/* * Supporting routines used in common by all the various components of * the SSH system. */ #include #include #include "putty.h" #include "mpint.h" #include "ssh.h" #include "storage.h" #include "bpp.h" #include "ppl.h" #include "channel.h" /* ---------------------------------------------------------------------- * Implementation of PacketQueue. */ static void pq_ensure_unlinked(PacketQueueNode *node) { if (node->on_free_queue) { node->next->prev = node->prev; node->prev->next = node->next; } else { assert(!node->next); assert(!node->prev); } } void pq_base_push(PacketQueueBase *pqb, PacketQueueNode *node) { pq_ensure_unlinked(node); node->next = &pqb->end; node->prev = pqb->end.prev; node->next->prev = node; node->prev->next = node; pqb->total_size += node->formal_size; if (pqb->ic) queue_idempotent_callback(pqb->ic); } void pq_base_push_front(PacketQueueBase *pqb, PacketQueueNode *node) { pq_ensure_unlinked(node); node->prev = &pqb->end; node->next = pqb->end.next; node->next->prev = node; node->prev->next = node; pqb->total_size += node->formal_size; if (pqb->ic) queue_idempotent_callback(pqb->ic); } static PacketQueueNode pktin_freeq_head = { &pktin_freeq_head, &pktin_freeq_head, true }; static void pktin_free_queue_callback(void *vctx) { while (pktin_freeq_head.next != &pktin_freeq_head) { PacketQueueNode *node = pktin_freeq_head.next; PktIn *pktin = container_of(node, PktIn, qnode); pktin_freeq_head.next = node->next; sfree(pktin); } pktin_freeq_head.prev = &pktin_freeq_head; } static IdempotentCallback ic_pktin_free = { pktin_free_queue_callback, NULL, false }; static inline void pq_unlink_common(PacketQueueBase *pqb, PacketQueueNode *node) { node->next->prev = node->prev; node->prev->next = node->next; /* Check total_size doesn't drift out of sync downwards, by * ensuring it doesn't underflow when we do this subtraction */ assert(pqb->total_size >= node->formal_size); pqb->total_size -= node->formal_size; /* Check total_size doesn't drift out of sync upwards, by checking * that it's returned to exactly zero whenever a queue is * emptied */ assert(pqb->end.next != &pqb->end || pqb->total_size == 0); } static PktIn *pq_in_after(PacketQueueBase *pqb, PacketQueueNode *prev, bool pop) { PacketQueueNode *node = prev->next; if (node == &pqb->end) return NULL; if (pop) { pq_unlink_common(pqb, node); node->prev = pktin_freeq_head.prev; node->next = &pktin_freeq_head; node->next->prev = node; node->prev->next = node; node->on_free_queue = true; queue_idempotent_callback(&ic_pktin_free); } return container_of(node, PktIn, qnode); } static PktOut *pq_out_after(PacketQueueBase *pqb, PacketQueueNode *prev, bool pop) { PacketQueueNode *node = prev->next; if (node == &pqb->end) return NULL; if (pop) { pq_unlink_common(pqb, node); node->prev = node->next = NULL; } return container_of(node, PktOut, qnode); } void pq_in_init(PktInQueue *pq) { pq->pqb.ic = NULL; pq->pqb.end.next = pq->pqb.end.prev = &pq->pqb.end; pq->after = pq_in_after; pq->pqb.total_size = 0; } void pq_out_init(PktOutQueue *pq) { pq->pqb.ic = NULL; pq->pqb.end.next = pq->pqb.end.prev = &pq->pqb.end; pq->after = pq_out_after; pq->pqb.total_size = 0; } void pq_in_clear(PktInQueue *pq) { PktIn *pkt; pq->pqb.ic = NULL; while ((pkt = pq_pop(pq)) != NULL) { /* No need to actually free these packets: pq_pop on a * PktInQueue will automatically move them to the free * queue. */ } } void pq_out_clear(PktOutQueue *pq) { PktOut *pkt; pq->pqb.ic = NULL; while ((pkt = pq_pop(pq)) != NULL) ssh_free_pktout(pkt); } /* * Concatenate the contents of the two queues q1 and q2, and leave the * result in qdest. qdest must be either empty, or one of the input * queues. */ void pq_base_concatenate(PacketQueueBase *qdest, PacketQueueBase *q1, PacketQueueBase *q2) { struct PacketQueueNode *head1, *tail1, *head2, *tail2; size_t total_size = q1->total_size + q2->total_size; /* * Extract the contents from both input queues, and empty them. */ head1 = (q1->end.next == &q1->end ? NULL : q1->end.next); tail1 = (q1->end.prev == &q1->end ? NULL : q1->end.prev); head2 = (q2->end.next == &q2->end ? NULL : q2->end.next); tail2 = (q2->end.prev == &q2->end ? NULL : q2->end.prev); q1->end.next = q1->end.prev = &q1->end; q2->end.next = q2->end.prev = &q2->end; q1->total_size = q2->total_size = 0; /* * Link the two lists together, handling the case where one or * both is empty. */ if (tail1) tail1->next = head2; else head1 = head2; if (head2) head2->prev = tail1; else tail2 = tail1; /* * Check the destination queue is currently empty. (If it was one * of the input queues, then it will be, because we emptied both * of those just a moment ago.) */ assert(qdest->end.next == &qdest->end); assert(qdest->end.prev == &qdest->end); /* * If our concatenated list has anything in it, then put it in * dest. */ if (!head1) { assert(!tail2); } else { assert(tail2); qdest->end.next = head1; qdest->end.prev = tail2; head1->prev = &qdest->end; tail2->next = &qdest->end; if (qdest->ic) queue_idempotent_callback(qdest->ic); } qdest->total_size = total_size; } /* ---------------------------------------------------------------------- * Low-level functions for the packet structures themselves. */ static void ssh_pkt_BinarySink_write(BinarySink *bs, const void *data, size_t len); PktOut *ssh_new_packet(void) { PktOut *pkt = snew(PktOut); BinarySink_INIT(pkt, ssh_pkt_BinarySink_write); pkt->data = NULL; pkt->length = 0; pkt->maxlen = 0; pkt->downstream_id = 0; pkt->additional_log_text = NULL; pkt->qnode.next = pkt->qnode.prev = NULL; pkt->qnode.on_free_queue = false; return pkt; } static void ssh_pkt_adddata(PktOut *pkt, const void *data, int len) { sgrowarrayn_nm(pkt->data, pkt->maxlen, pkt->length, len); memcpy(pkt->data + pkt->length, data, len); pkt->length += len; pkt->qnode.formal_size = pkt->length; } static void ssh_pkt_BinarySink_write(BinarySink *bs, const void *data, size_t len) { PktOut *pkt = BinarySink_DOWNCAST(bs, PktOut); ssh_pkt_adddata(pkt, data, len); } void ssh_free_pktout(PktOut *pkt) { sfree(pkt->data); sfree(pkt); } /* ---------------------------------------------------------------------- * Implement zombiechan_new() and its trivial vtable. */ static void zombiechan_free(Channel *chan); static size_t zombiechan_send( Channel *chan, bool is_stderr, const void *, size_t); static void zombiechan_set_input_wanted(Channel *chan, bool wanted); static void zombiechan_do_nothing(Channel *chan); static void zombiechan_open_failure(Channel *chan, const char *); static bool zombiechan_want_close(Channel *chan, bool sent_eof, bool rcvd_eof); static char *zombiechan_log_close_msg(Channel *chan) { return NULL; } static const ChannelVtable zombiechan_channelvt = { .free = zombiechan_free, .open_confirmation = zombiechan_do_nothing, .open_failed = zombiechan_open_failure, .send = zombiechan_send, .send_eof = zombiechan_do_nothing, .set_input_wanted = zombiechan_set_input_wanted, .log_close_msg = zombiechan_log_close_msg, .want_close = zombiechan_want_close, .rcvd_exit_status = chan_no_exit_status, .rcvd_exit_signal = chan_no_exit_signal, .rcvd_exit_signal_numeric = chan_no_exit_signal_numeric, .run_shell = chan_no_run_shell, .run_command = chan_no_run_command, .run_subsystem = chan_no_run_subsystem, .enable_x11_forwarding = chan_no_enable_x11_forwarding, .enable_agent_forwarding = chan_no_enable_agent_forwarding, .allocate_pty = chan_no_allocate_pty, .set_env = chan_no_set_env, .send_break = chan_no_send_break, .send_signal = chan_no_send_signal, .change_window_size = chan_no_change_window_size, .request_response = chan_no_request_response, }; Channel *zombiechan_new(void) { Channel *chan = snew(Channel); chan->vt = &zombiechan_channelvt; chan->initial_fixed_window_size = 0; return chan; } static void zombiechan_free(Channel *chan) { assert(chan->vt == &zombiechan_channelvt); sfree(chan); } static void zombiechan_do_nothing(Channel *chan) { assert(chan->vt == &zombiechan_channelvt); } static void zombiechan_open_failure(Channel *chan, const char *errtext) { assert(chan->vt == &zombiechan_channelvt); } static size_t zombiechan_send(Channel *chan, bool is_stderr, const void *data, size_t length) { assert(chan->vt == &zombiechan_channelvt); return 0; } static void zombiechan_set_input_wanted(Channel *chan, bool enable) { assert(chan->vt == &zombiechan_channelvt); } static bool zombiechan_want_close(Channel *chan, bool sent_eof, bool rcvd_eof) { return true; } /* ---------------------------------------------------------------------- * Common routines for handling SSH tty modes. */ static unsigned real_ttymode_opcode(unsigned our_opcode, int ssh_version) { switch (our_opcode) { case TTYMODE_ISPEED: return ssh_version == 1 ? TTYMODE_ISPEED_SSH1 : TTYMODE_ISPEED_SSH2; case TTYMODE_OSPEED: return ssh_version == 1 ? TTYMODE_OSPEED_SSH1 : TTYMODE_OSPEED_SSH2; default: return our_opcode; } } static unsigned our_ttymode_opcode(unsigned real_opcode, int ssh_version) { if (ssh_version == 1) { switch (real_opcode) { case TTYMODE_ISPEED_SSH1: return TTYMODE_ISPEED; case TTYMODE_OSPEED_SSH1: return TTYMODE_OSPEED; default: return real_opcode; } } else { switch (real_opcode) { case TTYMODE_ISPEED_SSH2: return TTYMODE_ISPEED; case TTYMODE_OSPEED_SSH2: return TTYMODE_OSPEED; default: return real_opcode; } } } struct ssh_ttymodes get_ttymodes_from_conf(Seat *seat, Conf *conf) { struct ssh_ttymodes modes; size_t i; static const struct mode_name_type { const char *mode; int opcode; enum { TYPE_CHAR, TYPE_BOOL } type; } modes_names_types[] = { #define TTYMODE_CHAR(name, val, index) { #name, val, TYPE_CHAR }, #define TTYMODE_FLAG(name, val, field, mask) { #name, val, TYPE_BOOL }, #include "ttymode-list.h" #undef TTYMODE_CHAR #undef TTYMODE_FLAG }; memset(&modes, 0, sizeof(modes)); for (i = 0; i < lenof(modes_names_types); i++) { const struct mode_name_type *mode = &modes_names_types[i]; const char *sval = conf_get_str_str(conf, CONF_ttymodes, mode->mode); char *to_free = NULL; if (!sval) sval = "N"; /* just in case */ /* * sval[0] can be * - 'V', indicating that an explicit value follows it; * - 'A', indicating that we should pass the value through from * the local environment via get_ttymode; or * - 'N', indicating that we should explicitly not send this * mode. */ if (sval[0] == 'A') { sval = to_free = seat_get_ttymode(seat, mode->mode); } else if (sval[0] == 'V') { sval++; /* skip the 'V' */ } else { /* else 'N', or something from the future we don't understand */ continue; } if (sval) { /* * Parse the string representation of the tty mode * into the integer value it will take on the wire. */ unsigned ival = 0; switch (mode->type) { case TYPE_CHAR: if (*sval) { char *next = NULL; /* We know ctrlparse won't write to the string, so * casting away const is ugly but allowable. */ ival = ctrlparse((char *)sval, &next); if (!next) ival = sval[0]; } else { ival = 255; /* special value meaning "don't set" */ } break; case TYPE_BOOL: if (stricmp(sval, "yes") == 0 || stricmp(sval, "on") == 0 || stricmp(sval, "true") == 0 || stricmp(sval, "+") == 0) ival = 1; /* true */ else if (stricmp(sval, "no") == 0 || stricmp(sval, "off") == 0 || stricmp(sval, "false") == 0 || stricmp(sval, "-") == 0) ival = 0; /* false */ else ival = (atoi(sval) != 0); break; default: unreachable("Bad mode->type"); } modes.have_mode[mode->opcode] = true; modes.mode_val[mode->opcode] = ival; } sfree(to_free); } { unsigned ospeed, ispeed; /* Unpick the terminal-speed config string. */ ospeed = ispeed = 38400; /* last-resort defaults */ sscanf(conf_get_str(conf, CONF_termspeed), "%u,%u", &ospeed, &ispeed); /* Currently we unconditionally set these */ modes.have_mode[TTYMODE_ISPEED] = true; modes.mode_val[TTYMODE_ISPEED] = ispeed; modes.have_mode[TTYMODE_OSPEED] = true; modes.mode_val[TTYMODE_OSPEED] = ospeed; } return modes; } struct ssh_ttymodes read_ttymodes_from_packet( BinarySource *bs, int ssh_version) { struct ssh_ttymodes modes; memset(&modes, 0, sizeof(modes)); while (1) { unsigned real_opcode, our_opcode; real_opcode = get_byte(bs); if (real_opcode == TTYMODE_END_OF_LIST) break; if (real_opcode >= 160) { /* * RFC 4254 (and the SSH 1.5 spec): "Opcodes 160 to 255 * are not yet defined, and cause parsing to stop (they * should only be used after any other data)." * * My interpretation of this is that if one of these * opcodes appears, it's not a parse _error_, but it is * something that we don't know how to parse even well * enough to step over it to find the next opcode, so we * stop parsing now and assume that the rest of the string * is composed entirely of things we don't understand and * (as usual for unsupported terminal modes) silently * ignore. */ return modes; } our_opcode = our_ttymode_opcode(real_opcode, ssh_version); assert(our_opcode < TTYMODE_LIMIT); modes.have_mode[our_opcode] = true; if (ssh_version == 1 && real_opcode >= 1 && real_opcode <= 127) modes.mode_val[our_opcode] = get_byte(bs); else modes.mode_val[our_opcode] = get_uint32(bs); } return modes; } void write_ttymodes_to_packet(BinarySink *bs, int ssh_version, struct ssh_ttymodes modes) { unsigned i; for (i = 0; i < TTYMODE_LIMIT; i++) { if (modes.have_mode[i]) { unsigned val = modes.mode_val[i]; unsigned opcode = real_ttymode_opcode(i, ssh_version); put_byte(bs, opcode); if (ssh_version == 1 && opcode >= 1 && opcode <= 127) put_byte(bs, val); else put_uint32(bs, val); } } put_byte(bs, TTYMODE_END_OF_LIST); } /* ---------------------------------------------------------------------- * Routine for allocating a new channel ID, given a means of finding * the index field in a given channel structure. */ unsigned alloc_channel_id_general(tree234 *channels, size_t localid_offset) { const unsigned CHANNEL_NUMBER_OFFSET = 256; search234_state ss; /* * First-fit allocation of channel numbers: we always pick the * lowest unused one. * * Every channel before that, and no channel after it, has an ID * exactly equal to its tree index plus CHANNEL_NUMBER_OFFSET. So * we can use the search234 system to identify the length of that * initial sequence, in a single log-time pass down the channels * tree. */ search234_start(&ss, channels); while (ss.element) { unsigned localid = *(unsigned *)((char *)ss.element + localid_offset); if (localid == ss.index + CHANNEL_NUMBER_OFFSET) search234_step(&ss, +1); else search234_step(&ss, -1); } /* * Now ss.index gives exactly the number of channels in that * initial sequence. So adding CHANNEL_NUMBER_OFFSET to it must * give precisely the lowest unused channel number. */ return ss.index + CHANNEL_NUMBER_OFFSET; } /* ---------------------------------------------------------------------- * Functions for handling the comma-separated strings used to store * lists of protocol identifiers in SSH-2. */ void add_to_commasep_pl(strbuf *buf, ptrlen data) { if (buf->len > 0) put_byte(buf, ','); put_datapl(buf, data); } void add_to_commasep(strbuf *buf, const char *data) { add_to_commasep_pl(buf, ptrlen_from_asciz(data)); } bool get_commasep_word(ptrlen *list, ptrlen *word) { const char *comma; /* * Discard empty list elements, should there be any, because we * never want to return one as if it was a real string. (This * introduces a mild tolerance of badly formatted data in lists we * receive, but I think that's acceptable.) */ while (list->len > 0 && *(const char *)list->ptr == ',') { list->ptr = (const char *)list->ptr + 1; list->len--; } if (!list->len) return false; comma = memchr(list->ptr, ',', list->len); if (!comma) { *word = *list; list->len = 0; } else { size_t wordlen = comma - (const char *)list->ptr; word->ptr = list->ptr; word->len = wordlen; list->ptr = (const char *)list->ptr + wordlen + 1; list->len -= wordlen + 1; } return true; } /* ---------------------------------------------------------------------- * Functions for translating SSH packet type codes into their symbolic * string names. */ #define TRANSLATE_UNIVERSAL(y, name, value) \ if (type == value) return #name; #define TRANSLATE_KEX(y, name, value, ctx) \ if (type == value && pkt_kctx == ctx) return #name; #define TRANSLATE_AUTH(y, name, value, ctx) \ if (type == value && pkt_actx == ctx) return #name; const char *ssh1_pkt_type(int type) { SSH1_MESSAGE_TYPES(TRANSLATE_UNIVERSAL, y); return "unknown"; } const char *ssh2_pkt_type(Pkt_KCtx pkt_kctx, Pkt_ACtx pkt_actx, int type) { SSH2_MESSAGE_TYPES(TRANSLATE_UNIVERSAL, TRANSLATE_KEX, TRANSLATE_AUTH, y); return "unknown"; } #undef TRANSLATE_UNIVERSAL #undef TRANSLATE_KEX #undef TRANSLATE_AUTH /* ---------------------------------------------------------------------- * Common helper function for clients and implementations of * PacketProtocolLayer. */ void ssh_ppl_replace(PacketProtocolLayer *old, PacketProtocolLayer *new) { new->bpp = old->bpp; ssh_ppl_setup_queues(new, old->in_pq, old->out_pq); new->selfptr = old->selfptr; new->seat = old->seat; new->ssh = old->ssh; *new->selfptr = new; ssh_ppl_free(old); /* The new layer might need to be the first one that sends a * packet, so trigger a call to its main coroutine immediately. If * it doesn't need to go first, the worst that will do is return * straight away. */ queue_idempotent_callback(&new->ic_process_queue); } void ssh_ppl_free(PacketProtocolLayer *ppl) { delete_callbacks_for_context(ppl); ppl->vt->free(ppl); } static void ssh_ppl_ic_process_queue_callback(void *context) { PacketProtocolLayer *ppl = (PacketProtocolLayer *)context; ssh_ppl_process_queue(ppl); } void ssh_ppl_setup_queues(PacketProtocolLayer *ppl, PktInQueue *inq, PktOutQueue *outq) { ppl->in_pq = inq; ppl->out_pq = outq; ppl->in_pq->pqb.ic = &ppl->ic_process_queue; ppl->ic_process_queue.fn = ssh_ppl_ic_process_queue_callback; ppl->ic_process_queue.ctx = ppl; /* If there's already something on the input queue, it will want * handling immediately. */ if (pq_peek(ppl->in_pq)) queue_idempotent_callback(&ppl->ic_process_queue); } void ssh_ppl_user_output_string_and_free(PacketProtocolLayer *ppl, char *text) { /* Messages sent via this function are from the SSH layer, not * from the server-side process, so they always have the stderr * flag set. */ seat_stderr_pl(ppl->seat, ptrlen_from_asciz(text)); sfree(text); } size_t ssh_ppl_default_queued_data_size(PacketProtocolLayer *ppl) { return ppl->out_pq->pqb.total_size; } void ssh_ppl_default_final_output(PacketProtocolLayer *ppl) { } static void ssh_ppl_prompts_callback(void *ctx) { ssh_ppl_process_queue((PacketProtocolLayer *)ctx); } prompts_t *ssh_ppl_new_prompts(PacketProtocolLayer *ppl) { prompts_t *p = new_prompts(); p->callback = ssh_ppl_prompts_callback; p->callback_ctx = ppl; return p; } /* ---------------------------------------------------------------------- * Common helper functions for clients and implementations of * BinaryPacketProtocol. */ static void ssh_bpp_input_raw_data_callback(void *context) { BinaryPacketProtocol *bpp = (BinaryPacketProtocol *)context; Ssh *ssh = bpp->ssh; /* in case bpp is about to get freed */ ssh_bpp_handle_input(bpp); /* If we've now cleared enough backlog on the input connection, we * may need to unfreeze it. */ ssh_conn_processed_data(ssh); } static void ssh_bpp_output_packet_callback(void *context) { BinaryPacketProtocol *bpp = (BinaryPacketProtocol *)context; ssh_bpp_handle_output(bpp); } void ssh_bpp_common_setup(BinaryPacketProtocol *bpp) { pq_in_init(&bpp->in_pq); pq_out_init(&bpp->out_pq); bpp->input_eof = false; bpp->ic_in_raw.fn = ssh_bpp_input_raw_data_callback; bpp->ic_in_raw.ctx = bpp; bpp->ic_out_pq.fn = ssh_bpp_output_packet_callback; bpp->ic_out_pq.ctx = bpp; bpp->out_pq.pqb.ic = &bpp->ic_out_pq; } void ssh_bpp_free(BinaryPacketProtocol *bpp) { delete_callbacks_for_context(bpp); bpp->vt->free(bpp); } void ssh2_bpp_queue_disconnect(BinaryPacketProtocol *bpp, const char *msg, int category) { PktOut *pkt = ssh_bpp_new_pktout(bpp, SSH2_MSG_DISCONNECT); put_uint32(pkt, category); put_stringz(pkt, msg); put_stringz(pkt, "en"); /* language tag */ pq_push(&bpp->out_pq, pkt); } #define BITMAP_UNIVERSAL(y, name, value) \ | (value >= y && value < y+32 \ ? 1UL << (value >= y && value < y+32 ? (value-y) : 0) \ : 0) #define BITMAP_CONDITIONAL(y, name, value, ctx) \ BITMAP_UNIVERSAL(y, name, value) #define SSH2_BITMAP_WORD(y) \ (0 SSH2_MESSAGE_TYPES(BITMAP_UNIVERSAL, BITMAP_CONDITIONAL, \ BITMAP_CONDITIONAL, (32*y))) bool ssh2_bpp_check_unimplemented(BinaryPacketProtocol *bpp, PktIn *pktin) { static const unsigned valid_bitmap[] = { SSH2_BITMAP_WORD(0), SSH2_BITMAP_WORD(1), SSH2_BITMAP_WORD(2), SSH2_BITMAP_WORD(3), SSH2_BITMAP_WORD(4), SSH2_BITMAP_WORD(5), SSH2_BITMAP_WORD(6), SSH2_BITMAP_WORD(7), }; if (pktin->type < 0x100 && !((valid_bitmap[pktin->type >> 5] >> (pktin->type & 0x1F)) & 1)) { PktOut *pkt = ssh_bpp_new_pktout(bpp, SSH2_MSG_UNIMPLEMENTED); put_uint32(pkt, pktin->sequence); pq_push(&bpp->out_pq, pkt); return true; } return false; } #undef BITMAP_UNIVERSAL #undef BITMAP_CONDITIONAL #undef SSH2_BITMAP_WORD /* ---------------------------------------------------------------------- * Centralised component of SSH host key verification. * * verify_ssh_host_key is called from both the SSH-1 and SSH-2 * transport layers, and does the initial work of checking whether the * host key is already known. If so, it returns success on its own * account; otherwise, it calls out to the Seat to give an interactive * prompt (the nature of which varies depending on the Seat itself). */ SeatPromptResult verify_ssh_host_key( InteractionReadySeat iseat, Conf *conf, const char *host, int port, ssh_key *key, const char *keytype, char *keystr, const char *keydisp, char **fingerprints, int ca_count, void (*callback)(void *ctx, SeatPromptResult result), void *ctx) { /* * First, check if the Conf includes a manual specification of the * expected host key. If so, that completely supersedes everything * else, including the normal host key cache _and_ including * manual overrides: we return success or failure immediately, * entirely based on whether the key matches the Conf. */ if (conf_get_str_nthstrkey(conf, CONF_ssh_manual_hostkeys, 0)) { if (fingerprints) { for (size_t i = 0; i < SSH_N_FPTYPES; i++) { /* * Each fingerprint string we've been given will have * things like 'ssh-rsa 2048' at the front of it. Strip * those off and narrow down to just the hash at the end * of the string. */ const char *fingerprint = fingerprints[i]; if (!fingerprint) continue; const char *p = strrchr(fingerprint, ' '); fingerprint = p ? p+1 : fingerprint; if (conf_get_str_str_opt(conf, CONF_ssh_manual_hostkeys, fingerprint)) return SPR_OK; } } if (key) { /* * Construct the base64-encoded public key blob and see if * that's listed. */ strbuf *binblob; char *base64blob; int atoms, i; binblob = strbuf_new(); ssh_key_public_blob(key, BinarySink_UPCAST(binblob)); atoms = (binblob->len + 2) / 3; base64blob = snewn(atoms * 4 + 1, char); for (i = 0; i < atoms; i++) base64_encode_atom(binblob->u + 3*i, binblob->len - 3*i, base64blob + 4*i); base64blob[atoms * 4] = '\0'; strbuf_free(binblob); if (conf_get_str_str_opt(conf, CONF_ssh_manual_hostkeys, base64blob)) { sfree(base64blob); return SPR_OK; } sfree(base64blob); } return SPR_SW_ABORT("Host key not in manually configured list"); } /* * Next, check the host key cache. */ int storage_status = check_stored_host_key(host, port, keytype, keystr); if (storage_status == 0) /* matching key was found in the cache */ return SPR_OK; /* * The key is either missing from the cache, or does not match. * Either way, fall back to an interactive prompt from the Seat. */ SeatDialogText *text = seat_dialog_text_new(); const SeatDialogPromptDescriptions *pds = seat_prompt_descriptions(iseat.seat); FingerprintType fptype_default = ssh2_pick_default_fingerprint(fingerprints); seat_dialog_text_append( text, SDT_TITLE, "%s Security Alert", appname); HelpCtx helpctx; if (key && ssh_key_alg(key)->is_certificate) { seat_dialog_text_append( text, SDT_SCARY_HEADING, "WARNING - POTENTIAL SECURITY BREACH!"); seat_dialog_text_append( text, SDT_PARA, "This server presented a certified host key:"); seat_dialog_text_append( text, SDT_DISPLAY, "%s (port %d)", host, port); if (ca_count) { seat_dialog_text_append( text, SDT_PARA, "which was signed by a different " "certification authority from the %s %s is configured to " "trust for this server.", ca_count > 1 ? "ones" : "one", appname); if (storage_status == 2) { seat_dialog_text_append( text, SDT_PARA, "ALSO, that key does not match the key " "%s had previously cached for this server.", appname); seat_dialog_text_append( text, SDT_PARA, "This means that either another " "certification authority is operating in this realm AND " "the server administrator has changed the host key, or " "you have actually connected to another computer " "pretending to be the server."); } else { seat_dialog_text_append( text, SDT_PARA, "This means that either another " "certification authority is operating in this realm, or " "you have actually connected to another computer " "pretending to be the server."); } } else { assert(storage_status == 2); seat_dialog_text_append( text, SDT_PARA, "which does not match the certified key %s " "had previously cached for this server.", appname); seat_dialog_text_append( text, SDT_PARA, "This means that either the server " "administrator has changed the host key, or you have actually " "connected to another computer pretending to be the server."); } seat_dialog_text_append( text, SDT_PARA, "The new %s key fingerprint is:", keytype); seat_dialog_text_append( text, SDT_DISPLAY, "%s", fingerprints[fptype_default]); helpctx = HELPCTX(errors_cert_mismatch); } else if (storage_status == 1) { seat_dialog_text_append( text, SDT_PARA, "The host key is not cached for this server:"); seat_dialog_text_append( text, SDT_DISPLAY, "%s (port %d)", host, port); seat_dialog_text_append( text, SDT_PARA, "You have no guarantee that the server is the " "computer you think it is."); seat_dialog_text_append( text, SDT_PARA, "The server's %s key fingerprint is:", keytype); seat_dialog_text_append( text, SDT_DISPLAY, "%s", fingerprints[fptype_default]); helpctx = HELPCTX(errors_hostkey_absent); } else { seat_dialog_text_append( text, SDT_SCARY_HEADING, "WARNING - POTENTIAL SECURITY BREACH!"); seat_dialog_text_append( text, SDT_PARA, "The host key does not match the one %s has " "cached for this server:", appname); seat_dialog_text_append( text, SDT_DISPLAY, "%s (port %d)", host, port); seat_dialog_text_append( text, SDT_PARA, "This means that either the server administrator " "has changed the host key, or you have actually connected to " "another computer pretending to be the server."); seat_dialog_text_append( text, SDT_PARA, "The new %s key fingerprint is:", keytype); seat_dialog_text_append( text, SDT_DISPLAY, "%s", fingerprints[fptype_default]); helpctx = HELPCTX(errors_hostkey_changed); } /* The above text is printed even in batch mode. Here's where we stop if * we can't present interactive prompts. */ seat_dialog_text_append( text, SDT_BATCH_ABORT, "Connection abandoned."); if (storage_status == 1) { seat_dialog_text_append( text, SDT_PARA, "If you trust this host, %s to add the key to " "%s's cache and carry on connecting.", pds->hk_accept_action, appname); if (key && ssh_key_alg(key)->is_certificate) { seat_dialog_text_append( text, SDT_PARA, "(Storing this certified key in the cache " "will NOT cause its certification authority to be trusted " "for any other key or host.)"); } seat_dialog_text_append( text, SDT_PARA, "If you want to carry on connecting just once, " "without adding the key to the cache, %s.", pds->hk_connect_once_action); seat_dialog_text_append( text, SDT_PARA, "If you do not trust this host, %s to abandon the " "connection.", pds->hk_cancel_action); seat_dialog_text_append( text, SDT_PROMPT, "Store key in cache?"); } else { seat_dialog_text_append( text, SDT_PARA, "If you were expecting this change and trust the " "new key, %s to update %s's cache and carry on connecting.", pds->hk_accept_action, appname); if (key && ssh_key_alg(key)->is_certificate) { seat_dialog_text_append( text, SDT_PARA, "(Storing this certified key in the cache " "will NOT cause its certification authority to be trusted " "for any other key or host.)"); } seat_dialog_text_append( text, SDT_PARA, "If you want to carry on connecting but without " "updating the cache, %s.", pds->hk_connect_once_action); seat_dialog_text_append( text, SDT_PARA, "If you want to abandon the connection " "completely, %s to cancel. %s is the ONLY guaranteed safe choice.", pds->hk_cancel_action, pds->hk_cancel_action_Participle); seat_dialog_text_append( text, SDT_PROMPT, "Update cached key?"); } seat_dialog_text_append(text, SDT_MORE_INFO_KEY, "Full text of host's public key"); seat_dialog_text_append(text, SDT_MORE_INFO_VALUE_BLOB, "%s", keydisp); if (fingerprints[SSH_FPTYPE_SHA256]) { seat_dialog_text_append(text, SDT_MORE_INFO_KEY, "SHA256 fingerprint"); seat_dialog_text_append(text, SDT_MORE_INFO_VALUE_SHORT, "%s", fingerprints[SSH_FPTYPE_SHA256]); } if (fingerprints[SSH_FPTYPE_MD5]) { seat_dialog_text_append(text, SDT_MORE_INFO_KEY, "MD5 fingerprint"); seat_dialog_text_append(text, SDT_MORE_INFO_VALUE_SHORT, "%s", fingerprints[SSH_FPTYPE_MD5]); } SeatPromptResult toret = seat_confirm_ssh_host_key( iseat, host, port, keytype, keystr, text, helpctx, callback, ctx); seat_dialog_text_free(text); return toret; } SeatPromptResult confirm_weak_crypto_primitive( InteractionReadySeat iseat, const char *algtype, const char *algname, void (*callback)(void *ctx, SeatPromptResult result), void *ctx, WeakCryptoReason wcr) { SeatDialogText *text = seat_dialog_text_new(); const SeatDialogPromptDescriptions *pds = seat_prompt_descriptions(iseat.seat); seat_dialog_text_append(text, SDT_TITLE, "%s Security Alert", appname); switch (wcr) { case WCR_BELOW_THRESHOLD: seat_dialog_text_append( text, SDT_PARA, "The first %s supported by the server is %s, " "which is below the configured warning threshold.", algtype, algname); break; case WCR_TERRAPIN: case WCR_TERRAPIN_AVOIDABLE: seat_dialog_text_append( text, SDT_PARA, "The %s selected for this session is %s, " "which, with this server, is vulnerable to the 'Terrapin' attack " "CVE-2023-48795, potentially allowing an attacker to modify " "the encrypted session.", algtype, algname); seat_dialog_text_append( text, SDT_PARA, "Upgrading, patching, or reconfiguring this SSH server is the " "best way to avoid this vulnerability, if possible."); if (wcr == WCR_TERRAPIN_AVOIDABLE) { seat_dialog_text_append( text, SDT_PARA, "You can also avoid this vulnerability by abandoning " "this connection, moving ChaCha20 to below the " "'warn below here' line in PuTTY's SSH cipher " "configuration (so that an algorithm without the " "vulnerability will be selected), and starting a new " "connection."); } break; default: unreachable("bad WeakCryptoReason"); } /* In batch mode, we print the above information and then this * abort message, and stop. */ seat_dialog_text_append(text, SDT_BATCH_ABORT, "Connection abandoned."); seat_dialog_text_append( text, SDT_PARA, "To accept the risk and continue, %s. " "To abandon the connection, %s.", pds->weak_accept_action, pds->weak_cancel_action); seat_dialog_text_append(text, SDT_PROMPT, "Continue with connection?"); SeatPromptResult toret = seat_confirm_weak_crypto_primitive( iseat, text, callback, ctx); seat_dialog_text_free(text); return toret; } SeatPromptResult confirm_weak_cached_hostkey( InteractionReadySeat iseat, const char *algname, const char **betteralgs, void (*callback)(void *ctx, SeatPromptResult result), void *ctx) { SeatDialogText *text = seat_dialog_text_new(); const SeatDialogPromptDescriptions *pds = seat_prompt_descriptions(iseat.seat); seat_dialog_text_append(text, SDT_TITLE, "%s Security Alert", appname); seat_dialog_text_append( text, SDT_PARA, "The first host key type we have stored for this server " "is %s, which is below the configured warning threshold.", algname); seat_dialog_text_append( text, SDT_PARA, "The server also provides the following types of host key " "above the threshold, which we do not have stored:"); for (const char **p = betteralgs; *p; p++) seat_dialog_text_append(text, SDT_DISPLAY, "%s", *p); /* In batch mode, we print the above information and then this * abort message, and stop. */ seat_dialog_text_append(text, SDT_BATCH_ABORT, "Connection abandoned."); seat_dialog_text_append( text, SDT_PARA, "To accept the risk and continue, %s. " "To abandon the connection, %s.", pds->weak_accept_action, pds->weak_cancel_action); seat_dialog_text_append(text, SDT_PROMPT, "Continue with connection?"); SeatPromptResult toret = seat_confirm_weak_cached_hostkey( iseat, text, callback, ctx); seat_dialog_text_free(text); return toret; } /* ---------------------------------------------------------------------- * Common functions shared between SSH-1 layers. */ bool ssh1_common_get_specials( PacketProtocolLayer *ppl, add_special_fn_t add_special, void *ctx) { /* * Don't bother offering IGNORE if we've decided the remote * won't cope with it, since we wouldn't bother sending it if * asked anyway. */ if (!(ppl->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE)) { add_special(ctx, "IGNORE message", SS_NOP, 0); return true; } return false; } bool ssh1_common_filter_queue(PacketProtocolLayer *ppl) { PktIn *pktin; ptrlen msg; while ((pktin = pq_peek(ppl->in_pq)) != NULL) { switch (pktin->type) { case SSH1_MSG_DISCONNECT: msg = get_string(pktin); ssh_remote_error(ppl->ssh, "Remote side sent disconnect message:\n\"%.*s\"", PTRLEN_PRINTF(msg)); /* don't try to pop the queue, because we've been freed! */ return true; /* indicate that we've been freed */ case SSH1_MSG_DEBUG: msg = get_string(pktin); ppl_logevent("Remote debug message: %.*s", PTRLEN_PRINTF(msg)); pq_pop(ppl->in_pq); break; case SSH1_MSG_IGNORE: /* Do nothing, because we're ignoring it! Duhh. */ pq_pop(ppl->in_pq); break; default: return false; } } return false; } void ssh1_compute_session_id( unsigned char *session_id, const unsigned char *cookie, RSAKey *hostkey, RSAKey *servkey) { ssh_hash *hash = ssh_hash_new(&ssh_md5); for (size_t i = (mp_get_nbits(hostkey->modulus) + 7) / 8; i-- ;) put_byte(hash, mp_get_byte(hostkey->modulus, i)); for (size_t i = (mp_get_nbits(servkey->modulus) + 7) / 8; i-- ;) put_byte(hash, mp_get_byte(servkey->modulus, i)); put_data(hash, cookie, 8); ssh_hash_final(hash, session_id); } /* ---------------------------------------------------------------------- * Wrapper function to handle the abort-connection modes of a * SeatPromptResult without a lot of verbiage at every call site. * * Can become ssh_sw_abort or ssh_user_close, depending on the kind of * negative SeatPromptResult. */ void ssh_spr_close(Ssh *ssh, SeatPromptResult spr, const char *context) { if (spr.kind == SPRK_USER_ABORT) { ssh_user_close(ssh, "User aborted at %s", context); } else { assert(spr.kind == SPRK_SW_ABORT); char *err = spr_get_error_message(spr); ssh_sw_abort(ssh, "%s", err); sfree(err); } }