mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
1bf93289c9
This seemed like a worthwhile cleanup to do while I was working on this code anyway. Now all the magic numbers are defined in a header file by macro names indicating their meaning, and used by both the SOCKS client code in the proxy subdirectory and the SOCKS server code in portfwd.c.
176 lines
6.2 KiB
C
176 lines
6.2 KiB
C
/*
|
|
* Routines to do cryptographic interaction with proxies in PuTTY.
|
|
* This is in a separate module from proxy.c, so that it can be
|
|
* conveniently removed in PuTTYtel by replacing this module with
|
|
* the stub version nocproxy.c.
|
|
*/
|
|
|
|
#include <assert.h>
|
|
#include <ctype.h>
|
|
#include <string.h>
|
|
|
|
#include "putty.h"
|
|
#include "ssh.h" /* For MD5 support */
|
|
#include "network.h"
|
|
#include "proxy.h"
|
|
#include "socks.h"
|
|
#include "marshal.h"
|
|
|
|
static void hmacmd5_chap(const unsigned char *challenge, int challen,
|
|
const char *passwd, unsigned char *response)
|
|
{
|
|
mac_simple(&ssh_hmac_md5, ptrlen_from_asciz(passwd),
|
|
make_ptrlen(challenge, challen), response);
|
|
}
|
|
|
|
void proxy_socks5_offerencryptedauth(BinarySink *bs)
|
|
{
|
|
put_byte(bs, SOCKS5_AUTH_CHAP);
|
|
}
|
|
|
|
int proxy_socks5_handlechap (ProxySocket *ps)
|
|
{
|
|
|
|
/* CHAP authentication reply format:
|
|
* version number (1 bytes) = 1
|
|
* number of commands (1 byte)
|
|
*
|
|
* For each command:
|
|
* command identifier (1 byte)
|
|
* data length (1 byte)
|
|
*/
|
|
unsigned char data[260];
|
|
unsigned char outbuf[20];
|
|
|
|
while(ps->chap_num_attributes == 0 ||
|
|
ps->chap_num_attributes_processed < ps->chap_num_attributes) {
|
|
if (ps->chap_num_attributes == 0 ||
|
|
ps->chap_current_attribute == -1) {
|
|
/* CHAP normally reads in two bytes, either at the
|
|
* beginning or for each attribute/value pair. But if
|
|
* we're waiting for the value's data, we might not want
|
|
* to read 2 bytes.
|
|
*/
|
|
|
|
if (bufchain_size(&ps->pending_input_data) < 2)
|
|
return 1; /* not got anything yet */
|
|
|
|
/* get the response */
|
|
bufchain_fetch(&ps->pending_input_data, data, 2);
|
|
bufchain_consume(&ps->pending_input_data, 2);
|
|
}
|
|
|
|
if (ps->chap_num_attributes == 0) {
|
|
/* If there are no attributes, this is our first msg
|
|
* with the server, where we negotiate version and
|
|
* number of attributes
|
|
*/
|
|
if (data[0] != SOCKS5_AUTH_CHAP_VERSION) {
|
|
plug_closing_error(ps->plug, "Proxy error: SOCKS proxy wants "
|
|
"a different CHAP version");
|
|
return 1;
|
|
}
|
|
if (data[1] == 0x00) {
|
|
plug_closing_error(ps->plug, "Proxy error: SOCKS proxy won't "
|
|
"negotiate CHAP with us");
|
|
return 1;
|
|
}
|
|
ps->chap_num_attributes = data[1];
|
|
} else {
|
|
if (ps->chap_current_attribute == -1) {
|
|
/* We have to read in each attribute/value pair -
|
|
* those we don't understand can be ignored, but
|
|
* there are a few we'll need to handle.
|
|
*/
|
|
ps->chap_current_attribute = data[0];
|
|
ps->chap_current_datalen = data[1];
|
|
}
|
|
if (bufchain_size(&ps->pending_input_data) <
|
|
ps->chap_current_datalen)
|
|
return 1; /* not got everything yet */
|
|
|
|
/* get the response */
|
|
bufchain_fetch(&ps->pending_input_data, data,
|
|
ps->chap_current_datalen);
|
|
|
|
bufchain_consume(&ps->pending_input_data,
|
|
ps->chap_current_datalen);
|
|
|
|
switch (ps->chap_current_attribute) {
|
|
case SOCKS5_AUTH_CHAP_ATTR_STATUS:
|
|
/* Successful authentication */
|
|
if (data[0] == 0x00)
|
|
ps->state = 2;
|
|
else {
|
|
plug_closing_error(ps->plug, "Proxy error: SOCKS proxy "
|
|
"refused CHAP authentication");
|
|
return 1;
|
|
}
|
|
break;
|
|
case SOCKS5_AUTH_CHAP_ATTR_CHALLENGE:
|
|
outbuf[0] = SOCKS5_AUTH_CHAP_VERSION;
|
|
outbuf[1] = 0x01; /* One attribute */
|
|
outbuf[2] = SOCKS5_AUTH_CHAP_ATTR_RESPONSE;
|
|
outbuf[3] = 0x10; /* Length */
|
|
hmacmd5_chap(data, ps->chap_current_datalen,
|
|
conf_get_str(ps->conf, CONF_proxy_password),
|
|
&outbuf[4]);
|
|
sk_write(ps->sub_socket, outbuf, 20);
|
|
break;
|
|
case SOCKS5_AUTH_CHAP_ATTR_ALGLIST:
|
|
/* Chose a protocol */
|
|
if (data[0] != SOCKS5_AUTH_CHAP_ALG_HMACMD5) {
|
|
plug_closing_error(ps->plug, "Proxy error: Server chose "
|
|
"CHAP of other than HMAC-MD5 but we "
|
|
"didn't offer it!");
|
|
return 1;
|
|
}
|
|
break;
|
|
}
|
|
ps->chap_current_attribute = -1;
|
|
ps->chap_num_attributes_processed++;
|
|
}
|
|
if (ps->state == 8 &&
|
|
ps->chap_num_attributes_processed >= ps->chap_num_attributes) {
|
|
ps->chap_num_attributes = 0;
|
|
ps->chap_num_attributes_processed = 0;
|
|
ps->chap_current_datalen = 0;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int proxy_socks5_selectchap(ProxySocket *ps)
|
|
{
|
|
char *username = conf_get_str(ps->conf, CONF_proxy_username);
|
|
char *password = conf_get_str(ps->conf, CONF_proxy_password);
|
|
if (username[0] || password[0]) {
|
|
char chapbuf[514];
|
|
int ulen;
|
|
chapbuf[0] = SOCKS5_AUTH_CHAP_VERSION;
|
|
chapbuf[1] = '\x02'; /* Number of attributes sent */
|
|
chapbuf[2] = SOCKS5_AUTH_CHAP_ATTR_ALGLIST;
|
|
chapbuf[3] = '\x01'; /* Only one CHAP algorithm */
|
|
chapbuf[4] = SOCKS5_AUTH_CHAP_ALG_HMACMD5;
|
|
chapbuf[5] = SOCKS5_AUTH_CHAP_ATTR_USERNAME;
|
|
|
|
ulen = strlen(username);
|
|
if (ulen > 255) ulen = 255;
|
|
if (ulen < 1) ulen = 1;
|
|
|
|
chapbuf[6] = ulen;
|
|
memcpy(chapbuf+7, username, ulen);
|
|
|
|
sk_write(ps->sub_socket, chapbuf, ulen + 7);
|
|
ps->chap_num_attributes = 0;
|
|
ps->chap_num_attributes_processed = 0;
|
|
ps->chap_current_attribute = -1;
|
|
ps->chap_current_datalen = 0;
|
|
|
|
ps->state = 8;
|
|
} else
|
|
plug_closing_error(ps->plug, "Proxy error: Server chose "
|
|
"CHAP authentication but we didn't offer it!");
|
|
return 1;
|
|
}
|