet *pkt, int blanktype)
|
2004-10-02 00:33:27 +00:00
|
|
|
{
|
|
|
|
if (ssh->cfg.logomitpass)
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->logmode = blanktype;
|
2004-10-02 00:33:27 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static void dont_log_data(Ssh ssh, struct Packet *pkt, int blanktype)
|
2004-10-02 00:33:27 +00:00
|
|
|
{
|
|
|
|
if (ssh->cfg.logomitdata)
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->logmode = blanktype;
|
2004-10-02 00:33:27 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static void end_log_omission(Ssh ssh, struct Packet *pkt)
|
2004-10-02 00:33:27 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->logmode = PKTLOG_EMIT;
|
2004-10-02 00:33:27 +00:00
|
|
|
}
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
static int ssh_channelcmp(void *av, void *bv)
|
|
|
|
{
|
|
|
|
struct ssh_channel *a = (struct ssh_channel *) av;
|
|
|
|
struct ssh_channel *b = (struct ssh_channel *) bv;
|
|
|
|
if (a->localid < b->localid)
|
|
|
|
return -1;
|
|
|
|
if (a->localid > b->localid)
|
|
|
|
return +1;
|
2000-09-15 10:48:42 +00:00
|
|
|
return 0;
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
static int ssh_channelfind(void *av, void *bv)
|
|
|
|
{
|
|
|
|
unsigned *a = (unsigned *) av;
|
|
|
|
struct ssh_channel *b = (struct ssh_channel *) bv;
|
|
|
|
if (*a < b->localid)
|
|
|
|
return -1;
|
|
|
|
if (*a > b->localid)
|
|
|
|
return +1;
|
2000-09-15 10:48:42 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2001-08-09 21:17:05 +00:00
|
|
|
static int ssh_rportcmp_ssh1(void *av, void *bv)
|
2001-08-08 20:44:35 +00:00
|
|
|
{
|
|
|
|
struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
|
|
|
|
struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
|
|
|
|
int i;
|
2001-08-09 21:17:05 +00:00
|
|
|
if ( (i = strcmp(a->dhost, b->dhost)) != 0)
|
2001-08-08 20:44:35 +00:00
|
|
|
return i < 0 ? -1 : +1;
|
2001-08-09 21:17:05 +00:00
|
|
|
if (a->dport > b->dport)
|
|
|
|
return +1;
|
|
|
|
if (a->dport < b->dport)
|
|
|
|
return -1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ssh_rportcmp_ssh2(void *av, void *bv)
|
|
|
|
{
|
|
|
|
struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
|
|
|
|
struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
|
2001-08-28 08:08:43 +00:00
|
|
|
|
2001-08-09 21:17:05 +00:00
|
|
|
if (a->sport > b->sport)
|
2001-08-08 20:44:35 +00:00
|
|
|
return +1;
|
2001-08-09 21:17:05 +00:00
|
|
|
if (a->sport < b->sport)
|
|
|
|
return -1;
|
2001-08-08 20:44:35 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2004-12-28 14:07:05 +00:00
|
|
|
/*
|
|
|
|
* Special form of strcmp which can cope with NULL inputs. NULL is
|
|
|
|
* defined to sort before even the empty string.
|
|
|
|
*/
|
|
|
|
static int nullstrcmp(const char *a, const char *b)
|
|
|
|
{
|
|
|
|
if (a == NULL && b == NULL)
|
|
|
|
return 0;
|
|
|
|
if (a == NULL)
|
|
|
|
return -1;
|
|
|
|
if (b == NULL)
|
|
|
|
return +1;
|
|
|
|
return strcmp(a, b);
|
|
|
|
}
|
|
|
|
|
|
|
|
static int ssh_portcmp(void *av, void *bv)
|
|
|
|
{
|
|
|
|
struct ssh_portfwd *a = (struct ssh_portfwd *) av;
|
|
|
|
struct ssh_portfwd *b = (struct ssh_portfwd *) bv;
|
|
|
|
int i;
|
|
|
|
if (a->type > b->type)
|
|
|
|
return +1;
|
|
|
|
if (a->type < b->type)
|
|
|
|
return -1;
|
2004-12-30 17:48:35 +00:00
|
|
|
if (a->addressfamily > b->addressfamily)
|
|
|
|
return +1;
|
|
|
|
if (a->addressfamily < b->addressfamily)
|
|
|
|
return -1;
|
2004-12-28 14:07:05 +00:00
|
|
|
if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0)
|
|
|
|
return i < 0 ? -1 : +1;
|
|
|
|
if (a->sport > b->sport)
|
|
|
|
return +1;
|
|
|
|
if (a->sport < b->sport)
|
|
|
|
return -1;
|
|
|
|
if (a->type != 'D') {
|
|
|
|
if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0)
|
|
|
|
return i < 0 ? -1 : +1;
|
|
|
|
if (a->dport > b->dport)
|
|
|
|
return +1;
|
|
|
|
if (a->dport < b->dport)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
static int alloc_channel_id(Ssh ssh)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2001-04-17 08:24:29 +00:00
|
|
|
const unsigned CHANNEL_NUMBER_OFFSET = 256;
|
|
|
|
unsigned low, high, mid;
|
2001-04-16 17:18:24 +00:00
|
|
|
int tsize;
|
|
|
|
struct ssh_channel *c;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* First-fit allocation of channel numbers: always pick the
|
|
|
|
* lowest unused one. To do this, binary-search using the
|
|
|
|
* counted B-tree to find the largest channel ID which is in a
|
|
|
|
* contiguous sequence from the beginning. (Precisely
|
|
|
|
* everything in that sequence must have ID equal to its tree
|
|
|
|
* index plus CHANNEL_NUMBER_OFFSET.)
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
tsize = count234(ssh->channels);
|
2001-04-16 17:18:24 +00:00
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
low = -1;
|
|
|
|
high = tsize;
|
2001-04-16 17:18:24 +00:00
|
|
|
while (high - low > 1) {
|
|
|
|
mid = (high + low) / 2;
|
2002-10-25 11:30:33 +00:00
|
|
|
c = index234(ssh->channels, mid);
|
2001-04-16 17:18:24 +00:00
|
|
|
if (c->localid == mid + CHANNEL_NUMBER_OFFSET)
|
|
|
|
low = mid; /* this one is fine */
|
|
|
|
else
|
|
|
|
high = mid; /* this one is past it */
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* Now low points to either -1, or the tree index of the
|
|
|
|
* largest ID in the initial sequence.
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
unsigned i = low + 1 + CHANNEL_NUMBER_OFFSET;
|
2002-10-25 11:30:33 +00:00
|
|
|
assert(NULL == find234(ssh->channels, &i, ssh_channelfind));
|
2001-04-16 17:18:24 +00:00
|
|
|
}
|
|
|
|
return low + 1 + CHANNEL_NUMBER_OFFSET;
|
|
|
|
}
|
|
|
|
|
2003-02-01 17:24:27 +00:00
|
|
|
static void c_write(Ssh ssh, const char *buf, int len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2000-09-21 14:34:32 +00:00
|
|
|
if ((flags & FLAG_STDERR)) {
|
2001-05-06 14:35:20 +00:00
|
|
|
int i;
|
|
|
|
for (i = 0; i < len; i++)
|
|
|
|
if (buf[i] != '\r')
|
|
|
|
fputc(buf[i], stderr);
|
2000-06-22 12:18:34 +00:00
|
|
|
return;
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
from_backend(ssh->frontend, 1, buf, len);
|
2000-09-27 09:36:39 +00:00
|
|
|
}
|
|
|
|
|
2003-02-01 17:24:27 +00:00
|
|
|
static void c_write_untrusted(Ssh ssh, const char *buf, int len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2001-03-15 17:14:31 +00:00
|
|
|
int i;
|
|
|
|
for (i = 0; i < len; i++) {
|
2001-05-06 14:35:20 +00:00
|
|
|
if (buf[i] == '\n')
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write(ssh, "\r\n", 2);
|
2001-05-06 14:35:20 +00:00
|
|
|
else if ((buf[i] & 0x60) || (buf[i] == '\r'))
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write(ssh, buf + i, 1);
|
2001-03-15 17:14:31 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2003-02-01 17:24:27 +00:00
|
|
|
static void c_write_str(Ssh ssh, const char *buf)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write(ssh, buf, strlen(buf));
|
2001-03-03 13:53:44 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh_free_packet(struct Packet *pkt)
|
|
|
|
{
|
|
|
|
sfree(pkt->data);
|
|
|
|
sfree(pkt);
|
|
|
|
}
|
|
|
|
static struct Packet *ssh_new_packet(void)
|
|
|
|
{
|
|
|
|
struct Packet *pkt = snew(struct Packet);
|
|
|
|
|
|
|
|
pkt->data = NULL;
|
|
|
|
pkt->maxlen = 0;
|
|
|
|
pkt->logmode = PKTLOG_EMIT;
|
|
|
|
pkt->nblanks = 0;
|
|
|
|
pkt->blanks = NULL;
|
|
|
|
|
|
|
|
return pkt;
|
|
|
|
}
|
|
|
|
|
2000-06-22 12:18:34 +00:00
|
|
|
/*
|
|
|
|
* Collect incoming data in the incoming packet buffer.
|
2000-09-05 14:28:17 +00:00
|
|
|
* Decipher and verify the packet when it is completely read.
|
|
|
|
* Drop SSH1_MSG_DEBUG and SSH1_MSG_IGNORE packets.
|
2000-06-22 12:18:34 +00:00
|
|
|
* Update the *data and *datalen variables.
|
2004-11-24 18:45:52 +00:00
|
|
|
* Return a Packet structure when a packet is completed.
|
2000-06-22 12:18:34 +00:00
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
static struct Packet *ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
|
2000-06-22 12:18:34 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
struct rdpkt1_state_tag *st = &ssh->rdpkt1_state;
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
crBegin(ssh->ssh1_rdpkt_crstate);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin = ssh_new_packet();
|
|
|
|
|
|
|
|
st->pktin->type = 0;
|
|
|
|
st->pktin->length = 0;
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2000-09-29 08:43:47 +00:00
|
|
|
for (st->i = st->len = 0; st->i < 4; st->i++) {
|
2000-06-22 12:18:34 +00:00
|
|
|
while ((*datalen) == 0)
|
2004-11-24 18:45:52 +00:00
|
|
|
crReturn(NULL);
|
2000-09-29 08:43:47 +00:00
|
|
|
st->len = (st->len << 8) + **data;
|
2000-06-22 12:18:34 +00:00
|
|
|
(*data)++, (*datalen)--;
|
|
|
|
}
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2000-09-29 08:43:47 +00:00
|
|
|
st->pad = 8 - (st->len % 8);
|
|
|
|
st->biglen = st->len + st->pad;
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->length = st->len - 5;
|
2000-06-22 12:18:34 +00:00
|
|
|
|
2004-08-28 16:51:26 +00:00
|
|
|
if (st->biglen < 0) {
|
|
|
|
bombout(("Extremely large packet length from server suggests"
|
|
|
|
" data stream corruption"));
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_free_packet(st->pktin);
|
|
|
|
crStop(NULL);
|
2004-08-28 16:51:26 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->maxlen = st->biglen;
|
|
|
|
st->pktin->data = snewn(st->biglen + APIEXTRA, unsigned char);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2000-09-29 08:43:47 +00:00
|
|
|
st->to_read = st->biglen;
|
2004-11-24 18:45:52 +00:00
|
|
|
st->p = st->pktin->data;
|
2000-09-29 08:43:47 +00:00
|
|
|
while (st->to_read > 0) {
|
2001-05-06 14:35:20 +00:00
|
|
|
st->chunk = st->to_read;
|
2000-06-22 12:18:34 +00:00
|
|
|
while ((*datalen) == 0)
|
2004-11-24 18:45:52 +00:00
|
|
|
crReturn(NULL);
|
2000-09-29 08:43:47 +00:00
|
|
|
if (st->chunk > (*datalen))
|
|
|
|
st->chunk = (*datalen);
|
|
|
|
memcpy(st->p, *data, st->chunk);
|
|
|
|
*data += st->chunk;
|
|
|
|
*datalen -= st->chunk;
|
|
|
|
st->p += st->chunk;
|
|
|
|
st->to_read -= st->chunk;
|
2000-06-22 12:18:34 +00:00
|
|
|
}
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (ssh->cipher && detect_attack(ssh->crcda_ctx, st->pktin->data,
|
2002-10-25 12:58:21 +00:00
|
|
|
st->biglen, NULL)) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Network attack (CRC compensation) detected!"));
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_free_packet(st->pktin);
|
|
|
|
crStop(NULL);
|
2002-01-08 11:57:32 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->cipher)
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh->cipher->decrypt(ssh->v1_cipher_ctx, st->pktin->data, st->biglen);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
st->realcrc = crc32_compute(st->pktin->data, st->biglen - 4);
|
|
|
|
st->gotcrc = GET_32BIT(st->pktin->data + st->biglen - 4);
|
2000-09-29 08:43:47 +00:00
|
|
|
if (st->gotcrc != st->realcrc) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Incorrect CRC received on packet"));
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_free_packet(st->pktin);
|
|
|
|
crStop(NULL);
|
2000-06-22 12:18:34 +00:00
|
|
|
}
|
2000-05-31 10:18:24 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->body = st->pktin->data + st->pad + 1;
|
|
|
|
st->pktin->savedpos = 0;
|
2000-11-01 21:34:21 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->v1_compressing) {
|
2000-11-01 21:34:21 +00:00
|
|
|
unsigned char *decompblk;
|
|
|
|
int decomplen;
|
2003-06-26 13:41:30 +00:00
|
|
|
if (!zlib_decompress_block(ssh->sc_comp_ctx,
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->body - 1, st->pktin->length + 1,
|
2003-06-26 13:41:30 +00:00
|
|
|
&decompblk, &decomplen)) {
|
|
|
|
bombout(("Zlib decompression encountered invalid data"));
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_free_packet(st->pktin);
|
|
|
|
crStop(NULL);
|
2003-06-26 13:41:30 +00:00
|
|
|
}
|
2000-11-01 21:34:21 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (st->pktin->maxlen < st->pad + decomplen) {
|
|
|
|
st->pktin->maxlen = st->pad + decomplen;
|
|
|
|
st->pktin->data = sresize(st->pktin->data,
|
|
|
|
st->pktin->maxlen + APIEXTRA,
|
2003-03-29 16:14:26 +00:00
|
|
|
unsigned char);
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->body = st->pktin->data + st->pad + 1;
|
2000-11-01 21:34:21 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
memcpy(st->pktin->body - 1, decompblk, decomplen);
|
2000-12-12 10:33:13 +00:00
|
|
|
sfree(decompblk);
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->length = decomplen - 1;
|
2000-11-01 21:34:21 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->type = st->pktin->body[-1];
|
2001-12-14 14:57:50 +00:00
|
|
|
|
2004-10-02 00:33:27 +00:00
|
|
|
/*
|
|
|
|
* Log incoming packet, possibly omitting sensitive fields.
|
|
|
|
*/
|
|
|
|
if (ssh->logctx) {
|
|
|
|
int nblanks = 0;
|
|
|
|
struct logblank_t blank;
|
|
|
|
if (ssh->cfg.logomitdata) {
|
|
|
|
int do_blank = FALSE, blank_prefix = 0;
|
|
|
|
/* "Session data" packets - omit the data field */
|
2004-11-24 18:45:52 +00:00
|
|
|
if ((st->pktin->type == SSH1_SMSG_STDOUT_DATA) ||
|
|
|
|
(st->pktin->type == SSH1_SMSG_STDERR_DATA)) {
|
2004-10-02 00:33:27 +00:00
|
|
|
do_blank = TRUE; blank_prefix = 0;
|
2004-11-24 18:45:52 +00:00
|
|
|
} else if (st->pktin->type == SSH1_MSG_CHANNEL_DATA) {
|
2004-10-02 00:33:27 +00:00
|
|
|
do_blank = TRUE; blank_prefix = 4;
|
|
|
|
}
|
|
|
|
if (do_blank) {
|
|
|
|
blank.offset = blank_prefix;
|
2004-11-24 18:45:52 +00:00
|
|
|
blank.len = st->pktin->length;
|
2004-10-02 00:33:27 +00:00
|
|
|
blank.type = PKTLOG_OMIT;
|
|
|
|
nblanks = 1;
|
|
|
|
}
|
|
|
|
}
|
2002-10-26 12:58:13 +00:00
|
|
|
log_packet(ssh->logctx,
|
2004-11-24 18:45:52 +00:00
|
|
|
PKT_INCOMING, st->pktin->type,
|
|
|
|
ssh1_pkt_type(st->pktin->type),
|
|
|
|
st->pktin->body, st->pktin->length,
|
2004-10-02 00:33:27 +00:00
|
|
|
nblanks, &blank);
|
|
|
|
}
|
2001-12-14 14:57:50 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
crFinish(st->pktin);
|
2000-06-22 12:18:34 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
|
2000-09-05 14:28:17 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
struct rdpkt2_state_tag *st = &ssh->rdpkt2_state;
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
crBegin(ssh->ssh2_rdpkt_crstate);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin = ssh_new_packet();
|
|
|
|
|
|
|
|
st->pktin->type = 0;
|
|
|
|
st->pktin->length = 0;
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->sccipher)
|
|
|
|
st->cipherblk = ssh->sccipher->blksize;
|
2000-09-05 14:28:17 +00:00
|
|
|
else
|
2001-05-06 14:35:20 +00:00
|
|
|
st->cipherblk = 8;
|
2000-09-29 15:56:33 +00:00
|
|
|
if (st->cipherblk < 8)
|
2001-05-06 14:35:20 +00:00
|
|
|
st->cipherblk = 8;
|
2000-09-29 15:56:33 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Acquire and decrypt the first block of the packet. This will
|
|
|
|
* contain the length and padding details.
|
|
|
|
*/
|
2001-05-06 14:35:20 +00:00
|
|
|
for (st->i = st->len = 0; st->i < st->cipherblk; st->i++) {
|
2000-09-05 14:28:17 +00:00
|
|
|
while ((*datalen) == 0)
|
2004-11-24 18:45:52 +00:00
|
|
|
crReturn(NULL);
|
|
|
|
st->pktin->data[st->i] = *(*data)++;
|
2001-05-06 14:35:20 +00:00
|
|
|
(*datalen)--;
|
2000-09-05 14:28:17 +00:00
|
|
|
}
|
2001-09-18 18:16:56 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->sccipher)
|
2002-10-25 12:35:22 +00:00
|
|
|
ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->data, st->cipherblk);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Now get the length and padding figures.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
st->len = GET_32BIT(st->pktin->data);
|
|
|
|
st->pad = st->pktin->data[4];
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2002-08-18 09:10:17 +00:00
|
|
|
/*
|
|
|
|
* _Completely_ silly lengths should be stomped on before they
|
|
|
|
* do us any more damage.
|
|
|
|
*/
|
|
|
|
if (st->len < 0 || st->pad < 0 || st->len + st->pad < 0) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Incoming packet was garbled on decryption"));
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_free_packet(st->pktin);
|
|
|
|
crStop(NULL);
|
2002-08-18 09:10:17 +00:00
|
|
|
}
|
|
|
|
|
2000-09-05 14:28:17 +00:00
|
|
|
/*
|
|
|
|
* This enables us to deduce the payload length.
|
|
|
|
*/
|
2000-09-29 15:56:33 +00:00
|
|
|
st->payload = st->len - st->pad - 1;
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->length = st->payload + 5;
|
2000-09-05 14:28:17 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* So now we can work out the total packet length.
|
|
|
|
*/
|
2000-09-29 15:56:33 +00:00
|
|
|
st->packetlen = st->len + 4;
|
2002-10-25 11:30:33 +00:00
|
|
|
st->maclen = ssh->scmac ? ssh->scmac->len : 0;
|
2000-09-05 14:28:17 +00:00
|
|
|
|
|
|
|
/*
|
2004-11-24 18:45:52 +00:00
|
|
|
* Allocate memory for the rest of the packet.
|
2000-09-05 14:28:17 +00:00
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->maxlen = st->packetlen + st->maclen;
|
|
|
|
st->pktin->data = sresize(st->pktin->data,
|
|
|
|
st->pktin->maxlen + APIEXTRA,
|
|
|
|
unsigned char);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Read and decrypt the remainder of the packet.
|
|
|
|
*/
|
2001-05-06 14:35:20 +00:00
|
|
|
for (st->i = st->cipherblk; st->i < st->packetlen + st->maclen;
|
|
|
|
st->i++) {
|
2000-09-05 14:28:17 +00:00
|
|
|
while ((*datalen) == 0)
|
2004-11-24 18:45:52 +00:00
|
|
|
crReturn(NULL);
|
|
|
|
st->pktin->data[st->i] = *(*data)++;
|
2001-05-06 14:35:20 +00:00
|
|
|
(*datalen)--;
|
2000-09-05 14:28:17 +00:00
|
|
|
}
|
|
|
|
/* Decrypt everything _except_ the MAC. */
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->sccipher)
|
2002-10-25 12:35:22 +00:00
|
|
|
ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->data + st->cipherblk,
|
2002-10-25 11:30:33 +00:00
|
|
|
st->packetlen - st->cipherblk);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2004-11-27 14:29:20 +00:00
|
|
|
st->pktin->encrypted_len = st->packetlen;
|
|
|
|
|
2000-09-05 14:28:17 +00:00
|
|
|
/*
|
|
|
|
* Check the MAC.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->scmac
|
2004-11-24 18:45:52 +00:00
|
|
|
&& !ssh->scmac->verify(ssh->sc_mac_ctx, st->pktin->data, st->len + 4,
|
2002-10-25 11:30:33 +00:00
|
|
|
st->incoming_sequence)) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Incorrect MAC received on packet"));
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_free_packet(st->pktin);
|
|
|
|
crStop(NULL);
|
2000-09-22 11:04:57 +00:00
|
|
|
}
|
2004-11-24 20:35:15 +00:00
|
|
|
|
|
|
|
st->pktin->sequence = st->incoming_sequence++;
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2000-11-01 21:34:21 +00:00
|
|
|
/*
|
|
|
|
* Decompress packet payload.
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
unsigned char *newpayload;
|
|
|
|
int newlen;
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->sccomp &&
|
2002-10-25 13:26:33 +00:00
|
|
|
ssh->sccomp->decompress(ssh->sc_comp_ctx,
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->data + 5, st->pktin->length - 5,
|
2002-10-25 11:30:33 +00:00
|
|
|
&newpayload, &newlen)) {
|
2004-11-24 18:45:52 +00:00
|
|
|
if (st->pktin->maxlen < newlen + 5) {
|
|
|
|
st->pktin->maxlen = newlen + 5;
|
|
|
|
st->pktin->data = sresize(st->pktin->data,
|
|
|
|
st->pktin->maxlen + APIEXTRA,
|
2003-03-29 16:14:26 +00:00
|
|
|
unsigned char);
|
2000-11-01 21:34:21 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->length = 5 + newlen;
|
|
|
|
memcpy(st->pktin->data + 5, newpayload, newlen);
|
2000-12-12 10:33:13 +00:00
|
|
|
sfree(newpayload);
|
2000-11-01 21:34:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
st->pktin->savedpos = 6;
|
|
|
|
st->pktin->body = st->pktin->data;
|
|
|
|
st->pktin->type = st->pktin->data[5];
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2004-10-02 00:33:27 +00:00
|
|
|
/*
|
|
|
|
* Log incoming packet, possibly omitting sensitive fields.
|
|
|
|
*/
|
|
|
|
if (ssh->logctx) {
|
|
|
|
int nblanks = 0;
|
|
|
|
struct logblank_t blank;
|
|
|
|
if (ssh->cfg.logomitdata) {
|
|
|
|
int do_blank = FALSE, blank_prefix = 0;
|
|
|
|
/* "Session data" packets - omit the data field */
|
2004-11-24 18:45:52 +00:00
|
|
|
if (st->pktin->type == SSH2_MSG_CHANNEL_DATA) {
|
2004-10-02 00:33:27 +00:00
|
|
|
do_blank = TRUE; blank_prefix = 4;
|
2004-11-24 18:45:52 +00:00
|
|
|
} else if (st->pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA) {
|
2004-10-02 00:33:27 +00:00
|
|
|
do_blank = TRUE; blank_prefix = 8;
|
|
|
|
}
|
|
|
|
if (do_blank) {
|
|
|
|
blank.offset = blank_prefix;
|
2004-11-24 18:45:52 +00:00
|
|
|
blank.len = (st->pktin->length-6) - blank_prefix;
|
2004-10-02 00:33:27 +00:00
|
|
|
blank.type = PKTLOG_OMIT;
|
|
|
|
nblanks = 1;
|
|
|
|
}
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
log_packet(ssh->logctx, PKT_INCOMING, st->pktin->type,
|
|
|
|
ssh2_pkt_type(ssh->pkt_ctx, st->pktin->type),
|
|
|
|
st->pktin->data+6, st->pktin->length-6,
|
2004-10-02 00:33:27 +00:00
|
|
|
nblanks, &blank);
|
|
|
|
}
|
2001-12-14 14:57:50 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
crFinish(st->pktin);
|
2000-09-05 14:28:17 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh1_pktout_size(struct Packet *pkt, int len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
1999-01-08 13:02:13 +00:00
|
|
|
int pad, biglen;
|
|
|
|
|
|
|
|
len += 5; /* type and CRC */
|
2001-05-06 14:35:20 +00:00
|
|
|
pad = 8 - (len % 8);
|
1999-01-08 13:02:13 +00:00
|
|
|
biglen = len + pad;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->length = len - 5;
|
|
|
|
if (pkt->maxlen < biglen) {
|
|
|
|
pkt->maxlen = biglen;
|
|
|
|
pkt->data = sresize(pkt->data, biglen + 4 + APIEXTRA, unsigned char);
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->body = pkt->data + 4 + pad + 1;
|
2000-11-01 21:34:21 +00:00
|
|
|
}
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static struct Packet *s_wrpkt_start(int type, int len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pkt = ssh_new_packet();
|
|
|
|
ssh1_pktout_size(pkt, len);
|
|
|
|
pkt->type = type;
|
2004-10-02 00:33:27 +00:00
|
|
|
/* Initialise log omission state */
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->nblanks = 0;
|
|
|
|
pkt->blanks = NULL;
|
|
|
|
return pkt;
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static int s_wrpkt_prepare(Ssh ssh, struct Packet *pkt)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2003-02-23 00:13:17 +00:00
|
|
|
int pad, biglen, i;
|
1999-01-08 13:02:13 +00:00
|
|
|
unsigned long crc;
|
2003-02-23 00:13:17 +00:00
|
|
|
#ifdef __SC__
|
|
|
|
/*
|
|
|
|
* XXX various versions of SC (including 8.8.4) screw up the
|
|
|
|
* register allocation in this function and use the same register
|
|
|
|
* (D6) for len and as a temporary, with predictable results. The
|
|
|
|
* following sledgehammer prevents this.
|
|
|
|
*/
|
|
|
|
volatile
|
|
|
|
#endif
|
|
|
|
int len;
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->body[-1] = pkt->type;
|
2000-11-01 21:34:21 +00:00
|
|
|
|
2002-10-26 12:58:13 +00:00
|
|
|
if (ssh->logctx)
|
2004-11-24 18:45:52 +00:00
|
|
|
log_packet(ssh->logctx, PKT_OUTGOING, pkt->type,
|
|
|
|
ssh1_pkt_type(pkt->type),
|
|
|
|
pkt->body, pkt->length,
|
|
|
|
pkt->nblanks, pkt->blanks);
|
|
|
|
sfree(pkt->blanks); pkt->blanks = NULL;
|
|
|
|
pkt->nblanks = 0;
|
2001-12-14 14:57:50 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->v1_compressing) {
|
2000-11-01 21:34:21 +00:00
|
|
|
unsigned char *compblk;
|
|
|
|
int complen;
|
2002-10-25 13:26:33 +00:00
|
|
|
zlib_compress_block(ssh->cs_comp_ctx,
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->body - 1, pkt->length + 1,
|
2000-11-01 21:34:21 +00:00
|
|
|
&compblk, &complen);
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh1_pktout_size(pkt, complen - 1);
|
|
|
|
memcpy(pkt->body - 1, compblk, complen);
|
2000-12-12 10:33:13 +00:00
|
|
|
sfree(compblk);
|
2000-11-01 21:34:21 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
len = pkt->length + 5; /* type and CRC */
|
2001-05-06 14:35:20 +00:00
|
|
|
pad = 8 - (len % 8);
|
1999-01-08 13:02:13 +00:00
|
|
|
biglen = len + pad;
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
for (i = 0; i < pad; i++)
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->data[i + 4] = random_byte();
|
|
|
|
crc = crc32_compute(pkt->data + 4, biglen - 4);
|
|
|
|
PUT_32BIT(pkt->data + biglen, crc);
|
|
|
|
PUT_32BIT(pkt->data, len);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->cipher)
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh->cipher->encrypt(ssh->v1_cipher_ctx, pkt->data + 4, biglen);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
return biglen + 4;
|
2001-03-05 10:32:36 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static void s_wrpkt(Ssh ssh, struct Packet *pkt)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2001-08-25 17:09:23 +00:00
|
|
|
int len, backlog;
|
2004-11-24 18:45:52 +00:00
|
|
|
len = s_wrpkt_prepare(ssh, pkt);
|
|
|
|
backlog = sk_write(ssh->s, (char *)pkt->data, len);
|
2001-08-25 17:09:23 +00:00
|
|
|
if (backlog > SSH_MAX_BACKLOG)
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh_throttle_all(ssh, 1, backlog);
|
2001-03-05 10:32:36 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static void s_wrpkt_defer(Ssh ssh, struct Packet *pkt)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2001-03-05 10:32:36 +00:00
|
|
|
int len;
|
2004-11-24 18:45:52 +00:00
|
|
|
len = s_wrpkt_prepare(ssh, pkt);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->deferred_len + len > ssh->deferred_size) {
|
|
|
|
ssh->deferred_size = ssh->deferred_len + len + 128;
|
2003-03-29 16:14:26 +00:00
|
|
|
ssh->deferred_send_data = sresize(ssh->deferred_send_data,
|
|
|
|
ssh->deferred_size,
|
|
|
|
unsigned char);
|
2001-03-05 10:32:36 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
memcpy(ssh->deferred_send_data + ssh->deferred_len, pkt->data, len);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->deferred_len += len;
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
|
2000-06-22 12:18:34 +00:00
|
|
|
/*
|
2001-03-05 10:32:36 +00:00
|
|
|
* Construct a packet with the specified contents.
|
2000-06-22 12:18:34 +00:00
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
static struct Packet *construct_packet(Ssh ssh, int pkttype,
|
|
|
|
va_list ap1, va_list ap2)
|
2000-06-22 12:18:34 +00:00
|
|
|
{
|
|
|
|
unsigned char *p, *argp, argchar;
|
|
|
|
unsigned long argint;
|
|
|
|
int pktlen, argtype, arglen;
|
2000-09-07 16:33:49 +00:00
|
|
|
Bignum bn;
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pkt;
|
2000-06-22 12:18:34 +00:00
|
|
|
|
|
|
|
pktlen = 0;
|
2001-03-05 10:32:36 +00:00
|
|
|
while ((argtype = va_arg(ap1, int)) != PKT_END) {
|
2000-06-22 12:18:34 +00:00
|
|
|
switch (argtype) {
|
|
|
|
case PKT_INT:
|
2001-03-05 10:32:36 +00:00
|
|
|
(void) va_arg(ap1, int);
|
2000-06-22 12:18:34 +00:00
|
|
|
pktlen += 4;
|
|
|
|
break;
|
|
|
|
case PKT_CHAR:
|
2002-11-01 12:53:10 +00:00
|
|
|
(void) va_arg(ap1, int);
|
2000-06-22 12:18:34 +00:00
|
|
|
pktlen++;
|
|
|
|
break;
|
|
|
|
case PKT_DATA:
|
2001-03-05 10:32:36 +00:00
|
|
|
(void) va_arg(ap1, unsigned char *);
|
|
|
|
arglen = va_arg(ap1, int);
|
2000-06-22 12:18:34 +00:00
|
|
|
pktlen += arglen;
|
|
|
|
break;
|
|
|
|
case PKT_STR:
|
2001-03-05 10:32:36 +00:00
|
|
|
argp = va_arg(ap1, unsigned char *);
|
2003-01-05 13:43:02 +00:00
|
|
|
arglen = strlen((char *)argp);
|
2000-06-22 12:18:34 +00:00
|
|
|
pktlen += 4 + arglen;
|
|
|
|
break;
|
2000-09-07 16:33:49 +00:00
|
|
|
case PKT_BIGNUM:
|
2001-03-05 10:32:36 +00:00
|
|
|
bn = va_arg(ap1, Bignum);
|
2001-05-06 14:35:20 +00:00
|
|
|
pktlen += ssh1_bignum_length(bn);
|
2000-09-07 16:33:49 +00:00
|
|
|
break;
|
2004-10-02 00:33:27 +00:00
|
|
|
case PKTT_PASSWORD:
|
|
|
|
case PKTT_DATA:
|
|
|
|
case PKTT_OTHER:
|
|
|
|
/* ignore this pass */
|
|
|
|
break;
|
2000-06-22 12:18:34 +00:00
|
|
|
default:
|
|
|
|
assert(0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt = s_wrpkt_start(pkttype, pktlen);
|
|
|
|
p = pkt->body;
|
2000-06-22 12:18:34 +00:00
|
|
|
|
2001-03-05 10:32:36 +00:00
|
|
|
while ((argtype = va_arg(ap2, int)) != PKT_END) {
|
2004-11-24 18:45:52 +00:00
|
|
|
int offset = p - pkt->body, len = 0;
|
2000-06-22 12:18:34 +00:00
|
|
|
switch (argtype) {
|
2004-10-02 00:33:27 +00:00
|
|
|
/* Actual fields in the packet */
|
2000-06-22 12:18:34 +00:00
|
|
|
case PKT_INT:
|
2001-03-05 10:32:36 +00:00
|
|
|
argint = va_arg(ap2, int);
|
2000-06-22 12:18:34 +00:00
|
|
|
PUT_32BIT(p, argint);
|
2004-10-02 00:33:27 +00:00
|
|
|
len = 4;
|
2000-06-22 12:18:34 +00:00
|
|
|
break;
|
|
|
|
case PKT_CHAR:
|
2002-11-01 12:53:10 +00:00
|
|
|
argchar = (unsigned char) va_arg(ap2, int);
|
2000-06-22 12:18:34 +00:00
|
|
|
*p = argchar;
|
2004-10-02 00:33:27 +00:00
|
|
|
len = 1;
|
2000-06-22 12:18:34 +00:00
|
|
|
break;
|
|
|
|
case PKT_DATA:
|
2001-03-05 10:32:36 +00:00
|
|
|
argp = va_arg(ap2, unsigned char *);
|
|
|
|
arglen = va_arg(ap2, int);
|
2000-06-22 12:18:34 +00:00
|
|
|
memcpy(p, argp, arglen);
|
2004-10-02 00:33:27 +00:00
|
|
|
len = arglen;
|
2000-06-22 12:18:34 +00:00
|
|
|
break;
|
|
|
|
case PKT_STR:
|
2001-03-05 10:32:36 +00:00
|
|
|
argp = va_arg(ap2, unsigned char *);
|
2003-01-05 13:43:02 +00:00
|
|
|
arglen = strlen((char *)argp);
|
2000-06-22 12:18:34 +00:00
|
|
|
PUT_32BIT(p, arglen);
|
|
|
|
memcpy(p + 4, argp, arglen);
|
2004-10-02 00:33:27 +00:00
|
|
|
len = arglen + 4;
|
2000-06-22 12:18:34 +00:00
|
|
|
break;
|
2000-09-07 16:33:49 +00:00
|
|
|
case PKT_BIGNUM:
|
2001-03-05 10:32:36 +00:00
|
|
|
bn = va_arg(ap2, Bignum);
|
2004-10-02 00:33:27 +00:00
|
|
|
len = ssh1_write_bignum(p, bn);
|
|
|
|
break;
|
|
|
|
/* Tokens for modifications to packet logging */
|
|
|
|
case PKTT_PASSWORD:
|
2004-11-24 18:45:52 +00:00
|
|
|
dont_log_password(ssh, pkt, PKTLOG_BLANK);
|
2004-10-02 00:33:27 +00:00
|
|
|
break;
|
|
|
|
case PKTT_DATA:
|
2004-11-24 18:45:52 +00:00
|
|
|
dont_log_data(ssh, pkt, PKTLOG_OMIT);
|
2000-09-07 16:33:49 +00:00
|
|
|
break;
|
2004-10-02 00:33:27 +00:00
|
|
|
case PKTT_OTHER:
|
2004-11-24 18:45:52 +00:00
|
|
|
end_log_omission(ssh, pkt);
|
2004-10-02 00:33:27 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
p += len;
|
|
|
|
/* Deal with logfile omission, if required. */
|
2004-11-24 18:45:52 +00:00
|
|
|
if (len && (pkt->logmode != PKTLOG_EMIT)) {
|
|
|
|
pkt->nblanks++;
|
|
|
|
pkt->blanks = sresize(pkt->blanks, pkt->nblanks,
|
|
|
|
struct logblank_t);
|
|
|
|
pkt->blanks[pkt->nblanks-1].offset = offset;
|
|
|
|
pkt->blanks[pkt->nblanks-1].len = len;
|
|
|
|
pkt->blanks[pkt->nblanks-1].type = pkt->logmode;
|
2000-06-22 12:18:34 +00:00
|
|
|
}
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
|
|
|
|
return pkt;
|
2001-03-05 10:32:36 +00:00
|
|
|
}
|
2000-06-22 12:18:34 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
static void send_packet(Ssh ssh, int pkttype, ...)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pkt;
|
2001-03-05 10:32:36 +00:00
|
|
|
va_list ap1, ap2;
|
|
|
|
va_start(ap1, pkttype);
|
|
|
|
va_start(ap2, pkttype);
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt = construct_packet(ssh, pkttype, ap1, ap2);
|
|
|
|
va_end(ap2);
|
|
|
|
va_end(ap1);
|
|
|
|
s_wrpkt(ssh, pkt);
|
|
|
|
ssh_free_packet(pkt);
|
2000-06-22 12:18:34 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
static void defer_packet(Ssh ssh, int pkttype, ...)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pkt;
|
2001-03-05 10:32:36 +00:00
|
|
|
va_list ap1, ap2;
|
|
|
|
va_start(ap1, pkttype);
|
|
|
|
va_start(ap2, pkttype);
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt = construct_packet(ssh, pkttype, ap1, ap2);
|
|
|
|
va_end(ap2);
|
|
|
|
va_end(ap1);
|
|
|
|
s_wrpkt_defer(ssh, pkt);
|
|
|
|
ssh_free_packet(pkt);
|
2001-03-05 10:32:36 +00:00
|
|
|
}
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
static int ssh_versioncmp(char *a, char *b)
|
|
|
|
{
|
1999-10-25 08:59:40 +00:00
|
|
|
char *ae, *be;
|
|
|
|
unsigned long av, bv;
|
|
|
|
|
1999-10-25 14:27:13 +00:00
|
|
|
av = strtoul(a, &ae, 10);
|
|
|
|
bv = strtoul(b, &be, 10);
|
2001-05-06 14:35:20 +00:00
|
|
|
if (av != bv)
|
|
|
|
return (av < bv ? -1 : +1);
|
|
|
|
if (*ae == '.')
|
|
|
|
ae++;
|
|
|
|
if (*be == '.')
|
|
|
|
be++;
|
1999-10-25 14:27:13 +00:00
|
|
|
av = strtoul(ae, &ae, 10);
|
|
|
|
bv = strtoul(be, &be, 10);
|
2001-05-06 14:35:20 +00:00
|
|
|
if (av != bv)
|
|
|
|
return (av < bv ? -1 : +1);
|
1999-10-25 08:59:40 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2000-09-05 14:28:17 +00:00
|
|
|
/*
|
2001-03-01 17:55:40 +00:00
|
|
|
* Utility routines for putting an SSH-protocol `string' and
|
|
|
|
* `uint32' into a SHA state.
|
2000-09-05 14:28:17 +00:00
|
|
|
*/
|
|
|
|
#include <stdio.h>
|
2001-05-06 14:35:20 +00:00
|
|
|
static void sha_string(SHA_State * s, void *str, int len)
|
|
|
|
{
|
2000-09-05 14:28:17 +00:00
|
|
|
unsigned char lenblk[4];
|
|
|
|
PUT_32BIT(lenblk, len);
|
|
|
|
SHA_Bytes(s, lenblk, 4);
|
|
|
|
SHA_Bytes(s, str, len);
|
|
|
|
}
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
static void sha_uint32(SHA_State * s, unsigned i)
|
|
|
|
{
|
2001-03-01 17:55:40 +00:00
|
|
|
unsigned char intblk[4];
|
|
|
|
PUT_32BIT(intblk, i);
|
|
|
|
SHA_Bytes(s, intblk, 4);
|
|
|
|
}
|
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
/*
|
|
|
|
* SSH2 packet construction functions.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_ensure(struct Packet *pkt, int length)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pkt->maxlen < length) {
|
|
|
|
pkt->maxlen = length + 256;
|
|
|
|
pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2001-01-22 15:36:07 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_adddata(struct Packet *pkt, void *data, int len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pkt->logmode != PKTLOG_EMIT) {
|
|
|
|
pkt->nblanks++;
|
|
|
|
pkt->blanks = sresize(pkt->blanks, pkt->nblanks, struct logblank_t);
|
|
|
|
pkt->blanks[pkt->nblanks-1].offset = pkt->length - 6;
|
|
|
|
pkt->blanks[pkt->nblanks-1].len = len;
|
|
|
|
pkt->blanks[pkt->nblanks-1].type = pkt->logmode;
|
|
|
|
}
|
|
|
|
pkt->length += len;
|
|
|
|
ssh2_pkt_ensure(pkt, pkt->length);
|
|
|
|
memcpy(pkt->data + pkt->length - len, data, len);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_addbyte(struct Packet *pkt, unsigned char byte)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_adddata(pkt, &byte, 1);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static struct Packet *ssh2_pkt_init(int pkt_type)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pkt = ssh_new_packet();
|
|
|
|
pkt->length = 5;
|
|
|
|
ssh2_pkt_addbyte(pkt, (unsigned char) pkt_type);
|
|
|
|
return pkt;
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_addbool(struct Packet *pkt, unsigned char value)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_adddata(pkt, &value, 1);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_adduint32(struct Packet *pkt, unsigned long value)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2000-09-07 16:33:49 +00:00
|
|
|
unsigned char x[4];
|
|
|
|
PUT_32BIT(x, value);
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_adddata(pkt, x, 4);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_addstring_start(struct Packet *pkt)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_adduint32(pkt, 0);
|
|
|
|
pkt->savedpos = pkt->length;
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_addstring_str(struct Packet *pkt, char *data)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_adddata(pkt, data, strlen(data));
|
|
|
|
PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_addstring_data(struct Packet *pkt, char *data, int len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_adddata(pkt, data, len);
|
|
|
|
PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_addstring(struct Packet *pkt, char *data)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(pkt);
|
|
|
|
ssh2_pkt_addstring_str(pkt, data);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2003-01-05 13:43:02 +00:00
|
|
|
static unsigned char *ssh2_mpint_fmt(Bignum b, int *len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2000-09-07 16:33:49 +00:00
|
|
|
unsigned char *p;
|
2001-05-06 14:35:20 +00:00
|
|
|
int i, n = (bignum_bitcount(b) + 7) / 8;
|
2003-03-29 16:14:26 +00:00
|
|
|
p = snewn(n + 1, unsigned char);
|
2000-09-07 16:33:49 +00:00
|
|
|
if (!p)
|
2001-05-06 14:35:20 +00:00
|
|
|
fatalbox("out of memory");
|
2000-09-07 16:33:49 +00:00
|
|
|
p[0] = 0;
|
2001-03-01 17:41:26 +00:00
|
|
|
for (i = 1; i <= n; i++)
|
2001-05-06 14:35:20 +00:00
|
|
|
p[i] = bignum_byte(b, n - i);
|
2000-09-07 16:33:49 +00:00
|
|
|
i = 0;
|
2001-05-06 14:35:20 +00:00
|
|
|
while (i <= n && p[i] == 0 && (p[i + 1] & 0x80) == 0)
|
|
|
|
i++;
|
|
|
|
memmove(p, p + i, n + 1 - i);
|
|
|
|
*len = n + 1 - i;
|
2000-09-07 16:33:49 +00:00
|
|
|
return p;
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2000-09-07 16:33:49 +00:00
|
|
|
unsigned char *p;
|
|
|
|
int len;
|
|
|
|
p = ssh2_mpint_fmt(b, &len);
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(pkt);
|
|
|
|
ssh2_pkt_addstring_data(pkt, (char *)p, len);
|
2000-12-12 10:33:13 +00:00
|
|
|
sfree(p);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2001-02-23 13:15:17 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Construct an SSH2 final-form packet: compress it, encrypt it,
|
|
|
|
* put the MAC on it. Final packet, ready to be sent, is stored in
|
2004-11-24 18:45:52 +00:00
|
|
|
* pkt->data. Total length is returned.
|
2001-02-23 13:15:17 +00:00
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2000-09-07 16:33:49 +00:00
|
|
|
int cipherblk, maclen, padding, i;
|
|
|
|
|
2002-10-26 12:58:13 +00:00
|
|
|
if (ssh->logctx)
|
2004-11-24 18:45:52 +00:00
|
|
|
log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[5],
|
|
|
|
ssh2_pkt_type(ssh->pkt_ctx, pkt->data[5]),
|
|
|
|
pkt->data + 6, pkt->length - 6,
|
|
|
|
pkt->nblanks, pkt->blanks);
|
|
|
|
sfree(pkt->blanks); pkt->blanks = NULL;
|
|
|
|
pkt->nblanks = 0;
|
2001-12-14 14:57:50 +00:00
|
|
|
|
2000-11-01 21:34:21 +00:00
|
|
|
/*
|
|
|
|
* Compress packet payload.
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
unsigned char *newpayload;
|
|
|
|
int newlen;
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->cscomp &&
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh->cscomp->compress(ssh->cs_comp_ctx, pkt->data + 5,
|
|
|
|
pkt->length - 5,
|
2002-10-25 11:30:33 +00:00
|
|
|
&newpayload, &newlen)) {
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->length = 5;
|
|
|
|
ssh2_pkt_adddata(pkt, newpayload, newlen);
|
2000-12-12 10:33:13 +00:00
|
|
|
sfree(newpayload);
|
2000-11-01 21:34:21 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
/*
|
|
|
|
* Add padding. At least four bytes, and must also bring total
|
|
|
|
* length (minus MAC) up to a multiple of the block size.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
cipherblk = ssh->cscipher ? ssh->cscipher->blksize : 8; /* block size */
|
2001-05-06 14:35:20 +00:00
|
|
|
cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */
|
2000-09-07 16:33:49 +00:00
|
|
|
padding = 4;
|
2001-05-06 14:35:20 +00:00
|
|
|
padding +=
|
2004-11-24 18:45:52 +00:00
|
|
|
(cipherblk - (pkt->length + padding) % cipherblk) % cipherblk;
|
2002-10-25 11:30:33 +00:00
|
|
|
maclen = ssh->csmac ? ssh->csmac->len : 0;
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_ensure(pkt, pkt->length + padding + maclen);
|
|
|
|
pkt->data[4] = padding;
|
2000-09-07 16:33:49 +00:00
|
|
|
for (i = 0; i < padding; i++)
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->data[pkt->length + i] = random_byte();
|
|
|
|
PUT_32BIT(pkt->data, pkt->length + padding - 4);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->csmac)
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh->csmac->generate(ssh->cs_mac_ctx, pkt->data,
|
|
|
|
pkt->length + padding,
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->v2_outgoing_sequence);
|
|
|
|
ssh->v2_outgoing_sequence++; /* whether or not we MACed */
|
|
|
|
|
|
|
|
if (ssh->cscipher)
|
2002-10-25 12:35:22 +00:00
|
|
|
ssh->cscipher->encrypt(ssh->cs_cipher_ctx,
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->data, pkt->length + padding);
|
2002-10-25 11:30:33 +00:00
|
|
|
|
2004-11-27 14:29:20 +00:00
|
|
|
pkt->encrypted_len = pkt->length + padding;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
/* Ready-to-send packet starts at pkt->data. We return length. */
|
|
|
|
return pkt->length + padding + maclen;
|
2001-02-23 13:15:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2004-11-24 19:23:02 +00:00
|
|
|
* Routines called from the main SSH code to send packets. There
|
|
|
|
* are quite a few of these, because we have two separate
|
|
|
|
* mechanisms for delaying the sending of packets:
|
|
|
|
*
|
|
|
|
* - In order to send an IGNORE message and a password message in
|
|
|
|
* a single fixed-length blob, we require the ability to
|
|
|
|
* concatenate the encrypted forms of those two packets _into_ a
|
|
|
|
* single blob and then pass it to our <network.h> transport
|
|
|
|
* layer in one go. Hence, there's a deferment mechanism which
|
|
|
|
* works after packet encryption.
|
|
|
|
*
|
|
|
|
* - In order to avoid sending any connection-layer messages
|
|
|
|
* during repeat key exchange, we have to queue up any such
|
|
|
|
* outgoing messages _before_ they are encrypted (and in
|
|
|
|
* particular before they're allocated sequence numbers), and
|
|
|
|
* then send them once we've finished.
|
|
|
|
*
|
|
|
|
* I call these mechanisms `defer' and `queue' respectively, so as
|
|
|
|
* to distinguish them reasonably easily.
|
|
|
|
*
|
|
|
|
* The functions send_noqueue() and defer_noqueue() free the packet
|
|
|
|
* structure they are passed. Every outgoing packet goes through
|
|
|
|
* precisely one of these functions in its life; packets passed to
|
|
|
|
* ssh2_pkt_send() or ssh2_pkt_defer() either go straight to one of
|
|
|
|
* these or get queued, and then when the queue is later emptied
|
|
|
|
* the packets are all passed to defer_noqueue().
|
2001-02-23 13:15:17 +00:00
|
|
|
*/
|
2004-11-24 19:23:02 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Send an SSH2 packet immediately, without queuing or deferring.
|
|
|
|
*/
|
|
|
|
static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2001-08-25 17:09:23 +00:00
|
|
|
int len;
|
|
|
|
int backlog;
|
2004-11-24 18:45:52 +00:00
|
|
|
len = ssh2_pkt_construct(ssh, pkt);
|
|
|
|
backlog = sk_write(ssh->s, (char *)pkt->data, len);
|
2001-08-25 17:09:23 +00:00
|
|
|
if (backlog > SSH_MAX_BACKLOG)
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh_throttle_all(ssh, 1, backlog);
|
2004-11-27 14:29:20 +00:00
|
|
|
|
|
|
|
ssh->outgoing_data_size += pkt->encrypted_len;
|
|
|
|
if (!ssh->kex_in_progress &&
|
2004-12-24 13:39:32 +00:00
|
|
|
ssh->max_data_size != 0 &&
|
|
|
|
ssh->outgoing_data_size > ssh->max_data_size)
|
2004-11-27 14:29:20 +00:00
|
|
|
do_ssh2_transport(ssh, "Initiating key re-exchange "
|
|
|
|
"(too much data sent)", -1, NULL);
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_free_packet(pkt);
|
2001-02-23 13:15:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2004-11-24 19:23:02 +00:00
|
|
|
* Defer an SSH2 packet.
|
2001-02-23 13:15:17 +00:00
|
|
|
*/
|
2004-11-24 19:23:02 +00:00
|
|
|
static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
int len = ssh2_pkt_construct(ssh, pkt);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->deferred_len + len > ssh->deferred_size) {
|
|
|
|
ssh->deferred_size = ssh->deferred_len + len + 128;
|
2003-03-29 16:14:26 +00:00
|
|
|
ssh->deferred_send_data = sresize(ssh->deferred_send_data,
|
|
|
|
ssh->deferred_size,
|
|
|
|
unsigned char);
|
2001-02-23 13:15:17 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
memcpy(ssh->deferred_send_data + ssh->deferred_len, pkt->data, len);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->deferred_len += len;
|
2004-11-27 14:29:20 +00:00
|
|
|
ssh->deferred_data_size += pkt->encrypted_len;
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_free_packet(pkt);
|
2001-02-23 13:15:17 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 19:23:02 +00:00
|
|
|
/*
|
|
|
|
* Queue an SSH2 packet.
|
|
|
|
*/
|
|
|
|
static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
|
|
|
|
{
|
|
|
|
assert(ssh->queueing);
|
|
|
|
|
|
|
|
if (ssh->queuelen >= ssh->queuesize) {
|
|
|
|
ssh->queuesize = ssh->queuelen + 32;
|
|
|
|
ssh->queue = sresize(ssh->queue, ssh->queuesize, struct Packet *);
|
|
|
|
}
|
|
|
|
|
|
|
|
ssh->queue[ssh->queuelen++] = pkt;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Either queue or send a packet, depending on whether queueing is
|
|
|
|
* set.
|
|
|
|
*/
|
|
|
|
static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt)
|
|
|
|
{
|
|
|
|
if (ssh->queueing)
|
|
|
|
ssh2_pkt_queue(ssh, pkt);
|
|
|
|
else
|
|
|
|
ssh2_pkt_send_noqueue(ssh, pkt);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Either queue or defer a packet, depending on whether queueing is
|
|
|
|
* set.
|
|
|
|
*/
|
|
|
|
static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
|
|
|
|
{
|
|
|
|
if (ssh->queueing)
|
|
|
|
ssh2_pkt_queue(ssh, pkt);
|
|
|
|
else
|
|
|
|
ssh2_pkt_defer_noqueue(ssh, pkt);
|
|
|
|
}
|
|
|
|
|
2001-02-23 13:15:17 +00:00
|
|
|
/*
|
|
|
|
* Send the whole deferred data block constructed by
|
2001-03-05 10:32:36 +00:00
|
|
|
* ssh2_pkt_defer() or SSH1's defer_packet().
|
2004-11-24 19:23:02 +00:00
|
|
|
*
|
|
|
|
* The expected use of the defer mechanism is that you call
|
|
|
|
* ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
|
|
|
|
* not currently queueing, this simply sets up deferred_send_data
|
|
|
|
* and then sends it. If we _are_ currently queueing, the calls to
|
|
|
|
* ssh2_pkt_defer() put the deferred packets on to the queue
|
|
|
|
* instead, and therefore ssh_pkt_defersend() has no deferred data
|
|
|
|
* to send. Hence, there's no need to make it conditional on
|
|
|
|
* ssh->queueing.
|
2001-02-23 13:15:17 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
static void ssh_pkt_defersend(Ssh ssh)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2001-08-25 17:09:23 +00:00
|
|
|
int backlog;
|
2003-01-05 13:43:02 +00:00
|
|
|
backlog = sk_write(ssh->s, (char *)ssh->deferred_send_data,
|
|
|
|
ssh->deferred_len);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->deferred_len = ssh->deferred_size = 0;
|
|
|
|
sfree(ssh->deferred_send_data);
|
|
|
|
ssh->deferred_send_data = NULL;
|
2001-08-25 17:09:23 +00:00
|
|
|
if (backlog > SSH_MAX_BACKLOG)
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh_throttle_all(ssh, 1, backlog);
|
2004-11-27 14:29:20 +00:00
|
|
|
|
|
|
|
ssh->outgoing_data_size += ssh->deferred_data_size;
|
|
|
|
if (!ssh->kex_in_progress &&
|
2004-12-24 13:39:32 +00:00
|
|
|
ssh->max_data_size != 0 &&
|
|
|
|
ssh->outgoing_data_size > ssh->max_data_size)
|
2004-11-27 14:29:20 +00:00
|
|
|
do_ssh2_transport(ssh, "Initiating key re-exchange "
|
|
|
|
"(too much data sent)", -1, NULL);
|
|
|
|
ssh->deferred_data_size = 0;
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 19:23:02 +00:00
|
|
|
/*
|
|
|
|
* Send all queued SSH2 packets. We send them by means of
|
|
|
|
* ssh2_pkt_defer_noqueue(), in case they included a pair of
|
|
|
|
* packets that needed to be lumped together.
|
|
|
|
*/
|
|
|
|
static void ssh2_pkt_queuesend(Ssh ssh)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
assert(!ssh->queueing);
|
|
|
|
|
|
|
|
for (i = 0; i < ssh->queuelen; i++)
|
|
|
|
ssh2_pkt_defer_noqueue(ssh, ssh->queue[i]);
|
|
|
|
ssh->queuelen = 0;
|
|
|
|
|
|
|
|
ssh_pkt_defersend(ssh);
|
|
|
|
}
|
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
#if 0
|
2001-05-06 14:35:20 +00:00
|
|
|
void bndebug(char *string, Bignum b)
|
|
|
|
{
|
2000-09-07 16:33:49 +00:00
|
|
|
unsigned char *p;
|
|
|
|
int i, len;
|
|
|
|
p = ssh2_mpint_fmt(b, &len);
|
|
|
|
debug(("%s", string));
|
|
|
|
for (i = 0; i < len; i++)
|
2001-05-06 14:35:20 +00:00
|
|
|
debug((" %02x", p[i]));
|
2001-04-28 17:35:18 +00:00
|
|
|
debug(("\n"));
|
2000-12-12 10:33:13 +00:00
|
|
|
sfree(p);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
static void sha_mpint(SHA_State * s, Bignum b)
|
|
|
|
{
|
2000-09-07 16:33:49 +00:00
|
|
|
unsigned char *p;
|
|
|
|
int len;
|
|
|
|
p = ssh2_mpint_fmt(b, &len);
|
|
|
|
sha_string(s, p, len);
|
2000-12-12 10:33:13 +00:00
|
|
|
sfree(p);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2004-08-01 12:07:11 +00:00
|
|
|
* Packet decode functions for both SSH1 and SSH2.
|
2000-09-07 16:33:49 +00:00
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2000-09-07 16:33:49 +00:00
|
|
|
unsigned long value;
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pkt->length - pkt->savedpos < 4)
|
2001-05-06 14:35:20 +00:00
|
|
|
return 0; /* arrgh, no way to decline (FIXME?) */
|
2004-11-24 18:45:52 +00:00
|
|
|
value = GET_32BIT(pkt->body + pkt->savedpos);
|
|
|
|
pkt->savedpos += 4;
|
2000-09-07 16:33:49 +00:00
|
|
|
return value;
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static int ssh2_pkt_getbool(struct Packet *pkt)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2001-03-03 11:54:34 +00:00
|
|
|
unsigned long value;
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pkt->length - pkt->savedpos < 1)
|
2001-05-06 14:35:20 +00:00
|
|
|
return 0; /* arrgh, no way to decline (FIXME?) */
|
2004-11-24 18:45:52 +00:00
|
|
|
value = pkt->body[pkt->savedpos] != 0;
|
|
|
|
pkt->savedpos++;
|
2001-03-03 11:54:34 +00:00
|
|
|
return value;
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-11-07 19:49:03 +00:00
|
|
|
int len;
|
2000-09-07 16:33:49 +00:00
|
|
|
*p = NULL;
|
2002-08-03 16:22:55 +00:00
|
|
|
*length = 0;
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pkt->length - pkt->savedpos < 4)
|
2001-05-06 14:35:20 +00:00
|
|
|
return;
|
2004-11-24 18:45:52 +00:00
|
|
|
len = GET_32BIT(pkt->body + pkt->savedpos);
|
2002-11-07 19:49:03 +00:00
|
|
|
if (len < 0)
|
|
|
|
return;
|
|
|
|
*length = len;
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->savedpos += 4;
|
|
|
|
if (pkt->length - pkt->savedpos < *length)
|
2001-05-06 14:35:20 +00:00
|
|
|
return;
|
2004-11-24 18:45:52 +00:00
|
|
|
*p = (char *)(pkt->body + pkt->savedpos);
|
|
|
|
pkt->savedpos += *length;
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static void *ssh_pkt_getdata(struct Packet *pkt, int length)
|
2004-08-01 12:07:11 +00:00
|
|
|
{
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pkt->length - pkt->savedpos < length)
|
2004-08-01 12:07:11 +00:00
|
|
|
return NULL;
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->savedpos += length;
|
|
|
|
return pkt->body + (pkt->savedpos - length);
|
2004-08-01 12:07:11 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static int ssh1_pkt_getrsakey(struct Packet *pkt, struct RSAKey *key,
|
2004-08-01 12:07:11 +00:00
|
|
|
unsigned char **keystr)
|
|
|
|
{
|
|
|
|
int j;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
j = makekey(pkt->body + pkt->savedpos,
|
|
|
|
pkt->length - pkt->savedpos,
|
2004-08-01 12:07:11 +00:00
|
|
|
key, keystr, 0);
|
|
|
|
|
|
|
|
if (j < 0)
|
|
|
|
return FALSE;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->savedpos += j;
|
|
|
|
assert(pkt->savedpos < pkt->length);
|
2004-08-01 12:07:11 +00:00
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static Bignum ssh1_pkt_getmp(struct Packet *pkt)
|
2004-08-01 12:07:11 +00:00
|
|
|
{
|
|
|
|
int j;
|
|
|
|
Bignum b;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
j = ssh1_read_bignum(pkt->body + pkt->savedpos,
|
|
|
|
pkt->length - pkt->savedpos, &b);
|
2004-08-01 12:07:11 +00:00
|
|
|
|
|
|
|
if (j < 0)
|
|
|
|
return NULL;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
pkt->savedpos += j;
|
2004-08-01 12:07:11 +00:00
|
|
|
return b;
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
static Bignum ssh2_pkt_getmp(struct Packet *pkt)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2000-09-07 16:33:49 +00:00
|
|
|
char *p;
|
2001-03-01 17:41:26 +00:00
|
|
|
int length;
|
2000-09-07 16:33:49 +00:00
|
|
|
Bignum b;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pkt, &p, &length);
|
2000-09-07 16:33:49 +00:00
|
|
|
if (!p)
|
2001-05-06 14:35:20 +00:00
|
|
|
return NULL;
|
2004-11-24 18:45:52 +00:00
|
|
|
if (p[0] & 0x80)
|
2001-05-06 14:35:20 +00:00
|
|
|
return NULL;
|
2003-01-05 13:43:02 +00:00
|
|
|
b = bignum_from_bytes((unsigned char *)p, length);
|
2000-09-07 16:33:49 +00:00
|
|
|
return b;
|
|
|
|
}
|
|
|
|
|
2002-05-31 17:39:16 +00:00
|
|
|
/*
|
|
|
|
* Helper function to add an SSH2 signature blob to a packet.
|
|
|
|
* Expects to be shown the public key blob as well as the signature
|
|
|
|
* blob. Normally works just like ssh2_pkt_addstring, but will
|
|
|
|
* fiddle with the signature packet if necessary for
|
|
|
|
* BUG_SSH2_RSA_PADDING.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_add_sigblob(Ssh ssh, struct Packet *pkt,
|
|
|
|
void *pkblob_v, int pkblob_len,
|
2002-05-31 17:39:16 +00:00
|
|
|
void *sigblob_v, int sigblob_len)
|
|
|
|
{
|
|
|
|
unsigned char *pkblob = (unsigned char *)pkblob_v;
|
|
|
|
unsigned char *sigblob = (unsigned char *)sigblob_v;
|
|
|
|
|
|
|
|
/* dmemdump(pkblob, pkblob_len); */
|
|
|
|
/* dmemdump(sigblob, sigblob_len); */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* See if this is in fact an ssh-rsa signature and a buggy
|
|
|
|
* server; otherwise we can just do this the easy way.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) &&
|
2002-05-31 17:39:16 +00:00
|
|
|
(GET_32BIT(pkblob) == 7 && !memcmp(pkblob+4, "ssh-rsa", 7))) {
|
|
|
|
int pos, len, siglen;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Find the byte length of the modulus.
|
|
|
|
*/
|
|
|
|
|
|
|
|
pos = 4+7; /* skip over "ssh-rsa" */
|
|
|
|
pos += 4 + GET_32BIT(pkblob+pos); /* skip over exponent */
|
|
|
|
len = GET_32BIT(pkblob+pos); /* find length of modulus */
|
|
|
|
pos += 4; /* find modulus itself */
|
|
|
|
while (len > 0 && pkblob[pos] == 0)
|
|
|
|
len--, pos++;
|
|
|
|
/* debug(("modulus length is %d\n", len)); */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now find the signature integer.
|
|
|
|
*/
|
|
|
|
pos = 4+7; /* skip over "ssh-rsa" */
|
|
|
|
siglen = GET_32BIT(sigblob+pos);
|
|
|
|
/* debug(("signature length is %d\n", siglen)); */
|
|
|
|
|
|
|
|
if (len != siglen) {
|
|
|
|
unsigned char newlen[4];
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(pkt);
|
|
|
|
ssh2_pkt_addstring_data(pkt, (char *)sigblob, pos);
|
2002-05-31 17:39:16 +00:00
|
|
|
/* dmemdump(sigblob, pos); */
|
|
|
|
pos += 4; /* point to start of actual sig */
|
|
|
|
PUT_32BIT(newlen, len);
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_data(pkt, (char *)newlen, 4);
|
2002-05-31 17:39:16 +00:00
|
|
|
/* dmemdump(newlen, 4); */
|
|
|
|
newlen[0] = 0;
|
|
|
|
while (len-- > siglen) {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_data(pkt, (char *)newlen, 1);
|
2002-05-31 17:39:16 +00:00
|
|
|
/* dmemdump(newlen, 1); */
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_data(pkt, (char *)(sigblob+pos), siglen);
|
2002-05-31 17:39:16 +00:00
|
|
|
/* dmemdump(sigblob+pos, siglen); */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Otherwise fall through and do it the easy way. */
|
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(pkt);
|
|
|
|
ssh2_pkt_addstring_data(pkt, (char *)sigblob, sigblob_len);
|
2002-05-31 17:39:16 +00:00
|
|
|
}
|
|
|
|
|
2001-03-06 10:32:28 +00:00
|
|
|
/*
|
|
|
|
* Examine the remote side's version string and compare it against
|
|
|
|
* a list of known buggy implementations.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
static void ssh_detect_bugs(Ssh ssh, char *vstring)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
|
|
|
char *imp; /* pointer to implementation part */
|
2001-03-06 10:32:28 +00:00
|
|
|
imp = vstring;
|
|
|
|
imp += strcspn(imp, "-");
|
2001-10-27 10:39:54 +00:00
|
|
|
if (*imp) imp++;
|
2001-03-06 10:32:28 +00:00
|
|
|
imp += strcspn(imp, "-");
|
2001-10-27 10:39:54 +00:00
|
|
|
if (*imp) imp++;
|
2001-03-06 10:32:28 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->remote_bugs = 0;
|
2001-03-06 10:32:28 +00:00
|
|
|
|
2003-01-27 18:02:24 +00:00
|
|
|
if (ssh->cfg.sshbug_ignore1 == FORCE_ON ||
|
|
|
|
(ssh->cfg.sshbug_ignore1 == AUTO &&
|
2002-09-08 13:28:38 +00:00
|
|
|
(!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
|
|
|
|
!strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
|
2003-07-12 13:45:21 +00:00
|
|
|
!strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
|
2004-09-21 21:04:28 +00:00
|
|
|
!strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* These versions don't support SSH1_MSG_IGNORE, so we have
|
|
|
|
* to use a different defence against password length
|
|
|
|
* sniffing.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("We believe remote version has SSH1 ignore bug");
|
2001-03-06 10:32:28 +00:00
|
|
|
}
|
|
|
|
|
2003-01-27 18:02:24 +00:00
|
|
|
if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
|
|
|
|
(ssh->cfg.sshbug_plainpw1 == AUTO &&
|
2003-07-12 13:45:21 +00:00
|
|
|
(!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
|
2001-10-27 10:39:54 +00:00
|
|
|
/*
|
|
|
|
* These versions need a plain password sent; they can't
|
|
|
|
* handle having a null and a random length of data after
|
|
|
|
* the password.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
|
2001-10-27 10:39:54 +00:00
|
|
|
logevent("We believe remote version needs a plain SSH1 password");
|
|
|
|
}
|
|
|
|
|
2003-01-27 18:02:24 +00:00
|
|
|
if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
|
|
|
|
(ssh->cfg.sshbug_rsa1 == AUTO &&
|
2002-09-08 13:28:38 +00:00
|
|
|
(!strcmp(imp, "Cisco-1.25")))) {
|
2002-02-27 22:41:31 +00:00
|
|
|
/*
|
|
|
|
* These versions apparently have no clue whatever about
|
|
|
|
* RSA authentication and will panic and die if they see
|
|
|
|
* an AUTH_RSA message.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->remote_bugs |= BUG_CHOKES_ON_RSA;
|
2002-02-27 22:41:31 +00:00
|
|
|
logevent("We believe remote version can't handle RSA authentication");
|
|
|
|
}
|
|
|
|
|
2003-01-27 18:02:24 +00:00
|
|
|
if (ssh->cfg.sshbug_hmac2 == FORCE_ON ||
|
|
|
|
(ssh->cfg.sshbug_hmac2 == AUTO &&
|
2003-05-24 19:03:34 +00:00
|
|
|
!wc_match("* VShell", imp) &&
|
2002-12-08 16:54:31 +00:00
|
|
|
(wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
|
|
|
|
wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
|
|
|
|
wc_match("2.1 *", imp)))) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* These versions have the HMAC bug.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->remote_bugs |= BUG_SSH2_HMAC;
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("We believe remote version has SSH2 HMAC bug");
|
2001-03-06 10:32:28 +00:00
|
|
|
}
|
2002-05-31 17:39:16 +00:00
|
|
|
|
2003-01-27 18:02:24 +00:00
|
|
|
if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
|
|
|
|
(ssh->cfg.sshbug_derivekey2 == AUTO &&
|
2003-05-24 19:03:34 +00:00
|
|
|
!wc_match("* VShell", imp) &&
|
2003-02-18 20:10:24 +00:00
|
|
|
(wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
|
2002-08-18 09:27:15 +00:00
|
|
|
/*
|
|
|
|
* These versions have the key-derivation bug (failing to
|
|
|
|
* include the literal shared secret in the hashes that
|
|
|
|
* generate the keys).
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
|
2002-08-18 09:27:15 +00:00
|
|
|
logevent("We believe remote version has SSH2 key-derivation bug");
|
|
|
|
}
|
|
|
|
|
2003-01-27 18:02:24 +00:00
|
|
|
if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
|
|
|
|
(ssh->cfg.sshbug_rsapad2 == AUTO &&
|
2002-12-08 16:54:31 +00:00
|
|
|
(wc_match("OpenSSH_2.[5-9]*", imp) ||
|
|
|
|
wc_match("OpenSSH_3.[0-2]*", imp)))) {
|
2002-05-31 17:39:16 +00:00
|
|
|
/*
|
|
|
|
* These versions have the SSH2 RSA padding bug.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
|
2002-05-31 17:39:16 +00:00
|
|
|
logevent("We believe remote version has SSH2 RSA padding bug");
|
|
|
|
}
|
2002-09-26 18:37:33 +00:00
|
|
|
|
2003-02-04 13:02:51 +00:00
|
|
|
if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
|
|
|
|
(ssh->cfg.sshbug_pksessid2 == AUTO &&
|
|
|
|
wc_match("OpenSSH_2.[0-2]*", imp))) {
|
|
|
|
/*
|
|
|
|
* These versions have the SSH2 session-ID bug in
|
|
|
|
* public-key authentication.
|
|
|
|
*/
|
|
|
|
ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
|
|
|
|
logevent("We believe remote version has SSH2 public-key-session-ID bug");
|
|
|
|
}
|
2001-03-06 10:32:28 +00:00
|
|
|
}
|
|
|
|
|
2004-12-01 13:37:31 +00:00
|
|
|
/*
|
|
|
|
* The `software version' part of an SSH version string is required
|
|
|
|
* to contain no spaces or minus signs.
|
|
|
|
*/
|
|
|
|
static void ssh_fix_verstring(char *str)
|
|
|
|
{
|
|
|
|
/* Eat "SSH-<protoversion>-". */
|
|
|
|
assert(*str == 'S'); str++;
|
|
|
|
assert(*str == 'S'); str++;
|
|
|
|
assert(*str == 'H'); str++;
|
|
|
|
assert(*str == '-'); str++;
|
|
|
|
while (*str && *str != '-') str++;
|
|
|
|
assert(*str == '-'); str++;
|
|
|
|
|
|
|
|
/* Convert minus signs and spaces in the remaining string into
|
|
|
|
* underscores. */
|
|
|
|
while (*str) {
|
|
|
|
if (*str == '-' || *str == ' ')
|
|
|
|
*str = '_';
|
|
|
|
str++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
static int do_ssh_init(Ssh ssh, unsigned char c)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
struct do_ssh_init_state {
|
|
|
|
int vslen;
|
|
|
|
char version[10];
|
|
|
|
char *vstring;
|
|
|
|
int vstrsize;
|
|
|
|
int i;
|
|
|
|
int proto1, proto2;
|
|
|
|
};
|
|
|
|
crState(do_ssh_init_state);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
crBegin(ssh->do_ssh_init_crstate);
|
2000-10-23 10:32:37 +00:00
|
|
|
|
|
|
|
/* Search for the string "SSH-" in the input. */
|
2002-10-25 11:30:33 +00:00
|
|
|
s->i = 0;
|
2000-10-23 10:32:37 +00:00
|
|
|
while (1) {
|
|
|
|
static const int transS[] = { 1, 2, 2, 1 };
|
|
|
|
static const int transH[] = { 0, 0, 3, 0 };
|
|
|
|
static const int transminus[] = { 0, 0, 0, -1 };
|
2001-05-06 14:35:20 +00:00
|
|
|
if (c == 'S')
|
2002-10-25 11:30:33 +00:00
|
|
|
s->i = transS[s->i];
|
2001-05-06 14:35:20 +00:00
|
|
|
else if (c == 'H')
|
2002-10-25 11:30:33 +00:00
|
|
|
s->i = transH[s->i];
|
2001-05-06 14:35:20 +00:00
|
|
|
else if (c == '-')
|
2002-10-25 11:30:33 +00:00
|
|
|
s->i = transminus[s->i];
|
2001-05-06 14:35:20 +00:00
|
|
|
else
|
2002-10-25 11:30:33 +00:00
|
|
|
s->i = 0;
|
|
|
|
if (s->i < 0)
|
2000-10-23 10:32:37 +00:00
|
|
|
break;
|
|
|
|
crReturn(1); /* get another character */
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
2000-10-23 10:32:37 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->vstrsize = 16;
|
2003-03-29 16:14:26 +00:00
|
|
|
s->vstring = snewn(s->vstrsize, char);
|
2002-10-25 11:30:33 +00:00
|
|
|
strcpy(s->vstring, "SSH-");
|
|
|
|
s->vslen = 4;
|
|
|
|
s->i = 0;
|
1999-01-08 13:02:13 +00:00
|
|
|
while (1) {
|
2000-10-23 10:32:37 +00:00
|
|
|
crReturn(1); /* get another char */
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->vslen >= s->vstrsize - 1) {
|
|
|
|
s->vstrsize += 16;
|
2003-03-29 16:14:26 +00:00
|
|
|
s->vstring = sresize(s->vstring, s->vstrsize, char);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->vstring[s->vslen++] = c;
|
|
|
|
if (s->i >= 0) {
|
1999-01-08 13:02:13 +00:00
|
|
|
if (c == '-') {
|
2002-10-25 11:30:33 +00:00
|
|
|
s->version[s->i] = '\0';
|
|
|
|
s->i = -1;
|
|
|
|
} else if (s->i < sizeof(s->version) - 1)
|
|
|
|
s->version[s->i++] = c;
|
2003-01-07 23:05:12 +00:00
|
|
|
} else if (c == '\012')
|
1999-01-08 13:02:13 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->agentfwd_enabled = FALSE;
|
|
|
|
ssh->rdpkt2_state.incoming_sequence = 0;
|
2000-09-29 15:56:33 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->vstring[s->vslen] = 0;
|
2004-12-01 15:34:12 +00:00
|
|
|
s->vstring[strcspn(s->vstring, "\015\012")] = '\0';/* remove EOL chars */
|
2002-10-25 11:30:33 +00:00
|
|
|
{
|
|
|
|
char *vlog;
|
2003-03-29 16:14:26 +00:00
|
|
|
vlog = snewn(20 + s->vslen, char);
|
2002-10-25 11:30:33 +00:00
|
|
|
sprintf(vlog, "Server version: %s", s->vstring);
|
|
|
|
logevent(vlog);
|
|
|
|
sfree(vlog);
|
|
|
|
}
|
|
|
|
ssh_detect_bugs(ssh, s->vstring);
|
1999-11-09 11:10:04 +00:00
|
|
|
|
2000-09-11 09:37:43 +00:00
|
|
|
/*
|
2002-08-07 17:48:26 +00:00
|
|
|
* Decide which SSH protocol version to support.
|
2000-09-11 09:37:43 +00:00
|
|
|
*/
|
2002-08-07 17:48:26 +00:00
|
|
|
|
|
|
|
/* Anything strictly below "2.0" means protocol 1 is supported. */
|
2002-10-25 11:30:33 +00:00
|
|
|
s->proto1 = ssh_versioncmp(s->version, "2.0") < 0;
|
2002-08-07 17:48:26 +00:00
|
|
|
/* Anything greater or equal to "1.99" means protocol 2 is supported. */
|
2002-10-25 11:30:33 +00:00
|
|
|
s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
|
2002-08-07 17:48:26 +00:00
|
|
|
|
2003-01-12 14:48:29 +00:00
|
|
|
if (ssh->cfg.sshprot == 0 && !s->proto1) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("SSH protocol version 1 required by user but not provided by server"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2002-08-07 17:48:26 +00:00
|
|
|
}
|
2003-01-12 14:48:29 +00:00
|
|
|
if (ssh->cfg.sshprot == 3 && !s->proto2) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("SSH protocol version 2 required by user but not provided by server"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2002-08-07 17:48:26 +00:00
|
|
|
}
|
|
|
|
|
2004-12-01 13:37:31 +00:00
|
|
|
{
|
|
|
|
char *verstring;
|
|
|
|
|
|
|
|
if (s->proto2 && (ssh->cfg.sshprot >= 2 || !s->proto1)) {
|
|
|
|
/*
|
|
|
|
* Construct a v2 version string.
|
|
|
|
*/
|
2004-12-01 15:34:12 +00:00
|
|
|
verstring = dupprintf("SSH-2.0-%s\015\012", sshver);
|
2004-12-01 13:37:31 +00:00
|
|
|
ssh->version = 2;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Construct a v1 version string.
|
|
|
|
*/
|
2004-12-01 15:34:12 +00:00
|
|
|
verstring = dupprintf("SSH-%s-%s\012",
|
2004-12-01 13:37:31 +00:00
|
|
|
(ssh_versioncmp(s->version, "1.5") <= 0 ?
|
|
|
|
s->version : "1.5"),
|
|
|
|
sshver);
|
|
|
|
ssh->version = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
ssh_fix_verstring(verstring);
|
|
|
|
|
|
|
|
if (ssh->version == 2) {
|
|
|
|
/*
|
|
|
|
* Hash our version string and their version string.
|
|
|
|
*/
|
|
|
|
SHA_Init(&ssh->exhashbase);
|
2004-12-01 13:42:50 +00:00
|
|
|
sha_string(&ssh->exhashbase, verstring,
|
2004-12-01 15:34:12 +00:00
|
|
|
strcspn(verstring, "\015\012"));
|
2004-12-01 13:42:50 +00:00
|
|
|
sha_string(&ssh->exhashbase, s->vstring,
|
2004-12-01 15:34:12 +00:00
|
|
|
strcspn(s->vstring, "\015\012"));
|
2004-12-01 13:37:31 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Initialise SSHv2 protocol.
|
|
|
|
*/
|
|
|
|
ssh->protocol = ssh2_protocol;
|
|
|
|
ssh2_protocol_setup(ssh);
|
|
|
|
ssh->s_rdpkt = ssh2_rdpkt;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Initialise SSHv1 protocol.
|
|
|
|
*/
|
|
|
|
ssh->protocol = ssh1_protocol;
|
|
|
|
ssh1_protocol_setup(ssh);
|
|
|
|
ssh->s_rdpkt = ssh1_rdpkt;
|
|
|
|
}
|
|
|
|
logeventf(ssh, "We claim version: %.*s",
|
2004-12-01 15:34:12 +00:00
|
|
|
strcspn(verstring, "\015\012"), verstring);
|
2002-10-25 11:30:33 +00:00
|
|
|
sk_write(ssh->s, verstring, strlen(verstring));
|
2004-12-01 13:37:31 +00:00
|
|
|
sfree(verstring);
|
2000-09-05 14:28:17 +00:00
|
|
|
}
|
2004-12-01 13:37:31 +00:00
|
|
|
|
|
|
|
logeventf(ssh, "Using SSH protocol version %d", ssh->version);
|
|
|
|
|
2003-04-04 20:21:05 +00:00
|
|
|
update_specials_menu(ssh->frontend);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->state = SSH_STATE_BEFORE_SIZE;
|
2004-11-27 13:20:21 +00:00
|
|
|
ssh->pinger = pinger_new(&ssh->cfg, &ssh_backend, ssh);
|
2000-10-23 10:32:37 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
sfree(s->vstring);
|
2001-03-22 17:32:40 +00:00
|
|
|
|
2000-10-23 10:32:37 +00:00
|
|
|
crFinish(0);
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
static void ssh_gotdata(Ssh ssh, unsigned char *data, int datalen)
|
2000-10-23 10:32:37 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
crBegin(ssh->ssh_gotdata_crstate);
|
2000-10-23 10:32:37 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* To begin with, feed the characters one by one to the
|
|
|
|
* protocol initialisation / selection function do_ssh_init().
|
|
|
|
* When that returns 0, we're done with the initial greeting
|
|
|
|
* exchange and can move on to packet discipline.
|
|
|
|
*/
|
|
|
|
while (1) {
|
2002-10-25 11:30:33 +00:00
|
|
|
int ret; /* need not be kept across crReturn */
|
2000-10-23 10:32:37 +00:00
|
|
|
if (datalen == 0)
|
|
|
|
crReturnV; /* more data please */
|
2002-10-25 11:30:33 +00:00
|
|
|
ret = do_ssh_init(ssh, *data);
|
2001-05-06 14:35:20 +00:00
|
|
|
data++;
|
|
|
|
datalen--;
|
2000-10-23 10:32:37 +00:00
|
|
|
if (ret == 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We emerge from that loop when the initial negotiation is
|
|
|
|
* over and we have selected an s_rdpkt function. Now pass
|
|
|
|
* everything to s_rdpkt, and then pass the resulting packets
|
|
|
|
* to the proper protocol handler.
|
|
|
|
*/
|
|
|
|
if (datalen == 0)
|
|
|
|
crReturnV;
|
|
|
|
while (1) {
|
|
|
|
while (datalen > 0) {
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktin = ssh->s_rdpkt(ssh, &data, &datalen);
|
|
|
|
if (pktin) {
|
|
|
|
ssh->protocol(ssh, NULL, 0, pktin);
|
|
|
|
ssh_free_packet(pktin);
|
2000-10-23 10:32:37 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
if (ssh->state == SSH_STATE_CLOSED)
|
|
|
|
return;
|
2000-10-23 10:32:37 +00:00
|
|
|
}
|
|
|
|
crReturnV;
|
|
|
|
}
|
|
|
|
crFinishV;
|
|
|
|
}
|
|
|
|
|
2003-04-25 11:48:24 +00:00
|
|
|
static void ssh_do_close(Ssh ssh)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2003-04-25 11:48:24 +00:00
|
|
|
int i;
|
|
|
|
struct ssh_channel *c;
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->state = SSH_STATE_CLOSED;
|
|
|
|
if (ssh->s) {
|
|
|
|
sk_close(ssh->s);
|
|
|
|
ssh->s = NULL;
|
2004-11-27 13:20:21 +00:00
|
|
|
notify_remote_exit(ssh->frontend);
|
2001-07-31 14:23:21 +00:00
|
|
|
}
|
2003-04-25 11:48:24 +00:00
|
|
|
/*
|
|
|
|
* Now we must shut down any port and X forwardings going
|
|
|
|
* through this connection.
|
|
|
|
*/
|
2003-04-25 17:44:09 +00:00
|
|
|
if (ssh->channels) {
|
|
|
|
for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
|
|
|
|
switch (c->type) {
|
|
|
|
case CHAN_X11:
|
|
|
|
x11_close(c->u.x11.s);
|
|
|
|
break;
|
|
|
|
case CHAN_SOCKDATA:
|
|
|
|
pfd_close(c->u.pfd.s);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
del234(ssh->channels, c);
|
|
|
|
if (ssh->version == 2)
|
|
|
|
bufchain_clear(&c->v.v2.outbuffer);
|
|
|
|
sfree(c);
|
2003-04-25 11:48:24 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2003-05-04 14:18:18 +00:00
|
|
|
static int ssh_closing(Plug plug, const char *error_msg, int error_code,
|
2003-04-25 11:48:24 +00:00
|
|
|
int calling_back)
|
|
|
|
{
|
|
|
|
Ssh ssh = (Ssh) plug;
|
|
|
|
ssh_do_close(ssh);
|
2001-03-13 10:22:45 +00:00
|
|
|
if (error_msg) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/* A socket error has occurred. */
|
2002-03-23 18:04:27 +00:00
|
|
|
logevent(error_msg);
|
2003-05-04 14:14:10 +00:00
|
|
|
connection_fatal(ssh->frontend, "%s", error_msg);
|
2001-03-13 10:22:45 +00:00
|
|
|
} else {
|
|
|
|
/* Otherwise, the remote side closed the connection normally. */
|
2000-10-23 10:32:37 +00:00
|
|
|
}
|
2001-03-13 10:22:45 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
static int ssh_receive(Plug plug, int urgent, char *data, int len)
|
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) plug;
|
2003-01-05 13:43:02 +00:00
|
|
|
ssh_gotdata(ssh, (unsigned char *)data, len);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->state == SSH_STATE_CLOSED) {
|
2003-04-25 11:48:24 +00:00
|
|
|
ssh_do_close(ssh);
|
2001-05-06 14:35:20 +00:00
|
|
|
return 0;
|
2000-10-24 09:55:45 +00:00
|
|
|
}
|
1999-01-15 11:30:40 +00:00
|
|
|
return 1;
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
|
2001-08-25 17:09:23 +00:00
|
|
|
static void ssh_sent(Plug plug, int bufsize)
|
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) plug;
|
2001-08-25 17:09:23 +00:00
|
|
|
/*
|
|
|
|
* If the send backlog on the SSH socket itself clears, we
|
|
|
|
* should unthrottle the whole world if it was throttled.
|
|
|
|
*/
|
|
|
|
if (bufsize < SSH_MAX_BACKLOG)
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh_throttle_all(ssh, 0, bufsize);
|
2001-08-25 17:09:23 +00:00
|
|
|
}
|
|
|
|
|
2000-10-23 10:32:37 +00:00
|
|
|
/*
|
|
|
|
* Connect to specified host and port.
|
|
|
|
* Returns an error message, or NULL on success.
|
2001-05-09 14:01:15 +00:00
|
|
|
* Also places the canonical host name into `realhost'. It must be
|
|
|
|
* freed by the caller.
|
2000-10-23 10:32:37 +00:00
|
|
|
*/
|
2003-05-04 14:18:18 +00:00
|
|
|
static const char *connect_to_host(Ssh ssh, char *host, int port,
|
2004-06-20 17:07:38 +00:00
|
|
|
char **realhost, int nodelay, int keepalive)
|
2000-10-23 10:32:37 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
static const struct plug_function_table fn_table = {
|
2001-03-13 10:22:45 +00:00
|
|
|
ssh_closing,
|
2001-08-25 17:09:23 +00:00
|
|
|
ssh_receive,
|
|
|
|
ssh_sent,
|
|
|
|
NULL
|
2002-10-25 11:30:33 +00:00
|
|
|
};
|
2001-03-13 10:22:45 +00:00
|
|
|
|
2000-10-23 10:32:37 +00:00
|
|
|
SockAddr addr;
|
2003-05-04 14:18:18 +00:00
|
|
|
const char *err;
|
2000-10-23 10:32:37 +00:00
|
|
|
|
2003-03-29 16:14:26 +00:00
|
|
|
ssh->savedhost = snewn(1 + strlen(host), char);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!ssh->savedhost)
|
2000-10-23 10:32:37 +00:00
|
|
|
fatalbox("Out of memory");
|
2002-10-25 11:30:33 +00:00
|
|
|
strcpy(ssh->savedhost, host);
|
2000-10-23 10:32:37 +00:00
|
|
|
|
|
|
|
if (port < 0)
|
|
|
|
port = 22; /* default ssh port */
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->savedport = port;
|
2000-10-23 10:32:37 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Try to find host.
|
|
|
|
*/
|
2004-12-30 16:45:11 +00:00
|
|
|
logeventf(ssh, "Looking up host \"%s\"%s", host,
|
|
|
|
(ssh->cfg.addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
|
|
|
|
(ssh->cfg.addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
|
|
|
|
addr = name_lookup(host, port, realhost, &ssh->cfg,
|
|
|
|
ssh->cfg.addressfamily);
|
2003-06-14 18:27:10 +00:00
|
|
|
if ((err = sk_addr_error(addr)) != NULL) {
|
|
|
|
sk_addr_free(addr);
|
2000-10-23 10:32:37 +00:00
|
|
|
return err;
|
2003-06-14 18:27:10 +00:00
|
|
|
}
|
2000-10-23 10:32:37 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Open socket.
|
|
|
|
*/
|
2001-09-07 22:39:01 +00:00
|
|
|
{
|
2002-11-07 19:49:03 +00:00
|
|
|
char addrbuf[100];
|
2001-09-07 22:39:01 +00:00
|
|
|
sk_getaddr(addr, addrbuf, 100);
|
2002-11-07 19:49:03 +00:00
|
|
|
logeventf(ssh, "Connecting to %s port %d", addrbuf, port);
|
2001-09-07 22:39:01 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->fn = &fn_table;
|
2003-01-12 15:26:10 +00:00
|
|
|
ssh->s = new_connection(addr, *realhost, port,
|
2004-06-20 17:07:38 +00:00
|
|
|
0, 1, nodelay, keepalive, (Plug) ssh, &ssh->cfg);
|
2003-01-05 13:46:13 +00:00
|
|
|
if ((err = sk_socket_error(ssh->s)) != NULL) {
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->s = NULL;
|
2004-11-27 13:20:21 +00:00
|
|
|
notify_remote_exit(ssh->frontend);
|
2000-10-23 10:32:37 +00:00
|
|
|
return err;
|
2002-02-27 22:45:52 +00:00
|
|
|
}
|
2000-10-23 10:32:37 +00:00
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2001-08-25 17:09:23 +00:00
|
|
|
/*
|
|
|
|
* Throttle or unthrottle the SSH connection.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
static void ssh1_throttle(Ssh ssh, int adjust)
|
2001-08-25 17:09:23 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
int old_count = ssh->v1_throttle_count;
|
|
|
|
ssh->v1_throttle_count += adjust;
|
|
|
|
assert(ssh->v1_throttle_count >= 0);
|
|
|
|
if (ssh->v1_throttle_count && !old_count) {
|
|
|
|
sk_set_frozen(ssh->s, 1);
|
|
|
|
} else if (!ssh->v1_throttle_count && old_count) {
|
|
|
|
sk_set_frozen(ssh->s, 0);
|
2001-08-25 17:09:23 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Throttle or unthrottle _all_ local data streams (for when sends
|
|
|
|
* on the SSH connection itself back up).
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
|
2001-08-25 17:09:23 +00:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
struct ssh_channel *c;
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (enable == ssh->throttled_all)
|
2001-08-25 17:09:23 +00:00
|
|
|
return;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->throttled_all = enable;
|
|
|
|
ssh->overall_bufsize = bufsize;
|
|
|
|
if (!ssh->channels)
|
2001-08-25 17:09:23 +00:00
|
|
|
return;
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
|
2001-08-25 17:09:23 +00:00
|
|
|
switch (c->type) {
|
|
|
|
case CHAN_MAINSESSION:
|
|
|
|
/*
|
|
|
|
* This is treated separately, outside the switch.
|
|
|
|
*/
|
|
|
|
break;
|
|
|
|
case CHAN_X11:
|
|
|
|
x11_override_throttle(c->u.x11.s, enable);
|
|
|
|
break;
|
|
|
|
case CHAN_AGENT:
|
|
|
|
/* Agent channels require no buffer management. */
|
|
|
|
break;
|
|
|
|
case CHAN_SOCKDATA:
|
2003-04-25 11:48:24 +00:00
|
|
|
pfd_override_throttle(c->u.pfd.s, enable);
|
2001-08-25 17:09:23 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-08-11 13:02:01 +00:00
|
|
|
/*
|
2002-10-25 11:30:33 +00:00
|
|
|
* Username and password input, abstracted off into routines
|
|
|
|
* reusable in several places - even between SSH1 and SSH2.
|
2002-08-11 13:02:01 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
/* Set up a username or password input loop on a given buffer. */
|
2003-01-05 23:01:43 +00:00
|
|
|
static void setup_userpass_input(Ssh ssh, char *buffer, int buflen, int echo)
|
2002-08-11 13:02:01 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->userpass_input_buffer = buffer;
|
|
|
|
ssh->userpass_input_buflen = buflen;
|
|
|
|
ssh->userpass_input_bufpos = 0;
|
|
|
|
ssh->userpass_input_echo = echo;
|
2002-08-11 13:02:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Process some terminal data in the course of username/password
|
|
|
|
* input. Returns >0 for success (line of input returned in
|
|
|
|
* buffer), <0 for failure (user hit ^C/^D, bomb out and exit), 0
|
|
|
|
* for inconclusive (keep waiting for more input please).
|
|
|
|
*/
|
2003-01-05 23:01:43 +00:00
|
|
|
static int process_userpass_input(Ssh ssh, unsigned char *in, int inlen)
|
2002-08-11 13:02:01 +00:00
|
|
|
{
|
|
|
|
char c;
|
|
|
|
|
|
|
|
while (inlen--) {
|
|
|
|
switch (c = *in++) {
|
|
|
|
case 10:
|
|
|
|
case 13:
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->userpass_input_buffer[ssh->userpass_input_bufpos] = 0;
|
|
|
|
ssh->userpass_input_buffer[ssh->userpass_input_buflen-1] = 0;
|
2002-08-11 13:02:01 +00:00
|
|
|
return +1;
|
|
|
|
break;
|
|
|
|
case 8:
|
|
|
|
case 127:
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->userpass_input_bufpos > 0) {
|
|
|
|
if (ssh->userpass_input_echo)
|
|
|
|
c_write_str(ssh, "\b \b");
|
|
|
|
ssh->userpass_input_bufpos--;
|
2002-08-11 13:02:01 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 21:
|
|
|
|
case 27:
|
2002-10-25 11:30:33 +00:00
|
|
|
while (ssh->userpass_input_bufpos > 0) {
|
|
|
|
if (ssh->userpass_input_echo)
|
|
|
|
c_write_str(ssh, "\b \b");
|
|
|
|
ssh->userpass_input_bufpos--;
|
2002-08-11 13:02:01 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 3:
|
|
|
|
case 4:
|
|
|
|
return -1;
|
|
|
|
break;
|
|
|
|
default:
|
2003-02-28 20:28:03 +00:00
|
|
|
/*
|
|
|
|
* This simplistic check for printability is disabled
|
|
|
|
* when we're doing password input, because some people
|
|
|
|
* have control characters in their passwords.o
|
|
|
|
*/
|
|
|
|
if ((!ssh->userpass_input_echo ||
|
|
|
|
(c >= ' ' && c <= '~') ||
|
2002-08-11 13:02:01 +00:00
|
|
|
((unsigned char) c >= 160))
|
2002-10-25 11:30:33 +00:00
|
|
|
&& ssh->userpass_input_bufpos < ssh->userpass_input_buflen-1) {
|
|
|
|
ssh->userpass_input_buffer[ssh->userpass_input_bufpos++] = c;
|
|
|
|
if (ssh->userpass_input_echo)
|
|
|
|
c_write(ssh, &c, 1);
|
2002-08-11 13:02:01 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2003-05-10 12:54:29 +00:00
|
|
|
static void ssh_agent_callback(void *sshv, void *reply, int replylen)
|
2003-04-28 11:41:39 +00:00
|
|
|
{
|
|
|
|
Ssh ssh = (Ssh) sshv;
|
|
|
|
|
|
|
|
ssh->agent_response = reply;
|
|
|
|
ssh->agent_response_len = replylen;
|
|
|
|
|
|
|
|
if (ssh->version == 1)
|
2004-11-24 18:45:52 +00:00
|
|
|
do_ssh1_login(ssh, NULL, -1, NULL);
|
2003-04-28 11:41:39 +00:00
|
|
|
else
|
2004-11-24 18:45:52 +00:00
|
|
|
do_ssh2_authconn(ssh, NULL, -1, NULL);
|
2003-04-28 11:41:39 +00:00
|
|
|
}
|
|
|
|
|
2003-05-10 12:54:29 +00:00
|
|
|
static void ssh_agentf_callback(void *cv, void *reply, int replylen)
|
2003-04-28 11:41:39 +00:00
|
|
|
{
|
|
|
|
struct ssh_channel *c = (struct ssh_channel *)cv;
|
|
|
|
Ssh ssh = c->ssh;
|
|
|
|
void *sentreply = reply;
|
|
|
|
|
|
|
|
if (!sentreply) {
|
|
|
|
/* Fake SSH_AGENT_FAILURE. */
|
|
|
|
sentreply = "\0\0\0\1\5";
|
|
|
|
replylen = 5;
|
|
|
|
}
|
|
|
|
if (ssh->version == 2) {
|
|
|
|
ssh2_add_channel_data(c, sentreply, replylen);
|
|
|
|
ssh2_try_send(c);
|
|
|
|
} else {
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
|
|
|
|
PKT_INT, c->remoteid,
|
2004-10-02 00:33:27 +00:00
|
|
|
PKTT_DATA,
|
2003-04-28 11:41:39 +00:00
|
|
|
PKT_INT, replylen,
|
|
|
|
PKT_DATA, sentreply, replylen,
|
2004-10-02 00:33:27 +00:00
|
|
|
PKTT_OTHER,
|
2003-04-28 11:41:39 +00:00
|
|
|
PKT_END);
|
|
|
|
}
|
|
|
|
if (reply)
|
|
|
|
sfree(reply);
|
|
|
|
}
|
|
|
|
|
2000-06-22 12:18:34 +00:00
|
|
|
/*
|
|
|
|
* Handle the key exchange and user authentication phases.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin)
|
2000-06-22 12:18:34 +00:00
|
|
|
{
|
2004-08-01 12:07:11 +00:00
|
|
|
int i, j, ret;
|
|
|
|
unsigned char cookie[8], *ptr;
|
1999-01-08 13:02:13 +00:00
|
|
|
struct RSAKey servkey, hostkey;
|
|
|
|
struct MD5Context md5c;
|
2002-10-25 11:30:33 +00:00
|
|
|
struct do_ssh1_login_state {
|
|
|
|
int len;
|
|
|
|
unsigned char *rsabuf, *keystr1, *keystr2;
|
|
|
|
unsigned long supported_ciphers_mask, supported_auths_mask;
|
|
|
|
int tried_publickey, tried_agent;
|
|
|
|
int tis_auth_refused, ccard_auth_refused;
|
|
|
|
unsigned char session_id[16];
|
|
|
|
int cipher_type;
|
|
|
|
char username[100];
|
|
|
|
void *publickey_blob;
|
|
|
|
int publickey_bloblen;
|
|
|
|
char password[100];
|
|
|
|
char prompt[200];
|
|
|
|
int pos;
|
|
|
|
char c;
|
|
|
|
int pwpkt_type;
|
|
|
|
unsigned char request[5], *response, *p;
|
|
|
|
int responselen;
|
|
|
|
int keyi, nkeys;
|
|
|
|
int authed;
|
|
|
|
struct RSAKey key;
|
|
|
|
Bignum challenge;
|
|
|
|
char *commentp;
|
|
|
|
int commentlen;
|
|
|
|
};
|
|
|
|
crState(do_ssh1_login_state);
|
|
|
|
|
|
|
|
crBegin(ssh->do_ssh1_login_crstate);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (!pktin)
|
|
|
|
crWaitUntil(pktin);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type != SSH1_SMSG_PUBLIC_KEY) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Public key packet not received"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2000-09-22 11:04:57 +00:00
|
|
|
}
|
1999-01-08 13:02:13 +00:00
|
|
|
|
1999-11-09 11:10:04 +00:00
|
|
|
logevent("Received public keys");
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ptr = ssh_pkt_getdata(pktin, 8);
|
2004-08-01 12:07:11 +00:00
|
|
|
if (!ptr) {
|
|
|
|
bombout(("SSH1 public key packet stopped before random cookie"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
|
|
|
memcpy(cookie, ptr, 8);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
|
|
|
|
!ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
|
2004-08-28 16:51:26 +00:00
|
|
|
bombout(("Failed to read SSH1 public keys from public key packet"));
|
2004-08-01 12:07:11 +00:00
|
|
|
crStop(0);
|
|
|
|
}
|
1999-01-08 13:02:13 +00:00
|
|
|
|
1999-11-09 11:10:04 +00:00
|
|
|
/*
|
2000-09-26 14:26:21 +00:00
|
|
|
* Log the host key fingerprint.
|
1999-11-09 11:10:04 +00:00
|
|
|
*/
|
|
|
|
{
|
|
|
|
char logmsg[80];
|
2000-09-26 14:26:21 +00:00
|
|
|
logevent("Host key fingerprint is:");
|
1999-11-09 11:10:04 +00:00
|
|
|
strcpy(logmsg, " ");
|
2001-05-06 14:35:20 +00:00
|
|
|
hostkey.comment = NULL;
|
|
|
|
rsa_fingerprint(logmsg + strlen(logmsg),
|
|
|
|
sizeof(logmsg) - strlen(logmsg), &hostkey);
|
1999-11-09 11:10:04 +00:00
|
|
|
logevent(logmsg);
|
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
|
|
|
|
s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
|
|
|
|
s->supported_auths_mask = ssh_pkt_getuint32(pktin);
|
1999-07-06 19:42:57 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->v1_local_protoflags =
|
|
|
|
ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
|
|
|
|
ssh->v1_local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
|
2001-03-16 11:58:54 +00:00
|
|
|
|
1999-11-09 11:10:04 +00:00
|
|
|
MD5Init(&md5c);
|
2002-10-25 11:30:33 +00:00
|
|
|
MD5Update(&md5c, s->keystr2, hostkey.bytes);
|
|
|
|
MD5Update(&md5c, s->keystr1, servkey.bytes);
|
2004-08-01 12:07:11 +00:00
|
|
|
MD5Update(&md5c, cookie, 8);
|
2002-10-25 11:30:33 +00:00
|
|
|
MD5Final(s->session_id, &md5c);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
for (i = 0; i < 32; i++)
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->session_key[i] = random_byte();
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-08-01 12:07:11 +00:00
|
|
|
/*
|
|
|
|
* Verify that the `bits' and `bytes' parameters match.
|
|
|
|
*/
|
|
|
|
if (hostkey.bits > hostkey.bytes * 8 ||
|
|
|
|
servkey.bits > servkey.bytes * 8) {
|
|
|
|
bombout(("SSH1 public keys were badly formatted"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2003-03-29 16:14:26 +00:00
|
|
|
s->rsabuf = snewn(s->len, unsigned char);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!s->rsabuf)
|
1999-01-08 13:02:13 +00:00
|
|
|
fatalbox("Out of memory");
|
|
|
|
|
2000-03-15 15:08:48 +00:00
|
|
|
/*
|
|
|
|
* Verify the host key.
|
|
|
|
*/
|
|
|
|
{
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* First format the key into a string.
|
|
|
|
*/
|
|
|
|
int len = rsastr_len(&hostkey);
|
|
|
|
char fingerprint[100];
|
2003-03-29 16:14:26 +00:00
|
|
|
char *keystr = snewn(len, char);
|
2001-05-06 14:35:20 +00:00
|
|
|
if (!keystr)
|
|
|
|
fatalbox("Out of memory");
|
|
|
|
rsastr_fmt(keystr, &hostkey);
|
|
|
|
rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey);
|
2002-10-26 12:58:13 +00:00
|
|
|
verify_ssh_host_key(ssh->frontend,
|
|
|
|
ssh->savedhost, ssh->savedport, "rsa", keystr,
|
2001-05-06 14:35:20 +00:00
|
|
|
fingerprint);
|
|
|
|
sfree(keystr);
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < 32; i++) {
|
2002-10-25 11:30:33 +00:00
|
|
|
s->rsabuf[i] = ssh->session_key[i];
|
1999-01-08 13:02:13 +00:00
|
|
|
if (i < 16)
|
2002-10-25 11:30:33 +00:00
|
|
|
s->rsabuf[i] ^= s->session_id[i];
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (hostkey.bytes > servkey.bytes) {
|
2004-08-01 12:07:11 +00:00
|
|
|
ret = rsaencrypt(s->rsabuf, 32, &servkey);
|
|
|
|
if (ret)
|
|
|
|
ret = rsaencrypt(s->rsabuf, servkey.bytes, &hostkey);
|
1999-01-08 13:02:13 +00:00
|
|
|
} else {
|
2004-08-01 12:07:11 +00:00
|
|
|
ret = rsaencrypt(s->rsabuf, 32, &hostkey);
|
|
|
|
if (ret)
|
|
|
|
ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
|
|
|
|
}
|
|
|
|
if (!ret) {
|
|
|
|
bombout(("SSH1 public key encryptions failed due to bad formatting"));
|
|
|
|
crStop(0);
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
|
1999-11-09 11:10:04 +00:00
|
|
|
logevent("Encrypted session key");
|
|
|
|
|
2001-08-25 19:33:33 +00:00
|
|
|
{
|
|
|
|
int cipher_chosen = 0, warn = 0;
|
|
|
|
char *cipher_string = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
int i;
|
2001-08-25 19:33:33 +00:00
|
|
|
for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
|
2003-01-12 14:48:29 +00:00
|
|
|
int next_cipher = ssh->cfg.ssh_cipherlist[i];
|
2001-08-25 19:33:33 +00:00
|
|
|
if (next_cipher == CIPHER_WARN) {
|
|
|
|
/* If/when we choose a cipher, warn about it */
|
|
|
|
warn = 1;
|
|
|
|
} else if (next_cipher == CIPHER_AES) {
|
|
|
|
/* XXX Probably don't need to mention this. */
|
|
|
|
logevent("AES not supported in SSH1, skipping");
|
|
|
|
} else {
|
|
|
|
switch (next_cipher) {
|
2002-10-25 11:30:33 +00:00
|
|
|
case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
|
2001-08-25 19:33:33 +00:00
|
|
|
cipher_string = "3DES"; break;
|
2002-10-25 11:30:33 +00:00
|
|
|
case CIPHER_BLOWFISH: s->cipher_type = SSH_CIPHER_BLOWFISH;
|
2001-08-25 19:33:33 +00:00
|
|
|
cipher_string = "Blowfish"; break;
|
2002-10-25 11:30:33 +00:00
|
|
|
case CIPHER_DES: s->cipher_type = SSH_CIPHER_DES;
|
2001-08-25 19:33:33 +00:00
|
|
|
cipher_string = "single-DES"; break;
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->supported_ciphers_mask & (1 << s->cipher_type))
|
2001-08-25 19:33:33 +00:00
|
|
|
cipher_chosen = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!cipher_chosen) {
|
2002-10-25 11:30:33 +00:00
|
|
|
if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Server violates SSH 1 protocol by not "
|
2001-08-25 19:33:33 +00:00
|
|
|
"supporting 3DES encryption"));
|
|
|
|
else
|
|
|
|
/* shouldn't happen */
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("No supported ciphers found"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2001-04-16 07:49:11 +00:00
|
|
|
}
|
2001-08-25 19:33:33 +00:00
|
|
|
|
|
|
|
/* Warn about chosen cipher if necessary. */
|
|
|
|
if (warn)
|
2004-12-23 02:24:07 +00:00
|
|
|
askalg(ssh->frontend, "cipher", cipher_string);
|
1999-07-06 19:42:57 +00:00
|
|
|
}
|
2001-08-25 19:33:33 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
switch (s->cipher_type) {
|
2001-05-06 14:35:20 +00:00
|
|
|
case SSH_CIPHER_3DES:
|
|
|
|
logevent("Using 3DES encryption");
|
|
|
|
break;
|
|
|
|
case SSH_CIPHER_DES:
|
|
|
|
logevent("Using single-DES encryption");
|
|
|
|
break;
|
|
|
|
case SSH_CIPHER_BLOWFISH:
|
|
|
|
logevent("Using Blowfish encryption");
|
|
|
|
break;
|
1999-11-09 11:10:04 +00:00
|
|
|
}
|
1999-07-06 19:42:57 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_SESSION_KEY,
|
|
|
|
PKT_CHAR, s->cipher_type,
|
2001-05-06 14:35:20 +00:00
|
|
|
PKT_DATA, cookie, 8,
|
2002-10-25 11:30:33 +00:00
|
|
|
PKT_CHAR, (s->len * 8) >> 8, PKT_CHAR, (s->len * 8) & 0xFF,
|
|
|
|
PKT_DATA, s->rsabuf, s->len,
|
|
|
|
PKT_INT, ssh->v1_local_protoflags, PKT_END);
|
2000-06-22 12:18:34 +00:00
|
|
|
|
1999-11-09 11:10:04 +00:00
|
|
|
logevent("Trying to enable encryption...");
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
sfree(s->rsabuf);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->cipher = (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 :
|
|
|
|
s->cipher_type == SSH_CIPHER_DES ? &ssh_des :
|
|
|
|
&ssh_3des);
|
2002-10-25 12:35:22 +00:00
|
|
|
ssh->v1_cipher_ctx = ssh->cipher->make_context();
|
|
|
|
ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key);
|
2002-11-07 19:49:03 +00:00
|
|
|
logeventf(ssh, "Initialised %s encryption", ssh->cipher->text_name);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-25 12:58:21 +00:00
|
|
|
ssh->crcda_ctx = crcda_make_context();
|
|
|
|
logevent("Installing CRC compensation attack detector");
|
|
|
|
|
2003-12-19 12:44:46 +00:00
|
|
|
if (servkey.modulus) {
|
|
|
|
sfree(servkey.modulus);
|
|
|
|
servkey.modulus = NULL;
|
|
|
|
}
|
|
|
|
if (servkey.exponent) {
|
|
|
|
sfree(servkey.exponent);
|
|
|
|
servkey.exponent = NULL;
|
|
|
|
}
|
|
|
|
if (hostkey.modulus) {
|
|
|
|
sfree(hostkey.modulus);
|
|
|
|
hostkey.modulus = NULL;
|
|
|
|
}
|
|
|
|
if (hostkey.exponent) {
|
|
|
|
sfree(hostkey.exponent);
|
|
|
|
hostkey.exponent = NULL;
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type != SSH1_SMSG_SUCCESS) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Encryption not successfully enabled"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2000-09-22 11:04:57 +00:00
|
|
|
}
|
1999-01-08 13:02:13 +00:00
|
|
|
|
1999-11-09 11:10:04 +00:00
|
|
|
logevent("Successfully started encryption");
|
|
|
|
|
1999-01-08 13:02:13 +00:00
|
|
|
fflush(stdout);
|
|
|
|
{
|
2004-11-19 20:57:32 +00:00
|
|
|
if (!*ssh->cfg.username) {
|
2002-08-04 21:18:56 +00:00
|
|
|
if (ssh_get_line && !ssh_getline_pw_only) {
|
2001-05-06 14:35:20 +00:00
|
|
|
if (!ssh_get_line("login as: ",
|
2002-10-25 11:30:33 +00:00
|
|
|
s->username, sizeof(s->username), FALSE)) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* get_line failed to get a username.
|
|
|
|
* Terminate.
|
|
|
|
*/
|
|
|
|
logevent("No username provided. Abandoning session.");
|
2003-03-31 13:15:51 +00:00
|
|
|
ssh_closing((Plug)ssh, NULL, 0, 0);
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(1);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
int ret; /* need not be kept over crReturn */
|
|
|
|
c_write_str(ssh, "login as: ");
|
|
|
|
ssh->send_ok = 1;
|
2002-08-11 13:02:01 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
setup_userpass_input(ssh, s->username, sizeof(s->username), 1);
|
2002-08-11 13:02:01 +00:00
|
|
|
do {
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(!pktin);
|
2002-10-25 11:30:33 +00:00
|
|
|
ret = process_userpass_input(ssh, in, inlen);
|
2002-08-11 13:02:01 +00:00
|
|
|
} while (ret == 0);
|
|
|
|
if (ret < 0)
|
|
|
|
cleanup_exit(0);
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "\r\n");
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
} else {
|
2003-01-12 14:48:29 +00:00
|
|
|
strncpy(s->username, ssh->cfg.username, sizeof(s->username));
|
2002-10-25 11:30:33 +00:00
|
|
|
s->username[sizeof(s->username)-1] = '\0';
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
2000-06-22 12:18:34 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_USER, PKT_STR, s->username, PKT_END);
|
1999-11-09 11:10:04 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
char userlog[22 + sizeof(s->username)];
|
|
|
|
sprintf(userlog, "Sent username \"%s\"", s->username);
|
1999-11-09 11:10:04 +00:00
|
|
|
logevent(userlog);
|
2001-05-06 14:35:20 +00:00
|
|
|
if (flags & FLAG_INTERACTIVE &&
|
|
|
|
(!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
|
2000-10-27 09:24:32 +00:00
|
|
|
strcat(userlog, "\r\n");
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, userlog);
|
2000-10-27 09:24:32 +00:00
|
|
|
}
|
1999-11-09 11:10:04 +00:00
|
|
|
}
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA)) {
|
2002-02-27 22:41:31 +00:00
|
|
|
/* We must not attempt PK auth. Pretend we've already tried it. */
|
2002-10-25 11:30:33 +00:00
|
|
|
s->tried_publickey = s->tried_agent = 1;
|
2002-02-27 22:41:31 +00:00
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
s->tried_publickey = s->tried_agent = 0;
|
2002-02-27 22:41:31 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->tis_auth_refused = s->ccard_auth_refused = 0;
|
2003-01-12 14:48:29 +00:00
|
|
|
/* Load the public half of ssh->cfg.keyfile so we notice if it's in Pageant */
|
2003-02-01 12:54:40 +00:00
|
|
|
if (!filename_is_null(ssh->cfg.keyfile)) {
|
|
|
|
if (!rsakey_pubblob(&ssh->cfg.keyfile,
|
2003-08-29 22:52:57 +00:00
|
|
|
&s->publickey_blob, &s->publickey_bloblen, NULL))
|
2002-10-25 11:30:33 +00:00
|
|
|
s->publickey_blob = NULL;
|
2001-12-30 16:20:31 +00:00
|
|
|
} else
|
2002-10-25 11:30:33 +00:00
|
|
|
s->publickey_blob = NULL;
|
2000-09-07 16:33:49 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
while (pktin->type == SSH1_SMSG_FAILURE) {
|
2002-10-25 11:30:33 +00:00
|
|
|
s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
|
2001-09-08 12:50:15 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (agent_exists() && !s->tried_agent) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* Attempt RSA authentication using Pageant.
|
|
|
|
*/
|
|
|
|
void *r;
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->authed = FALSE;
|
|
|
|
s->tried_agent = 1;
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("Pageant is running. Requesting keys.");
|
|
|
|
|
|
|
|
/* Request the keys held by the agent. */
|
2002-10-25 11:30:33 +00:00
|
|
|
PUT_32BIT(s->request, 1);
|
|
|
|
s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
|
2003-04-28 11:41:39 +00:00
|
|
|
if (!agent_query(s->request, 5, &r, &s->responselen,
|
|
|
|
ssh_agent_callback, ssh)) {
|
|
|
|
do {
|
|
|
|
crReturn(0);
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin) {
|
2003-04-28 11:41:39 +00:00
|
|
|
bombout(("Unexpected data from server while waiting"
|
|
|
|
" for agent response"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
} while (pktin || inlen > 0);
|
2003-04-28 11:41:39 +00:00
|
|
|
r = ssh->agent_response;
|
|
|
|
s->responselen = ssh->agent_response_len;
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->response = (unsigned char *) r;
|
|
|
|
if (s->response && s->responselen >= 5 &&
|
|
|
|
s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
|
|
|
|
s->p = s->response + 5;
|
|
|
|
s->nkeys = GET_32BIT(s->p);
|
|
|
|
s->p += 4;
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
|
|
|
char buf[64];
|
2002-10-25 11:30:33 +00:00
|
|
|
sprintf(buf, "Pageant has %d SSH1 keys", s->nkeys);
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent(buf);
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
|
|
|
char buf[64];
|
2002-10-25 11:30:33 +00:00
|
|
|
sprintf(buf, "Trying Pageant key #%d", s->keyi);
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent(buf);
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->publickey_blob &&
|
|
|
|
!memcmp(s->p, s->publickey_blob,
|
|
|
|
s->publickey_bloblen)) {
|
2001-12-30 16:20:31 +00:00
|
|
|
logevent("This key matches configured key file");
|
2002-10-25 11:30:33 +00:00
|
|
|
s->tried_publickey = 1;
|
2001-12-30 16:20:31 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->p += 4;
|
2004-08-01 12:07:11 +00:00
|
|
|
{
|
|
|
|
int n, ok = FALSE;
|
|
|
|
do { /* do while (0) to make breaking easy */
|
|
|
|
n = ssh1_read_bignum
|
|
|
|
(s->p, s->responselen-(s->p-s->response),
|
|
|
|
&s->key.exponent);
|
|
|
|
if (n < 0)
|
|
|
|
break;
|
|
|
|
s->p += n;
|
|
|
|
n = ssh1_read_bignum
|
|
|
|
(s->p, s->responselen-(s->p-s->response),
|
|
|
|
&s->key.modulus);
|
|
|
|
if (n < 0)
|
|
|
|
break;
|
|
|
|
s->p += n;
|
|
|
|
if (s->responselen - (s->p-s->response) < 4)
|
|
|
|
break;
|
|
|
|
s->commentlen = GET_32BIT(s->p);
|
|
|
|
s->p += 4;
|
|
|
|
if (s->responselen - (s->p-s->response) <
|
|
|
|
s->commentlen)
|
|
|
|
break;
|
|
|
|
s->commentp = (char *)s->p;
|
|
|
|
s->p += s->commentlen;
|
|
|
|
ok = TRUE;
|
|
|
|
} while (0);
|
|
|
|
if (!ok) {
|
|
|
|
logevent("Pageant key list packet was truncated");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_AUTH_RSA,
|
|
|
|
PKT_BIGNUM, s->key.modulus, PKT_END);
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("Key refused");
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
logevent("Received RSA challenge");
|
2004-11-24 18:45:52 +00:00
|
|
|
if ((s->challenge = ssh1_pkt_getmp(pktin)) == NULL) {
|
2004-08-01 12:07:11 +00:00
|
|
|
bombout(("Server's RSA challenge was badly formatted"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
|
|
|
char *agentreq, *q, *ret;
|
2001-05-13 14:02:28 +00:00
|
|
|
void *vret;
|
2001-05-06 14:35:20 +00:00
|
|
|
int len, retlen;
|
|
|
|
len = 1 + 4; /* message type, bit count */
|
2002-10-25 11:30:33 +00:00
|
|
|
len += ssh1_bignum_length(s->key.exponent);
|
|
|
|
len += ssh1_bignum_length(s->key.modulus);
|
|
|
|
len += ssh1_bignum_length(s->challenge);
|
2001-05-06 14:35:20 +00:00
|
|
|
len += 16; /* session id */
|
|
|
|
len += 4; /* response format */
|
2003-03-29 16:14:26 +00:00
|
|
|
agentreq = snewn(4 + len, char);
|
2001-05-06 14:35:20 +00:00
|
|
|
PUT_32BIT(agentreq, len);
|
|
|
|
q = agentreq + 4;
|
|
|
|
*q++ = SSH1_AGENTC_RSA_CHALLENGE;
|
2002-10-25 11:30:33 +00:00
|
|
|
PUT_32BIT(q, bignum_bitcount(s->key.modulus));
|
2001-05-06 14:35:20 +00:00
|
|
|
q += 4;
|
2002-10-25 11:30:33 +00:00
|
|
|
q += ssh1_write_bignum(q, s->key.exponent);
|
|
|
|
q += ssh1_write_bignum(q, s->key.modulus);
|
|
|
|
q += ssh1_write_bignum(q, s->challenge);
|
|
|
|
memcpy(q, s->session_id, 16);
|
2001-05-06 14:35:20 +00:00
|
|
|
q += 16;
|
|
|
|
PUT_32BIT(q, 1); /* response format */
|
2003-04-28 11:41:39 +00:00
|
|
|
if (!agent_query(agentreq, len + 4, &vret, &retlen,
|
|
|
|
ssh_agent_callback, ssh)) {
|
|
|
|
sfree(agentreq);
|
|
|
|
do {
|
|
|
|
crReturn(0);
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin) {
|
2003-04-28 11:41:39 +00:00
|
|
|
bombout(("Unexpected data from server"
|
|
|
|
" while waiting for agent"
|
|
|
|
" response"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
} while (pktin || inlen > 0);
|
2003-04-28 11:41:39 +00:00
|
|
|
vret = ssh->agent_response;
|
|
|
|
retlen = ssh->agent_response_len;
|
|
|
|
} else
|
|
|
|
sfree(agentreq);
|
2001-05-13 14:02:28 +00:00
|
|
|
ret = vret;
|
2001-05-06 14:35:20 +00:00
|
|
|
if (ret) {
|
|
|
|
if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
|
|
|
|
logevent("Sending Pageant's response");
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
|
2001-05-06 14:35:20 +00:00
|
|
|
PKT_DATA, ret + 5, 16,
|
|
|
|
PKT_END);
|
|
|
|
sfree(ret);
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->type == SSH1_SMSG_SUCCESS) {
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent
|
|
|
|
("Pageant's response accepted");
|
|
|
|
if (flags & FLAG_VERBOSE) {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Authenticated using"
|
|
|
|
" RSA key \"");
|
|
|
|
c_write(ssh, s->commentp,
|
|
|
|
s->commentlen);
|
|
|
|
c_write_str(ssh, "\" from agent\r\n");
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->authed = TRUE;
|
2001-05-06 14:35:20 +00:00
|
|
|
} else
|
|
|
|
logevent
|
|
|
|
("Pageant's response not accepted");
|
|
|
|
} else {
|
|
|
|
logevent
|
|
|
|
("Pageant failed to answer challenge");
|
|
|
|
sfree(ret);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
logevent("No reply received from Pageant");
|
|
|
|
}
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
freebn(s->key.exponent);
|
|
|
|
freebn(s->key.modulus);
|
|
|
|
freebn(s->challenge);
|
|
|
|
if (s->authed)
|
2001-05-06 14:35:20 +00:00
|
|
|
break;
|
|
|
|
}
|
2004-01-18 09:14:41 +00:00
|
|
|
sfree(s->response);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->authed)
|
2001-05-06 14:35:20 +00:00
|
|
|
break;
|
|
|
|
}
|
2003-02-01 12:54:40 +00:00
|
|
|
if (!filename_is_null(ssh->cfg.keyfile) && !s->tried_publickey)
|
2002-10-25 11:30:33 +00:00
|
|
|
s->pwpkt_type = SSH1_CMSG_AUTH_RSA;
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2003-01-12 14:48:29 +00:00
|
|
|
if (ssh->cfg.try_tis_auth &&
|
2002-10-25 11:30:33 +00:00
|
|
|
(s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
|
|
|
|
!s->tis_auth_refused) {
|
|
|
|
s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("Requested TIS authentication");
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_AUTH_TIS, PKT_END);
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("TIS authentication declined");
|
|
|
|
if (flags & FLAG_INTERACTIVE)
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "TIS authentication refused.\r\n");
|
|
|
|
s->tis_auth_refused = 1;
|
2001-09-08 12:50:15 +00:00
|
|
|
continue;
|
2001-05-06 14:35:20 +00:00
|
|
|
} else {
|
2004-08-01 12:07:11 +00:00
|
|
|
char *challenge;
|
|
|
|
int challengelen;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &challenge, &challengelen);
|
2004-08-01 12:07:11 +00:00
|
|
|
if (!challenge) {
|
|
|
|
bombout(("TIS challenge packet was badly formed"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("Received TIS challenge");
|
2002-10-25 11:30:33 +00:00
|
|
|
if (challengelen > sizeof(s->prompt) - 1)
|
|
|
|
challengelen = sizeof(s->prompt) - 1;/* prevent overrun */
|
2004-08-01 12:07:11 +00:00
|
|
|
memcpy(s->prompt, challenge, challengelen);
|
2001-09-08 12:50:15 +00:00
|
|
|
/* Prompt heuristic comes from OpenSSH */
|
2002-10-25 11:30:33 +00:00
|
|
|
strncpy(s->prompt + challengelen,
|
|
|
|
memchr(s->prompt, '\n', challengelen) ?
|
2001-09-08 12:50:15 +00:00
|
|
|
"": "\r\nResponse: ",
|
2002-10-25 11:30:33 +00:00
|
|
|
(sizeof s->prompt) - challengelen);
|
|
|
|
s->prompt[(sizeof s->prompt) - 1] = '\0';
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
}
|
2003-01-12 14:48:29 +00:00
|
|
|
if (ssh->cfg.try_tis_auth &&
|
2002-10-25 11:30:33 +00:00
|
|
|
(s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
|
|
|
|
!s->ccard_auth_refused) {
|
|
|
|
s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("Requested CryptoCard authentication");
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_AUTH_CCARD, PKT_END);
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("CryptoCard authentication declined");
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "CryptoCard authentication refused.\r\n");
|
|
|
|
s->ccard_auth_refused = 1;
|
2001-09-08 12:50:15 +00:00
|
|
|
continue;
|
2001-05-06 14:35:20 +00:00
|
|
|
} else {
|
2004-08-01 12:07:11 +00:00
|
|
|
char *challenge;
|
|
|
|
int challengelen;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &challenge, &challengelen);
|
2004-08-01 12:07:11 +00:00
|
|
|
if (!challenge) {
|
|
|
|
bombout(("CryptoCard challenge packet was badly formed"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("Received CryptoCard challenge");
|
2002-10-25 11:30:33 +00:00
|
|
|
if (challengelen > sizeof(s->prompt) - 1)
|
|
|
|
challengelen = sizeof(s->prompt) - 1;/* prevent overrun */
|
2004-08-01 12:07:11 +00:00
|
|
|
memcpy(s->prompt, challenge, challengelen);
|
2002-10-25 11:30:33 +00:00
|
|
|
strncpy(s->prompt + challengelen,
|
|
|
|
memchr(s->prompt, '\n', challengelen) ?
|
2001-09-08 12:50:15 +00:00
|
|
|
"" : "\r\nResponse: ",
|
2002-10-25 11:30:33 +00:00
|
|
|
sizeof(s->prompt) - challengelen);
|
|
|
|
s->prompt[sizeof(s->prompt) - 1] = '\0';
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
|
|
|
|
sprintf(s->prompt, "%.90s@%.90s's password: ",
|
|
|
|
s->username, ssh->savedhost);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->pwpkt_type == SSH1_CMSG_AUTH_RSA) {
|
2001-05-06 14:35:20 +00:00
|
|
|
char *comment = NULL;
|
2002-05-11 12:13:42 +00:00
|
|
|
int type;
|
|
|
|
char msgbuf[256];
|
2001-05-06 14:35:20 +00:00
|
|
|
if (flags & FLAG_VERBOSE)
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Trying public key authentication.\r\n");
|
2003-02-04 13:00:54 +00:00
|
|
|
logeventf(ssh, "Trying public key \"%s\"",
|
|
|
|
filename_to_str(&ssh->cfg.keyfile));
|
2003-02-01 12:54:40 +00:00
|
|
|
type = key_type(&ssh->cfg.keyfile);
|
2002-05-11 12:13:42 +00:00
|
|
|
if (type != SSH_KEYTYPE_SSH1) {
|
|
|
|
sprintf(msgbuf, "Key is of wrong type (%s)",
|
|
|
|
key_type_to_str(type));
|
|
|
|
logevent(msgbuf);
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, msgbuf);
|
|
|
|
c_write_str(ssh, "\r\n");
|
|
|
|
s->tried_publickey = 1;
|
2002-05-11 12:13:42 +00:00
|
|
|
continue;
|
|
|
|
}
|
2003-02-01 12:54:40 +00:00
|
|
|
if (!rsakey_encrypted(&ssh->cfg.keyfile, &comment)) {
|
2001-05-06 14:35:20 +00:00
|
|
|
if (flags & FLAG_VERBOSE)
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "No passphrase required.\r\n");
|
2001-05-06 14:35:20 +00:00
|
|
|
goto tryauth;
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
sprintf(s->prompt, "Passphrase for key \"%.100s\": ", comment);
|
2001-05-06 14:35:20 +00:00
|
|
|
sfree(comment);
|
|
|
|
}
|
2000-09-25 10:14:53 +00:00
|
|
|
|
2001-09-08 12:50:15 +00:00
|
|
|
/*
|
|
|
|
* Show password prompt, having first obtained it via a TIS
|
|
|
|
* or CryptoCard exchange if we're doing TIS or CryptoCard
|
|
|
|
* authentication.
|
|
|
|
*/
|
2001-03-12 15:31:53 +00:00
|
|
|
if (ssh_get_line) {
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!ssh_get_line(s->prompt, s->password,
|
|
|
|
sizeof(s->password), TRUE)) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* get_line failed to get a password (for example
|
|
|
|
* because one was supplied on the command line
|
|
|
|
* which has already failed to work). Terminate.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_MSG_DISCONNECT,
|
2001-05-13 11:15:16 +00:00
|
|
|
PKT_STR, "No more passwords available to try",
|
|
|
|
PKT_END);
|
2002-03-23 18:04:27 +00:00
|
|
|
logevent("Unable to authenticate");
|
2002-10-26 12:58:13 +00:00
|
|
|
connection_fatal(ssh->frontend, "Unable to authenticate");
|
2003-03-31 13:15:51 +00:00
|
|
|
ssh_closing((Plug)ssh, NULL, 0, 0);
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(1);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2000-06-22 12:18:34 +00:00
|
|
|
} else {
|
2001-09-08 12:50:15 +00:00
|
|
|
/* Prompt may have come from server. We've munged it a bit, so
|
|
|
|
* we know it to be zero-terminated at least once. */
|
2002-10-25 11:30:33 +00:00
|
|
|
int ret; /* need not be saved over crReturn */
|
|
|
|
c_write_untrusted(ssh, s->prompt, strlen(s->prompt));
|
|
|
|
s->pos = 0;
|
2002-08-11 13:02:01 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
setup_userpass_input(ssh, s->password, sizeof(s->password), 0);
|
2002-08-11 13:02:01 +00:00
|
|
|
do {
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(!pktin);
|
2002-10-25 11:30:33 +00:00
|
|
|
ret = process_userpass_input(ssh, in, inlen);
|
2002-08-11 13:02:01 +00:00
|
|
|
} while (ret == 0);
|
|
|
|
if (ret < 0)
|
|
|
|
cleanup_exit(0);
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "\r\n");
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
tryauth:
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->pwpkt_type == SSH1_CMSG_AUTH_RSA) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* Try public key authentication with the specified
|
|
|
|
* key file.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
s->tried_publickey = 1;
|
|
|
|
|
|
|
|
{
|
2003-08-29 22:52:57 +00:00
|
|
|
const char *error = NULL;
|
|
|
|
int ret = loadrsakey(&ssh->cfg.keyfile, &s->key, s->password,
|
|
|
|
&error);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ret == 0) {
|
|
|
|
c_write_str(ssh, "Couldn't load private key from ");
|
2003-02-01 17:24:27 +00:00
|
|
|
c_write_str(ssh, filename_to_str(&ssh->cfg.keyfile));
|
2003-08-29 22:52:57 +00:00
|
|
|
c_write_str(ssh, " (");
|
|
|
|
c_write_str(ssh, error);
|
|
|
|
c_write_str(ssh, ").\r\n");
|
2002-10-25 11:30:33 +00:00
|
|
|
continue; /* go and try password */
|
|
|
|
}
|
|
|
|
if (ret == -1) {
|
|
|
|
c_write_str(ssh, "Wrong passphrase.\r\n");
|
|
|
|
s->tried_publickey = 0;
|
|
|
|
continue; /* try again */
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Send a public key attempt.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_AUTH_RSA,
|
|
|
|
PKT_BIGNUM, s->key.modulus, PKT_END);
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->type == SSH1_SMSG_FAILURE) {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Server refused our public key.\r\n");
|
2001-05-06 14:35:20 +00:00
|
|
|
continue; /* go and try password */
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Bizarre response to offer of public key"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
unsigned char buffer[32];
|
|
|
|
Bignum challenge, response;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if ((challenge = ssh1_pkt_getmp(pktin)) == NULL) {
|
2004-08-01 12:07:11 +00:00
|
|
|
bombout(("Server's RSA challenge was badly formatted"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
response = rsadecrypt(challenge, &s->key);
|
|
|
|
freebn(s->key.private_exponent);/* burn the evidence */
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < 32; i++) {
|
|
|
|
buffer[i] = bignum_byte(response, 31 - i);
|
|
|
|
}
|
|
|
|
|
|
|
|
MD5Init(&md5c);
|
|
|
|
MD5Update(&md5c, buffer, 32);
|
|
|
|
MD5Update(&md5c, s->session_id, 16);
|
|
|
|
MD5Final(buffer, &md5c);
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
|
|
|
|
PKT_DATA, buffer, 16, PKT_END);
|
|
|
|
|
|
|
|
freebn(challenge);
|
|
|
|
freebn(response);
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->type == SSH1_SMSG_FAILURE) {
|
2001-05-06 14:35:20 +00:00
|
|
|
if (flags & FLAG_VERBOSE)
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Failed to authenticate with"
|
|
|
|
" our public key.\r\n");
|
2001-05-06 14:35:20 +00:00
|
|
|
continue; /* go and try password */
|
2004-11-24 18:45:52 +00:00
|
|
|
} else if (pktin->type != SSH1_SMSG_SUCCESS) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Bizarre response to RSA authentication response"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
break; /* we're through! */
|
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* Defence against traffic analysis: we send a
|
|
|
|
* whole bunch of packets containing strings of
|
|
|
|
* different lengths. One of these strings is the
|
|
|
|
* password, in a SSH1_CMSG_AUTH_PASSWORD packet.
|
|
|
|
* The others are all random data in
|
|
|
|
* SSH1_MSG_IGNORE packets. This way a passive
|
|
|
|
* listener can't tell which is the password, and
|
|
|
|
* hence can't deduce the password length.
|
|
|
|
*
|
|
|
|
* Anybody with a password length greater than 16
|
|
|
|
* bytes is going to have enough entropy in their
|
|
|
|
* password that a listener won't find it _that_
|
|
|
|
* much help to know how long it is. So what we'll
|
|
|
|
* do is:
|
|
|
|
*
|
|
|
|
* - if password length < 16, we send 15 packets
|
|
|
|
* containing string lengths 1 through 15
|
|
|
|
*
|
|
|
|
* - otherwise, we let N be the nearest multiple
|
|
|
|
* of 8 below the password length, and send 8
|
|
|
|
* packets containing string lengths N through
|
|
|
|
* N+7. This won't obscure the order of
|
|
|
|
* magnitude of the password length, but it will
|
|
|
|
* introduce a bit of extra uncertainty.
|
|
|
|
*
|
|
|
|
* A few servers (the old 1.2.18 through 1.2.22)
|
|
|
|
* can't deal with SSH1_MSG_IGNORE. For these
|
|
|
|
* servers, we need an alternative defence. We make
|
|
|
|
* use of the fact that the password is interpreted
|
|
|
|
* as a C string: so we can append a NUL, then some
|
|
|
|
* random data.
|
2001-10-27 10:39:54 +00:00
|
|
|
*
|
|
|
|
* One server (a Cisco one) can deal with neither
|
|
|
|
* SSH1_MSG_IGNORE _nor_ a padded password string.
|
|
|
|
* For this server we are left with no defences
|
|
|
|
* against password length sniffing.
|
2001-05-06 14:35:20 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE)) {
|
2001-10-27 11:06:11 +00:00
|
|
|
/*
|
|
|
|
* The server can deal with SSH1_MSG_IGNORE, so
|
|
|
|
* we can use the primary defence.
|
|
|
|
*/
|
2001-05-06 14:35:20 +00:00
|
|
|
int bottom, top, pwlen, i;
|
|
|
|
char *randomstr;
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
pwlen = strlen(s->password);
|
2001-05-06 14:35:20 +00:00
|
|
|
if (pwlen < 16) {
|
|
|
|
bottom = 0; /* zero length passwords are OK! :-) */
|
|
|
|
top = 15;
|
|
|
|
} else {
|
|
|
|
bottom = pwlen & ~7;
|
|
|
|
top = bottom + 7;
|
|
|
|
}
|
|
|
|
|
|
|
|
assert(pwlen >= bottom && pwlen <= top);
|
|
|
|
|
2003-03-29 16:14:26 +00:00
|
|
|
randomstr = snewn(top + 1, char);
|
2001-05-06 14:35:20 +00:00
|
|
|
|
|
|
|
for (i = bottom; i <= top; i++) {
|
2004-10-02 00:33:27 +00:00
|
|
|
if (i == pwlen) {
|
2002-10-25 11:30:33 +00:00
|
|
|
defer_packet(ssh, s->pwpkt_type,
|
2004-10-02 00:33:27 +00:00
|
|
|
PKTT_PASSWORD, PKT_STR, s->password,
|
|
|
|
PKTT_OTHER, PKT_END);
|
|
|
|
} else {
|
2001-05-06 14:35:20 +00:00
|
|
|
for (j = 0; j < i; j++) {
|
|
|
|
do {
|
|
|
|
randomstr[j] = random_byte();
|
|
|
|
} while (randomstr[j] == '\0');
|
|
|
|
}
|
|
|
|
randomstr[i] = '\0';
|
2002-10-25 11:30:33 +00:00
|
|
|
defer_packet(ssh, SSH1_MSG_IGNORE,
|
2001-05-06 14:35:20 +00:00
|
|
|
PKT_STR, randomstr, PKT_END);
|
|
|
|
}
|
|
|
|
}
|
2001-10-27 10:39:54 +00:00
|
|
|
logevent("Sending password with camouflage packets");
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh_pkt_defersend(ssh);
|
2003-12-19 12:44:46 +00:00
|
|
|
sfree(randomstr);
|
2001-10-27 10:39:54 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
else if (!(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
|
2001-10-27 11:06:11 +00:00
|
|
|
/*
|
|
|
|
* The server can't deal with SSH1_MSG_IGNORE
|
|
|
|
* but can deal with padded passwords, so we
|
|
|
|
* can use the secondary defence.
|
|
|
|
*/
|
2001-10-27 10:39:54 +00:00
|
|
|
char string[64];
|
2002-10-25 11:30:33 +00:00
|
|
|
char *ss;
|
2001-10-27 10:39:54 +00:00
|
|
|
int len;
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
len = strlen(s->password);
|
2001-10-27 10:39:54 +00:00
|
|
|
if (len < sizeof(string)) {
|
2002-10-25 11:30:33 +00:00
|
|
|
ss = string;
|
|
|
|
strcpy(string, s->password);
|
2001-10-27 10:39:54 +00:00
|
|
|
len++; /* cover the zero byte */
|
|
|
|
while (len < sizeof(string)) {
|
|
|
|
string[len++] = (char) random_byte();
|
|
|
|
}
|
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
ss = s->password;
|
2001-10-27 10:39:54 +00:00
|
|
|
}
|
|
|
|
logevent("Sending length-padded password");
|
2004-10-02 00:33:27 +00:00
|
|
|
send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
|
|
|
|
PKT_INT, len, PKT_DATA, ss, len,
|
|
|
|
PKTT_OTHER, PKT_END);
|
2001-10-27 10:39:54 +00:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* The server has _both_
|
|
|
|
* BUG_CHOKES_ON_SSH1_IGNORE and
|
|
|
|
* BUG_NEEDS_SSH1_PLAIN_PASSWORD. There is
|
|
|
|
* therefore nothing we can do.
|
|
|
|
*/
|
|
|
|
int len;
|
2002-10-25 11:30:33 +00:00
|
|
|
len = strlen(s->password);
|
2001-10-27 10:39:54 +00:00
|
|
|
logevent("Sending unpadded password");
|
2004-10-02 00:33:27 +00:00
|
|
|
send_packet(ssh, s->pwpkt_type,
|
|
|
|
PKTT_PASSWORD, PKT_INT, len,
|
|
|
|
PKT_DATA, s->password, len,
|
|
|
|
PKTT_OTHER, PKT_END);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
} else {
|
2004-10-02 00:33:27 +00:00
|
|
|
send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
|
|
|
|
PKT_STR, s->password, PKTT_OTHER, PKT_END);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
}
|
1999-11-09 11:10:04 +00:00
|
|
|
logevent("Sent password");
|
2002-10-25 11:30:33 +00:00
|
|
|
memset(s->password, 0, strlen(s->password));
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->type == SSH1_SMSG_FAILURE) {
|
2001-05-06 14:35:20 +00:00
|
|
|
if (flags & FLAG_VERBOSE)
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Access denied\r\n");
|
1999-11-09 11:10:04 +00:00
|
|
|
logevent("Authentication refused");
|
2004-11-24 18:45:52 +00:00
|
|
|
} else if (pktin->type != SSH1_SMSG_SUCCESS) {
|
|
|
|
bombout(("Strange packet received, type %d", pktin->type));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
1999-11-09 11:10:04 +00:00
|
|
|
logevent("Authentication successful");
|
|
|
|
|
2000-06-22 12:18:34 +00:00
|
|
|
crFinish(1);
|
|
|
|
}
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
void sshfwd_close(struct ssh_channel *c)
|
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = c->ssh;
|
|
|
|
|
2003-04-25 11:48:24 +00:00
|
|
|
if (ssh->state != SSH_STATE_SESSION) {
|
|
|
|
assert(ssh->state == SSH_STATE_CLOSED);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2001-03-15 11:19:59 +00:00
|
|
|
if (c && !c->closes) {
|
2001-10-30 20:57:22 +00:00
|
|
|
/*
|
|
|
|
* If the channel's remoteid is -1, we have sent
|
|
|
|
* CHANNEL_OPEN for this channel, but it hasn't even been
|
|
|
|
* acknowledged by the server. So we must set a close flag
|
|
|
|
* on it now, and then when the server acks the channel
|
|
|
|
* open, we can close it then.
|
|
|
|
*/
|
2002-05-17 12:33:20 +00:00
|
|
|
if (((int)c->remoteid) != -1) {
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->version == 1) {
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
|
2001-10-30 20:57:22 +00:00
|
|
|
PKT_END);
|
|
|
|
} else {
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktout;
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
|
|
|
|
ssh2_pkt_adduint32(pktout, c->remoteid);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
2001-10-30 20:57:22 +00:00
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-09-15 13:24:00 +00:00
|
|
|
c->closes = 1; /* sent MSG_CLOSE */
|
2001-05-06 14:35:20 +00:00
|
|
|
if (c->type == CHAN_X11) {
|
|
|
|
c->u.x11.s = NULL;
|
2001-08-08 20:44:35 +00:00
|
|
|
logevent("Forwarded X11 connection terminated");
|
2001-10-30 20:57:22 +00:00
|
|
|
} else if (c->type == CHAN_SOCKDATA ||
|
|
|
|
c->type == CHAN_SOCKDATA_DORMANT) {
|
2001-08-08 20:44:35 +00:00
|
|
|
c->u.pfd.s = NULL;
|
|
|
|
logevent("Forwarded port closed");
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2001-08-25 17:09:23 +00:00
|
|
|
int sshfwd_write(struct ssh_channel *c, char *buf, int len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = c->ssh;
|
|
|
|
|
2003-04-25 11:48:24 +00:00
|
|
|
if (ssh->state != SSH_STATE_SESSION) {
|
|
|
|
assert(ssh->state == SSH_STATE_CLOSED);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->version == 1) {
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
|
2001-05-06 14:35:20 +00:00
|
|
|
PKT_INT, c->remoteid,
|
2004-10-02 00:33:27 +00:00
|
|
|
PKTT_DATA,
|
|
|
|
PKT_INT, len, PKT_DATA, buf, len,
|
|
|
|
PKTT_OTHER, PKT_END);
|
2001-08-25 17:09:23 +00:00
|
|
|
/*
|
|
|
|
* In SSH1 we can return 0 here - implying that forwarded
|
|
|
|
* connections are never individually throttled - because
|
|
|
|
* the only circumstance that can cause throttling will be
|
|
|
|
* the whole SSH connection backing up, in which case
|
|
|
|
* _everything_ will be throttled as a whole.
|
|
|
|
*/
|
|
|
|
return 0;
|
2001-01-22 15:36:07 +00:00
|
|
|
} else {
|
2001-05-06 14:35:20 +00:00
|
|
|
ssh2_add_channel_data(c, buf, len);
|
2001-08-25 17:09:23 +00:00
|
|
|
return ssh2_try_send(c);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void sshfwd_unthrottle(struct ssh_channel *c, int bufsize)
|
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = c->ssh;
|
|
|
|
|
2003-04-25 11:48:24 +00:00
|
|
|
if (ssh->state != SSH_STATE_SESSION) {
|
|
|
|
assert(ssh->state == SSH_STATE_CLOSED);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->version == 1) {
|
2001-08-25 17:09:23 +00:00
|
|
|
if (c->v.v1.throttling && bufsize < SSH1_BUFFER_LIMIT) {
|
|
|
|
c->v.v1.throttling = 0;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh1_throttle(ssh, -1);
|
2001-08-25 17:09:23 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ssh2_set_window(c, OUR_V2_WINSIZE - bufsize);
|
2001-01-22 15:36:07 +00:00
|
|
|
}
|
2001-01-22 11:34:52 +00:00
|
|
|
}
|
|
|
|
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
static void ssh_queueing_handler(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
struct queued_handler *qh = ssh->qhead;
|
|
|
|
|
|
|
|
assert(qh != NULL);
|
|
|
|
|
|
|
|
assert(pktin->type == qh->msg1 || pktin->type == qh->msg2);
|
|
|
|
|
|
|
|
if (qh->msg1 > 0) {
|
|
|
|
assert(ssh->packet_dispatch[qh->msg1] == ssh_queueing_handler);
|
|
|
|
ssh->packet_dispatch[qh->msg1] = NULL;
|
|
|
|
}
|
|
|
|
if (qh->msg2 > 0) {
|
|
|
|
assert(ssh->packet_dispatch[qh->msg2] == ssh_queueing_handler);
|
|
|
|
ssh->packet_dispatch[qh->msg2] = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (qh->next) {
|
|
|
|
ssh->qhead = qh->next;
|
|
|
|
|
|
|
|
if (ssh->qhead->msg1 > 0) {
|
|
|
|
assert(ssh->packet_dispatch[ssh->qhead->msg1] == NULL);
|
|
|
|
ssh->packet_dispatch[ssh->qhead->msg1] = ssh_queueing_handler;
|
|
|
|
}
|
|
|
|
if (ssh->qhead->msg2 > 0) {
|
|
|
|
assert(ssh->packet_dispatch[ssh->qhead->msg2] == NULL);
|
|
|
|
ssh->packet_dispatch[ssh->qhead->msg2] = ssh_queueing_handler;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ssh->qhead = ssh->qtail = NULL;
|
|
|
|
ssh->packet_dispatch[pktin->type] = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
qh->handler(ssh, pktin, qh->ctx);
|
|
|
|
|
|
|
|
sfree(qh);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh_queue_handler(Ssh ssh, int msg1, int msg2,
|
|
|
|
chandler_fn_t handler, void *ctx)
|
|
|
|
{
|
|
|
|
struct queued_handler *qh;
|
|
|
|
|
|
|
|
qh = snew(struct queued_handler);
|
|
|
|
qh->msg1 = msg1;
|
|
|
|
qh->msg2 = msg2;
|
|
|
|
qh->handler = handler;
|
|
|
|
qh->ctx = ctx;
|
|
|
|
qh->next = NULL;
|
|
|
|
|
|
|
|
if (ssh->qtail == NULL) {
|
|
|
|
ssh->qhead = qh;
|
|
|
|
|
|
|
|
if (qh->msg1 > 0) {
|
|
|
|
assert(ssh->packet_dispatch[qh->msg1] == NULL);
|
|
|
|
ssh->packet_dispatch[qh->msg1] = ssh_queueing_handler;
|
|
|
|
}
|
|
|
|
if (qh->msg2 > 0) {
|
|
|
|
assert(ssh->packet_dispatch[qh->msg2] == NULL);
|
|
|
|
ssh->packet_dispatch[qh->msg2] = ssh_queueing_handler;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ssh->qtail->next = qh;
|
|
|
|
}
|
|
|
|
ssh->qtail = qh;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)
|
|
|
|
{
|
|
|
|
struct ssh_rportfwd *rpf, *pf = (struct ssh_rportfwd *)ctx;
|
|
|
|
|
|
|
|
if (pktin->type == (ssh->version == 1 ? SSH1_SMSG_SUCCESS :
|
|
|
|
SSH2_MSG_REQUEST_SUCCESS)) {
|
|
|
|
logeventf(ssh, "Remote port forwarding from %s enabled",
|
|
|
|
pf->sportdesc);
|
|
|
|
} else {
|
|
|
|
logeventf(ssh, "Remote port forwarding from %s refused",
|
|
|
|
pf->sportdesc);
|
|
|
|
|
|
|
|
rpf = del234(ssh->rportfwds, pf);
|
|
|
|
assert(rpf == pf);
|
2004-12-28 14:07:05 +00:00
|
|
|
free_rportfwd(pf);
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
|
|
|
|
{
|
2004-12-30 17:48:35 +00:00
|
|
|
const char *portfwd_strptr = cfg->portfwd;
|
|
|
|
struct ssh_portfwd *epf;
|
|
|
|
int i;
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
|
2004-12-28 14:07:05 +00:00
|
|
|
if (!ssh->portfwds) {
|
|
|
|
ssh->portfwds = newtree234(ssh_portcmp);
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Go through the existing port forwardings and tag them
|
2004-12-30 17:48:35 +00:00
|
|
|
* with status==DESTROY. Any that we want to keep will be
|
|
|
|
* re-enabled (status==KEEP) as we go through the
|
|
|
|
* configuration and find out which bits are the same as
|
|
|
|
* they were before.
|
2004-12-28 14:07:05 +00:00
|
|
|
*/
|
|
|
|
struct ssh_portfwd *epf;
|
|
|
|
int i;
|
|
|
|
for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
|
2004-12-30 17:48:35 +00:00
|
|
|
epf->status = DESTROY;
|
2004-12-28 14:07:05 +00:00
|
|
|
}
|
|
|
|
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
while (*portfwd_strptr) {
|
2004-12-30 17:48:35 +00:00
|
|
|
char address_family, type;
|
|
|
|
int sport,dport,sserv,dserv;
|
|
|
|
char sports[256], dports[256], saddr[256], host[256];
|
|
|
|
int n;
|
|
|
|
|
2004-12-30 16:45:11 +00:00
|
|
|
address_family = 'A';
|
|
|
|
type = 'L';
|
2004-12-30 17:48:35 +00:00
|
|
|
if (*portfwd_strptr == 'A' ||
|
|
|
|
*portfwd_strptr == '4' ||
|
|
|
|
*portfwd_strptr == '6')
|
|
|
|
address_family = *portfwd_strptr++;
|
|
|
|
if (*portfwd_strptr == 'L' ||
|
|
|
|
*portfwd_strptr == 'R' ||
|
|
|
|
*portfwd_strptr == 'D')
|
|
|
|
type = *portfwd_strptr++;
|
2004-12-30 16:45:11 +00:00
|
|
|
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
saddr[0] = '\0';
|
2004-12-30 16:45:11 +00:00
|
|
|
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
n = 0;
|
|
|
|
while (*portfwd_strptr && *portfwd_strptr != '\t') {
|
|
|
|
if (*portfwd_strptr == ':') {
|
|
|
|
/*
|
|
|
|
* We've seen a colon in the middle of the
|
|
|
|
* source port number. This means that
|
|
|
|
* everything we've seen until now is the
|
|
|
|
* source _address_, so we'll move it into
|
|
|
|
* saddr and start sports from the beginning
|
|
|
|
* again.
|
|
|
|
*/
|
|
|
|
portfwd_strptr++;
|
|
|
|
sports[n] = '\0';
|
|
|
|
if (ssh->version == 1 && type == 'R') {
|
|
|
|
logeventf(ssh, "SSH1 cannot handle remote source address "
|
|
|
|
"spec \"%s\"; ignoring", sports);
|
|
|
|
} else
|
|
|
|
strcpy(saddr, sports);
|
|
|
|
n = 0;
|
|
|
|
}
|
|
|
|
if (n < 255) sports[n++] = *portfwd_strptr++;
|
|
|
|
}
|
|
|
|
sports[n] = 0;
|
|
|
|
if (type != 'D') {
|
|
|
|
if (*portfwd_strptr == '\t')
|
|
|
|
portfwd_strptr++;
|
|
|
|
n = 0;
|
|
|
|
while (*portfwd_strptr && *portfwd_strptr != ':') {
|
|
|
|
if (n < 255) host[n++] = *portfwd_strptr++;
|
|
|
|
}
|
|
|
|
host[n] = 0;
|
|
|
|
if (*portfwd_strptr == ':')
|
|
|
|
portfwd_strptr++;
|
|
|
|
n = 0;
|
|
|
|
while (*portfwd_strptr) {
|
|
|
|
if (n < 255) dports[n++] = *portfwd_strptr++;
|
|
|
|
}
|
|
|
|
dports[n] = 0;
|
|
|
|
portfwd_strptr++;
|
|
|
|
dport = atoi(dports);
|
|
|
|
dserv = 0;
|
|
|
|
if (dport == 0) {
|
|
|
|
dserv = 1;
|
|
|
|
dport = net_service_lookup(dports);
|
|
|
|
if (!dport) {
|
|
|
|
logeventf(ssh, "Service lookup failed for destination"
|
|
|
|
" port \"%s\"", dports);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
while (*portfwd_strptr) portfwd_strptr++;
|
|
|
|
dport = dserv = -1;
|
|
|
|
portfwd_strptr++; /* eat the NUL and move to next one */
|
|
|
|
}
|
|
|
|
sport = atoi(sports);
|
|
|
|
sserv = 0;
|
|
|
|
if (sport == 0) {
|
|
|
|
sserv = 1;
|
|
|
|
sport = net_service_lookup(sports);
|
|
|
|
if (!sport) {
|
|
|
|
logeventf(ssh, "Service lookup failed for source"
|
|
|
|
" port \"%s\"", sports);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (sport && dport) {
|
|
|
|
/* Set up a description of the source port. */
|
2004-12-28 14:07:05 +00:00
|
|
|
struct ssh_portfwd *pfrec, *epfrec;
|
|
|
|
|
|
|
|
pfrec = snew(struct ssh_portfwd);
|
|
|
|
pfrec->type = type;
|
|
|
|
pfrec->saddr = *saddr ? dupstr(saddr) : NULL;
|
2004-12-30 17:53:26 +00:00
|
|
|
pfrec->sserv = sserv ? dupstr(sports) : NULL;
|
2004-12-28 14:07:05 +00:00
|
|
|
pfrec->sport = sport;
|
2004-12-30 17:48:35 +00:00
|
|
|
pfrec->daddr = *host ? dupstr(host) : NULL;
|
2004-12-30 17:53:26 +00:00
|
|
|
pfrec->dserv = dserv ? dupstr(dports) : NULL;
|
2004-12-28 14:07:05 +00:00
|
|
|
pfrec->dport = dport;
|
|
|
|
pfrec->local = NULL;
|
|
|
|
pfrec->remote = NULL;
|
2004-12-30 16:45:11 +00:00
|
|
|
pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
|
|
|
|
address_family == '6' ? ADDRTYPE_IPV6 :
|
|
|
|
ADDRTYPE_UNSPEC);
|
2004-12-28 14:07:05 +00:00
|
|
|
|
|
|
|
epfrec = add234(ssh->portfwds, pfrec);
|
|
|
|
if (epfrec != pfrec) {
|
|
|
|
/*
|
|
|
|
* We already have a port forwarding with precisely
|
|
|
|
* these parameters. Hence, no need to do anything;
|
2004-12-30 17:48:35 +00:00
|
|
|
* simply tag the existing one as KEEP.
|
2004-12-28 14:07:05 +00:00
|
|
|
*/
|
2004-12-30 17:48:35 +00:00
|
|
|
epfrec->status = KEEP;
|
2004-12-28 14:07:05 +00:00
|
|
|
free_portfwd(pfrec);
|
2004-12-30 17:48:35 +00:00
|
|
|
} else {
|
|
|
|
pfrec->status = CREATE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now go through and destroy any port forwardings which were
|
|
|
|
* not re-enabled.
|
|
|
|
*/
|
|
|
|
for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
|
|
|
|
if (epf->status == DESTROY) {
|
|
|
|
char *message;
|
|
|
|
|
|
|
|
message = dupprintf("%s port forwarding from %s%s%d",
|
|
|
|
epf->type == 'L' ? "local" :
|
|
|
|
epf->type == 'R' ? "remote" : "dynamic",
|
|
|
|
epf->saddr ? epf->saddr : "",
|
|
|
|
epf->saddr ? ":" : "",
|
|
|
|
epf->sport);
|
|
|
|
|
|
|
|
if (epf->type != 'D') {
|
|
|
|
char *msg2 = dupprintf("%s to %s:%d", message,
|
|
|
|
epf->daddr, epf->dport);
|
|
|
|
sfree(message);
|
|
|
|
message = msg2;
|
|
|
|
}
|
|
|
|
|
|
|
|
logeventf(ssh, "Cancelling %s", message);
|
|
|
|
sfree(message);
|
|
|
|
|
|
|
|
if (epf->remote) {
|
|
|
|
struct ssh_rportfwd *rpf = epf->remote;
|
|
|
|
struct Packet *pktout;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Cancel the port forwarding at the server
|
|
|
|
* end.
|
|
|
|
*/
|
|
|
|
if (ssh->version == 1) {
|
|
|
|
/*
|
|
|
|
* We cannot cancel listening ports on the
|
|
|
|
* server side in SSH1! There's no message
|
|
|
|
* to support it. Instead, we simply remove
|
|
|
|
* the rportfwd record from the local end
|
|
|
|
* so that any connections the server tries
|
|
|
|
* to make on it are rejected.
|
|
|
|
*/
|
|
|
|
} else {
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
|
|
|
|
ssh2_pkt_addstring(pktout, "cancel-tcpip-forward");
|
|
|
|
ssh2_pkt_addbool(pktout, 0);/* _don't_ want reply */
|
|
|
|
if (epf->saddr) {
|
|
|
|
ssh2_pkt_addstring(pktout, epf->saddr);
|
|
|
|
} else if (ssh->cfg.rport_acceptall) {
|
|
|
|
ssh2_pkt_addstring(pktout, "0.0.0.0");
|
|
|
|
} else {
|
|
|
|
ssh2_pkt_addstring(pktout, "127.0.0.1");
|
|
|
|
}
|
|
|
|
ssh2_pkt_adduint32(pktout, epf->sport);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
|
|
|
}
|
|
|
|
|
|
|
|
del234(ssh->rportfwds, rpf);
|
|
|
|
free_rportfwd(rpf);
|
|
|
|
} else if (epf->local) {
|
|
|
|
pfd_terminate(epf->local);
|
|
|
|
}
|
|
|
|
|
|
|
|
delpos234(ssh->portfwds, i);
|
|
|
|
free_portfwd(epf);
|
|
|
|
i--; /* so we don't skip one in the list */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* And finally, set up any new port forwardings (status==CREATE).
|
|
|
|
*/
|
|
|
|
for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
|
|
|
|
if (epf->status == CREATE) {
|
|
|
|
char *sportdesc, *dportdesc;
|
2004-12-30 17:53:26 +00:00
|
|
|
sportdesc = dupprintf("%s%s%s%s%d%s",
|
2004-12-30 17:48:35 +00:00
|
|
|
epf->saddr ? epf->saddr : "",
|
|
|
|
epf->saddr ? ":" : "",
|
2004-12-30 17:53:26 +00:00
|
|
|
epf->sserv ? epf->sserv : "",
|
|
|
|
epf->sserv ? "(" : "",
|
|
|
|
epf->sport,
|
|
|
|
epf->sserv ? ")" : "");
|
2004-12-30 17:48:35 +00:00
|
|
|
if (epf->type == 'D') {
|
|
|
|
dportdesc = NULL;
|
|
|
|
} else {
|
2004-12-30 17:53:26 +00:00
|
|
|
dportdesc = dupprintf("%s:%s%s%d%s",
|
|
|
|
epf->daddr,
|
|
|
|
epf->dserv ? epf->dserv : "",
|
|
|
|
epf->dserv ? "(" : "",
|
|
|
|
epf->dport,
|
|
|
|
epf->dserv ? ")" : "");
|
2004-12-30 17:48:35 +00:00
|
|
|
}
|
2004-12-30 16:45:11 +00:00
|
|
|
|
2004-12-30 17:48:35 +00:00
|
|
|
if (epf->type == 'L') {
|
|
|
|
const char *err = pfd_addforward(epf->daddr, epf->dport,
|
|
|
|
epf->saddr, epf->sport,
|
|
|
|
ssh, &ssh->cfg,
|
|
|
|
&epf->local,
|
|
|
|
epf->addressfamily);
|
|
|
|
|
|
|
|
logeventf(ssh, "Local %sport %s forwarding to %s%s%s",
|
|
|
|
epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
|
|
|
|
epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
|
|
|
|
sportdesc, dportdesc,
|
|
|
|
err ? " failed: " : "", err ? err : "");
|
|
|
|
} else if (epf->type == 'D') {
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
const char *err = pfd_addforward(NULL, -1,
|
2004-12-30 17:48:35 +00:00
|
|
|
epf->saddr, epf->sport,
|
|
|
|
ssh, &ssh->cfg,
|
|
|
|
&epf->local,
|
|
|
|
epf->addressfamily);
|
|
|
|
|
|
|
|
logeventf(ssh, "Local %sport %s SOCKS dynamic forwarding%s%s",
|
|
|
|
epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
|
|
|
|
epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
|
|
|
|
sportdesc,
|
|
|
|
err ? " failed: " : "", err ? err : "");
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
} else {
|
|
|
|
struct ssh_rportfwd *pf;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Ensure the remote port forwardings tree exists.
|
|
|
|
*/
|
|
|
|
if (!ssh->rportfwds) {
|
|
|
|
if (ssh->version == 1)
|
|
|
|
ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
|
|
|
|
else
|
|
|
|
ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
|
|
|
|
}
|
|
|
|
|
|
|
|
pf = snew(struct ssh_rportfwd);
|
2004-12-30 17:48:35 +00:00
|
|
|
strncpy(pf->dhost, epf->daddr, lenof(pf->dhost)-1);
|
|
|
|
pf->dhost[lenof(pf->dhost)-1] = '\0';
|
|
|
|
pf->dport = epf->dport;
|
|
|
|
pf->sport = epf->sport;
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
if (add234(ssh->rportfwds, pf) != pf) {
|
|
|
|
logeventf(ssh, "Duplicate remote port forwarding to %s:%d",
|
2004-12-30 17:48:35 +00:00
|
|
|
epf->daddr, epf->dport);
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
sfree(pf);
|
|
|
|
} else {
|
|
|
|
logeventf(ssh, "Requesting remote port %s"
|
2004-12-30 17:48:35 +00:00
|
|
|
" forward to %s", sportdesc, dportdesc);
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
|
|
|
|
pf->sportdesc = sportdesc;
|
|
|
|
sportdesc = NULL;
|
2004-12-30 17:48:35 +00:00
|
|
|
epf->remote = pf;
|
|
|
|
pf->pfrec = epf;
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
|
|
|
|
if (ssh->version == 1) {
|
|
|
|
send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST,
|
2004-12-30 17:48:35 +00:00
|
|
|
PKT_INT, epf->sport,
|
|
|
|
PKT_STR, epf->daddr,
|
|
|
|
PKT_INT, epf->dport,
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
PKT_END);
|
|
|
|
ssh_queue_handler(ssh, SSH1_SMSG_SUCCESS,
|
|
|
|
SSH1_SMSG_FAILURE,
|
|
|
|
ssh_rportfwd_succfail, pf);
|
|
|
|
} else {
|
|
|
|
struct Packet *pktout;
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
|
|
|
|
ssh2_pkt_addstring(pktout, "tcpip-forward");
|
|
|
|
ssh2_pkt_addbool(pktout, 1);/* want reply */
|
2004-12-30 17:48:35 +00:00
|
|
|
if (epf->saddr) {
|
|
|
|
ssh2_pkt_addstring(pktout, epf->saddr);
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
} else if (ssh->cfg.rport_acceptall) {
|
|
|
|
ssh2_pkt_addstring(pktout, "0.0.0.0");
|
|
|
|
} else {
|
|
|
|
ssh2_pkt_addstring(pktout, "127.0.0.1");
|
|
|
|
}
|
2004-12-30 17:48:35 +00:00
|
|
|
ssh2_pkt_adduint32(pktout, epf->sport);
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
ssh2_pkt_send(ssh, pktout);
|
|
|
|
|
|
|
|
ssh_queue_handler(ssh, SSH2_MSG_REQUEST_SUCCESS,
|
|
|
|
SSH2_MSG_REQUEST_FAILURE,
|
|
|
|
ssh_rportfwd_succfail, pf);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
sfree(sportdesc);
|
2004-12-30 17:48:35 +00:00
|
|
|
sfree(dportdesc);
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-11-27 15:32:45 +00:00
|
|
|
static void ssh1_smsg_stdout_stderr_data(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
char *string;
|
|
|
|
int stringlen, bufsize;
|
|
|
|
|
|
|
|
ssh_pkt_getstring(pktin, &string, &stringlen);
|
|
|
|
if (string == NULL) {
|
|
|
|
bombout(("Incoming terminal data packet was badly formed"));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
bufsize = from_backend(ssh->frontend, pktin->type == SSH1_SMSG_STDERR_DATA,
|
|
|
|
string, stringlen);
|
|
|
|
if (!ssh->v1_stdout_throttling && bufsize > SSH1_BUFFER_LIMIT) {
|
|
|
|
ssh->v1_stdout_throttling = 1;
|
|
|
|
ssh1_throttle(ssh, +1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
/* Remote side is trying to open a channel to talk to our
|
|
|
|
* X-Server. Give them back a local channel number. */
|
|
|
|
struct ssh_channel *c;
|
|
|
|
int remoteid = ssh_pkt_getuint32(pktin);
|
|
|
|
|
|
|
|
logevent("Received X11 connect request");
|
|
|
|
/* Refuse if X11 forwarding is disabled. */
|
|
|
|
if (!ssh->X11_fwd_enabled) {
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
|
|
|
|
PKT_INT, remoteid, PKT_END);
|
|
|
|
logevent("Rejected X11 connect request");
|
|
|
|
} else {
|
|
|
|
c = snew(struct ssh_channel);
|
|
|
|
c->ssh = ssh;
|
|
|
|
|
|
|
|
if (x11_init(&c->u.x11.s, ssh->cfg.x11_display, c,
|
|
|
|
ssh->x11auth, NULL, -1, &ssh->cfg) != NULL) {
|
|
|
|
logevent("Opening X11 forward connection failed");
|
|
|
|
sfree(c);
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
|
|
|
|
PKT_INT, remoteid, PKT_END);
|
|
|
|
} else {
|
|
|
|
logevent
|
|
|
|
("Opening X11 forward connection succeeded");
|
|
|
|
c->remoteid = remoteid;
|
|
|
|
c->localid = alloc_channel_id(ssh);
|
|
|
|
c->closes = 0;
|
|
|
|
c->v.v1.throttling = 0;
|
|
|
|
c->type = CHAN_X11; /* identify channel type */
|
|
|
|
add234(ssh->channels, c);
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
|
|
|
|
PKT_INT, c->remoteid, PKT_INT,
|
|
|
|
c->localid, PKT_END);
|
|
|
|
logevent("Opened X11 forward channel");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
/* Remote side is trying to open a channel to talk to our
|
|
|
|
* agent. Give them back a local channel number. */
|
|
|
|
struct ssh_channel *c;
|
|
|
|
int remoteid = ssh_pkt_getuint32(pktin);
|
|
|
|
|
|
|
|
/* Refuse if agent forwarding is disabled. */
|
|
|
|
if (!ssh->agentfwd_enabled) {
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
|
|
|
|
PKT_INT, remoteid, PKT_END);
|
|
|
|
} else {
|
|
|
|
c = snew(struct ssh_channel);
|
|
|
|
c->ssh = ssh;
|
|
|
|
c->remoteid = remoteid;
|
|
|
|
c->localid = alloc_channel_id(ssh);
|
|
|
|
c->closes = 0;
|
|
|
|
c->v.v1.throttling = 0;
|
|
|
|
c->type = CHAN_AGENT; /* identify channel type */
|
|
|
|
c->u.a.lensofar = 0;
|
|
|
|
add234(ssh->channels, c);
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
|
|
|
|
PKT_INT, c->remoteid, PKT_INT, c->localid,
|
|
|
|
PKT_END);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
/* Remote side is trying to open a channel to talk to a
|
|
|
|
* forwarded port. Give them back a local channel number. */
|
|
|
|
struct ssh_channel *c;
|
2004-12-30 16:45:11 +00:00
|
|
|
struct ssh_rportfwd pf, *pfp;
|
2004-11-27 15:32:45 +00:00
|
|
|
int remoteid;
|
|
|
|
int hostsize, port;
|
|
|
|
char *host, buf[1024];
|
|
|
|
const char *e;
|
|
|
|
c = snew(struct ssh_channel);
|
|
|
|
c->ssh = ssh;
|
|
|
|
|
|
|
|
remoteid = ssh_pkt_getuint32(pktin);
|
|
|
|
ssh_pkt_getstring(pktin, &host, &hostsize);
|
|
|
|
port = ssh_pkt_getuint32(pktin);
|
|
|
|
|
|
|
|
if (hostsize >= lenof(pf.dhost))
|
|
|
|
hostsize = lenof(pf.dhost)-1;
|
|
|
|
memcpy(pf.dhost, host, hostsize);
|
|
|
|
pf.dhost[hostsize] = '\0';
|
|
|
|
pf.dport = port;
|
2004-12-30 16:45:11 +00:00
|
|
|
pfp = find234(ssh->rportfwds, &pf, NULL);
|
2004-11-27 15:32:45 +00:00
|
|
|
|
2004-12-30 16:45:11 +00:00
|
|
|
if (pfp == NULL) {
|
2004-11-27 15:32:45 +00:00
|
|
|
sprintf(buf, "Rejected remote port open request for %s:%d",
|
|
|
|
pf.dhost, port);
|
|
|
|
logevent(buf);
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
|
|
|
|
PKT_INT, remoteid, PKT_END);
|
|
|
|
} else {
|
|
|
|
sprintf(buf, "Received remote port open request for %s:%d",
|
|
|
|
pf.dhost, port);
|
|
|
|
logevent(buf);
|
|
|
|
e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port,
|
2004-12-30 16:45:11 +00:00
|
|
|
c, &ssh->cfg, pfp->pfrec->addressfamily);
|
2004-11-27 15:32:45 +00:00
|
|
|
if (e != NULL) {
|
|
|
|
char buf[256];
|
|
|
|
sprintf(buf, "Port open failed: %s", e);
|
|
|
|
logevent(buf);
|
|
|
|
sfree(c);
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
|
|
|
|
PKT_INT, remoteid, PKT_END);
|
|
|
|
} else {
|
|
|
|
c->remoteid = remoteid;
|
|
|
|
c->localid = alloc_channel_id(ssh);
|
|
|
|
c->closes = 0;
|
|
|
|
c->v.v1.throttling = 0;
|
|
|
|
c->type = CHAN_SOCKDATA; /* identify channel type */
|
|
|
|
add234(ssh->channels, c);
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
|
|
|
|
PKT_INT, c->remoteid, PKT_INT,
|
|
|
|
c->localid, PKT_END);
|
|
|
|
logevent("Forwarded port opened successfully");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
unsigned int remoteid = ssh_pkt_getuint32(pktin);
|
|
|
|
unsigned int localid = ssh_pkt_getuint32(pktin);
|
|
|
|
struct ssh_channel *c;
|
|
|
|
|
|
|
|
c = find234(ssh->channels, &remoteid, ssh_channelfind);
|
|
|
|
if (c && c->type == CHAN_SOCKDATA_DORMANT) {
|
|
|
|
c->remoteid = localid;
|
|
|
|
c->type = CHAN_SOCKDATA;
|
|
|
|
c->v.v1.throttling = 0;
|
|
|
|
pfd_confirm(c->u.pfd.s);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (c && c->closes) {
|
|
|
|
/*
|
|
|
|
* We have a pending close on this channel,
|
|
|
|
* which we decided on before the server acked
|
|
|
|
* the channel open. So now we know the
|
|
|
|
* remoteid, we can close it again.
|
|
|
|
*/
|
|
|
|
send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE,
|
|
|
|
PKT_INT, c->remoteid, PKT_END);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
unsigned int remoteid = ssh_pkt_getuint32(pktin);
|
|
|
|
struct ssh_channel *c;
|
|
|
|
|
|
|
|
c = find234(ssh->channels, &remoteid, ssh_channelfind);
|
|
|
|
if (c && c->type == CHAN_SOCKDATA_DORMANT) {
|
|
|
|
logevent("Forwarded connection refused by server");
|
|
|
|
pfd_close(c->u.pfd.s);
|
|
|
|
del234(ssh->channels, c);
|
|
|
|
sfree(c);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
/* Remote side closes a channel. */
|
|
|
|
unsigned i = ssh_pkt_getuint32(pktin);
|
|
|
|
struct ssh_channel *c;
|
|
|
|
c = find234(ssh->channels, &i, ssh_channelfind);
|
|
|
|
if (c && ((int)c->remoteid) != -1) {
|
|
|
|
int closetype;
|
|
|
|
closetype =
|
|
|
|
(pktin->type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2);
|
|
|
|
|
|
|
|
if ((c->closes == 0) && (c->type == CHAN_X11)) {
|
|
|
|
logevent("Forwarded X11 connection terminated");
|
|
|
|
assert(c->u.x11.s != NULL);
|
|
|
|
x11_close(c->u.x11.s);
|
|
|
|
c->u.x11.s = NULL;
|
|
|
|
}
|
|
|
|
if ((c->closes == 0) && (c->type == CHAN_SOCKDATA)) {
|
|
|
|
logevent("Forwarded port closed");
|
|
|
|
assert(c->u.pfd.s != NULL);
|
|
|
|
pfd_close(c->u.pfd.s);
|
|
|
|
c->u.pfd.s = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
c->closes |= (closetype << 2); /* seen this message */
|
|
|
|
if (!(c->closes & closetype)) {
|
|
|
|
send_packet(ssh, pktin->type, PKT_INT, c->remoteid,
|
|
|
|
PKT_END);
|
|
|
|
c->closes |= closetype; /* sent it too */
|
|
|
|
}
|
|
|
|
|
|
|
|
if (c->closes == 15) {
|
|
|
|
del234(ssh->channels, c);
|
|
|
|
sfree(c);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
|
|
|
|
pktin->type == SSH1_MSG_CHANNEL_CLOSE ? "" :
|
|
|
|
"_CONFIRMATION", c ? "half-open" : "nonexistent",
|
|
|
|
i));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
/* Data sent down one of our channels. */
|
|
|
|
int i = ssh_pkt_getuint32(pktin);
|
|
|
|
char *p;
|
2004-12-28 17:12:20 +00:00
|
|
|
unsigned int len;
|
2004-11-27 15:32:45 +00:00
|
|
|
struct ssh_channel *c;
|
|
|
|
|
|
|
|
ssh_pkt_getstring(pktin, &p, &len);
|
|
|
|
|
|
|
|
c = find234(ssh->channels, &i, ssh_channelfind);
|
|
|
|
if (c) {
|
|
|
|
int bufsize = 0;
|
|
|
|
switch (c->type) {
|
|
|
|
case CHAN_X11:
|
|
|
|
bufsize = x11_send(c->u.x11.s, p, len);
|
|
|
|
break;
|
|
|
|
case CHAN_SOCKDATA:
|
|
|
|
bufsize = pfd_send(c->u.pfd.s, p, len);
|
|
|
|
break;
|
|
|
|
case CHAN_AGENT:
|
|
|
|
/* Data for an agent message. Buffer it. */
|
|
|
|
while (len > 0) {
|
|
|
|
if (c->u.a.lensofar < 4) {
|
2004-12-28 17:12:20 +00:00
|
|
|
unsigned int l = min(4 - c->u.a.lensofar, len);
|
2004-11-27 15:32:45 +00:00
|
|
|
memcpy(c->u.a.msglen + c->u.a.lensofar, p,
|
|
|
|
l);
|
|
|
|
p += l;
|
|
|
|
len -= l;
|
|
|
|
c->u.a.lensofar += l;
|
|
|
|
}
|
|
|
|
if (c->u.a.lensofar == 4) {
|
|
|
|
c->u.a.totallen =
|
|
|
|
4 + GET_32BIT(c->u.a.msglen);
|
|
|
|
c->u.a.message = snewn(c->u.a.totallen,
|
|
|
|
unsigned char);
|
|
|
|
memcpy(c->u.a.message, c->u.a.msglen, 4);
|
|
|
|
}
|
|
|
|
if (c->u.a.lensofar >= 4 && len > 0) {
|
2004-12-28 17:12:20 +00:00
|
|
|
unsigned int l =
|
2004-11-27 15:32:45 +00:00
|
|
|
min(c->u.a.totallen - c->u.a.lensofar,
|
|
|
|
len);
|
|
|
|
memcpy(c->u.a.message + c->u.a.lensofar, p,
|
|
|
|
l);
|
|
|
|
p += l;
|
|
|
|
len -= l;
|
|
|
|
c->u.a.lensofar += l;
|
|
|
|
}
|
|
|
|
if (c->u.a.lensofar == c->u.a.totallen) {
|
|
|
|
void *reply;
|
|
|
|
int replylen;
|
|
|
|
if (agent_query(c->u.a.message,
|
|
|
|
c->u.a.totallen,
|
|
|
|
&reply, &replylen,
|
|
|
|
ssh_agentf_callback, c))
|
|
|
|
ssh_agentf_callback(c, reply, replylen);
|
|
|
|
sfree(c->u.a.message);
|
|
|
|
c->u.a.lensofar = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
bufsize = 0; /* agent channels never back up */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (!c->v.v1.throttling && bufsize > SSH1_BUFFER_LIMIT) {
|
|
|
|
c->v.v1.throttling = 1;
|
|
|
|
ssh1_throttle(ssh, +1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_smsg_exit_status(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
char buf[100];
|
|
|
|
ssh->exitcode = ssh_pkt_getuint32(pktin);
|
|
|
|
sprintf(buf, "Server sent command exit status %d",
|
|
|
|
ssh->exitcode);
|
|
|
|
logevent(buf);
|
|
|
|
send_packet(ssh, SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
|
|
|
|
/*
|
|
|
|
* In case `helpful' firewalls or proxies tack
|
|
|
|
* extra human-readable text on the end of the
|
|
|
|
* session which we might mistake for another
|
|
|
|
* encrypted packet, we close the session once
|
|
|
|
* we've sent EXIT_CONFIRMATION.
|
|
|
|
*/
|
|
|
|
ssh_closing((Plug)ssh, NULL, 0, 0);
|
|
|
|
}
|
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2004-11-24 20:35:15 +00:00
|
|
|
crBegin(ssh->do_ssh1_connection_crstate);
|
2000-06-22 12:18:34 +00:00
|
|
|
|
2004-11-27 15:32:45 +00:00
|
|
|
ssh->packet_dispatch[SSH1_SMSG_STDOUT_DATA] =
|
|
|
|
ssh->packet_dispatch[SSH1_SMSG_STDERR_DATA] =
|
|
|
|
ssh1_smsg_stdout_stderr_data;
|
|
|
|
|
|
|
|
ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_CONFIRMATION] =
|
|
|
|
ssh1_msg_channel_open_confirmation;
|
|
|
|
ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_FAILURE] =
|
|
|
|
ssh1_msg_channel_open_failure;
|
|
|
|
ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE] =
|
|
|
|
ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION] =
|
|
|
|
ssh1_msg_channel_close;
|
|
|
|
ssh->packet_dispatch[SSH1_MSG_CHANNEL_DATA] = ssh1_msg_channel_data;
|
|
|
|
ssh->packet_dispatch[SSH1_SMSG_EXIT_STATUS] = ssh1_smsg_exit_status;
|
|
|
|
|
2003-01-12 14:48:29 +00:00
|
|
|
if (ssh->cfg.agentfwd && agent_exists()) {
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("Requesting agent forwarding");
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
|
2001-05-06 14:35:20 +00:00
|
|
|
do {
|
|
|
|
crReturnV;
|
2004-11-24 18:45:52 +00:00
|
|
|
} while (!pktin);
|
|
|
|
if (pktin->type != SSH1_SMSG_SUCCESS
|
|
|
|
&& pktin->type != SSH1_SMSG_FAILURE) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Protocol confusion"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2004-11-24 18:45:52 +00:00
|
|
|
} else if (pktin->type == SSH1_SMSG_FAILURE) {
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("Agent forwarding refused");
|
|
|
|
} else {
|
|
|
|
logevent("Agent forwarding enabled");
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->agentfwd_enabled = TRUE;
|
2004-11-27 15:32:45 +00:00
|
|
|
ssh->packet_dispatch[SSH1_SMSG_AGENT_OPEN] = ssh1_smsg_agent_open;
|
2000-12-02 11:43:25 +00:00
|
|
|
}
|
2000-09-15 10:48:42 +00:00
|
|
|
}
|
|
|
|
|
2003-01-12 14:48:29 +00:00
|
|
|
if (ssh->cfg.x11_forward) {
|
2001-05-06 14:35:20 +00:00
|
|
|
char proto[20], data[64];
|
|
|
|
logevent("Requesting X11 forwarding");
|
2002-10-26 11:23:15 +00:00
|
|
|
ssh->x11auth = x11_invent_auth(proto, sizeof(proto),
|
2003-01-12 14:48:29 +00:00
|
|
|
data, sizeof(data), ssh->cfg.x11_auth);
|
|
|
|
x11_get_real_auth(ssh->x11auth, ssh->cfg.x11_display);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
|
|
|
|
send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
|
2001-05-06 14:35:20 +00:00
|
|
|
PKT_STR, proto, PKT_STR, data,
|
2003-01-12 14:48:29 +00:00
|
|
|
PKT_INT, x11_get_screen_number(ssh->cfg.x11_display),
|
2003-01-02 10:41:22 +00:00
|
|
|
PKT_END);
|
2001-05-06 14:35:20 +00:00
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
|
2001-05-06 14:35:20 +00:00
|
|
|
PKT_STR, proto, PKT_STR, data, PKT_END);
|
|
|
|
}
|
|
|
|
do {
|
|
|
|
crReturnV;
|
2004-11-24 18:45:52 +00:00
|
|
|
} while (!pktin);
|
|
|
|
if (pktin->type != SSH1_SMSG_SUCCESS
|
|
|
|
&& pktin->type != SSH1_SMSG_FAILURE) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Protocol confusion"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2004-11-24 18:45:52 +00:00
|
|
|
} else if (pktin->type == SSH1_SMSG_FAILURE) {
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("X11 forwarding refused");
|
|
|
|
} else {
|
|
|
|
logevent("X11 forwarding enabled");
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->X11_fwd_enabled = TRUE;
|
2004-11-27 15:32:45 +00:00
|
|
|
ssh->packet_dispatch[SSH1_SMSG_X11_OPEN] = ssh1_smsg_x11_open;
|
2001-01-22 11:34:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
ssh_setup_portfwd(ssh, &ssh->cfg);
|
|
|
|
ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = ssh1_msg_port_open;
|
2001-08-08 20:44:35 +00:00
|
|
|
|
2003-01-12 14:48:29 +00:00
|
|
|
if (!ssh->cfg.nopty) {
|
2004-04-24 20:05:03 +00:00
|
|
|
/* Unpick the terminal-speed string. */
|
|
|
|
/* XXX perhaps we should allow no speeds to be sent. */
|
2004-06-03 10:36:27 +00:00
|
|
|
ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
|
|
|
|
sscanf(ssh->cfg.termspeed, "%d,%d", &ssh->ospeed, &ssh->ispeed);
|
2004-04-24 20:05:03 +00:00
|
|
|
/* Send the pty request. */
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_REQUEST_PTY,
|
2003-01-12 14:48:29 +00:00
|
|
|
PKT_STR, ssh->cfg.termtype,
|
2002-10-25 11:30:33 +00:00
|
|
|
PKT_INT, ssh->term_height,
|
|
|
|
PKT_INT, ssh->term_width,
|
2004-04-24 20:05:03 +00:00
|
|
|
PKT_INT, 0, PKT_INT, 0, /* width,height in pixels */
|
2004-06-03 10:36:27 +00:00
|
|
|
PKT_CHAR, 192, PKT_INT, ssh->ispeed, /* TTY_OP_ISPEED */
|
|
|
|
PKT_CHAR, 193, PKT_INT, ssh->ospeed, /* TTY_OP_OSPEED */
|
2004-04-24 20:05:03 +00:00
|
|
|
PKT_CHAR, 0, PKT_END);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->state = SSH_STATE_INTERMED;
|
2001-05-06 14:35:20 +00:00
|
|
|
do {
|
|
|
|
crReturnV;
|
2004-11-24 18:45:52 +00:00
|
|
|
} while (!pktin);
|
|
|
|
if (pktin->type != SSH1_SMSG_SUCCESS
|
|
|
|
&& pktin->type != SSH1_SMSG_FAILURE) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Protocol confusion"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2004-11-24 18:45:52 +00:00
|
|
|
} else if (pktin->type == SSH1_SMSG_FAILURE) {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Server refused to allocate pty\r\n");
|
|
|
|
ssh->editing = ssh->echoing = 1;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2004-04-24 20:05:03 +00:00
|
|
|
logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
|
2004-06-03 10:36:27 +00:00
|
|
|
ssh->ospeed, ssh->ispeed);
|
2001-01-24 14:08:20 +00:00
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->editing = ssh->echoing = 1;
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
|
2003-01-12 14:48:29 +00:00
|
|
|
if (ssh->cfg.compression) {
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
|
2001-05-06 14:35:20 +00:00
|
|
|
do {
|
|
|
|
crReturnV;
|
2004-11-24 18:45:52 +00:00
|
|
|
} while (!pktin);
|
|
|
|
if (pktin->type != SSH1_SMSG_SUCCESS
|
|
|
|
&& pktin->type != SSH1_SMSG_FAILURE) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Protocol confusion"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2004-11-24 18:45:52 +00:00
|
|
|
} else if (pktin->type == SSH1_SMSG_FAILURE) {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Server refused to compress\r\n");
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2000-11-01 21:34:21 +00:00
|
|
|
logevent("Started compression");
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->v1_compressing = TRUE;
|
2002-10-25 13:26:33 +00:00
|
|
|
ssh->cs_comp_ctx = zlib_compress_init();
|
|
|
|
logevent("Initialised zlib (RFC1950) compression");
|
|
|
|
ssh->sc_comp_ctx = zlib_decompress_init();
|
|
|
|
logevent("Initialised zlib (RFC1950) decompression");
|
2000-11-01 21:34:21 +00:00
|
|
|
}
|
|
|
|
|
2001-08-26 18:32:28 +00:00
|
|
|
/*
|
|
|
|
* Start the shell or command.
|
|
|
|
*
|
|
|
|
* Special case: if the first-choice command is an SSH2
|
|
|
|
* subsystem (hence not usable here) and the second choice
|
|
|
|
* exists, we fall straight back to that.
|
|
|
|
*/
|
|
|
|
{
|
2003-01-12 14:48:29 +00:00
|
|
|
char *cmd = ssh->cfg.remote_cmd_ptr;
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2003-01-12 14:48:29 +00:00
|
|
|
if (ssh->cfg.ssh_subsys && ssh->cfg.remote_cmd_ptr2) {
|
|
|
|
cmd = ssh->cfg.remote_cmd_ptr2;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->fallback_cmd = TRUE;
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
|
|
|
if (*cmd)
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END);
|
2001-08-26 18:32:28 +00:00
|
|
|
else
|
2002-10-25 11:30:33 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_EXEC_SHELL, PKT_END);
|
2001-08-26 18:32:28 +00:00
|
|
|
logevent("Started session");
|
|
|
|
}
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->state = SSH_STATE_SESSION;
|
|
|
|
if (ssh->size_needed)
|
|
|
|
ssh_size(ssh, ssh->term_width, ssh->term_height);
|
|
|
|
if (ssh->eof_needed)
|
|
|
|
ssh_special(ssh, TS_EOF);
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-26 10:16:19 +00:00
|
|
|
if (ssh->ldisc)
|
|
|
|
ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->send_ok = 1;
|
|
|
|
ssh->channels = newtree234(ssh_channelcmp);
|
1999-01-08 13:02:13 +00:00
|
|
|
while (1) {
|
2001-08-08 20:44:35 +00:00
|
|
|
|
2004-11-27 15:32:45 +00:00
|
|
|
/*
|
|
|
|
* By this point, most incoming packets are already being
|
|
|
|
* handled by the dispatch table, and we need only pay
|
|
|
|
* attention to the unusual ones.
|
|
|
|
*/
|
2002-09-15 13:24:00 +00:00
|
|
|
|
2004-11-27 15:32:45 +00:00
|
|
|
crReturnV;
|
|
|
|
if (pktin) {
|
|
|
|
if (pktin->type == SSH1_SMSG_SUCCESS) {
|
1999-11-08 17:36:08 +00:00
|
|
|
/* may be from EXEC_SHELL on some servers */
|
2004-11-24 18:45:52 +00:00
|
|
|
} else if (pktin->type == SSH1_SMSG_FAILURE) {
|
1999-11-08 17:36:08 +00:00
|
|
|
/* may be from EXEC_SHELL on some servers
|
1999-01-08 13:02:13 +00:00
|
|
|
* if no pty is available or in other odd cases. Ignore */
|
|
|
|
} else {
|
2004-11-24 18:45:52 +00:00
|
|
|
bombout(("Strange packet received: type %d", pktin->type));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
} else {
|
2000-10-23 10:32:37 +00:00
|
|
|
while (inlen > 0) {
|
|
|
|
int len = min(inlen, 512);
|
2004-10-02 00:33:27 +00:00
|
|
|
send_packet(ssh, SSH1_CMSG_STDIN_DATA, PKTT_DATA,
|
|
|
|
PKT_INT, len, PKT_DATA, in, len,
|
|
|
|
PKTT_OTHER, PKT_END);
|
2000-10-23 10:32:37 +00:00
|
|
|
in += len;
|
|
|
|
inlen -= len;
|
|
|
|
}
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
crFinishV;
|
|
|
|
}
|
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
/*
|
|
|
|
* Handle the top-level SSH2 protocol.
|
|
|
|
*/
|
|
|
|
static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
char *buf, *msg;
|
|
|
|
int msglen;
|
|
|
|
|
|
|
|
ssh_pkt_getstring(pktin, &msg, &msglen);
|
|
|
|
buf = dupprintf("Remote debug message: %.*s", msglen, msg);
|
|
|
|
logevent(buf);
|
|
|
|
sfree(buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
/* log reason code in disconnect message */
|
|
|
|
char *msg;
|
|
|
|
int msglen;
|
|
|
|
|
|
|
|
ssh_pkt_getstring(pktin, &msg, &msglen);
|
|
|
|
bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg));
|
|
|
|
}
|
|
|
|
|
|
|
|
void ssh_msg_ignore(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
/* Do nothing, because we're ignoring it! Duhh. */
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_protocol_setup(Ssh ssh)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Most messages are handled by the coroutines.
|
|
|
|
*/
|
|
|
|
for (i = 0; i < 256; i++)
|
|
|
|
ssh->packet_dispatch[i] = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* These special message types we install handlers for.
|
|
|
|
*/
|
|
|
|
ssh->packet_dispatch[SSH1_MSG_DISCONNECT] = ssh1_msg_disconnect;
|
|
|
|
ssh->packet_dispatch[SSH1_MSG_IGNORE] = ssh_msg_ignore;
|
|
|
|
ssh->packet_dispatch[SSH1_MSG_DEBUG] = ssh1_msg_debug;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin)
|
|
|
|
{
|
|
|
|
if (ssh->state == SSH_STATE_CLOSED)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (pktin && ssh->packet_dispatch[pktin->type]) {
|
|
|
|
ssh->packet_dispatch[pktin->type](ssh, pktin);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!ssh->protocol_initial_phase_done) {
|
|
|
|
if (do_ssh1_login(ssh, in, inlen, pktin))
|
|
|
|
ssh->protocol_initial_phase_done = TRUE;
|
|
|
|
else
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
do_ssh1_connection(ssh, in, inlen, pktin);
|
|
|
|
}
|
|
|
|
|
2000-09-05 14:28:17 +00:00
|
|
|
/*
|
|
|
|
* Utility routine for decoding comma-separated strings in KEXINIT.
|
|
|
|
*/
|
2001-05-06 14:35:20 +00:00
|
|
|
static int in_commasep_string(char *needle, char *haystack, int haylen)
|
|
|
|
{
|
2002-11-07 19:49:03 +00:00
|
|
|
int needlen;
|
|
|
|
if (!needle || !haystack) /* protect against null pointers */
|
|
|
|
return 0;
|
|
|
|
needlen = strlen(needle);
|
2000-09-05 14:28:17 +00:00
|
|
|
while (1) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* Is it at the start of the string?
|
|
|
|
*/
|
|
|
|
if (haylen >= needlen && /* haystack is long enough */
|
|
|
|
!memcmp(needle, haystack, needlen) && /* initial match */
|
|
|
|
(haylen == needlen || haystack[needlen] == ',')
|
|
|
|
/* either , or EOS follows */
|
|
|
|
)
|
|
|
|
return 1;
|
|
|
|
/*
|
|
|
|
* If not, search for the next comma and resume after that.
|
|
|
|
* If no comma found, terminate.
|
|
|
|
*/
|
|
|
|
while (haylen > 0 && *haystack != ',')
|
|
|
|
haylen--, haystack++;
|
|
|
|
if (haylen == 0)
|
|
|
|
return 0;
|
|
|
|
haylen--, haystack++; /* skip over comma itself */
|
2000-09-05 14:28:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-09-05 16:23:36 +00:00
|
|
|
/*
|
|
|
|
* SSH2 key creation method.
|
|
|
|
*/
|
2003-01-05 13:43:02 +00:00
|
|
|
static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H,
|
|
|
|
unsigned char *sessid, char chr,
|
|
|
|
unsigned char *keyspace)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2000-09-05 16:23:36 +00:00
|
|
|
SHA_State s;
|
|
|
|
/* First 20 bytes. */
|
|
|
|
SHA_Init(&s);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
|
2002-08-18 09:27:15 +00:00
|
|
|
sha_mpint(&s, K);
|
2000-09-05 16:23:36 +00:00
|
|
|
SHA_Bytes(&s, H, 20);
|
|
|
|
SHA_Bytes(&s, &chr, 1);
|
2001-01-26 18:50:13 +00:00
|
|
|
SHA_Bytes(&s, sessid, 20);
|
2000-09-05 16:23:36 +00:00
|
|
|
SHA_Final(&s, keyspace);
|
|
|
|
/* Next 20 bytes. */
|
|
|
|
SHA_Init(&s);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
|
2002-08-18 09:27:15 +00:00
|
|
|
sha_mpint(&s, K);
|
2000-09-05 16:23:36 +00:00
|
|
|
SHA_Bytes(&s, H, 20);
|
|
|
|
SHA_Bytes(&s, keyspace, 20);
|
2001-05-06 14:35:20 +00:00
|
|
|
SHA_Final(&s, keyspace + 20);
|
2000-09-05 16:23:36 +00:00
|
|
|
}
|
|
|
|
|
2000-09-05 14:28:17 +00:00
|
|
|
/*
|
2000-09-07 16:33:49 +00:00
|
|
|
* Handle the SSH2 transport layer.
|
2000-09-05 14:28:17 +00:00
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin)
|
2000-09-05 14:28:17 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
struct do_ssh2_transport_state {
|
|
|
|
int nbits, pbits, warn;
|
|
|
|
Bignum p, g, e, f, K;
|
|
|
|
int kex_init_value, kex_reply_value;
|
|
|
|
const struct ssh_mac **maclist;
|
|
|
|
int nmacs;
|
|
|
|
const struct ssh2_cipher *cscipher_tobe;
|
|
|
|
const struct ssh2_cipher *sccipher_tobe;
|
|
|
|
const struct ssh_mac *csmac_tobe;
|
|
|
|
const struct ssh_mac *scmac_tobe;
|
|
|
|
const struct ssh_compress *cscomp_tobe;
|
|
|
|
const struct ssh_compress *sccomp_tobe;
|
|
|
|
char *hostkeydata, *sigdata, *keystr, *fingerprint;
|
|
|
|
int hostkeylen, siglen;
|
|
|
|
void *hkey; /* actual host key */
|
|
|
|
unsigned char exchange_hash[20];
|
2004-12-23 02:24:07 +00:00
|
|
|
int n_preferred_kex;
|
|
|
|
const struct ssh_kex *preferred_kex[KEX_MAX];
|
2002-10-25 11:30:33 +00:00
|
|
|
int n_preferred_ciphers;
|
|
|
|
const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
|
|
|
|
const struct ssh_compress *preferred_comp;
|
|
|
|
int first_kex;
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktout;
|
2002-10-25 11:30:33 +00:00
|
|
|
};
|
|
|
|
crState(do_ssh2_transport_state);
|
|
|
|
|
|
|
|
crBegin(ssh->do_ssh2_transport_crstate);
|
|
|
|
|
|
|
|
s->cscipher_tobe = s->sccipher_tobe = NULL;
|
|
|
|
s->csmac_tobe = s->scmac_tobe = NULL;
|
|
|
|
s->cscomp_tobe = s->sccomp_tobe = NULL;
|
|
|
|
|
|
|
|
s->first_kex = 1;
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2004-12-23 02:24:07 +00:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
/*
|
|
|
|
* Set up the preferred key exchange. (NULL => warn below here)
|
|
|
|
*/
|
|
|
|
s->n_preferred_kex = 0;
|
|
|
|
for (i = 0; i < KEX_MAX; i++) {
|
|
|
|
switch (ssh->cfg.ssh_kexlist[i]) {
|
|
|
|
case KEX_DHGEX:
|
|
|
|
s->preferred_kex[s->n_preferred_kex++] =
|
|
|
|
&ssh_diffiehellman_gex;
|
|
|
|
break;
|
|
|
|
case KEX_DHGROUP14:
|
|
|
|
s->preferred_kex[s->n_preferred_kex++] =
|
|
|
|
&ssh_diffiehellman_group14;
|
|
|
|
break;
|
|
|
|
case KEX_DHGROUP1:
|
|
|
|
s->preferred_kex[s->n_preferred_kex++] =
|
|
|
|
&ssh_diffiehellman_group1;
|
|
|
|
break;
|
|
|
|
case CIPHER_WARN:
|
|
|
|
/* Flag for later. Don't bother if it's the last in
|
|
|
|
* the list. */
|
|
|
|
if (i < KEX_MAX - 1) {
|
|
|
|
s->preferred_kex[s->n_preferred_kex++] = NULL;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
/*
|
|
|
|
* Set up the preferred ciphers. (NULL => warn below here)
|
|
|
|
*/
|
|
|
|
s->n_preferred_ciphers = 0;
|
|
|
|
for (i = 0; i < CIPHER_MAX; i++) {
|
2003-01-12 14:48:29 +00:00
|
|
|
switch (ssh->cfg.ssh_cipherlist[i]) {
|
2002-10-25 11:30:33 +00:00
|
|
|
case CIPHER_BLOWFISH:
|
|
|
|
s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_blowfish;
|
|
|
|
break;
|
|
|
|
case CIPHER_DES:
|
2003-01-12 14:48:29 +00:00
|
|
|
if (ssh->cfg.ssh2_des_cbc) {
|
2002-10-25 11:30:33 +00:00
|
|
|
s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_des;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case CIPHER_3DES:
|
|
|
|
s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_3des;
|
|
|
|
break;
|
|
|
|
case CIPHER_AES:
|
|
|
|
s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_aes;
|
|
|
|
break;
|
|
|
|
case CIPHER_WARN:
|
|
|
|
/* Flag for later. Don't bother if it's the last in
|
|
|
|
* the list. */
|
|
|
|
if (i < CIPHER_MAX - 1) {
|
|
|
|
s->preferred_ciphers[s->n_preferred_ciphers++] = NULL;
|
|
|
|
}
|
|
|
|
break;
|
2001-08-25 19:33:33 +00:00
|
|
|
}
|
|
|
|
}
|
2000-09-20 15:15:02 +00:00
|
|
|
}
|
2001-08-25 19:33:33 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Set up preferred compression.
|
|
|
|
*/
|
2003-01-12 14:48:29 +00:00
|
|
|
if (ssh->cfg.compression)
|
2002-10-25 11:30:33 +00:00
|
|
|
s->preferred_comp = &ssh_zlib;
|
2000-11-01 21:34:21 +00:00
|
|
|
else
|
2002-10-25 11:30:33 +00:00
|
|
|
s->preferred_comp = &ssh_comp_none;
|
2000-09-20 15:15:02 +00:00
|
|
|
|
2000-10-12 12:39:44 +00:00
|
|
|
/*
|
|
|
|
* Be prepared to work around the buggy MAC problem.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->remote_bugs & BUG_SSH2_HMAC)
|
|
|
|
s->maclist = buggymacs, s->nmacs = lenof(buggymacs);
|
2000-10-12 12:39:44 +00:00
|
|
|
else
|
2002-10-25 11:30:33 +00:00
|
|
|
s->maclist = macs, s->nmacs = lenof(macs);
|
2000-10-12 12:39:44 +00:00
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
begin_key_exchange:
|
2002-10-25 11:30:33 +00:00
|
|
|
{
|
2004-12-23 02:24:07 +00:00
|
|
|
int i, j, commalist_started;
|
2002-10-25 11:30:33 +00:00
|
|
|
|
2004-11-24 19:23:02 +00:00
|
|
|
/*
|
|
|
|
* Enable queueing of outgoing auth- or connection-layer
|
|
|
|
* packets while we are in the middle of a key exchange.
|
|
|
|
*/
|
|
|
|
ssh->queueing = TRUE;
|
|
|
|
|
2004-11-27 14:29:20 +00:00
|
|
|
/*
|
|
|
|
* Flag that KEX is in progress.
|
|
|
|
*/
|
|
|
|
ssh->kex_in_progress = TRUE;
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
/*
|
|
|
|
* Construct and send our key exchange packet.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_KEXINIT);
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < 16; i++)
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addbyte(s->pktout, (unsigned char) random_byte());
|
2002-10-25 11:30:33 +00:00
|
|
|
/* List key exchange algorithms. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2004-12-23 02:24:07 +00:00
|
|
|
commalist_started = 0;
|
|
|
|
for (i = 0; i < s->n_preferred_kex; i++) {
|
|
|
|
const struct ssh_kex *k = s->preferred_kex[i];
|
|
|
|
if (!k) continue; /* warning flag */
|
|
|
|
if (commalist_started)
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, ",");
|
2004-12-23 02:24:07 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, s->preferred_kex[i]->name);
|
|
|
|
commalist_started = 1;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
/* List server host key algorithms. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < lenof(hostkey_algs); i++) {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, hostkey_algs[i]->name);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (i < lenof(hostkey_algs) - 1)
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, ",");
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
/* List client->server encryption algorithms. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2004-12-23 02:24:07 +00:00
|
|
|
commalist_started = 0;
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < s->n_preferred_ciphers; i++) {
|
|
|
|
const struct ssh2_ciphers *c = s->preferred_ciphers[i];
|
|
|
|
if (!c) continue; /* warning flag */
|
|
|
|
for (j = 0; j < c->nciphers; j++) {
|
2004-12-23 02:24:07 +00:00
|
|
|
if (commalist_started)
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, ",");
|
|
|
|
ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
|
2004-12-23 02:24:07 +00:00
|
|
|
commalist_started = 1;
|
2002-10-25 11:30:33 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
/* List server->client encryption algorithms. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2004-12-23 02:24:07 +00:00
|
|
|
commalist_started = 0;
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < s->n_preferred_ciphers; i++) {
|
|
|
|
const struct ssh2_ciphers *c = s->preferred_ciphers[i];
|
|
|
|
if (!c) continue; /* warning flag */
|
|
|
|
for (j = 0; j < c->nciphers; j++) {
|
2004-12-23 02:24:07 +00:00
|
|
|
if (commalist_started)
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, ",");
|
|
|
|
ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
|
2004-12-23 02:24:07 +00:00
|
|
|
commalist_started = 1;
|
2002-10-25 11:30:33 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
/* List client->server MAC algorithms. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < s->nmacs; i++) {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (i < s->nmacs - 1)
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, ",");
|
2002-10-25 11:30:33 +00:00
|
|
|
}
|
|
|
|
/* List server->client MAC algorithms. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < s->nmacs; i++) {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (i < s->nmacs - 1)
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, ",");
|
2002-10-25 11:30:33 +00:00
|
|
|
}
|
|
|
|
/* List client->server compression algorithms. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2004-09-03 12:28:19 +00:00
|
|
|
assert(lenof(compressions) > 1);
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
|
2004-09-03 12:28:19 +00:00
|
|
|
for (i = 0; i < lenof(compressions); i++) {
|
|
|
|
const struct ssh_compress *c = compressions[i];
|
|
|
|
if (c != s->preferred_comp) {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, ",");
|
|
|
|
ssh2_pkt_addstring_str(s->pktout, c->name);
|
2004-09-03 12:28:19 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
}
|
|
|
|
/* List server->client compression algorithms. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2004-09-03 12:28:19 +00:00
|
|
|
assert(lenof(compressions) > 1);
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
|
2004-09-03 12:28:19 +00:00
|
|
|
for (i = 0; i < lenof(compressions); i++) {
|
|
|
|
const struct ssh_compress *c = compressions[i];
|
|
|
|
if (c != s->preferred_comp) {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_str(s->pktout, ",");
|
|
|
|
ssh2_pkt_addstring_str(s->pktout, c->name);
|
2004-09-03 12:28:19 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
}
|
|
|
|
/* List client->server languages. Empty list. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
/* List server->client languages. Empty list. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
/* First KEX packet does _not_ follow, because we're not that brave. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addbool(s->pktout, FALSE);
|
2002-10-25 11:30:33 +00:00
|
|
|
/* Reserved. */
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_adduint32(s->pktout, 0);
|
2000-09-05 14:28:17 +00:00
|
|
|
}
|
2000-12-18 09:20:08 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->exhash = ssh->exhashbase;
|
2004-11-24 18:45:52 +00:00
|
|
|
sha_string(&ssh->exhash, s->pktout->data + 5, s->pktout->length - 5);
|
2000-12-18 09:20:08 +00:00
|
|
|
|
2004-11-24 19:23:02 +00:00
|
|
|
ssh2_pkt_send_noqueue(ssh, s->pktout);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (!pktin)
|
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->length > 5)
|
|
|
|
sha_string(&ssh->exhash, pktin->data + 5, pktin->length - 5);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Now examine the other side's KEXINIT to see what we're up
|
|
|
|
* to.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
{
|
|
|
|
char *str;
|
|
|
|
int i, j, len;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type != SSH2_MSG_KEXINIT) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("expected key exchange packet from server"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->kex = NULL;
|
|
|
|
ssh->hostkey = NULL;
|
|
|
|
s->cscipher_tobe = NULL;
|
|
|
|
s->sccipher_tobe = NULL;
|
|
|
|
s->csmac_tobe = NULL;
|
|
|
|
s->scmac_tobe = NULL;
|
|
|
|
s->cscomp_tobe = NULL;
|
|
|
|
s->sccomp_tobe = NULL;
|
2004-11-24 18:45:52 +00:00
|
|
|
pktin->savedpos += 16; /* skip garbage cookie */
|
|
|
|
ssh_pkt_getstring(pktin, &str, &len); /* key exchange algorithms */
|
2004-12-23 02:24:07 +00:00
|
|
|
s->warn = 0;
|
|
|
|
for (i = 0; i < s->n_preferred_kex; i++) {
|
|
|
|
const struct ssh_kex *k = s->preferred_kex[i];
|
|
|
|
if (!k) {
|
|
|
|
s->warn = 1;
|
|
|
|
} else if (in_commasep_string(k->name, str, len)) {
|
|
|
|
ssh->kex = k;
|
|
|
|
}
|
|
|
|
if (ssh->kex) {
|
|
|
|
if (s->warn)
|
|
|
|
askalg(ssh->frontend, "key-exchange algorithm",
|
|
|
|
ssh->kex->name);
|
2002-10-25 11:30:33 +00:00
|
|
|
break;
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2004-12-23 02:24:07 +00:00
|
|
|
if (!ssh->kex) {
|
|
|
|
bombout(("Couldn't agree a key exchange algorithm (available: %s)",
|
|
|
|
str ? str : "(null)"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &str, &len); /* host key algorithms */
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < lenof(hostkey_algs); i++) {
|
|
|
|
if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
|
|
|
|
ssh->hostkey = hostkey_algs[i];
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &str, &len); /* client->server cipher */
|
2002-10-25 11:30:33 +00:00
|
|
|
s->warn = 0;
|
|
|
|
for (i = 0; i < s->n_preferred_ciphers; i++) {
|
|
|
|
const struct ssh2_ciphers *c = s->preferred_ciphers[i];
|
|
|
|
if (!c) {
|
|
|
|
s->warn = 1;
|
|
|
|
} else {
|
|
|
|
for (j = 0; j < c->nciphers; j++) {
|
|
|
|
if (in_commasep_string(c->list[j]->name, str, len)) {
|
|
|
|
s->cscipher_tobe = c->list[j];
|
|
|
|
break;
|
|
|
|
}
|
2001-08-25 19:33:33 +00:00
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->cscipher_tobe) {
|
|
|
|
if (s->warn)
|
2004-12-23 02:24:07 +00:00
|
|
|
askalg(ssh->frontend, "client-to-server cipher",
|
|
|
|
s->cscipher_tobe->name);
|
2002-10-25 11:30:33 +00:00
|
|
|
break;
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!s->cscipher_tobe) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Couldn't agree a client-to-server cipher (available: %s)",
|
2002-11-07 19:49:03 +00:00
|
|
|
str ? str : "(null)"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2001-08-25 19:33:33 +00:00
|
|
|
}
|
2001-11-21 22:48:20 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &str, &len); /* server->client cipher */
|
2002-10-25 11:30:33 +00:00
|
|
|
s->warn = 0;
|
|
|
|
for (i = 0; i < s->n_preferred_ciphers; i++) {
|
|
|
|
const struct ssh2_ciphers *c = s->preferred_ciphers[i];
|
|
|
|
if (!c) {
|
|
|
|
s->warn = 1;
|
|
|
|
} else {
|
|
|
|
for (j = 0; j < c->nciphers; j++) {
|
|
|
|
if (in_commasep_string(c->list[j]->name, str, len)) {
|
|
|
|
s->sccipher_tobe = c->list[j];
|
|
|
|
break;
|
|
|
|
}
|
2001-08-25 19:33:33 +00:00
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->sccipher_tobe) {
|
|
|
|
if (s->warn)
|
2004-12-23 02:24:07 +00:00
|
|
|
askalg(ssh->frontend, "server-to-client cipher",
|
|
|
|
s->sccipher_tobe->name);
|
2002-10-25 11:30:33 +00:00
|
|
|
break;
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!s->sccipher_tobe) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Couldn't agree a server-to-client cipher (available: %s)",
|
2002-11-07 19:49:03 +00:00
|
|
|
str ? str : "(null)"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2001-08-25 19:33:33 +00:00
|
|
|
}
|
2001-11-21 22:48:20 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &str, &len); /* client->server mac */
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < s->nmacs; i++) {
|
|
|
|
if (in_commasep_string(s->maclist[i]->name, str, len)) {
|
|
|
|
s->csmac_tobe = s->maclist[i];
|
|
|
|
break;
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &str, &len); /* server->client mac */
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < s->nmacs; i++) {
|
|
|
|
if (in_commasep_string(s->maclist[i]->name, str, len)) {
|
|
|
|
s->scmac_tobe = s->maclist[i];
|
|
|
|
break;
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &str, &len); /* client->server compression */
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < lenof(compressions) + 1; i++) {
|
|
|
|
const struct ssh_compress *c =
|
|
|
|
i == 0 ? s->preferred_comp : compressions[i - 1];
|
|
|
|
if (in_commasep_string(c->name, str, len)) {
|
|
|
|
s->cscomp_tobe = c;
|
|
|
|
break;
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &str, &len); /* server->client compression */
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; i < lenof(compressions) + 1; i++) {
|
|
|
|
const struct ssh_compress *c =
|
|
|
|
i == 0 ? s->preferred_comp : compressions[i - 1];
|
|
|
|
if (in_commasep_string(c->name, str, len)) {
|
|
|
|
s->sccomp_tobe = c;
|
|
|
|
break;
|
|
|
|
}
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2000-09-05 14:28:17 +00:00
|
|
|
}
|
|
|
|
|
2001-03-10 11:04:07 +00:00
|
|
|
/*
|
|
|
|
* Work out the number of bits of key we will need from the key
|
|
|
|
* exchange. We start with the maximum key length of either
|
|
|
|
* cipher...
|
|
|
|
*/
|
|
|
|
{
|
2001-05-06 14:35:20 +00:00
|
|
|
int csbits, scbits;
|
2001-03-10 11:04:07 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
csbits = s->cscipher_tobe->keylen;
|
|
|
|
scbits = s->sccipher_tobe->keylen;
|
|
|
|
s->nbits = (csbits > scbits ? csbits : scbits);
|
2001-03-10 11:04:07 +00:00
|
|
|
}
|
|
|
|
/* The keys only have 160-bit entropy, since they're based on
|
|
|
|
* a SHA-1 hash. So cap the key size at 160 bits. */
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->nbits > 160)
|
|
|
|
s->nbits = 160;
|
2001-03-10 11:04:07 +00:00
|
|
|
|
2000-09-05 14:28:17 +00:00
|
|
|
/*
|
2001-03-01 17:55:40 +00:00
|
|
|
* If we're doing Diffie-Hellman group exchange, start by
|
|
|
|
* requesting a group.
|
2000-09-05 14:28:17 +00:00
|
|
|
*/
|
2004-12-22 10:53:58 +00:00
|
|
|
if (!ssh->kex->pdata) {
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("Doing Diffie-Hellman group exchange");
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->pkt_ctx |= SSH2_PKTCTX_DHGEX;
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* Work out how big a DH group we will need to allow that
|
|
|
|
* much data.
|
2001-03-10 11:04:07 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
s->pbits = 512 << ((s->nbits - 1) / 64);
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, s->pbits);
|
2004-11-24 19:23:02 +00:00
|
|
|
ssh2_pkt_send_noqueue(ssh, s->pktout);
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->type != SSH2_MSG_KEX_DH_GEX_GROUP) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("expected key exchange group packet from server"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
s->p = ssh2_pkt_getmp(pktin);
|
|
|
|
s->g = ssh2_pkt_getmp(pktin);
|
|
|
|
if (!s->p || !s->g) {
|
|
|
|
bombout(("unable to read mp-ints from incoming group packet"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
2004-12-22 10:53:58 +00:00
|
|
|
ssh->kex_ctx = dh_setup_gex(s->p, s->g);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
|
|
|
|
s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
|
2001-03-01 17:55:40 +00:00
|
|
|
} else {
|
2004-12-22 10:53:58 +00:00
|
|
|
ssh->pkt_ctx |= SSH2_PKTCTX_DHGROUP;
|
|
|
|
ssh->kex_ctx = dh_setup_group(ssh->kex);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->kex_init_value = SSH2_MSG_KEXDH_INIT;
|
|
|
|
s->kex_reply_value = SSH2_MSG_KEXDH_REPLY;
|
2004-12-22 10:53:58 +00:00
|
|
|
logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"",
|
|
|
|
ssh->kex->groupname);
|
2000-09-22 11:04:57 +00:00
|
|
|
}
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2001-03-01 17:55:40 +00:00
|
|
|
logevent("Doing Diffie-Hellman key exchange");
|
2000-09-05 14:28:17 +00:00
|
|
|
/*
|
2001-03-01 17:55:40 +00:00
|
|
|
* Now generate and send e for Diffie-Hellman.
|
2000-09-05 14:28:17 +00:00
|
|
|
*/
|
2002-10-25 13:08:01 +00:00
|
|
|
s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2);
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(s->kex_init_value);
|
|
|
|
ssh2_pkt_addmp(s->pktout, s->e);
|
2004-11-24 19:23:02 +00:00
|
|
|
ssh2_pkt_send_noqueue(ssh, s->pktout);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->type != s->kex_reply_value) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("expected key exchange reply packet from server"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
|
|
|
|
s->f = ssh2_pkt_getmp(pktin);
|
|
|
|
if (!s->f) {
|
|
|
|
bombout(("unable to parse key exchange reply packet"));
|
|
|
|
crStop(0);
|
|
|
|
}
|
|
|
|
ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2002-10-25 13:08:01 +00:00
|
|
|
s->K = dh_find_K(ssh->kex_ctx, s->f);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
sha_string(&ssh->exhash, s->hostkeydata, s->hostkeylen);
|
|
|
|
if (ssh->kex == &ssh_diffiehellman_gex) {
|
|
|
|
sha_uint32(&ssh->exhash, s->pbits);
|
|
|
|
sha_mpint(&ssh->exhash, s->p);
|
|
|
|
sha_mpint(&ssh->exhash, s->g);
|
2001-03-01 17:55:40 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
sha_mpint(&ssh->exhash, s->e);
|
|
|
|
sha_mpint(&ssh->exhash, s->f);
|
|
|
|
sha_mpint(&ssh->exhash, s->K);
|
|
|
|
SHA_Final(&ssh->exhash, s->exchange_hash);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2002-10-25 13:08:01 +00:00
|
|
|
dh_cleanup(ssh->kex_ctx);
|
2003-01-15 23:30:21 +00:00
|
|
|
ssh->kex_ctx = NULL;
|
2001-03-01 17:41:26 +00:00
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
#if 0
|
2001-04-28 17:35:18 +00:00
|
|
|
debug(("Exchange hash is:\n"));
|
2002-10-25 11:30:33 +00:00
|
|
|
dmemdump(s->exchange_hash, 20);
|
2000-09-07 16:33:49 +00:00
|
|
|
#endif
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
|
|
|
|
if (!s->hkey ||
|
|
|
|
!ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
|
2003-01-05 13:43:02 +00:00
|
|
|
(char *)s->exchange_hash, 20)) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Server's host key did not match the signature supplied"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2000-09-22 11:04:57 +00:00
|
|
|
}
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2000-09-05 16:23:36 +00:00
|
|
|
/*
|
2000-09-07 16:33:49 +00:00
|
|
|
* Authenticate remote host: verify host key. (We've already
|
|
|
|
* checked the signature of the exchange hash.)
|
2000-09-05 14:28:17 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
s->keystr = ssh->hostkey->fmtkey(s->hkey);
|
|
|
|
s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
|
2002-10-26 12:58:13 +00:00
|
|
|
verify_ssh_host_key(ssh->frontend,
|
|
|
|
ssh->savedhost, ssh->savedport, ssh->hostkey->keytype,
|
2002-10-25 11:30:33 +00:00
|
|
|
s->keystr, s->fingerprint);
|
|
|
|
if (s->first_kex) { /* don't bother logging this in rekeys */
|
2001-01-26 18:50:13 +00:00
|
|
|
logevent("Host key fingerprint is:");
|
2002-10-25 11:30:33 +00:00
|
|
|
logevent(s->fingerprint);
|
2001-01-26 18:50:13 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
sfree(s->fingerprint);
|
|
|
|
sfree(s->keystr);
|
|
|
|
ssh->hostkey->freekey(s->hkey);
|
2000-09-05 16:23:36 +00:00
|
|
|
|
2004-11-27 14:29:20 +00:00
|
|
|
/*
|
|
|
|
* The exchange hash from the very first key exchange is also
|
|
|
|
* the session id, used in session key construction and
|
|
|
|
* authentication.
|
|
|
|
*/
|
|
|
|
if (s->first_kex)
|
|
|
|
memcpy(ssh->v2_session_id, s->exchange_hash,
|
|
|
|
sizeof(s->exchange_hash));
|
|
|
|
|
2000-09-05 16:23:36 +00:00
|
|
|
/*
|
2000-09-07 16:33:49 +00:00
|
|
|
* Send SSH2_MSG_NEWKEYS.
|
2000-09-05 16:23:36 +00:00
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_NEWKEYS);
|
2004-11-24 19:23:02 +00:00
|
|
|
ssh2_pkt_send_noqueue(ssh, s->pktout);
|
2004-11-27 14:29:20 +00:00
|
|
|
ssh->outgoing_data_size = 0; /* start counting from here */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We've sent client NEWKEYS, so create and initialise
|
2004-11-29 09:27:13 +00:00
|
|
|
* client-to-server session keys.
|
2004-11-27 14:29:20 +00:00
|
|
|
*/
|
|
|
|
if (ssh->cs_cipher_ctx)
|
|
|
|
ssh->cscipher->free_context(ssh->cs_cipher_ctx);
|
|
|
|
ssh->cscipher = s->cscipher_tobe;
|
|
|
|
ssh->cs_cipher_ctx = ssh->cscipher->make_context();
|
|
|
|
|
|
|
|
if (ssh->cs_mac_ctx)
|
|
|
|
ssh->csmac->free_context(ssh->cs_mac_ctx);
|
|
|
|
ssh->csmac = s->csmac_tobe;
|
|
|
|
ssh->cs_mac_ctx = ssh->csmac->make_context();
|
|
|
|
|
|
|
|
if (ssh->cs_comp_ctx)
|
|
|
|
ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
|
|
|
|
ssh->cscomp = s->cscomp_tobe;
|
|
|
|
ssh->cs_comp_ctx = ssh->cscomp->compress_init();
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set IVs on client-to-server keys. Here we use the exchange
|
|
|
|
* hash from the _first_ key exchange.
|
|
|
|
*/
|
|
|
|
{
|
|
|
|
unsigned char keyspace[40];
|
|
|
|
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'C',keyspace);
|
|
|
|
ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace);
|
|
|
|
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'A',keyspace);
|
|
|
|
ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace);
|
|
|
|
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'E',keyspace);
|
|
|
|
ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace);
|
|
|
|
}
|
|
|
|
|
|
|
|
logeventf(ssh, "Initialised %.200s client->server encryption",
|
|
|
|
ssh->cscipher->text_name);
|
|
|
|
logeventf(ssh, "Initialised %.200s client->server MAC algorithm",
|
|
|
|
ssh->csmac->text_name);
|
|
|
|
if (ssh->cscomp->text_name)
|
|
|
|
logeventf(ssh, "Initialised %s compression",
|
|
|
|
ssh->cscomp->text_name);
|
2004-11-24 19:23:02 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Now our end of the key exchange is complete, we can send all
|
|
|
|
* our queued higher-layer packets.
|
|
|
|
*/
|
|
|
|
ssh->queueing = FALSE;
|
|
|
|
ssh2_pkt_queuesend(ssh);
|
2000-09-05 16:23:36 +00:00
|
|
|
|
2001-11-21 22:06:53 +00:00
|
|
|
/*
|
|
|
|
* Expect SSH2_MSG_NEWKEYS from server.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntil(pktin);
|
|
|
|
if (pktin->type != SSH2_MSG_NEWKEYS) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("expected new-keys packet from server"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStop(0);
|
2001-11-21 22:06:53 +00:00
|
|
|
}
|
2004-11-27 14:29:20 +00:00
|
|
|
ssh->incoming_data_size = 0; /* start counting from here */
|
2001-11-21 22:06:53 +00:00
|
|
|
|
2000-09-05 16:23:36 +00:00
|
|
|
/*
|
2004-11-27 14:29:20 +00:00
|
|
|
* We've seen server NEWKEYS, so create and initialise
|
|
|
|
* server-to-client session keys.
|
2000-09-05 16:23:36 +00:00
|
|
|
*/
|
2002-10-25 12:35:22 +00:00
|
|
|
if (ssh->sc_cipher_ctx)
|
|
|
|
ssh->sccipher->free_context(ssh->sc_cipher_ctx);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->sccipher = s->sccipher_tobe;
|
2002-10-25 12:35:22 +00:00
|
|
|
ssh->sc_cipher_ctx = ssh->sccipher->make_context();
|
2002-10-25 12:51:28 +00:00
|
|
|
|
|
|
|
if (ssh->sc_mac_ctx)
|
|
|
|
ssh->scmac->free_context(ssh->sc_mac_ctx);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->scmac = s->scmac_tobe;
|
2002-10-25 12:51:28 +00:00
|
|
|
ssh->sc_mac_ctx = ssh->scmac->make_context();
|
|
|
|
|
2002-10-25 13:26:33 +00:00
|
|
|
if (ssh->sc_comp_ctx)
|
|
|
|
ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->sccomp = s->sccomp_tobe;
|
2002-10-25 13:26:33 +00:00
|
|
|
ssh->sc_comp_ctx = ssh->sccomp->decompress_init();
|
|
|
|
|
2000-09-05 16:23:36 +00:00
|
|
|
/*
|
2004-11-27 14:29:20 +00:00
|
|
|
* Set IVs on server-to-client keys. Here we use the exchange
|
|
|
|
* hash from the _first_ key exchange.
|
2000-09-05 16:23:36 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
{
|
|
|
|
unsigned char keyspace[40];
|
|
|
|
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'D',keyspace);
|
2002-10-25 12:35:22 +00:00
|
|
|
ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'B',keyspace);
|
2002-10-25 12:35:22 +00:00
|
|
|
ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'F',keyspace);
|
2002-10-25 12:51:28 +00:00
|
|
|
ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
|
2002-10-25 11:30:33 +00:00
|
|
|
}
|
2002-11-07 19:49:03 +00:00
|
|
|
logeventf(ssh, "Initialised %.200s server->client encryption",
|
|
|
|
ssh->sccipher->text_name);
|
2004-09-29 23:57:03 +00:00
|
|
|
logeventf(ssh, "Initialised %.200s server->client MAC algorithm",
|
|
|
|
ssh->scmac->text_name);
|
2002-11-07 19:49:03 +00:00
|
|
|
if (ssh->sccomp->text_name)
|
|
|
|
logeventf(ssh, "Initialised %s decompression",
|
|
|
|
ssh->sccomp->text_name);
|
2004-11-27 14:29:20 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Free key exchange data.
|
|
|
|
*/
|
2003-12-19 12:44:46 +00:00
|
|
|
freebn(s->f);
|
|
|
|
freebn(s->K);
|
2004-01-01 16:42:48 +00:00
|
|
|
if (ssh->kex == &ssh_diffiehellman_gex) {
|
|
|
|
freebn(s->g);
|
|
|
|
freebn(s->p);
|
|
|
|
}
|
2000-09-05 16:23:36 +00:00
|
|
|
|
2004-11-27 14:29:20 +00:00
|
|
|
/*
|
|
|
|
* Key exchange is over. Schedule a timer for our next rekey.
|
|
|
|
*/
|
|
|
|
ssh->kex_in_progress = FALSE;
|
2004-12-28 14:10:32 +00:00
|
|
|
ssh->last_rekey = GETTICKCOUNT();
|
2004-12-24 13:39:32 +00:00
|
|
|
if (ssh->cfg.ssh_rekey_time != 0)
|
|
|
|
ssh->next_rekey = schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
|
|
|
|
ssh2_timer, ssh);
|
|
|
|
|
2000-12-18 09:20:08 +00:00
|
|
|
/*
|
|
|
|
* If this is the first key exchange phase, we must pass the
|
|
|
|
* SSH2_MSG_NEWKEYS packet to the next layer, not because it
|
|
|
|
* wants to see it but because it will need time to initialise
|
|
|
|
* itself before it sees an actual packet. In subsequent key
|
|
|
|
* exchange phases, we don't pass SSH2_MSG_NEWKEYS on, because
|
|
|
|
* it would only confuse the layer above.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!s->first_kex) {
|
2004-11-24 20:35:15 +00:00
|
|
|
crReturn(1);
|
2000-12-18 09:20:08 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->first_kex = 0;
|
2000-12-18 09:20:08 +00:00
|
|
|
|
2000-09-06 09:55:32 +00:00
|
|
|
/*
|
2000-09-07 16:33:49 +00:00
|
|
|
* Now we're encrypting. Begin returning 1 to the protocol main
|
|
|
|
* function so that other things can run on top of the
|
|
|
|
* transport. If we ever see a KEXINIT, we must go back to the
|
|
|
|
* start.
|
2004-11-27 14:29:20 +00:00
|
|
|
*
|
|
|
|
* We _also_ go back to the start if we see pktin==NULL and
|
|
|
|
* inlen==-1, because this is a special signal meaning
|
|
|
|
* `initiate client-driven rekey', and `in' contains a message
|
|
|
|
* giving the reason for the rekey.
|
2000-09-06 09:55:32 +00:00
|
|
|
*/
|
2004-11-27 14:29:20 +00:00
|
|
|
while (!((pktin && pktin->type == SSH2_MSG_KEXINIT) ||
|
|
|
|
(!pktin && inlen == -1))) {
|
2001-05-06 14:35:20 +00:00
|
|
|
crReturn(1);
|
2001-02-20 13:55:59 +00:00
|
|
|
}
|
2004-11-27 14:29:20 +00:00
|
|
|
if (pktin) {
|
|
|
|
logevent("Server initiated key re-exchange");
|
|
|
|
} else {
|
|
|
|
logevent((char *)in);
|
|
|
|
}
|
2000-09-07 16:33:49 +00:00
|
|
|
goto begin_key_exchange;
|
2000-09-05 14:28:17 +00:00
|
|
|
|
|
|
|
crFinish(1);
|
|
|
|
}
|
|
|
|
|
2001-01-22 15:36:07 +00:00
|
|
|
/*
|
|
|
|
* Add data to an SSH2 channel output buffer.
|
|
|
|
*/
|
2001-05-06 14:35:20 +00:00
|
|
|
static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
|
|
|
|
int len)
|
|
|
|
{
|
2001-08-25 17:09:23 +00:00
|
|
|
bufchain_add(&c->v.v2.outbuffer, buf, len);
|
2001-01-22 15:36:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Attempt to send data on an SSH2 channel.
|
|
|
|
*/
|
2001-08-25 17:09:23 +00:00
|
|
|
static int ssh2_try_send(struct ssh_channel *c)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = c->ssh;
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktout;
|
2002-10-25 11:30:33 +00:00
|
|
|
|
2001-08-25 17:09:23 +00:00
|
|
|
while (c->v.v2.remwindow > 0 && bufchain_size(&c->v.v2.outbuffer) > 0) {
|
|
|
|
int len;
|
|
|
|
void *data;
|
|
|
|
bufchain_prefix(&c->v.v2.outbuffer, &data, &len);
|
|
|
|
if ((unsigned)len > c->v.v2.remwindow)
|
|
|
|
len = c->v.v2.remwindow;
|
|
|
|
if ((unsigned)len > c->v.v2.remmaxpkt)
|
|
|
|
len = c->v.v2.remmaxpkt;
|
2004-11-24 18:45:52 +00:00
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA);
|
|
|
|
ssh2_pkt_adduint32(pktout, c->remoteid);
|
|
|
|
dont_log_data(ssh, pktout, PKTLOG_OMIT);
|
|
|
|
ssh2_pkt_addstring_start(pktout);
|
|
|
|
ssh2_pkt_addstring_data(pktout, data, len);
|
|
|
|
end_log_omission(ssh, pktout);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
2001-08-25 17:09:23 +00:00
|
|
|
bufchain_consume(&c->v.v2.outbuffer, len);
|
|
|
|
c->v.v2.remwindow -= len;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* After having sent as much data as we can, return the amount
|
|
|
|
* still buffered.
|
|
|
|
*/
|
|
|
|
return bufchain_size(&c->v.v2.outbuffer);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Potentially enlarge the window on an SSH2 channel.
|
|
|
|
*/
|
|
|
|
static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
|
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = c->ssh;
|
|
|
|
|
2002-01-10 13:29:43 +00:00
|
|
|
/*
|
|
|
|
* Never send WINDOW_ADJUST for a channel that the remote side
|
|
|
|
* already thinks it's closed; there's no point, since it won't
|
|
|
|
* be sending any more data anyway.
|
|
|
|
*/
|
|
|
|
if (c->closes != 0)
|
|
|
|
return;
|
|
|
|
|
2001-08-25 17:09:23 +00:00
|
|
|
if (newwin > c->v.v2.locwindow) {
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktout;
|
|
|
|
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
|
|
|
|
ssh2_pkt_adduint32(pktout, c->remoteid);
|
|
|
|
ssh2_pkt_adduint32(pktout, newwin - c->v.v2.locwindow);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
2001-08-25 17:09:23 +00:00
|
|
|
c->v.v2.locwindow = newwin;
|
2001-01-22 15:36:07 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-11-27 15:32:45 +00:00
|
|
|
static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)
|
2004-11-24 20:35:15 +00:00
|
|
|
{
|
|
|
|
unsigned i = ssh_pkt_getuint32(pktin);
|
|
|
|
struct ssh_channel *c;
|
|
|
|
c = find234(ssh->channels, &i, ssh_channelfind);
|
|
|
|
if (c && !c->closes)
|
|
|
|
c->v.v2.remwindow += ssh_pkt_getuint32(pktin);
|
|
|
|
}
|
|
|
|
|
2004-11-27 15:32:45 +00:00
|
|
|
static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
char *data;
|
2004-12-28 17:12:20 +00:00
|
|
|
unsigned int length;
|
2004-11-27 15:32:45 +00:00
|
|
|
unsigned i = ssh_pkt_getuint32(pktin);
|
|
|
|
struct ssh_channel *c;
|
|
|
|
c = find234(ssh->channels, &i, ssh_channelfind);
|
|
|
|
if (!c)
|
|
|
|
return; /* nonexistent channel */
|
|
|
|
if (pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA &&
|
|
|
|
ssh_pkt_getuint32(pktin) != SSH2_EXTENDED_DATA_STDERR)
|
|
|
|
return; /* extended but not stderr */
|
|
|
|
ssh_pkt_getstring(pktin, &data, &length);
|
|
|
|
if (data) {
|
|
|
|
int bufsize = 0;
|
|
|
|
c->v.v2.locwindow -= length;
|
|
|
|
switch (c->type) {
|
|
|
|
case CHAN_MAINSESSION:
|
|
|
|
bufsize =
|
|
|
|
from_backend(ssh->frontend, pktin->type ==
|
|
|
|
SSH2_MSG_CHANNEL_EXTENDED_DATA,
|
|
|
|
data, length);
|
|
|
|
break;
|
|
|
|
case CHAN_X11:
|
|
|
|
bufsize = x11_send(c->u.x11.s, data, length);
|
|
|
|
break;
|
|
|
|
case CHAN_SOCKDATA:
|
|
|
|
bufsize = pfd_send(c->u.pfd.s, data, length);
|
|
|
|
break;
|
|
|
|
case CHAN_AGENT:
|
|
|
|
while (length > 0) {
|
|
|
|
if (c->u.a.lensofar < 4) {
|
2004-12-28 17:12:20 +00:00
|
|
|
unsigned int l = min(4 - c->u.a.lensofar, length);
|
2004-11-27 15:32:45 +00:00
|
|
|
memcpy(c->u.a.msglen + c->u.a.lensofar,
|
|
|
|
data, l);
|
|
|
|
data += l;
|
|
|
|
length -= l;
|
|
|
|
c->u.a.lensofar += l;
|
|
|
|
}
|
|
|
|
if (c->u.a.lensofar == 4) {
|
|
|
|
c->u.a.totallen =
|
|
|
|
4 + GET_32BIT(c->u.a.msglen);
|
|
|
|
c->u.a.message = snewn(c->u.a.totallen,
|
|
|
|
unsigned char);
|
|
|
|
memcpy(c->u.a.message, c->u.a.msglen, 4);
|
|
|
|
}
|
|
|
|
if (c->u.a.lensofar >= 4 && length > 0) {
|
2004-12-28 17:12:20 +00:00
|
|
|
unsigned int l =
|
2004-11-27 15:32:45 +00:00
|
|
|
min(c->u.a.totallen - c->u.a.lensofar,
|
|
|
|
length);
|
|
|
|
memcpy(c->u.a.message + c->u.a.lensofar,
|
|
|
|
data, l);
|
|
|
|
data += l;
|
|
|
|
length -= l;
|
|
|
|
c->u.a.lensofar += l;
|
|
|
|
}
|
|
|
|
if (c->u.a.lensofar == c->u.a.totallen) {
|
|
|
|
void *reply;
|
|
|
|
int replylen;
|
|
|
|
if (agent_query(c->u.a.message,
|
|
|
|
c->u.a.totallen,
|
|
|
|
&reply, &replylen,
|
|
|
|
ssh_agentf_callback, c))
|
|
|
|
ssh_agentf_callback(c, reply, replylen);
|
|
|
|
sfree(c->u.a.message);
|
|
|
|
c->u.a.lensofar = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
bufsize = 0;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* If we are not buffering too much data,
|
|
|
|
* enlarge the window again at the remote side.
|
|
|
|
*/
|
|
|
|
if (bufsize < OUR_V2_WINSIZE)
|
|
|
|
ssh2_set_window(c, OUR_V2_WINSIZE - bufsize);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
unsigned i = ssh_pkt_getuint32(pktin);
|
|
|
|
struct ssh_channel *c;
|
|
|
|
|
|
|
|
c = find234(ssh->channels, &i, ssh_channelfind);
|
|
|
|
if (!c)
|
|
|
|
return; /* nonexistent channel */
|
|
|
|
|
|
|
|
if (c->type == CHAN_X11) {
|
|
|
|
/*
|
|
|
|
* Remote EOF on an X11 channel means we should
|
|
|
|
* wrap up and close the channel ourselves.
|
|
|
|
*/
|
|
|
|
x11_close(c->u.x11.s);
|
|
|
|
sshfwd_close(c);
|
|
|
|
} else if (c->type == CHAN_AGENT) {
|
|
|
|
sshfwd_close(c);
|
|
|
|
} else if (c->type == CHAN_SOCKDATA) {
|
|
|
|
pfd_close(c->u.pfd.s);
|
|
|
|
sshfwd_close(c);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
unsigned i = ssh_pkt_getuint32(pktin);
|
|
|
|
struct ssh_channel *c;
|
|
|
|
struct Packet *pktout;
|
|
|
|
|
|
|
|
c = find234(ssh->channels, &i, ssh_channelfind);
|
|
|
|
if (!c || ((int)c->remoteid) == -1) {
|
|
|
|
bombout(("Received CHANNEL_CLOSE for %s channel %d\n",
|
|
|
|
c ? "half-open" : "nonexistent", i));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
/* Do pre-close processing on the channel. */
|
|
|
|
switch (c->type) {
|
|
|
|
case CHAN_MAINSESSION:
|
|
|
|
ssh->mainchan = NULL;
|
|
|
|
update_specials_menu(ssh->frontend);
|
|
|
|
break;
|
|
|
|
case CHAN_X11:
|
|
|
|
if (c->u.x11.s != NULL)
|
|
|
|
x11_close(c->u.x11.s);
|
|
|
|
sshfwd_close(c);
|
|
|
|
break;
|
|
|
|
case CHAN_AGENT:
|
|
|
|
sshfwd_close(c);
|
|
|
|
break;
|
|
|
|
case CHAN_SOCKDATA:
|
|
|
|
if (c->u.pfd.s != NULL)
|
|
|
|
pfd_close(c->u.pfd.s);
|
|
|
|
sshfwd_close(c);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (c->closes == 0) {
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
|
|
|
|
ssh2_pkt_adduint32(pktout, c->remoteid);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
|
|
|
}
|
|
|
|
del234(ssh->channels, c);
|
|
|
|
bufchain_clear(&c->v.v2.outbuffer);
|
|
|
|
sfree(c);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* See if that was the last channel left open.
|
|
|
|
* (This is only our termination condition if we're
|
|
|
|
* not running in -N mode.)
|
|
|
|
*/
|
|
|
|
if (!ssh->cfg.ssh_no_shell && count234(ssh->channels) == 0) {
|
|
|
|
logevent("All channels closed. Disconnecting");
|
|
|
|
#if 0
|
|
|
|
/*
|
|
|
|
* We used to send SSH_MSG_DISCONNECT here,
|
|
|
|
* because I'd believed that _every_ conforming
|
|
|
|
* SSH2 connection had to end with a disconnect
|
|
|
|
* being sent by at least one side; apparently
|
|
|
|
* I was wrong and it's perfectly OK to
|
|
|
|
* unceremoniously slam the connection shut
|
|
|
|
* when you're done, and indeed OpenSSH feels
|
|
|
|
* this is more polite than sending a
|
|
|
|
* DISCONNECT. So now we don't.
|
|
|
|
*/
|
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, SSH2_DISCONNECT_BY_APPLICATION);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "All open channels closed");
|
|
|
|
ssh2_pkt_addstring(s->pktout, "en"); /* language tag */
|
|
|
|
ssh2_pkt_send_noqueue(ssh, s->pktout);
|
|
|
|
#endif
|
|
|
|
ssh_closing((Plug)ssh, NULL, 0, 0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh2_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
unsigned i = ssh_pkt_getuint32(pktin);
|
|
|
|
struct ssh_channel *c;
|
|
|
|
struct Packet *pktout;
|
|
|
|
|
|
|
|
c = find234(ssh->channels, &i, ssh_channelfind);
|
|
|
|
if (!c)
|
|
|
|
return; /* nonexistent channel */
|
|
|
|
if (c->type != CHAN_SOCKDATA_DORMANT)
|
|
|
|
return; /* dunno why they're confirming this */
|
|
|
|
c->remoteid = ssh_pkt_getuint32(pktin);
|
|
|
|
c->type = CHAN_SOCKDATA;
|
|
|
|
c->v.v2.remwindow = ssh_pkt_getuint32(pktin);
|
|
|
|
c->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
|
|
|
|
if (c->u.pfd.s)
|
|
|
|
pfd_confirm(c->u.pfd.s);
|
|
|
|
if (c->closes) {
|
|
|
|
/*
|
|
|
|
* We have a pending close on this channel,
|
|
|
|
* which we decided on before the server acked
|
|
|
|
* the channel open. So now we know the
|
|
|
|
* remoteid, we can close it again.
|
|
|
|
*/
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
|
|
|
|
ssh2_pkt_adduint32(pktout, c->remoteid);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
static const char *const reasons[] = {
|
|
|
|
"<unknown reason code>",
|
|
|
|
"Administratively prohibited",
|
|
|
|
"Connect failed",
|
|
|
|
"Unknown channel type",
|
|
|
|
"Resource shortage",
|
|
|
|
};
|
|
|
|
unsigned i = ssh_pkt_getuint32(pktin);
|
|
|
|
unsigned reason_code;
|
|
|
|
char *reason_string;
|
|
|
|
int reason_length;
|
|
|
|
char *message;
|
|
|
|
struct ssh_channel *c;
|
|
|
|
c = find234(ssh->channels, &i, ssh_channelfind);
|
|
|
|
if (!c)
|
|
|
|
return; /* nonexistent channel */
|
|
|
|
if (c->type != CHAN_SOCKDATA_DORMANT)
|
|
|
|
return; /* dunno why they're failing this */
|
|
|
|
|
|
|
|
reason_code = ssh_pkt_getuint32(pktin);
|
|
|
|
if (reason_code >= lenof(reasons))
|
|
|
|
reason_code = 0; /* ensure reasons[reason_code] in range */
|
|
|
|
ssh_pkt_getstring(pktin, &reason_string, &reason_length);
|
|
|
|
message = dupprintf("Forwarded connection refused by"
|
|
|
|
" server: %s [%.*s]", reasons[reason_code],
|
|
|
|
reason_length, reason_string);
|
|
|
|
logevent(message);
|
|
|
|
sfree(message);
|
|
|
|
|
|
|
|
pfd_close(c->u.pfd.s);
|
|
|
|
|
|
|
|
del234(ssh->channels, c);
|
|
|
|
sfree(c);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh2_msg_channel_request(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
unsigned localid;
|
|
|
|
char *type;
|
|
|
|
int typelen, want_reply;
|
|
|
|
int reply = SSH2_MSG_CHANNEL_FAILURE; /* default */
|
|
|
|
struct ssh_channel *c;
|
|
|
|
struct Packet *pktout;
|
|
|
|
|
|
|
|
localid = ssh_pkt_getuint32(pktin);
|
|
|
|
ssh_pkt_getstring(pktin, &type, &typelen);
|
|
|
|
want_reply = ssh2_pkt_getbool(pktin);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* First, check that the channel exists. Otherwise,
|
|
|
|
* we can instantly disconnect with a rude message.
|
|
|
|
*/
|
|
|
|
c = find234(ssh->channels, &localid, ssh_channelfind);
|
|
|
|
if (!c) {
|
|
|
|
char buf[80];
|
|
|
|
sprintf(buf, "Received channel request for nonexistent"
|
|
|
|
" channel %d", localid);
|
|
|
|
logevent(buf);
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
|
|
|
|
ssh2_pkt_adduint32(pktout, SSH2_DISCONNECT_BY_APPLICATION);
|
|
|
|
ssh2_pkt_addstring(pktout, buf);
|
|
|
|
ssh2_pkt_addstring(pktout, "en"); /* language tag */
|
|
|
|
ssh2_pkt_send_noqueue(ssh, pktout);
|
|
|
|
connection_fatal(ssh->frontend, "%s", buf);
|
|
|
|
ssh_closing((Plug)ssh, NULL, 0, 0);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Having got the channel number, we now look at
|
|
|
|
* the request type string to see if it's something
|
|
|
|
* we recognise.
|
|
|
|
*/
|
|
|
|
if (c == ssh->mainchan) {
|
|
|
|
/*
|
|
|
|
* We recognise "exit-status" and "exit-signal" on
|
|
|
|
* the primary channel.
|
|
|
|
*/
|
|
|
|
if (typelen == 11 &&
|
|
|
|
!memcmp(type, "exit-status", 11)) {
|
|
|
|
|
|
|
|
ssh->exitcode = ssh_pkt_getuint32(pktin);
|
|
|
|
logeventf(ssh, "Server sent command exit status %d",
|
|
|
|
ssh->exitcode);
|
|
|
|
reply = SSH2_MSG_CHANNEL_SUCCESS;
|
|
|
|
|
|
|
|
} else if (typelen == 11 &&
|
|
|
|
!memcmp(type, "exit-signal", 11)) {
|
|
|
|
|
|
|
|
int is_plausible = TRUE, is_int = FALSE;
|
|
|
|
char *fmt_sig = "", *fmt_msg = "";
|
|
|
|
char *msg;
|
|
|
|
int msglen = 0, core = FALSE;
|
|
|
|
/* ICK: older versions of OpenSSH (e.g. 3.4p1)
|
|
|
|
* provide an `int' for the signal, despite its
|
|
|
|
* having been a `string' in the drafts since at
|
|
|
|
* least 2001. (Fixed in session.c 1.147.) Try to
|
|
|
|
* infer which we can safely parse it as. */
|
|
|
|
{
|
|
|
|
unsigned char *p = pktin->body +
|
|
|
|
pktin->savedpos;
|
|
|
|
long len = pktin->length - pktin->savedpos;
|
|
|
|
unsigned long num = GET_32BIT(p); /* what is it? */
|
|
|
|
/* If it's 0, it hardly matters; assume string */
|
|
|
|
if (num == 0) {
|
|
|
|
is_int = FALSE;
|
|
|
|
} else {
|
|
|
|
int maybe_int = FALSE, maybe_str = FALSE;
|
|
|
|
#define CHECK_HYPOTHESIS(offset, result) \
|
|
|
|
do { \
|
|
|
|
long q = offset; \
|
|
|
|
if (q >= 0 && q+4 <= len) { \
|
|
|
|
q = q + 4 + GET_32BIT(p+q); \
|
|
|
|
if (q >= 0 && q+4 <= len && \
|
|
|
|
(q = q + 4 + GET_32BIT(p+q)) && q == len) \
|
|
|
|
result = TRUE; \
|
|
|
|
} \
|
|
|
|
} while(0)
|
|
|
|
CHECK_HYPOTHESIS(4+1, maybe_int);
|
|
|
|
CHECK_HYPOTHESIS(4+num+1, maybe_str);
|
|
|
|
#undef CHECK_HYPOTHESIS
|
|
|
|
if (maybe_int && !maybe_str)
|
|
|
|
is_int = TRUE;
|
|
|
|
else if (!maybe_int && maybe_str)
|
|
|
|
is_int = FALSE;
|
|
|
|
else
|
|
|
|
/* Crikey. Either or neither. Panic. */
|
|
|
|
is_plausible = FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (is_plausible) {
|
|
|
|
if (is_int) {
|
|
|
|
/* Old non-standard OpenSSH. */
|
|
|
|
int signum = ssh_pkt_getuint32(pktin);
|
|
|
|
fmt_sig = dupprintf(" %d", signum);
|
|
|
|
} else {
|
|
|
|
/* As per the drafts. */
|
|
|
|
char *sig;
|
|
|
|
int siglen;
|
|
|
|
ssh_pkt_getstring(pktin, &sig, &siglen);
|
|
|
|
/* Signal name isn't supposed to be blank, but
|
|
|
|
* let's cope gracefully if it is. */
|
|
|
|
if (siglen) {
|
|
|
|
fmt_sig = dupprintf(" \"%.*s\"",
|
|
|
|
siglen, sig);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
core = ssh2_pkt_getbool(pktin);
|
|
|
|
ssh_pkt_getstring(pktin, &msg, &msglen);
|
|
|
|
if (msglen) {
|
|
|
|
fmt_msg = dupprintf(" (\"%.*s\")", msglen, msg);
|
|
|
|
}
|
|
|
|
/* ignore lang tag */
|
|
|
|
} /* else don't attempt to parse */
|
|
|
|
logeventf(ssh, "Server exited on signal%s%s%s",
|
|
|
|
fmt_sig, core ? " (core dumped)" : "",
|
|
|
|
fmt_msg);
|
|
|
|
if (*fmt_sig) sfree(fmt_sig);
|
|
|
|
if (*fmt_msg) sfree(fmt_msg);
|
|
|
|
reply = SSH2_MSG_CHANNEL_SUCCESS;
|
|
|
|
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* This is a channel request we don't know
|
|
|
|
* about, so we now either ignore the request
|
|
|
|
* or respond with CHANNEL_FAILURE, depending
|
|
|
|
* on want_reply.
|
|
|
|
*/
|
|
|
|
reply = SSH2_MSG_CHANNEL_FAILURE;
|
|
|
|
}
|
|
|
|
if (want_reply) {
|
|
|
|
pktout = ssh2_pkt_init(reply);
|
|
|
|
ssh2_pkt_adduint32(pktout, c->remoteid);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh2_msg_global_request(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
char *type;
|
|
|
|
int typelen, want_reply;
|
|
|
|
struct Packet *pktout;
|
|
|
|
|
|
|
|
ssh_pkt_getstring(pktin, &type, &typelen);
|
|
|
|
want_reply = ssh2_pkt_getbool(pktin);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We currently don't support any global requests
|
|
|
|
* at all, so we either ignore the request or
|
|
|
|
* respond with REQUEST_FAILURE, depending on
|
|
|
|
* want_reply.
|
|
|
|
*/
|
|
|
|
if (want_reply) {
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
char *type;
|
|
|
|
int typelen;
|
|
|
|
char *peeraddr;
|
|
|
|
int peeraddrlen;
|
|
|
|
int peerport;
|
|
|
|
char *error = NULL;
|
|
|
|
struct ssh_channel *c;
|
|
|
|
unsigned remid, winsize, pktsize;
|
|
|
|
struct Packet *pktout;
|
|
|
|
|
|
|
|
ssh_pkt_getstring(pktin, &type, &typelen);
|
|
|
|
c = snew(struct ssh_channel);
|
|
|
|
c->ssh = ssh;
|
|
|
|
|
|
|
|
remid = ssh_pkt_getuint32(pktin);
|
|
|
|
winsize = ssh_pkt_getuint32(pktin);
|
|
|
|
pktsize = ssh_pkt_getuint32(pktin);
|
|
|
|
|
|
|
|
if (typelen == 3 && !memcmp(type, "x11", 3)) {
|
|
|
|
char *addrstr;
|
|
|
|
|
|
|
|
ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
|
|
|
|
addrstr = snewn(peeraddrlen+1, char);
|
|
|
|
memcpy(addrstr, peeraddr, peeraddrlen);
|
|
|
|
addrstr[peeraddrlen] = '\0';
|
|
|
|
peerport = ssh_pkt_getuint32(pktin);
|
|
|
|
|
|
|
|
logeventf(ssh, "Received X11 connect request from %s:%d",
|
|
|
|
addrstr, peerport);
|
|
|
|
|
|
|
|
if (!ssh->X11_fwd_enabled)
|
|
|
|
error = "X11 forwarding is not enabled";
|
|
|
|
else if (x11_init(&c->u.x11.s, ssh->cfg.x11_display, c,
|
|
|
|
ssh->x11auth, addrstr, peerport,
|
|
|
|
&ssh->cfg) != NULL) {
|
|
|
|
error = "Unable to open an X11 connection";
|
|
|
|
} else {
|
|
|
|
logevent("Opening X11 forward connection succeeded");
|
|
|
|
c->type = CHAN_X11;
|
|
|
|
}
|
|
|
|
|
|
|
|
sfree(addrstr);
|
|
|
|
} else if (typelen == 15 &&
|
|
|
|
!memcmp(type, "forwarded-tcpip", 15)) {
|
|
|
|
struct ssh_rportfwd pf, *realpf;
|
|
|
|
char *dummy;
|
|
|
|
int dummylen;
|
|
|
|
ssh_pkt_getstring(pktin, &dummy, &dummylen);/* skip address */
|
|
|
|
pf.sport = ssh_pkt_getuint32(pktin);
|
|
|
|
ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
|
|
|
|
peerport = ssh_pkt_getuint32(pktin);
|
|
|
|
realpf = find234(ssh->rportfwds, &pf, NULL);
|
|
|
|
logeventf(ssh, "Received remote port %d open request "
|
|
|
|
"from %s:%d", pf.sport, peeraddr, peerport);
|
|
|
|
if (realpf == NULL) {
|
|
|
|
error = "Remote port is not recognised";
|
|
|
|
} else {
|
|
|
|
const char *e = pfd_newconnect(&c->u.pfd.s,
|
|
|
|
realpf->dhost,
|
|
|
|
realpf->dport, c,
|
2004-12-30 16:45:11 +00:00
|
|
|
&ssh->cfg,
|
|
|
|
realpf->pfrec->addressfamily);
|
2004-11-27 15:32:45 +00:00
|
|
|
logeventf(ssh, "Attempting to forward remote port to "
|
|
|
|
"%s:%d", realpf->dhost, realpf->dport);
|
|
|
|
if (e != NULL) {
|
|
|
|
logeventf(ssh, "Port open failed: %s", e);
|
|
|
|
error = "Port open failed";
|
|
|
|
} else {
|
|
|
|
logevent("Forwarded port opened successfully");
|
|
|
|
c->type = CHAN_SOCKDATA;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else if (typelen == 22 &&
|
|
|
|
!memcmp(type, "auth-agent@openssh.com", 3)) {
|
|
|
|
if (!ssh->agentfwd_enabled)
|
|
|
|
error = "Agent forwarding is not enabled";
|
|
|
|
else {
|
|
|
|
c->type = CHAN_AGENT; /* identify channel type */
|
|
|
|
c->u.a.lensofar = 0;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
error = "Unsupported channel type requested";
|
|
|
|
}
|
|
|
|
|
|
|
|
c->remoteid = remid;
|
|
|
|
if (error) {
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE);
|
|
|
|
ssh2_pkt_adduint32(pktout, c->remoteid);
|
|
|
|
ssh2_pkt_adduint32(pktout, SSH2_OPEN_CONNECT_FAILED);
|
|
|
|
ssh2_pkt_addstring(pktout, error);
|
|
|
|
ssh2_pkt_addstring(pktout, "en"); /* language tag */
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
|
|
|
logeventf(ssh, "Rejected channel open: %s", error);
|
|
|
|
sfree(c);
|
|
|
|
} else {
|
|
|
|
c->localid = alloc_channel_id(ssh);
|
|
|
|
c->closes = 0;
|
|
|
|
c->v.v2.locwindow = OUR_V2_WINSIZE;
|
|
|
|
c->v.v2.remwindow = winsize;
|
|
|
|
c->v.v2.remmaxpkt = pktsize;
|
|
|
|
bufchain_init(&c->v.v2.outbuffer);
|
|
|
|
add234(ssh->channels, c);
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
|
|
|
|
ssh2_pkt_adduint32(pktout, c->remoteid);
|
|
|
|
ssh2_pkt_adduint32(pktout, c->localid);
|
|
|
|
ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);
|
|
|
|
ssh2_pkt_adduint32(pktout, 0x4000UL); /* our max pkt size */
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
/*
|
|
|
|
* Handle the SSH2 userauth and connection layers.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin)
|
2000-09-07 16:33:49 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
struct do_ssh2_authconn_state {
|
|
|
|
enum {
|
|
|
|
AUTH_INVALID, AUTH_PUBLICKEY_AGENT, AUTH_PUBLICKEY_FILE,
|
|
|
|
AUTH_PASSWORD,
|
|
|
|
AUTH_KEYBOARD_INTERACTIVE
|
|
|
|
} method;
|
|
|
|
enum {
|
|
|
|
AUTH_TYPE_NONE,
|
|
|
|
AUTH_TYPE_PUBLICKEY,
|
|
|
|
AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
|
|
|
|
AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
|
|
|
|
AUTH_TYPE_PASSWORD,
|
|
|
|
AUTH_TYPE_KEYBOARD_INTERACTIVE,
|
|
|
|
AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
|
|
|
|
} type;
|
|
|
|
int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
|
|
|
|
int tried_pubkey_config, tried_agent, tried_keyb_inter;
|
|
|
|
int kbd_inter_running;
|
|
|
|
int we_are_in;
|
|
|
|
int num_prompts, curr_prompt, echo;
|
|
|
|
char username[100];
|
|
|
|
int got_username;
|
2004-08-17 14:08:05 +00:00
|
|
|
char pwprompt[512];
|
2002-10-25 11:30:33 +00:00
|
|
|
char password[100];
|
|
|
|
void *publickey_blob;
|
|
|
|
int publickey_bloblen;
|
|
|
|
unsigned char request[5], *response, *p;
|
|
|
|
int responselen;
|
|
|
|
int keyi, nkeys;
|
|
|
|
int authed;
|
|
|
|
char *pkblob, *alg, *commentp;
|
|
|
|
int pklen, alglen, commentlen;
|
|
|
|
int siglen, retlen, len;
|
|
|
|
char *q, *agentreq, *ret;
|
|
|
|
int try_send;
|
2004-10-16 10:56:54 +00:00
|
|
|
int num_env, env_left, env_ok;
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktout;
|
2002-10-25 11:30:33 +00:00
|
|
|
};
|
|
|
|
crState(do_ssh2_authconn_state);
|
|
|
|
|
|
|
|
crBegin(ssh->do_ssh2_authconn_crstate);
|
2000-09-05 14:28:17 +00:00
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
/*
|
|
|
|
* Request userauth protocol, and await a response to it.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "ssh-userauth");
|
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
|
|
|
crWaitUntilV(pktin);
|
|
|
|
if (pktin->type != SSH2_MSG_SERVICE_ACCEPT) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Server refused user authentication protocol"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2000-09-22 11:04:57 +00:00
|
|
|
}
|
2000-09-07 16:33:49 +00:00
|
|
|
|
|
|
|
/*
|
2001-03-03 13:53:44 +00:00
|
|
|
* We repeat this whole loop, including the username prompt,
|
|
|
|
* until we manage a successful authentication. If the user
|
2002-10-25 11:30:33 +00:00
|
|
|
* types the wrong _password_, they can be sent back to the
|
|
|
|
* beginning to try another username, if this is configured on.
|
|
|
|
* (If they specify a username in the config, they are never
|
|
|
|
* asked, even if they do give a wrong password.)
|
2001-03-03 13:53:44 +00:00
|
|
|
*
|
|
|
|
* I think this best serves the needs of
|
|
|
|
*
|
|
|
|
* - the people who have no configuration, no keys, and just
|
|
|
|
* want to try repeated (username,password) pairs until they
|
|
|
|
* type both correctly
|
|
|
|
*
|
|
|
|
* - people who have keys and configuration but occasionally
|
|
|
|
* need to fall back to passwords
|
|
|
|
*
|
|
|
|
* - people with a key held in Pageant, who might not have
|
|
|
|
* logged in to a particular machine before; so they want to
|
|
|
|
* type a username, and then _either_ their key will be
|
|
|
|
* accepted, _or_ they will type a password. If they mistype
|
|
|
|
* the username they will want to be able to get back and
|
|
|
|
* retype it!
|
2000-09-07 16:33:49 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
s->username[0] = '\0';
|
|
|
|
s->got_username = FALSE;
|
2001-03-03 13:53:44 +00:00
|
|
|
do {
|
|
|
|
/*
|
|
|
|
* Get a username.
|
|
|
|
*/
|
2003-01-12 14:48:29 +00:00
|
|
|
if (s->got_username && !ssh->cfg.change_username) {
|
2001-12-11 21:00:01 +00:00
|
|
|
/*
|
|
|
|
* We got a username last time round this loop, and
|
|
|
|
* with change_username turned off we don't try to get
|
|
|
|
* it again.
|
|
|
|
*/
|
2004-11-19 20:57:32 +00:00
|
|
|
} else if (!*ssh->cfg.username) {
|
2002-08-04 21:18:56 +00:00
|
|
|
if (ssh_get_line && !ssh_getline_pw_only) {
|
2001-05-06 14:35:20 +00:00
|
|
|
if (!ssh_get_line("login as: ",
|
2002-10-25 11:30:33 +00:00
|
|
|
s->username, sizeof(s->username), FALSE)) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* get_line failed to get a username.
|
|
|
|
* Terminate.
|
|
|
|
*/
|
|
|
|
logevent("No username provided. Abandoning session.");
|
2003-03-31 13:15:51 +00:00
|
|
|
ssh_closing((Plug)ssh, NULL, 0, 0);
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
int ret; /* need not be saved across crReturn */
|
|
|
|
c_write_str(ssh, "login as: ");
|
|
|
|
ssh->send_ok = 1;
|
|
|
|
setup_userpass_input(ssh, s->username, sizeof(s->username), 1);
|
2002-08-11 13:02:01 +00:00
|
|
|
do {
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntilV(!pktin);
|
2002-10-25 11:30:33 +00:00
|
|
|
ret = process_userpass_input(ssh, in, inlen);
|
2002-08-11 13:02:01 +00:00
|
|
|
} while (ret == 0);
|
|
|
|
if (ret < 0)
|
|
|
|
cleanup_exit(0);
|
2002-11-01 12:53:45 +00:00
|
|
|
c_write_str(ssh, "\r\n");
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->username[strcspn(s->username, "\n\r")] = '\0';
|
2000-09-07 16:33:49 +00:00
|
|
|
} else {
|
2002-11-07 19:49:03 +00:00
|
|
|
char *stuff;
|
2003-01-12 14:48:29 +00:00
|
|
|
strncpy(s->username, ssh->cfg.username, sizeof(s->username));
|
2002-10-25 11:30:33 +00:00
|
|
|
s->username[sizeof(s->username)-1] = '\0';
|
2001-03-03 11:54:34 +00:00
|
|
|
if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
|
2002-11-07 19:49:03 +00:00
|
|
|
stuff = dupprintf("Using username \"%s\".\r\n", s->username);
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, stuff);
|
2002-11-07 19:49:03 +00:00
|
|
|
sfree(stuff);
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->got_username = TRUE;
|
2000-09-07 16:33:49 +00:00
|
|
|
|
2001-03-03 11:54:34 +00:00
|
|
|
/*
|
2001-03-03 13:53:44 +00:00
|
|
|
* Send an authentication request using method "none": (a)
|
|
|
|
* just in case it succeeds, and (b) so that we know what
|
|
|
|
* authentication methods we can usefully try next.
|
2001-03-03 11:54:34 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
|
|
ssh2_pkt_addstring(s->pktout, s->username);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "ssh-connection");/* service requested */
|
|
|
|
ssh2_pkt_addstring(s->pktout, "none"); /* method */
|
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->type = AUTH_TYPE_NONE;
|
|
|
|
s->gotit = FALSE;
|
|
|
|
s->we_are_in = FALSE;
|
|
|
|
|
|
|
|
s->tried_pubkey_config = FALSE;
|
|
|
|
s->tried_agent = FALSE;
|
|
|
|
s->tried_keyb_inter = FALSE;
|
|
|
|
s->kbd_inter_running = FALSE;
|
2003-01-12 14:48:29 +00:00
|
|
|
/* Load the pub half of ssh->cfg.keyfile so we notice if it's in Pageant */
|
2003-02-01 12:54:40 +00:00
|
|
|
if (!filename_is_null(ssh->cfg.keyfile)) {
|
2002-05-11 12:13:42 +00:00
|
|
|
int keytype;
|
2003-02-04 13:00:54 +00:00
|
|
|
logeventf(ssh, "Reading private key file \"%.150s\"",
|
|
|
|
filename_to_str(&ssh->cfg.keyfile));
|
2003-02-01 12:54:40 +00:00
|
|
|
keytype = key_type(&ssh->cfg.keyfile);
|
2002-10-25 11:30:33 +00:00
|
|
|
if (keytype == SSH_KEYTYPE_SSH2) {
|
|
|
|
s->publickey_blob =
|
2003-02-01 12:54:40 +00:00
|
|
|
ssh2_userkey_loadpub(&ssh->cfg.keyfile, NULL,
|
2003-08-29 22:52:57 +00:00
|
|
|
&s->publickey_bloblen, NULL);
|
2002-10-25 11:30:33 +00:00
|
|
|
} else {
|
2002-11-07 19:49:03 +00:00
|
|
|
char *msgbuf;
|
2002-12-18 09:47:20 +00:00
|
|
|
logeventf(ssh, "Unable to use this key file (%s)",
|
2002-10-26 12:58:13 +00:00
|
|
|
key_type_to_str(keytype));
|
2002-11-07 19:49:03 +00:00
|
|
|
msgbuf = dupprintf("Unable to use key file \"%.150s\""
|
2003-02-04 13:00:54 +00:00
|
|
|
" (%s)\r\n",
|
|
|
|
filename_to_str(&ssh->cfg.keyfile),
|
2002-11-07 19:49:03 +00:00
|
|
|
key_type_to_str(keytype));
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, msgbuf);
|
2002-11-07 19:49:03 +00:00
|
|
|
sfree(msgbuf);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->publickey_blob = NULL;
|
2002-05-11 12:13:42 +00:00
|
|
|
}
|
2001-12-30 16:20:31 +00:00
|
|
|
} else
|
2002-10-25 11:30:33 +00:00
|
|
|
s->publickey_blob = NULL;
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2001-03-03 13:53:44 +00:00
|
|
|
while (1) {
|
|
|
|
/*
|
|
|
|
* Wait for the result of the last authentication request.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!s->gotit)
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntilV(pktin);
|
|
|
|
while (pktin->type == SSH2_MSG_USERAUTH_BANNER) {
|
2001-05-06 14:35:20 +00:00
|
|
|
char *banner;
|
|
|
|
int size;
|
|
|
|
/*
|
|
|
|
* Don't show the banner if we're operating in
|
|
|
|
* non-verbose non-interactive mode. (It's probably
|
|
|
|
* a script, which means nobody will read the
|
|
|
|
* banner _anyway_, and moreover the printing of
|
|
|
|
* the banner will screw up processing on the
|
|
|
|
* output of (say) plink.)
|
|
|
|
*/
|
|
|
|
if (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE)) {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &banner, &size);
|
2001-05-06 14:35:20 +00:00
|
|
|
if (banner)
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_untrusted(ssh, banner, size);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntilV(pktin);
|
2001-03-03 13:53:44 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
|
2001-03-03 13:53:44 +00:00
|
|
|
logevent("Access granted");
|
2002-10-25 11:30:33 +00:00
|
|
|
s->we_are_in = TRUE;
|
2001-03-03 13:53:44 +00:00
|
|
|
break;
|
|
|
|
}
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->kbd_inter_running &&
|
2004-11-24 18:45:52 +00:00
|
|
|
pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
|
2001-08-22 19:47:05 +00:00
|
|
|
/*
|
2002-08-03 16:22:55 +00:00
|
|
|
* This is either a further set-of-prompts packet
|
|
|
|
* in keyboard-interactive authentication, or it's
|
|
|
|
* the same one and we came back here with `gotit'
|
|
|
|
* set. In the former case, we must reset the
|
|
|
|
* curr_prompt variable.
|
2001-08-22 19:47:05 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!s->gotit)
|
|
|
|
s->curr_prompt = 0;
|
2004-11-24 18:45:52 +00:00
|
|
|
} else if (pktin->type != SSH2_MSG_USERAUTH_FAILURE) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Strange packet received during authentication: type %d",
|
2004-11-24 18:45:52 +00:00
|
|
|
pktin->type));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2001-03-03 11:54:34 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->gotit = FALSE;
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2001-03-03 13:53:44 +00:00
|
|
|
/*
|
|
|
|
* OK, we're now sitting on a USERAUTH_FAILURE message, so
|
|
|
|
* we can look at the string in it and know what we can
|
|
|
|
* helpfully try next.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
|
2001-03-03 13:53:44 +00:00
|
|
|
char *methods;
|
|
|
|
int methlen;
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &methods, &methlen);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->kbd_inter_running = FALSE;
|
2004-11-24 18:45:52 +00:00
|
|
|
if (!ssh2_pkt_getbool(pktin)) {
|
2001-03-03 13:53:44 +00:00
|
|
|
/*
|
|
|
|
* We have received an unequivocal Access
|
|
|
|
* Denied. This can translate to a variety of
|
|
|
|
* messages:
|
|
|
|
*
|
|
|
|
* - if we'd just tried "none" authentication,
|
|
|
|
* it's not worth printing anything at all
|
|
|
|
*
|
|
|
|
* - if we'd just tried a public key _offer_,
|
|
|
|
* the message should be "Server refused our
|
|
|
|
* key" (or no message at all if the key
|
|
|
|
* came from Pageant)
|
|
|
|
*
|
|
|
|
* - if we'd just tried anything else, the
|
|
|
|
* message really should be "Access denied".
|
|
|
|
*
|
|
|
|
* Additionally, if we'd just tried password
|
|
|
|
* authentication, we should break out of this
|
|
|
|
* whole loop so as to go back to the username
|
2004-11-20 17:11:38 +00:00
|
|
|
* prompt (iff we're configured to allow
|
|
|
|
* username change attempts).
|
2001-03-03 13:53:44 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->type == AUTH_TYPE_NONE) {
|
2001-03-03 13:53:44 +00:00
|
|
|
/* do nothing */
|
2002-10-25 11:30:33 +00:00
|
|
|
} else if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
|
|
|
|
s->type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
|
|
|
|
if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
|
|
|
|
c_write_str(ssh, "Server refused our key\r\n");
|
2001-03-03 13:53:44 +00:00
|
|
|
logevent("Server refused public key");
|
2002-10-25 11:30:33 +00:00
|
|
|
} else if (s->type==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
|
2001-08-09 21:22:38 +00:00
|
|
|
/* server declined keyboard-interactive; ignore */
|
2001-03-03 13:53:44 +00:00
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Access denied\r\n");
|
2001-03-03 13:53:44 +00:00
|
|
|
logevent("Access denied");
|
2004-11-20 17:11:38 +00:00
|
|
|
if (s->type == AUTH_TYPE_PASSWORD &&
|
|
|
|
ssh->cfg.change_username) {
|
2004-11-20 17:47:40 +00:00
|
|
|
/* XXX perhaps we should allow
|
|
|
|
* keyboard-interactive to do this too? */
|
2002-10-25 11:30:33 +00:00
|
|
|
s->we_are_in = FALSE;
|
2001-03-03 13:53:44 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Further authentication required\r\n");
|
2001-03-03 13:53:44 +00:00
|
|
|
logevent("Further authentication required");
|
|
|
|
}
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->can_pubkey =
|
2001-05-06 14:35:20 +00:00
|
|
|
in_commasep_string("publickey", methods, methlen);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->can_passwd =
|
2001-05-06 14:35:20 +00:00
|
|
|
in_commasep_string("password", methods, methlen);
|
2003-01-12 14:48:29 +00:00
|
|
|
s->can_keyb_inter = ssh->cfg.try_ki_auth &&
|
2001-08-09 20:13:17 +00:00
|
|
|
in_commasep_string("keyboard-interactive", methods, methlen);
|
2001-03-03 13:53:44 +00:00
|
|
|
}
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->method = 0;
|
|
|
|
ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
|
2004-01-21 19:33:48 +00:00
|
|
|
s->need_pw = FALSE;
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2002-08-11 13:02:01 +00:00
|
|
|
/*
|
|
|
|
* Most password/passphrase prompts will be
|
|
|
|
* non-echoing, so we set this to 0 by default.
|
|
|
|
* Exception is that some keyboard-interactive prompts
|
|
|
|
* can be echoing, in which case we'll set this to 1.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
s->echo = 0;
|
2002-08-11 13:02:01 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!s->method && s->can_pubkey &&
|
|
|
|
agent_exists() && !s->tried_agent) {
|
2001-03-03 15:56:39 +00:00
|
|
|
/*
|
|
|
|
* Attempt public-key authentication using Pageant.
|
|
|
|
*/
|
|
|
|
void *r;
|
2002-10-25 11:30:33 +00:00
|
|
|
s->authed = FALSE;
|
2001-03-03 15:56:39 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
|
|
|
|
ssh->pkt_ctx |= SSH2_PKTCTX_PUBLICKEY;
|
2001-12-14 14:57:50 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->tried_agent = TRUE;
|
2001-03-03 15:56:39 +00:00
|
|
|
|
|
|
|
logevent("Pageant is running. Requesting keys.");
|
|
|
|
|
|
|
|
/* Request the keys held by the agent. */
|
2002-10-25 11:30:33 +00:00
|
|
|
PUT_32BIT(s->request, 1);
|
|
|
|
s->request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
|
2003-04-28 11:41:39 +00:00
|
|
|
if (!agent_query(s->request, 5, &r, &s->responselen,
|
|
|
|
ssh_agent_callback, ssh)) {
|
|
|
|
do {
|
|
|
|
crReturnV;
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin) {
|
2003-04-28 11:41:39 +00:00
|
|
|
bombout(("Unexpected data from server while"
|
|
|
|
" waiting for agent response"));
|
|
|
|
crStopV;
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
} while (pktin || inlen > 0);
|
2003-04-28 11:41:39 +00:00
|
|
|
r = ssh->agent_response;
|
|
|
|
s->responselen = ssh->agent_response_len;
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->response = (unsigned char *) r;
|
|
|
|
if (s->response && s->responselen >= 5 &&
|
|
|
|
s->response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
|
|
|
|
s->p = s->response + 5;
|
|
|
|
s->nkeys = GET_32BIT(s->p);
|
|
|
|
s->p += 4;
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
|
|
|
char buf[64];
|
2002-10-25 11:30:33 +00:00
|
|
|
sprintf(buf, "Pageant has %d SSH2 keys", s->nkeys);
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent(buf);
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
|
2001-05-13 14:02:28 +00:00
|
|
|
void *vret;
|
2001-03-03 15:56:39 +00:00
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
|
|
|
char buf[64];
|
2002-10-25 11:30:33 +00:00
|
|
|
sprintf(buf, "Trying Pageant key #%d", s->keyi);
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent(buf);
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->pklen = GET_32BIT(s->p);
|
|
|
|
s->p += 4;
|
|
|
|
if (s->publickey_blob &&
|
|
|
|
s->pklen == s->publickey_bloblen &&
|
|
|
|
!memcmp(s->p, s->publickey_blob,
|
|
|
|
s->publickey_bloblen)) {
|
2001-12-30 16:20:31 +00:00
|
|
|
logevent("This key matches configured key file");
|
2002-10-25 11:30:33 +00:00
|
|
|
s->tried_pubkey_config = 1;
|
2001-12-30 16:20:31 +00:00
|
|
|
}
|
2003-01-05 13:43:02 +00:00
|
|
|
s->pkblob = (char *)s->p;
|
2002-10-25 11:30:33 +00:00
|
|
|
s->p += s->pklen;
|
|
|
|
s->alglen = GET_32BIT(s->pkblob);
|
|
|
|
s->alg = s->pkblob + 4;
|
|
|
|
s->commentlen = GET_32BIT(s->p);
|
|
|
|
s->p += 4;
|
2003-01-05 13:43:02 +00:00
|
|
|
s->commentp = (char *)s->p;
|
2002-10-25 11:30:33 +00:00
|
|
|
s->p += s->commentlen;
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
|
|
ssh2_pkt_addstring(s->pktout, s->username);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
|
|
|
|
ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
|
|
|
|
ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
|
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
|
|
|
ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
|
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
|
|
|
ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
|
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
|
|
|
|
|
|
|
crWaitUntilV(pktin);
|
|
|
|
if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
|
2001-03-03 15:56:39 +00:00
|
|
|
logevent("Key refused");
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
if (flags & FLAG_VERBOSE) {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Authenticating with "
|
|
|
|
"public key \"");
|
|
|
|
c_write(ssh, s->commentp, s->commentlen);
|
|
|
|
c_write_str(ssh, "\" from agent\r\n");
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2001-03-03 15:56:39 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Server is willing to accept the key.
|
|
|
|
* Construct a SIGN_REQUEST.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
|
|
ssh2_pkt_addstring(s->pktout, s->username);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
|
|
|
|
ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
|
|
|
|
ssh2_pkt_addbool(s->pktout, TRUE);
|
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
|
|
|
ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
|
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
|
|
|
ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
|
|
|
|
|
|
|
|
s->siglen = s->pktout->length - 5 + 4 + 20;
|
2003-02-04 13:02:51 +00:00
|
|
|
if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
|
|
|
|
s->siglen -= 4;
|
2002-10-25 11:30:33 +00:00
|
|
|
s->len = 1; /* message type */
|
|
|
|
s->len += 4 + s->pklen; /* key blob */
|
|
|
|
s->len += 4 + s->siglen; /* data to sign */
|
|
|
|
s->len += 4; /* flags */
|
2003-03-29 16:14:26 +00:00
|
|
|
s->agentreq = snewn(4 + s->len, char);
|
2002-10-25 11:30:33 +00:00
|
|
|
PUT_32BIT(s->agentreq, s->len);
|
|
|
|
s->q = s->agentreq + 4;
|
|
|
|
*s->q++ = SSH2_AGENTC_SIGN_REQUEST;
|
|
|
|
PUT_32BIT(s->q, s->pklen);
|
|
|
|
s->q += 4;
|
|
|
|
memcpy(s->q, s->pkblob, s->pklen);
|
|
|
|
s->q += s->pklen;
|
|
|
|
PUT_32BIT(s->q, s->siglen);
|
|
|
|
s->q += 4;
|
2001-03-03 15:56:39 +00:00
|
|
|
/* Now the data to be signed... */
|
2003-02-04 13:02:51 +00:00
|
|
|
if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
|
|
|
|
PUT_32BIT(s->q, 20);
|
|
|
|
s->q += 4;
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
memcpy(s->q, ssh->v2_session_id, 20);
|
|
|
|
s->q += 20;
|
2004-11-24 18:45:52 +00:00
|
|
|
memcpy(s->q, s->pktout->data + 5,
|
|
|
|
s->pktout->length - 5);
|
|
|
|
s->q += s->pktout->length - 5;
|
2001-03-03 15:56:39 +00:00
|
|
|
/* And finally the (zero) flags word. */
|
2002-10-25 11:30:33 +00:00
|
|
|
PUT_32BIT(s->q, 0);
|
2003-04-28 11:41:39 +00:00
|
|
|
if (!agent_query(s->agentreq, s->len + 4,
|
|
|
|
&vret, &s->retlen,
|
|
|
|
ssh_agent_callback, ssh)) {
|
|
|
|
do {
|
|
|
|
crReturnV;
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin) {
|
2003-04-28 11:41:39 +00:00
|
|
|
bombout(("Unexpected data from server"
|
|
|
|
" while waiting for agent"
|
|
|
|
" response"));
|
|
|
|
crStopV;
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
} while (pktin || inlen > 0);
|
2003-04-28 11:41:39 +00:00
|
|
|
vret = ssh->agent_response;
|
|
|
|
s->retlen = ssh->agent_response_len;
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->ret = vret;
|
|
|
|
sfree(s->agentreq);
|
|
|
|
if (s->ret) {
|
|
|
|
if (s->ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
|
2001-03-03 15:56:39 +00:00
|
|
|
logevent("Sending Pageant's response");
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_add_sigblob(ssh, s->pktout,
|
|
|
|
s->pkblob, s->pklen,
|
2002-10-25 11:30:33 +00:00
|
|
|
s->ret + 9,
|
|
|
|
GET_32BIT(s->ret + 5));
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->authed = TRUE;
|
2001-03-03 15:56:39 +00:00
|
|
|
break;
|
|
|
|
} else {
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent
|
|
|
|
("Pageant failed to answer challenge");
|
2002-10-25 11:30:33 +00:00
|
|
|
sfree(s->ret);
|
2001-03-03 15:56:39 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->authed)
|
2001-03-03 15:56:39 +00:00
|
|
|
continue;
|
|
|
|
}
|
2004-01-18 09:14:41 +00:00
|
|
|
sfree(s->response);
|
2001-03-03 15:56:39 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!s->method && s->can_pubkey && s->publickey_blob
|
|
|
|
&& !s->tried_pubkey_config) {
|
2001-03-03 13:53:44 +00:00
|
|
|
unsigned char *pub_blob;
|
|
|
|
char *algorithm, *comment;
|
|
|
|
int pub_blob_len;
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->tried_pubkey_config = TRUE;
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
|
|
|
|
ssh->pkt_ctx |= SSH2_PKTCTX_PUBLICKEY;
|
2001-12-14 14:57:50 +00:00
|
|
|
|
2001-03-03 11:54:34 +00:00
|
|
|
/*
|
2001-03-03 13:53:44 +00:00
|
|
|
* Try the public key supplied in the configuration.
|
|
|
|
*
|
|
|
|
* First, offer the public blob to see if the server is
|
|
|
|
* willing to accept it.
|
2001-03-03 11:54:34 +00:00
|
|
|
*/
|
2003-01-05 13:43:02 +00:00
|
|
|
pub_blob =
|
2003-02-01 12:54:40 +00:00
|
|
|
(unsigned char *)ssh2_userkey_loadpub(&ssh->cfg.keyfile,
|
2003-01-05 13:43:02 +00:00
|
|
|
&algorithm,
|
2003-08-29 22:52:57 +00:00
|
|
|
&pub_blob_len,
|
|
|
|
NULL);
|
2001-03-03 13:53:44 +00:00
|
|
|
if (pub_blob) {
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
|
|
ssh2_pkt_addstring(s->pktout, s->username);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
|
|
|
|
ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
|
|
|
|
ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
|
|
|
|
ssh2_pkt_addstring(s->pktout, algorithm);
|
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
|
|
|
ssh2_pkt_addstring_data(s->pktout, (char *)pub_blob,
|
2003-01-05 13:43:02 +00:00
|
|
|
pub_blob_len);
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2004-10-22 16:47:46 +00:00
|
|
|
logevent("Offered public key");
|
2001-03-03 13:53:44 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntilV(pktin);
|
|
|
|
if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
|
2002-10-25 11:30:33 +00:00
|
|
|
s->gotit = TRUE;
|
|
|
|
s->type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
|
2001-05-06 14:35:20 +00:00
|
|
|
continue; /* key refused; give up on it */
|
2001-03-03 13:53:44 +00:00
|
|
|
}
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2001-03-03 13:53:44 +00:00
|
|
|
logevent("Offer of public key accepted");
|
2001-03-03 11:54:34 +00:00
|
|
|
/*
|
2001-03-03 13:53:44 +00:00
|
|
|
* Actually attempt a serious authentication using
|
|
|
|
* the key.
|
2001-03-03 11:54:34 +00:00
|
|
|
*/
|
2003-02-01 12:54:40 +00:00
|
|
|
if (ssh2_userkey_encrypted(&ssh->cfg.keyfile, &comment)) {
|
2002-10-25 11:30:33 +00:00
|
|
|
sprintf(s->pwprompt,
|
2001-05-06 14:35:20 +00:00
|
|
|
"Passphrase for key \"%.100s\": ",
|
|
|
|
comment);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->need_pw = TRUE;
|
2001-03-03 13:53:44 +00:00
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
s->need_pw = FALSE;
|
2001-03-03 13:53:44 +00:00
|
|
|
}
|
2004-06-15 09:50:05 +00:00
|
|
|
if (flags & FLAG_VERBOSE) {
|
|
|
|
c_write_str(ssh, "Authenticating with public key \"");
|
|
|
|
c_write_str(ssh, comment);
|
|
|
|
c_write_str(ssh, "\"\r\n");
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->method = AUTH_PUBLICKEY_FILE;
|
2001-03-03 11:54:34 +00:00
|
|
|
}
|
2001-03-03 13:53:44 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!s->method && s->can_keyb_inter && !s->tried_keyb_inter) {
|
|
|
|
s->method = AUTH_KEYBOARD_INTERACTIVE;
|
|
|
|
s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
|
|
|
|
s->tried_keyb_inter = TRUE;
|
2001-08-28 08:43:33 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
|
|
|
|
ssh->pkt_ctx |= SSH2_PKTCTX_KBDINTER;
|
2001-12-14 14:57:50 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
|
|
ssh2_pkt_addstring(s->pktout, s->username);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
|
|
|
|
ssh2_pkt_addstring(s->pktout, "keyboard-interactive"); /* method */
|
|
|
|
ssh2_pkt_addstring(s->pktout, ""); /* lang */
|
|
|
|
ssh2_pkt_addstring(s->pktout, "");
|
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
|
|
|
|
|
|
|
crWaitUntilV(pktin);
|
|
|
|
if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
|
|
|
|
if (pktin->type == SSH2_MSG_USERAUTH_FAILURE)
|
2002-10-25 11:30:33 +00:00
|
|
|
s->gotit = TRUE;
|
2001-08-28 08:43:33 +00:00
|
|
|
logevent("Keyboard-interactive authentication refused");
|
2002-10-25 11:30:33 +00:00
|
|
|
s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
|
2001-08-28 08:43:33 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
s->kbd_inter_running = TRUE;
|
|
|
|
s->curr_prompt = 0;
|
2001-08-28 08:43:33 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->kbd_inter_running) {
|
|
|
|
s->method = AUTH_KEYBOARD_INTERACTIVE;
|
|
|
|
s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
|
|
|
|
s->tried_keyb_inter = TRUE;
|
2001-08-28 08:43:33 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
|
|
|
|
ssh->pkt_ctx |= SSH2_PKTCTX_KBDINTER;
|
2001-12-14 14:57:50 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->curr_prompt == 0) {
|
2002-08-03 16:22:55 +00:00
|
|
|
/*
|
|
|
|
* We've got a fresh USERAUTH_INFO_REQUEST.
|
|
|
|
* Display header data, and start going through
|
|
|
|
* the prompts.
|
|
|
|
*/
|
|
|
|
char *name, *inst, *lang;
|
|
|
|
int name_len, inst_len, lang_len;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &name, &name_len);
|
|
|
|
ssh_pkt_getstring(pktin, &inst, &inst_len);
|
|
|
|
ssh_pkt_getstring(pktin, &lang, &lang_len);
|
2002-08-03 16:22:55 +00:00
|
|
|
if (name_len > 0) {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_untrusted(ssh, name, name_len);
|
|
|
|
c_write_str(ssh, "\r\n");
|
2002-08-03 16:22:55 +00:00
|
|
|
}
|
|
|
|
if (inst_len > 0) {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_untrusted(ssh, inst, inst_len);
|
|
|
|
c_write_str(ssh, "\r\n");
|
2002-08-03 16:22:55 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
s->num_prompts = ssh_pkt_getuint32(pktin);
|
2002-08-03 16:22:55 +00:00
|
|
|
}
|
2001-08-28 08:43:33 +00:00
|
|
|
|
2002-08-03 16:22:55 +00:00
|
|
|
/*
|
|
|
|
* If there are prompts remaining in the packet,
|
|
|
|
* display one and get a response.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->curr_prompt < s->num_prompts) {
|
2002-08-03 16:22:55 +00:00
|
|
|
char *prompt;
|
|
|
|
int prompt_len;
|
2001-08-28 08:43:33 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh_pkt_getstring(pktin, &prompt, &prompt_len);
|
2002-08-03 16:22:55 +00:00
|
|
|
if (prompt_len > 0) {
|
2004-08-17 14:08:05 +00:00
|
|
|
static const char trunc[] = "<prompt truncated>: ";
|
|
|
|
static const int prlen = sizeof(s->pwprompt) -
|
|
|
|
lenof(trunc);
|
|
|
|
if (prompt_len > prlen) {
|
|
|
|
memcpy(s->pwprompt, prompt, prlen);
|
|
|
|
strcpy(s->pwprompt + prlen, trunc);
|
|
|
|
} else {
|
|
|
|
memcpy(s->pwprompt, prompt, prompt_len);
|
|
|
|
s->pwprompt[prompt_len] = '\0';
|
|
|
|
}
|
2002-08-03 16:22:55 +00:00
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
strcpy(s->pwprompt,
|
2002-08-03 16:22:55 +00:00
|
|
|
"<server failed to send prompt>: ");
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
s->echo = ssh2_pkt_getbool(pktin);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->need_pw = TRUE;
|
2002-08-03 16:22:55 +00:00
|
|
|
} else
|
2002-10-25 11:30:33 +00:00
|
|
|
s->need_pw = FALSE;
|
2001-08-28 08:43:33 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!s->method && s->can_passwd) {
|
|
|
|
s->method = AUTH_PASSWORD;
|
|
|
|
ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
|
|
|
|
ssh->pkt_ctx |= SSH2_PKTCTX_PASSWORD;
|
|
|
|
sprintf(s->pwprompt, "%.90s@%.90s's password: ", s->username,
|
|
|
|
ssh->savedhost);
|
|
|
|
s->need_pw = TRUE;
|
2001-03-03 13:53:44 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->need_pw) {
|
2001-03-12 15:31:53 +00:00
|
|
|
if (ssh_get_line) {
|
2002-10-25 11:30:33 +00:00
|
|
|
if (!ssh_get_line(s->pwprompt, s->password,
|
|
|
|
sizeof(s->password), TRUE)) {
|
2001-03-03 13:53:44 +00:00
|
|
|
/*
|
2001-03-12 15:31:53 +00:00
|
|
|
* get_line failed to get a password (for
|
|
|
|
* example because one was supplied on the
|
|
|
|
* command line which has already failed to
|
|
|
|
* work). Terminate.
|
2001-03-03 13:53:44 +00:00
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
|
|
|
|
ssh2_pkt_adduint32(s->pktout,SSH2_DISCONNECT_BY_APPLICATION);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "No more passwords available"
|
2002-10-25 11:30:33 +00:00
|
|
|
" to try");
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring(s->pktout, "en"); /* language tag */
|
2004-11-24 19:23:02 +00:00
|
|
|
ssh2_pkt_send_noqueue(ssh, s->pktout);
|
2002-03-23 18:04:27 +00:00
|
|
|
logevent("Unable to authenticate");
|
2002-10-26 12:58:13 +00:00
|
|
|
connection_fatal(ssh->frontend,
|
|
|
|
"Unable to authenticate");
|
2003-03-31 13:15:51 +00:00
|
|
|
ssh_closing((Plug)ssh, NULL, 0, 0);
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2001-03-03 13:53:44 +00:00
|
|
|
}
|
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
int ret; /* need not be saved across crReturn */
|
|
|
|
c_write_untrusted(ssh, s->pwprompt, strlen(s->pwprompt));
|
|
|
|
ssh->send_ok = 1;
|
2001-03-03 13:53:44 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
setup_userpass_input(ssh, s->password,
|
|
|
|
sizeof(s->password), s->echo);
|
2002-08-11 13:02:01 +00:00
|
|
|
do {
|
2004-11-24 18:45:52 +00:00
|
|
|
crWaitUntilV(!pktin);
|
2002-10-25 11:30:33 +00:00
|
|
|
ret = process_userpass_input(ssh, in, inlen);
|
2002-08-11 13:02:01 +00:00
|
|
|
} while (ret == 0);
|
|
|
|
if (ret < 0)
|
|
|
|
cleanup_exit(0);
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "\r\n");
|
2001-03-03 11:54:34 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->method == AUTH_PUBLICKEY_FILE) {
|
2001-03-03 13:53:44 +00:00
|
|
|
/*
|
|
|
|
* We have our passphrase. Now try the actual authentication.
|
|
|
|
*/
|
|
|
|
struct ssh2_userkey *key;
|
2003-08-29 22:52:57 +00:00
|
|
|
const char *error = NULL;
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2003-08-29 22:52:57 +00:00
|
|
|
key = ssh2_load_userkey(&ssh->cfg.keyfile, s->password,
|
|
|
|
&error);
|
2001-03-03 13:53:44 +00:00
|
|
|
if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
|
|
|
|
if (key == SSH2_WRONG_PASSPHRASE) {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Wrong passphrase\r\n");
|
|
|
|
s->tried_pubkey_config = FALSE;
|
2001-03-03 13:53:44 +00:00
|
|
|
} else {
|
2003-08-29 22:52:57 +00:00
|
|
|
c_write_str(ssh, "Unable to load private key (");
|
|
|
|
c_write_str(ssh, error);
|
|
|
|
c_write_str(ssh, ")\r\n");
|
2002-10-25 11:30:33 +00:00
|
|
|
s->tried_pubkey_config = TRUE;
|
2001-03-03 13:53:44 +00:00
|
|
|
}
|
|
|
|
/* Send a spurious AUTH_NONE to return to the top. */
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
|
|
ssh2_pkt_addstring(s->pktout, s->username);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
|
|
|
|
ssh2_pkt_addstring(s->pktout, "none"); /* method */
|
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->type = AUTH_TYPE_NONE;
|
2001-03-03 13:53:44 +00:00
|
|
|
} else {
|
2002-05-31 17:39:16 +00:00
|
|
|
unsigned char *pkblob, *sigblob, *sigdata;
|
|
|
|
int pkblob_len, sigblob_len, sigdata_len;
|
2003-02-04 13:02:51 +00:00
|
|
|
int p;
|
2001-03-03 11:54:34 +00:00
|
|
|
|
2001-03-03 13:53:44 +00:00
|
|
|
/*
|
|
|
|
* We have loaded the private key and the server
|
|
|
|
* has announced that it's willing to accept it.
|
|
|
|
* Hallelujah. Generate a signature and send it.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
|
|
ssh2_pkt_addstring(s->pktout, s->username);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
|
|
|
|
ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
|
|
|
|
ssh2_pkt_addbool(s->pktout, TRUE);
|
|
|
|
ssh2_pkt_addstring(s->pktout, key->alg->name);
|
2002-05-31 17:39:16 +00:00
|
|
|
pkblob = key->alg->public_blob(key->data, &pkblob_len);
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
|
|
|
ssh2_pkt_addstring_data(s->pktout, (char *)pkblob, pkblob_len);
|
2001-03-03 13:53:44 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The data to be signed is:
|
|
|
|
*
|
|
|
|
* string session-id
|
|
|
|
*
|
|
|
|
* followed by everything so far placed in the
|
|
|
|
* outgoing packet.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
sigdata_len = s->pktout->length - 5 + 4 + 20;
|
2003-02-04 13:02:51 +00:00
|
|
|
if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
|
|
|
|
sigdata_len -= 4;
|
2003-03-29 23:05:36 +00:00
|
|
|
sigdata = snewn(sigdata_len, unsigned char);
|
2003-02-04 13:02:51 +00:00
|
|
|
p = 0;
|
|
|
|
if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
|
|
|
|
PUT_32BIT(sigdata+p, 20);
|
|
|
|
p += 4;
|
|
|
|
}
|
|
|
|
memcpy(sigdata+p, ssh->v2_session_id, 20); p += 20;
|
2004-11-24 18:45:52 +00:00
|
|
|
memcpy(sigdata+p, s->pktout->data + 5,
|
|
|
|
s->pktout->length - 5);
|
|
|
|
p += s->pktout->length - 5;
|
2003-02-04 13:02:51 +00:00
|
|
|
assert(p == sigdata_len);
|
2003-01-05 13:43:02 +00:00
|
|
|
sigblob = key->alg->sign(key->data, (char *)sigdata,
|
2002-05-31 17:39:16 +00:00
|
|
|
sigdata_len, &sigblob_len);
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_add_sigblob(ssh, s->pktout, pkblob, pkblob_len,
|
2002-05-31 17:39:16 +00:00
|
|
|
sigblob, sigblob_len);
|
|
|
|
sfree(pkblob);
|
|
|
|
sfree(sigblob);
|
2001-03-03 13:53:44 +00:00
|
|
|
sfree(sigdata);
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->type = AUTH_TYPE_PUBLICKEY;
|
2004-01-21 19:41:34 +00:00
|
|
|
key->alg->freekey(key->data);
|
2001-03-03 13:53:44 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
} else if (s->method == AUTH_PASSWORD) {
|
2001-03-03 11:54:34 +00:00
|
|
|
/*
|
2001-03-03 13:53:44 +00:00
|
|
|
* We send the password packet lumped tightly together with
|
|
|
|
* an SSH_MSG_IGNORE packet. The IGNORE packet contains a
|
|
|
|
* string long enough to make the total length of the two
|
|
|
|
* packets constant. This should ensure that a passive
|
|
|
|
* listener doing traffic analyis can't work out the length
|
|
|
|
* of the password.
|
|
|
|
*
|
|
|
|
* For this to work, we need an assumption about the
|
|
|
|
* maximum length of the password packet. I think 256 is
|
|
|
|
* pretty conservative. Anyone using a password longer than
|
|
|
|
* that probably doesn't have much to worry about from
|
|
|
|
* people who find out how long their password is!
|
2001-03-03 11:54:34 +00:00
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
|
|
|
|
ssh2_pkt_addstring(s->pktout, s->username);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
|
|
|
|
ssh2_pkt_addstring(s->pktout, "password");
|
|
|
|
ssh2_pkt_addbool(s->pktout, FALSE);
|
|
|
|
dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
|
|
|
|
ssh2_pkt_addstring(s->pktout, s->password);
|
2003-01-09 17:33:49 +00:00
|
|
|
memset(s->password, 0, sizeof(s->password));
|
2004-11-24 18:45:52 +00:00
|
|
|
end_log_omission(ssh, s->pktout);
|
|
|
|
ssh2_pkt_defer(ssh, s->pktout);
|
2001-03-03 11:54:34 +00:00
|
|
|
/*
|
2001-03-03 13:53:44 +00:00
|
|
|
* We'll include a string that's an exact multiple of the
|
|
|
|
* cipher block size. If the cipher is NULL for some
|
|
|
|
* reason, we don't do this trick at all because we gain
|
|
|
|
* nothing by it.
|
2001-03-03 11:54:34 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->cscipher) {
|
2001-05-06 14:35:20 +00:00
|
|
|
int stringlen, i;
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
stringlen = (256 - ssh->deferred_len);
|
|
|
|
stringlen += ssh->cscipher->blksize - 1;
|
|
|
|
stringlen -= (stringlen % ssh->cscipher->blksize);
|
|
|
|
if (ssh->cscomp) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* Temporarily disable actual compression,
|
|
|
|
* so we can guarantee to get this string
|
|
|
|
* exactly the length we want it. The
|
|
|
|
* compression-disabling routine should
|
|
|
|
* return an integer indicating how many
|
|
|
|
* bytes we should adjust our string length
|
|
|
|
* by.
|
|
|
|
*/
|
2002-10-25 13:26:33 +00:00
|
|
|
stringlen -=
|
|
|
|
ssh->cscomp->disable_compression(ssh->cs_comp_ctx);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
|
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
2001-03-05 16:38:42 +00:00
|
|
|
for (i = 0; i < stringlen; i++) {
|
2001-05-06 14:35:20 +00:00
|
|
|
char c = (char) random_byte();
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring_data(s->pktout, &c, 1);
|
2001-03-03 11:54:34 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_defer(ssh, s->pktout);
|
2001-03-03 11:54:34 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh_pkt_defersend(ssh);
|
2001-03-03 16:05:52 +00:00
|
|
|
logevent("Sent password");
|
2002-10-25 11:30:33 +00:00
|
|
|
s->type = AUTH_TYPE_PASSWORD;
|
|
|
|
} else if (s->method == AUTH_KEYBOARD_INTERACTIVE) {
|
|
|
|
if (s->curr_prompt == 0) {
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, s->num_prompts);
|
2002-08-03 16:22:55 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->need_pw) { /* only add pw if we just got one! */
|
2004-11-24 18:45:52 +00:00
|
|
|
dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
|
|
|
|
ssh2_pkt_addstring(s->pktout, s->password);
|
2002-10-25 11:30:33 +00:00
|
|
|
memset(s->password, 0, sizeof(s->password));
|
2004-11-24 18:45:52 +00:00
|
|
|
end_log_omission(ssh, s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->curr_prompt++;
|
2002-08-03 16:22:55 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->curr_prompt >= s->num_prompts) {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2002-08-03 16:22:55 +00:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* If there are prompts remaining, we set
|
|
|
|
* `gotit' so that we won't attempt to get
|
|
|
|
* another packet. Then we go back round the
|
|
|
|
* loop and will end up retrieving another
|
|
|
|
* prompt out of the existing packet. Funky or
|
|
|
|
* what?
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
s->gotit = TRUE;
|
2002-08-03 16:22:55 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
|
2001-03-03 13:53:44 +00:00
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "No supported authentication methods"
|
|
|
|
" left to try!\r\n");
|
|
|
|
logevent("No supported authentications offered."
|
|
|
|
" Disconnecting");
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, SSH2_DISCONNECT_BY_APPLICATION);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "No supported authentication"
|
2002-10-25 11:30:33 +00:00
|
|
|
" methods available");
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring(s->pktout, "en"); /* language tag */
|
2004-11-24 19:23:02 +00:00
|
|
|
ssh2_pkt_send_noqueue(ssh, s->pktout);
|
2003-03-31 13:15:51 +00:00
|
|
|
ssh_closing((Plug)ssh, NULL, 0, 0);
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2001-03-03 11:54:34 +00:00
|
|
|
}
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
} while (!s->we_are_in);
|
2000-09-07 16:33:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Now we're authenticated for the connection protocol. The
|
|
|
|
* connection protocol will automatically have started at this
|
|
|
|
* point; there's no need to send SERVICE_REQUEST.
|
|
|
|
*/
|
|
|
|
|
2004-10-13 13:43:11 +00:00
|
|
|
ssh->channels = newtree234(ssh_channelcmp);
|
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
/*
|
|
|
|
* Set up handlers for some connection protocol messages, so we
|
|
|
|
* don't have to handle them repeatedly in this coroutine.
|
|
|
|
*/
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] =
|
|
|
|
ssh2_msg_channel_window_adjust;
|
2004-11-27 15:32:45 +00:00
|
|
|
ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] =
|
|
|
|
ssh2_msg_global_request;
|
2004-11-24 20:35:15 +00:00
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
/*
|
2004-10-13 13:43:11 +00:00
|
|
|
* Create the main session channel.
|
2000-09-07 16:33:49 +00:00
|
|
|
*/
|
2004-10-13 13:43:11 +00:00
|
|
|
if (!ssh->cfg.ssh_no_shell) {
|
|
|
|
ssh->mainchan = snew(struct ssh_channel);
|
|
|
|
ssh->mainchan->ssh = ssh;
|
|
|
|
ssh->mainchan->localid = alloc_channel_id(ssh);
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "session");
|
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
|
2004-10-13 13:43:11 +00:00
|
|
|
ssh->mainchan->v.v2.locwindow = OUR_V2_WINSIZE;
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
|
|
|
|
ssh2_pkt_adduint32(s->pktout, 0x4000UL); /* our max pkt size */
|
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
|
|
|
crWaitUntilV(pktin);
|
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
|
2004-10-13 13:43:11 +00:00
|
|
|
bombout(("Server refused to open a session"));
|
|
|
|
crStopV;
|
|
|
|
/* FIXME: error data comes back in FAILURE packet */
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
|
2004-10-13 13:43:11 +00:00
|
|
|
bombout(("Server's channel confirmation cited wrong channel"));
|
|
|
|
crStopV;
|
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
|
2004-10-13 13:43:11 +00:00
|
|
|
ssh->mainchan->type = CHAN_MAINSESSION;
|
|
|
|
ssh->mainchan->closes = 0;
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
|
|
|
|
ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
|
2004-10-13 13:43:11 +00:00
|
|
|
bufchain_init(&ssh->mainchan->v.v2.outbuffer);
|
|
|
|
add234(ssh->channels, ssh->mainchan);
|
2004-10-17 15:32:42 +00:00
|
|
|
update_specials_menu(ssh->frontend);
|
2004-10-13 13:43:11 +00:00
|
|
|
logevent("Opened channel for session");
|
|
|
|
} else
|
|
|
|
ssh->mainchan = NULL;
|
2000-09-07 16:33:49 +00:00
|
|
|
|
2004-11-27 15:32:45 +00:00
|
|
|
/*
|
|
|
|
* Now we have a channel, make dispatch table entries for
|
|
|
|
* general channel-based messages.
|
|
|
|
*/
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] =
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] =
|
|
|
|
ssh2_msg_channel_data;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_channel_eof;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_channel_close;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] =
|
|
|
|
ssh2_msg_channel_open_confirmation;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] =
|
|
|
|
ssh2_msg_channel_open_failure;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] =
|
|
|
|
ssh2_msg_channel_request;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] =
|
|
|
|
ssh2_msg_channel_open;
|
|
|
|
|
2001-01-22 15:36:07 +00:00
|
|
|
/*
|
|
|
|
* Potentially enable X11 forwarding.
|
|
|
|
*/
|
2004-10-13 13:43:11 +00:00
|
|
|
if (ssh->mainchan && ssh->cfg.x11_forward) {
|
2001-05-06 14:35:20 +00:00
|
|
|
char proto[20], data[64];
|
|
|
|
logevent("Requesting X11 forwarding");
|
2002-10-26 11:23:15 +00:00
|
|
|
ssh->x11auth = x11_invent_auth(proto, sizeof(proto),
|
2003-01-12 14:48:29 +00:00
|
|
|
data, sizeof(data), ssh->cfg.x11_auth);
|
|
|
|
x11_get_real_auth(ssh->x11auth, ssh->cfg.x11_display);
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "x11-req");
|
|
|
|
ssh2_pkt_addbool(s->pktout, 1); /* want reply */
|
|
|
|
ssh2_pkt_addbool(s->pktout, 0); /* many connections */
|
|
|
|
ssh2_pkt_addstring(s->pktout, proto);
|
|
|
|
ssh2_pkt_addstring(s->pktout, data);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, x11_get_screen_number(ssh->cfg.x11_display));
|
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
crWaitUntilV(pktin);
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
|
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Unexpected response to X11 forwarding request:"
|
2004-11-24 18:45:52 +00:00
|
|
|
" packet type %d", pktin->type));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
logevent("X11 forwarding refused");
|
|
|
|
} else {
|
|
|
|
logevent("X11 forwarding enabled");
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->X11_fwd_enabled = TRUE;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2001-01-22 15:36:07 +00:00
|
|
|
}
|
|
|
|
|
2001-08-09 21:17:05 +00:00
|
|
|
/*
|
|
|
|
* Enable port forwardings.
|
|
|
|
*/
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
ssh_setup_portfwd(ssh, &ssh->cfg);
|
2001-08-09 21:17:05 +00:00
|
|
|
|
2001-03-03 16:38:44 +00:00
|
|
|
/*
|
|
|
|
* Potentially enable agent forwarding.
|
|
|
|
*/
|
2004-10-13 13:43:11 +00:00
|
|
|
if (ssh->mainchan && ssh->cfg.agentfwd && agent_exists()) {
|
2001-05-06 14:35:20 +00:00
|
|
|
logevent("Requesting OpenSSH-style agent forwarding");
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "auth-agent-req@openssh.com");
|
|
|
|
ssh2_pkt_addbool(s->pktout, 1); /* want reply */
|
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
crWaitUntilV(pktin);
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
|
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Unexpected response to agent forwarding request:"
|
2004-11-24 18:45:52 +00:00
|
|
|
" packet type %d", pktin->type));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
logevent("Agent forwarding refused");
|
|
|
|
} else {
|
|
|
|
logevent("Agent forwarding enabled");
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->agentfwd_enabled = TRUE;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2001-03-03 16:38:44 +00:00
|
|
|
}
|
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
/*
|
|
|
|
* Now allocate a pty for the session.
|
|
|
|
*/
|
2004-10-13 13:43:11 +00:00
|
|
|
if (ssh->mainchan && !ssh->cfg.nopty) {
|
2004-04-24 20:05:03 +00:00
|
|
|
/* Unpick the terminal-speed string. */
|
|
|
|
/* XXX perhaps we should allow no speeds to be sent. */
|
2004-06-03 10:36:27 +00:00
|
|
|
ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
|
|
|
|
sscanf(ssh->cfg.termspeed, "%d,%d", &ssh->ospeed, &ssh->ispeed);
|
2004-04-24 20:05:03 +00:00
|
|
|
/* Build the pty request. */
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
|
|
|
|
ssh2_pkt_addstring(s->pktout, "pty-req");
|
|
|
|
ssh2_pkt_addbool(s->pktout, 1); /* want reply */
|
|
|
|
ssh2_pkt_addstring(s->pktout, ssh->cfg.termtype);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->term_width);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->term_height);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, 0); /* pixel width */
|
|
|
|
ssh2_pkt_adduint32(s->pktout, 0); /* pixel height */
|
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
|
|
|
ssh2_pkt_addbyte(s->pktout, 128); /* TTY_OP_ISPEED */
|
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->ispeed);
|
|
|
|
ssh2_pkt_addbyte(s->pktout, 129); /* TTY_OP_OSPEED */
|
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->ospeed);
|
|
|
|
ssh2_pkt_addstring_data(s->pktout, "\0", 1); /* TTY_OP_END */
|
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->state = SSH_STATE_INTERMED;
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
crWaitUntilV(pktin);
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
|
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Unexpected response to pty request:"
|
2004-11-24 18:45:52 +00:00
|
|
|
" packet type %d", pktin->type));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
c_write_str(ssh, "Server refused to allocate pty\r\n");
|
|
|
|
ssh->editing = ssh->echoing = 1;
|
2001-05-06 14:35:20 +00:00
|
|
|
} else {
|
2004-04-24 20:05:03 +00:00
|
|
|
logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
|
2004-06-03 10:36:27 +00:00
|
|
|
ssh->ospeed, ssh->ispeed);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2001-01-24 14:08:20 +00:00
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->editing = ssh->echoing = 1;
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
|
|
|
|
2004-10-16 10:56:54 +00:00
|
|
|
/*
|
|
|
|
* Send environment variables.
|
|
|
|
*
|
|
|
|
* Simplest thing here is to send all the requests at once, and
|
|
|
|
* then wait for a whole bunch of successes or failures.
|
|
|
|
*/
|
|
|
|
if (ssh->mainchan && *ssh->cfg.environmt) {
|
|
|
|
char *e = ssh->cfg.environmt;
|
|
|
|
char *var, *varend, *val;
|
|
|
|
|
|
|
|
s->num_env = 0;
|
|
|
|
|
|
|
|
while (*e) {
|
|
|
|
var = e;
|
|
|
|
while (*e && *e != '\t') e++;
|
|
|
|
varend = e;
|
|
|
|
if (*e == '\t') e++;
|
|
|
|
val = e;
|
|
|
|
while (*e) e++;
|
|
|
|
e++;
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
|
|
|
|
ssh2_pkt_addstring(s->pktout, "env");
|
|
|
|
ssh2_pkt_addbool(s->pktout, 1); /* want reply */
|
|
|
|
ssh2_pkt_addstring_start(s->pktout);
|
|
|
|
ssh2_pkt_addstring_data(s->pktout, var, varend-var);
|
|
|
|
ssh2_pkt_addstring(s->pktout, val);
|
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2004-10-16 10:56:54 +00:00
|
|
|
|
|
|
|
s->num_env++;
|
|
|
|
}
|
|
|
|
|
|
|
|
logeventf(ssh, "Sent %d environment variables", s->num_env);
|
|
|
|
|
|
|
|
s->env_ok = 0;
|
|
|
|
s->env_left = s->num_env;
|
|
|
|
|
|
|
|
while (s->env_left > 0) {
|
2004-11-24 20:35:15 +00:00
|
|
|
crWaitUntilV(pktin);
|
2004-10-16 10:56:54 +00:00
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
|
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
|
2004-10-16 10:56:54 +00:00
|
|
|
bombout(("Unexpected response to environment request:"
|
2004-11-24 18:45:52 +00:00
|
|
|
" packet type %d", pktin->type));
|
2004-10-16 10:56:54 +00:00
|
|
|
crStopV;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
s->env_ok++;
|
|
|
|
}
|
|
|
|
|
|
|
|
s->env_left--;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (s->env_ok == s->num_env) {
|
|
|
|
logevent("All environment variables successfully set");
|
|
|
|
} else if (s->env_ok == 0) {
|
|
|
|
logevent("All environment variables refused");
|
|
|
|
c_write_str(ssh, "Server refused to set environment variables\r\n");
|
|
|
|
} else {
|
|
|
|
logeventf(ssh, "%d environment variables refused",
|
|
|
|
s->num_env - s->env_ok);
|
|
|
|
c_write_str(ssh, "Server refused to set all environment variables\r\n");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
/*
|
2001-08-26 18:32:28 +00:00
|
|
|
* Start a shell or a remote command. We may have to attempt
|
|
|
|
* this twice if the config data has provided a second choice
|
|
|
|
* of command.
|
2000-09-07 16:33:49 +00:00
|
|
|
*/
|
2004-10-13 13:43:11 +00:00
|
|
|
if (ssh->mainchan) while (1) {
|
2001-08-26 18:32:28 +00:00
|
|
|
int subsys;
|
|
|
|
char *cmd;
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->fallback_cmd) {
|
2003-01-12 14:48:29 +00:00
|
|
|
subsys = ssh->cfg.ssh_subsys2;
|
|
|
|
cmd = ssh->cfg.remote_cmd_ptr2;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2003-01-12 14:48:29 +00:00
|
|
|
subsys = ssh->cfg.ssh_subsys;
|
|
|
|
cmd = ssh->cfg.remote_cmd_ptr;
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
|
|
|
ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
|
2001-08-26 18:32:28 +00:00
|
|
|
if (subsys) {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring(s->pktout, "subsystem");
|
|
|
|
ssh2_pkt_addbool(s->pktout, 1); /* want reply */
|
|
|
|
ssh2_pkt_addstring(s->pktout, cmd);
|
2001-08-26 18:32:28 +00:00
|
|
|
} else if (*cmd) {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring(s->pktout, "exec");
|
|
|
|
ssh2_pkt_addbool(s->pktout, 1); /* want reply */
|
|
|
|
ssh2_pkt_addstring(s->pktout, cmd);
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring(s->pktout, "shell");
|
|
|
|
ssh2_pkt_addbool(s->pktout, 1); /* want reply */
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_send(ssh, s->pktout);
|
2004-11-24 20:35:15 +00:00
|
|
|
|
|
|
|
crWaitUntilV(pktin);
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
|
|
|
|
if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Unexpected response to shell/command request:"
|
2004-11-24 18:45:52 +00:00
|
|
|
" packet type %d", pktin->type));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
|
|
|
/*
|
|
|
|
* We failed to start the command. If this is the
|
|
|
|
* fallback command, we really are finished; if it's
|
|
|
|
* not, and if the fallback command exists, try falling
|
|
|
|
* back to it before complaining.
|
|
|
|
*/
|
2003-01-12 14:48:29 +00:00
|
|
|
if (!ssh->fallback_cmd && ssh->cfg.remote_cmd_ptr2 != NULL) {
|
2001-08-26 18:32:28 +00:00
|
|
|
logevent("Primary command failed; attempting fallback");
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->fallback_cmd = TRUE;
|
2001-08-26 18:32:28 +00:00
|
|
|
continue;
|
|
|
|
}
|
2003-03-31 11:22:30 +00:00
|
|
|
bombout(("Server refused to start a shell/command"));
|
2003-04-23 13:48:09 +00:00
|
|
|
crStopV;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
|
|
|
logevent("Started a shell/command");
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2001-08-26 18:32:28 +00:00
|
|
|
break;
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->state = SSH_STATE_SESSION;
|
|
|
|
if (ssh->size_needed)
|
|
|
|
ssh_size(ssh, ssh->term_width, ssh->term_height);
|
|
|
|
if (ssh->eof_needed)
|
|
|
|
ssh_special(ssh, TS_EOF);
|
2000-10-24 09:49:03 +00:00
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
/*
|
|
|
|
* Transfer data!
|
|
|
|
*/
|
2002-10-26 10:16:19 +00:00
|
|
|
if (ssh->ldisc)
|
|
|
|
ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
|
2004-10-13 13:43:11 +00:00
|
|
|
if (ssh->mainchan)
|
|
|
|
ssh->send_ok = 1;
|
2000-09-07 16:33:49 +00:00
|
|
|
while (1) {
|
2000-09-05 14:28:17 +00:00
|
|
|
crReturnV;
|
2002-10-25 11:30:33 +00:00
|
|
|
s->try_send = FALSE;
|
2004-11-24 18:45:52 +00:00
|
|
|
if (pktin) {
|
2004-10-18 00:41:48 +00:00
|
|
|
|
2004-11-27 15:32:45 +00:00
|
|
|
/*
|
|
|
|
* _All_ the connection-layer packets we expect to
|
|
|
|
* receive are now handled by the dispatch table.
|
|
|
|
* Anything that reaches here must be bogus.
|
|
|
|
*/
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2004-11-27 15:32:45 +00:00
|
|
|
bombout(("Strange packet received: type %d", pktin->type));
|
|
|
|
crStopV;
|
2004-10-13 13:43:11 +00:00
|
|
|
} else if (ssh->mainchan) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* We have spare data. Add it to the channel buffer.
|
|
|
|
*/
|
2003-01-05 13:43:02 +00:00
|
|
|
ssh2_add_channel_data(ssh->mainchan, (char *)in, inlen);
|
2002-10-25 11:30:33 +00:00
|
|
|
s->try_send = TRUE;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (s->try_send) {
|
2001-05-06 14:35:20 +00:00
|
|
|
int i;
|
|
|
|
struct ssh_channel *c;
|
|
|
|
/*
|
|
|
|
* Try to send data on all channels if we can.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
|
2003-01-11 10:05:29 +00:00
|
|
|
int bufsize;
|
|
|
|
if (c->closes)
|
|
|
|
continue; /* don't send on closing channels */
|
|
|
|
bufsize = ssh2_try_send(c);
|
2001-08-25 17:09:23 +00:00
|
|
|
if (bufsize == 0) {
|
|
|
|
switch (c->type) {
|
|
|
|
case CHAN_MAINSESSION:
|
|
|
|
/* stdin need not receive an unthrottle
|
|
|
|
* notification since it will be polled */
|
|
|
|
break;
|
|
|
|
case CHAN_X11:
|
|
|
|
x11_unthrottle(c->u.x11.s);
|
|
|
|
break;
|
|
|
|
case CHAN_AGENT:
|
|
|
|
/* agent sockets are request/response and need no
|
|
|
|
* buffer management */
|
|
|
|
break;
|
|
|
|
case CHAN_SOCKDATA:
|
|
|
|
pfd_unthrottle(c->u.pfd.s);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
2000-09-05 14:28:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
crFinishV;
|
|
|
|
}
|
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
/*
|
|
|
|
* Handlers for SSH2 messages that might arrive at any moment.
|
|
|
|
*/
|
|
|
|
void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
/* log reason code in disconnect message */
|
|
|
|
char *buf, *msg;
|
|
|
|
int nowlen, reason, msglen;
|
|
|
|
|
|
|
|
reason = ssh_pkt_getuint32(pktin);
|
|
|
|
ssh_pkt_getstring(pktin, &msg, &msglen);
|
|
|
|
|
|
|
|
if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
|
|
|
|
buf = dupprintf("Received disconnect message (%s)",
|
|
|
|
ssh2_disconnect_reasons[reason]);
|
|
|
|
} else {
|
|
|
|
buf = dupprintf("Received disconnect message (unknown"
|
|
|
|
" type %d)", reason);
|
|
|
|
}
|
|
|
|
logevent(buf);
|
|
|
|
sfree(buf);
|
|
|
|
buf = dupprintf("Disconnection message text: %n%.*s",
|
|
|
|
&nowlen, msglen, msg);
|
|
|
|
logevent(buf);
|
|
|
|
bombout(("Server sent disconnect message\ntype %d (%s):\n\"%s\"",
|
|
|
|
reason,
|
|
|
|
(reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
|
|
|
|
ssh2_disconnect_reasons[reason] : "unknown",
|
|
|
|
buf+nowlen));
|
|
|
|
sfree(buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
void ssh2_msg_debug(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
/* log the debug message */
|
|
|
|
char *buf, *msg;
|
|
|
|
int msglen;
|
|
|
|
int always_display;
|
|
|
|
|
|
|
|
/* XXX maybe we should actually take notice of this */
|
|
|
|
always_display = ssh2_pkt_getbool(pktin);
|
|
|
|
ssh_pkt_getstring(pktin, &msg, &msglen);
|
|
|
|
|
|
|
|
buf = dupprintf("Remote debug message: %.*s", msglen, msg);
|
|
|
|
logevent(buf);
|
|
|
|
sfree(buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
|
|
|
|
{
|
|
|
|
struct Packet *pktout;
|
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED);
|
|
|
|
ssh2_pkt_adduint32(pktout, pktin->sequence);
|
|
|
|
/*
|
|
|
|
* UNIMPLEMENTED messages MUST appear in the same order as the
|
|
|
|
* messages they respond to. Hence, never queue them.
|
|
|
|
*/
|
|
|
|
ssh2_pkt_send_noqueue(ssh, pktout);
|
|
|
|
}
|
|
|
|
|
2000-09-07 16:33:49 +00:00
|
|
|
/*
|
|
|
|
* Handle the top-level SSH2 protocol.
|
|
|
|
*/
|
2004-11-24 20:35:15 +00:00
|
|
|
static void ssh2_protocol_setup(Ssh ssh)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Most messages cause SSH2_MSG_UNIMPLEMENTED.
|
|
|
|
*/
|
|
|
|
for (i = 0; i < 256; i++)
|
|
|
|
ssh->packet_dispatch[i] = ssh2_msg_something_unimplemented;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Any message we actually understand, we set to NULL so that
|
|
|
|
* the coroutines will get it.
|
|
|
|
*/
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_UNIMPLEMENTED] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_SERVICE_REQUEST] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_KEXINIT] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_NEWKEYS] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_KEXDH_INIT] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_KEXDH_REPLY] = NULL;
|
|
|
|
/* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REQUEST] = NULL; duplicate case value */
|
|
|
|
/* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_GROUP] = NULL; duplicate case value */
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_INIT] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REPLY] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = NULL;
|
|
|
|
/* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = NULL; duplicate case value */
|
|
|
|
/* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = NULL; duplicate case value */
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = NULL;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* These special message types we install handlers for.
|
|
|
|
*/
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with ssh1 */
|
|
|
|
ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
|
|
|
|
}
|
|
|
|
|
2004-11-27 14:29:20 +00:00
|
|
|
static void ssh2_timer(void *ctx, long now)
|
|
|
|
{
|
|
|
|
Ssh ssh = (Ssh)ctx;
|
|
|
|
|
2004-12-28 14:10:32 +00:00
|
|
|
if (!ssh->kex_in_progress && ssh->cfg.ssh_rekey_time != 0 &&
|
2004-11-27 14:29:20 +00:00
|
|
|
now - ssh->next_rekey >= 0) {
|
|
|
|
do_ssh2_transport(ssh, "Initiating key re-exchange (timeout)",
|
|
|
|
-1, NULL);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-11-24 18:45:52 +00:00
|
|
|
static void ssh2_protocol(Ssh ssh, unsigned char *in, int inlen,
|
|
|
|
struct Packet *pktin)
|
2000-09-07 16:33:49 +00:00
|
|
|
{
|
2004-11-24 20:35:15 +00:00
|
|
|
if (ssh->state == SSH_STATE_CLOSED)
|
|
|
|
return;
|
|
|
|
|
2004-11-27 14:29:20 +00:00
|
|
|
if (pktin) {
|
|
|
|
ssh->incoming_data_size += pktin->encrypted_len;
|
|
|
|
if (!ssh->kex_in_progress &&
|
2004-12-24 13:39:32 +00:00
|
|
|
ssh->max_data_size != 0 &&
|
|
|
|
ssh->incoming_data_size > ssh->max_data_size)
|
2004-11-27 14:29:20 +00:00
|
|
|
do_ssh2_transport(ssh, "Initiating key re-exchange "
|
|
|
|
"(too much data received)", -1, NULL);
|
|
|
|
}
|
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
if (pktin && ssh->packet_dispatch[pktin->type]) {
|
|
|
|
ssh->packet_dispatch[pktin->type](ssh, pktin);
|
2001-05-06 14:35:20 +00:00
|
|
|
return;
|
2004-11-24 20:35:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!ssh->protocol_initial_phase_done ||
|
|
|
|
(pktin && pktin->type >= 20 && pktin->type < 50)) {
|
|
|
|
if (do_ssh2_transport(ssh, in, inlen, pktin) &&
|
|
|
|
!ssh->protocol_initial_phase_done) {
|
|
|
|
ssh->protocol_initial_phase_done = TRUE;
|
|
|
|
/*
|
|
|
|
* Allow authconn to initialise itself.
|
|
|
|
*/
|
|
|
|
do_ssh2_authconn(ssh, NULL, 0, NULL);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
do_ssh2_authconn(ssh, in, inlen, pktin);
|
|
|
|
}
|
2000-09-07 16:33:49 +00:00
|
|
|
}
|
|
|
|
|
1999-01-08 13:02:13 +00:00
|
|
|
/*
|
2000-10-23 10:32:37 +00:00
|
|
|
* Called to set up the connection.
|
1999-01-08 13:02:13 +00:00
|
|
|
*
|
|
|
|
* Returns an error message, or NULL on success.
|
|
|
|
*/
|
2003-05-04 14:18:18 +00:00
|
|
|
static const char *ssh_init(void *frontend_handle, void **backend_handle,
|
|
|
|
Config *cfg,
|
2004-06-20 17:07:38 +00:00
|
|
|
char *host, int port, char **realhost, int nodelay,
|
|
|
|
int keepalive)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2003-05-04 14:18:18 +00:00
|
|
|
const char *p;
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh;
|
|
|
|
|
2003-03-29 16:14:26 +00:00
|
|
|
ssh = snew(struct ssh_tag);
|
2003-01-12 14:48:29 +00:00
|
|
|
ssh->cfg = *cfg; /* STRUCTURE COPY */
|
2003-04-04 20:21:05 +00:00
|
|
|
ssh->version = 0; /* when not ready yet */
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->s = NULL;
|
|
|
|
ssh->cipher = NULL;
|
2002-10-25 12:35:22 +00:00
|
|
|
ssh->v1_cipher_ctx = NULL;
|
2002-10-25 12:58:21 +00:00
|
|
|
ssh->crcda_ctx = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->cscipher = NULL;
|
2002-10-25 12:35:22 +00:00
|
|
|
ssh->cs_cipher_ctx = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->sccipher = NULL;
|
2002-10-25 12:35:22 +00:00
|
|
|
ssh->sc_cipher_ctx = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->csmac = NULL;
|
2002-10-26 12:58:13 +00:00
|
|
|
ssh->cs_mac_ctx = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->scmac = NULL;
|
2002-10-25 12:51:28 +00:00
|
|
|
ssh->sc_mac_ctx = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->cscomp = NULL;
|
2002-10-25 13:26:33 +00:00
|
|
|
ssh->cs_comp_ctx = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->sccomp = NULL;
|
2002-10-25 13:26:33 +00:00
|
|
|
ssh->sc_comp_ctx = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->kex = NULL;
|
2003-01-18 21:56:33 +00:00
|
|
|
ssh->kex_ctx = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->hostkey = NULL;
|
|
|
|
ssh->exitcode = -1;
|
|
|
|
ssh->state = SSH_STATE_PREPACKET;
|
|
|
|
ssh->size_needed = FALSE;
|
|
|
|
ssh->eof_needed = FALSE;
|
2002-10-26 10:16:19 +00:00
|
|
|
ssh->ldisc = NULL;
|
2002-10-26 12:58:13 +00:00
|
|
|
ssh->logctx = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->deferred_send_data = NULL;
|
|
|
|
ssh->deferred_len = 0;
|
|
|
|
ssh->deferred_size = 0;
|
|
|
|
ssh->fallback_cmd = 0;
|
|
|
|
ssh->pkt_ctx = 0;
|
2002-10-26 11:23:15 +00:00
|
|
|
ssh->x11auth = NULL;
|
2002-10-29 13:05:20 +00:00
|
|
|
ssh->v1_compressing = FALSE;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->v2_outgoing_sequence = 0;
|
|
|
|
ssh->ssh1_rdpkt_crstate = 0;
|
|
|
|
ssh->ssh2_rdpkt_crstate = 0;
|
|
|
|
ssh->do_ssh_init_crstate = 0;
|
|
|
|
ssh->ssh_gotdata_crstate = 0;
|
2004-11-24 20:35:15 +00:00
|
|
|
ssh->do_ssh1_connection_crstate = 0;
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->do_ssh1_login_crstate = 0;
|
|
|
|
ssh->do_ssh2_transport_crstate = 0;
|
|
|
|
ssh->do_ssh2_authconn_crstate = 0;
|
|
|
|
ssh->do_ssh_init_state = NULL;
|
|
|
|
ssh->do_ssh1_login_state = NULL;
|
|
|
|
ssh->do_ssh2_transport_state = NULL;
|
|
|
|
ssh->do_ssh2_authconn_state = NULL;
|
2002-10-29 14:41:10 +00:00
|
|
|
ssh->mainchan = NULL;
|
2002-11-01 12:59:09 +00:00
|
|
|
ssh->throttled_all = 0;
|
|
|
|
ssh->v1_stdout_throttling = 0;
|
2004-11-24 19:23:02 +00:00
|
|
|
ssh->queue = NULL;
|
|
|
|
ssh->queuelen = ssh->queuesize = 0;
|
|
|
|
ssh->queueing = FALSE;
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
ssh->qhead = ssh->qtail = NULL;
|
2002-10-25 11:30:33 +00:00
|
|
|
|
|
|
|
*backend_handle = ssh;
|
2001-05-06 14:35:20 +00:00
|
|
|
|
2000-03-24 09:45:49 +00:00
|
|
|
#ifdef MSCRYPTOAPI
|
2001-05-06 14:35:20 +00:00
|
|
|
if (crypto_startup() == 0)
|
2000-03-24 09:45:49 +00:00
|
|
|
return "Microsoft high encryption pack not installed!";
|
|
|
|
#endif
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->frontend = frontend_handle;
|
2003-01-12 14:48:29 +00:00
|
|
|
ssh->term_width = ssh->cfg.width;
|
|
|
|
ssh->term_height = ssh->cfg.height;
|
2002-10-22 16:11:33 +00:00
|
|
|
|
2003-01-15 23:30:21 +00:00
|
|
|
ssh->channels = NULL;
|
|
|
|
ssh->rportfwds = NULL;
|
2004-12-28 16:18:17 +00:00
|
|
|
ssh->portfwds = NULL;
|
2003-01-15 23:30:21 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->send_ok = 0;
|
|
|
|
ssh->editing = 0;
|
|
|
|
ssh->echoing = 0;
|
|
|
|
ssh->v1_throttle_count = 0;
|
|
|
|
ssh->overall_bufsize = 0;
|
|
|
|
ssh->fallback_cmd = 0;
|
2000-10-23 10:32:37 +00:00
|
|
|
|
2003-01-07 22:45:12 +00:00
|
|
|
ssh->protocol = NULL;
|
|
|
|
|
2004-11-24 20:35:15 +00:00
|
|
|
ssh->protocol_initial_phase_done = FALSE;
|
|
|
|
|
2004-11-27 13:20:21 +00:00
|
|
|
ssh->pinger = NULL;
|
|
|
|
|
2004-11-27 14:29:20 +00:00
|
|
|
ssh->incoming_data_size = ssh->outgoing_data_size =
|
|
|
|
ssh->deferred_data_size = 0L;
|
2004-12-24 13:39:32 +00:00
|
|
|
ssh->max_data_size = parse_blocksize(ssh->cfg.ssh_rekey_data);
|
2004-11-27 14:29:20 +00:00
|
|
|
ssh->kex_in_progress = FALSE;
|
|
|
|
|
2004-06-20 17:07:38 +00:00
|
|
|
p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
|
2000-06-22 12:18:34 +00:00
|
|
|
if (p != NULL)
|
|
|
|
return p;
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2004-11-27 19:56:38 +00:00
|
|
|
random_ref();
|
|
|
|
|
1999-01-08 13:02:13 +00:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2003-01-15 23:30:21 +00:00
|
|
|
static void ssh_free(void *handle)
|
|
|
|
{
|
|
|
|
Ssh ssh = (Ssh) handle;
|
|
|
|
struct ssh_channel *c;
|
|
|
|
struct ssh_rportfwd *pf;
|
|
|
|
|
|
|
|
if (ssh->v1_cipher_ctx)
|
|
|
|
ssh->cipher->free_context(ssh->v1_cipher_ctx);
|
|
|
|
if (ssh->cs_cipher_ctx)
|
|
|
|
ssh->cscipher->free_context(ssh->cs_cipher_ctx);
|
|
|
|
if (ssh->sc_cipher_ctx)
|
|
|
|
ssh->sccipher->free_context(ssh->sc_cipher_ctx);
|
|
|
|
if (ssh->cs_mac_ctx)
|
|
|
|
ssh->csmac->free_context(ssh->cs_mac_ctx);
|
|
|
|
if (ssh->sc_mac_ctx)
|
|
|
|
ssh->scmac->free_context(ssh->sc_mac_ctx);
|
2004-01-18 09:14:41 +00:00
|
|
|
if (ssh->cs_comp_ctx) {
|
|
|
|
if (ssh->cscomp)
|
|
|
|
ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
|
|
|
|
else
|
|
|
|
zlib_compress_cleanup(ssh->cs_comp_ctx);
|
|
|
|
}
|
|
|
|
if (ssh->sc_comp_ctx) {
|
|
|
|
if (ssh->sccomp)
|
|
|
|
ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
|
|
|
|
else
|
|
|
|
zlib_decompress_cleanup(ssh->sc_comp_ctx);
|
|
|
|
}
|
2003-01-15 23:30:21 +00:00
|
|
|
if (ssh->kex_ctx)
|
|
|
|
dh_cleanup(ssh->kex_ctx);
|
|
|
|
sfree(ssh->savedhost);
|
|
|
|
|
2004-11-24 19:23:02 +00:00
|
|
|
while (ssh->queuelen-- > 0)
|
|
|
|
ssh_free_packet(ssh->queue[ssh->queuelen]);
|
|
|
|
sfree(ssh->queue);
|
|
|
|
|
Abstracted out the rather large port-forwarding setup code into a
routine which is common between SSH1 and SSH2. Since this routine is
not part of the coroutine system, this means it can't sit and wait
to get its various success/failure responses back. Hence, I've
introduced a system of queued packet handlers, each of which waits
for exactly one of a pair of messages (SSH1_SMSG_{SUCCESS,FAILURE}
or SSH2_MSG_REQUEST_{SUCCESS,FAILURE}), handles it when it arrives,
and automatically de-registers itself. Hence the port-forwarding
setup code can be called once, and then subsequent packets related
to it will automatically be handled as they arrive.
The real purpose of all this is that the infrastructure is now there
for me to arrange mid-session configurability of port forwarding.
However, a side benefit is that fewer round trips are involved in
session startup. I'd quite like to move more of the connection setup
(X forwarding, agent forwarding, pty allocation etc) to using the
new queued handler mechanism for this reason.
[originally from svn r5029]
2004-12-28 14:04:58 +00:00
|
|
|
while (ssh->qhead) {
|
|
|
|
struct queued_handler *qh = ssh->qhead;
|
|
|
|
ssh->qhead = qh->next;
|
|
|
|
sfree(ssh->qhead);
|
|
|
|
}
|
|
|
|
ssh->qhead = ssh->qtail = NULL;
|
|
|
|
|
2003-01-15 23:30:21 +00:00
|
|
|
if (ssh->channels) {
|
|
|
|
while ((c = delpos234(ssh->channels, 0)) != NULL) {
|
|
|
|
switch (c->type) {
|
|
|
|
case CHAN_X11:
|
|
|
|
if (c->u.x11.s != NULL)
|
|
|
|
x11_close(c->u.x11.s);
|
|
|
|
break;
|
|
|
|
case CHAN_SOCKDATA:
|
|
|
|
if (c->u.pfd.s != NULL)
|
|
|
|
pfd_close(c->u.pfd.s);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
sfree(c);
|
|
|
|
}
|
|
|
|
freetree234(ssh->channels);
|
2004-12-02 13:37:28 +00:00
|
|
|
ssh->channels = NULL;
|
2003-01-15 23:30:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (ssh->rportfwds) {
|
|
|
|
while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
|
|
|
|
sfree(pf);
|
|
|
|
freetree234(ssh->rportfwds);
|
2004-12-02 13:37:28 +00:00
|
|
|
ssh->rportfwds = NULL;
|
2003-01-15 23:30:21 +00:00
|
|
|
}
|
|
|
|
sfree(ssh->deferred_send_data);
|
|
|
|
if (ssh->x11auth)
|
|
|
|
x11_free_auth(ssh->x11auth);
|
|
|
|
sfree(ssh->do_ssh_init_state);
|
|
|
|
sfree(ssh->do_ssh1_login_state);
|
|
|
|
sfree(ssh->do_ssh2_transport_state);
|
|
|
|
sfree(ssh->do_ssh2_authconn_state);
|
2003-12-19 12:44:46 +00:00
|
|
|
if (ssh->crcda_ctx) {
|
|
|
|
crcda_free_context(ssh->crcda_ctx);
|
|
|
|
ssh->crcda_ctx = NULL;
|
|
|
|
}
|
2003-01-15 23:30:21 +00:00
|
|
|
if (ssh->s)
|
2003-04-25 11:48:24 +00:00
|
|
|
ssh_do_close(ssh);
|
2004-11-27 14:29:20 +00:00
|
|
|
expire_timer_context(ssh);
|
2004-11-27 13:20:21 +00:00
|
|
|
if (ssh->pinger)
|
|
|
|
pinger_free(ssh->pinger);
|
2004-12-16 15:38:39 +00:00
|
|
|
sfree(ssh);
|
2004-11-27 19:56:38 +00:00
|
|
|
|
|
|
|
random_unref();
|
2003-01-15 23:30:21 +00:00
|
|
|
}
|
|
|
|
|
2003-01-12 14:48:29 +00:00
|
|
|
/*
|
|
|
|
* Reconfigure the SSH backend.
|
|
|
|
*/
|
|
|
|
static void ssh_reconfig(void *handle, Config *cfg)
|
|
|
|
{
|
|
|
|
Ssh ssh = (Ssh) handle;
|
2004-12-28 14:10:32 +00:00
|
|
|
char *rekeying = NULL;
|
|
|
|
unsigned long old_max_data_size;
|
|
|
|
|
2004-11-27 13:20:21 +00:00
|
|
|
pinger_reconfig(ssh->pinger, &ssh->cfg, cfg);
|
2004-12-28 14:07:05 +00:00
|
|
|
ssh_setup_portfwd(ssh, cfg);
|
2004-12-28 14:10:32 +00:00
|
|
|
|
|
|
|
if (ssh->cfg.ssh_rekey_time != cfg->ssh_rekey_time &&
|
|
|
|
cfg->ssh_rekey_time != 0) {
|
|
|
|
long new_next = ssh->last_rekey + cfg->ssh_rekey_time*60*TICKSPERSEC;
|
|
|
|
long now = GETTICKCOUNT();
|
|
|
|
|
|
|
|
if (new_next - now < 0) {
|
|
|
|
rekeying = "Initiating key re-exchange (timeout shortened)";
|
|
|
|
} else {
|
|
|
|
ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
old_max_data_size = ssh->max_data_size;
|
|
|
|
ssh->max_data_size = parse_blocksize(cfg->ssh_rekey_data);
|
|
|
|
if (old_max_data_size != ssh->max_data_size &&
|
|
|
|
ssh->max_data_size != 0) {
|
|
|
|
if (ssh->outgoing_data_size > ssh->max_data_size ||
|
|
|
|
ssh->incoming_data_size > ssh->max_data_size)
|
|
|
|
rekeying = "Initiating key re-exchange (data limit lowered)";
|
|
|
|
}
|
|
|
|
|
|
|
|
if (rekeying && !ssh->kex_in_progress) {
|
|
|
|
do_ssh2_transport(ssh, rekeying, -1, NULL);
|
|
|
|
}
|
|
|
|
|
2003-01-12 14:48:29 +00:00
|
|
|
ssh->cfg = *cfg; /* STRUCTURE COPY */
|
|
|
|
}
|
|
|
|
|
1999-01-08 13:02:13 +00:00
|
|
|
/*
|
|
|
|
* Called to send data down the Telnet connection.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
static int ssh_send(void *handle, char *buf, int len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
|
|
|
|
|
|
|
if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
|
2001-08-25 17:09:23 +00:00
|
|
|
return 0;
|
1999-01-08 13:02:13 +00:00
|
|
|
|
2003-01-05 13:43:02 +00:00
|
|
|
ssh->protocol(ssh, (unsigned char *)buf, len, 0);
|
2001-08-25 17:09:23 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
return ssh_sendbuffer(ssh);
|
2001-08-25 17:09:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Called to query the current amount of buffered stdin data.
|
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
static int ssh_sendbuffer(void *handle)
|
2001-08-25 17:09:23 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
2001-08-25 17:09:23 +00:00
|
|
|
int override_value;
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
|
2001-08-25 17:09:23 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the SSH socket itself has backed up, add the total backup
|
|
|
|
* size on that to any individual buffer on the stdin channel.
|
|
|
|
*/
|
|
|
|
override_value = 0;
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->throttled_all)
|
|
|
|
override_value = ssh->overall_bufsize;
|
2001-08-25 17:09:23 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->version == 1) {
|
2001-08-25 17:09:23 +00:00
|
|
|
return override_value;
|
2002-10-25 11:30:33 +00:00
|
|
|
} else if (ssh->version == 2) {
|
|
|
|
if (!ssh->mainchan || ssh->mainchan->closes > 0)
|
2001-08-25 17:09:23 +00:00
|
|
|
return override_value;
|
|
|
|
else
|
2002-10-25 11:30:33 +00:00
|
|
|
return (override_value +
|
|
|
|
bufchain_size(&ssh->mainchan->v.v2.outbuffer));
|
2001-08-25 17:09:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2000-10-24 09:49:03 +00:00
|
|
|
* Called to set the size of the window from SSH's POV.
|
1999-01-08 13:02:13 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
static void ssh_size(void *handle, int width, int height)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktout;
|
2002-10-25 11:30:33 +00:00
|
|
|
|
|
|
|
ssh->term_width = width;
|
|
|
|
ssh->term_height = height;
|
2002-10-23 12:41:35 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
switch (ssh->state) {
|
1999-01-08 13:02:13 +00:00
|
|
|
case SSH_STATE_BEFORE_SIZE:
|
2001-01-08 13:57:45 +00:00
|
|
|
case SSH_STATE_PREPACKET:
|
1999-03-23 17:21:44 +00:00
|
|
|
case SSH_STATE_CLOSED:
|
1999-01-08 13:02:13 +00:00
|
|
|
break; /* do nothing */
|
|
|
|
case SSH_STATE_INTERMED:
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->size_needed = TRUE; /* buffer for later */
|
1999-01-08 13:02:13 +00:00
|
|
|
break;
|
|
|
|
case SSH_STATE_SESSION:
|
2003-01-12 14:48:29 +00:00
|
|
|
if (!ssh->cfg.nopty) {
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->version == 1) {
|
|
|
|
send_packet(ssh, SSH1_CMSG_WINDOW_SIZE,
|
|
|
|
PKT_INT, ssh->term_height,
|
|
|
|
PKT_INT, ssh->term_width,
|
2001-05-06 14:35:20 +00:00
|
|
|
PKT_INT, 0, PKT_INT, 0, PKT_END);
|
2004-10-13 13:43:11 +00:00
|
|
|
} else if (ssh->mainchan) {
|
2004-11-24 18:45:52 +00:00
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
|
|
|
ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
|
|
|
|
ssh2_pkt_addstring(pktout, "window-change");
|
|
|
|
ssh2_pkt_addbool(pktout, 0);
|
|
|
|
ssh2_pkt_adduint32(pktout, ssh->term_width);
|
|
|
|
ssh2_pkt_adduint32(pktout, ssh->term_height);
|
|
|
|
ssh2_pkt_adduint32(pktout, 0);
|
|
|
|
ssh2_pkt_adduint32(pktout, 0);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2003-04-04 20:21:05 +00:00
|
|
|
/*
|
|
|
|
* Return a list of the special codes that make sense in this
|
|
|
|
* protocol.
|
|
|
|
*/
|
|
|
|
static const struct telnet_special *ssh_get_specials(void *handle)
|
|
|
|
{
|
2004-12-24 10:04:28 +00:00
|
|
|
static const struct telnet_special ssh1_ignore_special[] = {
|
|
|
|
{"IGNORE message", TS_NOP}
|
|
|
|
};
|
|
|
|
static const struct telnet_special ssh2_transport_specials[] = {
|
2004-10-17 15:32:42 +00:00
|
|
|
{"IGNORE message", TS_NOP},
|
2004-11-27 14:29:20 +00:00
|
|
|
{"Repeat key exchange", TS_REKEY},
|
2004-10-17 15:32:42 +00:00
|
|
|
};
|
|
|
|
static const struct telnet_special ssh2_session_specials[] = {
|
2004-10-17 21:22:22 +00:00
|
|
|
{NULL, TS_SEP},
|
|
|
|
{"Break", TS_BRK},
|
2004-12-24 10:04:28 +00:00
|
|
|
/* These are the signal names defined by draft-ietf-secsh-connect-23.
|
2004-10-17 21:22:22 +00:00
|
|
|
* They include all the ISO C signals, but are a subset of the POSIX
|
|
|
|
* required signals. */
|
|
|
|
{"SIGINT (Interrupt)", TS_SIGINT},
|
|
|
|
{"SIGTERM (Terminate)", TS_SIGTERM},
|
|
|
|
{"SIGKILL (Kill)", TS_SIGKILL},
|
|
|
|
{"SIGQUIT (Quit)", TS_SIGQUIT},
|
|
|
|
{"SIGHUP (Hangup)", TS_SIGHUP},
|
|
|
|
{"More signals", TS_SUBMENU},
|
|
|
|
{"SIGABRT", TS_SIGABRT}, {"SIGALRM", TS_SIGALRM},
|
|
|
|
{"SIGFPE", TS_SIGFPE}, {"SIGILL", TS_SIGILL},
|
|
|
|
{"SIGPIPE", TS_SIGPIPE}, {"SIGSEGV", TS_SIGSEGV},
|
|
|
|
{"SIGUSR1", TS_SIGUSR1}, {"SIGUSR2", TS_SIGUSR2},
|
|
|
|
{NULL, TS_EXITMENU}
|
2004-10-17 15:32:42 +00:00
|
|
|
};
|
|
|
|
static const struct telnet_special specials_end[] = {
|
2004-10-17 21:22:22 +00:00
|
|
|
{NULL, TS_EXITMENU}
|
2004-10-17 15:32:42 +00:00
|
|
|
};
|
2004-12-24 10:04:28 +00:00
|
|
|
/* XXX review this length for any changes: */
|
|
|
|
static struct telnet_special ssh_specials[lenof(ssh2_transport_specials) +
|
2004-10-17 15:32:42 +00:00
|
|
|
lenof(ssh2_session_specials) +
|
|
|
|
lenof(specials_end)];
|
2003-04-04 20:21:05 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
2004-10-17 15:32:42 +00:00
|
|
|
int i = 0;
|
|
|
|
#define ADD_SPECIALS(name) \
|
|
|
|
do { \
|
|
|
|
assert((i + lenof(name)) <= lenof(ssh_specials)); \
|
|
|
|
memcpy(&ssh_specials[i], name, sizeof name); \
|
|
|
|
i += lenof(name); \
|
|
|
|
} while(0)
|
2003-04-04 20:21:05 +00:00
|
|
|
|
|
|
|
if (ssh->version == 1) {
|
2004-10-17 15:32:42 +00:00
|
|
|
/* Don't bother offering IGNORE if we've decided the remote
|
|
|
|
* won't cope with it, since we wouldn't bother sending it if
|
|
|
|
* asked anyway. */
|
|
|
|
if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
|
2004-12-24 10:04:28 +00:00
|
|
|
ADD_SPECIALS(ssh1_ignore_special);
|
2003-04-04 20:21:05 +00:00
|
|
|
} else if (ssh->version == 2) {
|
2004-12-24 10:04:28 +00:00
|
|
|
ADD_SPECIALS(ssh2_transport_specials);
|
2004-10-17 15:32:42 +00:00
|
|
|
if (ssh->mainchan)
|
|
|
|
ADD_SPECIALS(ssh2_session_specials);
|
|
|
|
} /* else we're not ready yet */
|
|
|
|
|
|
|
|
if (i) {
|
|
|
|
ADD_SPECIALS(specials_end);
|
|
|
|
return ssh_specials;
|
|
|
|
} else {
|
2003-04-04 20:21:05 +00:00
|
|
|
return NULL;
|
2004-10-17 15:32:42 +00:00
|
|
|
}
|
|
|
|
#undef ADD_SPECIALS
|
2003-04-04 20:21:05 +00:00
|
|
|
}
|
|
|
|
|
1999-01-08 13:02:13 +00:00
|
|
|
/*
|
2000-09-08 15:24:19 +00:00
|
|
|
* Send Telnet special codes. TS_EOF is useful for `plink', so you
|
|
|
|
* can send an EOF and collect resulting output (e.g. `plink
|
|
|
|
* hostname sort').
|
1999-01-08 13:02:13 +00:00
|
|
|
*/
|
2002-10-25 11:30:33 +00:00
|
|
|
static void ssh_special(void *handle, Telnet_Special code)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktout;
|
2002-10-25 11:30:33 +00:00
|
|
|
|
2000-09-08 15:24:19 +00:00
|
|
|
if (code == TS_EOF) {
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->state != SSH_STATE_SESSION) {
|
2001-05-06 14:35:20 +00:00
|
|
|
/*
|
|
|
|
* Buffer the EOF in case we are pre-SESSION, so we can
|
|
|
|
* send it as soon as we reach SESSION.
|
|
|
|
*/
|
|
|
|
if (code == TS_EOF)
|
2002-10-25 11:30:33 +00:00
|
|
|
ssh->eof_needed = TRUE;
|
2001-05-06 14:35:20 +00:00
|
|
|
return;
|
|
|
|
}
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->version == 1) {
|
|
|
|
send_packet(ssh, SSH1_CMSG_EOF, PKT_END);
|
2004-10-13 13:43:11 +00:00
|
|
|
} else if (ssh->mainchan) {
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_EOF);
|
|
|
|
ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
|
|
|
logevent("Sent EOF message");
|
2003-04-04 20:21:05 +00:00
|
|
|
} else if (code == TS_PING || code == TS_NOP) {
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->state == SSH_STATE_CLOSED
|
|
|
|
|| ssh->state == SSH_STATE_PREPACKET) return;
|
|
|
|
if (ssh->version == 1) {
|
|
|
|
if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
|
|
|
|
send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
|
2001-05-06 14:35:20 +00:00
|
|
|
} else {
|
2004-11-24 18:45:52 +00:00
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
|
|
|
|
ssh2_pkt_addstring_start(pktout);
|
2004-11-24 19:23:02 +00:00
|
|
|
ssh2_pkt_send_noqueue(ssh, pktout);
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2004-11-27 14:29:20 +00:00
|
|
|
} else if (code == TS_REKEY) {
|
|
|
|
if (!ssh->kex_in_progress && ssh->version == 2) {
|
|
|
|
do_ssh2_transport(ssh, "Initiating key re-exchange at"
|
|
|
|
" user request", -1, NULL);
|
|
|
|
}
|
2003-04-04 20:21:05 +00:00
|
|
|
} else if (code == TS_BRK) {
|
|
|
|
if (ssh->state == SSH_STATE_CLOSED
|
|
|
|
|| ssh->state == SSH_STATE_PREPACKET) return;
|
|
|
|
if (ssh->version == 1) {
|
|
|
|
logevent("Unable to send BREAK signal in SSH1");
|
2004-10-13 13:43:11 +00:00
|
|
|
} else if (ssh->mainchan) {
|
2004-11-24 18:45:52 +00:00
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
|
|
|
ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
|
|
|
|
ssh2_pkt_addstring(pktout, "break");
|
|
|
|
ssh2_pkt_addbool(pktout, 0);
|
|
|
|
ssh2_pkt_adduint32(pktout, 0); /* default break length */
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
2003-04-04 20:21:05 +00:00
|
|
|
}
|
2000-09-08 15:24:19 +00:00
|
|
|
} else {
|
2004-10-17 21:22:22 +00:00
|
|
|
/* Is is a POSIX signal? */
|
|
|
|
char *signame = NULL;
|
|
|
|
if (code == TS_SIGABRT) signame = "ABRT";
|
|
|
|
if (code == TS_SIGALRM) signame = "ALRM";
|
|
|
|
if (code == TS_SIGFPE) signame = "FPE";
|
|
|
|
if (code == TS_SIGHUP) signame = "HUP";
|
|
|
|
if (code == TS_SIGILL) signame = "ILL";
|
|
|
|
if (code == TS_SIGINT) signame = "INT";
|
|
|
|
if (code == TS_SIGKILL) signame = "KILL";
|
|
|
|
if (code == TS_SIGPIPE) signame = "PIPE";
|
|
|
|
if (code == TS_SIGQUIT) signame = "QUIT";
|
|
|
|
if (code == TS_SIGSEGV) signame = "SEGV";
|
|
|
|
if (code == TS_SIGTERM) signame = "TERM";
|
|
|
|
if (code == TS_SIGUSR1) signame = "USR1";
|
|
|
|
if (code == TS_SIGUSR2) signame = "USR2";
|
|
|
|
/* The SSH-2 protocol does in principle support arbitrary named
|
|
|
|
* signals, including signame@domain, but we don't support those. */
|
|
|
|
if (signame) {
|
|
|
|
/* It's a signal. */
|
|
|
|
if (ssh->version == 2 && ssh->mainchan) {
|
2004-11-24 18:45:52 +00:00
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
|
|
|
|
ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
|
|
|
|
ssh2_pkt_addstring(pktout, "signal");
|
|
|
|
ssh2_pkt_addbool(pktout, 0);
|
|
|
|
ssh2_pkt_addstring(pktout, signame);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
2004-10-17 21:22:22 +00:00
|
|
|
logeventf(ssh, "Sent signal SIG%s", signame);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/* Never heard of it. Do nothing */
|
|
|
|
}
|
2000-09-08 15:24:19 +00:00
|
|
|
}
|
1999-01-08 13:02:13 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
void *new_sock_channel(void *handle, Socket s)
|
2001-08-08 20:44:35 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
2001-08-08 20:44:35 +00:00
|
|
|
struct ssh_channel *c;
|
2003-03-29 16:14:26 +00:00
|
|
|
c = snew(struct ssh_channel);
|
2002-10-25 11:30:33 +00:00
|
|
|
c->ssh = ssh;
|
2001-08-08 20:44:35 +00:00
|
|
|
|
|
|
|
if (c) {
|
2001-08-09 21:17:05 +00:00
|
|
|
c->remoteid = -1; /* to be set when open confirmed */
|
2002-10-25 11:30:33 +00:00
|
|
|
c->localid = alloc_channel_id(ssh);
|
2001-08-08 20:44:35 +00:00
|
|
|
c->closes = 0;
|
2001-08-09 21:17:05 +00:00
|
|
|
c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */
|
2001-08-08 20:44:35 +00:00
|
|
|
c->u.pfd.s = s;
|
2002-06-15 16:52:35 +00:00
|
|
|
bufchain_init(&c->v.v2.outbuffer);
|
2002-10-25 11:30:33 +00:00
|
|
|
add234(ssh->channels, c);
|
2001-08-08 20:44:35 +00:00
|
|
|
}
|
|
|
|
return c;
|
|
|
|
}
|
|
|
|
|
2001-08-25 17:09:23 +00:00
|
|
|
/*
|
|
|
|
* This is called when stdout/stderr (the entity to which
|
|
|
|
* from_backend sends data) manages to clear some backlog.
|
|
|
|
*/
|
2003-01-05 23:01:43 +00:00
|
|
|
static void ssh_unthrottle(void *handle, int bufsize)
|
2001-08-25 17:09:23 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
|
|
|
if (ssh->version == 1) {
|
|
|
|
if (ssh->v1_stdout_throttling && bufsize < SSH1_BUFFER_LIMIT) {
|
|
|
|
ssh->v1_stdout_throttling = 0;
|
|
|
|
ssh1_throttle(ssh, -1);
|
2001-08-25 17:09:23 +00:00
|
|
|
}
|
|
|
|
} else {
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->mainchan && ssh->mainchan->closes == 0)
|
|
|
|
ssh2_set_window(ssh->mainchan, OUR_V2_WINSIZE - bufsize);
|
2001-08-25 17:09:23 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-10-26 10:33:59 +00:00
|
|
|
void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
|
2001-08-08 20:44:35 +00:00
|
|
|
{
|
|
|
|
struct ssh_channel *c = (struct ssh_channel *)channel;
|
2002-10-26 10:33:59 +00:00
|
|
|
Ssh ssh = c->ssh;
|
2004-11-24 18:45:52 +00:00
|
|
|
struct Packet *pktout;
|
2001-08-08 20:44:35 +00:00
|
|
|
|
2002-11-07 19:49:03 +00:00
|
|
|
logeventf(ssh, "Opening forwarded connection to %s:%d", hostname, port);
|
2001-08-08 20:44:35 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
if (ssh->version == 1) {
|
|
|
|
send_packet(ssh, SSH1_MSG_PORT_OPEN,
|
2001-08-09 21:17:05 +00:00
|
|
|
PKT_INT, c->localid,
|
|
|
|
PKT_STR, hostname,
|
|
|
|
PKT_INT, port,
|
2004-12-30 15:29:38 +00:00
|
|
|
/* PKT_STR, <org:orgport>, */
|
2001-08-09 21:17:05 +00:00
|
|
|
PKT_END);
|
|
|
|
} else {
|
2004-11-24 18:45:52 +00:00
|
|
|
pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
|
|
|
|
ssh2_pkt_addstring(pktout, "direct-tcpip");
|
|
|
|
ssh2_pkt_adduint32(pktout, c->localid);
|
2001-08-25 17:09:23 +00:00
|
|
|
c->v.v2.locwindow = OUR_V2_WINSIZE;
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);/* our window size */
|
|
|
|
ssh2_pkt_adduint32(pktout, 0x4000UL); /* our max pkt size */
|
|
|
|
ssh2_pkt_addstring(pktout, hostname);
|
|
|
|
ssh2_pkt_adduint32(pktout, port);
|
2001-08-09 21:17:05 +00:00
|
|
|
/*
|
|
|
|
* We make up values for the originator data; partly it's
|
|
|
|
* too much hassle to keep track, and partly I'm not
|
|
|
|
* convinced the server should be told details like that
|
|
|
|
* about my local network configuration.
|
|
|
|
*/
|
2004-11-24 18:45:52 +00:00
|
|
|
ssh2_pkt_addstring(pktout, "client-side-connection");
|
|
|
|
ssh2_pkt_adduint32(pktout, 0);
|
|
|
|
ssh2_pkt_send(ssh, pktout);
|
2001-08-09 21:17:05 +00:00
|
|
|
}
|
2001-08-08 20:44:35 +00:00
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
static Socket ssh_socket(void *handle)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
|
|
|
return ssh->s;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2000-09-08 16:42:11 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
static int ssh_sendok(void *handle)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
|
|
|
return ssh->send_ok;
|
2001-05-06 14:35:20 +00:00
|
|
|
}
|
2000-06-22 12:18:34 +00:00
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
static int ssh_ldisc(void *handle, int option)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
2001-05-06 14:35:20 +00:00
|
|
|
if (option == LD_ECHO)
|
2002-10-25 11:30:33 +00:00
|
|
|
return ssh->echoing;
|
2001-05-06 14:35:20 +00:00
|
|
|
if (option == LD_EDIT)
|
2002-10-25 11:30:33 +00:00
|
|
|
return ssh->editing;
|
2001-01-24 14:08:20 +00:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2002-10-26 10:16:19 +00:00
|
|
|
static void ssh_provide_ldisc(void *handle, void *ldisc)
|
|
|
|
{
|
|
|
|
Ssh ssh = (Ssh) handle;
|
|
|
|
ssh->ldisc = ldisc;
|
|
|
|
}
|
|
|
|
|
2002-10-26 12:58:13 +00:00
|
|
|
static void ssh_provide_logctx(void *handle, void *logctx)
|
|
|
|
{
|
|
|
|
Ssh ssh = (Ssh) handle;
|
|
|
|
ssh->logctx = logctx;
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
static int ssh_return_exitcode(void *handle)
|
|
|
|
{
|
|
|
|
Ssh ssh = (Ssh) handle;
|
2003-03-31 13:15:51 +00:00
|
|
|
if (ssh->s != NULL)
|
|
|
|
return -1;
|
|
|
|
else
|
|
|
|
return (ssh->exitcode >= 0 ? ssh->exitcode : 0);
|
2002-10-25 11:30:33 +00:00
|
|
|
}
|
|
|
|
|
2004-12-29 12:32:25 +00:00
|
|
|
/*
|
|
|
|
* cfg_info for SSH is the currently running version of the
|
|
|
|
* protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
|
|
|
|
*/
|
|
|
|
static int ssh_cfg_info(void *handle)
|
|
|
|
{
|
|
|
|
Ssh ssh = (Ssh) handle;
|
|
|
|
return ssh->version;
|
|
|
|
}
|
|
|
|
|
2002-10-25 11:30:33 +00:00
|
|
|
/*
|
|
|
|
* Gross hack: pscp will try to start SFTP but fall back to scp1 if
|
|
|
|
* that fails. This variable is the means by which scp.c can reach
|
|
|
|
* into the SSH code and find out which one it got.
|
|
|
|
*/
|
|
|
|
extern int ssh_fallback_cmd(void *handle)
|
2001-12-29 15:31:42 +00:00
|
|
|
{
|
2002-10-25 11:30:33 +00:00
|
|
|
Ssh ssh = (Ssh) handle;
|
|
|
|
return ssh->fallback_cmd;
|
2001-12-29 15:31:42 +00:00
|
|
|
}
|
|
|
|
|
1999-01-08 13:02:13 +00:00
|
|
|
Backend ssh_backend = {
|
|
|
|
ssh_init,
|
2003-01-15 23:30:21 +00:00
|
|
|
ssh_free,
|
2003-01-12 14:48:29 +00:00
|
|
|
ssh_reconfig,
|
1999-01-08 13:02:13 +00:00
|
|
|
ssh_send,
|
2001-08-25 17:09:23 +00:00
|
|
|
ssh_sendbuffer,
|
1999-01-08 13:02:13 +00:00
|
|
|
ssh_size,
|
2000-09-08 14:45:20 +00:00
|
|
|
ssh_special,
|
2003-04-04 20:21:05 +00:00
|
|
|
ssh_get_specials,
|
2000-09-08 16:42:11 +00:00
|
|
|
ssh_socket,
|
2001-12-29 15:31:42 +00:00
|
|
|
ssh_return_exitcode,
|
2000-10-04 14:35:15 +00:00
|
|
|
ssh_sendok,
|
2001-01-24 14:08:20 +00:00
|
|
|
ssh_ldisc,
|
2002-10-26 10:16:19 +00:00
|
|
|
ssh_provide_ldisc,
|
2002-10-26 12:58:13 +00:00
|
|
|
ssh_provide_logctx,
|
2001-08-25 17:09:23 +00:00
|
|
|
ssh_unthrottle,
|
2004-12-29 12:32:25 +00:00
|
|
|
ssh_cfg_info,
|
2000-10-04 14:35:15 +00:00
|
|
|
22
|
2001-08-09 21:17:05 +00:00
|
|
|
};
|