mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 09:12:24 +00:00
Give BPPs a Frontend, so they can do their own logging.
The sshverstring quasi-frontend is passed a Frontend pointer at setup time, so that it can generate Event Log entries containing the local and remote version strings and the results of remote bug detection. I'm promoting that field of sshverstring to a field of the public BPP structure, so now all BPPs have the right to talk directly to the frontend if they want to. This means I can move all the log messages of the form 'Initialised so-and-so cipher/MAC/compression' down into the BPPs themselves, where they can live exactly alongside the actual initialisation of those primitives. It also means BPPs will be able to log interesting things they detect at any point in the packet stream, which is about to come in useful for another purpose.
This commit is contained in:
parent
36caf03a5b
commit
2e7ced6480
6
ssh.c
6
ssh.c
@ -172,7 +172,7 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
|
|||||||
int is_simple =
|
int is_simple =
|
||||||
(conf_get_int(ssh->conf, CONF_ssh_simple) && !ssh->connshare);
|
(conf_get_int(ssh->conf, CONF_ssh_simple) && !ssh->connshare);
|
||||||
|
|
||||||
ssh->bpp = ssh2_bpp_new(&ssh->stats);
|
ssh->bpp = ssh2_bpp_new(ssh->frontend, &ssh->stats);
|
||||||
ssh_connect_bpp(ssh);
|
ssh_connect_bpp(ssh);
|
||||||
|
|
||||||
#ifndef NO_GSSAPI
|
#ifndef NO_GSSAPI
|
||||||
@ -247,7 +247,7 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
|
|||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
ssh->bpp = ssh1_bpp_new();
|
ssh->bpp = ssh1_bpp_new(ssh->frontend);
|
||||||
ssh_connect_bpp(ssh);
|
ssh_connect_bpp(ssh);
|
||||||
|
|
||||||
connection_layer = ssh1_connection_new(ssh, ssh->conf, &ssh->cl);
|
connection_layer = ssh1_connection_new(ssh, ssh->conf, &ssh->cl);
|
||||||
@ -260,7 +260,7 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
|
|||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
ssh->bpp = ssh2_bare_bpp_new();
|
ssh->bpp = ssh2_bare_bpp_new(ssh->frontend);
|
||||||
ssh_connect_bpp(ssh);
|
ssh_connect_bpp(ssh);
|
||||||
|
|
||||||
connection_layer = ssh2_connection_new(
|
connection_layer = ssh2_connection_new(
|
||||||
|
2
ssh.h
2
ssh.h
@ -765,10 +765,12 @@ struct ssh_compression_alg {
|
|||||||
#define ssh_compressor_free(comp) ((comp)->vt->compress_free(comp))
|
#define ssh_compressor_free(comp) ((comp)->vt->compress_free(comp))
|
||||||
#define ssh_compressor_compress(comp, in, inlen, out, outlen, minlen) \
|
#define ssh_compressor_compress(comp, in, inlen, out, outlen, minlen) \
|
||||||
((comp)->vt->compress(comp, in, inlen, out, outlen, minlen))
|
((comp)->vt->compress(comp, in, inlen, out, outlen, minlen))
|
||||||
|
#define ssh_compressor_alg(comp) ((comp)->vt)
|
||||||
#define ssh_decompressor_new(alg) ((alg)->decompress_new())
|
#define ssh_decompressor_new(alg) ((alg)->decompress_new())
|
||||||
#define ssh_decompressor_free(comp) ((comp)->vt->decompress_free(comp))
|
#define ssh_decompressor_free(comp) ((comp)->vt->decompress_free(comp))
|
||||||
#define ssh_decompressor_decompress(comp, in, inlen, out, outlen) \
|
#define ssh_decompressor_decompress(comp, in, inlen, out, outlen) \
|
||||||
((comp)->vt->decompress(comp, in, inlen, out, outlen))
|
((comp)->vt->decompress(comp, in, inlen, out, outlen))
|
||||||
|
#define ssh_decompressor_alg(comp) ((comp)->vt)
|
||||||
|
|
||||||
struct ssh2_userkey {
|
struct ssh2_userkey {
|
||||||
ssh_key *key; /* the key itself */
|
ssh_key *key; /* the key itself */
|
||||||
|
10
ssh1bpp.c
10
ssh1bpp.c
@ -43,11 +43,12 @@ static const struct BinaryPacketProtocolVtable ssh1_bpp_vtable = {
|
|||||||
ssh1_bpp_queue_disconnect,
|
ssh1_bpp_queue_disconnect,
|
||||||
};
|
};
|
||||||
|
|
||||||
BinaryPacketProtocol *ssh1_bpp_new(void)
|
BinaryPacketProtocol *ssh1_bpp_new(Frontend *frontend)
|
||||||
{
|
{
|
||||||
struct ssh1_bpp_state *s = snew(struct ssh1_bpp_state);
|
struct ssh1_bpp_state *s = snew(struct ssh1_bpp_state);
|
||||||
memset(s, 0, sizeof(*s));
|
memset(s, 0, sizeof(*s));
|
||||||
s->bpp.vt = &ssh1_bpp_vtable;
|
s->bpp.vt = &ssh1_bpp_vtable;
|
||||||
|
s->bpp.frontend = frontend;
|
||||||
ssh_bpp_common_setup(&s->bpp);
|
ssh_bpp_common_setup(&s->bpp);
|
||||||
return &s->bpp;
|
return &s->bpp;
|
||||||
}
|
}
|
||||||
@ -67,6 +68,9 @@ static void ssh1_bpp_free(BinaryPacketProtocol *bpp)
|
|||||||
sfree(s);
|
sfree(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define bpp_logevent(printf_args) \
|
||||||
|
logevent_and_free(s->bpp.frontend, dupprintf printf_args)
|
||||||
|
|
||||||
void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
|
void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
|
||||||
const struct ssh1_cipheralg *cipher,
|
const struct ssh1_cipheralg *cipher,
|
||||||
const void *session_key)
|
const void *session_key)
|
||||||
@ -83,6 +87,8 @@ void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
|
|||||||
|
|
||||||
assert(!s->crcda_ctx);
|
assert(!s->crcda_ctx);
|
||||||
s->crcda_ctx = crcda_make_context();
|
s->crcda_ctx = crcda_make_context();
|
||||||
|
|
||||||
|
bpp_logevent(("Initialised %s encryption", cipher->text_name));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -223,6 +229,8 @@ static void ssh1_bpp_handle_input(BinaryPacketProtocol *bpp)
|
|||||||
|
|
||||||
s->compctx = ssh_compressor_new(&ssh_zlib);
|
s->compctx = ssh_compressor_new(&ssh_zlib);
|
||||||
s->decompctx = ssh_decompressor_new(&ssh_zlib);
|
s->decompctx = ssh_decompressor_new(&ssh_zlib);
|
||||||
|
|
||||||
|
bpp_logevent(("Started zlib (RFC1950) compression"));
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -406,7 +406,6 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
|
|||||||
(s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh1_blowfish :
|
(s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh1_blowfish :
|
||||||
s->cipher_type == SSH_CIPHER_DES ? &ssh1_des : &ssh1_3des);
|
s->cipher_type == SSH_CIPHER_DES ? &ssh1_des : &ssh1_3des);
|
||||||
ssh1_bpp_new_cipher(s->ppl.bpp, cipher, s->session_key);
|
ssh1_bpp_new_cipher(s->ppl.bpp, cipher, s->session_key);
|
||||||
ppl_logevent(("Initialised %s encryption", cipher->text_name));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (s->servkey.modulus) {
|
if (s->servkey.modulus) {
|
||||||
@ -1114,7 +1113,6 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
|
|||||||
* easiest way to avoid race conditions if other packets
|
* easiest way to avoid race conditions if other packets
|
||||||
* cross in transit.)
|
* cross in transit.)
|
||||||
*/
|
*/
|
||||||
ppl_logevent(("Started zlib (RFC1950) compression"));
|
|
||||||
} else if (pktin->type == SSH1_SMSG_FAILURE) {
|
} else if (pktin->type == SSH1_SMSG_FAILURE) {
|
||||||
ppl_logevent(("Server refused to enable compression"));
|
ppl_logevent(("Server refused to enable compression"));
|
||||||
ppl_printf(("Server refused to compress\r\n"));
|
ppl_printf(("Server refused to compress\r\n"));
|
||||||
|
@ -33,11 +33,12 @@ static const struct BinaryPacketProtocolVtable ssh2_bare_bpp_vtable = {
|
|||||||
ssh2_bpp_queue_disconnect, /* in sshcommon.c */
|
ssh2_bpp_queue_disconnect, /* in sshcommon.c */
|
||||||
};
|
};
|
||||||
|
|
||||||
BinaryPacketProtocol *ssh2_bare_bpp_new(void)
|
BinaryPacketProtocol *ssh2_bare_bpp_new(Frontend *frontend)
|
||||||
{
|
{
|
||||||
struct ssh2_bare_bpp_state *s = snew(struct ssh2_bare_bpp_state);
|
struct ssh2_bare_bpp_state *s = snew(struct ssh2_bare_bpp_state);
|
||||||
memset(s, 0, sizeof(*s));
|
memset(s, 0, sizeof(*s));
|
||||||
s->bpp.vt = &ssh2_bare_bpp_vtable;
|
s->bpp.vt = &ssh2_bare_bpp_vtable;
|
||||||
|
s->bpp.frontend = frontend;
|
||||||
ssh_bpp_common_setup(&s->bpp);
|
ssh_bpp_common_setup(&s->bpp);
|
||||||
return &s->bpp;
|
return &s->bpp;
|
||||||
}
|
}
|
||||||
|
34
ssh2bpp.c
34
ssh2bpp.c
@ -51,11 +51,13 @@ static const struct BinaryPacketProtocolVtable ssh2_bpp_vtable = {
|
|||||||
ssh2_bpp_queue_disconnect, /* in sshcommon.c */
|
ssh2_bpp_queue_disconnect, /* in sshcommon.c */
|
||||||
};
|
};
|
||||||
|
|
||||||
BinaryPacketProtocol *ssh2_bpp_new(struct DataTransferStats *stats)
|
BinaryPacketProtocol *ssh2_bpp_new(
|
||||||
|
Frontend *frontend, struct DataTransferStats *stats)
|
||||||
{
|
{
|
||||||
struct ssh2_bpp_state *s = snew(struct ssh2_bpp_state);
|
struct ssh2_bpp_state *s = snew(struct ssh2_bpp_state);
|
||||||
memset(s, 0, sizeof(*s));
|
memset(s, 0, sizeof(*s));
|
||||||
s->bpp.vt = &ssh2_bpp_vtable;
|
s->bpp.vt = &ssh2_bpp_vtable;
|
||||||
|
s->bpp.frontend = frontend;
|
||||||
s->stats = stats;
|
s->stats = stats;
|
||||||
ssh_bpp_common_setup(&s->bpp);
|
ssh_bpp_common_setup(&s->bpp);
|
||||||
return &s->bpp;
|
return &s->bpp;
|
||||||
@ -81,6 +83,9 @@ static void ssh2_bpp_free(BinaryPacketProtocol *bpp)
|
|||||||
sfree(s);
|
sfree(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define bpp_logevent(printf_args) \
|
||||||
|
logevent_and_free(s->bpp.frontend, dupprintf printf_args)
|
||||||
|
|
||||||
void ssh2_bpp_new_outgoing_crypto(
|
void ssh2_bpp_new_outgoing_crypto(
|
||||||
BinaryPacketProtocol *bpp,
|
BinaryPacketProtocol *bpp,
|
||||||
const struct ssh2_cipheralg *cipher, const void *ckey, const void *iv,
|
const struct ssh2_cipheralg *cipher, const void *ckey, const void *iv,
|
||||||
@ -106,6 +111,9 @@ void ssh2_bpp_new_outgoing_crypto(
|
|||||||
s->cbc_ignore_workaround = (
|
s->cbc_ignore_workaround = (
|
||||||
(ssh2_cipher_alg(s->out.cipher)->flags & SSH_CIPHER_IS_CBC) &&
|
(ssh2_cipher_alg(s->out.cipher)->flags & SSH_CIPHER_IS_CBC) &&
|
||||||
!(s->bpp.remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE));
|
!(s->bpp.remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE));
|
||||||
|
|
||||||
|
bpp_logevent(("Initialised %.200s client->server encryption",
|
||||||
|
ssh2_cipher_alg(s->out.cipher)->text_name));
|
||||||
} else {
|
} else {
|
||||||
s->out.cipher = NULL;
|
s->out.cipher = NULL;
|
||||||
s->cbc_ignore_workaround = FALSE;
|
s->cbc_ignore_workaround = FALSE;
|
||||||
@ -114,6 +122,14 @@ void ssh2_bpp_new_outgoing_crypto(
|
|||||||
if (mac) {
|
if (mac) {
|
||||||
s->out.mac = ssh2_mac_new(mac, s->out.cipher);
|
s->out.mac = ssh2_mac_new(mac, s->out.cipher);
|
||||||
mac->setkey(s->out.mac, mac_key);
|
mac->setkey(s->out.mac, mac_key);
|
||||||
|
|
||||||
|
bpp_logevent(("Initialised %.200s client->server"
|
||||||
|
" MAC algorithm%s%s",
|
||||||
|
ssh2_mac_alg(s->out.mac)->text_name,
|
||||||
|
etm_mode ? " (in ETM mode)" : "",
|
||||||
|
(s->out.cipher &&
|
||||||
|
ssh2_cipher_alg(s->out.cipher)->required_mac ?
|
||||||
|
" (required by cipher)" : "")));
|
||||||
} else {
|
} else {
|
||||||
s->out.mac = NULL;
|
s->out.mac = NULL;
|
||||||
}
|
}
|
||||||
@ -122,6 +138,9 @@ void ssh2_bpp_new_outgoing_crypto(
|
|||||||
* indicated by ssh_comp_none. But this setup call may return a
|
* indicated by ssh_comp_none. But this setup call may return a
|
||||||
* null out_comp. */
|
* null out_comp. */
|
||||||
s->out_comp = ssh_compressor_new(compression);
|
s->out_comp = ssh_compressor_new(compression);
|
||||||
|
if (s->out_comp)
|
||||||
|
bpp_logevent(("Initialised %s compression",
|
||||||
|
ssh_compressor_alg(s->out_comp)->text_name));
|
||||||
}
|
}
|
||||||
|
|
||||||
void ssh2_bpp_new_incoming_crypto(
|
void ssh2_bpp_new_incoming_crypto(
|
||||||
@ -145,6 +164,9 @@ void ssh2_bpp_new_incoming_crypto(
|
|||||||
s->in.cipher = ssh2_cipher_new(cipher);
|
s->in.cipher = ssh2_cipher_new(cipher);
|
||||||
ssh2_cipher_setkey(s->in.cipher, ckey);
|
ssh2_cipher_setkey(s->in.cipher, ckey);
|
||||||
ssh2_cipher_setiv(s->in.cipher, iv);
|
ssh2_cipher_setiv(s->in.cipher, iv);
|
||||||
|
|
||||||
|
bpp_logevent(("Initialised %.200s server->client encryption",
|
||||||
|
ssh2_cipher_alg(s->in.cipher)->text_name));
|
||||||
} else {
|
} else {
|
||||||
s->in.cipher = NULL;
|
s->in.cipher = NULL;
|
||||||
}
|
}
|
||||||
@ -152,6 +174,13 @@ void ssh2_bpp_new_incoming_crypto(
|
|||||||
if (mac) {
|
if (mac) {
|
||||||
s->in.mac = ssh2_mac_new(mac, s->in.cipher);
|
s->in.mac = ssh2_mac_new(mac, s->in.cipher);
|
||||||
mac->setkey(s->in.mac, mac_key);
|
mac->setkey(s->in.mac, mac_key);
|
||||||
|
|
||||||
|
bpp_logevent(("Initialised %.200s server->client MAC algorithm%s%s",
|
||||||
|
ssh2_mac_alg(s->in.mac)->text_name,
|
||||||
|
etm_mode ? " (in ETM mode)" : "",
|
||||||
|
(s->in.cipher &&
|
||||||
|
ssh2_cipher_alg(s->in.cipher)->required_mac ?
|
||||||
|
" (required by cipher)" : "")));
|
||||||
} else {
|
} else {
|
||||||
s->in.mac = NULL;
|
s->in.mac = NULL;
|
||||||
}
|
}
|
||||||
@ -160,6 +189,9 @@ void ssh2_bpp_new_incoming_crypto(
|
|||||||
* indicated by ssh_comp_none. But this setup call may return a
|
* indicated by ssh_comp_none. But this setup call may return a
|
||||||
* null in_decomp. */
|
* null in_decomp. */
|
||||||
s->in_decomp = ssh_decompressor_new(compression);
|
s->in_decomp = ssh_decompressor_new(compression);
|
||||||
|
if (s->in_decomp)
|
||||||
|
bpp_logevent(("Initialised %s decompression",
|
||||||
|
ssh_decompressor_alg(s->in_decomp)->text_name));
|
||||||
|
|
||||||
/* Clear the pending_newkeys flag, so that handle_input below will
|
/* Clear the pending_newkeys flag, so that handle_input below will
|
||||||
* start consuming the input data again. */
|
* start consuming the input data again. */
|
||||||
|
@ -2153,20 +2153,6 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
|
|||||||
strbuf_free(mac_key);
|
strbuf_free(mac_key);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (s->out.cipher)
|
|
||||||
ppl_logevent(("Initialised %.200s client->server encryption",
|
|
||||||
s->out.cipher->text_name));
|
|
||||||
if (s->out.mac)
|
|
||||||
ppl_logevent(("Initialised %.200s client->server"
|
|
||||||
" MAC algorithm%s%s",
|
|
||||||
s->out.mac->text_name,
|
|
||||||
s->out.etm_mode ? " (in ETM mode)" : "",
|
|
||||||
(s->out.cipher->required_mac ?
|
|
||||||
" (required by cipher)" : "")));
|
|
||||||
if (s->out.comp->text_name)
|
|
||||||
ppl_logevent(("Initialised %s compression",
|
|
||||||
s->out.comp->text_name));
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Now our end of the key exchange is complete, we can send all
|
* Now our end of the key exchange is complete, we can send all
|
||||||
* our queued higher-layer packets. Transfer the whole of the next
|
* our queued higher-layer packets. Transfer the whole of the next
|
||||||
@ -2222,19 +2208,6 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
|
|||||||
strbuf_free(mac_key);
|
strbuf_free(mac_key);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (s->in.cipher)
|
|
||||||
ppl_logevent(("Initialised %.200s server->client encryption",
|
|
||||||
s->in.cipher->text_name));
|
|
||||||
if (s->in.mac)
|
|
||||||
ppl_logevent(("Initialised %.200s server->client MAC algorithm%s%s",
|
|
||||||
s->in.mac->text_name,
|
|
||||||
s->in.etm_mode ? " (in ETM mode)" : "",
|
|
||||||
(s->in.cipher->required_mac ?
|
|
||||||
" (required by cipher)" : "")));
|
|
||||||
if (s->in.comp->text_name)
|
|
||||||
ppl_logevent(("Initialised %s decompression",
|
|
||||||
s->in.comp->text_name));
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Free shared secret.
|
* Free shared secret.
|
||||||
*/
|
*/
|
||||||
|
8
sshbpp.h
8
sshbpp.h
@ -23,6 +23,7 @@ struct BinaryPacketProtocol {
|
|||||||
PacketLogSettings *pls;
|
PacketLogSettings *pls;
|
||||||
LogContext *logctx;
|
LogContext *logctx;
|
||||||
Ssh *ssh;
|
Ssh *ssh;
|
||||||
|
Frontend *frontend;
|
||||||
|
|
||||||
/* ic_in_raw is filled in by the BPP (probably by calling
|
/* ic_in_raw is filled in by the BPP (probably by calling
|
||||||
* ssh_bpp_common_setup). The BPP's owner triggers it when data is
|
* ssh_bpp_common_setup). The BPP's owner triggers it when data is
|
||||||
@ -52,7 +53,7 @@ struct BinaryPacketProtocol {
|
|||||||
* does centralised parts of the freeing too. */
|
* does centralised parts of the freeing too. */
|
||||||
void ssh_bpp_free(BinaryPacketProtocol *bpp);
|
void ssh_bpp_free(BinaryPacketProtocol *bpp);
|
||||||
|
|
||||||
BinaryPacketProtocol *ssh1_bpp_new(void);
|
BinaryPacketProtocol *ssh1_bpp_new(Frontend *frontend);
|
||||||
void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
|
void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
|
||||||
const struct ssh1_cipheralg *cipher,
|
const struct ssh1_cipheralg *cipher,
|
||||||
const void *session_key);
|
const void *session_key);
|
||||||
@ -96,7 +97,8 @@ struct DataTransferStats {
|
|||||||
((stats)->direction.running = FALSE, TRUE) : \
|
((stats)->direction.running = FALSE, TRUE) : \
|
||||||
((stats)->direction.remaining -= (size), FALSE))
|
((stats)->direction.remaining -= (size), FALSE))
|
||||||
|
|
||||||
BinaryPacketProtocol *ssh2_bpp_new(struct DataTransferStats *stats);
|
BinaryPacketProtocol *ssh2_bpp_new(
|
||||||
|
Frontend *frontend, struct DataTransferStats *stats);
|
||||||
void ssh2_bpp_new_outgoing_crypto(
|
void ssh2_bpp_new_outgoing_crypto(
|
||||||
BinaryPacketProtocol *bpp,
|
BinaryPacketProtocol *bpp,
|
||||||
const struct ssh2_cipheralg *cipher, const void *ckey, const void *iv,
|
const struct ssh2_cipheralg *cipher, const void *ckey, const void *iv,
|
||||||
@ -108,7 +110,7 @@ void ssh2_bpp_new_incoming_crypto(
|
|||||||
const struct ssh2_macalg *mac, int etm_mode, const void *mac_key,
|
const struct ssh2_macalg *mac, int etm_mode, const void *mac_key,
|
||||||
const struct ssh_compression_alg *compression);
|
const struct ssh_compression_alg *compression);
|
||||||
|
|
||||||
BinaryPacketProtocol *ssh2_bare_bpp_new(void);
|
BinaryPacketProtocol *ssh2_bare_bpp_new(Frontend *frontend);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The initial code to handle the SSH version exchange is also
|
* The initial code to handle the SSH version exchange is also
|
||||||
|
@ -17,7 +17,6 @@ struct ssh_verstring_state {
|
|||||||
int crState;
|
int crState;
|
||||||
|
|
||||||
Conf *conf;
|
Conf *conf;
|
||||||
Frontend *frontend;
|
|
||||||
ptrlen prefix_wanted;
|
ptrlen prefix_wanted;
|
||||||
char *our_protoversion;
|
char *our_protoversion;
|
||||||
struct ssh_version_receiver *receiver;
|
struct ssh_version_receiver *receiver;
|
||||||
@ -88,7 +87,7 @@ BinaryPacketProtocol *ssh_verstring_new(
|
|||||||
assert(s->prefix_wanted.len <= PREFIX_MAXLEN);
|
assert(s->prefix_wanted.len <= PREFIX_MAXLEN);
|
||||||
|
|
||||||
s->conf = conf_copy(conf);
|
s->conf = conf_copy(conf);
|
||||||
s->frontend = frontend;
|
s->bpp.frontend = frontend;
|
||||||
s->our_protoversion = dupstr(protoversion);
|
s->our_protoversion = dupstr(protoversion);
|
||||||
s->receiver = rcv;
|
s->receiver = rcv;
|
||||||
|
|
||||||
@ -146,8 +145,8 @@ static int ssh_version_includes_v2(const char *ver)
|
|||||||
return ssh_versioncmp(ver, "1.99") >= 0;
|
return ssh_versioncmp(ver, "1.99") >= 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define vs_logevent(printf_args) \
|
#define bpp_logevent(printf_args) \
|
||||||
logevent_and_free(s->frontend, dupprintf printf_args)
|
logevent_and_free(s->bpp.frontend, dupprintf printf_args)
|
||||||
|
|
||||||
static void ssh_verstring_send(struct ssh_verstring_state *s)
|
static void ssh_verstring_send(struct ssh_verstring_state *s)
|
||||||
{
|
{
|
||||||
@ -198,7 +197,7 @@ static void ssh_verstring_send(struct ssh_verstring_state *s)
|
|||||||
bufchain_add(s->bpp.out_raw, "\015", 1);
|
bufchain_add(s->bpp.out_raw, "\015", 1);
|
||||||
bufchain_add(s->bpp.out_raw, "\012", 1);
|
bufchain_add(s->bpp.out_raw, "\012", 1);
|
||||||
|
|
||||||
vs_logevent(("We claim version: %s", s->our_vstring));
|
bpp_logevent(("We claim version: %s", s->our_vstring));
|
||||||
}
|
}
|
||||||
|
|
||||||
#define BPP_WAITFOR(minlen) do \
|
#define BPP_WAITFOR(minlen) do \
|
||||||
@ -308,7 +307,7 @@ void ssh_verstring_handle_input(BinaryPacketProtocol *bpp)
|
|||||||
s->vslen--;
|
s->vslen--;
|
||||||
s->vstring[s->vslen] = '\0';
|
s->vstring[s->vslen] = '\0';
|
||||||
|
|
||||||
vs_logevent(("Remote version: %s", s->vstring));
|
bpp_logevent(("Remote version: %s", s->vstring));
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Pick out the protocol version and software version. The former
|
* Pick out the protocol version and software version. The former
|
||||||
@ -374,7 +373,7 @@ void ssh_verstring_handle_input(BinaryPacketProtocol *bpp)
|
|||||||
crStopV;
|
crStopV;
|
||||||
}
|
}
|
||||||
|
|
||||||
vs_logevent(("Using SSH protocol version %d", s->major_protoversion));
|
bpp_logevent(("Using SSH protocol version %d", s->major_protoversion));
|
||||||
|
|
||||||
if (!s->send_early) {
|
if (!s->send_early) {
|
||||||
/*
|
/*
|
||||||
@ -443,7 +442,7 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* sniffing.
|
* sniffing.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
|
s->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
|
||||||
vs_logevent(("We believe remote version has SSH-1 ignore bug"));
|
bpp_logevent(("We believe remote version has SSH-1 ignore bug"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_plainpw1) == FORCE_ON ||
|
if (conf_get_int(s->conf, CONF_sshbug_plainpw1) == FORCE_ON ||
|
||||||
@ -455,8 +454,8 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* the password.
|
* the password.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
|
s->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
|
||||||
vs_logevent(("We believe remote version needs a "
|
bpp_logevent(("We believe remote version needs a "
|
||||||
"plain SSH-1 password"));
|
"plain SSH-1 password"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_rsa1) == FORCE_ON ||
|
if (conf_get_int(s->conf, CONF_sshbug_rsa1) == FORCE_ON ||
|
||||||
@ -468,8 +467,8 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* an AUTH_RSA message.
|
* an AUTH_RSA message.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_CHOKES_ON_RSA;
|
s->remote_bugs |= BUG_CHOKES_ON_RSA;
|
||||||
vs_logevent(("We believe remote version can't handle SSH-1 "
|
bpp_logevent(("We believe remote version can't handle SSH-1 "
|
||||||
"RSA authentication"));
|
"RSA authentication"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_hmac2) == FORCE_ON ||
|
if (conf_get_int(s->conf, CONF_sshbug_hmac2) == FORCE_ON ||
|
||||||
@ -482,7 +481,7 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* These versions have the HMAC bug.
|
* These versions have the HMAC bug.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_SSH2_HMAC;
|
s->remote_bugs |= BUG_SSH2_HMAC;
|
||||||
vs_logevent(("We believe remote version has SSH-2 HMAC bug"));
|
bpp_logevent(("We believe remote version has SSH-2 HMAC bug"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_derivekey2) == FORCE_ON ||
|
if (conf_get_int(s->conf, CONF_sshbug_derivekey2) == FORCE_ON ||
|
||||||
@ -495,8 +494,8 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* generate the keys).
|
* generate the keys).
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_SSH2_DERIVEKEY;
|
s->remote_bugs |= BUG_SSH2_DERIVEKEY;
|
||||||
vs_logevent(("We believe remote version has SSH-2 "
|
bpp_logevent(("We believe remote version has SSH-2 "
|
||||||
"key-derivation bug"));
|
"key-derivation bug"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_rsapad2) == FORCE_ON ||
|
if (conf_get_int(s->conf, CONF_sshbug_rsapad2) == FORCE_ON ||
|
||||||
@ -509,7 +508,7 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* These versions have the SSH-2 RSA padding bug.
|
* These versions have the SSH-2 RSA padding bug.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_SSH2_RSA_PADDING;
|
s->remote_bugs |= BUG_SSH2_RSA_PADDING;
|
||||||
vs_logevent(("We believe remote version has SSH-2 RSA padding bug"));
|
bpp_logevent(("We believe remote version has SSH-2 RSA padding bug"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_pksessid2) == FORCE_ON ||
|
if (conf_get_int(s->conf, CONF_sshbug_pksessid2) == FORCE_ON ||
|
||||||
@ -520,8 +519,8 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* public-key authentication.
|
* public-key authentication.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_SSH2_PK_SESSIONID;
|
s->remote_bugs |= BUG_SSH2_PK_SESSIONID;
|
||||||
vs_logevent(("We believe remote version has SSH-2 "
|
bpp_logevent(("We believe remote version has SSH-2 "
|
||||||
"public-key-session-ID bug"));
|
"public-key-session-ID bug"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_rekey2) == FORCE_ON ||
|
if (conf_get_int(s->conf, CONF_sshbug_rekey2) == FORCE_ON ||
|
||||||
@ -537,7 +536,7 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* These versions have the SSH-2 rekey bug.
|
* These versions have the SSH-2 rekey bug.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_SSH2_REKEY;
|
s->remote_bugs |= BUG_SSH2_REKEY;
|
||||||
vs_logevent(("We believe remote version has SSH-2 rekey bug"));
|
bpp_logevent(("We believe remote version has SSH-2 rekey bug"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_maxpkt2) == FORCE_ON ||
|
if (conf_get_int(s->conf, CONF_sshbug_maxpkt2) == FORCE_ON ||
|
||||||
@ -548,8 +547,8 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* This version ignores our makpkt and needs to be throttled.
|
* This version ignores our makpkt and needs to be throttled.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_SSH2_MAXPKT;
|
s->remote_bugs |= BUG_SSH2_MAXPKT;
|
||||||
vs_logevent(("We believe remote version ignores SSH-2 "
|
bpp_logevent(("We believe remote version ignores SSH-2 "
|
||||||
"maximum packet size"));
|
"maximum packet size"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_ignore2) == FORCE_ON) {
|
if (conf_get_int(s->conf, CONF_sshbug_ignore2) == FORCE_ON) {
|
||||||
@ -558,7 +557,7 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* none detected automatically.
|
* none detected automatically.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_CHOKES_ON_SSH2_IGNORE;
|
s->remote_bugs |= BUG_CHOKES_ON_SSH2_IGNORE;
|
||||||
vs_logevent(("We believe remote version has SSH-2 ignore bug"));
|
bpp_logevent(("We believe remote version has SSH-2 ignore bug"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_oldgex2) == FORCE_ON ||
|
if (conf_get_int(s->conf, CONF_sshbug_oldgex2) == FORCE_ON ||
|
||||||
@ -570,7 +569,7 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* we use the newer version.
|
* we use the newer version.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_SSH2_OLDGEX;
|
s->remote_bugs |= BUG_SSH2_OLDGEX;
|
||||||
vs_logevent(("We believe remote version has outdated SSH-2 GEX"));
|
bpp_logevent(("We believe remote version has outdated SSH-2 GEX"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_winadj) == FORCE_ON) {
|
if (conf_get_int(s->conf, CONF_sshbug_winadj) == FORCE_ON) {
|
||||||
@ -579,7 +578,7 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* reason or another. Currently, none detected automatically.
|
* reason or another. Currently, none detected automatically.
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_CHOKES_ON_WINADJ;
|
s->remote_bugs |= BUG_CHOKES_ON_WINADJ;
|
||||||
vs_logevent(("We believe remote version has winadj bug"));
|
bpp_logevent(("We believe remote version has winadj bug"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_get_int(s->conf, CONF_sshbug_chanreq) == FORCE_ON ||
|
if (conf_get_int(s->conf, CONF_sshbug_chanreq) == FORCE_ON ||
|
||||||
@ -596,8 +595,8 @@ static void ssh_detect_bugs(struct ssh_verstring_state *s)
|
|||||||
* https://secure.ucc.asn.au/hg/dropbear/rev/cd02449b709c
|
* https://secure.ucc.asn.au/hg/dropbear/rev/cd02449b709c
|
||||||
*/
|
*/
|
||||||
s->remote_bugs |= BUG_SENDS_LATE_REQUEST_REPLY;
|
s->remote_bugs |= BUG_SENDS_LATE_REQUEST_REPLY;
|
||||||
vs_logevent(("We believe remote version has SSH-2 "
|
bpp_logevent(("We believe remote version has SSH-2 "
|
||||||
"channel request bug"));
|
"channel request bug"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user