projects / u / mdw / putty / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
do_ssh2_authconn() now installs the standard handlers for CHANNEL_SUCCESS
[u/mdw/putty] / ssh.c
CommitLineData
eaf1e20a 1/*
2 * SSH backend.
3 */
4
374330e2 5#include <stdio.h>
6#include <stdlib.h>
fb09bf1c 7#include <stdarg.h>
8#include <assert.h>
3c112d53 9#include <limits.h>
d051d1b4 10#include <signal.h>
374330e2 11
12#include "putty.h"
dacbd0e8 13#include "tree234.h"
fb09bf1c 14#include "ssh.h"
bf84a03a 15#ifndef NO_GSSAPI
b3d375b2 16#include "sshgssc.h"
42af6a67 17#include "sshgss.h"
bf84a03a 18#endif
374330e2 19
20#ifndef FALSE
21#define FALSE 0
22#endif
23#ifndef TRUE
24#define TRUE 1
25#endif
26
32874aea 27#define SSH1_MSG_DISCONNECT 1 /* 0x1 */
28#define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */
29#define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */
30#define SSH1_CMSG_USER 4 /* 0x4 */
31#define SSH1_CMSG_AUTH_RSA 6 /* 0x6 */
32#define SSH1_SMSG_AUTH_RSA_CHALLENGE 7 /* 0x7 */
33#define SSH1_CMSG_AUTH_RSA_RESPONSE 8 /* 0x8 */
34#define SSH1_CMSG_AUTH_PASSWORD 9 /* 0x9 */
35#define SSH1_CMSG_REQUEST_PTY 10 /* 0xa */
36#define SSH1_CMSG_WINDOW_SIZE 11 /* 0xb */
37#define SSH1_CMSG_EXEC_SHELL 12 /* 0xc */
38#define SSH1_CMSG_EXEC_CMD 13 /* 0xd */
39#define SSH1_SMSG_SUCCESS 14 /* 0xe */
40#define SSH1_SMSG_FAILURE 15 /* 0xf */
41#define SSH1_CMSG_STDIN_DATA 16 /* 0x10 */
42#define SSH1_SMSG_STDOUT_DATA 17 /* 0x11 */
43#define SSH1_SMSG_STDERR_DATA 18 /* 0x12 */
44#define SSH1_CMSG_EOF 19 /* 0x13 */
45#define SSH1_SMSG_EXIT_STATUS 20 /* 0x14 */
46#define SSH1_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* 0x15 */
47#define SSH1_MSG_CHANNEL_OPEN_FAILURE 22 /* 0x16 */
48#define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */
49#define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */
50#define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */
51#define SSH1_SMSG_X11_OPEN 27 /* 0x1b */
52#define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */
53#define SSH1_MSG_PORT_OPEN 29 /* 0x1d */
54#define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */
55#define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */
56#define SSH1_MSG_IGNORE 32 /* 0x20 */
57#define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */
58#define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */
59#define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */
60#define SSH1_MSG_DEBUG 36 /* 0x24 */
61#define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */
62#define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */
63#define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */
64#define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */
65#define SSH1_CMSG_AUTH_CCARD 70 /* 0x46 */
66#define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71 /* 0x47 */
67#define SSH1_CMSG_AUTH_CCARD_RESPONSE 72 /* 0x48 */
68
8f9e3231 69#define SSH1_AUTH_RHOSTS 1 /* 0x1 */
70#define SSH1_AUTH_RSA 2 /* 0x2 */
71#define SSH1_AUTH_PASSWORD 3 /* 0x3 */
72#define SSH1_AUTH_RHOSTS_RSA 4 /* 0x4 */
32874aea 73#define SSH1_AUTH_TIS 5 /* 0x5 */
74#define SSH1_AUTH_CCARD 16 /* 0x10 */
75
76#define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
b96dc54c 77/* Mask for protoflags we will echo back to server if seen */
32874aea 78#define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
79
80#define SSH2_MSG_DISCONNECT 1 /* 0x1 */
81#define SSH2_MSG_IGNORE 2 /* 0x2 */
82#define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
83#define SSH2_MSG_DEBUG 4 /* 0x4 */
84#define SSH2_MSG_SERVICE_REQUEST 5 /* 0x5 */
85#define SSH2_MSG_SERVICE_ACCEPT 6 /* 0x6 */
86#define SSH2_MSG_KEXINIT 20 /* 0x14 */
87#define SSH2_MSG_NEWKEYS 21 /* 0x15 */
88#define SSH2_MSG_KEXDH_INIT 30 /* 0x1e */
89#define SSH2_MSG_KEXDH_REPLY 31 /* 0x1f */
90#define SSH2_MSG_KEX_DH_GEX_REQUEST 30 /* 0x1e */
91#define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
92#define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
93#define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
fae1a71b 94#define SSH2_MSG_KEXRSA_PUBKEY 30 /* 0x1e */
95#define SSH2_MSG_KEXRSA_SECRET 31 /* 0x1f */
96#define SSH2_MSG_KEXRSA_DONE 32 /* 0x20 */
32874aea 97#define SSH2_MSG_USERAUTH_REQUEST 50 /* 0x32 */
98#define SSH2_MSG_USERAUTH_FAILURE 51 /* 0x33 */
99#define SSH2_MSG_USERAUTH_SUCCESS 52 /* 0x34 */
100#define SSH2_MSG_USERAUTH_BANNER 53 /* 0x35 */
101#define SSH2_MSG_USERAUTH_PK_OK 60 /* 0x3c */
102#define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 /* 0x3c */
761187b6 103#define SSH2_MSG_USERAUTH_INFO_REQUEST 60 /* 0x3c */
104#define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 /* 0x3d */
32874aea 105#define SSH2_MSG_GLOBAL_REQUEST 80 /* 0x50 */
106#define SSH2_MSG_REQUEST_SUCCESS 81 /* 0x51 */
107#define SSH2_MSG_REQUEST_FAILURE 82 /* 0x52 */
108#define SSH2_MSG_CHANNEL_OPEN 90 /* 0x5a */
109#define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 /* 0x5b */
110#define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 /* 0x5c */
111#define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 /* 0x5d */
112#define SSH2_MSG_CHANNEL_DATA 94 /* 0x5e */
113#define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 /* 0x5f */
114#define SSH2_MSG_CHANNEL_EOF 96 /* 0x60 */
115#define SSH2_MSG_CHANNEL_CLOSE 97 /* 0x61 */
116#define SSH2_MSG_CHANNEL_REQUEST 98 /* 0x62 */
117#define SSH2_MSG_CHANNEL_SUCCESS 99 /* 0x63 */
118#define SSH2_MSG_CHANNEL_FAILURE 100 /* 0x64 */
42af6a67 119#define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
120#define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
121#define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
122#define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
123#define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
124#define SSH2_MSG_USERAUTH_GSSAPI_MIC 66
32874aea 125
00db133f 126/*
127 * Packet type contexts, so that ssh2_pkt_type can correctly decode
128 * the ambiguous type numbers back into the correct type strings.
129 */
acab36bc 130typedef enum {
131 SSH2_PKTCTX_NOKEX,
132 SSH2_PKTCTX_DHGROUP,
133 SSH2_PKTCTX_DHGEX,
134 SSH2_PKTCTX_RSAKEX
135} Pkt_KCtx;
136typedef enum {
137 SSH2_PKTCTX_NOAUTH,
138 SSH2_PKTCTX_PUBLICKEY,
139 SSH2_PKTCTX_PASSWORD,
42af6a67 140 SSH2_PKTCTX_GSSAPI,
acab36bc 141 SSH2_PKTCTX_KBDINTER
142} Pkt_ACtx;
00db133f 143
32874aea 144#define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
145#define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
146#define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
147#define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
148#define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
149#define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
150#define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
151#define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
152#define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
153#define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
154#define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
155#define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
156#define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
157#define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
158#define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
38c4a8da 159
160static const char *const ssh2_disconnect_reasons[] = {
161 NULL,
afb4d0dc 162 "host not allowed to connect",
163 "protocol error",
164 "key exchange failed",
165 "host authentication failed",
1da38d29 166 "MAC error",
afb4d0dc 167 "compression error",
168 "service not available",
169 "protocol version not supported",
170 "host key not verifiable",
171 "connection lost",
172 "by application",
173 "too many connections",
174 "auth cancelled by user",
175 "no more auth methods available",
176 "illegal user name",
38c4a8da 177};
9005f3ba 178
32874aea 179#define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
180#define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
181#define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
182#define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
d211621f 183
32874aea 184#define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
fb09bf1c 185
7d503c31 186/*
187 * Various remote-bug flags.
188 */
189#define BUG_CHOKES_ON_SSH1_IGNORE 1
190#define BUG_SSH2_HMAC 2
bd358db1 191#define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
0df73905 192#define BUG_CHOKES_ON_RSA 8
1dd353b5 193#define BUG_SSH2_RSA_PADDING 16
088bde77 194#define BUG_SSH2_DERIVEKEY 32
f382c87d 195#define BUG_SSH2_REKEY 64
dda87a28 196#define BUG_SSH2_PK_SESSIONID 128
c9739dba 197#define BUG_SSH2_MAXPKT 256
cf6ddb95 198#define BUG_CHOKES_ON_SSH2_IGNORE 512
2e0aae4f 199#define BUG_CHOKES_ON_WINADJ 1024
bd358db1 200
c6ccd5c2 201/*
202 * Codes for terminal modes.
203 * Most of these are the same in SSH-1 and SSH-2.
7646c432 204 * This list is derived from RFC 4254 and
c6ccd5c2 205 * SSH-1 RFC-1.2.31.
206 */
207static const struct {
208 const char* const mode;
209 int opcode;
210 enum { TTY_OP_CHAR, TTY_OP_BOOL } type;
211} ssh_ttymodes[] = {
212 /* "V" prefix discarded for special characters relative to SSH specs */
213 { "INTR", 1, TTY_OP_CHAR },
214 { "QUIT", 2, TTY_OP_CHAR },
215 { "ERASE", 3, TTY_OP_CHAR },
216 { "KILL", 4, TTY_OP_CHAR },
217 { "EOF", 5, TTY_OP_CHAR },
218 { "EOL", 6, TTY_OP_CHAR },
219 { "EOL2", 7, TTY_OP_CHAR },
220 { "START", 8, TTY_OP_CHAR },
221 { "STOP", 9, TTY_OP_CHAR },
222 { "SUSP", 10, TTY_OP_CHAR },
223 { "DSUSP", 11, TTY_OP_CHAR },
224 { "REPRINT", 12, TTY_OP_CHAR },
225 { "WERASE", 13, TTY_OP_CHAR },
226 { "LNEXT", 14, TTY_OP_CHAR },
227 { "FLUSH", 15, TTY_OP_CHAR },
228 { "SWTCH", 16, TTY_OP_CHAR },
229 { "STATUS", 17, TTY_OP_CHAR },
230 { "DISCARD", 18, TTY_OP_CHAR },
231 { "IGNPAR", 30, TTY_OP_BOOL },
232 { "PARMRK", 31, TTY_OP_BOOL },
233 { "INPCK", 32, TTY_OP_BOOL },
234 { "ISTRIP", 33, TTY_OP_BOOL },
235 { "INLCR", 34, TTY_OP_BOOL },
236 { "IGNCR", 35, TTY_OP_BOOL },
237 { "ICRNL", 36, TTY_OP_BOOL },
238 { "IUCLC", 37, TTY_OP_BOOL },
239 { "IXON", 38, TTY_OP_BOOL },
240 { "IXANY", 39, TTY_OP_BOOL },
241 { "IXOFF", 40, TTY_OP_BOOL },
242 { "IMAXBEL", 41, TTY_OP_BOOL },
243 { "ISIG", 50, TTY_OP_BOOL },
244 { "ICANON", 51, TTY_OP_BOOL },
245 { "XCASE", 52, TTY_OP_BOOL },
246 { "ECHO", 53, TTY_OP_BOOL },
247 { "ECHOE", 54, TTY_OP_BOOL },
248 { "ECHOK", 55, TTY_OP_BOOL },
249 { "ECHONL", 56, TTY_OP_BOOL },
250 { "NOFLSH", 57, TTY_OP_BOOL },
251 { "TOSTOP", 58, TTY_OP_BOOL },
252 { "IEXTEN", 59, TTY_OP_BOOL },
253 { "ECHOCTL", 60, TTY_OP_BOOL },
254 { "ECHOKE", 61, TTY_OP_BOOL },
255 { "PENDIN", 62, TTY_OP_BOOL }, /* XXX is this a real mode? */
256 { "OPOST", 70, TTY_OP_BOOL },
257 { "OLCUC", 71, TTY_OP_BOOL },
258 { "ONLCR", 72, TTY_OP_BOOL },
259 { "OCRNL", 73, TTY_OP_BOOL },
260 { "ONOCR", 74, TTY_OP_BOOL },
261 { "ONLRET", 75, TTY_OP_BOOL },
262 { "CS7", 90, TTY_OP_BOOL },
263 { "CS8", 91, TTY_OP_BOOL },
264 { "PARENB", 92, TTY_OP_BOOL },
265 { "PARODD", 93, TTY_OP_BOOL }
266};
267
268/* Miscellaneous other tty-related constants. */
269#define SSH_TTY_OP_END 0
270/* The opcodes for ISPEED/OSPEED differ between SSH-1 and SSH-2. */
271#define SSH1_TTY_OP_ISPEED 192
272#define SSH1_TTY_OP_OSPEED 193
273#define SSH2_TTY_OP_ISPEED 128
274#define SSH2_TTY_OP_OSPEED 129
275
276/* Helper functions for parsing tty-related config. */
277static unsigned int ssh_tty_parse_specchar(char *s)
278{
279 unsigned int ret;
280 if (*s) {
281 char *next = NULL;
282 ret = ctrlparse(s, &next);
283 if (!next) ret = s[0];
284 } else {
285 ret = 255; /* special value meaning "don't set" */
286 }
287 return ret;
288}
289static unsigned int ssh_tty_parse_boolean(char *s)
290{
291 if (stricmp(s, "yes") == 0 ||
292 stricmp(s, "on") == 0 ||
293 stricmp(s, "true") == 0 ||
294 stricmp(s, "+") == 0)
295 return 1; /* true */
296 else if (stricmp(s, "no") == 0 ||
297 stricmp(s, "off") == 0 ||
298 stricmp(s, "false") == 0 ||
299 stricmp(s, "-") == 0)
300 return 0; /* false */
301 else
302 return (atoi(s) != 0);
303}
304
00db133f 305#define translate(x) if (type == x) return #x
acab36bc 306#define translatek(x,ctx) if (type == x && (pkt_kctx == ctx)) return #x
307#define translatea(x,ctx) if (type == x && (pkt_actx == ctx)) return #x
ae9ae89f 308static char *ssh1_pkt_type(int type)
00db133f 309{
310 translate(SSH1_MSG_DISCONNECT);
311 translate(SSH1_SMSG_PUBLIC_KEY);
312 translate(SSH1_CMSG_SESSION_KEY);
313 translate(SSH1_CMSG_USER);
314 translate(SSH1_CMSG_AUTH_RSA);
315 translate(SSH1_SMSG_AUTH_RSA_CHALLENGE);
316 translate(SSH1_CMSG_AUTH_RSA_RESPONSE);
317 translate(SSH1_CMSG_AUTH_PASSWORD);
318 translate(SSH1_CMSG_REQUEST_PTY);
319 translate(SSH1_CMSG_WINDOW_SIZE);
320 translate(SSH1_CMSG_EXEC_SHELL);
321 translate(SSH1_CMSG_EXEC_CMD);
322 translate(SSH1_SMSG_SUCCESS);
323 translate(SSH1_SMSG_FAILURE);
324 translate(SSH1_CMSG_STDIN_DATA);
325 translate(SSH1_SMSG_STDOUT_DATA);
326 translate(SSH1_SMSG_STDERR_DATA);
327 translate(SSH1_CMSG_EOF);
328 translate(SSH1_SMSG_EXIT_STATUS);
329 translate(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION);
330 translate(SSH1_MSG_CHANNEL_OPEN_FAILURE);
331 translate(SSH1_MSG_CHANNEL_DATA);
332 translate(SSH1_MSG_CHANNEL_CLOSE);
333 translate(SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION);
334 translate(SSH1_SMSG_X11_OPEN);
335 translate(SSH1_CMSG_PORT_FORWARD_REQUEST);
336 translate(SSH1_MSG_PORT_OPEN);
337 translate(SSH1_CMSG_AGENT_REQUEST_FORWARDING);
338 translate(SSH1_SMSG_AGENT_OPEN);
339 translate(SSH1_MSG_IGNORE);
340 translate(SSH1_CMSG_EXIT_CONFIRMATION);
341 translate(SSH1_CMSG_X11_REQUEST_FORWARDING);
342 translate(SSH1_CMSG_AUTH_RHOSTS_RSA);
343 translate(SSH1_MSG_DEBUG);
344 translate(SSH1_CMSG_REQUEST_COMPRESSION);
345 translate(SSH1_CMSG_AUTH_TIS);
346 translate(SSH1_SMSG_AUTH_TIS_CHALLENGE);
347 translate(SSH1_CMSG_AUTH_TIS_RESPONSE);
348 translate(SSH1_CMSG_AUTH_CCARD);
349 translate(SSH1_SMSG_AUTH_CCARD_CHALLENGE);
350 translate(SSH1_CMSG_AUTH_CCARD_RESPONSE);
351 return "unknown";
352}
acab36bc 353static char *ssh2_pkt_type(Pkt_KCtx pkt_kctx, Pkt_ACtx pkt_actx, int type)
00db133f 354{
42af6a67 355 translatea(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE,SSH2_PKTCTX_GSSAPI);
356 translatea(SSH2_MSG_USERAUTH_GSSAPI_TOKEN,SSH2_PKTCTX_GSSAPI);
357 translatea(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,SSH2_PKTCTX_GSSAPI);
358 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERROR,SSH2_PKTCTX_GSSAPI);
359 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK,SSH2_PKTCTX_GSSAPI);
360 translatea(SSH2_MSG_USERAUTH_GSSAPI_MIC, SSH2_PKTCTX_GSSAPI);
00db133f 361 translate(SSH2_MSG_DISCONNECT);
362 translate(SSH2_MSG_IGNORE);
363 translate(SSH2_MSG_UNIMPLEMENTED);
364 translate(SSH2_MSG_DEBUG);
365 translate(SSH2_MSG_SERVICE_REQUEST);
366 translate(SSH2_MSG_SERVICE_ACCEPT);
367 translate(SSH2_MSG_KEXINIT);
368 translate(SSH2_MSG_NEWKEYS);
acab36bc 369 translatek(SSH2_MSG_KEXDH_INIT, SSH2_PKTCTX_DHGROUP);
370 translatek(SSH2_MSG_KEXDH_REPLY, SSH2_PKTCTX_DHGROUP);
371 translatek(SSH2_MSG_KEX_DH_GEX_REQUEST, SSH2_PKTCTX_DHGEX);
372 translatek(SSH2_MSG_KEX_DH_GEX_GROUP, SSH2_PKTCTX_DHGEX);
373 translatek(SSH2_MSG_KEX_DH_GEX_INIT, SSH2_PKTCTX_DHGEX);
374 translatek(SSH2_MSG_KEX_DH_GEX_REPLY, SSH2_PKTCTX_DHGEX);
375 translatek(SSH2_MSG_KEXRSA_PUBKEY, SSH2_PKTCTX_RSAKEX);
376 translatek(SSH2_MSG_KEXRSA_SECRET, SSH2_PKTCTX_RSAKEX);
377 translatek(SSH2_MSG_KEXRSA_DONE, SSH2_PKTCTX_RSAKEX);
00db133f 378 translate(SSH2_MSG_USERAUTH_REQUEST);
379 translate(SSH2_MSG_USERAUTH_FAILURE);
380 translate(SSH2_MSG_USERAUTH_SUCCESS);
381 translate(SSH2_MSG_USERAUTH_BANNER);
acab36bc 382 translatea(SSH2_MSG_USERAUTH_PK_OK, SSH2_PKTCTX_PUBLICKEY);
383 translatea(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, SSH2_PKTCTX_PASSWORD);
384 translatea(SSH2_MSG_USERAUTH_INFO_REQUEST, SSH2_PKTCTX_KBDINTER);
385 translatea(SSH2_MSG_USERAUTH_INFO_RESPONSE, SSH2_PKTCTX_KBDINTER);
00db133f 386 translate(SSH2_MSG_GLOBAL_REQUEST);
387 translate(SSH2_MSG_REQUEST_SUCCESS);
388 translate(SSH2_MSG_REQUEST_FAILURE);
389 translate(SSH2_MSG_CHANNEL_OPEN);
390 translate(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
391 translate(SSH2_MSG_CHANNEL_OPEN_FAILURE);
392 translate(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
393 translate(SSH2_MSG_CHANNEL_DATA);
394 translate(SSH2_MSG_CHANNEL_EXTENDED_DATA);
395 translate(SSH2_MSG_CHANNEL_EOF);
396 translate(SSH2_MSG_CHANNEL_CLOSE);
397 translate(SSH2_MSG_CHANNEL_REQUEST);
398 translate(SSH2_MSG_CHANNEL_SUCCESS);
399 translate(SSH2_MSG_CHANNEL_FAILURE);
400 return "unknown";
401}
402#undef translate
403#undef translatec
7d503c31 404
9a10ecf4 405/* Enumeration values for fields in SSH-1 packets */
406enum {
407 PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM,
408 /* These values are for communicating relevant semantics of
409 * fields to the packet logging code. */
410 PKTT_OTHER, PKTT_PASSWORD, PKTT_DATA
411};
972a41c8 412
acddebd9 413/*
414 * Coroutine mechanics for the sillier bits of the code. If these
415 * macros look impenetrable to you, you might find it helpful to
416 * read
417 *
418 * http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
419 *
420 * which explains the theory behind these macros.
b624d1e6 421 *
422 * In particular, if you are getting `case expression not constant'
423 * errors when building with MS Visual Studio, this is because MS's
424 * Edit and Continue debugging feature causes their compiler to
425 * violate ANSI C. To disable Edit and Continue debugging:
426 *
427 * - right-click ssh.c in the FileView
428 * - click Settings
429 * - select the C/C++ tab and the General category
430 * - under `Debug info:', select anything _other_ than `Program
431 * Database for Edit and Continue'.
acddebd9 432 */
51470298 433#define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
30919997 434#define crBeginState crBegin(s->crLine)
435#define crStateP(t, v) \
436 struct t *s; \
437 if (!(v)) { s = (v) = snew(struct t); s->crLine = 0; } \
438 s = (v);
439#define crState(t) crStateP(t, ssh->t)
51470298 440#define crFinish(z) } *crLine = 0; return (z); }
441#define crFinishV } *crLine = 0; return; }
0d201bfb 442#define crFinishFree(z) } sfree(s); return (z); }
443#define crFinishFreeV } sfree(s); return; }
374330e2 444#define crReturn(z) \
445 do {\
51470298 446 *crLine =__LINE__; return (z); case __LINE__:;\
374330e2 447 } while (0)
448#define crReturnV \
449 do {\
51470298 450 *crLine=__LINE__; return; case __LINE__:;\
374330e2 451 } while (0)
51470298 452#define crStop(z) do{ *crLine = 0; return (z); }while(0)
453#define crStopV do{ *crLine = 0; return; }while(0)
fb09bf1c 454#define crWaitUntil(c) do { crReturn(0); } while (!(c))
7cca0d81 455#define crWaitUntilV(c) do { crReturnV; } while (!(c))
374330e2 456
51470298 457typedef struct ssh_tag *Ssh;
ff3187f6 458struct Packet;
459
dacd8872 460static struct Packet *ssh1_pkt_init(int pkt_type);
ff3187f6 461static struct Packet *ssh2_pkt_init(int pkt_type);
dacd8872 462static void ssh_pkt_ensure(struct Packet *, int length);
463static void ssh_pkt_adddata(struct Packet *, void *data, int len);
464static void ssh_pkt_addbyte(struct Packet *, unsigned char value);
ff3187f6 465static void ssh2_pkt_addbool(struct Packet *, unsigned char value);
dacd8872 466static void ssh_pkt_adduint32(struct Packet *, unsigned long value);
467static void ssh_pkt_addstring_start(struct Packet *);
468static void ssh_pkt_addstring_str(struct Packet *, char *data);
469static void ssh_pkt_addstring_data(struct Packet *, char *data, int len);
470static void ssh_pkt_addstring(struct Packet *, char *data);
d8baa528 471static unsigned char *ssh2_mpint_fmt(Bignum b, int *len);
dacd8872 472static void ssh1_pkt_addmp(struct Packet *, Bignum b);
ff3187f6 473static void ssh2_pkt_addmp(struct Packet *, Bignum b);
474static int ssh2_pkt_construct(Ssh, struct Packet *);
475static void ssh2_pkt_send(Ssh, struct Packet *);
590f6a5f 476static void ssh2_pkt_send_noqueue(Ssh, struct Packet *);
ff3187f6 477static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
478 struct Packet *pktin);
479static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
480 struct Packet *pktin);
997097db 481static void ssh2_channel_check_close(struct ssh_channel *c);
bc06669b 482static void ssh_channel_destroy(struct ssh_channel *c);
3d63ca2e 483
5471d09a 484/*
485 * Buffer management constants. There are several of these for
486 * various different purposes:
487 *
488 * - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
489 * on a local data stream before we throttle the whole SSH
2e85c969 490 * connection (in SSH-1 only). Throttling the whole connection is
5471d09a 491 * pretty drastic so we set this high in the hope it won't
492 * happen very often.
493 *
494 * - SSH_MAX_BACKLOG is the amount of backlog that must build up
495 * on the SSH connection itself before we defensively throttle
496 * _all_ local data streams. This is pretty drastic too (though
2e85c969 497 * thankfully unlikely in SSH-2 since the window mechanism should
5471d09a 498 * ensure that the server never has any need to throttle its end
499 * of the connection), so we set this high as well.
500 *
2e85c969 501 * - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
5471d09a 502 * channels.
9b53e9b8 503 *
504 * - OUR_V2_BIGWIN is the window size we advertise for the only
3361b80a 505 * channel in a simple connection. It must be <= INT_MAX.
9916cc1e 506 *
507 * - OUR_V2_MAXPKT is the official "maximum packet size" we send
508 * to the remote side. This actually has nothing to do with the
509 * size of the _packet_, but is instead a limit on the amount
510 * of data we're willing to receive in a single SSH2 channel
511 * data message.
512 *
513 * - OUR_V2_PACKETLIMIT is actually the maximum size of SSH
514 * _packet_ we're prepared to cope with. It must be a multiple
515 * of the cipher block size, and must be at least 35000.
5471d09a 516 */
517
518#define SSH1_BUFFER_LIMIT 32768
519#define SSH_MAX_BACKLOG 32768
520#define OUR_V2_WINSIZE 16384
3361b80a 521#define OUR_V2_BIGWIN 0x7fffffff
954d5c5a 522#define OUR_V2_MAXPKT 0x4000UL
9916cc1e 523#define OUR_V2_PACKETLIMIT 0x9000UL
d74d141c 524
85cc02bb 525const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
e5574168 526
8b2715b2 527const static struct ssh_mac *macs[] = {
6668a75e 528 &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
32874aea 529};
8b2715b2 530const static struct ssh_mac *buggymacs[] = {
6668a75e 531 &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5
32874aea 532};
e5574168 533
5366aed8 534static void *ssh_comp_none_init(void)
535{
536 return NULL;
537}
538static void ssh_comp_none_cleanup(void *handle)
32874aea 539{
540}
5366aed8 541static int ssh_comp_none_block(void *handle, unsigned char *block, int len,
32874aea 542 unsigned char **outblock, int *outlen)
543{
544 return 0;
545}
5366aed8 546static int ssh_comp_none_disable(void *handle)
32874aea 547{
4ba9b64b 548 return 0;
549}
57476f6b 550const static struct ssh_compress ssh_comp_none = {
ab18ccff 551 "none", NULL,
5366aed8 552 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
553 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
554 ssh_comp_none_disable, NULL
e5574168 555};
4ba9b64b 556extern const struct ssh_compress ssh_zlib;
557const static struct ssh_compress *compressions[] = {
32874aea 558 &ssh_zlib, &ssh_comp_none
559};
374330e2 560
32874aea 561enum { /* channel types */
783415f8 562 CHAN_MAINSESSION,
563 CHAN_X11,
564 CHAN_AGENT,
bc240b21 565 CHAN_SOCKDATA,
c6b41791 566 CHAN_SOCKDATA_DORMANT, /* one the remote hasn't confirmed */
567 /*
568 * CHAN_ZOMBIE is used to indicate a channel for which we've
569 * already destroyed the local data source: for instance, if a
570 * forwarded port experiences a socket error on the local side, we
571 * immediately destroy its local socket and turn the SSH channel
572 * into CHAN_ZOMBIE.
573 */
574 CHAN_ZOMBIE
783415f8 575};
576
39d830e4 577typedef void (*handler_fn_t)(Ssh ssh, struct Packet *pktin);
578typedef void (*chandler_fn_t)(Ssh ssh, struct Packet *pktin, void *ctx);
579typedef void (*cchandler_fn_t)(struct ssh_channel *, struct Packet *, void *);
580
581/*
582 * Each channel has a queue of outstanding CHANNEL_REQUESTS and their
583 * handlers.
584 */
585struct outstanding_channel_request {
586 cchandler_fn_t handler;
587 void *ctx;
588 struct outstanding_channel_request *next;
589};
590
dacbd0e8 591/*
0e443c99 592 * little structure to keep track of outstanding WINDOW_ADJUSTs
593 */
594struct winadj {
595 struct winadj *next;
596 unsigned size;
597};
598
599/*
dacbd0e8 600 * 2-3-4 tree storing channels.
601 */
602struct ssh_channel {
51470298 603 Ssh ssh; /* pointer back to main context */
d211621f 604 unsigned remoteid, localid;
dacbd0e8 605 int type;
64d6ff88 606 /* True if we opened this channel but server hasn't confirmed. */
607 int halfopen;
0357890f 608 /*
2e85c969 609 * In SSH-1, this value contains four bits:
0357890f 610 *
611 * 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
612 * 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
613 * 4 We have received SSH1_MSG_CHANNEL_CLOSE.
614 * 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
615 *
616 * A channel is completely finished with when all four bits are set.
bc06669b 617 *
618 * In SSH-2, the four bits mean:
619 *
620 * 1 We have sent SSH2_MSG_CHANNEL_EOF.
621 * 2 We have sent SSH2_MSG_CHANNEL_CLOSE.
622 * 4 We have received SSH2_MSG_CHANNEL_EOF.
623 * 8 We have received SSH2_MSG_CHANNEL_CLOSE.
624 *
625 * A channel is completely finished with when we have both sent
626 * and received CLOSE.
627 *
628 * The symbolic constants below use the SSH-2 terminology, which
629 * is a bit confusing in SSH-1, but we have to use _something_.
0357890f 630 */
bc06669b 631#define CLOSES_SENT_EOF 1
632#define CLOSES_SENT_CLOSE 2
633#define CLOSES_RCVD_EOF 4
634#define CLOSES_RCVD_CLOSE 8
dacbd0e8 635 int closes;
78280721 636
637 /*
bc06669b 638 * This flag indicates that an EOF is pending on the outgoing side
639 * of the channel: that is, wherever we're getting the data for
640 * this channel has sent us some data followed by EOF. We can't
641 * actually send the EOF until we've finished sending the data, so
642 * we set this flag instead to remind us to do so once our buffer
643 * is clear.
78280721 644 */
bc06669b 645 int pending_eof;
78280721 646
ff68564b 647 /*
648 * True if this channel is causing the underlying connection to be
649 * throttled.
650 */
651 int throttling_conn;
5471d09a 652 union {
5471d09a 653 struct ssh2_data_channel {
654 bufchain outbuffer;
655 unsigned remwindow, remmaxpkt;
467e064d 656 /* locwindow is signed so we can cope with excess data. */
9b53e9b8 657 int locwindow, locmaxwin;
0e443c99 658 /*
659 * remlocwin is the amount of local window that we think
660 * the remote end had available to it after it sent the
661 * last data packet or window adjust ack.
662 */
663 int remlocwin;
664 /*
39d830e4 665 * These store the list of channel requests that haven't
0e443c99 666 * been acked.
667 */
39d830e4 668 struct outstanding_channel_request *chanreq_head, *chanreq_tail;
0e443c99 669 enum { THROTTLED, UNTHROTTLING, UNTHROTTLED } throttle_state;
5471d09a 670 } v2;
671 } v;
dacbd0e8 672 union {
32874aea 673 struct ssh_agent_channel {
674 unsigned char *message;
675 unsigned char msglen[4];
a03c9f9c 676 unsigned lensofar, totallen;
32874aea 677 } a;
678 struct ssh_x11_channel {
679 Socket s;
680 } x11;
d74d141c 681 struct ssh_pfd_channel {
682 Socket s;
683 } pfd;
dacbd0e8 684 } u;
685};
57476f6b 686
d74d141c 687/*
2e85c969 688 * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
689 * use this structure in different ways, reflecting SSH-2's
bc240b21 690 * altogether saner approach to port forwarding.
691 *
2e85c969 692 * In SSH-1, you arrange a remote forwarding by sending the server
bc240b21 693 * the remote port number, and the local destination host:port.
694 * When a connection comes in, the server sends you back that
695 * host:port pair, and you connect to it. This is a ready-made
696 * security hole if you're not on the ball: a malicious server
697 * could send you back _any_ host:port pair, so if you trustingly
698 * connect to the address it gives you then you've just opened the
699 * entire inside of your corporate network just by connecting
700 * through it to a dodgy SSH server. Hence, we must store a list of
701 * host:port pairs we _are_ trying to forward to, and reject a
702 * connection request from the server if it's not in the list.
703 *
2e85c969 704 * In SSH-2, each side of the connection minds its own business and
bc240b21 705 * doesn't send unnecessary information to the other. You arrange a
706 * remote forwarding by sending the server just the remote port
707 * number. When a connection comes in, the server tells you which
708 * of its ports was connected to; and _you_ have to remember what
709 * local host:port pair went with that port number.
710 *
2e85c969 711 * Hence, in SSH-1 this structure is indexed by destination
712 * host:port pair, whereas in SSH-2 it is indexed by source port.
d74d141c 713 */
fda2feb1 714struct ssh_portfwd; /* forward declaration */
715
d74d141c 716struct ssh_rportfwd {
bc240b21 717 unsigned sport, dport;
718 char dhost[256];
06fadff5 719 char *sportdesc;
fda2feb1 720 struct ssh_portfwd *pfrec;
d74d141c 721};
fda2feb1 722#define free_rportfwd(pf) ( \
723 ((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) )
724
725/*
726 * Separately to the rportfwd tree (which is for looking up port
727 * open requests from the server), a tree of _these_ structures is
728 * used to keep track of all the currently open port forwardings,
729 * so that we can reconfigure in mid-session if the user requests
730 * it.
731 */
732struct ssh_portfwd {
84328ddb 733 enum { DESTROY, KEEP, CREATE } status;
fda2feb1 734 int type;
735 unsigned sport, dport;
736 char *saddr, *daddr;
3fe92132 737 char *sserv, *dserv;
fda2feb1 738 struct ssh_rportfwd *remote;
05581745 739 int addressfamily;
fda2feb1 740 void *local;
741};
742#define free_portfwd(pf) ( \
3fe92132 743 ((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr), \
744 sfree((pf)->sserv), sfree((pf)->dserv)) : (void)0 ), sfree(pf) )
d74d141c 745
57476f6b 746struct Packet {
dacd8872 747 long length; /* length of `data' actually used */
748 long forcepad; /* SSH-2: force padding to at least this length */
749 int type; /* only used for incoming packets */
750 unsigned long sequence; /* SSH-2 incoming sequence number */
751 unsigned char *data; /* allocated storage */
752 unsigned char *body; /* offset of payload within `data' */
753 long savedpos; /* temporary index into `data' (for strings) */
754 long maxlen; /* amount of storage allocated for `data' */
755 long encrypted_len; /* for SSH-2 total-size counting */
ff3187f6 756
757 /*
758 * State associated with packet logging
759 */
760 int logmode;
761 int nblanks;
762 struct logblank_t *blanks;
57476f6b 763};
764
1c1a7262 765static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
ff3187f6 766 struct Packet *pktin);
1c1a7262 767static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
ff3187f6 768 struct Packet *pktin);
b09eaa88 769static void ssh1_protocol_setup(Ssh ssh);
770static void ssh2_protocol_setup(Ssh ssh);
51470298 771static void ssh_size(void *handle, int width, int height);
772static void ssh_special(void *handle, Telnet_Special);
5471d09a 773static int ssh2_try_send(struct ssh_channel *c);
51470298 774static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len);
775static void ssh_throttle_all(Ssh ssh, int enable, int bufsize);
9fca3f8c 776static void ssh2_set_window(struct ssh_channel *c, int newwin);
51470298 777static int ssh_sendbuffer(void *handle);
ac934965 778static int ssh_do_close(Ssh ssh, int notify_exit);
ff3187f6 779static unsigned long ssh_pkt_getuint32(struct Packet *pkt);
780static int ssh2_pkt_getbool(struct Packet *pkt);
781static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length);
9442dd57 782static void ssh2_timer(void *ctx, long now);
0b106f61 783static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
784 struct Packet *pktin);
39d830e4 785static void ssh2_msg_unexpected(Ssh ssh, struct Packet *pktin);
57476f6b 786
51470298 787struct rdpkt1_state_tag {
57476f6b 788 long len, pad, biglen, to_read;
789 unsigned long realcrc, gotcrc;
790 unsigned char *p;
791 int i;
792 int chunk;
ff3187f6 793 struct Packet *pktin;
51470298 794};
57476f6b 795
51470298 796struct rdpkt2_state_tag {
960e736a 797 long len, pad, payload, packetlen, maclen;
798 int i;
799 int cipherblk;
800 unsigned long incoming_sequence;
ff3187f6 801 struct Packet *pktin;
51470298 802};
803
06fadff5 804struct queued_handler;
805struct queued_handler {
806 int msg1, msg2;
807 chandler_fn_t handler;
808 void *ctx;
809 struct queued_handler *next;
810};
b09eaa88 811
51470298 812struct ssh_tag {
813 const struct plug_function_table *fn;
814 /* the above field _must_ be first in the structure */
815
4320baf7 816 char *v_c, *v_s;
b672f405 817 void *exhash;
51470298 818
819 Socket s;
820
b9d7bcad 821 void *ldisc;
a8327734 822 void *logctx;
b9d7bcad 823
51470298 824 unsigned char session_key[32];
825 int v1_compressing;
826 int v1_remote_protoflags;
827 int v1_local_protoflags;
828 int agentfwd_enabled;
829 int X11_fwd_enabled;
830 int remote_bugs;
831 const struct ssh_cipher *cipher;
371e569c 832 void *v1_cipher_ctx;
0183b242 833 void *crcda_ctx;
51470298 834 const struct ssh2_cipher *cscipher, *sccipher;
371e569c 835 void *cs_cipher_ctx, *sc_cipher_ctx;
51470298 836 const struct ssh_mac *csmac, *scmac;
e0e1a00d 837 void *cs_mac_ctx, *sc_mac_ctx;
51470298 838 const struct ssh_compress *cscomp, *sccomp;
5366aed8 839 void *cs_comp_ctx, *sc_comp_ctx;
51470298 840 const struct ssh_kex *kex;
841 const struct ssh_signkey *hostkey;
754c0df9 842 unsigned char v2_session_id[SSH2_KEX_MAX_HASH_LEN];
b672f405 843 int v2_session_id_len;
27cd7fc2 844 void *kex_ctx;
51470298 845
846 char *savedhost;
847 int savedport;
848 int send_ok;
849 int echoing, editing;
850
851 void *frontend;
852
db219738 853 int ospeed, ispeed; /* temporaries */
51470298 854 int term_width, term_height;
855
856 tree234 *channels; /* indexed by local id */
857 struct ssh_channel *mainchan; /* primary session channel */
feb02b4e 858 int ncmode; /* is primary channel direct-tcpip? */
51470298 859 int exitcode;
ac934965 860 int close_expected;
9e296bfa 861 int clean_exit;
51470298 862
fda2feb1 863 tree234 *rportfwds, *portfwds;
51470298 864
865 enum {
866 SSH_STATE_PREPACKET,
867 SSH_STATE_BEFORE_SIZE,
868 SSH_STATE_INTERMED,
869 SSH_STATE_SESSION,
870 SSH_STATE_CLOSED
871 } state;
872
873 int size_needed, eof_needed;
bc06669b 874 int sent_console_eof;
4a202fc6 875 int got_pty; /* affects EOF behaviour on main channel */
51470298 876
590f6a5f 877 struct Packet **queue;
878 int queuelen, queuesize;
879 int queueing;
51470298 880 unsigned char *deferred_send_data;
881 int deferred_len, deferred_size;
882
883 /*
884 * Gross hack: pscp will try to start SFTP but fall back to
885 * scp1 if that fails. This variable is the means by which
886 * scp.c can reach into the SSH code and find out which one it
887 * got.
888 */
889 int fallback_cmd;
890
6bbce591 891 bufchain banner; /* accumulates banners during do_ssh2_authconn */
51470298 892
acab36bc 893 Pkt_KCtx pkt_kctx;
894 Pkt_ACtx pkt_actx;
51470298 895
8def70c3 896 struct X11Display *x11disp;
302121de 897
51470298 898 int version;
ff68564b 899 int conn_throttle_count;
51470298 900 int overall_bufsize;
901 int throttled_all;
902 int v1_stdout_throttling;
a8756193 903 unsigned long v2_outgoing_sequence;
51470298 904
905 int ssh1_rdpkt_crstate;
906 int ssh2_rdpkt_crstate;
51470298 907 int ssh_gotdata_crstate;
b09eaa88 908 int do_ssh1_connection_crstate;
51470298 909
910 void *do_ssh_init_state;
911 void *do_ssh1_login_state;
912 void *do_ssh2_transport_state;
913 void *do_ssh2_authconn_state;
914
915 struct rdpkt1_state_tag rdpkt1_state;
916 struct rdpkt2_state_tag rdpkt2_state;
917
2e85c969 918 /* SSH-1 and SSH-2 use this for different things, but both use it */
b09eaa88 919 int protocol_initial_phase_done;
920
1c1a7262 921 void (*protocol) (Ssh ssh, void *vin, int inlen,
ff3187f6 922 struct Packet *pkt);
923 struct Packet *(*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
86916870 924
925 /*
4a693cfc 926 * We maintain our own copy of a Conf structure here. That way,
927 * when we're passed a new one for reconfiguration, we can check
928 * the differences and potentially reconfigure port forwardings
929 * etc in mid-session.
86916870 930 */
4a693cfc 931 Conf *conf;
932
933 /*
934 * Values cached out of conf so as to avoid the tree234 lookup
935 * cost every time they're used.
936 */
937 int logomitdata;
938
939 /*
940 * Dynamically allocated username string created during SSH
941 * login. Stored in here rather than in the coroutine state so
942 * that it'll be reliably freed if we shut down the SSH session
943 * at some unexpected moment.
944 */
945 char *username;
839f10db 946
947 /*
3d9449a1 948 * Used to transfer data back from async callbacks.
839f10db 949 */
950 void *agent_response;
951 int agent_response_len;
3d9449a1 952 int user_response;
953
954 /*
955 * The SSH connection can be set as `frozen', meaning we are
956 * not currently accepting incoming data from the network. This
957 * is slightly more serious than setting the _socket_ as
958 * frozen, because we may already have had data passed to us
959 * from the network which we need to delay processing until
960 * after the freeze is lifted, so we also need a bufchain to
961 * store that data.
962 */
963 int frozen;
964 bufchain queued_incoming_data;
b09eaa88 965
966 /*
967 * Dispatch table for packet types that we may have to deal
968 * with at any time.
969 */
970 handler_fn_t packet_dispatch[256];
39934deb 971
972 /*
06fadff5 973 * Queues of one-off handler functions for success/failure
974 * indications from a request.
975 */
976 struct queued_handler *qhead, *qtail;
bc074147 977 handler_fn_t q_saved_handler1, q_saved_handler2;
06fadff5 978
979 /*
39934deb 980 * This module deals with sending keepalives.
981 */
982 Pinger pinger;
9442dd57 983
984 /*
985 * Track incoming and outgoing data sizes and time, for
986 * size-based rekeys.
987 */
988 unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
d57f70af 989 unsigned long max_data_size;
9442dd57 990 int kex_in_progress;
e6c1536e 991 long next_rekey, last_rekey;
e13bba36 992 char *deferred_rekey_reason; /* points to STATIC string; don't free */
42af6a67 993
994 /*
995 * Fully qualified host name, which we need if doing GSSAPI.
996 */
997 char *fullhostname;
1e00c92b 998
999#ifndef NO_GSSAPI
1000 /*
1001 * GSSAPI libraries for this session.
1002 */
1003 struct ssh_gss_liblist *gsslibs;
1004#endif
51470298 1005};
960e736a 1006
382908ad 1007#define logevent(s) logevent(ssh->frontend, s)
a8327734 1008
1009/* logevent, only printf-formatted. */
cbe2d68f 1010static void logeventf(Ssh ssh, const char *fmt, ...)
a8327734 1011{
1012 va_list ap;
57356d63 1013 char *buf;
a8327734 1014
1015 va_start(ap, fmt);
57356d63 1016 buf = dupvprintf(fmt, ap);
a8327734 1017 va_end(ap);
57356d63 1018 logevent(buf);
57356d63 1019 sfree(buf);
a8327734 1020}
1021
3976feca 1022static void bomb_out(Ssh ssh, char *text)
1023{
1024 ssh_do_close(ssh, FALSE);
1025 logevent(text);
1026 connection_fatal(ssh->frontend, "%s", text);
1027 sfree(text);
1028}
1029
1030#define bombout(msg) bomb_out(ssh, dupprintf msg)
a8327734 1031
9a10ecf4 1032/* Functions to leave bits out of the SSH packet log file. */
1033
ff3187f6 1034static void dont_log_password(Ssh ssh, struct Packet *pkt, int blanktype)
9a10ecf4 1035{
4a693cfc 1036 if (conf_get_int(ssh->conf, CONF_logomitpass))
ff3187f6 1037 pkt->logmode = blanktype;
9a10ecf4 1038}
1039
ff3187f6 1040static void dont_log_data(Ssh ssh, struct Packet *pkt, int blanktype)
9a10ecf4 1041{
4a693cfc 1042 if (ssh->logomitdata)
ff3187f6 1043 pkt->logmode = blanktype;
9a10ecf4 1044}
1045
ff3187f6 1046static void end_log_omission(Ssh ssh, struct Packet *pkt)
9a10ecf4 1047{
ff3187f6 1048 pkt->logmode = PKTLOG_EMIT;
9a10ecf4 1049}
1050
4a693cfc 1051/* Helper function for common bits of parsing ttymodes. */
1052static void parse_ttymodes(Ssh ssh,
c6ccd5c2 1053 void (*do_mode)(void *data, char *mode, char *val),
1054 void *data)
1055{
4a693cfc 1056 char *key, *val;
1057
1058 for (val = conf_get_str_strs(ssh->conf, CONF_ttymodes, NULL, &key);
1059 val != NULL;
1060 val = conf_get_str_strs(ssh->conf, CONF_ttymodes, key, &key)) {
1061 /*
1062 * val[0] is either 'V', indicating that an explicit value
1063 * follows it, or 'A' indicating that we should pass the
1064 * value through from the local environment via get_ttymode.
1065 */
ab7a09e5 1066 if (val[0] == 'A') {
4a693cfc 1067 val = get_ttymode(ssh->frontend, key);
ab7a09e5 1068 if (val) {
1069 do_mode(data, key, val);
1070 sfree(val);
1071 }
1072 } else
1073 do_mode(data, key, val + 1); /* skip the 'V' */
c6ccd5c2 1074 }
1075}
1076
32874aea 1077static int ssh_channelcmp(void *av, void *bv)
1078{
1079 struct ssh_channel *a = (struct ssh_channel *) av;
1080 struct ssh_channel *b = (struct ssh_channel *) bv;
1081 if (a->localid < b->localid)
1082 return -1;
1083 if (a->localid > b->localid)
1084 return +1;
dacbd0e8 1085 return 0;
1086}
32874aea 1087static int ssh_channelfind(void *av, void *bv)
1088{
1089 unsigned *a = (unsigned *) av;
1090 struct ssh_channel *b = (struct ssh_channel *) bv;
1091 if (*a < b->localid)
1092 return -1;
1093 if (*a > b->localid)
1094 return +1;
dacbd0e8 1095 return 0;
1096}
1097
bc240b21 1098static int ssh_rportcmp_ssh1(void *av, void *bv)
d74d141c 1099{
1100 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1101 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1102 int i;
bc240b21 1103 if ( (i = strcmp(a->dhost, b->dhost)) != 0)
d74d141c 1104 return i < 0 ? -1 : +1;
bc240b21 1105 if (a->dport > b->dport)
1106 return +1;
1107 if (a->dport < b->dport)
1108 return -1;
1109 return 0;
1110}
1111
1112static int ssh_rportcmp_ssh2(void *av, void *bv)
1113{
1114 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1115 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
cdcbdf3b 1116
bc240b21 1117 if (a->sport > b->sport)
d74d141c 1118 return +1;
bc240b21 1119 if (a->sport < b->sport)
1120 return -1;
d74d141c 1121 return 0;
1122}
1123
fda2feb1 1124/*
1125 * Special form of strcmp which can cope with NULL inputs. NULL is
1126 * defined to sort before even the empty string.
1127 */
1128static int nullstrcmp(const char *a, const char *b)
1129{
1130 if (a == NULL && b == NULL)
1131 return 0;
1132 if (a == NULL)
1133 return -1;
1134 if (b == NULL)
1135 return +1;
1136 return strcmp(a, b);
1137}
1138
1139static int ssh_portcmp(void *av, void *bv)
1140{
1141 struct ssh_portfwd *a = (struct ssh_portfwd *) av;
1142 struct ssh_portfwd *b = (struct ssh_portfwd *) bv;
1143 int i;
1144 if (a->type > b->type)
1145 return +1;
1146 if (a->type < b->type)
1147 return -1;
84328ddb 1148 if (a->addressfamily > b->addressfamily)
1149 return +1;
1150 if (a->addressfamily < b->addressfamily)
1151 return -1;
fda2feb1 1152 if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0)
1153 return i < 0 ? -1 : +1;
1154 if (a->sport > b->sport)
1155 return +1;
1156 if (a->sport < b->sport)
1157 return -1;
1158 if (a->type != 'D') {
1159 if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0)
1160 return i < 0 ? -1 : +1;
1161 if (a->dport > b->dport)
1162 return +1;
1163 if (a->dport < b->dport)
1164 return -1;
1165 }
1166 return 0;
1167}
1168
51470298 1169static int alloc_channel_id(Ssh ssh)
32874aea 1170{
260f3dec 1171 const unsigned CHANNEL_NUMBER_OFFSET = 256;
1172 unsigned low, high, mid;
d2371c81 1173 int tsize;
1174 struct ssh_channel *c;
1175
1176 /*
1177 * First-fit allocation of channel numbers: always pick the
1178 * lowest unused one. To do this, binary-search using the
1179 * counted B-tree to find the largest channel ID which is in a
1180 * contiguous sequence from the beginning. (Precisely
1181 * everything in that sequence must have ID equal to its tree
1182 * index plus CHANNEL_NUMBER_OFFSET.)
1183 */
51470298 1184 tsize = count234(ssh->channels);
d2371c81 1185
32874aea 1186 low = -1;
1187 high = tsize;
d2371c81 1188 while (high - low > 1) {
1189 mid = (high + low) / 2;
51470298 1190 c = index234(ssh->channels, mid);
d2371c81 1191 if (c->localid == mid + CHANNEL_NUMBER_OFFSET)
1192 low = mid; /* this one is fine */
1193 else
1194 high = mid; /* this one is past it */
1195 }
1196 /*
1197 * Now low points to either -1, or the tree index of the
1198 * largest ID in the initial sequence.
1199 */
1200 {
1201 unsigned i = low + 1 + CHANNEL_NUMBER_OFFSET;
51470298 1202 assert(NULL == find234(ssh->channels, &i, ssh_channelfind));
d2371c81 1203 }
1204 return low + 1 + CHANNEL_NUMBER_OFFSET;
1205}
1206
edd0cb8a 1207static void c_write_stderr(int trusted, const char *buf, int len)
1208{
1209 int i;
1210 for (i = 0; i < len; i++)
667deca9 1211 if (buf[i] != '\r' && (trusted || buf[i] == '\n' || (buf[i] & 0x60)))
edd0cb8a 1212 fputc(buf[i], stderr);
1213}
1214
9fab77dc 1215static void c_write(Ssh ssh, const char *buf, int len)
32874aea 1216{
edd0cb8a 1217 if (flags & FLAG_STDERR)
1218 c_write_stderr(1, buf, len);
1219 else
1220 from_backend(ssh->frontend, 1, buf, len);
3bdaf79d 1221}
1222
9fab77dc 1223static void c_write_untrusted(Ssh ssh, const char *buf, int len)
32874aea 1224{
edd0cb8a 1225 if (flags & FLAG_STDERR)
1226 c_write_stderr(0, buf, len);
1227 else
1228 from_backend_untrusted(ssh->frontend, buf, len);
a209e957 1229}
1230
9fab77dc 1231static void c_write_str(Ssh ssh, const char *buf)
32874aea 1232{
51470298 1233 c_write(ssh, buf, strlen(buf));
1408a877 1234}
1235
ff3187f6 1236static void ssh_free_packet(struct Packet *pkt)
1237{
1238 sfree(pkt->data);
1239 sfree(pkt);
1240}
1241static struct Packet *ssh_new_packet(void)
1242{
1243 struct Packet *pkt = snew(struct Packet);
1244
dacd8872 1245 pkt->body = pkt->data = NULL;
ff3187f6 1246 pkt->maxlen = 0;
1247 pkt->logmode = PKTLOG_EMIT;
1248 pkt->nblanks = 0;
1249 pkt->blanks = NULL;
1250
1251 return pkt;
1252}
1253
fb09bf1c 1254/*
1255 * Collect incoming data in the incoming packet buffer.
e5574168 1256 * Decipher and verify the packet when it is completely read.
1257 * Drop SSH1_MSG_DEBUG and SSH1_MSG_IGNORE packets.
fb09bf1c 1258 * Update the *data and *datalen variables.
ff3187f6 1259 * Return a Packet structure when a packet is completed.
fb09bf1c 1260 */
ff3187f6 1261static struct Packet *ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
fb09bf1c 1262{
51470298 1263 struct rdpkt1_state_tag *st = &ssh->rdpkt1_state;
374330e2 1264
51470298 1265 crBegin(ssh->ssh1_rdpkt_crstate);
374330e2 1266
ff3187f6 1267 st->pktin = ssh_new_packet();
1268
1269 st->pktin->type = 0;
1270 st->pktin->length = 0;
374330e2 1271
57476f6b 1272 for (st->i = st->len = 0; st->i < 4; st->i++) {
fb09bf1c 1273 while ((*datalen) == 0)
ff3187f6 1274 crReturn(NULL);
57476f6b 1275 st->len = (st->len << 8) + **data;
fb09bf1c 1276 (*data)++, (*datalen)--;
1277 }
374330e2 1278
57476f6b 1279 st->pad = 8 - (st->len % 8);
1280 st->biglen = st->len + st->pad;
ff3187f6 1281 st->pktin->length = st->len - 5;
fb09bf1c 1282
ae0500e5 1283 if (st->biglen < 0) {
1284 bombout(("Extremely large packet length from server suggests"
1285 " data stream corruption"));
ff3187f6 1286 ssh_free_packet(st->pktin);
1287 crStop(NULL);
ae0500e5 1288 }
1289
ff3187f6 1290 st->pktin->maxlen = st->biglen;
1291 st->pktin->data = snewn(st->biglen + APIEXTRA, unsigned char);
374330e2 1292
57476f6b 1293 st->to_read = st->biglen;
ff3187f6 1294 st->p = st->pktin->data;
57476f6b 1295 while (st->to_read > 0) {
32874aea 1296 st->chunk = st->to_read;
fb09bf1c 1297 while ((*datalen) == 0)
ff3187f6 1298 crReturn(NULL);
57476f6b 1299 if (st->chunk > (*datalen))
1300 st->chunk = (*datalen);
1301 memcpy(st->p, *data, st->chunk);
1302 *data += st->chunk;
1303 *datalen -= st->chunk;
1304 st->p += st->chunk;
1305 st->to_read -= st->chunk;
fb09bf1c 1306 }
374330e2 1307
ff3187f6 1308 if (ssh->cipher && detect_attack(ssh->crcda_ctx, st->pktin->data,
0183b242 1309 st->biglen, NULL)) {
6b5cf8b4 1310 bombout(("Network attack (CRC compensation) detected!"));
ff3187f6 1311 ssh_free_packet(st->pktin);
1312 crStop(NULL);
9a3a93a5 1313 }
1314
51470298 1315 if (ssh->cipher)
ff3187f6 1316 ssh->cipher->decrypt(ssh->v1_cipher_ctx, st->pktin->data, st->biglen);
374330e2 1317
ff3187f6 1318 st->realcrc = crc32_compute(st->pktin->data, st->biglen - 4);
1319 st->gotcrc = GET_32BIT(st->pktin->data + st->biglen - 4);
57476f6b 1320 if (st->gotcrc != st->realcrc) {
6b5cf8b4 1321 bombout(("Incorrect CRC received on packet"));
ff3187f6 1322 ssh_free_packet(st->pktin);
1323 crStop(NULL);
fb09bf1c 1324 }
572f871e 1325
ff3187f6 1326 st->pktin->body = st->pktin->data + st->pad + 1;
1327 st->pktin->savedpos = 0;
4ba9b64b 1328
51470298 1329 if (ssh->v1_compressing) {
4ba9b64b 1330 unsigned char *decompblk;
1331 int decomplen;
36b8d9bb 1332 if (!zlib_decompress_block(ssh->sc_comp_ctx,
ff3187f6 1333 st->pktin->body - 1, st->pktin->length + 1,
36b8d9bb 1334 &decompblk, &decomplen)) {
1335 bombout(("Zlib decompression encountered invalid data"));
ff3187f6 1336 ssh_free_packet(st->pktin);
1337 crStop(NULL);
36b8d9bb 1338 }
4ba9b64b 1339
ff3187f6 1340 if (st->pktin->maxlen < st->pad + decomplen) {
1341 st->pktin->maxlen = st->pad + decomplen;
1342 st->pktin->data = sresize(st->pktin->data,
1343 st->pktin->maxlen + APIEXTRA,
3d88e64d 1344 unsigned char);
ff3187f6 1345 st->pktin->body = st->pktin->data + st->pad + 1;
4ba9b64b 1346 }
1347
ff3187f6 1348 memcpy(st->pktin->body - 1, decompblk, decomplen);
dcbde236 1349 sfree(decompblk);
ff3187f6 1350 st->pktin->length = decomplen - 1;
4ba9b64b 1351 }
1352
ff3187f6 1353 st->pktin->type = st->pktin->body[-1];
00db133f 1354
9a10ecf4 1355 /*
1356 * Log incoming packet, possibly omitting sensitive fields.
1357 */
1358 if (ssh->logctx) {
1359 int nblanks = 0;
1360 struct logblank_t blank;
4a693cfc 1361 if (ssh->logomitdata) {
9a10ecf4 1362 int do_blank = FALSE, blank_prefix = 0;
1363 /* "Session data" packets - omit the data field */
ff3187f6 1364 if ((st->pktin->type == SSH1_SMSG_STDOUT_DATA) ||
1365 (st->pktin->type == SSH1_SMSG_STDERR_DATA)) {
9a10ecf4 1366 do_blank = TRUE; blank_prefix = 4;
a2724fba 1367 } else if (st->pktin->type == SSH1_MSG_CHANNEL_DATA) {
1368 do_blank = TRUE; blank_prefix = 8;
9a10ecf4 1369 }
1370 if (do_blank) {
1371 blank.offset = blank_prefix;
ff3187f6 1372 blank.len = st->pktin->length;
9a10ecf4 1373 blank.type = PKTLOG_OMIT;
1374 nblanks = 1;
1375 }
1376 }
a8327734 1377 log_packet(ssh->logctx,
ff3187f6 1378 PKT_INCOMING, st->pktin->type,
1379 ssh1_pkt_type(st->pktin->type),
1380 st->pktin->body, st->pktin->length,
0d13bfcd 1381 nblanks, &blank, NULL);
9a10ecf4 1382 }
00db133f 1383
ff3187f6 1384 crFinish(st->pktin);
fb09bf1c 1385}
1386
ff3187f6 1387static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
e5574168 1388{
51470298 1389 struct rdpkt2_state_tag *st = &ssh->rdpkt2_state;
e5574168 1390
51470298 1391 crBegin(ssh->ssh2_rdpkt_crstate);
e5574168 1392
ff3187f6 1393 st->pktin = ssh_new_packet();
1394
1395 st->pktin->type = 0;
1396 st->pktin->length = 0;
51470298 1397 if (ssh->sccipher)
1398 st->cipherblk = ssh->sccipher->blksize;
e5574168 1399 else
32874aea 1400 st->cipherblk = 8;
960e736a 1401 if (st->cipherblk < 8)
32874aea 1402 st->cipherblk = 8;
9916cc1e 1403 st->maclen = ssh->scmac ? ssh->scmac->len : 0;
960e736a 1404
9916cc1e 1405 if (ssh->sccipher && (ssh->sccipher->flags & SSH_CIPHER_IS_CBC) &&
1406 ssh->scmac) {
1407 /*
1408 * When dealing with a CBC-mode cipher, we want to avoid the
1409 * possibility of an attacker's tweaking the ciphertext stream
1410 * so as to cause us to feed the same block to the block
1411 * cipher more than once and thus leak information
1412 * (VU#958563). The way we do this is not to take any
1413 * decisions on the basis of anything we've decrypted until
1414 * we've verified it with a MAC. That includes the packet
1415 * length, so we just read data and check the MAC repeatedly,
1416 * and when the MAC passes, see if the length we've got is
1417 * plausible.
1418 */
1419
1420 /* May as well allocate the whole lot now. */
1421 st->pktin->data = snewn(OUR_V2_PACKETLIMIT + st->maclen + APIEXTRA,
1422 unsigned char);
1423
1424 /* Read an amount corresponding to the MAC. */
1425 for (st->i = 0; st->i < st->maclen; st->i++) {
1426 while ((*datalen) == 0)
1427 crReturn(NULL);
1428 st->pktin->data[st->i] = *(*data)++;
1429 (*datalen)--;
1430 }
e5574168 1431
9916cc1e 1432 st->packetlen = 0;
1433 {
1434 unsigned char seq[4];
1435 ssh->scmac->start(ssh->sc_mac_ctx);
1436 PUT_32BIT(seq, st->incoming_sequence);
1437 ssh->scmac->bytes(ssh->sc_mac_ctx, seq, 4);
1438 }
4252c9cc 1439
9916cc1e 1440 for (;;) { /* Once around this loop per cipher block. */
1441 /* Read another cipher-block's worth, and tack it onto the end. */
1442 for (st->i = 0; st->i < st->cipherblk; st->i++) {
1443 while ((*datalen) == 0)
1444 crReturn(NULL);
1445 st->pktin->data[st->packetlen+st->maclen+st->i] = *(*data)++;
1446 (*datalen)--;
1447 }
1448 /* Decrypt one more block (a little further back in the stream). */
1449 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1450 st->pktin->data + st->packetlen,
1451 st->cipherblk);
1452 /* Feed that block to the MAC. */
1453 ssh->scmac->bytes(ssh->sc_mac_ctx,
1454 st->pktin->data + st->packetlen, st->cipherblk);
1455 st->packetlen += st->cipherblk;
1456 /* See if that gives us a valid packet. */
1457 if (ssh->scmac->verresult(ssh->sc_mac_ctx,
1458 st->pktin->data + st->packetlen) &&
1459 (st->len = GET_32BIT(st->pktin->data)) + 4 == st->packetlen)
1460 break;
1461 if (st->packetlen >= OUR_V2_PACKETLIMIT) {
1462 bombout(("No valid incoming packet found"));
1463 ssh_free_packet(st->pktin);
1464 crStop(NULL);
1465 }
1466 }
1467 st->pktin->maxlen = st->packetlen + st->maclen;
1468 st->pktin->data = sresize(st->pktin->data,
1469 st->pktin->maxlen + APIEXTRA,
1470 unsigned char);
1471 } else {
1472 st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char);
1473
1474 /*
1475 * Acquire and decrypt the first block of the packet. This will
1476 * contain the length and padding details.
1477 */
1478 for (st->i = st->len = 0; st->i < st->cipherblk; st->i++) {
1479 while ((*datalen) == 0)
1480 crReturn(NULL);
1481 st->pktin->data[st->i] = *(*data)++;
1482 (*datalen)--;
1483 }
e5574168 1484
9916cc1e 1485 if (ssh->sccipher)
1486 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1487 st->pktin->data, st->cipherblk);
1488
1489 /*
1490 * Now get the length figure.
1491 */
1492 st->len = GET_32BIT(st->pktin->data);
1493
1494 /*
1495 * _Completely_ silly lengths should be stomped on before they
1496 * do us any more damage.
1497 */
1498 if (st->len < 0 || st->len > OUR_V2_PACKETLIMIT ||
1499 (st->len + 4) % st->cipherblk != 0) {
1500 bombout(("Incoming packet was garbled on decryption"));
1501 ssh_free_packet(st->pktin);
1502 crStop(NULL);
1503 }
e5574168 1504
9916cc1e 1505 /*
1506 * So now we can work out the total packet length.
1507 */
1508 st->packetlen = st->len + 4;
1509
1510 /*
1511 * Allocate memory for the rest of the packet.
1512 */
1513 st->pktin->maxlen = st->packetlen + st->maclen;
1514 st->pktin->data = sresize(st->pktin->data,
1515 st->pktin->maxlen + APIEXTRA,
1516 unsigned char);
1517
1518 /*
1519 * Read and decrypt the remainder of the packet.
1520 */
1521 for (st->i = st->cipherblk; st->i < st->packetlen + st->maclen;
1522 st->i++) {
1523 while ((*datalen) == 0)
1524 crReturn(NULL);
1525 st->pktin->data[st->i] = *(*data)++;
1526 (*datalen)--;
1527 }
1528 /* Decrypt everything _except_ the MAC. */
1529 if (ssh->sccipher)
1530 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1531 st->pktin->data + st->cipherblk,
1532 st->packetlen - st->cipherblk);
1533
1534 /*
1535 * Check the MAC.
1536 */
1537 if (ssh->scmac
1538 && !ssh->scmac->verify(ssh->sc_mac_ctx, st->pktin->data,
1539 st->len + 4, st->incoming_sequence)) {
1540 bombout(("Incorrect MAC received on packet"));
1541 ssh_free_packet(st->pktin);
1542 crStop(NULL);
1543 }
1544 }
1545 /* Get and sanity-check the amount of random padding. */
1546 st->pad = st->pktin->data[4];
1547 if (st->pad < 4 || st->len - st->pad < 1) {
1548 bombout(("Invalid padding length on received packet"));
ff3187f6 1549 ssh_free_packet(st->pktin);
1550 crStop(NULL);
717dc483 1551 }
717dc483 1552 /*
e5574168 1553 * This enables us to deduce the payload length.
1554 */
960e736a 1555 st->payload = st->len - st->pad - 1;
e5574168 1556
ff3187f6 1557 st->pktin->length = st->payload + 5;
9442dd57 1558 st->pktin->encrypted_len = st->packetlen;
1559
b09eaa88 1560 st->pktin->sequence = st->incoming_sequence++;
e5574168 1561
4ba9b64b 1562 /*
1563 * Decompress packet payload.
1564 */
1565 {
1566 unsigned char *newpayload;
1567 int newlen;
51470298 1568 if (ssh->sccomp &&
5366aed8 1569 ssh->sccomp->decompress(ssh->sc_comp_ctx,
ff3187f6 1570 st->pktin->data + 5, st->pktin->length - 5,
51470298 1571 &newpayload, &newlen)) {
ff3187f6 1572 if (st->pktin->maxlen < newlen + 5) {
1573 st->pktin->maxlen = newlen + 5;
1574 st->pktin->data = sresize(st->pktin->data,
1575 st->pktin->maxlen + APIEXTRA,
3d88e64d 1576 unsigned char);
4ba9b64b 1577 }
ff3187f6 1578 st->pktin->length = 5 + newlen;
1579 memcpy(st->pktin->data + 5, newpayload, newlen);
dcbde236 1580 sfree(newpayload);
4ba9b64b 1581 }
1582 }
1583
ff3187f6 1584 st->pktin->savedpos = 6;
1585 st->pktin->body = st->pktin->data;
1586 st->pktin->type = st->pktin->data[5];
e5574168 1587
9a10ecf4 1588 /*
1589 * Log incoming packet, possibly omitting sensitive fields.
1590 */
1591 if (ssh->logctx) {
1592 int nblanks = 0;
1593 struct logblank_t blank;
4a693cfc 1594 if (ssh->logomitdata) {
9a10ecf4 1595 int do_blank = FALSE, blank_prefix = 0;
1596 /* "Session data" packets - omit the data field */
ff3187f6 1597 if (st->pktin->type == SSH2_MSG_CHANNEL_DATA) {
9a10ecf4 1598 do_blank = TRUE; blank_prefix = 8;
a2724fba 1599 } else if (st->pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA) {
1600 do_blank = TRUE; blank_prefix = 12;
9a10ecf4 1601 }
1602 if (do_blank) {
1603 blank.offset = blank_prefix;
ff3187f6 1604 blank.len = (st->pktin->length-6) - blank_prefix;
9a10ecf4 1605 blank.type = PKTLOG_OMIT;
1606 nblanks = 1;
1607 }
1608 }
ff3187f6 1609 log_packet(ssh->logctx, PKT_INCOMING, st->pktin->type,
acab36bc 1610 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
1611 st->pktin->type),
ff3187f6 1612 st->pktin->data+6, st->pktin->length-6,
0d13bfcd 1613 nblanks, &blank, &st->pktin->sequence);
9a10ecf4 1614 }
00db133f 1615
ff3187f6 1616 crFinish(st->pktin);
e5574168 1617}
1618
dacd8872 1619static int s_wrpkt_prepare(Ssh ssh, struct Packet *pkt, int *offset_p)
32874aea 1620{
dacd8872 1621 int pad, biglen, i, pktoffs;
374330e2 1622 unsigned long crc;
fd7a4aad 1623#ifdef __SC__
1624 /*
1625 * XXX various versions of SC (including 8.8.4) screw up the
1626 * register allocation in this function and use the same register
1627 * (D6) for len and as a temporary, with predictable results. The
1628 * following sledgehammer prevents this.
1629 */
1630 volatile
1631#endif
1632 int len;
374330e2 1633
a8327734 1634 if (ssh->logctx)
dacd8872 1635 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[12],
1636 ssh1_pkt_type(pkt->data[12]),
1637 pkt->body, pkt->length - (pkt->body - pkt->data),
0d13bfcd 1638 pkt->nblanks, pkt->blanks, NULL);
ff3187f6 1639 sfree(pkt->blanks); pkt->blanks = NULL;
1640 pkt->nblanks = 0;
00db133f 1641
51470298 1642 if (ssh->v1_compressing) {
4ba9b64b 1643 unsigned char *compblk;
1644 int complen;
5366aed8 1645 zlib_compress_block(ssh->cs_comp_ctx,
dacd8872 1646 pkt->data + 12, pkt->length - 12,
4ba9b64b 1647 &compblk, &complen);
48406e6b 1648 ssh_pkt_ensure(pkt, complen + 2); /* just in case it's got bigger */
dacd8872 1649 memcpy(pkt->data + 12, compblk, complen);
dcbde236 1650 sfree(compblk);
dacd8872 1651 pkt->length = complen + 12;
4ba9b64b 1652 }
1653
dacd8872 1654 ssh_pkt_ensure(pkt, pkt->length + 4); /* space for CRC */
1655 pkt->length += 4;
1656 len = pkt->length - 4 - 8; /* len(type+data+CRC) */
32874aea 1657 pad = 8 - (len % 8);
dacd8872 1658 pktoffs = 8 - pad;
1659 biglen = len + pad; /* len(padding+type+data+CRC) */
374330e2 1660
dacd8872 1661 for (i = pktoffs; i < 4+8; i++)
1662 pkt->data[i] = random_byte();
1663 crc = crc32_compute(pkt->data + pktoffs + 4, biglen - 4); /* all ex len */
1664 PUT_32BIT(pkt->data + pktoffs + 4 + biglen - 4, crc);
1665 PUT_32BIT(pkt->data + pktoffs, len);
374330e2 1666
51470298 1667 if (ssh->cipher)
dacd8872 1668 ssh->cipher->encrypt(ssh->v1_cipher_ctx,
1669 pkt->data + pktoffs + 4, biglen);
374330e2 1670
dacd8872 1671 if (offset_p) *offset_p = pktoffs;
1672 return biglen + 4; /* len(length+padding+type+data+CRC) */
39065bed 1673}
1674
bf8a49a1 1675static int s_write(Ssh ssh, void *data, int len)
1676{
ff05dfef 1677 if (ssh->logctx)
0d13bfcd 1678 log_packet(ssh->logctx, PKT_OUTGOING, -1, NULL, data, len,
1679 0, NULL, NULL);
bf8a49a1 1680 return sk_write(ssh->s, (char *)data, len);
1681}
1682
ff3187f6 1683static void s_wrpkt(Ssh ssh, struct Packet *pkt)
32874aea 1684{
dacd8872 1685 int len, backlog, offset;
1686 len = s_wrpkt_prepare(ssh, pkt, &offset);
bf8a49a1 1687 backlog = s_write(ssh, pkt->data + offset, len);
5471d09a 1688 if (backlog > SSH_MAX_BACKLOG)
51470298 1689 ssh_throttle_all(ssh, 1, backlog);
dacd8872 1690 ssh_free_packet(pkt);
39065bed 1691}
1692
ff3187f6 1693static void s_wrpkt_defer(Ssh ssh, struct Packet *pkt)
32874aea 1694{
dacd8872 1695 int len, offset;
1696 len = s_wrpkt_prepare(ssh, pkt, &offset);
51470298 1697 if (ssh->deferred_len + len > ssh->deferred_size) {
1698 ssh->deferred_size = ssh->deferred_len + len + 128;
3d88e64d 1699 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
1700 ssh->deferred_size,
1701 unsigned char);
39065bed 1702 }
dacd8872 1703 memcpy(ssh->deferred_send_data + ssh->deferred_len,
1704 pkt->data + offset, len);
51470298 1705 ssh->deferred_len += len;
dacd8872 1706 ssh_free_packet(pkt);
374330e2 1707}
1708
fb09bf1c 1709/*
dacd8872 1710 * Construct a SSH-1 packet with the specified contents.
1711 * (This all-at-once interface used to be the only one, but now SSH-1
1712 * packets can also be constructed incrementally.)
fb09bf1c 1713 */
dacd8872 1714static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
fb09bf1c 1715{
dacd8872 1716 int argtype;
7cca0d81 1717 Bignum bn;
ff3187f6 1718 struct Packet *pkt;
fb09bf1c 1719
dacd8872 1720 pkt = ssh1_pkt_init(pkttype);
fb09bf1c 1721
dacd8872 1722 while ((argtype = va_arg(ap, int)) != PKT_END) {
1723 unsigned char *argp, argchar;
8a9977e5 1724 char *sargp;
dacd8872 1725 unsigned long argint;
1726 int arglen;
fb09bf1c 1727 switch (argtype) {
9a10ecf4 1728 /* Actual fields in the packet */
fb09bf1c 1729 case PKT_INT:
dacd8872 1730 argint = va_arg(ap, int);
1731 ssh_pkt_adduint32(pkt, argint);
fb09bf1c 1732 break;
1733 case PKT_CHAR:
dacd8872 1734 argchar = (unsigned char) va_arg(ap, int);
1735 ssh_pkt_addbyte(pkt, argchar);
fb09bf1c 1736 break;
1737 case PKT_DATA:
dacd8872 1738 argp = va_arg(ap, unsigned char *);
1739 arglen = va_arg(ap, int);
1740 ssh_pkt_adddata(pkt, argp, arglen);
fb09bf1c 1741 break;
1742 case PKT_STR:
8a9977e5 1743 sargp = va_arg(ap, char *);
1744 ssh_pkt_addstring(pkt, sargp);
fb09bf1c 1745 break;
7cca0d81 1746 case PKT_BIGNUM:
dacd8872 1747 bn = va_arg(ap, Bignum);
1748 ssh1_pkt_addmp(pkt, bn);
9a10ecf4 1749 break;
1750 /* Tokens for modifications to packet logging */
1751 case PKTT_PASSWORD:
ff3187f6 1752 dont_log_password(ssh, pkt, PKTLOG_BLANK);
9a10ecf4 1753 break;
1754 case PKTT_DATA:
ff3187f6 1755 dont_log_data(ssh, pkt, PKTLOG_OMIT);
7cca0d81 1756 break;
9a10ecf4 1757 case PKTT_OTHER:
ff3187f6 1758 end_log_omission(ssh, pkt);
9a10ecf4 1759 break;
1760 }
fb09bf1c 1761 }
ff3187f6 1762
1763 return pkt;
39065bed 1764}
fb09bf1c 1765
51470298 1766static void send_packet(Ssh ssh, int pkttype, ...)
32874aea 1767{
ff3187f6 1768 struct Packet *pkt;
dacd8872 1769 va_list ap;
1770 va_start(ap, pkttype);
1771 pkt = construct_packet(ssh, pkttype, ap);
1772 va_end(ap);
ff3187f6 1773 s_wrpkt(ssh, pkt);
fb09bf1c 1774}
1775
51470298 1776static void defer_packet(Ssh ssh, int pkttype, ...)
32874aea 1777{
ff3187f6 1778 struct Packet *pkt;
dacd8872 1779 va_list ap;
1780 va_start(ap, pkttype);
1781 pkt = construct_packet(ssh, pkttype, ap);
1782 va_end(ap);
ff3187f6 1783 s_wrpkt_defer(ssh, pkt);
39065bed 1784}
1785
32874aea 1786static int ssh_versioncmp(char *a, char *b)
1787{
9697bfd2 1788 char *ae, *be;
1789 unsigned long av, bv;
1790
43aa02a7 1791 av = strtoul(a, &ae, 10);
1792 bv = strtoul(b, &be, 10);
32874aea 1793 if (av != bv)
1794 return (av < bv ? -1 : +1);
1795 if (*ae == '.')
1796 ae++;
1797 if (*be == '.')
1798 be++;
43aa02a7 1799 av = strtoul(ae, &ae, 10);
1800 bv = strtoul(be, &be, 10);
32874aea 1801 if (av != bv)
1802 return (av < bv ? -1 : +1);
9697bfd2 1803 return 0;
1804}
1805
e5574168 1806/*
a92dd380 1807 * Utility routines for putting an SSH-protocol `string' and
b672f405 1808 * `uint32' into a hash state.
e5574168 1809 */
b672f405 1810static void hash_string(const struct ssh_hash *h, void *s, void *str, int len)
32874aea 1811{
e5574168 1812 unsigned char lenblk[4];
e5574168 1813 PUT_32BIT(lenblk, len);
b672f405 1814 h->bytes(s, lenblk, 4);
1815 h->bytes(s, str, len);
e5574168 1816}
1817
b672f405 1818static void hash_uint32(const struct ssh_hash *h, void *s, unsigned i)
32874aea 1819{
a92dd380 1820 unsigned char intblk[4];
1821 PUT_32BIT(intblk, i);
b672f405 1822 h->bytes(s, intblk, 4);
a92dd380 1823}
1824
7cca0d81 1825/*
dacd8872 1826 * Packet construction functions. Mostly shared between SSH-1 and SSH-2.
7cca0d81 1827 */
dacd8872 1828static void ssh_pkt_ensure(struct Packet *pkt, int length)
32874aea 1829{
ff3187f6 1830 if (pkt->maxlen < length) {
dacd8872 1831 unsigned char *body = pkt->body;
3d71de0b 1832 int offset = body ? body - pkt->data : 0;
ff3187f6 1833 pkt->maxlen = length + 256;
1834 pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char);
dacd8872 1835 if (body) pkt->body = pkt->data + offset;
7cca0d81 1836 }
783415f8 1837}
dacd8872 1838static void ssh_pkt_adddata(struct Packet *pkt, void *data, int len)
32874aea 1839{
ff3187f6 1840 if (pkt->logmode != PKTLOG_EMIT) {
1841 pkt->nblanks++;
1842 pkt->blanks = sresize(pkt->blanks, pkt->nblanks, struct logblank_t);
dacd8872 1843 assert(pkt->body);
1844 pkt->blanks[pkt->nblanks-1].offset = pkt->length -
1845 (pkt->body - pkt->data);
ff3187f6 1846 pkt->blanks[pkt->nblanks-1].len = len;
1847 pkt->blanks[pkt->nblanks-1].type = pkt->logmode;
1848 }
1849 pkt->length += len;
dacd8872 1850 ssh_pkt_ensure(pkt, pkt->length);
ff3187f6 1851 memcpy(pkt->data + pkt->length - len, data, len);
7cca0d81 1852}
dacd8872 1853static void ssh_pkt_addbyte(struct Packet *pkt, unsigned char byte)
32874aea 1854{
dacd8872 1855 ssh_pkt_adddata(pkt, &byte, 1);
7cca0d81 1856}
ff3187f6 1857static void ssh2_pkt_addbool(struct Packet *pkt, unsigned char value)
32874aea 1858{
dacd8872 1859 ssh_pkt_adddata(pkt, &value, 1);
7cca0d81 1860}
dacd8872 1861static void ssh_pkt_adduint32(struct Packet *pkt, unsigned long value)
32874aea 1862{
7cca0d81 1863 unsigned char x[4];
1864 PUT_32BIT(x, value);
dacd8872 1865 ssh_pkt_adddata(pkt, x, 4);
7cca0d81 1866}
dacd8872 1867static void ssh_pkt_addstring_start(struct Packet *pkt)
32874aea 1868{
dacd8872 1869 ssh_pkt_adduint32(pkt, 0);
ff3187f6 1870 pkt->savedpos = pkt->length;
7cca0d81 1871}
dacd8872 1872static void ssh_pkt_addstring_str(struct Packet *pkt, char *data)
32874aea 1873{
dacd8872 1874 ssh_pkt_adddata(pkt, data, strlen(data));
ff3187f6 1875 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
7cca0d81 1876}
dacd8872 1877static void ssh_pkt_addstring_data(struct Packet *pkt, char *data, int len)
32874aea 1878{
dacd8872 1879 ssh_pkt_adddata(pkt, data, len);
ff3187f6 1880 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
7cca0d81 1881}
dacd8872 1882static void ssh_pkt_addstring(struct Packet *pkt, char *data)
1883{
1884 ssh_pkt_addstring_start(pkt);
1885 ssh_pkt_addstring_str(pkt, data);
1886}
1887static void ssh1_pkt_addmp(struct Packet *pkt, Bignum b)
32874aea 1888{
dacd8872 1889 int len = ssh1_bignum_length(b);
8a9977e5 1890 unsigned char *data = snewn(len, unsigned char);
dacd8872 1891 (void) ssh1_write_bignum(data, b);
1892 ssh_pkt_adddata(pkt, data, len);
1893 sfree(data);
7cca0d81 1894}
d8baa528 1895static unsigned char *ssh2_mpint_fmt(Bignum b, int *len)
32874aea 1896{
7cca0d81 1897 unsigned char *p;
32874aea 1898 int i, n = (bignum_bitcount(b) + 7) / 8;
3d88e64d 1899 p = snewn(n + 1, unsigned char);
7cca0d81 1900 p[0] = 0;
3709bfe9 1901 for (i = 1; i <= n; i++)
32874aea 1902 p[i] = bignum_byte(b, n - i);
7cca0d81 1903 i = 0;
32874aea 1904 while (i <= n && p[i] == 0 && (p[i + 1] & 0x80) == 0)
1905 i++;
1906 memmove(p, p + i, n + 1 - i);
1907 *len = n + 1 - i;
7cca0d81 1908 return p;
1909}
ff3187f6 1910static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
32874aea 1911{
7cca0d81 1912 unsigned char *p;
1913 int len;
1914 p = ssh2_mpint_fmt(b, &len);
dacd8872 1915 ssh_pkt_addstring_start(pkt);
1916 ssh_pkt_addstring_data(pkt, (char *)p, len);
dcbde236 1917 sfree(p);
7cca0d81 1918}
b185170a 1919
dacd8872 1920static struct Packet *ssh1_pkt_init(int pkt_type)
1921{
1922 struct Packet *pkt = ssh_new_packet();
1923 pkt->length = 4 + 8; /* space for length + max padding */
1924 ssh_pkt_addbyte(pkt, pkt_type);
1925 pkt->body = pkt->data + pkt->length;
1926 return pkt;
1927}
1928
1929/* For legacy code (SSH-1 and -2 packet construction used to be separate) */
1930#define ssh2_pkt_ensure(pkt, length) ssh_pkt_ensure(pkt, length)
1931#define ssh2_pkt_adddata(pkt, data, len) ssh_pkt_adddata(pkt, data, len)
1932#define ssh2_pkt_addbyte(pkt, byte) ssh_pkt_addbyte(pkt, byte)
1933#define ssh2_pkt_adduint32(pkt, value) ssh_pkt_adduint32(pkt, value)
1934#define ssh2_pkt_addstring_start(pkt) ssh_pkt_addstring_start(pkt)
1935#define ssh2_pkt_addstring_str(pkt, data) ssh_pkt_addstring_str(pkt, data)
1936#define ssh2_pkt_addstring_data(pkt, data, len) ssh_pkt_addstring_data(pkt, data, len)
1937#define ssh2_pkt_addstring(pkt, data) ssh_pkt_addstring(pkt, data)
1938
1939static struct Packet *ssh2_pkt_init(int pkt_type)
1940{
1941 struct Packet *pkt = ssh_new_packet();
3d71de0b 1942 pkt->length = 5; /* space for packet length + padding length */
dacd8872 1943 pkt->forcepad = 0;
1944 ssh_pkt_addbyte(pkt, (unsigned char) pkt_type);
3d71de0b 1945 pkt->body = pkt->data + pkt->length; /* after packet type */
dacd8872 1946 return pkt;
1947}
1948
b185170a 1949/*
2e85c969 1950 * Construct an SSH-2 final-form packet: compress it, encrypt it,
b185170a 1951 * put the MAC on it. Final packet, ready to be sent, is stored in
ff3187f6 1952 * pkt->data. Total length is returned.
b185170a 1953 */
ff3187f6 1954static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
32874aea 1955{
7cca0d81 1956 int cipherblk, maclen, padding, i;
7cca0d81 1957
a8327734 1958 if (ssh->logctx)
ff3187f6 1959 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[5],
acab36bc 1960 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx, pkt->data[5]),
dacd8872 1961 pkt->body, pkt->length - (pkt->body - pkt->data),
0d13bfcd 1962 pkt->nblanks, pkt->blanks, &ssh->v2_outgoing_sequence);
ff3187f6 1963 sfree(pkt->blanks); pkt->blanks = NULL;
1964 pkt->nblanks = 0;
00db133f 1965
7cca0d81 1966 /*
4ba9b64b 1967 * Compress packet payload.
1968 */
4ba9b64b 1969 {
1970 unsigned char *newpayload;
1971 int newlen;
51470298 1972 if (ssh->cscomp &&
ff3187f6 1973 ssh->cscomp->compress(ssh->cs_comp_ctx, pkt->data + 5,
1974 pkt->length - 5,
51470298 1975 &newpayload, &newlen)) {
ff3187f6 1976 pkt->length = 5;
1977 ssh2_pkt_adddata(pkt, newpayload, newlen);
dcbde236 1978 sfree(newpayload);
4ba9b64b 1979 }
1980 }
1981
1982 /*
7cca0d81 1983 * Add padding. At least four bytes, and must also bring total
1984 * length (minus MAC) up to a multiple of the block size.
95d2d262 1985 * If pkt->forcepad is set, make sure the packet is at least that size
1986 * after padding.
7cca0d81 1987 */
51470298 1988 cipherblk = ssh->cscipher ? ssh->cscipher->blksize : 8; /* block size */
32874aea 1989 cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */
7cca0d81 1990 padding = 4;
95d2d262 1991 if (pkt->length + padding < pkt->forcepad)
1992 padding = pkt->forcepad - pkt->length;
32874aea 1993 padding +=
ff3187f6 1994 (cipherblk - (pkt->length + padding) % cipherblk) % cipherblk;
95d2d262 1995 assert(padding <= 255);
51470298 1996 maclen = ssh->csmac ? ssh->csmac->len : 0;
ff3187f6 1997 ssh2_pkt_ensure(pkt, pkt->length + padding + maclen);
1998 pkt->data[4] = padding;
7cca0d81 1999 for (i = 0; i < padding; i++)
ff3187f6 2000 pkt->data[pkt->length + i] = random_byte();
2001 PUT_32BIT(pkt->data, pkt->length + padding - 4);
51470298 2002 if (ssh->csmac)
ff3187f6 2003 ssh->csmac->generate(ssh->cs_mac_ctx, pkt->data,
2004 pkt->length + padding,
51470298 2005 ssh->v2_outgoing_sequence);
2006 ssh->v2_outgoing_sequence++; /* whether or not we MACed */
2007
2008 if (ssh->cscipher)
371e569c 2009 ssh->cscipher->encrypt(ssh->cs_cipher_ctx,
ff3187f6 2010 pkt->data, pkt->length + padding);
51470298 2011
9442dd57 2012 pkt->encrypted_len = pkt->length + padding;
2013
ff3187f6 2014 /* Ready-to-send packet starts at pkt->data. We return length. */
2015 return pkt->length + padding + maclen;
b185170a 2016}
2017
2018/*
590f6a5f 2019 * Routines called from the main SSH code to send packets. There
2020 * are quite a few of these, because we have two separate
2021 * mechanisms for delaying the sending of packets:
2022 *
2023 * - In order to send an IGNORE message and a password message in
2024 * a single fixed-length blob, we require the ability to
2025 * concatenate the encrypted forms of those two packets _into_ a
2026 * single blob and then pass it to our <network.h> transport
2027 * layer in one go. Hence, there's a deferment mechanism which
2028 * works after packet encryption.
2029 *
2030 * - In order to avoid sending any connection-layer messages
2031 * during repeat key exchange, we have to queue up any such
2032 * outgoing messages _before_ they are encrypted (and in
2033 * particular before they're allocated sequence numbers), and
2034 * then send them once we've finished.
2035 *
2036 * I call these mechanisms `defer' and `queue' respectively, so as
2037 * to distinguish them reasonably easily.
2038 *
2039 * The functions send_noqueue() and defer_noqueue() free the packet
2040 * structure they are passed. Every outgoing packet goes through
2041 * precisely one of these functions in its life; packets passed to
2042 * ssh2_pkt_send() or ssh2_pkt_defer() either go straight to one of
2043 * these or get queued, and then when the queue is later emptied
2044 * the packets are all passed to defer_noqueue().
97ab28d7 2045 *
2046 * When using a CBC-mode cipher, it's necessary to ensure that an
2047 * attacker can't provide data to be encrypted using an IV that they
2048 * know. We ensure this by prefixing each packet that might contain
2049 * user data with an SSH_MSG_IGNORE. This is done using the deferral
2050 * mechanism, so in this case send_noqueue() ends up redirecting to
2051 * defer_noqueue(). If you don't like this inefficiency, don't use
2052 * CBC.
b185170a 2053 */
590f6a5f 2054
97ab28d7 2055static void ssh2_pkt_defer_noqueue(Ssh, struct Packet *, int);
2056static void ssh_pkt_defersend(Ssh);
2057
590f6a5f 2058/*
2e85c969 2059 * Send an SSH-2 packet immediately, without queuing or deferring.
590f6a5f 2060 */
2061static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
32874aea 2062{
5471d09a 2063 int len;
2064 int backlog;
97ab28d7 2065 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC)) {
2066 /* We need to send two packets, so use the deferral mechanism. */
2067 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
2068 ssh_pkt_defersend(ssh);
2069 return;
2070 }
ff3187f6 2071 len = ssh2_pkt_construct(ssh, pkt);
bf8a49a1 2072 backlog = s_write(ssh, pkt->data, len);
5471d09a 2073 if (backlog > SSH_MAX_BACKLOG)
51470298 2074 ssh_throttle_all(ssh, 1, backlog);
9442dd57 2075
2076 ssh->outgoing_data_size += pkt->encrypted_len;
2077 if (!ssh->kex_in_progress &&
d57f70af 2078 ssh->max_data_size != 0 &&
2079 ssh->outgoing_data_size > ssh->max_data_size)
f382c87d 2080 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
9442dd57 2081
ff3187f6 2082 ssh_free_packet(pkt);
b185170a 2083}
2084
2085/*
2e85c969 2086 * Defer an SSH-2 packet.
b185170a 2087 */
97ab28d7 2088static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)
32874aea 2089{
97ab28d7 2090 int len;
2091 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC) &&
cf6ddb95 2092 ssh->deferred_len == 0 && !noignore &&
2093 !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
97ab28d7 2094 /*
2095 * Interpose an SSH_MSG_IGNORE to ensure that user data don't
2096 * get encrypted with a known IV.
2097 */
2098 struct Packet *ipkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
27311cc7 2099 ssh2_pkt_addstring_start(ipkt);
97ab28d7 2100 ssh2_pkt_defer_noqueue(ssh, ipkt, TRUE);
2101 }
2102 len = ssh2_pkt_construct(ssh, pkt);
51470298 2103 if (ssh->deferred_len + len > ssh->deferred_size) {
2104 ssh->deferred_size = ssh->deferred_len + len + 128;
3d88e64d 2105 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
2106 ssh->deferred_size,
2107 unsigned char);
b185170a 2108 }
ff3187f6 2109 memcpy(ssh->deferred_send_data + ssh->deferred_len, pkt->data, len);
51470298 2110 ssh->deferred_len += len;
9442dd57 2111 ssh->deferred_data_size += pkt->encrypted_len;
ff3187f6 2112 ssh_free_packet(pkt);
b185170a 2113}
2114
2115/*
2e85c969 2116 * Queue an SSH-2 packet.
590f6a5f 2117 */
2118static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
2119{
2120 assert(ssh->queueing);
2121
2122 if (ssh->queuelen >= ssh->queuesize) {
2123 ssh->queuesize = ssh->queuelen + 32;
2124 ssh->queue = sresize(ssh->queue, ssh->queuesize, struct Packet *);
2125 }
2126
2127 ssh->queue[ssh->queuelen++] = pkt;
2128}
2129
2130/*
2131 * Either queue or send a packet, depending on whether queueing is
2132 * set.
2133 */
2134static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt)
2135{
2136 if (ssh->queueing)
2137 ssh2_pkt_queue(ssh, pkt);
2138 else
2139 ssh2_pkt_send_noqueue(ssh, pkt);
2140}
2141
2142/*
2143 * Either queue or defer a packet, depending on whether queueing is
2144 * set.
2145 */
2146static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
2147{
2148 if (ssh->queueing)
2149 ssh2_pkt_queue(ssh, pkt);
2150 else
97ab28d7 2151 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
590f6a5f 2152}
2153
2154/*
b185170a 2155 * Send the whole deferred data block constructed by
2e85c969 2156 * ssh2_pkt_defer() or SSH-1's defer_packet().
590f6a5f 2157 *
2158 * The expected use of the defer mechanism is that you call
2159 * ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
2160 * not currently queueing, this simply sets up deferred_send_data
2161 * and then sends it. If we _are_ currently queueing, the calls to
2162 * ssh2_pkt_defer() put the deferred packets on to the queue
2163 * instead, and therefore ssh_pkt_defersend() has no deferred data
2164 * to send. Hence, there's no need to make it conditional on
2165 * ssh->queueing.
b185170a 2166 */
51470298 2167static void ssh_pkt_defersend(Ssh ssh)
32874aea 2168{
5471d09a 2169 int backlog;
bf8a49a1 2170 backlog = s_write(ssh, ssh->deferred_send_data, ssh->deferred_len);
51470298 2171 ssh->deferred_len = ssh->deferred_size = 0;
2172 sfree(ssh->deferred_send_data);
2173 ssh->deferred_send_data = NULL;
5471d09a 2174 if (backlog > SSH_MAX_BACKLOG)
51470298 2175 ssh_throttle_all(ssh, 1, backlog);
9442dd57 2176
2177 ssh->outgoing_data_size += ssh->deferred_data_size;
2178 if (!ssh->kex_in_progress &&
d57f70af 2179 ssh->max_data_size != 0 &&
2180 ssh->outgoing_data_size > ssh->max_data_size)
f382c87d 2181 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
9442dd57 2182 ssh->deferred_data_size = 0;
7cca0d81 2183}
2184
590f6a5f 2185/*
18524056 2186 * Send a packet whose length needs to be disguised (typically
2187 * passwords or keyboard-interactive responses).
2188 */
2189static void ssh2_pkt_send_with_padding(Ssh ssh, struct Packet *pkt,
2190 int padsize)
2191{
2192#if 0
2193 if (0) {
2194 /*
2195 * The simplest way to do this is to adjust the
2196 * variable-length padding field in the outgoing packet.
2197 *
2198 * Currently compiled out, because some Cisco SSH servers
2199 * don't like excessively padded packets (bah, why's it
2200 * always Cisco?)
2201 */
2202 pkt->forcepad = padsize;
2203 ssh2_pkt_send(ssh, pkt);
2204 } else
2205#endif
2206 {
2207 /*
2208 * If we can't do that, however, an alternative approach is
2209 * to use the pkt_defer mechanism to bundle the packet
2210 * tightly together with an SSH_MSG_IGNORE such that their
2211 * combined length is a constant. So first we construct the
2212 * final form of this packet and defer its sending.
2213 */
2214 ssh2_pkt_defer(ssh, pkt);
2215
2216 /*
2217 * Now construct an SSH_MSG_IGNORE which includes a string
2218 * that's an exact multiple of the cipher block size. (If
2219 * the cipher is NULL so that the block size is
2220 * unavailable, we don't do this trick at all, because we
2221 * gain nothing by it.)
2222 */
cf6ddb95 2223 if (ssh->cscipher &&
2224 !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
18524056 2225 int stringlen, i;
2226
2227 stringlen = (256 - ssh->deferred_len);
2228 stringlen += ssh->cscipher->blksize - 1;
2229 stringlen -= (stringlen % ssh->cscipher->blksize);
2230 if (ssh->cscomp) {
2231 /*
2232 * Temporarily disable actual compression, so we
2233 * can guarantee to get this string exactly the
2234 * length we want it. The compression-disabling
2235 * routine should return an integer indicating how
2236 * many bytes we should adjust our string length
2237 * by.
2238 */
2239 stringlen -=
2240 ssh->cscomp->disable_compression(ssh->cs_comp_ctx);
2241 }
2242 pkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2243 ssh2_pkt_addstring_start(pkt);
2244 for (i = 0; i < stringlen; i++) {
2245 char c = (char) random_byte();
2246 ssh2_pkt_addstring_data(pkt, &c, 1);
2247 }
2248 ssh2_pkt_defer(ssh, pkt);
2249 }
2250 ssh_pkt_defersend(ssh);
2251 }
2252}
2253
2254/*
2e85c969 2255 * Send all queued SSH-2 packets. We send them by means of
590f6a5f 2256 * ssh2_pkt_defer_noqueue(), in case they included a pair of
2257 * packets that needed to be lumped together.
2258 */
2259static void ssh2_pkt_queuesend(Ssh ssh)
2260{
2261 int i;
2262
2263 assert(!ssh->queueing);
2264
2265 for (i = 0; i < ssh->queuelen; i++)
97ab28d7 2266 ssh2_pkt_defer_noqueue(ssh, ssh->queue[i], FALSE);
590f6a5f 2267 ssh->queuelen = 0;
2268
2269 ssh_pkt_defersend(ssh);
2270}
2271
7cca0d81 2272#if 0
32874aea 2273void bndebug(char *string, Bignum b)
2274{
7cca0d81 2275 unsigned char *p;
2276 int i, len;
2277 p = ssh2_mpint_fmt(b, &len);
2278 debug(("%s", string));
2279 for (i = 0; i < len; i++)
32874aea 2280 debug((" %02x", p[i]));
765c4200 2281 debug(("\n"));
dcbde236 2282 sfree(p);
7cca0d81 2283}
2284#endif
2285
b672f405 2286static void hash_mpint(const struct ssh_hash *h, void *s, Bignum b)
32874aea 2287{
7cca0d81 2288 unsigned char *p;
2289 int len;
2290 p = ssh2_mpint_fmt(b, &len);
b672f405 2291 hash_string(h, s, p, len);
dcbde236 2292 sfree(p);
7cca0d81 2293}
2294
2295/*
2e85c969 2296 * Packet decode functions for both SSH-1 and SSH-2.
7cca0d81 2297 */
ff3187f6 2298static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
32874aea 2299{
7cca0d81 2300 unsigned long value;
ff3187f6 2301 if (pkt->length - pkt->savedpos < 4)
32874aea 2302 return 0; /* arrgh, no way to decline (FIXME?) */
ff3187f6 2303 value = GET_32BIT(pkt->body + pkt->savedpos);
2304 pkt->savedpos += 4;
7cca0d81 2305 return value;
2306}
ff3187f6 2307static int ssh2_pkt_getbool(struct Packet *pkt)
32874aea 2308{
65a22376 2309 unsigned long value;
ff3187f6 2310 if (pkt->length - pkt->savedpos < 1)
32874aea 2311 return 0; /* arrgh, no way to decline (FIXME?) */
ff3187f6 2312 value = pkt->body[pkt->savedpos] != 0;
2313 pkt->savedpos++;
65a22376 2314 return value;
2315}
ff3187f6 2316static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length)
32874aea 2317{
57356d63 2318 int len;
7cca0d81 2319 *p = NULL;
45068b27 2320 *length = 0;
ff3187f6 2321 if (pkt->length - pkt->savedpos < 4)
32874aea 2322 return;
ff3187f6 2323 len = GET_32BIT(pkt->body + pkt->savedpos);
57356d63 2324 if (len < 0)
2325 return;
2326 *length = len;
ff3187f6 2327 pkt->savedpos += 4;
2328 if (pkt->length - pkt->savedpos < *length)
32874aea 2329 return;
ff3187f6 2330 *p = (char *)(pkt->body + pkt->savedpos);
2331 pkt->savedpos += *length;
7cca0d81 2332}
ff3187f6 2333static void *ssh_pkt_getdata(struct Packet *pkt, int length)
0016d70b 2334{
ff3187f6 2335 if (pkt->length - pkt->savedpos < length)
0016d70b 2336 return NULL;
ff3187f6 2337 pkt->savedpos += length;
2338 return pkt->body + (pkt->savedpos - length);
0016d70b 2339}
ff3187f6 2340static int ssh1_pkt_getrsakey(struct Packet *pkt, struct RSAKey *key,
0016d70b 2341 unsigned char **keystr)
2342{
2343 int j;
2344
ff3187f6 2345 j = makekey(pkt->body + pkt->savedpos,
2346 pkt->length - pkt->savedpos,
0016d70b 2347 key, keystr, 0);
2348
2349 if (j < 0)
2350 return FALSE;
2351
ff3187f6 2352 pkt->savedpos += j;
2353 assert(pkt->savedpos < pkt->length);
0016d70b 2354
2355 return TRUE;
2356}
ff3187f6 2357static Bignum ssh1_pkt_getmp(struct Packet *pkt)
0016d70b 2358{
2359 int j;
2360 Bignum b;
2361
ff3187f6 2362 j = ssh1_read_bignum(pkt->body + pkt->savedpos,
2363 pkt->length - pkt->savedpos, &b);
0016d70b 2364
2365 if (j < 0)
2366 return NULL;
2367
ff3187f6 2368 pkt->savedpos += j;
0016d70b 2369 return b;
2370}
ff3187f6 2371static Bignum ssh2_pkt_getmp(struct Packet *pkt)
32874aea 2372{
7cca0d81 2373 char *p;
3709bfe9 2374 int length;
7cca0d81 2375 Bignum b;
2376
ff3187f6 2377 ssh_pkt_getstring(pkt, &p, &length);
7cca0d81 2378 if (!p)
32874aea 2379 return NULL;
ff3187f6 2380 if (p[0] & 0x80)
32874aea 2381 return NULL;
d8baa528 2382 b = bignum_from_bytes((unsigned char *)p, length);
7cca0d81 2383 return b;
2384}
2385
7d503c31 2386/*
2e85c969 2387 * Helper function to add an SSH-2 signature blob to a packet.
1dd353b5 2388 * Expects to be shown the public key blob as well as the signature
2389 * blob. Normally works just like ssh2_pkt_addstring, but will
2390 * fiddle with the signature packet if necessary for
2391 * BUG_SSH2_RSA_PADDING.
2392 */
ff3187f6 2393static void ssh2_add_sigblob(Ssh ssh, struct Packet *pkt,
2394 void *pkblob_v, int pkblob_len,
1dd353b5 2395 void *sigblob_v, int sigblob_len)
2396{
2397 unsigned char *pkblob = (unsigned char *)pkblob_v;
2398 unsigned char *sigblob = (unsigned char *)sigblob_v;
2399
2400 /* dmemdump(pkblob, pkblob_len); */
2401 /* dmemdump(sigblob, sigblob_len); */
2402
2403 /*
2404 * See if this is in fact an ssh-rsa signature and a buggy
2405 * server; otherwise we can just do this the easy way.
2406 */
51470298 2407 if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) &&
1dd353b5 2408 (GET_32BIT(pkblob) == 7 && !memcmp(pkblob+4, "ssh-rsa", 7))) {
2409 int pos, len, siglen;
2410
2411 /*
2412 * Find the byte length of the modulus.
2413 */
2414
2415 pos = 4+7; /* skip over "ssh-rsa" */
2416 pos += 4 + GET_32BIT(pkblob+pos); /* skip over exponent */
2417 len = GET_32BIT(pkblob+pos); /* find length of modulus */
2418 pos += 4; /* find modulus itself */
2419 while (len > 0 && pkblob[pos] == 0)
2420 len--, pos++;
2421 /* debug(("modulus length is %d\n", len)); */
2422
2423 /*
2424 * Now find the signature integer.
2425 */
2426 pos = 4+7; /* skip over "ssh-rsa" */
2427 siglen = GET_32BIT(sigblob+pos);
2428 /* debug(("signature length is %d\n", siglen)); */
2429
2430 if (len != siglen) {
2431 unsigned char newlen[4];
ff3187f6 2432 ssh2_pkt_addstring_start(pkt);
2433 ssh2_pkt_addstring_data(pkt, (char *)sigblob, pos);
1dd353b5 2434 /* dmemdump(sigblob, pos); */
2435 pos += 4; /* point to start of actual sig */
2436 PUT_32BIT(newlen, len);
ff3187f6 2437 ssh2_pkt_addstring_data(pkt, (char *)newlen, 4);
1dd353b5 2438 /* dmemdump(newlen, 4); */
2439 newlen[0] = 0;
2440 while (len-- > siglen) {
ff3187f6 2441 ssh2_pkt_addstring_data(pkt, (char *)newlen, 1);
1dd353b5 2442 /* dmemdump(newlen, 1); */
2443 }
ff3187f6 2444 ssh2_pkt_addstring_data(pkt, (char *)(sigblob+pos), siglen);
1dd353b5 2445 /* dmemdump(sigblob+pos, siglen); */
2446 return;
2447 }
2448
2449 /* Otherwise fall through and do it the easy way. */
2450 }
2451
ff3187f6 2452 ssh2_pkt_addstring_start(pkt);
2453 ssh2_pkt_addstring_data(pkt, (char *)sigblob, sigblob_len);
1dd353b5 2454}
2455
2456/*
7d503c31 2457 * Examine the remote side's version string and compare it against
2458 * a list of known buggy implementations.
2459 */
51470298 2460static void ssh_detect_bugs(Ssh ssh, char *vstring)
32874aea 2461{
2462 char *imp; /* pointer to implementation part */
7d503c31 2463 imp = vstring;
2464 imp += strcspn(imp, "-");
bd358db1 2465 if (*imp) imp++;
7d503c31 2466 imp += strcspn(imp, "-");
bd358db1 2467 if (*imp) imp++;
7d503c31 2468
51470298 2469 ssh->remote_bugs = 0;
7d503c31 2470
bf982899 2471 /*
2472 * General notes on server version strings:
2473 * - Not all servers reporting "Cisco-1.25" have all the bugs listed
2474 * here -- in particular, we've heard of one that's perfectly happy
2475 * with SSH1_MSG_IGNOREs -- but this string never seems to change,
2476 * so we can't distinguish them.
2477 */
4a693cfc 2478 if (conf_get_int(ssh->conf, CONF_sshbug_ignore1) == FORCE_ON ||
2479 (conf_get_int(ssh->conf, CONF_sshbug_ignore1) == AUTO &&
2c9c6388 2480 (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
2481 !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
46ac09aa 2482 !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
bd0b4caf 2483 !strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
32874aea 2484 /*
2485 * These versions don't support SSH1_MSG_IGNORE, so we have
2486 * to use a different defence against password length
2487 * sniffing.
2488 */
51470298 2489 ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
2e85c969 2490 logevent("We believe remote version has SSH-1 ignore bug");
7d503c31 2491 }
2492
4a693cfc 2493 if (conf_get_int(ssh->conf, CONF_sshbug_plainpw1) == FORCE_ON ||
2494 (conf_get_int(ssh->conf, CONF_sshbug_plainpw1) == AUTO &&
46ac09aa 2495 (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
bd358db1 2496 /*
2497 * These versions need a plain password sent; they can't
2498 * handle having a null and a random length of data after
2499 * the password.
2500 */
51470298 2501 ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
2e85c969 2502 logevent("We believe remote version needs a plain SSH-1 password");
bd358db1 2503 }
2504
4a693cfc 2505 if (conf_get_int(ssh->conf, CONF_sshbug_rsa1) == FORCE_ON ||
2506 (conf_get_int(ssh->conf, CONF_sshbug_rsa1) == AUTO &&
2c9c6388 2507 (!strcmp(imp, "Cisco-1.25")))) {
0df73905 2508 /*
2509 * These versions apparently have no clue whatever about
2510 * RSA authentication and will panic and die if they see
2511 * an AUTH_RSA message.
2512 */
51470298 2513 ssh->remote_bugs |= BUG_CHOKES_ON_RSA;
19f47a7d 2514 logevent("We believe remote version can't handle SSH-1 RSA authentication");
0df73905 2515 }
2516
4a693cfc 2517 if (conf_get_int(ssh->conf, CONF_sshbug_hmac2) == FORCE_ON ||
2518 (conf_get_int(ssh->conf, CONF_sshbug_hmac2) == AUTO &&
b9f387af 2519 !wc_match("* VShell", imp) &&
831301f6 2520 (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
2521 wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
2522 wc_match("2.1 *", imp)))) {
32874aea 2523 /*
2524 * These versions have the HMAC bug.
2525 */
51470298 2526 ssh->remote_bugs |= BUG_SSH2_HMAC;
2e85c969 2527 logevent("We believe remote version has SSH-2 HMAC bug");
7d503c31 2528 }
1dd353b5 2529
4a693cfc 2530 if (conf_get_int(ssh->conf, CONF_sshbug_derivekey2) == FORCE_ON ||
2531 (conf_get_int(ssh->conf, CONF_sshbug_derivekey2) == AUTO &&
b9f387af 2532 !wc_match("* VShell", imp) &&
2856a1b9 2533 (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
088bde77 2534 /*
2535 * These versions have the key-derivation bug (failing to
2536 * include the literal shared secret in the hashes that
2537 * generate the keys).
2538 */
51470298 2539 ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
2e85c969 2540 logevent("We believe remote version has SSH-2 key-derivation bug");
088bde77 2541 }
2542
4a693cfc 2543 if (conf_get_int(ssh->conf, CONF_sshbug_rsapad2) == FORCE_ON ||
2544 (conf_get_int(ssh->conf, CONF_sshbug_rsapad2) == AUTO &&
831301f6 2545 (wc_match("OpenSSH_2.[5-9]*", imp) ||
2546 wc_match("OpenSSH_3.[0-2]*", imp)))) {
1dd353b5 2547 /*
2e85c969 2548 * These versions have the SSH-2 RSA padding bug.
1dd353b5 2549 */
51470298 2550 ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
2e85c969 2551 logevent("We believe remote version has SSH-2 RSA padding bug");
1dd353b5 2552 }
8e975795 2553
4a693cfc 2554 if (conf_get_int(ssh->conf, CONF_sshbug_pksessid2) == FORCE_ON ||
2555 (conf_get_int(ssh->conf, CONF_sshbug_pksessid2) == AUTO &&
dda87a28 2556 wc_match("OpenSSH_2.[0-2]*", imp))) {
2557 /*
2e85c969 2558 * These versions have the SSH-2 session-ID bug in
dda87a28 2559 * public-key authentication.
2560 */
2561 ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
2e85c969 2562 logevent("We believe remote version has SSH-2 public-key-session-ID bug");
dda87a28 2563 }
f382c87d 2564
4a693cfc 2565 if (conf_get_int(ssh->conf, CONF_sshbug_rekey2) == FORCE_ON ||
2566 (conf_get_int(ssh->conf, CONF_sshbug_rekey2) == AUTO &&
39b8712f 2567 (wc_match("DigiSSH_2.0", imp) ||
2568 wc_match("OpenSSH_2.[0-4]*", imp) ||
e12d95a5 2569 wc_match("OpenSSH_2.5.[0-3]*", imp) ||
2570 wc_match("Sun_SSH_1.0", imp) ||
f4275b53 2571 wc_match("Sun_SSH_1.0.1", imp) ||
96bd26de 2572 /* All versions <= 1.2.6 (they changed their format in 1.2.7) */
2573 wc_match("WeOnlyDo-*", imp)))) {
f382c87d 2574 /*
2e85c969 2575 * These versions have the SSH-2 rekey bug.
f382c87d 2576 */
2577 ssh->remote_bugs |= BUG_SSH2_REKEY;
2e85c969 2578 logevent("We believe remote version has SSH-2 rekey bug");
f382c87d 2579 }
c9739dba 2580
4a693cfc 2581 if (conf_get_int(ssh->conf, CONF_sshbug_maxpkt2) == FORCE_ON ||
2582 (conf_get_int(ssh->conf, CONF_sshbug_maxpkt2) == AUTO &&
5ca836f2 2583 (wc_match("1.36_sshlib GlobalSCAPE", imp) ||
2584 wc_match("1.36 sshlib: GlobalScape", imp)))) {
c9739dba 2585 /*
2586 * This version ignores our makpkt and needs to be throttled.
2587 */
2588 ssh->remote_bugs |= BUG_SSH2_MAXPKT;
2589 logevent("We believe remote version ignores SSH-2 maximum packet size");
2590 }
cf6ddb95 2591
4a693cfc 2592 if (conf_get_int(ssh->conf, CONF_sshbug_ignore2) == FORCE_ON) {
cf6ddb95 2593 /*
2594 * Servers that don't support SSH2_MSG_IGNORE. Currently,
2595 * none detected automatically.
2596 */
2597 ssh->remote_bugs |= BUG_CHOKES_ON_SSH2_IGNORE;
2598 logevent("We believe remote version has SSH-2 ignore bug");
2599 }
2e0aae4f 2600
2601 if (conf_get_int(ssh->conf, CONF_sshbug_winadj) == FORCE_ON) {
2602 /*
2603 * Servers that don't support our winadj request for one
2604 * reason or another. Currently, none detected automatically.
2605 */
2606 ssh->remote_bugs |= BUG_CHOKES_ON_WINADJ;
2607 logevent("We believe remote version has winadj bug");
2608 }
7d503c31 2609}
2610
d38d6a1f 2611/*
2612 * The `software version' part of an SSH version string is required
2613 * to contain no spaces or minus signs.
2614 */
2615static void ssh_fix_verstring(char *str)
2616{
2617 /* Eat "SSH-<protoversion>-". */
2618 assert(*str == 'S'); str++;
2619 assert(*str == 'S'); str++;
2620 assert(*str == 'H'); str++;
2621 assert(*str == '-'); str++;
2622 while (*str && *str != '-') str++;
2623 assert(*str == '-'); str++;
2624
2625 /* Convert minus signs and spaces in the remaining string into
2626 * underscores. */
2627 while (*str) {
2628 if (*str == '-' || *str == ' ')
2629 *str = '_';
2630 str++;
2631 }
2632}
2633
1fcd0d98 2634/*
2635 * Send an appropriate SSH version string.
2636 */
2637static void ssh_send_verstring(Ssh ssh, char *svers)
2638{
2639 char *verstring;
2640
2641 if (ssh->version == 2) {
2642 /*
2643 * Construct a v2 version string.
2644 */
2645 verstring = dupprintf("SSH-2.0-%s\015\012", sshver);
2646 } else {
2647 /*
2648 * Construct a v1 version string.
2649 */
2650 verstring = dupprintf("SSH-%s-%s\012",
2651 (ssh_versioncmp(svers, "1.5") <= 0 ?
2652 svers : "1.5"),
2653 sshver);
2654 }
2655
2656 ssh_fix_verstring(verstring);
2657
2658 if (ssh->version == 2) {
2659 size_t len;
2660 /*
2661 * Record our version string.
2662 */
2663 len = strcspn(verstring, "\015\012");
2664 ssh->v_c = snewn(len + 1, char);
2665 memcpy(ssh->v_c, verstring, len);
2666 ssh->v_c[len] = 0;
2667 }
2668
2669 logeventf(ssh, "We claim version: %.*s",
2670 strcspn(verstring, "\015\012"), verstring);
2671 s_write(ssh, verstring, strlen(verstring));
2672 sfree(verstring);
2673}
2674
51470298 2675static int do_ssh_init(Ssh ssh, unsigned char c)
32874aea 2676{
51470298 2677 struct do_ssh_init_state {
30919997 2678 int crLine;
51470298 2679 int vslen;
2680 char version[10];
2681 char *vstring;
2682 int vstrsize;
2683 int i;
2684 int proto1, proto2;
2685 };
2686 crState(do_ssh_init_state);
30919997 2687
2688 crBeginState;
8df7a775 2689
8c1835c0 2690 /* Search for a line beginning with the string "SSH-" in the input. */
2691 for (;;) {
2692 if (c != 'S') goto no;
2693 crReturn(1);
2694 if (c != 'S') goto no;
2695 crReturn(1);
2696 if (c != 'H') goto no;
2697 crReturn(1);
2698 if (c != '-') goto no;
2699 break;
2700 no:
2701 while (c != '\012')
2702 crReturn(1);
2703 crReturn(1);
374330e2 2704 }
8df7a775 2705
51470298 2706 s->vstrsize = 16;
3d88e64d 2707 s->vstring = snewn(s->vstrsize, char);
51470298 2708 strcpy(s->vstring, "SSH-");
2709 s->vslen = 4;
2710 s->i = 0;
374330e2 2711 while (1) {
8df7a775 2712 crReturn(1); /* get another char */
51470298 2713 if (s->vslen >= s->vstrsize - 1) {
2714 s->vstrsize += 16;
3d88e64d 2715 s->vstring = sresize(s->vstring, s->vstrsize, char);
32874aea 2716 }
51470298 2717 s->vstring[s->vslen++] = c;
2718 if (s->i >= 0) {
374330e2 2719 if (c == '-') {
51470298 2720 s->version[s->i] = '\0';
2721 s->i = -1;
2722 } else if (s->i < sizeof(s->version) - 1)
2723 s->version[s->i++] = c;
c4ffc4d0 2724 } else if (c == '\012')
374330e2 2725 break;
2726 }
2727
51470298 2728 ssh->agentfwd_enabled = FALSE;
2729 ssh->rdpkt2_state.incoming_sequence = 0;
960e736a 2730
51470298 2731 s->vstring[s->vslen] = 0;
a7d4653a 2732 s->vstring[strcspn(s->vstring, "\015\012")] = '\0';/* remove EOL chars */
fb983202 2733 logeventf(ssh, "Server version: %s", s->vstring);
51470298 2734 ssh_detect_bugs(ssh, s->vstring);
c5e9c988 2735
adf799dd 2736 /*
38d228a2 2737 * Decide which SSH protocol version to support.
adf799dd 2738 */
38d228a2 2739
2740 /* Anything strictly below "2.0" means protocol 1 is supported. */
51470298 2741 s->proto1 = ssh_versioncmp(s->version, "2.0") < 0;
38d228a2 2742 /* Anything greater or equal to "1.99" means protocol 2 is supported. */
51470298 2743 s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
38d228a2 2744
4a693cfc 2745 if (conf_get_int(ssh->conf, CONF_sshprot) == 0 && !s->proto1) {
6b5cf8b4 2746 bombout(("SSH protocol version 1 required by user but not provided by server"));
7ffdbc1a 2747 crStop(0);
38d228a2 2748 }
4a693cfc 2749 if (conf_get_int(ssh->conf, CONF_sshprot) == 3 && !s->proto2) {
6b5cf8b4 2750 bombout(("SSH protocol version 2 required by user but not provided by server"));
7ffdbc1a 2751 crStop(0);
38d228a2 2752 }
2753
4a693cfc 2754 if (s->proto2 && (conf_get_int(ssh->conf, CONF_sshprot) >= 2 || !s->proto1))
1fcd0d98 2755 ssh->version = 2;
2756 else
2757 ssh->version = 1;
d38d6a1f 2758
2759 logeventf(ssh, "Using SSH protocol version %d", ssh->version);
2760
1fcd0d98 2761 /* Send the version string, if we haven't already */
4a693cfc 2762 if (conf_get_int(ssh->conf, CONF_sshprot) != 3)
1fcd0d98 2763 ssh_send_verstring(ssh, s->version);
2764
2765 if (ssh->version == 2) {
2766 size_t len;
2767 /*
2768 * Record their version string.
2769 */
2770 len = strcspn(s->vstring, "\015\012");
2771 ssh->v_s = snewn(len + 1, char);
2772 memcpy(ssh->v_s, s->vstring, len);
2773 ssh->v_s[len] = 0;
2774
2775 /*
2776 * Initialise SSH-2 protocol.
2777 */
2778 ssh->protocol = ssh2_protocol;
2779 ssh2_protocol_setup(ssh);
2780 ssh->s_rdpkt = ssh2_rdpkt;
2781 } else {
2782 /*
2783 * Initialise SSH-1 protocol.
2784 */
2785 ssh->protocol = ssh1_protocol;
2786 ssh1_protocol_setup(ssh);
2787 ssh->s_rdpkt = ssh1_rdpkt;
2788 }
2789 if (ssh->version == 2)
2790 do_ssh2_transport(ssh, NULL, -1, NULL);
2791
125105d1 2792 update_specials_menu(ssh->frontend);
51470298 2793 ssh->state = SSH_STATE_BEFORE_SIZE;
4a693cfc 2794 ssh->pinger = pinger_new(ssh->conf, &ssh_backend, ssh);
8df7a775 2795
51470298 2796 sfree(s->vstring);
50526e47 2797
8df7a775 2798 crFinish(0);
2799}
2800
3d9449a1 2801static void ssh_process_incoming_data(Ssh ssh,
2802 unsigned char **data, int *datalen)
2803{
bf8a49a1 2804 struct Packet *pktin;
2805
2806 pktin = ssh->s_rdpkt(ssh, data, datalen);
3d9449a1 2807 if (pktin) {
2808 ssh->protocol(ssh, NULL, 0, pktin);
2809 ssh_free_packet(pktin);
2810 }
2811}
2812
2813static void ssh_queue_incoming_data(Ssh ssh,
2814 unsigned char **data, int *datalen)
2815{
2816 bufchain_add(&ssh->queued_incoming_data, *data, *datalen);
2817 *data += *datalen;
2818 *datalen = 0;
2819}
2820
2821static void ssh_process_queued_incoming_data(Ssh ssh)
2822{
2823 void *vdata;
2824 unsigned char *data;
2825 int len, origlen;
2826
2827 while (!ssh->frozen && bufchain_size(&ssh->queued_incoming_data)) {
2828 bufchain_prefix(&ssh->queued_incoming_data, &vdata, &len);
2829 data = vdata;
2830 origlen = len;
2831
2832 while (!ssh->frozen && len > 0)
2833 ssh_process_incoming_data(ssh, &data, &len);
2834
2835 if (origlen > len)
2836 bufchain_consume(&ssh->queued_incoming_data, origlen - len);
2837 }
2838}
2839
2840static void ssh_set_frozen(Ssh ssh, int frozen)
2841{
a5a6f839 2842 if (ssh->s)
2843 sk_set_frozen(ssh->s, frozen);
3d9449a1 2844 ssh->frozen = frozen;
2845}
2846
51470298 2847static void ssh_gotdata(Ssh ssh, unsigned char *data, int datalen)
8df7a775 2848{
bf8a49a1 2849 /* Log raw data, if we're in that mode. */
ff05dfef 2850 if (ssh->logctx)
2851 log_packet(ssh->logctx, PKT_INCOMING, -1, NULL, data, datalen,
0d13bfcd 2852 0, NULL, NULL);
bf8a49a1 2853
51470298 2854 crBegin(ssh->ssh_gotdata_crstate);
8df7a775 2855
2856 /*
2857 * To begin with, feed the characters one by one to the
2858 * protocol initialisation / selection function do_ssh_init().
2859 * When that returns 0, we're done with the initial greeting
2860 * exchange and can move on to packet discipline.
2861 */
2862 while (1) {
51470298 2863 int ret; /* need not be kept across crReturn */
8df7a775 2864 if (datalen == 0)
2865 crReturnV; /* more data please */
51470298 2866 ret = do_ssh_init(ssh, *data);
32874aea 2867 data++;
2868 datalen--;
8df7a775 2869 if (ret == 0)
2870 break;
2871 }
2872
2873 /*
2874 * We emerge from that loop when the initial negotiation is
2875 * over and we have selected an s_rdpkt function. Now pass
2876 * everything to s_rdpkt, and then pass the resulting packets
2877 * to the proper protocol handler.
2878 */
3d9449a1 2879
8df7a775 2880 while (1) {
e375106c 2881 while (bufchain_size(&ssh->queued_incoming_data) > 0 || datalen > 0) {
2882 if (ssh->frozen) {
3d9449a1 2883 ssh_queue_incoming_data(ssh, &data, &datalen);
e375106c 2884 /* This uses up all data and cannot cause anything interesting
2885 * to happen; indeed, for anything to happen at all, we must
2886 * return, so break out. */
2887 break;
2888 } else if (bufchain_size(&ssh->queued_incoming_data) > 0) {
2889 /* This uses up some or all data, and may freeze the
2890 * session. */
2891 ssh_process_queued_incoming_data(ssh);
2892 } else {
2893 /* This uses up some or all data, and may freeze the
2894 * session. */
2895 ssh_process_incoming_data(ssh, &data, &datalen);
2896 }
2897 /* FIXME this is probably EBW. */
ff3187f6 2898 if (ssh->state == SSH_STATE_CLOSED)
2899 return;
8df7a775 2900 }
e375106c 2901 /* We're out of data. Go and get some more. */
8df7a775 2902 crReturnV;
2903 }
2904 crFinishV;
2905}
2906
ac934965 2907static int ssh_do_close(Ssh ssh, int notify_exit)
32874aea 2908{
80ffa58b 2909 int ret = 0;
36f94d1f 2910 struct ssh_channel *c;
2911
51470298 2912 ssh->state = SSH_STATE_CLOSED;
ecbb0000 2913 expire_timer_context(ssh);
51470298 2914 if (ssh->s) {
2915 sk_close(ssh->s);
2916 ssh->s = NULL;
ac934965 2917 if (notify_exit)
2918 notify_remote_exit(ssh->frontend);
2919 else
2920 ret = 1;
f3ab576e 2921 }
36f94d1f 2922 /*
80ffa58b 2923 * Now we must shut down any port- and X-forwarded channels going
36f94d1f 2924 * through this connection.
2925 */
74a98066 2926 if (ssh->channels) {
80ffa58b 2927 while (NULL != (c = index234(ssh->channels, 0))) {
74a98066 2928 switch (c->type) {
2929 case CHAN_X11:
2930 x11_close(c->u.x11.s);
2931 break;
2932 case CHAN_SOCKDATA:
409eca86 2933 case CHAN_SOCKDATA_DORMANT:
74a98066 2934 pfd_close(c->u.pfd.s);
2935 break;
2936 }
80ffa58b 2937 del234(ssh->channels, c); /* moving next one to index 0 */
74a98066 2938 if (ssh->version == 2)
2939 bufchain_clear(&c->v.v2.outbuffer);
2940 sfree(c);
36f94d1f 2941 }
36f94d1f 2942 }
f8c9f9df 2943 /*
2944 * Go through port-forwardings, and close any associated
2945 * listening sockets.
2946 */
2947 if (ssh->portfwds) {
2948 struct ssh_portfwd *pf;
2949 while (NULL != (pf = index234(ssh->portfwds, 0))) {
2950 /* Dispose of any listening socket. */
2951 if (pf->local)
2952 pfd_terminate(pf->local);
2953 del234(ssh->portfwds, pf); /* moving next one to index 0 */
2954 free_portfwd(pf);
2955 }
b72bdf11 2956 freetree234(ssh->portfwds);
2957 ssh->portfwds = NULL;
f8c9f9df 2958 }
ac934965 2959
2960 return ret;
36f94d1f 2961}
2962
7555d6a5 2963static void ssh_log(Plug plug, int type, SockAddr addr, int port,
2964 const char *error_msg, int error_code)
2965{
2966 Ssh ssh = (Ssh) plug;
2967 char addrbuf[256], *msg;
2968
2969 sk_getaddr(addr, addrbuf, lenof(addrbuf));
2970
2971 if (type == 0)
2972 msg = dupprintf("Connecting to %s port %d", addrbuf, port);
2973 else
2974 msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg);
2975
2976 logevent(msg);
fb983202 2977 sfree(msg);
7555d6a5 2978}
2979
cbe2d68f 2980static int ssh_closing(Plug plug, const char *error_msg, int error_code,
36f94d1f 2981 int calling_back)
2982{
2983 Ssh ssh = (Ssh) plug;
ac934965 2984 int need_notify = ssh_do_close(ssh, FALSE);
2985
9e296bfa 2986 if (!error_msg) {
2987 if (!ssh->close_expected)
2988 error_msg = "Server unexpectedly closed network connection";
2989 else
2990 error_msg = "Server closed network connection";
ac934965 2991 }
2992
d051d1b4 2993 if (ssh->close_expected && ssh->clean_exit && ssh->exitcode < 0)
2994 ssh->exitcode = 0;
2995
2425184b 2996 if (need_notify)
2997 notify_remote_exit(ssh->frontend);
2998
9e296bfa 2999 if (error_msg)
247308b5 3000 logevent(error_msg);
9e296bfa 3001 if (!ssh->close_expected || !ssh->clean_exit)
971bcc0a 3002 connection_fatal(ssh->frontend, "%s", error_msg);
7e78000d 3003 return 0;
3004}
3005
32874aea 3006static int ssh_receive(Plug plug, int urgent, char *data, int len)
3007{
51470298 3008 Ssh ssh = (Ssh) plug;
d8baa528 3009 ssh_gotdata(ssh, (unsigned char *)data, len);
51470298 3010 if (ssh->state == SSH_STATE_CLOSED) {
ac934965 3011 ssh_do_close(ssh, TRUE);
32874aea 3012 return 0;
3257deae 3013 }
fef97f43 3014 return 1;
374330e2 3015}
3016
5471d09a 3017static void ssh_sent(Plug plug, int bufsize)
3018{
51470298 3019 Ssh ssh = (Ssh) plug;
5471d09a 3020 /*
3021 * If the send backlog on the SSH socket itself clears, we
3022 * should unthrottle the whole world if it was throttled.
3023 */
3024 if (bufsize < SSH_MAX_BACKLOG)
51470298 3025 ssh_throttle_all(ssh, 0, bufsize);
5471d09a 3026}
3027
fb09bf1c 3028/*
8df7a775 3029 * Connect to specified host and port.
3030 * Returns an error message, or NULL on success.
6e1ebb76 3031 * Also places the canonical host name into `realhost'. It must be
3032 * freed by the caller.
8df7a775 3033 */
cbe2d68f 3034static const char *connect_to_host(Ssh ssh, char *host, int port,
79bf227b 3035 char **realhost, int nodelay, int keepalive)
8df7a775 3036{
51470298 3037 static const struct plug_function_table fn_table = {
7555d6a5 3038 ssh_log,
7e78000d 3039 ssh_closing,
5471d09a 3040 ssh_receive,
3041 ssh_sent,
3042 NULL
51470298 3043 };
7e78000d 3044
8df7a775 3045 SockAddr addr;
cbe2d68f 3046 const char *err;
4a693cfc 3047 char *loghost;
3048 int addressfamily, sshprot;
3049
3050 loghost = conf_get_str(ssh->conf, CONF_loghost);
3051 if (*loghost) {
881da168 3052 char *colon;
8df7a775 3053
4a693cfc 3054 ssh->savedhost = dupstr(loghost);
881da168 3055 ssh->savedport = 22; /* default ssh port */
3056
3057 /*
3058 * A colon suffix on savedhost also lets us affect
3059 * savedport.
3060 *
3061 * (FIXME: do something about IPv6 address literals here.)
3062 */
3063 colon = strrchr(ssh->savedhost, ':');
3064 if (colon) {
3065 *colon++ = '\0';
3066 if (*colon)
3067 ssh->savedport = atoi(colon);
3068 }
3069 } else {
3070 ssh->savedhost = dupstr(host);
3071 if (port < 0)
3072 port = 22; /* default ssh port */
3073 ssh->savedport = port;
3074 }
8df7a775 3075
3076 /*
3077 * Try to find host.
3078 */
4a693cfc 3079 addressfamily = conf_get_int(ssh->conf, CONF_addressfamily);
05581745 3080 logeventf(ssh, "Looking up host \"%s\"%s", host,
4a693cfc 3081 (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
3082 (addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
3083 addr = name_lookup(host, port, realhost, ssh->conf, addressfamily);
170c1e6e 3084 if ((err = sk_addr_error(addr)) != NULL) {
3085 sk_addr_free(addr);
8df7a775 3086 return err;
170c1e6e 3087 }
42af6a67 3088 ssh->fullhostname = dupstr(*realhost); /* save in case of GSSAPI */
8df7a775 3089
8df7a775 3090 /*
3091 * Open socket.
3092 */
51470298 3093 ssh->fn = &fn_table;
e8fa8f62 3094 ssh->s = new_connection(addr, *realhost, port,
4a693cfc 3095 0, 1, nodelay, keepalive, (Plug) ssh, ssh->conf);
70e5d0fd 3096 if ((err = sk_socket_error(ssh->s)) != NULL) {
51470298 3097 ssh->s = NULL;
39934deb 3098 notify_remote_exit(ssh->frontend);
8df7a775 3099 return err;
67c4ba2e 3100 }
8df7a775 3101
ff05dfef 3102 /*
3103 * If the SSH version number's fixed, set it now, and if it's SSH-2,
3104 * send the version string too.
3105 */
4a693cfc 3106 sshprot = conf_get_int(ssh->conf, CONF_sshprot);
3107 if (sshprot == 0)
ff05dfef 3108 ssh->version = 1;
4a693cfc 3109 if (sshprot == 3) {
ff05dfef 3110 ssh->version = 2;
3111 ssh_send_verstring(ssh, NULL);
3112 }
3113
881da168 3114 /*
3115 * loghost, if configured, overrides realhost.
3116 */
4a693cfc 3117 if (*loghost) {
881da168 3118 sfree(*realhost);
4a693cfc 3119 *realhost = dupstr(loghost);
881da168 3120 }
3121
8df7a775 3122 return NULL;
3123}
3124
3125/*
5471d09a 3126 * Throttle or unthrottle the SSH connection.
3127 */
ff68564b 3128static void ssh_throttle_conn(Ssh ssh, int adjust)
5471d09a 3129{
ff68564b 3130 int old_count = ssh->conn_throttle_count;
3131 ssh->conn_throttle_count += adjust;
3132 assert(ssh->conn_throttle_count >= 0);
3133 if (ssh->conn_throttle_count && !old_count) {
3d9449a1 3134 ssh_set_frozen(ssh, 1);
ff68564b 3135 } else if (!ssh->conn_throttle_count && old_count) {
3d9449a1 3136 ssh_set_frozen(ssh, 0);
5471d09a 3137 }
3138}
3139
3140/*
3141 * Throttle or unthrottle _all_ local data streams (for when sends
3142 * on the SSH connection itself back up).
3143 */
51470298 3144static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
5471d09a 3145{
3146 int i;
3147 struct ssh_channel *c;
3148
51470298 3149 if (enable == ssh->throttled_all)
5471d09a 3150 return;
51470298 3151 ssh->throttled_all = enable;
3152 ssh->overall_bufsize = bufsize;
3153 if (!ssh->channels)
5471d09a 3154 return;
51470298 3155 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
5471d09a 3156 switch (c->type) {
3157 case CHAN_MAINSESSION:
3158 /*
3159 * This is treated separately, outside the switch.
3160 */
3161 break;
3162 case CHAN_X11:
3163 x11_override_throttle(c->u.x11.s, enable);
3164 break;
3165 case CHAN_AGENT:
3166 /* Agent channels require no buffer management. */
3167 break;
3168 case CHAN_SOCKDATA:
36f94d1f 3169 pfd_override_throttle(c->u.pfd.s, enable);
5471d09a 3170 break;
3171 }
3172 }
3173}
3174
f11d78f2 3175static void ssh_agent_callback(void *sshv, void *reply, int replylen)
839f10db 3176{
3177 Ssh ssh = (Ssh) sshv;
3178
3179 ssh->agent_response = reply;
3180 ssh->agent_response_len = replylen;
3181
3182 if (ssh->version == 1)
ff3187f6 3183 do_ssh1_login(ssh, NULL, -1, NULL);
839f10db 3184 else
ff3187f6 3185 do_ssh2_authconn(ssh, NULL, -1, NULL);
839f10db 3186}
3187
3d9449a1 3188static void ssh_dialog_callback(void *sshv, int ret)
3189{
3190 Ssh ssh = (Ssh) sshv;
3191
3192 ssh->user_response = ret;
3193
3194 if (ssh->version == 1)
3195 do_ssh1_login(ssh, NULL, -1, NULL);
3196 else
3197 do_ssh2_transport(ssh, NULL, -1, NULL);
3198
3199 /*
3200 * This may have unfrozen the SSH connection, so do a
3201 * queued-data run.
3202 */
3203 ssh_process_queued_incoming_data(ssh);
3204}
3205
f11d78f2 3206static void ssh_agentf_callback(void *cv, void *reply, int replylen)
839f10db 3207{
3208 struct ssh_channel *c = (struct ssh_channel *)cv;
3209 Ssh ssh = c->ssh;
3210 void *sentreply = reply;
3211
3212 if (!sentreply) {
3213 /* Fake SSH_AGENT_FAILURE. */
3214 sentreply = "\0\0\0\1\5";
3215 replylen = 5;
3216 }
3217 if (ssh->version == 2) {
3218 ssh2_add_channel_data(c, sentreply, replylen);
3219 ssh2_try_send(c);
3220 } else {
3221 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
3222 PKT_INT, c->remoteid,
3223 PKT_INT, replylen,
a2724fba 3224 PKTT_DATA,
839f10db 3225 PKT_DATA, sentreply, replylen,
9a10ecf4 3226 PKTT_OTHER,
839f10db 3227 PKT_END);
3228 }
3229 if (reply)
3230 sfree(reply);
3231}
3232
0405e71f 3233/*
9e296bfa 3234 * Client-initiated disconnection. Send a DISCONNECT if `wire_reason'
3235 * non-NULL, otherwise just close the connection. `client_reason' == NULL
3236 * => log `wire_reason'.
3237 */
3238static void ssh_disconnect(Ssh ssh, char *client_reason, char *wire_reason,
3239 int code, int clean_exit)
3240{
3241 char *error;
3242 if (!client_reason)
3243 client_reason = wire_reason;
3244 if (client_reason)
3245 error = dupprintf("Disconnected: %s", client_reason);
3246 else
3247 error = dupstr("Disconnected");
3248 if (wire_reason) {
3249 if (ssh->version == 1) {
3250 send_packet(ssh, SSH1_MSG_DISCONNECT, PKT_STR, wire_reason,
3251 PKT_END);
3252 } else if (ssh->version == 2) {
3253 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
3254 ssh2_pkt_adduint32(pktout, code);
3255 ssh2_pkt_addstring(pktout, wire_reason);
3256 ssh2_pkt_addstring(pktout, "en"); /* language tag */
3257 ssh2_pkt_send_noqueue(ssh, pktout);
3258 }
3259 }
3260 ssh->close_expected = TRUE;
3261 ssh->clean_exit = clean_exit;
3262 ssh_closing((Plug)ssh, error, 0, 0);
3263 sfree(error);
3264}
3265
3266/*
fb09bf1c 3267 * Handle the key exchange and user authentication phases.
3268 */
ff3187f6 3269static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
3270 struct Packet *pktin)
fb09bf1c 3271{
0016d70b 3272 int i, j, ret;
3273 unsigned char cookie[8], *ptr;
374330e2 3274 struct RSAKey servkey, hostkey;
3275 struct MD5Context md5c;
51470298 3276 struct do_ssh1_login_state {
30919997 3277 int crLine;
51470298 3278 int len;
3279 unsigned char *rsabuf, *keystr1, *keystr2;
3280 unsigned long supported_ciphers_mask, supported_auths_mask;
3281 int tried_publickey, tried_agent;
3282 int tis_auth_refused, ccard_auth_refused;
3283 unsigned char session_id[16];
3284 int cipher_type;
51470298 3285 void *publickey_blob;
3286 int publickey_bloblen;
edd0cb8a 3287 char *publickey_comment;
3288 int publickey_encrypted;
3289 prompts_t *cur_prompt;
51470298 3290 char c;
3291 int pwpkt_type;
3292 unsigned char request[5], *response, *p;
3293 int responselen;
3294 int keyi, nkeys;
3295 int authed;
3296 struct RSAKey key;
3297 Bignum challenge;
3298 char *commentp;
3299 int commentlen;
3d9449a1 3300 int dlgret;
4a693cfc 3301 Filename *keyfile;
51470298 3302 };
3303 crState(do_ssh1_login_state);
3304
30919997 3305 crBeginState;
374330e2 3306
ff3187f6 3307 if (!pktin)
3308 crWaitUntil(pktin);
374330e2 3309
ff3187f6 3310 if (pktin->type != SSH1_SMSG_PUBLIC_KEY) {
6b5cf8b4 3311 bombout(("Public key packet not received"));
7ffdbc1a 3312 crStop(0);
8d5de777 3313 }
374330e2 3314
c5e9c988 3315 logevent("Received public keys");
374330e2 3316
ff3187f6 3317 ptr = ssh_pkt_getdata(pktin, 8);
0016d70b 3318 if (!ptr) {
2e85c969 3319 bombout(("SSH-1 public key packet stopped before random cookie"));
0016d70b 3320 crStop(0);
3321 }
3322 memcpy(cookie, ptr, 8);
374330e2 3323
ff3187f6 3324 if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
3325 !ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
2e85c969 3326 bombout(("Failed to read SSH-1 public keys from public key packet"));
0016d70b 3327 crStop(0);
3328 }
374330e2 3329
c5e9c988 3330 /*
1c2a93c4 3331 * Log the host key fingerprint.
c5e9c988 3332 */
c5e9c988 3333 {
3334 char logmsg[80];
1c2a93c4 3335 logevent("Host key fingerprint is:");
c5e9c988 3336 strcpy(logmsg, " ");
32874aea 3337 hostkey.comment = NULL;
3338 rsa_fingerprint(logmsg + strlen(logmsg),
3339 sizeof(logmsg) - strlen(logmsg), &hostkey);
c5e9c988 3340 logevent(logmsg);
3341 }
3342
ff3187f6 3343 ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
3344 s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
3345 s->supported_auths_mask = ssh_pkt_getuint32(pktin);
d5b2c841 3346 if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA))
3347 s->supported_auths_mask &= ~(1 << SSH1_AUTH_RSA);
bea1ef5f 3348
51470298 3349 ssh->v1_local_protoflags =
3350 ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
3351 ssh->v1_local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
b96dc54c 3352
c5e9c988 3353 MD5Init(&md5c);
51470298 3354 MD5Update(&md5c, s->keystr2, hostkey.bytes);
3355 MD5Update(&md5c, s->keystr1, servkey.bytes);
0016d70b 3356 MD5Update(&md5c, cookie, 8);
51470298 3357 MD5Final(s->session_id, &md5c);
374330e2 3358
32874aea 3359 for (i = 0; i < 32; i++)
51470298 3360 ssh->session_key[i] = random_byte();
374330e2 3361
0016d70b 3362 /*
3363 * Verify that the `bits' and `bytes' parameters match.
3364 */
3365 if (hostkey.bits > hostkey.bytes * 8 ||
3366 servkey.bits > servkey.bytes * 8) {
2e85c969 3367 bombout(("SSH-1 public keys were badly formatted"));
0016d70b 3368 crStop(0);
3369 }
3370
51470298 3371 s->len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
374330e2 3372
3d88e64d 3373 s->rsabuf = snewn(s->len, unsigned char);
374330e2 3374
89ee5268 3375 /*
3376 * Verify the host key.
3377 */
3378 {
32874aea 3379 /*
3380 * First format the key into a string.
3381 */
3382 int len = rsastr_len(&hostkey);
3383 char fingerprint[100];
3d88e64d 3384 char *keystr = snewn(len, char);
32874aea 3385 rsastr_fmt(keystr, &hostkey);
3386 rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey);
3d9449a1 3387
3388 ssh_set_frozen(ssh, 1);
3389 s->dlgret = verify_ssh_host_key(ssh->frontend,
3390 ssh->savedhost, ssh->savedport,
3391 "rsa", keystr, fingerprint,
3392 ssh_dialog_callback, ssh);
32874aea 3393 sfree(keystr);
3d9449a1 3394 if (s->dlgret < 0) {
3395 do {
3396 crReturn(0);
3397 if (pktin) {
3398 bombout(("Unexpected data from server while waiting"
3399 " for user host key response"));
3400 crStop(0);
3401 }
3402 } while (pktin || inlen > 0);
3403 s->dlgret = ssh->user_response;
3404 }
3405 ssh_set_frozen(ssh, 0);
3406
3407 if (s->dlgret == 0) {
9e296bfa 3408 ssh_disconnect(ssh, "User aborted at host key verification",
3409 NULL, 0, TRUE);
2b3f6c19 3410 crStop(0);
3d9449a1 3411 }
32874aea 3412 }
3413
3414 for (i = 0; i < 32; i++) {
51470298 3415 s->rsabuf[i] = ssh->session_key[i];
374330e2 3416 if (i < 16)
51470298 3417 s->rsabuf[i] ^= s->session_id[i];
374330e2 3418 }
3419
3420 if (hostkey.bytes > servkey.bytes) {
0016d70b 3421 ret = rsaencrypt(s->rsabuf, 32, &servkey);
3422 if (ret)
3423 ret = rsaencrypt(s->rsabuf, servkey.bytes, &hostkey);
374330e2 3424 } else {
0016d70b 3425 ret = rsaencrypt(s->rsabuf, 32, &hostkey);
3426 if (ret)
3427 ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
3428 }
3429 if (!ret) {
2e85c969 3430 bombout(("SSH-1 public key encryptions failed due to bad formatting"));
0016d70b 3431 crStop(0);
374330e2 3432 }
3433
c5e9c988 3434 logevent("Encrypted session key");
3435
ca20bfcf 3436 {
3437 int cipher_chosen = 0, warn = 0;
3438 char *cipher_string = NULL;
51470298 3439 int i;
ca20bfcf 3440 for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
4a693cfc 3441 int next_cipher = conf_get_int_int(ssh->conf,
3442 CONF_ssh_cipherlist, i);
ca20bfcf 3443 if (next_cipher == CIPHER_WARN) {
3444 /* If/when we choose a cipher, warn about it */
3445 warn = 1;
3446 } else if (next_cipher == CIPHER_AES) {
3447 /* XXX Probably don't need to mention this. */
2e85c969 3448 logevent("AES not supported in SSH-1, skipping");
ca20bfcf 3449 } else {
3450 switch (next_cipher) {
51470298 3451 case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
ca20bfcf 3452 cipher_string = "3DES"; break;
51470298 3453 case CIPHER_BLOWFISH: s->cipher_type = SSH_CIPHER_BLOWFISH;
ca20bfcf 3454 cipher_string = "Blowfish"; break;
51470298 3455 case CIPHER_DES: s->cipher_type = SSH_CIPHER_DES;
ca20bfcf 3456 cipher_string = "single-DES"; break;
3457 }
51470298 3458 if (s->supported_ciphers_mask & (1 << s->cipher_type))
ca20bfcf 3459 cipher_chosen = 1;
3460 }
3461 }
3462 if (!cipher_chosen) {
51470298 3463 if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
2e85c969 3464 bombout(("Server violates SSH-1 protocol by not "
ca20bfcf 3465 "supporting 3DES encryption"));
3466 else
3467 /* shouldn't happen */
6b5cf8b4 3468 bombout(("No supported ciphers found"));
7ffdbc1a 3469 crStop(0);
a99a05c0 3470 }
ca20bfcf 3471
3472 /* Warn about chosen cipher if necessary. */
bb348ab1 3473 if (warn) {
3d9449a1 3474 ssh_set_frozen(ssh, 1);
3475 s->dlgret = askalg(ssh->frontend, "cipher", cipher_string,
3476 ssh_dialog_callback, ssh);
3477 if (s->dlgret < 0) {
3478 do {
3479 crReturn(0);
3480 if (pktin) {
3481 bombout(("Unexpected data from server while waiting"
3482 " for user response"));
3483 crStop(0);
3484 }
3485 } while (pktin || inlen > 0);
3486 s->dlgret = ssh->user_response;
3487 }
3488 ssh_set_frozen(ssh, 0);
3489 if (s->dlgret == 0) {
9e296bfa 3490 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
3491 0, TRUE);
96ccde8b 3492 crStop(0);
3d9449a1 3493 }
bb348ab1 3494 }
bea1ef5f 3495 }
ca20bfcf 3496
51470298 3497 switch (s->cipher_type) {
32874aea 3498 case SSH_CIPHER_3DES:
3499 logevent("Using 3DES encryption");
3500 break;
3501 case SSH_CIPHER_DES:
3502 logevent("Using single-DES encryption");
3503 break;
3504 case SSH_CIPHER_BLOWFISH:
3505 logevent("Using Blowfish encryption");
3506 break;
c5e9c988 3507 }
bea1ef5f 3508
51470298 3509 send_packet(ssh, SSH1_CMSG_SESSION_KEY,
3510 PKT_CHAR, s->cipher_type,
32874aea 3511 PKT_DATA, cookie, 8,
51470298 3512 PKT_CHAR, (s->len * 8) >> 8, PKT_CHAR, (s->len * 8) & 0xFF,
3513 PKT_DATA, s->rsabuf, s->len,
3514 PKT_INT, ssh->v1_local_protoflags, PKT_END);
fb09bf1c 3515
c5e9c988 3516 logevent("Trying to enable encryption...");
374330e2 3517
51470298 3518 sfree(s->rsabuf);
374330e2 3519
51470298 3520 ssh->cipher = (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 :
3521 s->cipher_type == SSH_CIPHER_DES ? &ssh_des :
3522 &ssh_3des);
371e569c 3523 ssh->v1_cipher_ctx = ssh->cipher->make_context();
3524 ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key);
57356d63 3525 logeventf(ssh, "Initialised %s encryption", ssh->cipher->text_name);
374330e2 3526
0183b242 3527 ssh->crcda_ctx = crcda_make_context();
3528 logevent("Installing CRC compensation attack detector");
3529
679539d7 3530 if (servkey.modulus) {
3531 sfree(servkey.modulus);
3532 servkey.modulus = NULL;
3533 }
3534 if (servkey.exponent) {
3535 sfree(servkey.exponent);
3536 servkey.exponent = NULL;
3537 }
3538 if (hostkey.modulus) {
3539 sfree(hostkey.modulus);
3540 hostkey.modulus = NULL;
3541 }
3542 if (hostkey.exponent) {
3543 sfree(hostkey.exponent);
3544 hostkey.exponent = NULL;
3545 }
ff3187f6 3546 crWaitUntil(pktin);
374330e2 3547
ff3187f6 3548 if (pktin->type != SSH1_SMSG_SUCCESS) {
6b5cf8b4 3549 bombout(("Encryption not successfully enabled"));
7ffdbc1a 3550 crStop(0);
8d5de777 3551 }
374330e2 3552
c5e9c988 3553 logevent("Successfully started encryption");
3554
edd0cb8a 3555 fflush(stdout); /* FIXME eh? */
374330e2 3556 {
4a693cfc 3557 if ((ssh->username = get_remote_username(ssh->conf)) == NULL) {
edd0cb8a 3558 int ret; /* need not be kept over crReturn */
3559 s->cur_prompt = new_prompts(ssh->frontend);
3560 s->cur_prompt->to_server = TRUE;
3561 s->cur_prompt->name = dupstr("SSH login name");
b61f81bc 3562 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE);
edd0cb8a 3563 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3564 while (ret < 0) {
51470298 3565 ssh->send_ok = 1;
edd0cb8a 3566 crWaitUntil(!pktin);
3567 ret = get_userpass_input(s->cur_prompt, in, inlen);
3568 ssh->send_ok = 0;
3569 }
3570 if (!ret) {
3571 /*
3572 * Failed to get a username. Terminate.
3573 */
3574 free_prompts(s->cur_prompt);
3575 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
3576 crStop(0);
32874aea 3577 }
4a693cfc 3578 ssh->username = dupstr(s->cur_prompt->prompts[0]->result);
edd0cb8a 3579 free_prompts(s->cur_prompt);
374330e2 3580 }
fb09bf1c 3581
4a693cfc 3582 send_packet(ssh, SSH1_CMSG_USER, PKT_STR, ssh->username, PKT_END);
c5e9c988 3583 {
4a693cfc 3584 char *userlog = dupprintf("Sent username \"%s\"", ssh->username);
c5e9c988 3585 logevent(userlog);
32874aea 3586 if (flags & FLAG_INTERACTIVE &&
3587 (!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
51470298 3588 c_write_str(ssh, userlog);
edd0cb8a 3589 c_write_str(ssh, "\r\n");
3c8e959b 3590 }
edd0cb8a 3591 sfree(userlog);
c5e9c988 3592 }
374330e2 3593 }
3594
ff3187f6 3595 crWaitUntil(pktin);
374330e2 3596
d5b2c841 3597 if ((s->supported_auths_mask & (1 << SSH1_AUTH_RSA)) == 0) {
0df73905 3598 /* We must not attempt PK auth. Pretend we've already tried it. */
51470298 3599 s->tried_publickey = s->tried_agent = 1;
0df73905 3600 } else {
51470298 3601 s->tried_publickey = s->tried_agent = 0;
0df73905 3602 }
51470298 3603 s->tis_auth_refused = s->ccard_auth_refused = 0;
edd0cb8a 3604 /*
3605 * Load the public half of any configured keyfile for later use.
3606 */
4a693cfc 3607 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
962468d4 3608 if (!filename_is_null(s->keyfile)) {
edd0cb8a 3609 int keytype;
3610 logeventf(ssh, "Reading private key file \"%.150s\"",
4a693cfc 3611 filename_to_str(s->keyfile));
3612 keytype = key_type(s->keyfile);
edd0cb8a 3613 if (keytype == SSH_KEYTYPE_SSH1) {
3614 const char *error;
4a693cfc 3615 if (rsakey_pubblob(s->keyfile,
edd0cb8a 3616 &s->publickey_blob, &s->publickey_bloblen,
3617 &s->publickey_comment, &error)) {
4a693cfc 3618 s->publickey_encrypted = rsakey_encrypted(s->keyfile,
edd0cb8a 3619 NULL);
3620 } else {
3621 char *msgbuf;
3622 logeventf(ssh, "Unable to load private key (%s)", error);
3623 msgbuf = dupprintf("Unable to load private key file "
3624 "\"%.150s\" (%s)\r\n",
4a693cfc 3625 filename_to_str(s->keyfile),
edd0cb8a 3626 error);
3627 c_write_str(ssh, msgbuf);
3628 sfree(msgbuf);
3629 s->publickey_blob = NULL;
3630 }
3631 } else {
3632 char *msgbuf;
3633 logeventf(ssh, "Unable to use this key file (%s)",
3634 key_type_to_str(keytype));
3635 msgbuf = dupprintf("Unable to use key file \"%.150s\""
3636 " (%s)\r\n",
4a693cfc 3637 filename_to_str(s->keyfile),
edd0cb8a 3638 key_type_to_str(keytype));
3639 c_write_str(ssh, msgbuf);
3640 sfree(msgbuf);
51470298 3641 s->publickey_blob = NULL;
edd0cb8a 3642 }
396778f1 3643 } else
51470298 3644 s->publickey_blob = NULL;
7cca0d81 3645
ff3187f6 3646 while (pktin->type == SSH1_SMSG_FAILURE) {
51470298 3647 s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
614a20a0 3648
4a693cfc 3649 if (conf_get_int(ssh->conf, CONF_tryagent) && agent_exists() && !s->tried_agent) {
32874aea 3650 /*
3651 * Attempt RSA authentication using Pageant.
3652 */
32874aea 3653 void *r;
3654
51470298 3655 s->authed = FALSE;
3656 s->tried_agent = 1;
32874aea 3657 logevent("Pageant is running. Requesting keys.");
3658
3659 /* Request the keys held by the agent. */
51470298 3660 PUT_32BIT(s->request, 1);
3661 s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
839f10db 3662 if (!agent_query(s->request, 5, &r, &s->responselen,
3663 ssh_agent_callback, ssh)) {
3664 do {
3665 crReturn(0);
ff3187f6 3666 if (pktin) {
839f10db 3667 bombout(("Unexpected data from server while waiting"
3668 " for agent response"));
3669 crStop(0);
3670 }
ff3187f6 3671 } while (pktin || inlen > 0);
839f10db 3672 r = ssh->agent_response;
3673 s->responselen = ssh->agent_response_len;
3674 }
51470298 3675 s->response = (unsigned char *) r;
3676 if (s->response && s->responselen >= 5 &&
3677 s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
3678 s->p = s->response + 5;
3679 s->nkeys = GET_32BIT(s->p);
3680 s->p += 4;
2e85c969 3681 logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
51470298 3682 for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
94cd7c3a 3683 unsigned char *pkblob = s->p;
51470298 3684 s->p += 4;
0016d70b 3685 {
3686 int n, ok = FALSE;
3687 do { /* do while (0) to make breaking easy */
3688 n = ssh1_read_bignum
3689 (s->p, s->responselen-(s->p-s->response),
3690 &s->key.exponent);
3691 if (n < 0)
3692 break;
3693 s->p += n;
3694 n = ssh1_read_bignum
3695 (s->p, s->responselen-(s->p-s->response),
3696 &s->key.modulus);
3697 if (n < 0)
3698 break;
3699 s->p += n;
3700 if (s->responselen - (s->p-s->response) < 4)
3701 break;
3702 s->commentlen = GET_32BIT(s->p);
3703 s->p += 4;
3704 if (s->responselen - (s->p-s->response) <
3705 s->commentlen)
3706 break;
3707 s->commentp = (char *)s->p;
3708 s->p += s->commentlen;
3709 ok = TRUE;
3710 } while (0);
3711 if (!ok) {
3712 logevent("Pageant key list packet was truncated");
3713 break;
3714 }
3715 }
94cd7c3a 3716 if (s->publickey_blob) {
3717 if (!memcmp(pkblob, s->publickey_blob,
3718 s->publickey_bloblen)) {
3719 logeventf(ssh, "Pageant key #%d matches "
3720 "configured key file", s->keyi);
3721 s->tried_publickey = 1;
3722 } else
3723 /* Skip non-configured key */
3724 continue;
3725 }
3726 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
51470298 3727 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3728 PKT_BIGNUM, s->key.modulus, PKT_END);
ff3187f6 3729 crWaitUntil(pktin);
3730 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
32874aea 3731 logevent("Key refused");
3732 continue;
3733 }
3734 logevent("Received RSA challenge");
ff3187f6 3735 if ((s->challenge = ssh1_pkt_getmp(pktin)) == NULL) {
0016d70b 3736 bombout(("Server's RSA challenge was badly formatted"));
3737 crStop(0);
3738 }
3739
32874aea 3740 {
3741 char *agentreq, *q, *ret;
2d466ffd 3742 void *vret;
32874aea 3743 int len, retlen;
3744 len = 1 + 4; /* message type, bit count */
51470298 3745 len += ssh1_bignum_length(s->key.exponent);
3746 len += ssh1_bignum_length(s->key.modulus);
3747 len += ssh1_bignum_length(s->challenge);
32874aea 3748 len += 16; /* session id */
3749 len += 4; /* response format */
3d88e64d 3750 agentreq = snewn(4 + len, char);
32874aea 3751 PUT_32BIT(agentreq, len);
3752 q = agentreq + 4;
3753 *q++ = SSH1_AGENTC_RSA_CHALLENGE;
51470298 3754 PUT_32BIT(q, bignum_bitcount(s->key.modulus));
32874aea 3755 q += 4;
51470298 3756 q += ssh1_write_bignum(q, s->key.exponent);
3757 q += ssh1_write_bignum(q, s->key.modulus);
3758 q += ssh1_write_bignum(q, s->challenge);
3759 memcpy(q, s->session_id, 16);
32874aea 3760 q += 16;
3761 PUT_32BIT(q, 1); /* response format */
839f10db 3762 if (!agent_query(agentreq, len + 4, &vret, &retlen,
3763 ssh_agent_callback, ssh)) {
3764 sfree(agentreq);
3765 do {
3766 crReturn(0);
ff3187f6 3767 if (pktin) {
839f10db 3768 bombout(("Unexpected data from server"
3769 " while waiting for agent"
3770 " response"));
3771 crStop(0);
3772 }
ff3187f6 3773 } while (pktin || inlen > 0);
839f10db 3774 vret = ssh->agent_response;
3775 retlen = ssh->agent_response_len;
3776 } else
3777 sfree(agentreq);
2d466ffd 3778 ret = vret;
32874aea 3779 if (ret) {
3780 if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
3781 logevent("Sending Pageant's response");
51470298 3782 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
32874aea 3783 PKT_DATA, ret + 5, 16,
3784 PKT_END);
3785 sfree(ret);
ff3187f6 3786 crWaitUntil(pktin);
3787 if (pktin->type == SSH1_SMSG_SUCCESS) {
32874aea 3788 logevent
3789 ("Pageant's response accepted");
3790 if (flags & FLAG_VERBOSE) {
51470298 3791 c_write_str(ssh, "Authenticated using"
3792 " RSA key \"");
3793 c_write(ssh, s->commentp,
3794 s->commentlen);
3795 c_write_str(ssh, "\" from agent\r\n");
32874aea 3796 }
51470298 3797 s->authed = TRUE;
32874aea 3798 } else
3799 logevent
3800 ("Pageant's response not accepted");
3801 } else {
3802 logevent
3803 ("Pageant failed to answer challenge");
3804 sfree(ret);
3805 }
3806 } else {
3807 logevent("No reply received from Pageant");
3808 }
3809 }
51470298 3810 freebn(s->key.exponent);
3811 freebn(s->key.modulus);
3812 freebn(s->challenge);
3813 if (s->authed)
32874aea 3814 break;
3815 }
29b1d0b3 3816 sfree(s->response);
94cd7c3a 3817 if (s->publickey_blob && !s->tried_publickey)
3818 logevent("Configured key file not in Pageant");
5ff99b8e 3819 } else {
3820 logevent("Failed to get reply from Pageant");
3821 }
51470298 3822 if (s->authed)
32874aea 3823 break;
3824 }
edd0cb8a 3825 if (s->publickey_blob && !s->tried_publickey) {
3826 /*
3827 * Try public key authentication with the specified
3828 * key file.
3829 */
3830 int got_passphrase; /* need not be kept over crReturn */
3831 if (flags & FLAG_VERBOSE)
3832 c_write_str(ssh, "Trying public key authentication.\r\n");
4a693cfc 3833 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
edd0cb8a 3834 logeventf(ssh, "Trying public key \"%s\"",
4a693cfc 3835 filename_to_str(s->keyfile));
edd0cb8a 3836 s->tried_publickey = 1;
3837 got_passphrase = FALSE;
3838 while (!got_passphrase) {
3839 /*
3840 * Get a passphrase, if necessary.
3841 */
3842 char *passphrase = NULL; /* only written after crReturn */
3843 const char *error;
3844 if (!s->publickey_encrypted) {
3845 if (flags & FLAG_VERBOSE)
3846 c_write_str(ssh, "No passphrase required.\r\n");
3847 passphrase = NULL;
3848 } else {
3849 int ret; /* need not be kept over crReturn */
3850 s->cur_prompt = new_prompts(ssh->frontend);
3851 s->cur_prompt->to_server = FALSE;
3852 s->cur_prompt->name = dupstr("SSH key passphrase");
3853 add_prompt(s->cur_prompt,
3854 dupprintf("Passphrase for key \"%.100s\": ",
b61f81bc 3855 s->publickey_comment), FALSE);
edd0cb8a 3856 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3857 while (ret < 0) {
3858 ssh->send_ok = 1;
3859 crWaitUntil(!pktin);
3860 ret = get_userpass_input(s->cur_prompt, in, inlen);
3861 ssh->send_ok = 0;
3862 }
3863 if (!ret) {
3864 /* Failed to get a passphrase. Terminate. */
3865 free_prompts(s->cur_prompt);
3866 ssh_disconnect(ssh, NULL, "Unable to authenticate",
3867 0, TRUE);
3868 crStop(0);
3869 }
3870 passphrase = dupstr(s->cur_prompt->prompts[0]->result);
3871 free_prompts(s->cur_prompt);
3872 }
3873 /*
3874 * Try decrypting key with passphrase.
3875 */
4a693cfc 3876 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3877 ret = loadrsakey(s->keyfile, &s->key, passphrase,
edd0cb8a 3878 &error);
3879 if (passphrase) {
dfb88efd 3880 smemclr(passphrase, strlen(passphrase));
edd0cb8a 3881 sfree(passphrase);
3882 }
3883 if (ret == 1) {
3884 /* Correct passphrase. */
3885 got_passphrase = TRUE;
3886 } else if (ret == 0) {
3887 c_write_str(ssh, "Couldn't load private key from ");
4a693cfc 3888 c_write_str(ssh, filename_to_str(s->keyfile));
edd0cb8a 3889 c_write_str(ssh, " (");
3890 c_write_str(ssh, error);
3891 c_write_str(ssh, ").\r\n");
3892 got_passphrase = FALSE;
3893 break; /* go and try something else */
3894 } else if (ret == -1) {
3895 c_write_str(ssh, "Wrong passphrase.\r\n"); /* FIXME */
edd0cb8a 3896 got_passphrase = FALSE;
3897 /* and try again */
43536490 3898 } else {
3899 assert(0 && "unexpected return from loadrsakey()");
edc23a8a 3900 got_passphrase = FALSE; /* placate optimisers */
edd0cb8a 3901 }
3902 }
3903
3904 if (got_passphrase) {
3905
3906 /*
3907 * Send a public key attempt.
3908 */
3909 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3910 PKT_BIGNUM, s->key.modulus, PKT_END);
3911
3912 crWaitUntil(pktin);
3913 if (pktin->type == SSH1_SMSG_FAILURE) {
3914 c_write_str(ssh, "Server refused our public key.\r\n");
7b575324 3915 continue; /* go and try something else */
edd0cb8a 3916 }
3917 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3918 bombout(("Bizarre response to offer of public key"));
3919 crStop(0);
3920 }
3921
3922 {
3923 int i;
3924 unsigned char buffer[32];
3925 Bignum challenge, response;
3926
3927 if ((challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3928 bombout(("Server's RSA challenge was badly formatted"));
3929 crStop(0);
3930 }
3931 response = rsadecrypt(challenge, &s->key);
3932 freebn(s->key.private_exponent);/* burn the evidence */
3933
3934 for (i = 0; i < 32; i++) {
3935 buffer[i] = bignum_byte(response, 31 - i);
3936 }
3937
3938 MD5Init(&md5c);
3939 MD5Update(&md5c, buffer, 32);
3940 MD5Update(&md5c, s->session_id, 16);
3941 MD5Final(buffer, &md5c);
3942
3943 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3944 PKT_DATA, buffer, 16, PKT_END);
3945
3946 freebn(challenge);
3947 freebn(response);
3948 }
3949
3950 crWaitUntil(pktin);
3951 if (pktin->type == SSH1_SMSG_FAILURE) {
3952 if (flags & FLAG_VERBOSE)
3953 c_write_str(ssh, "Failed to authenticate with"
3954 " our public key.\r\n");
7b575324 3955 continue; /* go and try something else */
edd0cb8a 3956 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
3957 bombout(("Bizarre response to RSA authentication response"));
3958 crStop(0);
3959 }
3960
3961 break; /* we're through! */
3962 }
3963
3964 }
3965
3966 /*
3967 * Otherwise, try various forms of password-like authentication.
3968 */
3969 s->cur_prompt = new_prompts(ssh->frontend);
32874aea 3970
4a693cfc 3971 if (conf_get_int(ssh->conf, CONF_try_tis_auth) &&
51470298 3972 (s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
3973 !s->tis_auth_refused) {
3974 s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
32874aea 3975 logevent("Requested TIS authentication");
51470298 3976 send_packet(ssh, SSH1_CMSG_AUTH_TIS, PKT_END);
ff3187f6 3977 crWaitUntil(pktin);
3978 if (pktin->type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
32874aea 3979 logevent("TIS authentication declined");
3980 if (flags & FLAG_INTERACTIVE)
51470298 3981 c_write_str(ssh, "TIS authentication refused.\r\n");
3982 s->tis_auth_refused = 1;
614a20a0 3983 continue;
32874aea 3984 } else {
0016d70b 3985 char *challenge;
3986 int challengelen;
edd0cb8a 3987 char *instr_suf, *prompt;
0016d70b 3988
ff3187f6 3989 ssh_pkt_getstring(pktin, &challenge, &challengelen);
0016d70b 3990 if (!challenge) {
3991 bombout(("TIS challenge packet was badly formed"));
3992 crStop(0);
3993 }
32874aea 3994 logevent("Received TIS challenge");
edd0cb8a 3995 s->cur_prompt->to_server = TRUE;
3996 s->cur_prompt->name = dupstr("SSH TIS authentication");
614a20a0 3997 /* Prompt heuristic comes from OpenSSH */
edd0cb8a 3998 if (memchr(challenge, '\n', challengelen)) {
3999 instr_suf = dupstr("");
4000 prompt = dupprintf("%.*s", challengelen, challenge);
4001 } else {
4002 instr_suf = dupprintf("%.*s", challengelen, challenge);
4003 prompt = dupstr("Response: ");
4004 }
4005 s->cur_prompt->instruction =
4006 dupprintf("Using TIS authentication.%s%s",
4007 (*instr_suf) ? "\n" : "",
4008 instr_suf);
4009 s->cur_prompt->instr_reqd = TRUE;
b61f81bc 4010 add_prompt(s->cur_prompt, prompt, FALSE);
edd0cb8a 4011 sfree(instr_suf);
32874aea 4012 }
4013 }
4a693cfc 4014 if (conf_get_int(ssh->conf, CONF_try_tis_auth) &&
51470298 4015 (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
4016 !s->ccard_auth_refused) {
4017 s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
32874aea 4018 logevent("Requested CryptoCard authentication");
51470298 4019 send_packet(ssh, SSH1_CMSG_AUTH_CCARD, PKT_END);
ff3187f6 4020 crWaitUntil(pktin);
4021 if (pktin->type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
32874aea 4022 logevent("CryptoCard authentication declined");
51470298 4023 c_write_str(ssh, "CryptoCard authentication refused.\r\n");
4024 s->ccard_auth_refused = 1;
614a20a0 4025 continue;
32874aea 4026 } else {
0016d70b 4027 char *challenge;
4028 int challengelen;
edd0cb8a 4029 char *instr_suf, *prompt;
0016d70b 4030
ff3187f6 4031 ssh_pkt_getstring(pktin, &challenge, &challengelen);
0016d70b 4032 if (!challenge) {
4033 bombout(("CryptoCard challenge packet was badly formed"));
4034 crStop(0);
4035 }
32874aea 4036 logevent("Received CryptoCard challenge");
edd0cb8a 4037 s->cur_prompt->to_server = TRUE;
4038 s->cur_prompt->name = dupstr("SSH CryptoCard authentication");
4039 s->cur_prompt->name_reqd = FALSE;
4040 /* Prompt heuristic comes from OpenSSH */
4041 if (memchr(challenge, '\n', challengelen)) {
4042 instr_suf = dupstr("");
4043 prompt = dupprintf("%.*s", challengelen, challenge);
4044 } else {
4045 instr_suf = dupprintf("%.*s", challengelen, challenge);
4046 prompt = dupstr("Response: ");
4047 }
4048 s->cur_prompt->instruction =
4049 dupprintf("Using CryptoCard authentication.%s%s",
4050 (*instr_suf) ? "\n" : "",
4051 instr_suf);
4052 s->cur_prompt->instr_reqd = TRUE;
b61f81bc 4053 add_prompt(s->cur_prompt, prompt, FALSE);
edd0cb8a 4054 sfree(instr_suf);
32874aea 4055 }
4056 }
51470298 4057 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
8f9e3231 4058 if ((s->supported_auths_mask & (1 << SSH1_AUTH_PASSWORD)) == 0) {
4059 bombout(("No supported authentication methods available"));
4060 crStop(0);
4061 }
edd0cb8a 4062 s->cur_prompt->to_server = TRUE;
4063 s->cur_prompt->name = dupstr("SSH password");
4a693cfc 4064 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
4065 ssh->username, ssh->savedhost),
b61f81bc 4066 FALSE);
32874aea 4067 }
a52f067e 4068
614a20a0 4069 /*
4070 * Show password prompt, having first obtained it via a TIS
4071 * or CryptoCard exchange if we're doing TIS or CryptoCard
4072 * authentication.
4073 */
edd0cb8a 4074 {
4075 int ret; /* need not be kept over crReturn */
4076 ret = get_userpass_input(s->cur_prompt, NULL, 0);
4077 while (ret < 0) {
4078 ssh->send_ok = 1;
4079 crWaitUntil(!pktin);
4080 ret = get_userpass_input(s->cur_prompt, in, inlen);
4081 ssh->send_ok = 0;
4082 }
4083 if (!ret) {
32874aea 4084 /*
edd0cb8a 4085 * Failed to get a password (for example
32874aea 4086 * because one was supplied on the command line
4087 * which has already failed to work). Terminate.
4088 */
edd0cb8a 4089 free_prompts(s->cur_prompt);
4090 ssh_disconnect(ssh, NULL, "Unable to authenticate", 0, TRUE);
4091 crStop(0);
32874aea 4092 }
32874aea 4093 }
4094
edd0cb8a 4095 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
32874aea 4096 /*
edd0cb8a 4097 * Defence against traffic analysis: we send a
4098 * whole bunch of packets containing strings of
4099 * different lengths. One of these strings is the
4100 * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
4101 * The others are all random data in
4102 * SSH1_MSG_IGNORE packets. This way a passive
4103 * listener can't tell which is the password, and
4104 * hence can't deduce the password length.
4105 *
4106 * Anybody with a password length greater than 16
4107 * bytes is going to have enough entropy in their
4108 * password that a listener won't find it _that_
4109 * much help to know how long it is. So what we'll
4110 * do is:
4111 *
4112 * - if password length < 16, we send 15 packets
4113 * containing string lengths 1 through 15
4114 *
4115 * - otherwise, we let N be the nearest multiple
4116 * of 8 below the password length, and send 8
4117 * packets containing string lengths N through
4118 * N+7. This won't obscure the order of
4119 * magnitude of the password length, but it will
4120 * introduce a bit of extra uncertainty.
4121 *
bf982899 4122 * A few servers can't deal with SSH1_MSG_IGNORE, at
4123 * least in this context. For these servers, we need
4124 * an alternative defence. We make use of the fact
4125 * that the password is interpreted as a C string:
4126 * so we can append a NUL, then some random data.
edd0cb8a 4127 *
bf982899 4128 * A few servers can deal with neither SSH1_MSG_IGNORE
4129 * here _nor_ a padded password string.
4130 * For these servers we are left with no defences
edd0cb8a 4131 * against password length sniffing.
32874aea 4132 */
bf982899 4133 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE) &&
4134 !(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
32874aea 4135 /*
edd0cb8a 4136 * The server can deal with SSH1_MSG_IGNORE, so
4137 * we can use the primary defence.
32874aea 4138 */
edd0cb8a 4139 int bottom, top, pwlen, i;
4140 char *randomstr;
32874aea 4141
edd0cb8a 4142 pwlen = strlen(s->cur_prompt->prompts[0]->result);
4143 if (pwlen < 16) {
4144 bottom = 0; /* zero length passwords are OK! :-) */
4145 top = 15;
4146 } else {
4147 bottom = pwlen & ~7;
4148 top = bottom + 7;
4149 }
32874aea 4150
edd0cb8a 4151 assert(pwlen >= bottom && pwlen <= top);
32874aea 4152
edd0cb8a 4153 randomstr = snewn(top + 1, char);
32874aea 4154
edd0cb8a 4155 for (i = bottom; i <= top; i++) {
4156 if (i == pwlen) {
4157 defer_packet(ssh, s->pwpkt_type,
4158 PKTT_PASSWORD, PKT_STR,
4159 s->cur_prompt->prompts[0]->result,
4160 PKTT_OTHER, PKT_END);
4161 } else {
4162 for (j = 0; j < i; j++) {
4163 do {
4164 randomstr[j] = random_byte();
4165 } while (randomstr[j] == '\0');
32874aea 4166 }
edd0cb8a 4167 randomstr[i] = '\0';
4168 defer_packet(ssh, SSH1_MSG_IGNORE,
4169 PKT_STR, randomstr, PKT_END);
32874aea 4170 }
edd0cb8a 4171 }
4172 logevent("Sending password with camouflage packets");
4173 ssh_pkt_defersend(ssh);
4174 sfree(randomstr);
4175 }
4176 else if (!(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4177 /*
4178 * The server can't deal with SSH1_MSG_IGNORE
4179 * but can deal with padded passwords, so we
4180 * can use the secondary defence.
4181 */
4182 char string[64];
4183 char *ss;
4184 int len;
4185
4186 len = strlen(s->cur_prompt->prompts[0]->result);
4187 if (len < sizeof(string)) {
4188 ss = string;
4189 strcpy(string, s->cur_prompt->prompts[0]->result);
4190 len++; /* cover the zero byte */
4191 while (len < sizeof(string)) {
4192 string[len++] = (char) random_byte();
bd358db1 4193 }
bd358db1 4194 } else {
edd0cb8a 4195 ss = s->cur_prompt->prompts[0]->result;
32874aea 4196 }
edd0cb8a 4197 logevent("Sending length-padded password");
9a10ecf4 4198 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
edd0cb8a 4199 PKT_INT, len, PKT_DATA, ss, len,
4200 PKTT_OTHER, PKT_END);
4201 } else {
4202 /*
bf982899 4203 * The server is believed unable to cope with
4204 * any of our password camouflage methods.
edd0cb8a 4205 */
4206 int len;
4207 len = strlen(s->cur_prompt->prompts[0]->result);
4208 logevent("Sending unpadded password");
4209 send_packet(ssh, s->pwpkt_type,
4210 PKTT_PASSWORD, PKT_INT, len,
4211 PKT_DATA, s->cur_prompt->prompts[0]->result, len,
4212 PKTT_OTHER, PKT_END);
32874aea 4213 }
edd0cb8a 4214 } else {
4215 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4216 PKT_STR, s->cur_prompt->prompts[0]->result,
4217 PKTT_OTHER, PKT_END);
32874aea 4218 }
c5e9c988 4219 logevent("Sent password");
edd0cb8a 4220 free_prompts(s->cur_prompt);
ff3187f6 4221 crWaitUntil(pktin);
4222 if (pktin->type == SSH1_SMSG_FAILURE) {
32874aea 4223 if (flags & FLAG_VERBOSE)
51470298 4224 c_write_str(ssh, "Access denied\r\n");
c5e9c988 4225 logevent("Authentication refused");
ff3187f6 4226 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
4227 bombout(("Strange packet received, type %d", pktin->type));
7ffdbc1a 4228 crStop(0);
374330e2 4229 }
4230 }
4231
edd0cb8a 4232 /* Clear up */
4233 if (s->publickey_blob) {
4234 sfree(s->publickey_blob);
4235 sfree(s->publickey_comment);
4236 }
4237
c5e9c988 4238 logevent("Authentication successful");
4239
fb09bf1c 4240 crFinish(1);
4241}
4242
bc06669b 4243static void ssh_channel_try_eof(struct ssh_channel *c)
4244{
4245 Ssh ssh = c->ssh;
4246 assert(c->pending_eof); /* precondition for calling us */
4247 if (c->halfopen)
4248 return; /* can't close: not even opened yet */
4249 if (ssh->version == 2 && bufchain_size(&c->v.v2.outbuffer) > 0)
4250 return; /* can't send EOF: pending outgoing data */
4251
3620f307 4252 c->pending_eof = FALSE; /* we're about to send it */
bc06669b 4253 if (ssh->version == 1) {
4254 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4255 PKT_END);
4256 c->closes |= CLOSES_SENT_EOF;
4257 } else {
4258 struct Packet *pktout;
4259 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_EOF);
4260 ssh2_pkt_adduint32(pktout, c->remoteid);
4261 ssh2_pkt_send(ssh, pktout);
4262 c->closes |= CLOSES_SENT_EOF;
3620f307 4263 ssh2_channel_check_close(c);
bc06669b 4264 }
bc06669b 4265}
4266
4267void sshfwd_write_eof(struct ssh_channel *c)
32874aea 4268{
51470298 4269 Ssh ssh = c->ssh;
4270
1ef619ae 4271 if (ssh->state == SSH_STATE_CLOSED)
36f94d1f 4272 return;
36f94d1f 4273
bc06669b 4274 if (c->closes & CLOSES_SENT_EOF)
4275 return;
78280721 4276
bc06669b 4277 c->pending_eof = TRUE;
4278 ssh_channel_try_eof(c);
32874aea 4279}
4280
c6b41791 4281void sshfwd_unclean_close(struct ssh_channel *c)
4282{
4283 Ssh ssh = c->ssh;
c6b41791 4284
4285 if (ssh->state == SSH_STATE_CLOSED)
4286 return;
4287
c6b41791 4288 switch (c->type) {
4289 case CHAN_X11:
4290 x11_close(c->u.x11.s);
04120005 4291 logevent("Forwarded X11 connection terminated due to local error");
c6b41791 4292 break;
4293 case CHAN_SOCKDATA:
4294 case CHAN_SOCKDATA_DORMANT:
4295 pfd_close(c->u.pfd.s);
04120005 4296 logevent("Forwarded port closed due to local error");
c6b41791 4297 break;
4298 }
4299 c->type = CHAN_ZOMBIE;
96210393 4300
c6b41791 4301 ssh2_channel_check_close(c);
4302}
4303
5471d09a 4304int sshfwd_write(struct ssh_channel *c, char *buf, int len)
32874aea 4305{
51470298 4306 Ssh ssh = c->ssh;
4307
1ef619ae 4308 if (ssh->state == SSH_STATE_CLOSED)
36f94d1f 4309 return 0;
36f94d1f 4310
51470298 4311 if (ssh->version == 1) {
4312 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
32874aea 4313 PKT_INT, c->remoteid,
a2724fba 4314 PKT_INT, len, PKTT_DATA, PKT_DATA, buf, len,
9a10ecf4 4315 PKTT_OTHER, PKT_END);
5471d09a 4316 /*
2e85c969 4317 * In SSH-1 we can return 0 here - implying that forwarded
5471d09a 4318 * connections are never individually throttled - because
4319 * the only circumstance that can cause throttling will be
4320 * the whole SSH connection backing up, in which case
4321 * _everything_ will be throttled as a whole.
4322 */
4323 return 0;
783415f8 4324 } else {
32874aea 4325 ssh2_add_channel_data(c, buf, len);
5471d09a 4326 return ssh2_try_send(c);
4327 }
4328}
4329
4330void sshfwd_unthrottle(struct ssh_channel *c, int bufsize)
4331{
51470298 4332 Ssh ssh = c->ssh;
ff68564b 4333 int buflimit;
51470298 4334
1ef619ae 4335 if (ssh->state == SSH_STATE_CLOSED)
36f94d1f 4336 return;
36f94d1f 4337
51470298 4338 if (ssh->version == 1) {
ff68564b 4339 buflimit = SSH1_BUFFER_LIMIT;
5471d09a 4340 } else {
ff68564b 4341 buflimit = c->v.v2.locmaxwin;
4342 ssh2_set_window(c, bufsize < buflimit ? buflimit - bufsize : 0);
4343 }
4344 if (c->throttling_conn && bufsize <= buflimit) {
4345 c->throttling_conn = 0;
4346 ssh_throttle_conn(ssh, -1);
783415f8 4347 }
9c964e85 4348}
4349
06fadff5 4350static void ssh_queueing_handler(Ssh ssh, struct Packet *pktin)
4351{
4352 struct queued_handler *qh = ssh->qhead;
4353
4354 assert(qh != NULL);
4355
4356 assert(pktin->type == qh->msg1 || pktin->type == qh->msg2);
4357
4358 if (qh->msg1 > 0) {
4359 assert(ssh->packet_dispatch[qh->msg1] == ssh_queueing_handler);
bc074147 4360 ssh->packet_dispatch[qh->msg1] = ssh->q_saved_handler1;
06fadff5 4361 }
4362 if (qh->msg2 > 0) {
4363 assert(ssh->packet_dispatch[qh->msg2] == ssh_queueing_handler);
bc074147 4364 ssh->packet_dispatch[qh->msg2] = ssh->q_saved_handler2;
06fadff5 4365 }
4366
4367 if (qh->next) {
4368 ssh->qhead = qh->next;
4369
4370 if (ssh->qhead->msg1 > 0) {
bc074147 4371 ssh->q_saved_handler1 = ssh->packet_dispatch[ssh->qhead->msg1];
06fadff5 4372 ssh->packet_dispatch[ssh->qhead->msg1] = ssh_queueing_handler;
4373 }
4374 if (ssh->qhead->msg2 > 0) {
bc074147 4375 ssh->q_saved_handler2 = ssh->packet_dispatch[ssh->qhead->msg2];
06fadff5 4376 ssh->packet_dispatch[ssh->qhead->msg2] = ssh_queueing_handler;
4377 }
4378 } else {
4379 ssh->qhead = ssh->qtail = NULL;
06fadff5 4380 }
4381
4382 qh->handler(ssh, pktin, qh->ctx);
4383
4384 sfree(qh);
4385}
4386
4387static void ssh_queue_handler(Ssh ssh, int msg1, int msg2,
4388 chandler_fn_t handler, void *ctx)
4389{
4390 struct queued_handler *qh;
4391
4392 qh = snew(struct queued_handler);
4393 qh->msg1 = msg1;
4394 qh->msg2 = msg2;
4395 qh->handler = handler;
4396 qh->ctx = ctx;
4397 qh->next = NULL;
4398
4399 if (ssh->qtail == NULL) {
4400 ssh->qhead = qh;
4401
4402 if (qh->msg1 > 0) {
bc074147 4403 ssh->q_saved_handler1 = ssh->packet_dispatch[ssh->qhead->msg1];
06fadff5 4404 ssh->packet_dispatch[qh->msg1] = ssh_queueing_handler;
4405 }
4406 if (qh->msg2 > 0) {
bc074147 4407 ssh->q_saved_handler2 = ssh->packet_dispatch[ssh->qhead->msg2];
06fadff5 4408 ssh->packet_dispatch[qh->msg2] = ssh_queueing_handler;
4409 }
4410 } else {
4411 ssh->qtail->next = qh;
4412 }
4413 ssh->qtail = qh;
4414}
4415
4416static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)
4417{
4418 struct ssh_rportfwd *rpf, *pf = (struct ssh_rportfwd *)ctx;
4419
4420 if (pktin->type == (ssh->version == 1 ? SSH1_SMSG_SUCCESS :
4421 SSH2_MSG_REQUEST_SUCCESS)) {
4422 logeventf(ssh, "Remote port forwarding from %s enabled",
4423 pf->sportdesc);
4424 } else {
4425 logeventf(ssh, "Remote port forwarding from %s refused",
4426 pf->sportdesc);
4427
4428 rpf = del234(ssh->rportfwds, pf);
4429 assert(rpf == pf);
8aea57fd 4430 pf->pfrec->remote = NULL;
fda2feb1 4431 free_rportfwd(pf);
06fadff5 4432 }
4433}
4434
4a693cfc 4435static void ssh_setup_portfwd(Ssh ssh, Conf *conf)
06fadff5 4436{
84328ddb 4437 struct ssh_portfwd *epf;
4438 int i;
4a693cfc 4439 char *key, *val;
06fadff5 4440
fda2feb1 4441 if (!ssh->portfwds) {
4442 ssh->portfwds = newtree234(ssh_portcmp);
4443 } else {
4444 /*
4445 * Go through the existing port forwardings and tag them
84328ddb 4446 * with status==DESTROY. Any that we want to keep will be
4447 * re-enabled (status==KEEP) as we go through the
4448 * configuration and find out which bits are the same as
4449 * they were before.
fda2feb1 4450 */
4451 struct ssh_portfwd *epf;
4452 int i;
4453 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
84328ddb 4454 epf->status = DESTROY;
fda2feb1 4455 }
4456
4a693cfc 4457 for (val = conf_get_str_strs(conf, CONF_portfwd, NULL, &key);
4458 val != NULL;
4459 val = conf_get_str_strs(conf, CONF_portfwd, key, &key)) {
4460 char *kp, *kp2, *vp, *vp2;
84328ddb 4461 char address_family, type;
4462 int sport,dport,sserv,dserv;
4a693cfc 4463 char *sports, *dports, *saddr, *host;
4464
4465 kp = key;
84328ddb 4466
05581745 4467 address_family = 'A';
4468 type = 'L';
4a693cfc 4469 if (*kp == 'A' || *kp == '4' || *kp == '6')
4470 address_family = *kp++;
4471 if (*kp == 'L' || *kp == 'R')
4472 type = *kp++;
4473
4474 if ((kp2 = strchr(kp, ':')) != NULL) {
4475 /*
4476 * There's a colon in the middle of the source port
4477 * string, which means that the part before it is
4478 * actually a source address.
4479 */
4480 saddr = dupprintf("%.*s", (int)(kp2 - kp), kp);
4481 sports = kp2+1;
06fadff5 4482 } else {
4a693cfc 4483 saddr = NULL;
4484 sports = kp;
06fadff5 4485 }
4486 sport = atoi(sports);
4487 sserv = 0;
4488 if (sport == 0) {
4489 sserv = 1;
4490 sport = net_service_lookup(sports);
4491 if (!sport) {
4492 logeventf(ssh, "Service lookup failed for source"
4493 " port \"%s\"", sports);
4494 }
4495 }
4a693cfc 4496
4497 if (type == 'L' && !strcmp(val, "D")) {
4498 /* dynamic forwarding */
4499 host = NULL;
4500 dports = NULL;
4501 dport = -1;
4502 dserv = 0;
4503 type = 'D';
4504 } else {
4505 /* ordinary forwarding */
4506 vp = val;
4507 vp2 = vp + strcspn(vp, ":");
4508 host = dupprintf("%.*s", (int)(vp2 - vp), vp);
4509 if (vp2)
4510 vp2++;
4511 dports = vp2;
4512 dport = atoi(dports);
4513 dserv = 0;
4514 if (dport == 0) {
4515 dserv = 1;
4516 dport = net_service_lookup(dports);
4517 if (!dport) {
4518 logeventf(ssh, "Service lookup failed for destination"
4519 " port \"%s\"", dports);
4520 }
4521 }
4522 }
4523
06fadff5 4524 if (sport && dport) {
4525 /* Set up a description of the source port. */
fda2feb1 4526 struct ssh_portfwd *pfrec, *epfrec;
fda2feb1 4527
4528 pfrec = snew(struct ssh_portfwd);
4529 pfrec->type = type;
4a693cfc 4530 pfrec->saddr = saddr;
3fe92132 4531 pfrec->sserv = sserv ? dupstr(sports) : NULL;
fda2feb1 4532 pfrec->sport = sport;
4a693cfc 4533 pfrec->daddr = host;
3fe92132 4534 pfrec->dserv = dserv ? dupstr(dports) : NULL;
fda2feb1 4535 pfrec->dport = dport;
4536 pfrec->local = NULL;
4537 pfrec->remote = NULL;
05581745 4538 pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
4539 address_family == '6' ? ADDRTYPE_IPV6 :
4540 ADDRTYPE_UNSPEC);
fda2feb1 4541
4542 epfrec = add234(ssh->portfwds, pfrec);
4543 if (epfrec != pfrec) {
c00c1931 4544 if (epfrec->status == DESTROY) {
4545 /*
4546 * We already have a port forwarding up and running
4547 * with precisely these parameters. Hence, no need
4548 * to do anything; simply re-tag the existing one
4549 * as KEEP.
4550 */
4551 epfrec->status = KEEP;
4552 }
fda2feb1 4553 /*
c00c1931 4554 * Anything else indicates that there was a duplicate
4555 * in our input, which we'll silently ignore.
fda2feb1 4556 */
fda2feb1 4557 free_portfwd(pfrec);
84328ddb 4558 } else {
4559 pfrec->status = CREATE;
4560 }
4a693cfc 4561 } else {
4562 sfree(saddr);
4563 sfree(host);
84328ddb 4564 }
4565 }
4566
4567 /*
4568 * Now go through and destroy any port forwardings which were
4569 * not re-enabled.
4570 */
4571 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4572 if (epf->status == DESTROY) {
4573 char *message;
4574
4575 message = dupprintf("%s port forwarding from %s%s%d",
4576 epf->type == 'L' ? "local" :
4577 epf->type == 'R' ? "remote" : "dynamic",
4578 epf->saddr ? epf->saddr : "",
4579 epf->saddr ? ":" : "",
4580 epf->sport);
4581
4582 if (epf->type != 'D') {
4583 char *msg2 = dupprintf("%s to %s:%d", message,
4584 epf->daddr, epf->dport);
4585 sfree(message);
4586 message = msg2;
4587 }
4588
4589 logeventf(ssh, "Cancelling %s", message);
4590 sfree(message);
4591
8aea57fd 4592 /* epf->remote or epf->local may be NULL if setting up a
4593 * forwarding failed. */
84328ddb 4594 if (epf->remote) {
4595 struct ssh_rportfwd *rpf = epf->remote;
4596 struct Packet *pktout;
4597
4598 /*
4599 * Cancel the port forwarding at the server
4600 * end.
4601 */
4602 if (ssh->version == 1) {
4603 /*
4604 * We cannot cancel listening ports on the
2e85c969 4605 * server side in SSH-1! There's no message
84328ddb 4606 * to support it. Instead, we simply remove
4607 * the rportfwd record from the local end
4608 * so that any connections the server tries
4609 * to make on it are rejected.
4610 */
4611 } else {
4612 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4613 ssh2_pkt_addstring(pktout, "cancel-tcpip-forward");
4614 ssh2_pkt_addbool(pktout, 0);/* _don't_ want reply */
4615 if (epf->saddr) {
4616 ssh2_pkt_addstring(pktout, epf->saddr);
4a693cfc 4617 } else if (conf_get_int(conf, CONF_rport_acceptall)) {
4618 /* XXX: rport_acceptall may not represent
5188540b 4619 * what was used to open the original connection,
4620 * since it's reconfigurable. */
84328ddb 4621 ssh2_pkt_addstring(pktout, "0.0.0.0");
4622 } else {
4623 ssh2_pkt_addstring(pktout, "127.0.0.1");
4624 }
4625 ssh2_pkt_adduint32(pktout, epf->sport);
4626 ssh2_pkt_send(ssh, pktout);
4627 }
4628
4629 del234(ssh->rportfwds, rpf);
4630 free_rportfwd(rpf);
4631 } else if (epf->local) {
4632 pfd_terminate(epf->local);
4633 }
4634
4635 delpos234(ssh->portfwds, i);
4636 free_portfwd(epf);
4637 i--; /* so we don't skip one in the list */
4638 }
4639
4640 /*
4641 * And finally, set up any new port forwardings (status==CREATE).
4642 */
4643 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4644 if (epf->status == CREATE) {
4645 char *sportdesc, *dportdesc;
3fe92132 4646 sportdesc = dupprintf("%s%s%s%s%d%s",
84328ddb 4647 epf->saddr ? epf->saddr : "",
4648 epf->saddr ? ":" : "",
3fe92132 4649 epf->sserv ? epf->sserv : "",
4650 epf->sserv ? "(" : "",
4651 epf->sport,
4652 epf->sserv ? ")" : "");
84328ddb 4653 if (epf->type == 'D') {
4654 dportdesc = NULL;
4655 } else {
3fe92132 4656 dportdesc = dupprintf("%s:%s%s%d%s",
4657 epf->daddr,
4658 epf->dserv ? epf->dserv : "",
4659 epf->dserv ? "(" : "",
4660 epf->dport,
4661 epf->dserv ? ")" : "");
84328ddb 4662 }
05581745 4663
84328ddb 4664 if (epf->type == 'L') {
4665 const char *err = pfd_addforward(epf->daddr, epf->dport,
4666 epf->saddr, epf->sport,
4a693cfc 4667 ssh, conf,
84328ddb 4668 &epf->local,
4669 epf->addressfamily);
4670
4671 logeventf(ssh, "Local %sport %s forwarding to %s%s%s",
4672 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4673 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4674 sportdesc, dportdesc,
4675 err ? " failed: " : "", err ? err : "");
4676 } else if (epf->type == 'D') {
06fadff5 4677 const char *err = pfd_addforward(NULL, -1,
84328ddb 4678 epf->saddr, epf->sport,
4a693cfc 4679 ssh, conf,
84328ddb 4680 &epf->local,
4681 epf->addressfamily);
4682
4683 logeventf(ssh, "Local %sport %s SOCKS dynamic forwarding%s%s",
4684 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4685 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4686 sportdesc,
4687 err ? " failed: " : "", err ? err : "");
06fadff5 4688 } else {
4689 struct ssh_rportfwd *pf;
4690
4691 /*
4692 * Ensure the remote port forwardings tree exists.
4693 */
4694 if (!ssh->rportfwds) {
4695 if (ssh->version == 1)
4696 ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
4697 else
4698 ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
4699 }
4700
4701 pf = snew(struct ssh_rportfwd);
84328ddb 4702 strncpy(pf->dhost, epf->daddr, lenof(pf->dhost)-1);
4703 pf->dhost[lenof(pf->dhost)-1] = '\0';
4704 pf->dport = epf->dport;
4705 pf->sport = epf->sport;
06fadff5 4706 if (add234(ssh->rportfwds, pf) != pf) {
4707 logeventf(ssh, "Duplicate remote port forwarding to %s:%d",
84328ddb 4708 epf->daddr, epf->dport);
06fadff5 4709 sfree(pf);
4710 } else {
4711 logeventf(ssh, "Requesting remote port %s"
84328ddb 4712 " forward to %s", sportdesc, dportdesc);
06fadff5 4713
4714 pf->sportdesc = sportdesc;
4715 sportdesc = NULL;
84328ddb 4716 epf->remote = pf;
4717 pf->pfrec = epf;
06fadff5 4718
4719 if (ssh->version == 1) {
4720 send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST,
84328ddb 4721 PKT_INT, epf->sport,
4722 PKT_STR, epf->daddr,
4723 PKT_INT, epf->dport,
06fadff5 4724 PKT_END);
4725 ssh_queue_handler(ssh, SSH1_SMSG_SUCCESS,
4726 SSH1_SMSG_FAILURE,
4727 ssh_rportfwd_succfail, pf);
4728 } else {
4729 struct Packet *pktout;
4730 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4731 ssh2_pkt_addstring(pktout, "tcpip-forward");
4732 ssh2_pkt_addbool(pktout, 1);/* want reply */
84328ddb 4733 if (epf->saddr) {
4734 ssh2_pkt_addstring(pktout, epf->saddr);
4a693cfc 4735 } else if (conf_get_int(conf, CONF_rport_acceptall)) {
06fadff5 4736 ssh2_pkt_addstring(pktout, "0.0.0.0");
4737 } else {
4738 ssh2_pkt_addstring(pktout, "127.0.0.1");
4739 }
84328ddb 4740 ssh2_pkt_adduint32(pktout, epf->sport);
06fadff5 4741 ssh2_pkt_send(ssh, pktout);
4742
4743 ssh_queue_handler(ssh, SSH2_MSG_REQUEST_SUCCESS,
4744 SSH2_MSG_REQUEST_FAILURE,
4745 ssh_rportfwd_succfail, pf);
4746 }
4747 }
4748 }
4749 sfree(sportdesc);
84328ddb 4750 sfree(dportdesc);
06fadff5 4751 }
06fadff5 4752}
4753
51df0ab5 4754static void ssh1_smsg_stdout_stderr_data(Ssh ssh, struct Packet *pktin)
4755{
4756 char *string;
4757 int stringlen, bufsize;
4758
4759 ssh_pkt_getstring(pktin, &string, &stringlen);
4760 if (string == NULL) {
4761 bombout(("Incoming terminal data packet was badly formed"));
4762 return;
4763 }
4764
4765 bufsize = from_backend(ssh->frontend, pktin->type == SSH1_SMSG_STDERR_DATA,
4766 string, stringlen);
4767 if (!ssh->v1_stdout_throttling && bufsize > SSH1_BUFFER_LIMIT) {
4768 ssh->v1_stdout_throttling = 1;
ff68564b 4769 ssh_throttle_conn(ssh, +1);
51df0ab5 4770 }
4771}
4772
4773static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)
4774{
4775 /* Remote side is trying to open a channel to talk to our
4776 * X-Server. Give them back a local channel number. */
4777 struct ssh_channel *c;
4778 int remoteid = ssh_pkt_getuint32(pktin);
4779
4780 logevent("Received X11 connect request");
4781 /* Refuse if X11 forwarding is disabled. */
4782 if (!ssh->X11_fwd_enabled) {
4783 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4784 PKT_INT, remoteid, PKT_END);
4785 logevent("Rejected X11 connect request");
4786 } else {
4787 c = snew(struct ssh_channel);
4788 c->ssh = ssh;
4789
8def70c3 4790 if (x11_init(&c->u.x11.s, ssh->x11disp, c,
4a693cfc 4791 NULL, -1, ssh->conf) != NULL) {
51df0ab5 4792 logevent("Opening X11 forward connection failed");
4793 sfree(c);
4794 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4795 PKT_INT, remoteid, PKT_END);
4796 } else {
4797 logevent
4798 ("Opening X11 forward connection succeeded");
4799 c->remoteid = remoteid;
64d6ff88 4800 c->halfopen = FALSE;
51df0ab5 4801 c->localid = alloc_channel_id(ssh);
4802 c->closes = 0;
bc06669b 4803 c->pending_eof = FALSE;
ff68564b 4804 c->throttling_conn = 0;
51df0ab5 4805 c->type = CHAN_X11; /* identify channel type */
4806 add234(ssh->channels, c);
4807 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4808 PKT_INT, c->remoteid, PKT_INT,
4809 c->localid, PKT_END);
4810 logevent("Opened X11 forward channel");
4811 }
4812 }
4813}
4814
4815static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
4816{
4817 /* Remote side is trying to open a channel to talk to our
4818 * agent. Give them back a local channel number. */
4819 struct ssh_channel *c;
4820 int remoteid = ssh_pkt_getuint32(pktin);
4821
4822 /* Refuse if agent forwarding is disabled. */
4823 if (!ssh->agentfwd_enabled) {
4824 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4825 PKT_INT, remoteid, PKT_END);
4826 } else {
4827 c = snew(struct ssh_channel);
4828 c->ssh = ssh;
4829 c->remoteid = remoteid;
64d6ff88 4830 c->halfopen = FALSE;
51df0ab5 4831 c->localid = alloc_channel_id(ssh);
4832 c->closes = 0;
bc06669b 4833 c->pending_eof = FALSE;
ff68564b 4834 c->throttling_conn = 0;
51df0ab5 4835 c->type = CHAN_AGENT; /* identify channel type */
4836 c->u.a.lensofar = 0;
bc06669b 4837 c->u.a.message = NULL;
51df0ab5 4838 add234(ssh->channels, c);
4839 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4840 PKT_INT, c->remoteid, PKT_INT, c->localid,
4841 PKT_END);
4842 }
4843}
4844
4845static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
4846{
4847 /* Remote side is trying to open a channel to talk to a
4848 * forwarded port. Give them back a local channel number. */
4849 struct ssh_channel *c;
05581745 4850 struct ssh_rportfwd pf, *pfp;
51df0ab5 4851 int remoteid;
4852 int hostsize, port;
fb983202 4853 char *host;
51df0ab5 4854 const char *e;
4855 c = snew(struct ssh_channel);
4856 c->ssh = ssh;
4857
4858 remoteid = ssh_pkt_getuint32(pktin);
4859 ssh_pkt_getstring(pktin, &host, &hostsize);
4860 port = ssh_pkt_getuint32(pktin);
4861
4862 if (hostsize >= lenof(pf.dhost))
4863 hostsize = lenof(pf.dhost)-1;
4864 memcpy(pf.dhost, host, hostsize);
4865 pf.dhost[hostsize] = '\0';
4866 pf.dport = port;
05581745 4867 pfp = find234(ssh->rportfwds, &pf, NULL);
51df0ab5 4868
05581745 4869 if (pfp == NULL) {
fb983202 4870 logeventf(ssh, "Rejected remote port open request for %s:%d",
4871 pf.dhost, port);
51df0ab5 4872 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4873 PKT_INT, remoteid, PKT_END);
4874 } else {
fb983202 4875 logeventf(ssh, "Received remote port open request for %s:%d",
4876 pf.dhost, port);
51df0ab5 4877 e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port,
4a693cfc 4878 c, ssh->conf, pfp->pfrec->addressfamily);
51df0ab5 4879 if (e != NULL) {
fb983202 4880 logeventf(ssh, "Port open failed: %s", e);
51df0ab5 4881 sfree(c);
4882 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4883 PKT_INT, remoteid, PKT_END);
4884 } else {
4885 c->remoteid = remoteid;
64d6ff88 4886 c->halfopen = FALSE;
51df0ab5 4887 c->localid = alloc_channel_id(ssh);
4888 c->closes = 0;
bc06669b 4889 c->pending_eof = FALSE;
ff68564b 4890 c->throttling_conn = 0;
51df0ab5 4891 c->type = CHAN_SOCKDATA; /* identify channel type */
4892 add234(ssh->channels, c);
4893 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4894 PKT_INT, c->remoteid, PKT_INT,
4895 c->localid, PKT_END);
4896 logevent("Forwarded port opened successfully");
4897 }
4898 }
4899}
4900
4901static void ssh1_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
4902{
4903 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4904 unsigned int localid = ssh_pkt_getuint32(pktin);
4905 struct ssh_channel *c;
4906
4907 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4908 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4909 c->remoteid = localid;
64d6ff88 4910 c->halfopen = FALSE;
51df0ab5 4911 c->type = CHAN_SOCKDATA;
ff68564b 4912 c->throttling_conn = 0;
51df0ab5 4913 pfd_confirm(c->u.pfd.s);
4914 }
4915
bc06669b 4916 if (c && c->pending_eof) {
51df0ab5 4917 /*
4918 * We have a pending close on this channel,
4919 * which we decided on before the server acked
4920 * the channel open. So now we know the
4921 * remoteid, we can close it again.
4922 */
bc06669b 4923 ssh_channel_try_eof(c);
51df0ab5 4924 }
4925}
4926
4927static void ssh1_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
4928{
4929 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4930 struct ssh_channel *c;
4931
4932 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4933 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4934 logevent("Forwarded connection refused by server");
4935 pfd_close(c->u.pfd.s);
4936 del234(ssh->channels, c);
4937 sfree(c);
4938 }
4939}
4940
4941static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin)
4942{
4943 /* Remote side closes a channel. */
4944 unsigned i = ssh_pkt_getuint32(pktin);
4945 struct ssh_channel *c;
4946 c = find234(ssh->channels, &i, ssh_channelfind);
64d6ff88 4947 if (c && !c->halfopen) {
51df0ab5 4948
bc06669b 4949 if (pktin->type == SSH1_MSG_CHANNEL_CLOSE &&
4950 !(c->closes & CLOSES_RCVD_EOF)) {
4951 /*
4952 * Received CHANNEL_CLOSE, which we translate into
4953 * outgoing EOF.
4954 */
4955 int send_close = FALSE;
4956
4957 c->closes |= CLOSES_RCVD_EOF;
4958
4959 switch (c->type) {
4960 case CHAN_X11:
4961 if (c->u.x11.s)
4962 x11_send_eof(c->u.x11.s);
4963 else
4964 send_close = TRUE;
9fb91415 4965 break;
bc06669b 4966 case CHAN_SOCKDATA:
4967 if (c->u.pfd.s)
9fb91415 4968 pfd_send_eof(c->u.pfd.s);
bc06669b 4969 else
4970 send_close = TRUE;
9fb91415 4971 break;
bc06669b 4972 case CHAN_AGENT:
4973 send_close = TRUE;
9fb91415 4974 break;
bc06669b 4975 }
51df0ab5 4976
bc06669b 4977 if (send_close && !(c->closes & CLOSES_SENT_EOF)) {
4978 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4979 PKT_END);
4980 c->closes |= CLOSES_SENT_EOF;
4981 }
4982 }
4983
4984 if (pktin->type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION &&
4985 !(c->closes & CLOSES_RCVD_CLOSE)) {
4986
4987 if (!(c->closes & CLOSES_SENT_EOF)) {
4988 bombout(("Received CHANNEL_CLOSE_CONFIRMATION for channel %d"
4989 " for which we never sent CHANNEL_CLOSE\n", i));
4990 }
4991
4992 c->closes |= CLOSES_RCVD_CLOSE;
4993 }
4994
4995 if (!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes) &&
4996 !(c->closes & CLOSES_SENT_CLOSE)) {
4997 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION,
4998 PKT_INT, c->remoteid, PKT_END);
4999 c->closes |= CLOSES_SENT_CLOSE;
5000 }
5001
5002 if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes))
5003 ssh_channel_destroy(c);
51df0ab5 5004 } else {
5005 bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
5006 pktin->type == SSH1_MSG_CHANNEL_CLOSE ? "" :
5007 "_CONFIRMATION", c ? "half-open" : "nonexistent",
5008 i));
5009 }
5010}
5011
5012static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
5013{
5014 /* Data sent down one of our channels. */
5015 int i = ssh_pkt_getuint32(pktin);
5016 char *p;
6d44acc9 5017 int len;
51df0ab5 5018 struct ssh_channel *c;
5019
5020 ssh_pkt_getstring(pktin, &p, &len);
5021
5022 c = find234(ssh->channels, &i, ssh_channelfind);
5023 if (c) {
5024 int bufsize = 0;
5025 switch (c->type) {
5026 case CHAN_X11:
5027 bufsize = x11_send(c->u.x11.s, p, len);
5028 break;
5029 case CHAN_SOCKDATA:
5030 bufsize = pfd_send(c->u.pfd.s, p, len);
5031 break;
5032 case CHAN_AGENT:
5033 /* Data for an agent message. Buffer it. */
5034 while (len > 0) {
5035 if (c->u.a.lensofar < 4) {
62ddb51e 5036 unsigned int l = min(4 - c->u.a.lensofar, (unsigned)len);
51df0ab5 5037 memcpy(c->u.a.msglen + c->u.a.lensofar, p,
5038 l);
5039 p += l;
5040 len -= l;
5041 c->u.a.lensofar += l;
5042 }
5043 if (c->u.a.lensofar == 4) {
5044 c->u.a.totallen =
5045 4 + GET_32BIT(c->u.a.msglen);
5046 c->u.a.message = snewn(c->u.a.totallen,
5047 unsigned char);
5048 memcpy(c->u.a.message, c->u.a.msglen, 4);
5049 }
5050 if (c->u.a.lensofar >= 4 && len > 0) {
aa63ab7e 5051 unsigned int l =
51df0ab5 5052 min(c->u.a.totallen - c->u.a.lensofar,
62ddb51e 5053 (unsigned)len);
51df0ab5 5054 memcpy(c->u.a.message + c->u.a.lensofar, p,
5055 l);
5056 p += l;
5057 len -= l;
5058 c->u.a.lensofar += l;
5059 }
5060 if (c->u.a.lensofar == c->u.a.totallen) {
5061 void *reply;
5062 int replylen;
5063 if (agent_query(c->u.a.message,
5064 c->u.a.totallen,
5065 &reply, &replylen,
5066 ssh_agentf_callback, c))
5067 ssh_agentf_callback(c, reply, replylen);
5068 sfree(c->u.a.message);
5069 c->u.a.lensofar = 0;
5070 }
5071 }
5072 bufsize = 0; /* agent channels never back up */
5073 break;
5074 }
ff68564b 5075 if (!c->throttling_conn && bufsize > SSH1_BUFFER_LIMIT) {
5076 c->throttling_conn = 1;
5077 ssh_throttle_conn(ssh, +1);
51df0ab5 5078 }
5079 }
5080}
5081
5082static void ssh1_smsg_exit_status(Ssh ssh, struct Packet *pktin)
5083{
51df0ab5 5084 ssh->exitcode = ssh_pkt_getuint32(pktin);
fb983202 5085 logeventf(ssh, "Server sent command exit status %d", ssh->exitcode);
51df0ab5 5086 send_packet(ssh, SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
5087 /*
5088 * In case `helpful' firewalls or proxies tack
5089 * extra human-readable text on the end of the
5090 * session which we might mistake for another
5091 * encrypted packet, we close the session once
5092 * we've sent EXIT_CONFIRMATION.
5093 */
9e296bfa 5094 ssh_disconnect(ssh, NULL, NULL, 0, TRUE);
51df0ab5 5095}
5096
c6ccd5c2 5097/* Helper function to deal with sending tty modes for REQUEST_PTY */
5098static void ssh1_send_ttymode(void *data, char *mode, char *val)
5099{
5100 struct Packet *pktout = (struct Packet *)data;
5101 int i = 0;
5102 unsigned int arg = 0;
5103 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
5104 if (i == lenof(ssh_ttymodes)) return;
5105 switch (ssh_ttymodes[i].type) {
5106 case TTY_OP_CHAR:
5107 arg = ssh_tty_parse_specchar(val);
5108 break;
5109 case TTY_OP_BOOL:
5110 arg = ssh_tty_parse_boolean(val);
5111 break;
5112 }
5113 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
5114 ssh2_pkt_addbyte(pktout, arg);
5115}
5116
5117
b09eaa88 5118static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
5119 struct Packet *pktin)
32874aea 5120{
b09eaa88 5121 crBegin(ssh->do_ssh1_connection_crstate);
fb09bf1c 5122
51df0ab5 5123 ssh->packet_dispatch[SSH1_SMSG_STDOUT_DATA] =
5124 ssh->packet_dispatch[SSH1_SMSG_STDERR_DATA] =
5125 ssh1_smsg_stdout_stderr_data;
5126
5127 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_CONFIRMATION] =
5128 ssh1_msg_channel_open_confirmation;
5129 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_FAILURE] =
5130 ssh1_msg_channel_open_failure;
5131 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE] =
5132 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION] =
5133 ssh1_msg_channel_close;
5134 ssh->packet_dispatch[SSH1_MSG_CHANNEL_DATA] = ssh1_msg_channel_data;
5135 ssh->packet_dispatch[SSH1_SMSG_EXIT_STATUS] = ssh1_smsg_exit_status;
5136
4a693cfc 5137 if (conf_get_int(ssh->conf, CONF_agentfwd) && agent_exists()) {
32874aea 5138 logevent("Requesting agent forwarding");
51470298 5139 send_packet(ssh, SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
32874aea 5140 do {
5141 crReturnV;
ff3187f6 5142 } while (!pktin);
5143 if (pktin->type != SSH1_SMSG_SUCCESS
5144 && pktin->type != SSH1_SMSG_FAILURE) {
6b5cf8b4 5145 bombout(("Protocol confusion"));
7ffdbc1a 5146 crStopV;
ff3187f6 5147 } else if (pktin->type == SSH1_SMSG_FAILURE) {
32874aea 5148 logevent("Agent forwarding refused");
5149 } else {
5150 logevent("Agent forwarding enabled");
51470298 5151 ssh->agentfwd_enabled = TRUE;
51df0ab5 5152 ssh->packet_dispatch[SSH1_SMSG_AGENT_OPEN] = ssh1_smsg_agent_open;
db7d555c 5153 }
dacbd0e8 5154 }
5155
4a693cfc 5156 if (conf_get_int(ssh->conf, CONF_x11_forward) &&
5157 (ssh->x11disp = x11_setup_display(conf_get_str(ssh->conf, CONF_x11_display),
5158 conf_get_int(ssh->conf, CONF_x11_auth), ssh->conf))) {
32874aea 5159 logevent("Requesting X11 forwarding");
f68353be 5160 /*
5161 * Note that while we blank the X authentication data here, we don't
5162 * take any special action to blank the start of an X11 channel,
5163 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
5164 * without having session blanking enabled is likely to leak your
5165 * cookie into the log.
5166 */
51470298 5167 if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
5168 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
8def70c3 5169 PKT_STR, ssh->x11disp->remoteauthprotoname,
5170 PKTT_PASSWORD,
5171 PKT_STR, ssh->x11disp->remoteauthdatastring,
5172 PKTT_OTHER,
5173 PKT_INT, ssh->x11disp->screennum,
421d6835 5174 PKT_END);
32874aea 5175 } else {
51470298 5176 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
8def70c3 5177 PKT_STR, ssh->x11disp->remoteauthprotoname,
5178 PKTT_PASSWORD,
5179 PKT_STR, ssh->x11disp->remoteauthdatastring,
5180 PKTT_OTHER,
5181 PKT_END);
32874aea 5182 }
5183 do {
5184 crReturnV;
ff3187f6 5185 } while (!pktin);
5186 if (pktin->type != SSH1_SMSG_SUCCESS
5187 && pktin->type != SSH1_SMSG_FAILURE) {
6b5cf8b4 5188 bombout(("Protocol confusion"));
7ffdbc1a 5189 crStopV;
ff3187f6 5190 } else if (pktin->type == SSH1_SMSG_FAILURE) {
32874aea 5191 logevent("X11 forwarding refused");
5192 } else {
5193 logevent("X11 forwarding enabled");
51470298 5194 ssh->X11_fwd_enabled = TRUE;
51df0ab5 5195 ssh->packet_dispatch[SSH1_SMSG_X11_OPEN] = ssh1_smsg_x11_open;
9c964e85 5196 }
5197 }
5198
4a693cfc 5199 ssh_setup_portfwd(ssh, ssh->conf);
06fadff5 5200 ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = ssh1_msg_port_open;
d74d141c 5201
4a693cfc 5202 if (!conf_get_int(ssh->conf, CONF_nopty)) {
c6ccd5c2 5203 struct Packet *pkt;
a5dd8467 5204 /* Unpick the terminal-speed string. */
5205 /* XXX perhaps we should allow no speeds to be sent. */
db219738 5206 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
4a693cfc 5207 sscanf(conf_get_str(ssh->conf, CONF_termspeed), "%d,%d", &ssh->ospeed, &ssh->ispeed);
a5dd8467 5208 /* Send the pty request. */
c6ccd5c2 5209 pkt = ssh1_pkt_init(SSH1_CMSG_REQUEST_PTY);
4a693cfc 5210 ssh_pkt_addstring(pkt, conf_get_str(ssh->conf, CONF_termtype));
c6ccd5c2 5211 ssh_pkt_adduint32(pkt, ssh->term_height);
5212 ssh_pkt_adduint32(pkt, ssh->term_width);
5213 ssh_pkt_adduint32(pkt, 0); /* width in pixels */
5214 ssh_pkt_adduint32(pkt, 0); /* height in pixels */
4a693cfc 5215 parse_ttymodes(ssh, ssh1_send_ttymode, (void *)pkt);
c6ccd5c2 5216 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_ISPEED);
5217 ssh_pkt_adduint32(pkt, ssh->ispeed);
5218 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_OSPEED);
5219 ssh_pkt_adduint32(pkt, ssh->ospeed);
5220 ssh_pkt_addbyte(pkt, SSH_TTY_OP_END);
5221 s_wrpkt(ssh, pkt);
51470298 5222 ssh->state = SSH_STATE_INTERMED;
32874aea 5223 do {
5224 crReturnV;
ff3187f6 5225 } while (!pktin);
5226 if (pktin->type != SSH1_SMSG_SUCCESS
5227 && pktin->type != SSH1_SMSG_FAILURE) {
6b5cf8b4 5228 bombout(("Protocol confusion"));
7ffdbc1a 5229 crStopV;
ff3187f6 5230 } else if (pktin->type == SSH1_SMSG_FAILURE) {
51470298 5231 c_write_str(ssh, "Server refused to allocate pty\r\n");
5232 ssh->editing = ssh->echoing = 1;
4a202fc6 5233 } else {
5234 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
5235 ssh->ospeed, ssh->ispeed);
5236 ssh->got_pty = TRUE;
5237 }
0965bee0 5238 } else {
51470298 5239 ssh->editing = ssh->echoing = 1;
374330e2 5240 }
5241
4a693cfc 5242 if (conf_get_int(ssh->conf, CONF_compression)) {
51470298 5243 send_packet(ssh, SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
32874aea 5244 do {
5245 crReturnV;
ff3187f6 5246 } while (!pktin);
5247 if (pktin->type != SSH1_SMSG_SUCCESS
5248 && pktin->type != SSH1_SMSG_FAILURE) {
6b5cf8b4 5249 bombout(("Protocol confusion"));
7ffdbc1a 5250 crStopV;
ff3187f6 5251 } else if (pktin->type == SSH1_SMSG_FAILURE) {
51470298 5252 c_write_str(ssh, "Server refused to compress\r\n");
32874aea 5253 }
4ba9b64b 5254 logevent("Started compression");
51470298 5255 ssh->v1_compressing = TRUE;
5366aed8 5256 ssh->cs_comp_ctx = zlib_compress_init();
5257 logevent("Initialised zlib (RFC1950) compression");
5258 ssh->sc_comp_ctx = zlib_decompress_init();
5259 logevent("Initialised zlib (RFC1950) decompression");
4ba9b64b 5260 }
5261
fd5e5847 5262 /*
5263 * Start the shell or command.
5264 *
2e85c969 5265 * Special case: if the first-choice command is an SSH-2
fd5e5847 5266 * subsystem (hence not usable here) and the second choice
5267 * exists, we fall straight back to that.
5268 */
5269 {
4a693cfc 5270 char *cmd = conf_get_str(ssh->conf, CONF_remote_cmd);
fd5e5847 5271
4a693cfc 5272 if (conf_get_int(ssh->conf, CONF_ssh_subsys) &&
5273 conf_get_str(ssh->conf, CONF_remote_cmd2)) {
5274 cmd = conf_get_str(ssh->conf, CONF_remote_cmd2);
51470298 5275 ssh->fallback_cmd = TRUE;
fd5e5847 5276 }
5277 if (*cmd)
51470298 5278 send_packet(ssh, SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END);
fd5e5847 5279 else
51470298 5280 send_packet(ssh, SSH1_CMSG_EXEC_SHELL, PKT_END);
fd5e5847 5281 logevent("Started session");
5282 }
374330e2 5283
51470298 5284 ssh->state = SSH_STATE_SESSION;
5285 if (ssh->size_needed)
5286 ssh_size(ssh, ssh->term_width, ssh->term_height);
5287 if (ssh->eof_needed)
5288 ssh_special(ssh, TS_EOF);
374330e2 5289
b9d7bcad 5290 if (ssh->ldisc)
5291 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
51470298 5292 ssh->send_ok = 1;
5293 ssh->channels = newtree234(ssh_channelcmp);
374330e2 5294 while (1) {
d74d141c 5295
51df0ab5 5296 /*
5297 * By this point, most incoming packets are already being
5298 * handled by the dispatch table, and we need only pay
5299 * attention to the unusual ones.
5300 */
0357890f 5301
51df0ab5 5302 crReturnV;
5303 if (pktin) {
5304 if (pktin->type == SSH1_SMSG_SUCCESS) {
972a41c8 5305 /* may be from EXEC_SHELL on some servers */
ff3187f6 5306 } else if (pktin->type == SSH1_SMSG_FAILURE) {
972a41c8 5307 /* may be from EXEC_SHELL on some servers
374330e2 5308 * if no pty is available or in other odd cases. Ignore */
374330e2 5309 } else {
ff3187f6 5310 bombout(("Strange packet received: type %d", pktin->type));
7ffdbc1a 5311 crStopV;
374330e2 5312 }
5313 } else {
8df7a775 5314 while (inlen > 0) {
5315 int len = min(inlen, 512);
a2724fba 5316 send_packet(ssh, SSH1_CMSG_STDIN_DATA,
5317 PKT_INT, len, PKTT_DATA, PKT_DATA, in, len,
9a10ecf4 5318 PKTT_OTHER, PKT_END);
8df7a775 5319 in += len;
5320 inlen -= len;
5321 }
374330e2 5322 }
5323 }
5324
5325 crFinishV;
5326}
5327
5328/*
2e85c969 5329 * Handle the top-level SSH-2 protocol.
b09eaa88 5330 */
5331static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
5332{
fb983202 5333 char *msg;
b09eaa88 5334 int msglen;
5335
5336 ssh_pkt_getstring(pktin, &msg, &msglen);
fb983202 5337 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
b09eaa88 5338}
5339
5340static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
5341{
5342 /* log reason code in disconnect message */
5343 char *msg;
5344 int msglen;
5345
5346 ssh_pkt_getstring(pktin, &msg, &msglen);
5347 bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg));
5348}
5349
409bfa77 5350static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin)
b09eaa88 5351{
5352 /* Do nothing, because we're ignoring it! Duhh. */
5353}
5354
5355static void ssh1_protocol_setup(Ssh ssh)
5356{
5357 int i;
5358
5359 /*
5360 * Most messages are handled by the coroutines.
5361 */
5362 for (i = 0; i < 256; i++)
5363 ssh->packet_dispatch[i] = NULL;
5364
5365 /*
5366 * These special message types we install handlers for.
5367 */
5368 ssh->packet_dispatch[SSH1_MSG_DISCONNECT] = ssh1_msg_disconnect;
5369 ssh->packet_dispatch[SSH1_MSG_IGNORE] = ssh_msg_ignore;
5370 ssh->packet_dispatch[SSH1_MSG_DEBUG] = ssh1_msg_debug;
5371}
5372
1c1a7262 5373static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
b09eaa88 5374 struct Packet *pktin)
5375{
1c1a7262 5376 unsigned char *in=(unsigned char*)vin;
b09eaa88 5377 if (ssh->state == SSH_STATE_CLOSED)
5378 return;
5379
5380 if (pktin && ssh->packet_dispatch[pktin->type]) {
5381 ssh->packet_dispatch[pktin->type](ssh, pktin);
5382 return;
5383 }
5384
5385 if (!ssh->protocol_initial_phase_done) {
5386 if (do_ssh1_login(ssh, in, inlen, pktin))
5387 ssh->protocol_initial_phase_done = TRUE;
5388 else
5389 return;
5390 }
5391
5392 do_ssh1_connection(ssh, in, inlen, pktin);
5393}
5394
5395/*
e5574168 5396 * Utility routine for decoding comma-separated strings in KEXINIT.
5397 */
32874aea 5398static int in_commasep_string(char *needle, char *haystack, int haylen)
5399{
57356d63 5400 int needlen;
5401 if (!needle || !haystack) /* protect against null pointers */
5402 return 0;
5403 needlen = strlen(needle);
e5574168 5404 while (1) {
32874aea 5405 /*
5406 * Is it at the start of the string?
5407 */
5408 if (haylen >= needlen && /* haystack is long enough */
5409 !memcmp(needle, haystack, needlen) && /* initial match */
5410 (haylen == needlen || haystack[needlen] == ',')
5411 /* either , or EOS follows */
5412 )
5413 return 1;
5414 /*
5415 * If not, search for the next comma and resume after that.
5416 * If no comma found, terminate.
5417 */
5418 while (haylen > 0 && *haystack != ',')
5419 haylen--, haystack++;
5420 if (haylen == 0)
5421 return 0;
5422 haylen--, haystack++; /* skip over comma itself */
e5574168 5423 }
5424}
5425
5426/*
b59743d5 5427 * Similar routine for checking whether we have the first string in a list.
5428 */
5429static int first_in_commasep_string(char *needle, char *haystack, int haylen)
5430{
5431 int needlen;
5432 if (!needle || !haystack) /* protect against null pointers */
5433 return 0;
5434 needlen = strlen(needle);
5435 /*
5436 * Is it at the start of the string?
5437 */
5438 if (haylen >= needlen && /* haystack is long enough */
5439 !memcmp(needle, haystack, needlen) && /* initial match */
5440 (haylen == needlen || haystack[needlen] == ',')
5441 /* either , or EOS follows */
5442 )
5443 return 1;
5444 return 0;
5445}
5446
5447
5448/*
2e85c969 5449 * SSH-2 key creation method.
754c0df9 5450 * (Currently assumes 2 lots of any hash are sufficient to generate
5451 * keys/IVs for any cipher/MAC. SSH2_MKKEY_ITERS documents this assumption.)
d39f364a 5452 */
754c0df9 5453#define SSH2_MKKEY_ITERS (2)
b672f405 5454static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr,
d8baa528 5455 unsigned char *keyspace)
32874aea 5456{
b672f405 5457 const struct ssh_hash *h = ssh->kex->hash;
5458 void *s;
5459 /* First hlen bytes. */
5460 s = h->init();
51470298 5461 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
b672f405 5462 hash_mpint(h, s, K);
5463 h->bytes(s, H, h->hlen);
5464 h->bytes(s, &chr, 1);
5465 h->bytes(s, ssh->v2_session_id, ssh->v2_session_id_len);
5466 h->final(s, keyspace);
5467 /* Next hlen bytes. */
5468 s = h->init();
51470298 5469 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
b672f405 5470 hash_mpint(h, s, K);
5471 h->bytes(s, H, h->hlen);
5472 h->bytes(s, keyspace, h->hlen);
5473 h->final(s, keyspace + h->hlen);
d39f364a 5474}
5475
5476/*
2e85c969 5477 * Handle the SSH-2 transport layer.
e5574168 5478 */
0b106f61 5479static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
ff3187f6 5480 struct Packet *pktin)
e5574168 5481{
1c1a7262 5482 unsigned char *in = (unsigned char *)vin;
51470298 5483 struct do_ssh2_transport_state {
30919997 5484 int crLine;
4763c1c2 5485 int nbits, pbits, warn_kex, warn_cscipher, warn_sccipher;
51470298 5486 Bignum p, g, e, f, K;
3dc9a6a7 5487 void *our_kexinit;
5488 int our_kexinitlen;
51470298 5489 int kex_init_value, kex_reply_value;
5490 const struct ssh_mac **maclist;
5491 int nmacs;
5492 const struct ssh2_cipher *cscipher_tobe;
5493 const struct ssh2_cipher *sccipher_tobe;
5494 const struct ssh_mac *csmac_tobe;
5495 const struct ssh_mac *scmac_tobe;
5496 const struct ssh_compress *cscomp_tobe;
5497 const struct ssh_compress *sccomp_tobe;
fae1a71b 5498 char *hostkeydata, *sigdata, *rsakeydata, *keystr, *fingerprint;
5499 int hostkeylen, siglen, rsakeylen;
51470298 5500 void *hkey; /* actual host key */
fae1a71b 5501 void *rsakey; /* for RSA kex */
754c0df9 5502 unsigned char exchange_hash[SSH2_KEX_MAX_HASH_LEN];
83e7d008 5503 int n_preferred_kex;
34557659 5504 const struct ssh_kexes *preferred_kex[KEX_MAX];
51470298 5505 int n_preferred_ciphers;
5506 const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
5507 const struct ssh_compress *preferred_comp;
ab18ccff 5508 int userauth_succeeded; /* for delayed compression */
5509 int pending_compression;
e13bba36 5510 int got_session_id, activated_authconn;
ff3187f6 5511 struct Packet *pktout;
3d9449a1 5512 int dlgret;
5513 int guessok;
4763c1c2 5514 int ignorepkt;
51470298 5515 };
5516 crState(do_ssh2_transport_state);
5517
30919997 5518 crBeginState;
51470298 5519
5520 s->cscipher_tobe = s->sccipher_tobe = NULL;
5521 s->csmac_tobe = s->scmac_tobe = NULL;
5522 s->cscomp_tobe = s->sccomp_tobe = NULL;
5523
e13bba36 5524 s->got_session_id = s->activated_authconn = FALSE;
ab18ccff 5525 s->userauth_succeeded = FALSE;
5526 s->pending_compression = FALSE;
e5574168 5527
e13bba36 5528 /*
5529 * Be prepared to work around the buggy MAC problem.
5530 */
5531 if (ssh->remote_bugs & BUG_SSH2_HMAC)
5532 s->maclist = buggymacs, s->nmacs = lenof(buggymacs);
5533 else
5534 s->maclist = macs, s->nmacs = lenof(macs);
5535
5536 begin_key_exchange:
acab36bc 5537 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
51470298 5538 {
cc18f256 5539 int i, j, k, commalist_started;
e13bba36 5540
51470298 5541 /*
83e7d008 5542 * Set up the preferred key exchange. (NULL => warn below here)
5543 */
5544 s->n_preferred_kex = 0;
5545 for (i = 0; i < KEX_MAX; i++) {
4a693cfc 5546 switch (conf_get_int_int(ssh->conf, CONF_ssh_kexlist, i)) {
83e7d008 5547 case KEX_DHGEX:
5548 s->preferred_kex[s->n_preferred_kex++] =
5549 &ssh_diffiehellman_gex;
5550 break;
5551 case KEX_DHGROUP14:
5552 s->preferred_kex[s->n_preferred_kex++] =
5553 &ssh_diffiehellman_group14;
5554 break;
5555 case KEX_DHGROUP1:
5556 s->preferred_kex[s->n_preferred_kex++] =
5557 &ssh_diffiehellman_group1;
5558 break;
fae1a71b 5559 case KEX_RSA:
5560 s->preferred_kex[s->n_preferred_kex++] =
5561 &ssh_rsa_kex;
5562 break;
754c0df9 5563 case KEX_WARN:
83e7d008 5564 /* Flag for later. Don't bother if it's the last in
5565 * the list. */
5566 if (i < KEX_MAX - 1) {
5567 s->preferred_kex[s->n_preferred_kex++] = NULL;
5568 }
5569 break;
5570 }
5571 }
83e7d008 5572
83e7d008 5573 /*
51470298 5574 * Set up the preferred ciphers. (NULL => warn below here)
5575 */
5576 s->n_preferred_ciphers = 0;
5577 for (i = 0; i < CIPHER_MAX; i++) {
4a693cfc 5578 switch (conf_get_int_int(ssh->conf, CONF_ssh_cipherlist, i)) {
51470298 5579 case CIPHER_BLOWFISH:
5580 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_blowfish;
5581 break;
5582 case CIPHER_DES:
4a693cfc 5583 if (conf_get_int(ssh->conf, CONF_ssh2_des_cbc)) {
51470298 5584 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_des;
5585 }
5586 break;
5587 case CIPHER_3DES:
5588 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_3des;
5589 break;
5590 case CIPHER_AES:
5591 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_aes;
5592 break;
a2add208 5593 case CIPHER_ARCFOUR:
5594 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_arcfour;
5595 break;
51470298 5596 case CIPHER_WARN:
5597 /* Flag for later. Don't bother if it's the last in
5598 * the list. */
5599 if (i < CIPHER_MAX - 1) {
5600 s->preferred_ciphers[s->n_preferred_ciphers++] = NULL;
5601 }
5602 break;
ca20bfcf 5603 }
ca20bfcf 5604 }
7591b9ff 5605
e13bba36 5606 /*
5607 * Set up preferred compression.
5608 */
4a693cfc 5609 if (conf_get_int(ssh->conf, CONF_compression))
e13bba36 5610 s->preferred_comp = &ssh_zlib;
5611 else
5612 s->preferred_comp = &ssh_comp_none;
51470298 5613
5614 /*
590f6a5f 5615 * Enable queueing of outgoing auth- or connection-layer
5616 * packets while we are in the middle of a key exchange.
5617 */
5618 ssh->queueing = TRUE;
5619
5620 /*
9442dd57 5621 * Flag that KEX is in progress.
5622 */
5623 ssh->kex_in_progress = TRUE;
5624
5625 /*
51470298 5626 * Construct and send our key exchange packet.
5627 */
ff3187f6 5628 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXINIT);
51470298 5629 for (i = 0; i < 16; i++)
ff3187f6 5630 ssh2_pkt_addbyte(s->pktout, (unsigned char) random_byte());
51470298 5631 /* List key exchange algorithms. */
ff3187f6 5632 ssh2_pkt_addstring_start(s->pktout);
83e7d008 5633 commalist_started = 0;
5634 for (i = 0; i < s->n_preferred_kex; i++) {
34557659 5635 const struct ssh_kexes *k = s->preferred_kex[i];
83e7d008 5636 if (!k) continue; /* warning flag */
34557659 5637 for (j = 0; j < k->nkexes; j++) {
5638 if (commalist_started)
5639 ssh2_pkt_addstring_str(s->pktout, ",");
5640 ssh2_pkt_addstring_str(s->pktout, k->list[j]->name);
5641 commalist_started = 1;
5642 }
32874aea 5643 }
51470298 5644 /* List server host key algorithms. */
ff3187f6 5645 ssh2_pkt_addstring_start(s->pktout);
51470298 5646 for (i = 0; i < lenof(hostkey_algs); i++) {
ff3187f6 5647 ssh2_pkt_addstring_str(s->pktout, hostkey_algs[i]->name);
51470298 5648 if (i < lenof(hostkey_algs) - 1)
ff3187f6 5649 ssh2_pkt_addstring_str(s->pktout, ",");
32874aea 5650 }
cc18f256 5651 /* List encryption algorithms (client->server then server->client). */
5652 for (k = 0; k < 2; k++) {
5653 ssh2_pkt_addstring_start(s->pktout);
5654 commalist_started = 0;
5655 for (i = 0; i < s->n_preferred_ciphers; i++) {
5656 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5657 if (!c) continue; /* warning flag */
5658 for (j = 0; j < c->nciphers; j++) {
5659 if (commalist_started)
5660 ssh2_pkt_addstring_str(s->pktout, ",");
5661 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5662 commalist_started = 1;
5663 }
51470298 5664 }
5665 }
cc18f256 5666 /* List MAC algorithms (client->server then server->client). */
5667 for (j = 0; j < 2; j++) {
5668 ssh2_pkt_addstring_start(s->pktout);
5669 for (i = 0; i < s->nmacs; i++) {
5670 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5671 if (i < s->nmacs - 1)
ff3187f6 5672 ssh2_pkt_addstring_str(s->pktout, ",");
51470298 5673 }
5674 }
ab18ccff 5675 /* List client->server compression algorithms,
5676 * then server->client compression algorithms. (We use the
5677 * same set twice.) */
5678 for (j = 0; j < 2; j++) {
5679 ssh2_pkt_addstring_start(s->pktout);
5680 assert(lenof(compressions) > 1);
5681 /* Prefer non-delayed versions */
5682 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5683 /* We don't even list delayed versions of algorithms until
5684 * they're allowed to be used, to avoid a race. See the end of
5685 * this function. */
5686 if (s->userauth_succeeded && s->preferred_comp->delayed_name) {
ff3187f6 5687 ssh2_pkt_addstring_str(s->pktout, ",");
ab18ccff 5688 ssh2_pkt_addstring_str(s->pktout,
5689 s->preferred_comp->delayed_name);
f6e0abe2 5690 }
ab18ccff 5691 for (i = 0; i < lenof(compressions); i++) {
5692 const struct ssh_compress *c = compressions[i];
5693 if (c != s->preferred_comp) {
5694 ssh2_pkt_addstring_str(s->pktout, ",");
5695 ssh2_pkt_addstring_str(s->pktout, c->name);
5696 if (s->userauth_succeeded && c->delayed_name) {
5697 ssh2_pkt_addstring_str(s->pktout, ",");
5698 ssh2_pkt_addstring_str(s->pktout, c->delayed_name);
5699 }
5700 }
f6e0abe2 5701 }
51470298 5702 }
5703 /* List client->server languages. Empty list. */
ff3187f6 5704 ssh2_pkt_addstring_start(s->pktout);
51470298 5705 /* List server->client languages. Empty list. */
ff3187f6 5706 ssh2_pkt_addstring_start(s->pktout);
51470298 5707 /* First KEX packet does _not_ follow, because we're not that brave. */
ff3187f6 5708 ssh2_pkt_addbool(s->pktout, FALSE);
51470298 5709 /* Reserved. */
ff3187f6 5710 ssh2_pkt_adduint32(s->pktout, 0);
e5574168 5711 }
0db56f73 5712
3dc9a6a7 5713 s->our_kexinitlen = s->pktout->length - 5;
5714 s->our_kexinit = snewn(s->our_kexinitlen, unsigned char);
5715 memcpy(s->our_kexinit, s->pktout->data + 5, s->our_kexinitlen);
0db56f73 5716
590f6a5f 5717 ssh2_pkt_send_noqueue(ssh, s->pktout);
e5574168 5718
ff3187f6 5719 if (!pktin)
0b106f61 5720 crWaitUntilV(pktin);
e5574168 5721
5722 /*
5723 * Now examine the other side's KEXINIT to see what we're up
5724 * to.
5725 */
51470298 5726 {
4763c1c2 5727 char *str, *preferred;
3d9449a1 5728 int i, j, len;
51470298 5729
ff3187f6 5730 if (pktin->type != SSH2_MSG_KEXINIT) {
6b5cf8b4 5731 bombout(("expected key exchange packet from server"));
0b106f61 5732 crStopV;
32874aea 5733 }
51470298 5734 ssh->kex = NULL;
5735 ssh->hostkey = NULL;
5736 s->cscipher_tobe = NULL;
5737 s->sccipher_tobe = NULL;
5738 s->csmac_tobe = NULL;
5739 s->scmac_tobe = NULL;
5740 s->cscomp_tobe = NULL;
5741 s->sccomp_tobe = NULL;
4763c1c2 5742 s->warn_kex = s->warn_cscipher = s->warn_sccipher = FALSE;
5743
ff3187f6 5744 pktin->savedpos += 16; /* skip garbage cookie */
5745 ssh_pkt_getstring(pktin, &str, &len); /* key exchange algorithms */
4763c1c2 5746
5747 preferred = NULL;
83e7d008 5748 for (i = 0; i < s->n_preferred_kex; i++) {
34557659 5749 const struct ssh_kexes *k = s->preferred_kex[i];
83e7d008 5750 if (!k) {
4763c1c2 5751 s->warn_kex = TRUE;
5752 } else {
34557659 5753 for (j = 0; j < k->nkexes; j++) {
5754 if (!preferred) preferred = k->list[j]->name;
5755 if (in_commasep_string(k->list[j]->name, str, len)) {
5756 ssh->kex = k->list[j];
5757 break;
5758 }
5759 }
83e7d008 5760 }
4763c1c2 5761 if (ssh->kex)
51470298 5762 break;
32874aea 5763 }
83e7d008 5764 if (!ssh->kex) {
5765 bombout(("Couldn't agree a key exchange algorithm (available: %s)",
5766 str ? str : "(null)"));
0b106f61 5767 crStopV;
83e7d008 5768 }
b59743d5 5769 /*
5770 * Note that the server's guess is considered wrong if it doesn't match
5771 * the first algorithm in our list, even if it's still the algorithm
5772 * we end up using.
5773 */
4763c1c2 5774 s->guessok = first_in_commasep_string(preferred, str, len);
ff3187f6 5775 ssh_pkt_getstring(pktin, &str, &len); /* host key algorithms */
51470298 5776 for (i = 0; i < lenof(hostkey_algs); i++) {
5777 if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
5778 ssh->hostkey = hostkey_algs[i];
5779 break;
5780 }
5781 }
fc40b431 5782 if (!ssh->hostkey) {
5783 bombout(("Couldn't agree a host key algorithm (available: %s)",
5784 str ? str : "(null)"));
0b106f61 5785 crStopV;
fc40b431 5786 }
5787
3d9449a1 5788 s->guessok = s->guessok &&
b59743d5 5789 first_in_commasep_string(hostkey_algs[0]->name, str, len);
ff3187f6 5790 ssh_pkt_getstring(pktin, &str, &len); /* client->server cipher */
51470298 5791 for (i = 0; i < s->n_preferred_ciphers; i++) {
5792 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5793 if (!c) {
4763c1c2 5794 s->warn_cscipher = TRUE;
51470298 5795 } else {
5796 for (j = 0; j < c->nciphers; j++) {
5797 if (in_commasep_string(c->list[j]->name, str, len)) {
5798 s->cscipher_tobe = c->list[j];
5799 break;
5800 }
ca20bfcf 5801 }
32874aea 5802 }
4763c1c2 5803 if (s->cscipher_tobe)
51470298 5804 break;
32874aea 5805 }
51470298 5806 if (!s->cscipher_tobe) {
6b5cf8b4 5807 bombout(("Couldn't agree a client-to-server cipher (available: %s)",
57356d63 5808 str ? str : "(null)"));
0b106f61 5809 crStopV;
ca20bfcf 5810 }
0ef8f407 5811
ff3187f6 5812 ssh_pkt_getstring(pktin, &str, &len); /* server->client cipher */
51470298 5813 for (i = 0; i < s->n_preferred_ciphers; i++) {
5814 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5815 if (!c) {
4763c1c2 5816 s->warn_sccipher = TRUE;
51470298 5817 } else {
5818 for (j = 0; j < c->nciphers; j++) {
5819 if (in_commasep_string(c->list[j]->name, str, len)) {
5820 s->sccipher_tobe = c->list[j];
5821 break;
5822 }
ca20bfcf 5823 }
32874aea 5824 }
4763c1c2 5825 if (s->sccipher_tobe)
51470298 5826 break;
32874aea 5827 }
51470298 5828 if (!s->sccipher_tobe) {
6b5cf8b4 5829 bombout(("Couldn't agree a server-to-client cipher (available: %s)",
57356d63 5830 str ? str : "(null)"));
0b106f61 5831 crStopV;
ca20bfcf 5832 }
0ef8f407 5833
ff3187f6 5834 ssh_pkt_getstring(pktin, &str, &len); /* client->server mac */
51470298 5835 for (i = 0; i < s->nmacs; i++) {
5836 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5837 s->csmac_tobe = s->maclist[i];
5838 break;
5839 }
32874aea 5840 }
ff3187f6 5841 ssh_pkt_getstring(pktin, &str, &len); /* server->client mac */
51470298 5842 for (i = 0; i < s->nmacs; i++) {
5843 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5844 s->scmac_tobe = s->maclist[i];
5845 break;
5846 }
32874aea 5847 }
ff3187f6 5848 ssh_pkt_getstring(pktin, &str, &len); /* client->server compression */
51470298 5849 for (i = 0; i < lenof(compressions) + 1; i++) {
5850 const struct ssh_compress *c =
5851 i == 0 ? s->preferred_comp : compressions[i - 1];
5852 if (in_commasep_string(c->name, str, len)) {
5853 s->cscomp_tobe = c;
5854 break;
ab18ccff 5855 } else if (in_commasep_string(c->delayed_name, str, len)) {
5856 if (s->userauth_succeeded) {
5857 s->cscomp_tobe = c;
5858 break;
5859 } else {
5860 s->pending_compression = TRUE; /* try this later */
5861 }
51470298 5862 }
32874aea 5863 }
ff3187f6 5864 ssh_pkt_getstring(pktin, &str, &len); /* server->client compression */
51470298 5865 for (i = 0; i < lenof(compressions) + 1; i++) {
5866 const struct ssh_compress *c =
5867 i == 0 ? s->preferred_comp : compressions[i - 1];
5868 if (in_commasep_string(c->name, str, len)) {
5869 s->sccomp_tobe = c;
5870 break;
ab18ccff 5871 } else if (in_commasep_string(c->delayed_name, str, len)) {
5872 if (s->userauth_succeeded) {
5873 s->sccomp_tobe = c;
5874 break;
5875 } else {
5876 s->pending_compression = TRUE; /* try this later */
5877 }
51470298 5878 }
32874aea 5879 }
ab18ccff 5880 if (s->pending_compression) {
5881 logevent("Server supports delayed compression; "
5882 "will try this later");
5883 }
b59743d5 5884 ssh_pkt_getstring(pktin, &str, &len); /* client->server language */
5885 ssh_pkt_getstring(pktin, &str, &len); /* server->client language */
4763c1c2 5886 s->ignorepkt = ssh2_pkt_getbool(pktin) && !s->guessok;
5887
5888 if (s->warn_kex) {
5889 ssh_set_frozen(ssh, 1);
5890 s->dlgret = askalg(ssh->frontend, "key-exchange algorithm",
5891 ssh->kex->name,
5892 ssh_dialog_callback, ssh);
5893 if (s->dlgret < 0) {
5894 do {
0b106f61 5895 crReturnV;
4763c1c2 5896 if (pktin) {
5897 bombout(("Unexpected data from server while"
5898 " waiting for user response"));
0b106f61 5899 crStopV;
4763c1c2 5900 }
5901 } while (pktin || inlen > 0);
5902 s->dlgret = ssh->user_response;
5903 }
5904 ssh_set_frozen(ssh, 0);
5905 if (s->dlgret == 0) {
9e296bfa 5906 ssh_disconnect(ssh, "User aborted at kex warning", NULL,
5907 0, TRUE);
0b106f61 5908 crStopV;
4763c1c2 5909 }
5910 }
5911
5912 if (s->warn_cscipher) {
5913 ssh_set_frozen(ssh, 1);
5914 s->dlgret = askalg(ssh->frontend,
5915 "client-to-server cipher",
5916 s->cscipher_tobe->name,
5917 ssh_dialog_callback, ssh);
5918 if (s->dlgret < 0) {
5919 do {
0b106f61 5920 crReturnV;
4763c1c2 5921 if (pktin) {
5922 bombout(("Unexpected data from server while"
5923 " waiting for user response"));
0b106f61 5924 crStopV;
4763c1c2 5925 }
5926 } while (pktin || inlen > 0);
5927 s->dlgret = ssh->user_response;
5928 }
5929 ssh_set_frozen(ssh, 0);
5930 if (s->dlgret == 0) {
9e296bfa 5931 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5932 0, TRUE);
0b106f61 5933 crStopV;
4763c1c2 5934 }
5935 }
5936
5937 if (s->warn_sccipher) {
5938 ssh_set_frozen(ssh, 1);
5939 s->dlgret = askalg(ssh->frontend,
5940 "server-to-client cipher",
5941 s->sccipher_tobe->name,
5942 ssh_dialog_callback, ssh);
5943 if (s->dlgret < 0) {
5944 do {
0b106f61 5945 crReturnV;
4763c1c2 5946 if (pktin) {
5947 bombout(("Unexpected data from server while"
5948 " waiting for user response"));
0b106f61 5949 crStopV;
4763c1c2 5950 }
5951 } while (pktin || inlen > 0);
5952 s->dlgret = ssh->user_response;
5953 }
5954 ssh_set_frozen(ssh, 0);
5955 if (s->dlgret == 0) {
9e296bfa 5956 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5957 0, TRUE);
0b106f61 5958 crStopV;
4763c1c2 5959 }
5960 }
5961
b672f405 5962 ssh->exhash = ssh->kex->hash->init();
5963 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c));
5964 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s));
5965 hash_string(ssh->kex->hash, ssh->exhash,
5966 s->our_kexinit, s->our_kexinitlen);
3dc9a6a7 5967 sfree(s->our_kexinit);
5968 if (pktin->length > 5)
b672f405 5969 hash_string(ssh->kex->hash, ssh->exhash,
5970 pktin->data + 5, pktin->length - 5);
3dc9a6a7 5971
4763c1c2 5972 if (s->ignorepkt) /* first_kex_packet_follows */
0b106f61 5973 crWaitUntilV(pktin); /* Ignore packet */
e5574168 5974 }
e5574168 5975
fae1a71b 5976 if (ssh->kex->main_type == KEXTYPE_DH) {
30774ba3 5977 /*
5978 * Work out the number of bits of key we will need from the
5979 * key exchange. We start with the maximum key length of
5980 * either cipher...
5981 */
5982 {
5983 int csbits, scbits;
5984
5985 csbits = s->cscipher_tobe->keylen;
5986 scbits = s->sccipher_tobe->keylen;
5987 s->nbits = (csbits > scbits ? csbits : scbits);
5988 }
5989 /* The keys only have hlen-bit entropy, since they're based on
5990 * a hash. So cap the key size at hlen bits. */
5991 if (s->nbits > ssh->kex->hash->hlen * 8)
5992 s->nbits = ssh->kex->hash->hlen * 8;
5993
5994 /*
5995 * If we're doing Diffie-Hellman group exchange, start by
5996 * requesting a group.
5997 */
5998 if (!ssh->kex->pdata) {
5999 logevent("Doing Diffie-Hellman group exchange");
acab36bc 6000 ssh->pkt_kctx = SSH2_PKTCTX_DHGEX;
30774ba3 6001 /*
6002 * Work out how big a DH group we will need to allow that
6003 * much data.
6004 */
6005 s->pbits = 512 << ((s->nbits - 1) / 64);
6006 s->pktout = ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST);
6007 ssh2_pkt_adduint32(s->pktout, s->pbits);
6008 ssh2_pkt_send_noqueue(ssh, s->pktout);
6009
0b106f61 6010 crWaitUntilV(pktin);
30774ba3 6011 if (pktin->type != SSH2_MSG_KEX_DH_GEX_GROUP) {
6012 bombout(("expected key exchange group packet from server"));
0b106f61 6013 crStopV;
30774ba3 6014 }
6015 s->p = ssh2_pkt_getmp(pktin);
6016 s->g = ssh2_pkt_getmp(pktin);
6017 if (!s->p || !s->g) {
6018 bombout(("unable to read mp-ints from incoming group packet"));
0b106f61 6019 crStopV;
30774ba3 6020 }
6021 ssh->kex_ctx = dh_setup_gex(s->p, s->g);
6022 s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
6023 s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
6024 } else {
acab36bc 6025 ssh->pkt_kctx = SSH2_PKTCTX_DHGROUP;
30774ba3 6026 ssh->kex_ctx = dh_setup_group(ssh->kex);
6027 s->kex_init_value = SSH2_MSG_KEXDH_INIT;
6028 s->kex_reply_value = SSH2_MSG_KEXDH_REPLY;
6029 logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"",
6030 ssh->kex->groupname);
6031 }
e5574168 6032
30774ba3 6033 logeventf(ssh, "Doing Diffie-Hellman key exchange with hash %s",
6034 ssh->kex->hash->text_name);
6035 /*
6036 * Now generate and send e for Diffie-Hellman.
6037 */
6038 set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */
6039 s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2);
6040 s->pktout = ssh2_pkt_init(s->kex_init_value);
6041 ssh2_pkt_addmp(s->pktout, s->e);
6042 ssh2_pkt_send_noqueue(ssh, s->pktout);
6043
6044 set_busy_status(ssh->frontend, BUSY_WAITING); /* wait for server */
0b106f61 6045 crWaitUntilV(pktin);
30774ba3 6046 if (pktin->type != s->kex_reply_value) {
6047 bombout(("expected key exchange reply packet from server"));
0b106f61 6048 crStopV;
30774ba3 6049 }
6050 set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
6051 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
6052 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
6053 s->f = ssh2_pkt_getmp(pktin);
6054 if (!s->f) {
6055 bombout(("unable to parse key exchange reply packet"));
0b106f61 6056 crStopV;
30774ba3 6057 }
6058 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
e5574168 6059
30774ba3 6060 s->K = dh_find_K(ssh->kex_ctx, s->f);
e5574168 6061
30774ba3 6062 /* We assume everything from now on will be quick, and it might
6063 * involve user interaction. */
6064 set_busy_status(ssh->frontend, BUSY_NOT);
755e0524 6065
30774ba3 6066 hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
6067 if (!ssh->kex->pdata) {
6068 hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
6069 hash_mpint(ssh->kex->hash, ssh->exhash, s->p);
6070 hash_mpint(ssh->kex->hash, ssh->exhash, s->g);
6071 }
6072 hash_mpint(ssh->kex->hash, ssh->exhash, s->e);
6073 hash_mpint(ssh->kex->hash, ssh->exhash, s->f);
6074
6075 dh_cleanup(ssh->kex_ctx);
6076 freebn(s->f);
6077 if (!ssh->kex->pdata) {
6078 freebn(s->g);
6079 freebn(s->p);
6080 }
fae1a71b 6081 } else {
6082 logeventf(ssh, "Doing RSA key exchange with hash %s",
6083 ssh->kex->hash->text_name);
acab36bc 6084 ssh->pkt_kctx = SSH2_PKTCTX_RSAKEX;
fae1a71b 6085 /*
6086 * RSA key exchange. First expect a KEXRSA_PUBKEY packet
6087 * from the server.
6088 */
0b106f61 6089 crWaitUntilV(pktin);
fae1a71b 6090 if (pktin->type != SSH2_MSG_KEXRSA_PUBKEY) {
6091 bombout(("expected RSA public key packet from server"));
0b106f61 6092 crStopV;
fae1a71b 6093 }
6094
6095 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
6096 hash_string(ssh->kex->hash, ssh->exhash,
6097 s->hostkeydata, s->hostkeylen);
6098 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
6099
6100 {
6101 char *keydata;
6102 ssh_pkt_getstring(pktin, &keydata, &s->rsakeylen);
6103 s->rsakeydata = snewn(s->rsakeylen, char);
6104 memcpy(s->rsakeydata, keydata, s->rsakeylen);
6105 }
6106
6107 s->rsakey = ssh_rsakex_newkey(s->rsakeydata, s->rsakeylen);
6108 if (!s->rsakey) {
6109 sfree(s->rsakeydata);
6110 bombout(("unable to parse RSA public key from server"));
0b106f61 6111 crStopV;
fae1a71b 6112 }
6113
6114 hash_string(ssh->kex->hash, ssh->exhash, s->rsakeydata, s->rsakeylen);
6115
6116 /*
6117 * Next, set up a shared secret K, of precisely KLEN -
6118 * 2*HLEN - 49 bits, where KLEN is the bit length of the
6119 * RSA key modulus and HLEN is the bit length of the hash
6120 * we're using.
6121 */
6122 {
6123 int klen = ssh_rsakex_klen(s->rsakey);
6124 int nbits = klen - (2*ssh->kex->hash->hlen*8 + 49);
6125 int i, byte = 0;
6126 unsigned char *kstr1, *kstr2, *outstr;
6127 int kstr1len, kstr2len, outstrlen;
6128
6129 s->K = bn_power_2(nbits - 1);
6130
6131 for (i = 0; i < nbits; i++) {
6132 if ((i & 7) == 0) {
6133 byte = random_byte();
6134 }
6135 bignum_set_bit(s->K, i, (byte >> (i & 7)) & 1);
6136 }
6137
6138 /*
6139 * Encode this as an mpint.
6140 */
6141 kstr1 = ssh2_mpint_fmt(s->K, &kstr1len);
6142 kstr2 = snewn(kstr2len = 4 + kstr1len, unsigned char);
6143 PUT_32BIT(kstr2, kstr1len);
6144 memcpy(kstr2 + 4, kstr1, kstr1len);
6145
6146 /*
6147 * Encrypt it with the given RSA key.
6148 */
6149 outstrlen = (klen + 7) / 8;
6150 outstr = snewn(outstrlen, unsigned char);
6151 ssh_rsakex_encrypt(ssh->kex->hash, kstr2, kstr2len,
6152 outstr, outstrlen, s->rsakey);
6153
6154 /*
6155 * And send it off in a return packet.
6156 */
6157 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXRSA_SECRET);
6158 ssh2_pkt_addstring_start(s->pktout);
7108a872 6159 ssh2_pkt_addstring_data(s->pktout, (char *)outstr, outstrlen);
fae1a71b 6160 ssh2_pkt_send_noqueue(ssh, s->pktout);
6161
6162 hash_string(ssh->kex->hash, ssh->exhash, outstr, outstrlen);
6163
6164 sfree(kstr2);
6165 sfree(kstr1);
6166 sfree(outstr);
6167 }
6168
6169 ssh_rsakex_freekey(s->rsakey);
6170
0b106f61 6171 crWaitUntilV(pktin);
fae1a71b 6172 if (pktin->type != SSH2_MSG_KEXRSA_DONE) {
6173 sfree(s->rsakeydata);
6174 bombout(("expected signature packet from server"));
0b106f61 6175 crStopV;
fae1a71b 6176 }
6177
6178 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
6179
6180 sfree(s->rsakeydata);
6181 }
6182
b672f405 6183 hash_mpint(ssh->kex->hash, ssh->exhash, s->K);
6184 assert(ssh->kex->hash->hlen <= sizeof(s->exchange_hash));
6185 ssh->kex->hash->final(ssh->exhash, s->exchange_hash);
e5574168 6186
fabd1805 6187 ssh->kex_ctx = NULL;
3709bfe9 6188
7cca0d81 6189#if 0
765c4200 6190 debug(("Exchange hash is:\n"));
b672f405 6191 dmemdump(s->exchange_hash, ssh->kex->hash->hlen);
7cca0d81 6192#endif
6193
51470298 6194 if (!s->hkey ||
6195 !ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
b672f405 6196 (char *)s->exchange_hash,
6197 ssh->kex->hash->hlen)) {
6b5cf8b4 6198 bombout(("Server's host key did not match the signature supplied"));
0b106f61 6199 crStopV;
8d5de777 6200 }
e5574168 6201
6202 /*
7cca0d81 6203 * Authenticate remote host: verify host key. (We've already
6204 * checked the signature of the exchange hash.)
e5574168 6205 */
51470298 6206 s->keystr = ssh->hostkey->fmtkey(s->hkey);
6207 s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
3d9449a1 6208 ssh_set_frozen(ssh, 1);
6209 s->dlgret = verify_ssh_host_key(ssh->frontend,
6210 ssh->savedhost, ssh->savedport,
6211 ssh->hostkey->keytype, s->keystr,
6212 s->fingerprint,
6213 ssh_dialog_callback, ssh);
6214 if (s->dlgret < 0) {
6215 do {
0b106f61 6216 crReturnV;
3d9449a1 6217 if (pktin) {
6218 bombout(("Unexpected data from server while waiting"
6219 " for user host key response"));
0b106f61 6220 crStopV;
3d9449a1 6221 }
6222 } while (pktin || inlen > 0);
6223 s->dlgret = ssh->user_response;
6224 }
6225 ssh_set_frozen(ssh, 0);
6226 if (s->dlgret == 0) {
9e296bfa 6227 ssh_disconnect(ssh, "User aborted at host key verification", NULL,
6228 0, TRUE);
0b106f61 6229 crStopV;
3d9449a1 6230 }
e13bba36 6231 if (!s->got_session_id) { /* don't bother logging this in rekeys */
5e0d7cb8 6232 logevent("Host key fingerprint is:");
51470298 6233 logevent(s->fingerprint);
5e0d7cb8 6234 }
51470298 6235 sfree(s->fingerprint);
6236 sfree(s->keystr);
6237 ssh->hostkey->freekey(s->hkey);
d39f364a 6238
6239 /*
9442dd57 6240 * The exchange hash from the very first key exchange is also
6241 * the session id, used in session key construction and
6242 * authentication.
6243 */
e13bba36 6244 if (!s->got_session_id) {
b672f405 6245 assert(sizeof(s->exchange_hash) <= sizeof(ssh->v2_session_id));
9442dd57 6246 memcpy(ssh->v2_session_id, s->exchange_hash,
6247 sizeof(s->exchange_hash));
b672f405 6248 ssh->v2_session_id_len = ssh->kex->hash->hlen;
6052bb76 6249 assert(ssh->v2_session_id_len <= sizeof(ssh->v2_session_id));
e13bba36 6250 s->got_session_id = TRUE;
6251 }
9442dd57 6252
6253 /*
7cca0d81 6254 * Send SSH2_MSG_NEWKEYS.
d39f364a 6255 */
ff3187f6 6256 s->pktout = ssh2_pkt_init(SSH2_MSG_NEWKEYS);
590f6a5f 6257 ssh2_pkt_send_noqueue(ssh, s->pktout);
9442dd57 6258 ssh->outgoing_data_size = 0; /* start counting from here */
6259
6260 /*
6261 * We've sent client NEWKEYS, so create and initialise
c64fe7d4 6262 * client-to-server session keys.
9442dd57 6263 */
6264 if (ssh->cs_cipher_ctx)
6265 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
6266 ssh->cscipher = s->cscipher_tobe;
6267 ssh->cs_cipher_ctx = ssh->cscipher->make_context();
6268
6269 if (ssh->cs_mac_ctx)
6270 ssh->csmac->free_context(ssh->cs_mac_ctx);
6271 ssh->csmac = s->csmac_tobe;
6272 ssh->cs_mac_ctx = ssh->csmac->make_context();
6273
6274 if (ssh->cs_comp_ctx)
6275 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
6276 ssh->cscomp = s->cscomp_tobe;
6277 ssh->cs_comp_ctx = ssh->cscomp->compress_init();
6278
6279 /*
6280 * Set IVs on client-to-server keys. Here we use the exchange
6281 * hash from the _first_ key exchange.
6282 */
6283 {
754c0df9 6284 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6285 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
b672f405 6286 ssh2_mkkey(ssh,s->K,s->exchange_hash,'C',keyspace);
754c0df9 6287 assert((ssh->cscipher->keylen+7) / 8 <=
6288 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
9442dd57 6289 ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace);
b672f405 6290 ssh2_mkkey(ssh,s->K,s->exchange_hash,'A',keyspace);
754c0df9 6291 assert(ssh->cscipher->blksize <=
6292 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
9442dd57 6293 ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace);
b672f405 6294 ssh2_mkkey(ssh,s->K,s->exchange_hash,'E',keyspace);
754c0df9 6295 assert(ssh->csmac->len <=
6296 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
9442dd57 6297 ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace);
dfb88efd 6298 smemclr(keyspace, sizeof(keyspace));
9442dd57 6299 }
6300
6301 logeventf(ssh, "Initialised %.200s client->server encryption",
6302 ssh->cscipher->text_name);
6303 logeventf(ssh, "Initialised %.200s client->server MAC algorithm",
6304 ssh->csmac->text_name);
6305 if (ssh->cscomp->text_name)
6306 logeventf(ssh, "Initialised %s compression",
6307 ssh->cscomp->text_name);
590f6a5f 6308
6309 /*
6310 * Now our end of the key exchange is complete, we can send all
6311 * our queued higher-layer packets.
6312 */
6313 ssh->queueing = FALSE;
6314 ssh2_pkt_queuesend(ssh);
d39f364a 6315
6316 /*
8406eaf9 6317 * Expect SSH2_MSG_NEWKEYS from server.
6318 */
0b106f61 6319 crWaitUntilV(pktin);
ff3187f6 6320 if (pktin->type != SSH2_MSG_NEWKEYS) {
6b5cf8b4 6321 bombout(("expected new-keys packet from server"));
0b106f61 6322 crStopV;
8406eaf9 6323 }
9442dd57 6324 ssh->incoming_data_size = 0; /* start counting from here */
8406eaf9 6325
6326 /*
9442dd57 6327 * We've seen server NEWKEYS, so create and initialise
6328 * server-to-client session keys.
d39f364a 6329 */
371e569c 6330 if (ssh->sc_cipher_ctx)
6331 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
51470298 6332 ssh->sccipher = s->sccipher_tobe;
371e569c 6333 ssh->sc_cipher_ctx = ssh->sccipher->make_context();
e0e1a00d 6334
e0e1a00d 6335 if (ssh->sc_mac_ctx)
6336 ssh->scmac->free_context(ssh->sc_mac_ctx);
51470298 6337 ssh->scmac = s->scmac_tobe;
e0e1a00d 6338 ssh->sc_mac_ctx = ssh->scmac->make_context();
6339
5366aed8 6340 if (ssh->sc_comp_ctx)
6341 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
51470298 6342 ssh->sccomp = s->sccomp_tobe;
5366aed8 6343 ssh->sc_comp_ctx = ssh->sccomp->decompress_init();
6344
d39f364a 6345 /*
9442dd57 6346 * Set IVs on server-to-client keys. Here we use the exchange
6347 * hash from the _first_ key exchange.
d39f364a 6348 */
51470298 6349 {
754c0df9 6350 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6351 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
b672f405 6352 ssh2_mkkey(ssh,s->K,s->exchange_hash,'D',keyspace);
754c0df9 6353 assert((ssh->sccipher->keylen+7) / 8 <=
6354 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
371e569c 6355 ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace);
b672f405 6356 ssh2_mkkey(ssh,s->K,s->exchange_hash,'B',keyspace);
754c0df9 6357 assert(ssh->sccipher->blksize <=
6358 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
371e569c 6359 ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace);
b672f405 6360 ssh2_mkkey(ssh,s->K,s->exchange_hash,'F',keyspace);
754c0df9 6361 assert(ssh->scmac->len <=
6362 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
e0e1a00d 6363 ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
dfb88efd 6364 smemclr(keyspace, sizeof(keyspace));
51470298 6365 }
57356d63 6366 logeventf(ssh, "Initialised %.200s server->client encryption",
6367 ssh->sccipher->text_name);
6c135243 6368 logeventf(ssh, "Initialised %.200s server->client MAC algorithm",
6369 ssh->scmac->text_name);
57356d63 6370 if (ssh->sccomp->text_name)
6371 logeventf(ssh, "Initialised %s decompression",
6372 ssh->sccomp->text_name);
9442dd57 6373
6374 /*
fae1a71b 6375 * Free shared secret.
9442dd57 6376 */
679539d7 6377 freebn(s->K);
d39f364a 6378
033b4cef 6379 /*
e13bba36 6380 * Key exchange is over. Loop straight back round if we have a
6381 * deferred rekey reason.
6382 */
6383 if (ssh->deferred_rekey_reason) {
6384 logevent(ssh->deferred_rekey_reason);
6385 pktin = NULL;
6386 ssh->deferred_rekey_reason = NULL;
6387 goto begin_key_exchange;
6388 }
6389
6390 /*
6391 * Otherwise, schedule a timer for our next rekey.
9442dd57 6392 */
6393 ssh->kex_in_progress = FALSE;
e6c1536e 6394 ssh->last_rekey = GETTICKCOUNT();
4a693cfc 6395 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0)
6396 ssh->next_rekey = schedule_timer(conf_get_int(ssh->conf, CONF_ssh_rekey_time)*60*TICKSPERSEC,
d57f70af 6397 ssh2_timer, ssh);
e13bba36 6398
9442dd57 6399 /*
7cca0d81 6400 * Now we're encrypting. Begin returning 1 to the protocol main
6401 * function so that other things can run on top of the
6402 * transport. If we ever see a KEXINIT, we must go back to the
6403 * start.
9442dd57 6404 *
6405 * We _also_ go back to the start if we see pktin==NULL and
ab18ccff 6406 * inlen negative, because this is a special signal meaning
9442dd57 6407 * `initiate client-driven rekey', and `in' contains a message
6408 * giving the reason for the rekey.
ab18ccff 6409 *
6410 * inlen==-1 means always initiate a rekey;
6411 * inlen==-2 means that userauth has completed successfully and
6412 * we should consider rekeying (for delayed compression).
033b4cef 6413 */
9442dd57 6414 while (!((pktin && pktin->type == SSH2_MSG_KEXINIT) ||
ab18ccff 6415 (!pktin && inlen < 0))) {
f382c87d 6416 wait_for_rekey:
bc074147 6417 if (!ssh->protocol_initial_phase_done) {
6418 ssh->protocol_initial_phase_done = TRUE;
6419 /*
6420 * Allow authconn to initialise itself.
6421 */
6422 do_ssh2_authconn(ssh, NULL, 0, NULL);
6423 }
0b106f61 6424 crReturnV;
e96adf72 6425 }
9442dd57 6426 if (pktin) {
6427 logevent("Server initiated key re-exchange");
6428 } else {
ab18ccff 6429 if (inlen == -2) {
6430 /*
6431 * authconn has seen a USERAUTH_SUCCEEDED. Time to enable
6432 * delayed compression, if it's available.
6433 *
6434 * draft-miller-secsh-compression-delayed-00 says that you
6435 * negotiate delayed compression in the first key exchange, and
6436 * both sides start compressing when the server has sent
6437 * USERAUTH_SUCCESS. This has a race condition -- the server
6438 * can't know when the client has seen it, and thus which incoming
6439 * packets it should treat as compressed.
6440 *
6441 * Instead, we do the initial key exchange without offering the
6442 * delayed methods, but note if the server offers them; when we
6443 * get here, if a delayed method was available that was higher
6444 * on our list than what we got, we initiate a rekey in which we
6445 * _do_ list the delayed methods (and hopefully get it as a
6446 * result). Subsequent rekeys will do the same.
6447 */
6448 assert(!s->userauth_succeeded); /* should only happen once */
6449 s->userauth_succeeded = TRUE;
6450 if (!s->pending_compression)
6451 /* Can't see any point rekeying. */
6452 goto wait_for_rekey; /* this is utterly horrid */
6453 /* else fall through to rekey... */
6454 s->pending_compression = FALSE;
6455 }
f382c87d 6456 /*
ab18ccff 6457 * Now we've decided to rekey.
6458 *
f382c87d 6459 * Special case: if the server bug is set that doesn't
6460 * allow rekeying, we give a different log message and
6461 * continue waiting. (If such a server _initiates_ a rekey,
6462 * we process it anyway!)
6463 */
6464 if ((ssh->remote_bugs & BUG_SSH2_REKEY)) {
6465 logeventf(ssh, "Server bug prevents key re-exchange (%s)",
6466 (char *)in);
6467 /* Reset the counters, so that at least this message doesn't
6468 * hit the event log _too_ often. */
6469 ssh->outgoing_data_size = 0;
6470 ssh->incoming_data_size = 0;
4a693cfc 6471 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0) {
f382c87d 6472 ssh->next_rekey =
4a693cfc 6473 schedule_timer(conf_get_int(ssh->conf, CONF_ssh_rekey_time)*60*TICKSPERSEC,
f382c87d 6474 ssh2_timer, ssh);
6475 }
ab18ccff 6476 goto wait_for_rekey; /* this is still utterly horrid */
f382c87d 6477 } else {
6478 logeventf(ssh, "Initiating key re-exchange (%s)", (char *)in);
f382c87d 6479 }
9442dd57 6480 }
7cca0d81 6481 goto begin_key_exchange;
e5574168 6482
0b106f61 6483 crFinishV;
e5574168 6484}
6485
7cca0d81 6486/*
2e85c969 6487 * Add data to an SSH-2 channel output buffer.
783415f8 6488 */
32874aea 6489static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
6490 int len)
6491{
5471d09a 6492 bufchain_add(&c->v.v2.outbuffer, buf, len);
783415f8 6493}
6494
6495/*
2e85c969 6496 * Attempt to send data on an SSH-2 channel.
783415f8 6497 */
5471d09a 6498static int ssh2_try_send(struct ssh_channel *c)
32874aea 6499{
51470298 6500 Ssh ssh = c->ssh;
ff3187f6 6501 struct Packet *pktout;
bc06669b 6502 int ret;
51470298 6503
5471d09a 6504 while (c->v.v2.remwindow > 0 && bufchain_size(&c->v.v2.outbuffer) > 0) {
6505 int len;
6506 void *data;
6507 bufchain_prefix(&c->v.v2.outbuffer, &data, &len);
6508 if ((unsigned)len > c->v.v2.remwindow)
6509 len = c->v.v2.remwindow;
6510 if ((unsigned)len > c->v.v2.remmaxpkt)
6511 len = c->v.v2.remmaxpkt;
ff3187f6 6512 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA);
6513 ssh2_pkt_adduint32(pktout, c->remoteid);
ff3187f6 6514 ssh2_pkt_addstring_start(pktout);
a2724fba 6515 dont_log_data(ssh, pktout, PKTLOG_OMIT);
ff3187f6 6516 ssh2_pkt_addstring_data(pktout, data, len);
6517 end_log_omission(ssh, pktout);
6518 ssh2_pkt_send(ssh, pktout);
5471d09a 6519 bufchain_consume(&c->v.v2.outbuffer, len);
6520 c->v.v2.remwindow -= len;
6521 }
6522
6523 /*
6524 * After having sent as much data as we can, return the amount
6525 * still buffered.
6526 */
bc06669b 6527 ret = bufchain_size(&c->v.v2.outbuffer);
6528
6529 /*
6530 * And if there's no data pending but we need to send an EOF, send
6531 * it.
6532 */
6533 if (!ret && c->pending_eof)
6534 ssh_channel_try_eof(c);
6535
6536 return ret;
5471d09a 6537}
6538
78280721 6539static void ssh2_try_send_and_unthrottle(Ssh ssh, struct ssh_channel *c)
1bfc7e93 6540{
6541 int bufsize;
bc06669b 6542 if (c->closes & CLOSES_SENT_EOF)
6543 return; /* don't send on channels we've EOFed */
1bfc7e93 6544 bufsize = ssh2_try_send(c);
6545 if (bufsize == 0) {
6546 switch (c->type) {
6547 case CHAN_MAINSESSION:
6548 /* stdin need not receive an unthrottle
6549 * notification since it will be polled */
6550 break;
6551 case CHAN_X11:
6552 x11_unthrottle(c->u.x11.s);
6553 break;
6554 case CHAN_AGENT:
6555 /* agent sockets are request/response and need no
6556 * buffer management */
6557 break;
6558 case CHAN_SOCKDATA:
6559 pfd_unthrottle(c->u.pfd.s);
6560 break;
6561 }
6562 }
6563}
6564
5471d09a 6565/*
94bdfe40 6566 * Set up most of a new ssh_channel for SSH-2.
6567 */
6568static void ssh2_channel_init(struct ssh_channel *c)
6569{
6570 Ssh ssh = c->ssh;
6571 c->localid = alloc_channel_id(ssh);
6572 c->closes = 0;
bc06669b 6573 c->pending_eof = FALSE;
94bdfe40 6574 c->throttling_conn = FALSE;
6575 c->v.v2.locwindow = c->v.v2.locmaxwin = c->v.v2.remlocwin =
4a693cfc 6576 conf_get_int(ssh->conf, CONF_ssh_simple) ? OUR_V2_BIGWIN : OUR_V2_WINSIZE;
39d830e4 6577 c->v.v2.chanreq_head = NULL;
94bdfe40 6578 c->v.v2.throttle_state = UNTHROTTLED;
6579 bufchain_init(&c->v.v2.outbuffer);
6580}
6581
6582/*
39d830e4 6583 * CHANNEL_FAILURE doesn't come with any indication of what message
6584 * caused it, so we have to keep track of the outstanding
6585 * CHANNEL_REQUESTs ourselves.
6586 */
6587static void ssh2_queue_chanreq_handler(struct ssh_channel *c,
6588 cchandler_fn_t handler, void *ctx)
6589{
6590 struct outstanding_channel_request *ocr =
6591 snew(struct outstanding_channel_request);
6592
3620f307 6593 assert(!(c->closes & (CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE)));
39d830e4 6594 ocr->handler = handler;
6595 ocr->ctx = ctx;
6596 ocr->next = NULL;
6597 if (!c->v.v2.chanreq_head)
6598 c->v.v2.chanreq_head = ocr;
6599 else
6600 c->v.v2.chanreq_tail->next = ocr;
6601 c->v.v2.chanreq_tail = ocr;
6602}
6603
6604/*
134f5ece 6605 * Construct the common parts of a CHANNEL_REQUEST. If handler is not
6606 * NULL then a reply will be requested and the handler will be called
6607 * when it arrives. The returned packet is ready to have any
6608 * request-specific data added and be sent. Note that if a handler is
6609 * provided, it's essential that the request actually be sent.
3620f307 6610 *
6611 * The handler will usually be passed the response packet in pktin.
6612 * If pktin is NULL, this means that no reply will ever be forthcoming
6613 * (e.g. because the entire connection is being destroyed) and the
6614 * handler should free any storage it's holding.
134f5ece 6615 */
6616static struct Packet *ssh2_chanreq_init(struct ssh_channel *c, char *type,
6617 cchandler_fn_t handler, void *ctx)
6618{
6619 struct Packet *pktout;
6620
3620f307 6621 assert(!(c->closes & (CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE)));
134f5ece 6622 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
6623 ssh2_pkt_adduint32(pktout, c->remoteid);
6624 ssh2_pkt_addstring(pktout, type);
6625 ssh2_pkt_addbool(pktout, handler != NULL);
6626 if (handler != NULL)
6627 ssh2_queue_chanreq_handler(c, handler, ctx);
6628 return pktout;
6629}
6630
6631/*
2e85c969 6632 * Potentially enlarge the window on an SSH-2 channel.
5471d09a 6633 */
39d830e4 6634static void ssh2_handle_winadj_response(struct ssh_channel *, struct Packet *,
6635 void *);
9fca3f8c 6636static void ssh2_set_window(struct ssh_channel *c, int newwin)
5471d09a 6637{
51470298 6638 Ssh ssh = c->ssh;
6639
6b69f42e 6640 /*
bc06669b 6641 * Never send WINDOW_ADJUST for a channel that the remote side has
6642 * already sent EOF on; there's no point, since it won't be
beff003a 6643 * sending any more data anyway. Ditto if _we've_ already sent
6644 * CLOSE.
6b69f42e 6645 */
beff003a 6646 if (c->closes & (CLOSES_RCVD_EOF | CLOSES_SENT_CLOSE))
6b69f42e 6647 return;
6648
d252310a 6649 /*
c9739dba 6650 * If the remote end has a habit of ignoring maxpkt, limit the
6651 * window so that it has no choice (assuming it doesn't ignore the
6652 * window as well).
6653 */
6654 if ((ssh->remote_bugs & BUG_SSH2_MAXPKT) && newwin > OUR_V2_MAXPKT)
6655 newwin = OUR_V2_MAXPKT;
c9739dba 6656
6657 /*
d252310a 6658 * Only send a WINDOW_ADJUST if there's significantly more window
6659 * available than the other end thinks there is. This saves us
6660 * sending a WINDOW_ADJUST for every character in a shell session.
6661 *
6662 * "Significant" is arbitrarily defined as half the window size.
6663 */
3361b80a 6664 if (newwin / 2 >= c->v.v2.locwindow) {
ff3187f6 6665 struct Packet *pktout;
39d830e4 6666 unsigned *up;
ff3187f6 6667
0e443c99 6668 /*
6669 * In order to keep track of how much window the client
6670 * actually has available, we'd like it to acknowledge each
6671 * WINDOW_ADJUST. We can't do that directly, so we accompany
6672 * it with a CHANNEL_REQUEST that has to be acknowledged.
6673 *
6674 * This is only necessary if we're opening the window wide.
6675 * If we're not, then throughput is being constrained by
6676 * something other than the maximum window size anyway.
0e443c99 6677 */
6678 if (newwin == c->v.v2.locmaxwin &&
2e0aae4f 6679 !(ssh->remote_bugs & BUG_CHOKES_ON_WINADJ)) {
39d830e4 6680 up = snew(unsigned);
6681 *up = newwin - c->v.v2.locwindow;
134f5ece 6682 pktout = ssh2_chanreq_init(c, "winadj@putty.projects.tartarus.org",
6683 ssh2_handle_winadj_response, up);
6684 ssh2_pkt_send(ssh, pktout);
6685
0e443c99 6686 if (c->v.v2.throttle_state != UNTHROTTLED)
6687 c->v.v2.throttle_state = UNTHROTTLING;
6688 } else {
6689 /* Pretend the WINDOW_ADJUST was acked immediately. */
6690 c->v.v2.remlocwin = newwin;
6691 c->v.v2.throttle_state = THROTTLED;
6692 }
ff3187f6 6693 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
6694 ssh2_pkt_adduint32(pktout, c->remoteid);
6695 ssh2_pkt_adduint32(pktout, newwin - c->v.v2.locwindow);
6696 ssh2_pkt_send(ssh, pktout);
5471d09a 6697 c->v.v2.locwindow = newwin;
783415f8 6698 }
6699}
6700
e223b7c7 6701/*
6702 * Find the channel associated with a message. If there's no channel,
6703 * or it's not properly open, make a noise about it and return NULL.
6704 */
6705static struct ssh_channel *ssh2_channel_msg(Ssh ssh, struct Packet *pktin)
6706{
6707 unsigned localid = ssh_pkt_getuint32(pktin);
6708 struct ssh_channel *c;
6709
6710 c = find234(ssh->channels, &localid, ssh_channelfind);
6711 if (!c ||
6712 (c->halfopen && pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION &&
6713 pktin->type != SSH2_MSG_CHANNEL_OPEN_FAILURE)) {
6714 char *buf = dupprintf("Received %s for %s channel %u",
6715 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
6716 pktin->type),
6717 c ? "half-open" : "nonexistent", localid);
6718 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6719 sfree(buf);
6720 return NULL;
6721 }
6722 return c;
6723}
6724
39d830e4 6725static void ssh2_handle_winadj_response(struct ssh_channel *c,
6726 struct Packet *pktin, void *ctx)
e030765f 6727{
39d830e4 6728 unsigned *sizep = ctx;
6729
6730 /*
6731 * Winadj responses should always be failures. However, at least
6732 * one server ("boks_sshd") is known to return SUCCESS for channel
6733 * requests it's never heard of, such as "winadj@putty". Raised
6734 * with foxt.com as bug 090916-090424, but for the sake of a quiet
6735 * life, we don't worry about what kind of response we got.
6736 */
6737
6738 c->v.v2.remlocwin += *sizep;
6739 sfree(sizep);
e030765f 6740 /*
6741 * winadj messages are only sent when the window is fully open, so
6742 * if we get an ack of one, we know any pending unthrottle is
6743 * complete.
6744 */
6745 if (c->v.v2.throttle_state == UNTHROTTLING)
6746 c->v.v2.throttle_state = UNTHROTTLED;
e030765f 6747}
6748
39d830e4 6749static void ssh2_msg_channel_response(Ssh ssh, struct Packet *pktin)
837d6ba6 6750{
39d830e4 6751 struct ssh_channel *c = ssh2_channel_msg(ssh, pktin);
6752 struct outstanding_channel_request *ocr;
837d6ba6 6753
39d830e4 6754 if (!c) return;
6755 ocr = c->v.v2.chanreq_head;
6756 if (!ocr) {
6757 ssh2_msg_unexpected(ssh, pktin);
837d6ba6 6758 return;
39d830e4 6759 }
6760 ocr->handler(c, pktin, ocr->ctx);
6761 c->v.v2.chanreq_head = ocr->next;
6762 sfree(ocr);
0e443c99 6763 /*
39d830e4 6764 * We may now initiate channel-closing procedures, if that
6765 * CHANNEL_REQUEST was the last thing outstanding before we send
6766 * CHANNEL_CLOSE.
0e443c99 6767 */
39d830e4 6768 ssh2_channel_check_close(c);
0e443c99 6769}
6770
51df0ab5 6771static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)
b09eaa88 6772{
b09eaa88 6773 struct ssh_channel *c;
e223b7c7 6774 c = ssh2_channel_msg(ssh, pktin);
6775 if (!c)
6776 return;
bc06669b 6777 if (!(c->closes & CLOSES_SENT_EOF)) {
b09eaa88 6778 c->v.v2.remwindow += ssh_pkt_getuint32(pktin);
78280721 6779 ssh2_try_send_and_unthrottle(ssh, c);
1bfc7e93 6780 }
b09eaa88 6781}
6782
51df0ab5 6783static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
6784{
6785 char *data;
6d44acc9 6786 int length;
51df0ab5 6787 struct ssh_channel *c;
e223b7c7 6788 c = ssh2_channel_msg(ssh, pktin);
51df0ab5 6789 if (!c)
e223b7c7 6790 return;
51df0ab5 6791 if (pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA &&
6792 ssh_pkt_getuint32(pktin) != SSH2_EXTENDED_DATA_STDERR)
6793 return; /* extended but not stderr */
6794 ssh_pkt_getstring(pktin, &data, &length);
6795 if (data) {
6796 int bufsize = 0;
6797 c->v.v2.locwindow -= length;
0e443c99 6798 c->v.v2.remlocwin -= length;
51df0ab5 6799 switch (c->type) {
6800 case CHAN_MAINSESSION:
6801 bufsize =
6802 from_backend(ssh->frontend, pktin->type ==
6803 SSH2_MSG_CHANNEL_EXTENDED_DATA,
6804 data, length);
6805 break;
6806 case CHAN_X11:
6807 bufsize = x11_send(c->u.x11.s, data, length);
6808 break;
6809 case CHAN_SOCKDATA:
6810 bufsize = pfd_send(c->u.pfd.s, data, length);
6811 break;
6812 case CHAN_AGENT:
6813 while (length > 0) {
6814 if (c->u.a.lensofar < 4) {
62ddb51e 6815 unsigned int l = min(4 - c->u.a.lensofar,
6816 (unsigned)length);
51df0ab5 6817 memcpy(c->u.a.msglen + c->u.a.lensofar,
6818 data, l);
6819 data += l;
6820 length -= l;
6821 c->u.a.lensofar += l;
6822 }
6823 if (c->u.a.lensofar == 4) {
6824 c->u.a.totallen =
6825 4 + GET_32BIT(c->u.a.msglen);
6826 c->u.a.message = snewn(c->u.a.totallen,
6827 unsigned char);
6828 memcpy(c->u.a.message, c->u.a.msglen, 4);
6829 }
6830 if (c->u.a.lensofar >= 4 && length > 0) {
aa63ab7e 6831 unsigned int l =
51df0ab5 6832 min(c->u.a.totallen - c->u.a.lensofar,
62ddb51e 6833 (unsigned)length);
51df0ab5 6834 memcpy(c->u.a.message + c->u.a.lensofar,
6835 data, l);
6836 data += l;
6837 length -= l;
6838 c->u.a.lensofar += l;
6839 }
6840 if (c->u.a.lensofar == c->u.a.totallen) {
6841 void *reply;
6842 int replylen;
6843 if (agent_query(c->u.a.message,
6844 c->u.a.totallen,
6845 &reply, &replylen,
6846 ssh_agentf_callback, c))
6847 ssh_agentf_callback(c, reply, replylen);
6848 sfree(c->u.a.message);
bc06669b 6849 c->u.a.message = NULL;
51df0ab5 6850 c->u.a.lensofar = 0;
6851 }
6852 }
6853 bufsize = 0;
6854 break;
6855 }
6856 /*
0e443c99 6857 * If it looks like the remote end hit the end of its window,
6858 * and we didn't want it to do that, think about using a
6859 * larger window.
6860 */
6861 if (c->v.v2.remlocwin <= 0 && c->v.v2.throttle_state == UNTHROTTLED &&
6862 c->v.v2.locmaxwin < 0x40000000)
6863 c->v.v2.locmaxwin += OUR_V2_WINSIZE;
6864 /*
51df0ab5 6865 * If we are not buffering too much data,
6866 * enlarge the window again at the remote side.
467e064d 6867 * If we are buffering too much, we may still
6868 * need to adjust the window if the server's
6869 * sent excess data.
51df0ab5 6870 */
9b53e9b8 6871 ssh2_set_window(c, bufsize < c->v.v2.locmaxwin ?
6872 c->v.v2.locmaxwin - bufsize : 0);
ff68564b 6873 /*
6874 * If we're either buffering way too much data, or if we're
6875 * buffering anything at all and we're in "simple" mode,
6876 * throttle the whole channel.
6877 */
6878 if ((bufsize > c->v.v2.locmaxwin ||
4a693cfc 6879 (conf_get_int(ssh->conf, CONF_ssh_simple) && bufsize > 0)) &&
ff68564b 6880 !c->throttling_conn) {
6881 c->throttling_conn = 1;
6882 ssh_throttle_conn(ssh, +1);
6883 }
51df0ab5 6884 }
6885}
6886
bc06669b 6887static void ssh_channel_destroy(struct ssh_channel *c)
51df0ab5 6888{
bc06669b 6889 Ssh ssh = c->ssh;
51df0ab5 6890
bc06669b 6891 switch (c->type) {
6892 case CHAN_MAINSESSION:
6893 ssh->mainchan = NULL;
6894 update_specials_menu(ssh->frontend);
6895 break;
6896 case CHAN_X11:
6897 if (c->u.x11.s != NULL)
6898 x11_close(c->u.x11.s);
6899 logevent("Forwarded X11 connection terminated");
6900 break;
6901 case CHAN_AGENT:
6902 sfree(c->u.a.message);
6903 break;
6904 case CHAN_SOCKDATA:
6905 if (c->u.pfd.s != NULL)
6906 pfd_close(c->u.pfd.s);
6907 logevent("Forwarded port closed");
6908 break;
6909 }
6910
6911 del234(ssh->channels, c);
3620f307 6912 if (ssh->version == 2) {
bc06669b 6913 bufchain_clear(&c->v.v2.outbuffer);
3620f307 6914 assert(c->v.v2.chanreq_head == NULL);
6915 }
bc06669b 6916 sfree(c);
6917
6918 /*
6919 * See if that was the last channel left open.
6920 * (This is only our termination condition if we're
6921 * not running in -N mode.)
6922 */
6923 if (ssh->version == 2 &&
6924 !conf_get_int(ssh->conf, CONF_ssh_no_shell) &&
6925 count234(ssh->channels) == 0) {
6926 /*
6927 * We used to send SSH_MSG_DISCONNECT here,
6928 * because I'd believed that _every_ conforming
6929 * SSH-2 connection had to end with a disconnect
6930 * being sent by at least one side; apparently
6931 * I was wrong and it's perfectly OK to
6932 * unceremoniously slam the connection shut
6933 * when you're done, and indeed OpenSSH feels
6934 * this is more polite than sending a
6935 * DISCONNECT. So now we don't.
6936 */
6937 ssh_disconnect(ssh, "All channels closed", NULL, 0, TRUE);
6938 }
6939}
6940
6941static void ssh2_channel_check_close(struct ssh_channel *c)
6942{
6943 Ssh ssh = c->ssh;
6944 struct Packet *pktout;
6945
04120005 6946 if ((!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes) ||
6947 c->type == CHAN_ZOMBIE) &&
6948 !c->v.v2.chanreq_head &&
6949 !(c->closes & CLOSES_SENT_CLOSE)) {
bc06669b 6950 /*
04120005 6951 * We have both sent and received EOF (or the channel is a
6952 * zombie), and we have no outstanding channel requests, which
6953 * means the channel is in final wind-up. But we haven't sent
6954 * CLOSE, so let's do so now.
bc06669b 6955 */
6956 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6957 ssh2_pkt_adduint32(pktout, c->remoteid);
6958 ssh2_pkt_send(ssh, pktout);
04120005 6959 c->closes |= CLOSES_SENT_EOF | CLOSES_SENT_CLOSE;
bc06669b 6960 }
6961
6962 if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes)) {
3620f307 6963 assert(c->v.v2.chanreq_head == NULL);
bc06669b 6964 /*
6965 * We have both sent and received CLOSE, which means we're
6966 * completely done with the channel.
6967 */
6968 ssh_channel_destroy(c);
6969 }
6970}
6971
6972static void ssh2_channel_got_eof(struct ssh_channel *c)
6973{
6974 if (c->closes & CLOSES_RCVD_EOF)
6975 return; /* already seen EOF */
6976 c->closes |= CLOSES_RCVD_EOF;
51df0ab5 6977
6978 if (c->type == CHAN_X11) {
bc06669b 6979 x11_send_eof(c->u.x11.s);
51df0ab5 6980 } else if (c->type == CHAN_AGENT) {
bc06669b 6981 /* Manufacture an outgoing EOF in response to the incoming one. */
6982 sshfwd_write_eof(c);
51df0ab5 6983 } else if (c->type == CHAN_SOCKDATA) {
bc06669b 6984 pfd_send_eof(c->u.pfd.s);
6985 } else if (c->type == CHAN_MAINSESSION) {
6986 Ssh ssh = c->ssh;
6987
4a202fc6 6988 if (!ssh->sent_console_eof &&
6989 (from_backend_eof(ssh->frontend) || ssh->got_pty)) {
bc06669b 6990 /*
4a202fc6 6991 * Either from_backend_eof told us that the front end
6992 * wants us to close the outgoing side of the connection
6993 * as soon as we see EOF from the far end, or else we've
6994 * unilaterally decided to do that because we've allocated
6995 * a remote pty and hence EOF isn't a particularly
6996 * meaningful concept.
bc06669b 6997 */
6998 sshfwd_write_eof(c);
6999 }
7000 ssh->sent_console_eof = TRUE;
51df0ab5 7001 }
bc06669b 7002
7003 ssh2_channel_check_close(c);
7004}
7005
7006static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)
7007{
7008 struct ssh_channel *c;
7009
7010 c = ssh2_channel_msg(ssh, pktin);
7011 if (!c)
7012 return;
7013 ssh2_channel_got_eof(c);
51df0ab5 7014}
7015
7016static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
7017{
51df0ab5 7018 struct ssh_channel *c;
51df0ab5 7019
e223b7c7 7020 c = ssh2_channel_msg(ssh, pktin);
7021 if (!c)
51df0ab5 7022 return;
51df0ab5 7023
7024 /*
bc06669b 7025 * When we receive CLOSE on a channel, we assume it comes with an
7026 * implied EOF if we haven't seen EOF yet.
51df0ab5 7027 */
bc06669b 7028 ssh2_channel_got_eof(c);
7029
7030 /*
3effbcf2 7031 * And we also send an outgoing EOF, if we haven't already, on the
7032 * assumption that CLOSE is a pretty forceful announcement that
7033 * the remote side is doing away with the entire channel. (If it
7034 * had wanted to send us EOF and continue receiving data from us,
7035 * it would have just sent CHANNEL_EOF.)
3effbcf2 7036 */
a699eb41 7037 if (!(c->closes & CLOSES_SENT_EOF)) {
7038 /*
7039 * Make sure we don't read any more from whatever our local
7040 * data source is for this channel.
7041 */
7042 switch (c->type) {
7043 case CHAN_MAINSESSION:
7044 ssh->send_ok = 0; /* stop trying to read from stdin */
7045 break;
7046 case CHAN_X11:
7047 x11_override_throttle(c->u.x11.s, 1);
7048 break;
7049 case CHAN_SOCKDATA:
7050 pfd_override_throttle(c->u.pfd.s, 1);
7051 break;
7052 }
7053
7054 /*
7055 * Send outgoing EOF.
7056 */
7539afa2 7057 sshfwd_write_eof(c);
3effbcf2 7058 }
7059
7060 /*
bc06669b 7061 * Now process the actual close.
7062 */
7063 if (!(c->closes & CLOSES_RCVD_CLOSE)) {
7064 c->closes |= CLOSES_RCVD_CLOSE;
7065 ssh2_channel_check_close(c);
51df0ab5 7066 }
7067}
7068
7069static void ssh2_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
7070{
51df0ab5 7071 struct ssh_channel *c;
51df0ab5 7072
e223b7c7 7073 c = ssh2_channel_msg(ssh, pktin);
51df0ab5 7074 if (!c)
e223b7c7 7075 return;
51df0ab5 7076 if (c->type != CHAN_SOCKDATA_DORMANT)
7077 return; /* dunno why they're confirming this */
7078 c->remoteid = ssh_pkt_getuint32(pktin);
64d6ff88 7079 c->halfopen = FALSE;
51df0ab5 7080 c->type = CHAN_SOCKDATA;
7081 c->v.v2.remwindow = ssh_pkt_getuint32(pktin);
7082 c->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
7083 if (c->u.pfd.s)
7084 pfd_confirm(c->u.pfd.s);
bc06669b 7085 if (c->pending_eof)
7086 ssh_channel_try_eof(c);
51df0ab5 7087}
7088
7089static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
7090{
7091 static const char *const reasons[] = {
7092 "<unknown reason code>",
7093 "Administratively prohibited",
7094 "Connect failed",
7095 "Unknown channel type",
7096 "Resource shortage",
7097 };
51df0ab5 7098 unsigned reason_code;
7099 char *reason_string;
7100 int reason_length;
51df0ab5 7101 struct ssh_channel *c;
e223b7c7 7102 c = ssh2_channel_msg(ssh, pktin);
51df0ab5 7103 if (!c)
e223b7c7 7104 return;
51df0ab5 7105 if (c->type != CHAN_SOCKDATA_DORMANT)
7106 return; /* dunno why they're failing this */
7107
7108 reason_code = ssh_pkt_getuint32(pktin);
7109 if (reason_code >= lenof(reasons))
7110 reason_code = 0; /* ensure reasons[reason_code] in range */
7111 ssh_pkt_getstring(pktin, &reason_string, &reason_length);
fb983202 7112 logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]",
7113 reasons[reason_code], reason_length, reason_string);
51df0ab5 7114
7115 pfd_close(c->u.pfd.s);
7116
7117 del234(ssh->channels, c);
7118 sfree(c);
7119}
7120
7121static void ssh2_msg_channel_request(Ssh ssh, struct Packet *pktin)
7122{
51df0ab5 7123 char *type;
7124 int typelen, want_reply;
7125 int reply = SSH2_MSG_CHANNEL_FAILURE; /* default */
7126 struct ssh_channel *c;
7127 struct Packet *pktout;
7128
e223b7c7 7129 c = ssh2_channel_msg(ssh, pktin);
7130 if (!c)
7131 return;
51df0ab5 7132 ssh_pkt_getstring(pktin, &type, &typelen);
7133 want_reply = ssh2_pkt_getbool(pktin);
7134
7135 /*
51df0ab5 7136 * Having got the channel number, we now look at
7137 * the request type string to see if it's something
7138 * we recognise.
7139 */
7140 if (c == ssh->mainchan) {
7141 /*
7142 * We recognise "exit-status" and "exit-signal" on
7143 * the primary channel.
7144 */
7145 if (typelen == 11 &&
7146 !memcmp(type, "exit-status", 11)) {
7147
7148 ssh->exitcode = ssh_pkt_getuint32(pktin);
7149 logeventf(ssh, "Server sent command exit status %d",
7150 ssh->exitcode);
7151 reply = SSH2_MSG_CHANNEL_SUCCESS;
7152
7153 } else if (typelen == 11 &&
7154 !memcmp(type, "exit-signal", 11)) {
7155
7156 int is_plausible = TRUE, is_int = FALSE;
7157 char *fmt_sig = "", *fmt_msg = "";
7158 char *msg;
7159 int msglen = 0, core = FALSE;
7160 /* ICK: older versions of OpenSSH (e.g. 3.4p1)
7161 * provide an `int' for the signal, despite its
bccbeb71 7162 * having been a `string' in the drafts of RFC 4254 since at
51df0ab5 7163 * least 2001. (Fixed in session.c 1.147.) Try to
7164 * infer which we can safely parse it as. */
7165 {
7166 unsigned char *p = pktin->body +
7167 pktin->savedpos;
7168 long len = pktin->length - pktin->savedpos;
7169 unsigned long num = GET_32BIT(p); /* what is it? */
7170 /* If it's 0, it hardly matters; assume string */
7171 if (num == 0) {
7172 is_int = FALSE;
7173 } else {
7174 int maybe_int = FALSE, maybe_str = FALSE;
7175#define CHECK_HYPOTHESIS(offset, result) \
7176 do { \
7177 long q = offset; \
7178 if (q >= 0 && q+4 <= len) { \
7179 q = q + 4 + GET_32BIT(p+q); \
7180 if (q >= 0 && q+4 <= len && \
c849ff23 7181 ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \
51df0ab5 7182 result = TRUE; \
7183 } \
7184 } while(0)
7185 CHECK_HYPOTHESIS(4+1, maybe_int);
7186 CHECK_HYPOTHESIS(4+num+1, maybe_str);
7187#undef CHECK_HYPOTHESIS
7188 if (maybe_int && !maybe_str)
7189 is_int = TRUE;
7190 else if (!maybe_int && maybe_str)
7191 is_int = FALSE;
7192 else
7193 /* Crikey. Either or neither. Panic. */
7194 is_plausible = FALSE;
7195 }
7196 }
d051d1b4 7197 ssh->exitcode = 128; /* means `unknown signal' */
51df0ab5 7198 if (is_plausible) {
7199 if (is_int) {
7200 /* Old non-standard OpenSSH. */
7201 int signum = ssh_pkt_getuint32(pktin);
7202 fmt_sig = dupprintf(" %d", signum);
d051d1b4 7203 ssh->exitcode = 128 + signum;
51df0ab5 7204 } else {
bccbeb71 7205 /* As per RFC 4254. */
51df0ab5 7206 char *sig;
7207 int siglen;
7208 ssh_pkt_getstring(pktin, &sig, &siglen);
7209 /* Signal name isn't supposed to be blank, but
7210 * let's cope gracefully if it is. */
7211 if (siglen) {
7212 fmt_sig = dupprintf(" \"%.*s\"",
7213 siglen, sig);
7214 }
d051d1b4 7215
7216 /*
7217 * Really hideous method of translating the
7218 * signal description back into a locally
7219 * meaningful number.
7220 */
7221
7222 if (0)
7223 ;
b707973a 7224#define TRANSLATE_SIGNAL(s) \
7225 else if (siglen == lenof(#s)-1 && !memcmp(sig, #s, siglen)) \
7226 ssh->exitcode = 128 + SIG ## s
d051d1b4 7227#ifdef SIGABRT
b707973a 7228 TRANSLATE_SIGNAL(ABRT);
d051d1b4 7229#endif
7230#ifdef SIGALRM
b707973a 7231 TRANSLATE_SIGNAL(ALRM);
d051d1b4 7232#endif
7233#ifdef SIGFPE
b707973a 7234 TRANSLATE_SIGNAL(FPE);
d051d1b4 7235#endif
7236#ifdef SIGHUP
b707973a 7237 TRANSLATE_SIGNAL(HUP);
d051d1b4 7238#endif
7239#ifdef SIGILL
b707973a 7240 TRANSLATE_SIGNAL(ILL);
d051d1b4 7241#endif
7242#ifdef SIGINT
b707973a 7243 TRANSLATE_SIGNAL(INT);
d051d1b4 7244#endif
7245#ifdef SIGKILL
b707973a 7246 TRANSLATE_SIGNAL(KILL);
d051d1b4 7247#endif
7248#ifdef SIGPIPE
b707973a 7249 TRANSLATE_SIGNAL(PIPE);
d051d1b4 7250#endif
7251#ifdef SIGQUIT
b707973a 7252 TRANSLATE_SIGNAL(QUIT);
d051d1b4 7253#endif
7254#ifdef SIGSEGV
b707973a 7255 TRANSLATE_SIGNAL(SEGV);
d051d1b4 7256#endif
7257#ifdef SIGTERM
b707973a 7258 TRANSLATE_SIGNAL(TERM);
d051d1b4 7259#endif
7260#ifdef SIGUSR1
b707973a 7261 TRANSLATE_SIGNAL(USR1);
d051d1b4 7262#endif
7263#ifdef SIGUSR2
b707973a 7264 TRANSLATE_SIGNAL(USR2);
d051d1b4 7265#endif
b707973a 7266#undef TRANSLATE_SIGNAL
d051d1b4 7267 else
7268 ssh->exitcode = 128;
51df0ab5 7269 }
7270 core = ssh2_pkt_getbool(pktin);
7271 ssh_pkt_getstring(pktin, &msg, &msglen);
7272 if (msglen) {
7273 fmt_msg = dupprintf(" (\"%.*s\")", msglen, msg);
7274 }
7275 /* ignore lang tag */
7276 } /* else don't attempt to parse */
7277 logeventf(ssh, "Server exited on signal%s%s%s",
7278 fmt_sig, core ? " (core dumped)" : "",
7279 fmt_msg);
7280 if (*fmt_sig) sfree(fmt_sig);
7281 if (*fmt_msg) sfree(fmt_msg);
7282 reply = SSH2_MSG_CHANNEL_SUCCESS;
7283
7284 }
7285 } else {
7286 /*
7287 * This is a channel request we don't know
7288 * about, so we now either ignore the request
7289 * or respond with CHANNEL_FAILURE, depending
7290 * on want_reply.
7291 */
7292 reply = SSH2_MSG_CHANNEL_FAILURE;
7293 }
7294 if (want_reply) {
7295 pktout = ssh2_pkt_init(reply);
7296 ssh2_pkt_adduint32(pktout, c->remoteid);
7297 ssh2_pkt_send(ssh, pktout);
7298 }
7299}
7300
7301static void ssh2_msg_global_request(Ssh ssh, struct Packet *pktin)
7302{
7303 char *type;
7304 int typelen, want_reply;
7305 struct Packet *pktout;
7306
7307 ssh_pkt_getstring(pktin, &type, &typelen);
7308 want_reply = ssh2_pkt_getbool(pktin);
7309
7310 /*
7311 * We currently don't support any global requests
7312 * at all, so we either ignore the request or
7313 * respond with REQUEST_FAILURE, depending on
7314 * want_reply.
7315 */
7316 if (want_reply) {
7317 pktout = ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
7318 ssh2_pkt_send(ssh, pktout);
7319 }
7320}
7321
7322static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
7323{
7324 char *type;
7325 int typelen;
7326 char *peeraddr;
7327 int peeraddrlen;
7328 int peerport;
7329 char *error = NULL;
7330 struct ssh_channel *c;
7331 unsigned remid, winsize, pktsize;
7332 struct Packet *pktout;
7333
7334 ssh_pkt_getstring(pktin, &type, &typelen);
7335 c = snew(struct ssh_channel);
7336 c->ssh = ssh;
7337
7338 remid = ssh_pkt_getuint32(pktin);
7339 winsize = ssh_pkt_getuint32(pktin);
7340 pktsize = ssh_pkt_getuint32(pktin);
7341
7342 if (typelen == 3 && !memcmp(type, "x11", 3)) {
7343 char *addrstr;
5907ebda 7344 const char *x11err;
51df0ab5 7345
7346 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7347 addrstr = snewn(peeraddrlen+1, char);
7348 memcpy(addrstr, peeraddr, peeraddrlen);
7349 addrstr[peeraddrlen] = '\0';
7350 peerport = ssh_pkt_getuint32(pktin);
7351
7352 logeventf(ssh, "Received X11 connect request from %s:%d",
7353 addrstr, peerport);
7354
7355 if (!ssh->X11_fwd_enabled)
7356 error = "X11 forwarding is not enabled";
5907ebda 7357 else if ((x11err = x11_init(&c->u.x11.s, ssh->x11disp, c,
4a693cfc 7358 addrstr, peerport, ssh->conf)) != NULL) {
5907ebda 7359 logeventf(ssh, "Local X11 connection failed: %s", x11err);
51df0ab5 7360 error = "Unable to open an X11 connection";
7361 } else {
7362 logevent("Opening X11 forward connection succeeded");
7363 c->type = CHAN_X11;
7364 }
7365
7366 sfree(addrstr);
7367 } else if (typelen == 15 &&
7368 !memcmp(type, "forwarded-tcpip", 15)) {
7369 struct ssh_rportfwd pf, *realpf;
7370 char *dummy;
7371 int dummylen;
7372 ssh_pkt_getstring(pktin, &dummy, &dummylen);/* skip address */
7373 pf.sport = ssh_pkt_getuint32(pktin);
7374 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7375 peerport = ssh_pkt_getuint32(pktin);
7376 realpf = find234(ssh->rportfwds, &pf, NULL);
7377 logeventf(ssh, "Received remote port %d open request "
7378 "from %s:%d", pf.sport, peeraddr, peerport);
7379 if (realpf == NULL) {
7380 error = "Remote port is not recognised";
7381 } else {
7382 const char *e = pfd_newconnect(&c->u.pfd.s,
7383 realpf->dhost,
7384 realpf->dport, c,
4a693cfc 7385 ssh->conf,
05581745 7386 realpf->pfrec->addressfamily);
51df0ab5 7387 logeventf(ssh, "Attempting to forward remote port to "
7388 "%s:%d", realpf->dhost, realpf->dport);
7389 if (e != NULL) {
7390 logeventf(ssh, "Port open failed: %s", e);
7391 error = "Port open failed";
7392 } else {
7393 logevent("Forwarded port opened successfully");
7394 c->type = CHAN_SOCKDATA;
7395 }
7396 }
7397 } else if (typelen == 22 &&
c49cf994 7398 !memcmp(type, "auth-agent@openssh.com", 22)) {
51df0ab5 7399 if (!ssh->agentfwd_enabled)
7400 error = "Agent forwarding is not enabled";
7401 else {
7402 c->type = CHAN_AGENT; /* identify channel type */
7403 c->u.a.lensofar = 0;
7404 }
7405 } else {
7406 error = "Unsupported channel type requested";
7407 }
7408
7409 c->remoteid = remid;
64d6ff88 7410 c->halfopen = FALSE;
51df0ab5 7411 if (error) {
7412 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE);
7413 ssh2_pkt_adduint32(pktout, c->remoteid);
7414 ssh2_pkt_adduint32(pktout, SSH2_OPEN_CONNECT_FAILED);
7415 ssh2_pkt_addstring(pktout, error);
7416 ssh2_pkt_addstring(pktout, "en"); /* language tag */
7417 ssh2_pkt_send(ssh, pktout);
7418 logeventf(ssh, "Rejected channel open: %s", error);
7419 sfree(c);
7420 } else {
94bdfe40 7421 ssh2_channel_init(c);
51df0ab5 7422 c->v.v2.remwindow = winsize;
7423 c->v.v2.remmaxpkt = pktsize;
51df0ab5 7424 add234(ssh->channels, c);
7425 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
7426 ssh2_pkt_adduint32(pktout, c->remoteid);
7427 ssh2_pkt_adduint32(pktout, c->localid);
7428 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);
954d5c5a 7429 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
51df0ab5 7430 ssh2_pkt_send(ssh, pktout);
7431 }
7432}
7433
6bbce591 7434/*
adb6167a 7435 * Buffer banner messages for later display at some convenient point,
7436 * if we're going to display them.
6bbce591 7437 */
7438static void ssh2_msg_userauth_banner(Ssh ssh, struct Packet *pktin)
7439{
7440 /* Arbitrary limit to prevent unbounded inflation of buffer */
4a693cfc 7441 if (conf_get_int(ssh->conf, CONF_ssh_show_banner) &&
adb6167a 7442 bufchain_size(&ssh->banner) <= 131072) {
6bbce591 7443 char *banner = NULL;
7444 int size = 0;
7445 ssh_pkt_getstring(pktin, &banner, &size);
7446 if (banner)
7447 bufchain_add(&ssh->banner, banner, size);
7448 }
7449}
7450
c6ccd5c2 7451/* Helper function to deal with sending tty modes for "pty-req" */
7452static void ssh2_send_ttymode(void *data, char *mode, char *val)
7453{
7454 struct Packet *pktout = (struct Packet *)data;
7455 int i = 0;
7456 unsigned int arg = 0;
7457 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
7458 if (i == lenof(ssh_ttymodes)) return;
7459 switch (ssh_ttymodes[i].type) {
7460 case TTY_OP_CHAR:
7461 arg = ssh_tty_parse_specchar(val);
7462 break;
7463 case TTY_OP_BOOL:
7464 arg = ssh_tty_parse_boolean(val);
7465 break;
7466 }
7467 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
7468 ssh2_pkt_adduint32(pktout, arg);
7469}
7470
67a9ec92 7471static void ssh2_setup_x11(struct ssh_channel *c, struct Packet *pktin,
7472 void *ctx)
ebbc254d 7473{
67a9ec92 7474 struct ssh2_setup_x11_state {
ebbc254d 7475 int crLine;
7476 };
7477 Ssh ssh = c->ssh;
7478 struct Packet *pktout;
67a9ec92 7479 crStateP(ssh2_setup_x11_state, ctx);
ebbc254d 7480
7481 crBeginState;
7482
67a9ec92 7483 logevent("Requesting X11 forwarding");
7484 pktout = ssh2_chanreq_init(ssh->mainchan, "x11-req",
7485 ssh2_setup_x11, s);
7486 ssh2_pkt_addbool(pktout, 0); /* many connections */
7487 ssh2_pkt_addstring(pktout, ssh->x11disp->remoteauthprotoname);
ebbc254d 7488 /*
67a9ec92 7489 * Note that while we blank the X authentication data here, we don't
7490 * take any special action to blank the start of an X11 channel,
7491 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
7492 * without having session blanking enabled is likely to leak your
7493 * cookie into the log.
ebbc254d 7494 */
67a9ec92 7495 dont_log_password(ssh, pktout, PKTLOG_BLANK);
7496 ssh2_pkt_addstring(pktout, ssh->x11disp->remoteauthdatastring);
7497 end_log_omission(ssh, pktout);
7498 ssh2_pkt_adduint32(pktout, ssh->x11disp->screennum);
7499 ssh2_pkt_send(ssh, pktout);
ebbc254d 7500
67a9ec92 7501 crWaitUntilV(pktin);
ebbc254d 7502
67a9ec92 7503 if (pktin) {
7504 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) {
7505 logevent("X11 forwarding enabled");
7506 ssh->X11_fwd_enabled = TRUE;
7507 } else
7508 logevent("X11 forwarding refused");
ebbc254d 7509 }
67a9ec92 7510
0d201bfb 7511 crFinishFreeV;
ebbc254d 7512}
7513
67a9ec92 7514static void ssh2_setup_agent(struct ssh_channel *c, struct Packet *pktin,
ebbc254d 7515 void *ctx)
7516{
67a9ec92 7517 struct ssh2_setup_agent_state {
ebbc254d 7518 int crLine;
7519 };
7520 Ssh ssh = c->ssh;
7521 struct Packet *pktout;
67a9ec92 7522 crStateP(ssh2_setup_agent_state, ctx);
ebbc254d 7523
7524 crBeginState;
7525
67a9ec92 7526 logevent("Requesting OpenSSH-style agent forwarding");
7527 pktout = ssh2_chanreq_init(ssh->mainchan, "auth-agent-req@openssh.com",
7528 ssh2_setup_agent, s);
7529 ssh2_pkt_send(ssh, pktout);
ebbc254d 7530
67a9ec92 7531 crWaitUntilV(pktin);
ebbc254d 7532
67a9ec92 7533 if (pktin) {
7534 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) {
7535 logevent("Agent forwarding enabled");
7536 ssh->agentfwd_enabled = TRUE;
7537 } else
7538 logevent("Agent forwarding refused");
ebbc254d 7539 }
67a9ec92 7540
0d201bfb 7541 crFinishFreeV;
ebbc254d 7542}
7543
67a9ec92 7544static void ssh2_setup_pty(struct ssh_channel *c, struct Packet *pktin,
ebbc254d 7545 void *ctx)
7546{
67a9ec92 7547 struct ssh2_setup_pty_state {
ebbc254d 7548 int crLine;
7549 };
7550 Ssh ssh = c->ssh;
7551 struct Packet *pktout;
67a9ec92 7552 crStateP(ssh2_setup_pty_state, ctx);
ebbc254d 7553
7554 crBeginState;
7555
67a9ec92 7556 /* Unpick the terminal-speed string. */
7557 /* XXX perhaps we should allow no speeds to be sent. */
7558 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
7559 sscanf(conf_get_str(ssh->conf, CONF_termspeed), "%d,%d", &ssh->ospeed, &ssh->ispeed);
7560 /* Build the pty request. */
7561 pktout = ssh2_chanreq_init(ssh->mainchan, "pty-req",
7562 ssh2_setup_pty, s);
7563 ssh2_pkt_addstring(pktout, conf_get_str(ssh->conf, CONF_termtype));
7564 ssh2_pkt_adduint32(pktout, ssh->term_width);
7565 ssh2_pkt_adduint32(pktout, ssh->term_height);
7566 ssh2_pkt_adduint32(pktout, 0); /* pixel width */
7567 ssh2_pkt_adduint32(pktout, 0); /* pixel height */
7568 ssh2_pkt_addstring_start(pktout);
7569 parse_ttymodes(ssh, ssh2_send_ttymode, (void *)pktout);
7570 ssh2_pkt_addbyte(pktout, SSH2_TTY_OP_ISPEED);
7571 ssh2_pkt_adduint32(pktout, ssh->ispeed);
7572 ssh2_pkt_addbyte(pktout, SSH2_TTY_OP_OSPEED);
7573 ssh2_pkt_adduint32(pktout, ssh->ospeed);
7574 ssh2_pkt_addstring_data(pktout, "\0", 1); /* TTY_OP_END */
7575 ssh2_pkt_send(ssh, pktout);
7576 ssh->state = SSH_STATE_INTERMED;
ebbc254d 7577
67a9ec92 7578 crWaitUntilV(pktin);
ebbc254d 7579
67a9ec92 7580 if (pktin) {
7581 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) {
7582 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
7583 ssh->ospeed, ssh->ispeed);
7584 ssh->got_pty = TRUE;
7585 } else {
7586 c_write_str(ssh, "Server refused to allocate pty\r\n");
7587 ssh->editing = ssh->echoing = 1;
7588 }
ebbc254d 7589 }
67a9ec92 7590
0d201bfb 7591 crFinishFreeV;
ebbc254d 7592}
7593
7594static void ssh2_setup_env(struct ssh_channel *c, struct Packet *pktin,
7595 void *ctx)
7596{
7597 struct ssh2_setup_env_state {
7598 int crLine;
7599 int num_env, env_left, env_ok;
7600 };
7601 Ssh ssh = c->ssh;
7602 struct Packet *pktout;
7603 crStateP(ssh2_setup_env_state, ctx);
7604
7605 crBeginState;
7606
7607 /*
7608 * Send environment variables.
7609 *
7610 * Simplest thing here is to send all the requests at once, and
7611 * then wait for a whole bunch of successes or failures.
7612 */
7613 s->num_env = 0;
67a9ec92 7614 {
ebbc254d 7615 char *key, *val;
7616
7617 for (val = conf_get_str_strs(ssh->conf, CONF_environmt, NULL, &key);
7618 val != NULL;
7619 val = conf_get_str_strs(ssh->conf, CONF_environmt, key, &key)) {
134f5ece 7620 pktout = ssh2_chanreq_init(ssh->mainchan, "env", ssh2_setup_env, s);
ebbc254d 7621 ssh2_pkt_addstring(pktout, key);
7622 ssh2_pkt_addstring(pktout, val);
7623 ssh2_pkt_send(ssh, pktout);
ebbc254d 7624
7625 s->num_env++;
7626 }
7627 if (s->num_env)
7628 logeventf(ssh, "Sent %d environment variables", s->num_env);
7629 }
7630
7631 if (s->num_env) {
7632 s->env_ok = 0;
7633 s->env_left = s->num_env;
7634
7635 while (s->env_left > 0) {
7636 crWaitUntilV(pktin);
3620f307 7637 if (!pktin) goto out;
c330b1cc 7638 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS)
ebbc254d 7639 s->env_ok++;
ebbc254d 7640 s->env_left--;
7641 }
7642
7643 if (s->env_ok == s->num_env) {
7644 logevent("All environment variables successfully set");
7645 } else if (s->env_ok == 0) {
7646 logevent("All environment variables refused");
7647 c_write_str(ssh, "Server refused to set environment variables\r\n");
7648 } else {
7649 logeventf(ssh, "%d environment variables refused",
7650 s->num_env - s->env_ok);
7651 c_write_str(ssh, "Server refused to set all environment variables\r\n");
7652 }
7653 }
5ca12719 7654 out:;
0d201bfb 7655 crFinishFreeV;
ebbc254d 7656}
7657
783415f8 7658/*
2e85c969 7659 * Handle the SSH-2 userauth and connection layers.
7cca0d81 7660 */
bc074147 7661static void ssh2_msg_authconn(Ssh ssh, struct Packet *pktin)
7662{
7663 do_ssh2_authconn(ssh, NULL, 0, pktin);
7664}
7665
ebbc254d 7666static void ssh2_response_authconn(struct ssh_channel *c, struct Packet *pktin,
7667 void *ctx)
7668{
7669 do_ssh2_authconn(c->ssh, NULL, 0, pktin);
7670}
7671
ff3187f6 7672static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
7673 struct Packet *pktin)
7cca0d81 7674{
51470298 7675 struct do_ssh2_authconn_state {
30919997 7676 int crLine;
51470298 7677 enum {
51470298 7678 AUTH_TYPE_NONE,
7679 AUTH_TYPE_PUBLICKEY,
7680 AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
7681 AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
7682 AUTH_TYPE_PASSWORD,
8221906d 7683 AUTH_TYPE_GSSAPI, /* always QUIET */
51470298 7684 AUTH_TYPE_KEYBOARD_INTERACTIVE,
7685 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
7686 } type;
a1a1fae4 7687 int done_service_req;
51470298 7688 int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
94cd7c3a 7689 int tried_pubkey_config, done_agent;
bf84a03a 7690#ifndef NO_GSSAPI
42af6a67 7691 int can_gssapi;
7692 int tried_gssapi;
bf84a03a 7693#endif
edd0cb8a 7694 int kbd_inter_refused;
ab18ccff 7695 int we_are_in, userauth_success;
edd0cb8a 7696 prompts_t *cur_prompt;
7697 int num_prompts;
4a693cfc 7698 char *username;
e955d348 7699 char *password;
51470298 7700 int got_username;
51470298 7701 void *publickey_blob;
7702 int publickey_bloblen;
edd0cb8a 7703 int publickey_encrypted;
7704 char *publickey_algorithm;
7705 char *publickey_comment;
94cd7c3a 7706 unsigned char agent_request[5], *agent_response, *agentp;
7707 int agent_responselen;
7708 unsigned char *pkblob_in_agent;
51470298 7709 int keyi, nkeys;
51470298 7710 char *pkblob, *alg, *commentp;
7711 int pklen, alglen, commentlen;
7712 int siglen, retlen, len;
7713 char *q, *agentreq, *ret;
7714 int try_send;
ff3187f6 7715 struct Packet *pktout;
4a693cfc 7716 Filename *keyfile;
bf84a03a 7717#ifndef NO_GSSAPI
b3d375b2 7718 struct ssh_gss_library *gsslib;
42af6a67 7719 Ssh_gss_ctx gss_ctx;
7720 Ssh_gss_buf gss_buf;
7721 Ssh_gss_buf gss_rcvtok, gss_sndtok;
7722 Ssh_gss_name gss_srv_name;
7723 Ssh_gss_stat gss_stat;
bf84a03a 7724#endif
51470298 7725 };
7726 crState(do_ssh2_authconn_state);
7727
30919997 7728 crBeginState;
e5574168 7729
bc074147 7730 /* Register as a handler for all the messages this coroutine handles. */
7731 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = ssh2_msg_authconn;
7732 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = ssh2_msg_authconn;
7733 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = ssh2_msg_authconn;
7734 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = ssh2_msg_authconn;
7735 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = ssh2_msg_authconn;
7736 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = ssh2_msg_authconn;
7737 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = ssh2_msg_authconn; duplicate case value */
7738 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = ssh2_msg_authconn; duplicate case value */
7739 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = ssh2_msg_authconn;
7740 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = ssh2_msg_authconn;
7741 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = ssh2_msg_authconn;
7742 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = ssh2_msg_authconn;
7743 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = ssh2_msg_authconn;
7744 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = ssh2_msg_authconn;
7745 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = ssh2_msg_authconn;
7746 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = ssh2_msg_authconn;
7747 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = ssh2_msg_authconn;
7748 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = ssh2_msg_authconn;
7749 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_authconn;
7750 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_authconn;
bc074147 7751
a1a1fae4 7752 s->done_service_req = FALSE;
ab18ccff 7753 s->we_are_in = s->userauth_success = FALSE;
bf84a03a 7754#ifndef NO_GSSAPI
42af6a67 7755 s->tried_gssapi = FALSE;
bf84a03a 7756#endif
42af6a67 7757
4a693cfc 7758 if (!conf_get_int(ssh->conf, CONF_ssh_no_userauth)) {
a1a1fae4 7759 /*
7760 * Request userauth protocol, and await a response to it.
7761 */
7762 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7763 ssh2_pkt_addstring(s->pktout, "ssh-userauth");
7764 ssh2_pkt_send(ssh, s->pktout);
7765 crWaitUntilV(pktin);
7766 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT)
7767 s->done_service_req = TRUE;
7768 }
7769 if (!s->done_service_req) {
7770 /*
7771 * Request connection protocol directly, without authentication.
7772 */
7773 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7774 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7775 ssh2_pkt_send(ssh, s->pktout);
7776 crWaitUntilV(pktin);
7777 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT) {
7778 s->we_are_in = TRUE; /* no auth required */
7779 } else {
7780 bombout(("Server refused service request"));
7781 crStopV;
7782 }
8d5de777 7783 }
7cca0d81 7784
94cd7c3a 7785 /* Arrange to be able to deal with any BANNERs that come in.
7786 * (We do this now as packets may come in during the next bit.) */
7787 bufchain_init(&ssh->banner);
7788 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] =
7789 ssh2_msg_userauth_banner;
7790
7cca0d81 7791 /*
edd0cb8a 7792 * Misc one-time setup for authentication.
7793 */
7794 s->publickey_blob = NULL;
7795 if (!s->we_are_in) {
7796
7797 /*
7798 * Load the public half of any configured public key file
7799 * for later use.
7800 */
4a693cfc 7801 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
962468d4 7802 if (!filename_is_null(s->keyfile)) {
edd0cb8a 7803 int keytype;
7804 logeventf(ssh, "Reading private key file \"%.150s\"",
4a693cfc 7805 filename_to_str(s->keyfile));
7806 keytype = key_type(s->keyfile);
edd0cb8a 7807 if (keytype == SSH_KEYTYPE_SSH2) {
7808 const char *error;
7809 s->publickey_blob =
4a693cfc 7810 ssh2_userkey_loadpub(s->keyfile,
edd0cb8a 7811 &s->publickey_algorithm,
7812 &s->publickey_bloblen,
7813 &s->publickey_comment, &error);
7814 if (s->publickey_blob) {
7815 s->publickey_encrypted =
4a693cfc 7816 ssh2_userkey_encrypted(s->keyfile, NULL);
edd0cb8a 7817 } else {
7818 char *msgbuf;
7819 logeventf(ssh, "Unable to load private key (%s)",
7820 error);
7821 msgbuf = dupprintf("Unable to load private key file "
7822 "\"%.150s\" (%s)\r\n",
4a693cfc 7823 filename_to_str(s->keyfile),
edd0cb8a 7824 error);
7825 c_write_str(ssh, msgbuf);
7826 sfree(msgbuf);
7827 }
7828 } else {
7829 char *msgbuf;
7830 logeventf(ssh, "Unable to use this key file (%s)",
7831 key_type_to_str(keytype));
7832 msgbuf = dupprintf("Unable to use key file \"%.150s\""
7833 " (%s)\r\n",
4a693cfc 7834 filename_to_str(s->keyfile),
edd0cb8a 7835 key_type_to_str(keytype));
7836 c_write_str(ssh, msgbuf);
7837 sfree(msgbuf);
7838 s->publickey_blob = NULL;
7839 }
7840 }
7841
94cd7c3a 7842 /*
7843 * Find out about any keys Pageant has (but if there's a
7844 * public key configured, filter out all others).
7845 */
7846 s->nkeys = 0;
7847 s->agent_response = NULL;
7848 s->pkblob_in_agent = NULL;
4a693cfc 7849 if (conf_get_int(ssh->conf, CONF_tryagent) && agent_exists()) {
94cd7c3a 7850
7851 void *r;
7852
7853 logevent("Pageant is running. Requesting keys.");
7854
7855 /* Request the keys held by the agent. */
7856 PUT_32BIT(s->agent_request, 1);
7857 s->agent_request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
7858 if (!agent_query(s->agent_request, 5, &r, &s->agent_responselen,
7859 ssh_agent_callback, ssh)) {
7860 do {
7861 crReturnV;
7862 if (pktin) {
7863 bombout(("Unexpected data from server while"
7864 " waiting for agent response"));
7865 crStopV;
7866 }
7867 } while (pktin || inlen > 0);
7868 r = ssh->agent_response;
7869 s->agent_responselen = ssh->agent_response_len;
7870 }
7871 s->agent_response = (unsigned char *) r;
7872 if (s->agent_response && s->agent_responselen >= 5 &&
7873 s->agent_response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
7874 int keyi;
7875 unsigned char *p;
7876 p = s->agent_response + 5;
7877 s->nkeys = GET_32BIT(p);
7878 p += 4;
7879 logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
7880 if (s->publickey_blob) {
7881 /* See if configured key is in agent. */
7882 for (keyi = 0; keyi < s->nkeys; keyi++) {
7883 s->pklen = GET_32BIT(p);
7884 if (s->pklen == s->publickey_bloblen &&
7885 !memcmp(p+4, s->publickey_blob,
7886 s->publickey_bloblen)) {
7887 logeventf(ssh, "Pageant key #%d matches "
7888 "configured key file", keyi);
7889 s->keyi = keyi;
7890 s->pkblob_in_agent = p;
7891 break;
7892 }
7893 p += 4 + s->pklen;
7894 p += GET_32BIT(p) + 4; /* comment */
7895 }
7896 if (!s->pkblob_in_agent) {
7897 logevent("Configured key file not in Pageant");
7898 s->nkeys = 0;
7899 }
7900 }
5ff99b8e 7901 } else {
7902 logevent("Failed to get reply from Pageant");
94cd7c3a 7903 }
7904 }
7905
edd0cb8a 7906 }
7907
7908 /*
1408a877 7909 * We repeat this whole loop, including the username prompt,
7910 * until we manage a successful authentication. If the user
51470298 7911 * types the wrong _password_, they can be sent back to the
7912 * beginning to try another username, if this is configured on.
7913 * (If they specify a username in the config, they are never
7914 * asked, even if they do give a wrong password.)
1408a877 7915 *
7916 * I think this best serves the needs of
7917 *
7918 * - the people who have no configuration, no keys, and just
7919 * want to try repeated (username,password) pairs until they
7920 * type both correctly
7921 *
7922 * - people who have keys and configuration but occasionally
7923 * need to fall back to passwords
7924 *
7925 * - people with a key held in Pageant, who might not have
7926 * logged in to a particular machine before; so they want to
7927 * type a username, and then _either_ their key will be
7928 * accepted, _or_ they will type a password. If they mistype
7929 * the username they will want to be able to get back and
7930 * retype it!
7cca0d81 7931 */
51470298 7932 s->got_username = FALSE;
a1a1fae4 7933 while (!s->we_are_in) {
1408a877 7934 /*
7935 * Get a username.
7936 */
4a693cfc 7937 if (s->got_username && !conf_get_int(ssh->conf, CONF_change_username)) {
5bb641e1 7938 /*
7939 * We got a username last time round this loop, and
7940 * with change_username turned off we don't try to get
7941 * it again.
7942 */
4a693cfc 7943 } else if ((ssh->username = get_remote_username(ssh->conf)) == NULL) {
edd0cb8a 7944 int ret; /* need not be kept over crReturn */
7945 s->cur_prompt = new_prompts(ssh->frontend);
7946 s->cur_prompt->to_server = TRUE;
7947 s->cur_prompt->name = dupstr("SSH login name");
b61f81bc 7948 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE);
edd0cb8a 7949 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7950 while (ret < 0) {
51470298 7951 ssh->send_ok = 1;
edd0cb8a 7952 crWaitUntilV(!pktin);
7953 ret = get_userpass_input(s->cur_prompt, in, inlen);
7954 ssh->send_ok = 0;
32874aea 7955 }
edd0cb8a 7956 if (!ret) {
7957 /*
7958 * get_userpass_input() failed to get a username.
7959 * Terminate.
7960 */
7961 free_prompts(s->cur_prompt);
7962 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
7963 crStopV;
7964 }
4a693cfc 7965 ssh->username = dupstr(s->cur_prompt->prompts[0]->result);
edd0cb8a 7966 free_prompts(s->cur_prompt);
7cca0d81 7967 } else {
57356d63 7968 char *stuff;
65a22376 7969 if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
4a693cfc 7970 stuff = dupprintf("Using username \"%s\".\r\n", ssh->username);
51470298 7971 c_write_str(ssh, stuff);
57356d63 7972 sfree(stuff);
7cca0d81 7973 }
7974 }
51470298 7975 s->got_username = TRUE;
7cca0d81 7976
65a22376 7977 /*
1408a877 7978 * Send an authentication request using method "none": (a)
7979 * just in case it succeeds, and (b) so that we know what
7980 * authentication methods we can usefully try next.
65a22376 7981 */
acab36bc 7982 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
51470298 7983
ff3187f6 7984 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
4a693cfc 7985 ssh2_pkt_addstring(s->pktout, ssh->username);
ff3187f6 7986 ssh2_pkt_addstring(s->pktout, "ssh-connection");/* service requested */
7987 ssh2_pkt_addstring(s->pktout, "none"); /* method */
7988 ssh2_pkt_send(ssh, s->pktout);
51470298 7989 s->type = AUTH_TYPE_NONE;
7990 s->gotit = FALSE;
7991 s->we_are_in = FALSE;
7992
7993 s->tried_pubkey_config = FALSE;
6ac3a551 7994 s->kbd_inter_refused = FALSE;
65a22376 7995
94cd7c3a 7996 /* Reset agent request state. */
7997 s->done_agent = FALSE;
7998 if (s->agent_response) {
7999 if (s->pkblob_in_agent) {
8000 s->agentp = s->pkblob_in_agent;
8001 } else {
8002 s->agentp = s->agent_response + 5 + 4;
8003 s->keyi = 0;
8004 }
8005 }
8006
1408a877 8007 while (1) {
854caca5 8008 char *methods = NULL;
8009 int methlen = 0;
8010
1408a877 8011 /*
8012 * Wait for the result of the last authentication request.
8013 */
51470298 8014 if (!s->gotit)
ff3187f6 8015 crWaitUntilV(pktin);
6bbce591 8016 /*
8017 * Now is a convenient point to spew any banner material
8018 * that we've accumulated. (This should ensure that when
8019 * we exit the auth loop, we haven't any left to deal
8020 * with.)
8021 */
8022 {
8023 int size = bufchain_size(&ssh->banner);
32874aea 8024 /*
8025 * Don't show the banner if we're operating in
8026 * non-verbose non-interactive mode. (It's probably
8027 * a script, which means nobody will read the
8028 * banner _anyway_, and moreover the printing of
8029 * the banner will screw up processing on the
8030 * output of (say) plink.)
8031 */
6bbce591 8032 if (size && (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE))) {
8033 char *banner = snewn(size, char);
8034 bufchain_fetch(&ssh->banner, banner, size);
8035 c_write_untrusted(ssh, banner, size);
8036 sfree(banner);
32874aea 8037 }
6bbce591 8038 bufchain_clear(&ssh->banner);
1408a877 8039 }
ff3187f6 8040 if (pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
1408a877 8041 logevent("Access granted");
ab18ccff 8042 s->we_are_in = s->userauth_success = TRUE;
1408a877 8043 break;
8044 }
65a22376 8045
42af6a67 8046 if (pktin->type != SSH2_MSG_USERAUTH_FAILURE && s->type != AUTH_TYPE_GSSAPI) {
e955d348 8047 bombout(("Strange packet received during authentication: "
8048 "type %d", pktin->type));
7ffdbc1a 8049 crStopV;
65a22376 8050 }
8051
51470298 8052 s->gotit = FALSE;
65a22376 8053
1408a877 8054 /*
8055 * OK, we're now sitting on a USERAUTH_FAILURE message, so
8056 * we can look at the string in it and know what we can
8057 * helpfully try next.
8058 */
ff3187f6 8059 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
ff3187f6 8060 ssh_pkt_getstring(pktin, &methods, &methlen);
ff3187f6 8061 if (!ssh2_pkt_getbool(pktin)) {
1408a877 8062 /*
8063 * We have received an unequivocal Access
8064 * Denied. This can translate to a variety of
8221906d 8065 * messages, or no message at all.
8066 *
8067 * For forms of authentication which are attempted
8068 * implicitly, by which I mean without printing
8069 * anything in the window indicating that we're
8070 * trying them, we should never print 'Access
8071 * denied'.
8072 *
8073 * If we do print a message saying that we're
8074 * attempting some kind of authentication, it's OK
8075 * to print a followup message saying it failed -
8076 * but the message may sometimes be more specific
8077 * than simply 'Access denied'.
8078 *
1408a877 8079 * Additionally, if we'd just tried password
8080 * authentication, we should break out of this
8081 * whole loop so as to go back to the username
91f57d1f 8082 * prompt (iff we're configured to allow
8083 * username change attempts).
1408a877 8084 */
51470298 8085 if (s->type == AUTH_TYPE_NONE) {
1408a877 8086 /* do nothing */
51470298 8087 } else if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
8088 s->type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
8089 if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
8090 c_write_str(ssh, "Server refused our key\r\n");
8221906d 8091 logevent("Server refused our key");
8092 } else if (s->type == AUTH_TYPE_PUBLICKEY) {
8093 /* This _shouldn't_ happen except by a
8094 * protocol bug causing client and server to
8095 * disagree on what is a correct signature. */
8096 c_write_str(ssh, "Server refused public-key signature"
8097 " despite accepting key!\r\n");
8098 logevent("Server refused public-key signature"
8099 " despite accepting key!");
51470298 8100 } else if (s->type==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
8221906d 8101 /* quiet, so no c_write */
8102 logevent("Server refused keyboard-interactive authentication");
8103 } else if (s->type==AUTH_TYPE_GSSAPI) {
8104 /* always quiet, so no c_write */
2af4fe8f 8105 /* also, the code down in the GSSAPI block has
8106 * already logged this in the Event Log */
8221906d 8107 } else if (s->type == AUTH_TYPE_KEYBOARD_INTERACTIVE) {
8108 logevent("Keyboard-interactive authentication failed");
8109 c_write_str(ssh, "Access denied\r\n");
8110 } else {
8111 assert(s->type == AUTH_TYPE_PASSWORD);
8112 logevent("Password authentication failed");
51470298 8113 c_write_str(ssh, "Access denied\r\n");
8221906d 8114
8115 if (conf_get_int(ssh->conf, CONF_change_username)) {
6c9dce7c 8116 /* XXX perhaps we should allow
8117 * keyboard-interactive to do this too? */
51470298 8118 s->we_are_in = FALSE;
1408a877 8119 break;
8120 }
8121 }
8122 } else {
51470298 8123 c_write_str(ssh, "Further authentication required\r\n");
1408a877 8124 logevent("Further authentication required");
8125 }
65a22376 8126
51470298 8127 s->can_pubkey =
32874aea 8128 in_commasep_string("publickey", methods, methlen);
51470298 8129 s->can_passwd =
32874aea 8130 in_commasep_string("password", methods, methlen);
4a693cfc 8131 s->can_keyb_inter = conf_get_int(ssh->conf, CONF_try_ki_auth) &&
761187b6 8132 in_commasep_string("keyboard-interactive", methods, methlen);
1e00c92b 8133#ifndef NO_GSSAPI
8134 if (!ssh->gsslibs)
4a693cfc 8135 ssh->gsslibs = ssh_gss_setup(ssh->conf);
8136 s->can_gssapi = conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
b3d375b2 8137 in_commasep_string("gssapi-with-mic", methods, methlen) &&
1e00c92b 8138 ssh->gsslibs->nlibraries > 0;
42af6a67 8139#endif
1408a877 8140 }
65a22376 8141
acab36bc 8142 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
65a22376 8143
94cd7c3a 8144 if (s->can_pubkey && !s->done_agent && s->nkeys) {
0405e71f 8145
1983e559 8146 /*
94cd7c3a 8147 * Attempt public-key authentication using a key from Pageant.
1983e559 8148 */
1983e559 8149
acab36bc 8150 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
00db133f 8151
94cd7c3a 8152 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
8153
8154 /* Unpack key from agent response */
8155 s->pklen = GET_32BIT(s->agentp);
8156 s->agentp += 4;
8157 s->pkblob = (char *)s->agentp;
8158 s->agentp += s->pklen;
8159 s->alglen = GET_32BIT(s->pkblob);
8160 s->alg = s->pkblob + 4;
8161 s->commentlen = GET_32BIT(s->agentp);
8162 s->agentp += 4;
8163 s->commentp = (char *)s->agentp;
8164 s->agentp += s->commentlen;
8165 /* s->agentp now points at next key, if any */
8166
8167 /* See if server will accept it */
8168 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
4a693cfc 8169 ssh2_pkt_addstring(s->pktout, ssh->username);
94cd7c3a 8170 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8171 /* service requested */
8172 ssh2_pkt_addstring(s->pktout, "publickey");
8173 /* method */
8174 ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
8175 ssh2_pkt_addstring_start(s->pktout);
8176 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
8177 ssh2_pkt_addstring_start(s->pktout);
8178 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
8179 ssh2_pkt_send(ssh, s->pktout);
8180 s->type = AUTH_TYPE_PUBLICKEY_OFFER_QUIET;
1983e559 8181
94cd7c3a 8182 crWaitUntilV(pktin);
8183 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
1983e559 8184
94cd7c3a 8185 /* Offer of key refused. */
8186 s->gotit = TRUE;
1983e559 8187
94cd7c3a 8188 } else {
8189
8190 void *vret;
1983e559 8191
94cd7c3a 8192 if (flags & FLAG_VERBOSE) {
8193 c_write_str(ssh, "Authenticating with "
8194 "public key \"");
8195 c_write(ssh, s->commentp, s->commentlen);
8196 c_write_str(ssh, "\" from agent\r\n");
8197 }
1983e559 8198
94cd7c3a 8199 /*
8200 * Server is willing to accept the key.
8201 * Construct a SIGN_REQUEST.
8202 */
8203 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
4a693cfc 8204 ssh2_pkt_addstring(s->pktout, ssh->username);
94cd7c3a 8205 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8206 /* service requested */
8207 ssh2_pkt_addstring(s->pktout, "publickey");
8208 /* method */
8209 ssh2_pkt_addbool(s->pktout, TRUE); /* signature included */
8210 ssh2_pkt_addstring_start(s->pktout);
8211 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
8212 ssh2_pkt_addstring_start(s->pktout);
8213 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
8214
8215 /* Ask agent for signature. */
8216 s->siglen = s->pktout->length - 5 + 4 +
8217 ssh->v2_session_id_len;
8218 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
8219 s->siglen -= 4;
8220 s->len = 1; /* message type */
8221 s->len += 4 + s->pklen; /* key blob */
8222 s->len += 4 + s->siglen; /* data to sign */
8223 s->len += 4; /* flags */
8224 s->agentreq = snewn(4 + s->len, char);
8225 PUT_32BIT(s->agentreq, s->len);
8226 s->q = s->agentreq + 4;
8227 *s->q++ = SSH2_AGENTC_SIGN_REQUEST;
8228 PUT_32BIT(s->q, s->pklen);
8229 s->q += 4;
8230 memcpy(s->q, s->pkblob, s->pklen);
8231 s->q += s->pklen;
8232 PUT_32BIT(s->q, s->siglen);
8233 s->q += 4;
8234 /* Now the data to be signed... */
8235 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
8236 PUT_32BIT(s->q, ssh->v2_session_id_len);
51470298 8237 s->q += 4;
94cd7c3a 8238 }
8239 memcpy(s->q, ssh->v2_session_id,
8240 ssh->v2_session_id_len);
8241 s->q += ssh->v2_session_id_len;
8242 memcpy(s->q, s->pktout->data + 5,
8243 s->pktout->length - 5);
8244 s->q += s->pktout->length - 5;
8245 /* And finally the (zero) flags word. */
8246 PUT_32BIT(s->q, 0);
8247 if (!agent_query(s->agentreq, s->len + 4,
8248 &vret, &s->retlen,
8249 ssh_agent_callback, ssh)) {
8250 do {
8251 crReturnV;
8252 if (pktin) {
8253 bombout(("Unexpected data from server"
8254 " while waiting for agent"
8255 " response"));
8256 crStopV;
1983e559 8257 }
94cd7c3a 8258 } while (pktin || inlen > 0);
8259 vret = ssh->agent_response;
8260 s->retlen = ssh->agent_response_len;
8261 }
8262 s->ret = vret;
8263 sfree(s->agentreq);
8264 if (s->ret) {
8265 if (s->ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
8266 logevent("Sending Pageant's response");
8267 ssh2_add_sigblob(ssh, s->pktout,
8268 s->pkblob, s->pklen,
8269 s->ret + 9,
8270 GET_32BIT(s->ret + 5));
8271 ssh2_pkt_send(ssh, s->pktout);
8272 s->type = AUTH_TYPE_PUBLICKEY;
8273 } else {
8274 /* FIXME: less drastic response */
8275 bombout(("Pageant failed to answer challenge"));
8276 crStopV;
1983e559 8277 }
8278 }
1983e559 8279 }
94cd7c3a 8280
8281 /* Do we have any keys left to try? */
8282 if (s->pkblob_in_agent) {
8283 s->done_agent = TRUE;
8284 s->tried_pubkey_config = TRUE;
8285 } else {
8286 s->keyi++;
8287 if (s->keyi >= s->nkeys)
8288 s->done_agent = TRUE;
8289 }
1983e559 8290
edd0cb8a 8291 } else if (s->can_pubkey && s->publickey_blob &&
8292 !s->tried_pubkey_config) {
65a22376 8293
edd0cb8a 8294 struct ssh2_userkey *key; /* not live over crReturn */
8295 char *passphrase; /* not live over crReturn */
65a22376 8296
acab36bc 8297 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
00db133f 8298
edd0cb8a 8299 s->tried_pubkey_config = TRUE;
8300
65a22376 8301 /*
1408a877 8302 * Try the public key supplied in the configuration.
8303 *
8304 * First, offer the public blob to see if the server is
8305 * willing to accept it.
65a22376 8306 */
ff3187f6 8307 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
4a693cfc 8308 ssh2_pkt_addstring(s->pktout, ssh->username);
edd0cb8a 8309 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8310 /* service requested */
8311 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
8312 ssh2_pkt_addbool(s->pktout, FALSE);
8313 /* no signature included */
8314 ssh2_pkt_addstring(s->pktout, s->publickey_algorithm);
8315 ssh2_pkt_addstring_start(s->pktout);
8316 ssh2_pkt_addstring_data(s->pktout,
8317 (char *)s->publickey_blob,
8318 s->publickey_bloblen);
ff3187f6 8319 ssh2_pkt_send(ssh, s->pktout);
edd0cb8a 8320 logevent("Offered public key");
ff3187f6 8321
8322 crWaitUntilV(pktin);
edd0cb8a 8323 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
8324 /* Key refused. Give up. */
8325 s->gotit = TRUE; /* reconsider message next loop */
8326 s->type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
8327 continue; /* process this new message */
45068b27 8328 }
edd0cb8a 8329 logevent("Offer of public key accepted");
af659722 8330
45068b27 8331 /*
edd0cb8a 8332 * Actually attempt a serious authentication using
8333 * the key.
45068b27 8334 */
edd0cb8a 8335 if (flags & FLAG_VERBOSE) {
8336 c_write_str(ssh, "Authenticating with public key \"");
8337 c_write_str(ssh, s->publickey_comment);
8338 c_write_str(ssh, "\"\r\n");
8339 }
8340 key = NULL;
8341 while (!key) {
8342 const char *error; /* not live over crReturn */
8343 if (s->publickey_encrypted) {
8344 /*
8345 * Get a passphrase from the user.
8346 */
8347 int ret; /* need not be kept over crReturn */
8348 s->cur_prompt = new_prompts(ssh->frontend);
8349 s->cur_prompt->to_server = FALSE;
8350 s->cur_prompt->name = dupstr("SSH key passphrase");
8351 add_prompt(s->cur_prompt,
8352 dupprintf("Passphrase for key \"%.100s\": ",
8353 s->publickey_comment),
b61f81bc 8354 FALSE);
edd0cb8a 8355 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8356 while (ret < 0) {
8357 ssh->send_ok = 1;
8358 crWaitUntilV(!pktin);
8359 ret = get_userpass_input(s->cur_prompt,
8360 in, inlen);
8361 ssh->send_ok = 0;
8362 }
8363 if (!ret) {
8364 /* Failed to get a passphrase. Terminate. */
8365 free_prompts(s->cur_prompt);
8366 ssh_disconnect(ssh, NULL,
8367 "Unable to authenticate",
8368 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8369 TRUE);
8370 crStopV;
85fdbe25 8371 }
edd0cb8a 8372 passphrase =
8373 dupstr(s->cur_prompt->prompts[0]->result);
8374 free_prompts(s->cur_prompt);
45068b27 8375 } else {
edd0cb8a 8376 passphrase = NULL; /* no passphrase needed */
45068b27 8377 }
1408a877 8378
edd0cb8a 8379 /*
8380 * Try decrypting the key.
8381 */
4a693cfc 8382 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
8383 key = ssh2_load_userkey(s->keyfile, passphrase, &error);
edd0cb8a 8384 if (passphrase) {
8385 /* burn the evidence */
dfb88efd 8386 smemclr(passphrase, strlen(passphrase));
edd0cb8a 8387 sfree(passphrase);
8388 }
8389 if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
8390 if (passphrase &&
8391 (key == SSH2_WRONG_PASSPHRASE)) {
8392 c_write_str(ssh, "Wrong passphrase\r\n");
8393 key = NULL;
8394 /* and loop again */
8395 } else {
8396 c_write_str(ssh, "Unable to load private key (");
8397 c_write_str(ssh, error);
8398 c_write_str(ssh, ")\r\n");
8399 key = NULL;
8400 break; /* try something else */
8401 }
1408a877 8402 }
65a22376 8403 }
65a22376 8404
edd0cb8a 8405 if (key) {
1dd353b5 8406 unsigned char *pkblob, *sigblob, *sigdata;
8407 int pkblob_len, sigblob_len, sigdata_len;
edd0cb8a 8408 int p;
65a22376 8409
1408a877 8410 /*
8411 * We have loaded the private key and the server
8412 * has announced that it's willing to accept it.
8413 * Hallelujah. Generate a signature and send it.
8414 */
ff3187f6 8415 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
4a693cfc 8416 ssh2_pkt_addstring(s->pktout, ssh->username);
edd0cb8a 8417 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8418 /* service requested */
8419 ssh2_pkt_addstring(s->pktout, "publickey");
8420 /* method */
ff3187f6 8421 ssh2_pkt_addbool(s->pktout, TRUE);
edd0cb8a 8422 /* signature follows */
ff3187f6 8423 ssh2_pkt_addstring(s->pktout, key->alg->name);
edd0cb8a 8424 pkblob = key->alg->public_blob(key->data,
8425 &pkblob_len);
ff3187f6 8426 ssh2_pkt_addstring_start(s->pktout);
edd0cb8a 8427 ssh2_pkt_addstring_data(s->pktout, (char *)pkblob,
8428 pkblob_len);
1408a877 8429
8430 /*
8431 * The data to be signed is:
8432 *
8433 * string session-id
8434 *
8435 * followed by everything so far placed in the
8436 * outgoing packet.
8437 */
b672f405 8438 sigdata_len = s->pktout->length - 5 + 4 +
8439 ssh->v2_session_id_len;
edd0cb8a 8440 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
8441 sigdata_len -= 4;
92d60585 8442 sigdata = snewn(sigdata_len, unsigned char);
edd0cb8a 8443 p = 0;
8444 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
8445 PUT_32BIT(sigdata+p, ssh->v2_session_id_len);
8446 p += 4;
8447 }
b672f405 8448 memcpy(sigdata+p, ssh->v2_session_id,
8449 ssh->v2_session_id_len);
8450 p += ssh->v2_session_id_len;
ff3187f6 8451 memcpy(sigdata+p, s->pktout->data + 5,
8452 s->pktout->length - 5);
edd0cb8a 8453 p += s->pktout->length - 5;
8454 assert(p == sigdata_len);
d8baa528 8455 sigblob = key->alg->sign(key->data, (char *)sigdata,
1dd353b5 8456 sigdata_len, &sigblob_len);
ff3187f6 8457 ssh2_add_sigblob(ssh, s->pktout, pkblob, pkblob_len,
1dd353b5 8458 sigblob, sigblob_len);
8459 sfree(pkblob);
8460 sfree(sigblob);
1408a877 8461 sfree(sigdata);
8462
ff3187f6 8463 ssh2_pkt_send(ssh, s->pktout);
8221906d 8464 logevent("Sent public key signature");
51470298 8465 s->type = AUTH_TYPE_PUBLICKEY;
75374b2f 8466 key->alg->freekey(key->data);
1408a877 8467 }
edd0cb8a 8468
42af6a67 8469#ifndef NO_GSSAPI
8470 } else if (s->can_gssapi && !s->tried_gssapi) {
8471
8472 /* GSSAPI Authentication */
8473
86557057 8474 int micoffset, len;
8475 char *data;
42af6a67 8476 Ssh_gss_buf mic;
8477 s->type = AUTH_TYPE_GSSAPI;
8478 s->tried_gssapi = TRUE;
8479 s->gotit = TRUE;
8480 ssh->pkt_actx = SSH2_PKTCTX_GSSAPI;
8481
b3d375b2 8482 /*
8483 * Pick the highest GSS library on the preference
8484 * list.
8485 */
8486 {
8487 int i, j;
8488 s->gsslib = NULL;
8489 for (i = 0; i < ngsslibs; i++) {
4a693cfc 8490 int want_id = conf_get_int_int(ssh->conf,
8491 CONF_ssh_gsslist, i);
1e00c92b 8492 for (j = 0; j < ssh->gsslibs->nlibraries; j++)
8493 if (ssh->gsslibs->libraries[j].id == want_id) {
8494 s->gsslib = &ssh->gsslibs->libraries[j];
b3d375b2 8495 goto got_gsslib; /* double break */
8496 }
8497 }
8498 got_gsslib:
8499 /*
8500 * We always expect to have found something in
8501 * the above loop: we only came here if there
8502 * was at least one viable GSS library, and the
8503 * preference list should always mention
8504 * everything and only change the order.
8505 */
8506 assert(s->gsslib);
8507 }
8508
8509 if (s->gsslib->gsslogmsg)
8510 logevent(s->gsslib->gsslogmsg);
8511
42af6a67 8512 /* Sending USERAUTH_REQUEST with "gssapi-with-mic" method */
8513 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
4a693cfc 8514 ssh2_pkt_addstring(s->pktout, ssh->username);
42af6a67 8515 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8516 ssh2_pkt_addstring(s->pktout, "gssapi-with-mic");
8221906d 8517 logevent("Attempting GSSAPI authentication");
42af6a67 8518
8519 /* add mechanism info */
b3d375b2 8520 s->gsslib->indicate_mech(s->gsslib, &s->gss_buf);
42af6a67 8521
8522 /* number of GSSAPI mechanisms */
8523 ssh2_pkt_adduint32(s->pktout,1);
8524
8525 /* length of OID + 2 */
86557057 8526 ssh2_pkt_adduint32(s->pktout, s->gss_buf.length + 2);
42af6a67 8527 ssh2_pkt_addbyte(s->pktout, SSH2_GSS_OIDTYPE);
8528
8529 /* length of OID */
86557057 8530 ssh2_pkt_addbyte(s->pktout, (unsigned char) s->gss_buf.length);
42af6a67 8531
86557057 8532 ssh_pkt_adddata(s->pktout, s->gss_buf.value,
8533 s->gss_buf.length);
42af6a67 8534 ssh2_pkt_send(ssh, s->pktout);
8535 crWaitUntilV(pktin);
8536 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_RESPONSE) {
8537 logevent("GSSAPI authentication request refused");
8538 continue;
8539 }
8540
8541 /* check returned packet ... */
8542
86557057 8543 ssh_pkt_getstring(pktin, &data, &len);
8544 s->gss_rcvtok.value = data;
8545 s->gss_rcvtok.length = len;
8546 if (s->gss_rcvtok.length != s->gss_buf.length + 2 ||
8547 ((char *)s->gss_rcvtok.value)[0] != SSH2_GSS_OIDTYPE ||
8548 ((char *)s->gss_rcvtok.value)[1] != s->gss_buf.length ||
8549 memcmp((char *)s->gss_rcvtok.value + 2,
8550 s->gss_buf.value,s->gss_buf.length) ) {
42af6a67 8551 logevent("GSSAPI authentication - wrong response from server");
8552 continue;
8553 }
8554
8555 /* now start running */
b3d375b2 8556 s->gss_stat = s->gsslib->import_name(s->gsslib,
8557 ssh->fullhostname,
8558 &s->gss_srv_name);
42af6a67 8559 if (s->gss_stat != SSH_GSS_OK) {
8560 if (s->gss_stat == SSH_GSS_BAD_HOST_NAME)
8561 logevent("GSSAPI import name failed - Bad service name");
8562 else
8563 logevent("GSSAPI import name failed");
8564 continue;
8565 }
8566
8567 /* fetch TGT into GSS engine */
b3d375b2 8568 s->gss_stat = s->gsslib->acquire_cred(s->gsslib, &s->gss_ctx);
42af6a67 8569
8570 if (s->gss_stat != SSH_GSS_OK) {
8571 logevent("GSSAPI authentication failed to get credentials");
b3d375b2 8572 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
42af6a67 8573 continue;
8574 }
8575
8576 /* initial tokens are empty */
86557057 8577 SSH_GSS_CLEAR_BUF(&s->gss_rcvtok);
99a3b3c9 8578 SSH_GSS_CLEAR_BUF(&s->gss_sndtok);
42af6a67 8579
8580 /* now enter the loop */
8581 do {
b3d375b2 8582 s->gss_stat = s->gsslib->init_sec_context
8583 (s->gsslib,
8584 &s->gss_ctx,
8585 s->gss_srv_name,
4a693cfc 8586 conf_get_int(ssh->conf, CONF_gssapifwd),
b3d375b2 8587 &s->gss_rcvtok,
8588 &s->gss_sndtok);
42af6a67 8589
8590 if (s->gss_stat!=SSH_GSS_S_COMPLETE &&
8591 s->gss_stat!=SSH_GSS_S_CONTINUE_NEEDED) {
8592 logevent("GSSAPI authentication initialisation failed");
8593
b3d375b2 8594 if (s->gsslib->display_status(s->gsslib, s->gss_ctx,
8595 &s->gss_buf) == SSH_GSS_OK) {
86557057 8596 logevent(s->gss_buf.value);
8597 sfree(s->gss_buf.value);
42af6a67 8598 }
8599
8600 break;
8601 }
8602 logevent("GSSAPI authentication initialised");
8603
8604 /* Client and server now exchange tokens until GSSAPI
8605 * no longer says CONTINUE_NEEDED */
8606
86557057 8607 if (s->gss_sndtok.length != 0) {
42af6a67 8608 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
8609 ssh_pkt_addstring_start(s->pktout);
86557057 8610 ssh_pkt_addstring_data(s->pktout,s->gss_sndtok.value,s->gss_sndtok.length);
42af6a67 8611 ssh2_pkt_send(ssh, s->pktout);
b3d375b2 8612 s->gsslib->free_tok(s->gsslib, &s->gss_sndtok);
42af6a67 8613 }
8614
8615 if (s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED) {
8616 crWaitUntilV(pktin);
8617 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_TOKEN) {
8618 logevent("GSSAPI authentication - bad server response");
8619 s->gss_stat = SSH_GSS_FAILURE;
8620 break;
8621 }
86557057 8622 ssh_pkt_getstring(pktin, &data, &len);
8623 s->gss_rcvtok.value = data;
8624 s->gss_rcvtok.length = len;
42af6a67 8625 }
8626 } while (s-> gss_stat == SSH_GSS_S_CONTINUE_NEEDED);
8627
8628 if (s->gss_stat != SSH_GSS_OK) {
b3d375b2 8629 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8630 s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
42af6a67 8631 continue;
8632 }
8633 logevent("GSSAPI authentication loop finished OK");
8634
8635 /* Now send the MIC */
8636
8637 s->pktout = ssh2_pkt_init(0);
8638 micoffset = s->pktout->length;
8639 ssh_pkt_addstring_start(s->pktout);
8640 ssh_pkt_addstring_data(s->pktout, (char *)ssh->v2_session_id, ssh->v2_session_id_len);
8641 ssh_pkt_addbyte(s->pktout, SSH2_MSG_USERAUTH_REQUEST);
4a693cfc 8642 ssh_pkt_addstring(s->pktout, ssh->username);
42af6a67 8643 ssh_pkt_addstring(s->pktout, "ssh-connection");
8644 ssh_pkt_addstring(s->pktout, "gssapi-with-mic");
8645
86557057 8646 s->gss_buf.value = (char *)s->pktout->data + micoffset;
8647 s->gss_buf.length = s->pktout->length - micoffset;
42af6a67 8648
b3d375b2 8649 s->gsslib->get_mic(s->gsslib, s->gss_ctx, &s->gss_buf, &mic);
42af6a67 8650 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_MIC);
8651 ssh_pkt_addstring_start(s->pktout);
86557057 8652 ssh_pkt_addstring_data(s->pktout, mic.value, mic.length);
42af6a67 8653 ssh2_pkt_send(ssh, s->pktout);
b3d375b2 8654 s->gsslib->free_mic(s->gsslib, &mic);
42af6a67 8655
8656 s->gotit = FALSE;
8657
b3d375b2 8658 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8659 s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
42af6a67 8660 continue;
8661#endif
edd0cb8a 8662 } else if (s->can_keyb_inter && !s->kbd_inter_refused) {
8663
8664 /*
8665 * Keyboard-interactive authentication.
8666 */
edd0cb8a 8667
edd0cb8a 8668 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
8669
acab36bc 8670 ssh->pkt_actx = SSH2_PKTCTX_KBDINTER;
edd0cb8a 8671
8672 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
4a693cfc 8673 ssh2_pkt_addstring(s->pktout, ssh->username);
edd0cb8a 8674 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8675 /* service requested */
8676 ssh2_pkt_addstring(s->pktout, "keyboard-interactive");
8677 /* method */
8678 ssh2_pkt_addstring(s->pktout, ""); /* lang */
8679 ssh2_pkt_addstring(s->pktout, ""); /* submethods */
8680 ssh2_pkt_send(ssh, s->pktout);
8221906d 8681
8682 logevent("Attempting keyboard-interactive authentication");
edd0cb8a 8683
8684 crWaitUntilV(pktin);
8685 if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
8686 /* Server is not willing to do keyboard-interactive
b8e3173d 8687 * at all (or, bizarrely but legally, accepts the
8688 * user without actually issuing any prompts).
8689 * Give up on it entirely. */
edd0cb8a 8690 s->gotit = TRUE;
edd0cb8a 8691 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
8692 s->kbd_inter_refused = TRUE; /* don't try it again */
8693 continue;
8694 }
8695
8696 /*
b8e3173d 8697 * Loop while the server continues to send INFO_REQUESTs.
edd0cb8a 8698 */
b8e3173d 8699 while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
edd0cb8a 8700
b8e3173d 8701 char *name, *inst, *lang;
8702 int name_len, inst_len, lang_len;
8703 int i;
8704
8705 /*
8706 * We've got a fresh USERAUTH_INFO_REQUEST.
8707 * Get the preamble and start building a prompt.
8708 */
8709 ssh_pkt_getstring(pktin, &name, &name_len);
8710 ssh_pkt_getstring(pktin, &inst, &inst_len);
8711 ssh_pkt_getstring(pktin, &lang, &lang_len);
8712 s->cur_prompt = new_prompts(ssh->frontend);
8713 s->cur_prompt->to_server = TRUE;
edd0cb8a 8714
b8e3173d 8715 /*
9ea10e78 8716 * Get any prompt(s) from the packet.
b8e3173d 8717 */
8718 s->num_prompts = ssh_pkt_getuint32(pktin);
8719 for (i = 0; i < s->num_prompts; i++) {
8720 char *prompt;
8721 int prompt_len;
8722 int echo;
8723 static char noprompt[] =
8724 "<server failed to send prompt>: ";
8725
8726 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8727 echo = ssh2_pkt_getbool(pktin);
8728 if (!prompt_len) {
8729 prompt = noprompt;
8730 prompt_len = lenof(noprompt)-1;
8731 }
8732 add_prompt(s->cur_prompt,
8733 dupprintf("%.*s", prompt_len, prompt),
b61f81bc 8734 echo);
edd0cb8a 8735 }
b8e3173d 8736
9874c9d7 8737 if (name_len) {
8738 /* FIXME: better prefix to distinguish from
8739 * local prompts? */
8740 s->cur_prompt->name =
8741 dupprintf("SSH server: %.*s", name_len, name);
8742 s->cur_prompt->name_reqd = TRUE;
8743 } else {
8744 s->cur_prompt->name =
8745 dupstr("SSH server authentication");
8746 s->cur_prompt->name_reqd = FALSE;
8747 }
8748 /* We add a prefix to try to make it clear that a prompt
8749 * has come from the server.
8750 * FIXME: ugly to print "Using..." in prompt _every_
8751 * time round. Can this be done more subtly? */
8752 /* Special case: for reasons best known to themselves,
8753 * some servers send k-i requests with no prompts and
8754 * nothing to display. Keep quiet in this case. */
8755 if (s->num_prompts || name_len || inst_len) {
8756 s->cur_prompt->instruction =
8757 dupprintf("Using keyboard-interactive authentication.%s%.*s",
8758 inst_len ? "\n" : "", inst_len, inst);
8759 s->cur_prompt->instr_reqd = TRUE;
8760 } else {
8761 s->cur_prompt->instr_reqd = FALSE;
8762 }
8763
b8e3173d 8764 /*
9ea10e78 8765 * Display any instructions, and get the user's
8766 * response(s).
b8e3173d 8767 */
9ea10e78 8768 {
b8e3173d 8769 int ret; /* not live over crReturn */
8770 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8771 while (ret < 0) {
8772 ssh->send_ok = 1;
8773 crWaitUntilV(!pktin);
8774 ret = get_userpass_input(s->cur_prompt, in, inlen);
8775 ssh->send_ok = 0;
8776 }
8777 if (!ret) {
8778 /*
8779 * Failed to get responses. Terminate.
8780 */
8781 free_prompts(s->cur_prompt);
8782 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8783 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8784 TRUE);
8785 crStopV;
8786 }
edd0cb8a 8787 }
b8e3173d 8788
8789 /*
9ea10e78 8790 * Send the response(s) to the server.
b8e3173d 8791 */
8792 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
b8e3173d 8793 ssh2_pkt_adduint32(s->pktout, s->num_prompts);
8794 for (i=0; i < s->num_prompts; i++) {
8795 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8796 ssh2_pkt_addstring(s->pktout,
8797 s->cur_prompt->prompts[i]->result);
8798 end_log_omission(ssh, s->pktout);
8799 }
18524056 8800 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
b8e3173d 8801
c69784c0 8802 /*
8803 * Free the prompts structure from this iteration.
8804 * If there's another, a new one will be allocated
8805 * when we return to the top of this while loop.
8806 */
8807 free_prompts(s->cur_prompt);
8808
b8e3173d 8809 /*
8810 * Get the next packet in case it's another
8811 * INFO_REQUEST.
8812 */
8813 crWaitUntilV(pktin);
8814
edd0cb8a 8815 }
8816
8817 /*
b8e3173d 8818 * We should have SUCCESS or FAILURE now.
edd0cb8a 8819 */
b8e3173d 8820 s->gotit = TRUE;
edd0cb8a 8821
8822 } else if (s->can_passwd) {
8823
8824 /*
8825 * Plain old password authentication.
8826 */
8827 int ret; /* not live over crReturn */
e955d348 8828 int changereq_first_time; /* not live over crReturn */
edd0cb8a 8829
acab36bc 8830 ssh->pkt_actx = SSH2_PKTCTX_PASSWORD;
edd0cb8a 8831
8832 s->cur_prompt = new_prompts(ssh->frontend);
8833 s->cur_prompt->to_server = TRUE;
8834 s->cur_prompt->name = dupstr("SSH password");
4a693cfc 8835 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
8836 ssh->username,
edd0cb8a 8837 ssh->savedhost),
b61f81bc 8838 FALSE);
edd0cb8a 8839
8840 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8841 while (ret < 0) {
8842 ssh->send_ok = 1;
8843 crWaitUntilV(!pktin);
8844 ret = get_userpass_input(s->cur_prompt, in, inlen);
8845 ssh->send_ok = 0;
8846 }
8847 if (!ret) {
8848 /*
8849 * Failed to get responses. Terminate.
8850 */
8851 free_prompts(s->cur_prompt);
8852 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8853 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8854 TRUE);
8855 crStopV;
8856 }
e955d348 8857 /*
8858 * Squirrel away the password. (We may need it later if
8859 * asked to change it.)
8860 */
8861 s->password = dupstr(s->cur_prompt->prompts[0]->result);
8862 free_prompts(s->cur_prompt);
edd0cb8a 8863
8864 /*
8865 * Send the password packet.
8866 *
95d2d262 8867 * We pad out the password packet to 256 bytes to make
8868 * it harder for an attacker to find the length of the
8869 * user's password.
1408a877 8870 *
95d2d262 8871 * Anyone using a password longer than 256 bytes
8872 * probably doesn't have much to worry about from
1408a877 8873 * people who find out how long their password is!
65a22376 8874 */
ff3187f6 8875 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
4a693cfc 8876 ssh2_pkt_addstring(s->pktout, ssh->username);
edd0cb8a 8877 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8878 /* service requested */
ff3187f6 8879 ssh2_pkt_addstring(s->pktout, "password");
8880 ssh2_pkt_addbool(s->pktout, FALSE);
8881 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
e955d348 8882 ssh2_pkt_addstring(s->pktout, s->password);
ff3187f6 8883 end_log_omission(ssh, s->pktout);
18524056 8884 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
0d43337a 8885 logevent("Sent password");
28f4d4f0 8886 s->type = AUTH_TYPE_PASSWORD;
edd0cb8a 8887
e955d348 8888 /*
8889 * Wait for next packet, in case it's a password change
8890 * request.
8891 */
8892 crWaitUntilV(pktin);
8893 changereq_first_time = TRUE;
8894
8895 while (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
8896
8897 /*
8898 * We're being asked for a new password
8899 * (perhaps not for the first time).
8900 * Loop until the server accepts it.
8901 */
8902
8903 int got_new = FALSE; /* not live over crReturn */
8904 char *prompt; /* not live over crReturn */
8905 int prompt_len; /* not live over crReturn */
8906
8907 {
8908 char *msg;
8909 if (changereq_first_time)
8910 msg = "Server requested password change";
8911 else
8912 msg = "Server rejected new password";
8913 logevent(msg);
8914 c_write_str(ssh, msg);
8915 c_write_str(ssh, "\r\n");
8916 }
8917
8918 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8919
8920 s->cur_prompt = new_prompts(ssh->frontend);
8921 s->cur_prompt->to_server = TRUE;
8922 s->cur_prompt->name = dupstr("New SSH password");
8923 s->cur_prompt->instruction =
8924 dupprintf("%.*s", prompt_len, prompt);
8925 s->cur_prompt->instr_reqd = TRUE;
d9add7bc 8926 /*
8927 * There's no explicit requirement in the protocol
8928 * for the "old" passwords in the original and
8929 * password-change messages to be the same, and
8930 * apparently some Cisco kit supports password change
8931 * by the user entering a blank password originally
8932 * and the real password subsequently, so,
8933 * reluctantly, we prompt for the old password again.
8934 *
8935 * (On the other hand, some servers don't even bother
8936 * to check this field.)
8937 */
8938 add_prompt(s->cur_prompt,
8939 dupstr("Current password (blank for previously entered password): "),
b61f81bc 8940 FALSE);
e955d348 8941 add_prompt(s->cur_prompt, dupstr("Enter new password: "),
b61f81bc 8942 FALSE);
e955d348 8943 add_prompt(s->cur_prompt, dupstr("Confirm new password: "),
b61f81bc 8944 FALSE);
e955d348 8945
8946 /*
8947 * Loop until the user manages to enter the same
8948 * password twice.
8949 */
8950 while (!got_new) {
8951
8952 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8953 while (ret < 0) {
8954 ssh->send_ok = 1;
8955 crWaitUntilV(!pktin);
8956 ret = get_userpass_input(s->cur_prompt, in, inlen);
8957 ssh->send_ok = 0;
8958 }
8959 if (!ret) {
8960 /*
8961 * Failed to get responses. Terminate.
8962 */
8963 /* burn the evidence */
8964 free_prompts(s->cur_prompt);
dfb88efd 8965 smemclr(s->password, strlen(s->password));
e955d348 8966 sfree(s->password);
8967 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8968 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8969 TRUE);
8970 crStopV;
8971 }
8972
8973 /*
d9add7bc 8974 * If the user specified a new original password
8975 * (IYSWIM), overwrite any previously specified
8976 * one.
8977 * (A side effect is that the user doesn't have to
8978 * re-enter it if they louse up the new password.)
8979 */
8980 if (s->cur_prompt->prompts[0]->result[0]) {
dfb88efd 8981 smemclr(s->password, strlen(s->password));
d9add7bc 8982 /* burn the evidence */
8983 sfree(s->password);
8984 s->password =
8985 dupstr(s->cur_prompt->prompts[0]->result);
8986 }
8987
8988 /*
8989 * Check the two new passwords match.
e955d348 8990 */
d9add7bc 8991 got_new = (strcmp(s->cur_prompt->prompts[1]->result,
8992 s->cur_prompt->prompts[2]->result)
e955d348 8993 == 0);
8994 if (!got_new)
8995 /* They don't. Silly user. */
8996 c_write_str(ssh, "Passwords do not match\r\n");
8997
8998 }
8999
9000 /*
9001 * Send the new password (along with the old one).
9002 * (see above for padding rationale)
9003 */
9004 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
4a693cfc 9005 ssh2_pkt_addstring(s->pktout, ssh->username);
e955d348 9006 ssh2_pkt_addstring(s->pktout, "ssh-connection");
9007 /* service requested */
9008 ssh2_pkt_addstring(s->pktout, "password");
9009 ssh2_pkt_addbool(s->pktout, TRUE);
9010 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
9011 ssh2_pkt_addstring(s->pktout, s->password);
9012 ssh2_pkt_addstring(s->pktout,
d9add7bc 9013 s->cur_prompt->prompts[1]->result);
e955d348 9014 free_prompts(s->cur_prompt);
9015 end_log_omission(ssh, s->pktout);
18524056 9016 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
e955d348 9017 logevent("Sent new password");
9018
9019 /*
9020 * Now see what the server has to say about it.
9021 * (If it's CHANGEREQ again, it's not happy with the
9022 * new password.)
9023 */
9024 crWaitUntilV(pktin);
9025 changereq_first_time = FALSE;
9026
9027 }
9028
9029 /*
9030 * We need to reexamine the current pktin at the top
9031 * of the loop. Either:
9032 * - we weren't asked to change password at all, in
9033 * which case it's a SUCCESS or FAILURE with the
9034 * usual meaning
9035 * - we sent a new password, and the server was
9036 * either OK with it (SUCCESS or FAILURE w/partial
9037 * success) or unhappy with the _old_ password
9038 * (FAILURE w/o partial success)
9039 * In any of these cases, we go back to the top of
9040 * the loop and start again.
9041 */
9042 s->gotit = TRUE;
9043
9044 /*
9045 * We don't need the old password any more, in any
9046 * case. Burn the evidence.
9047 */
dfb88efd 9048 smemclr(s->password, strlen(s->password));
e955d348 9049 sfree(s->password);
9050
1408a877 9051 } else {
854caca5 9052 char *str = dupprintf("No supported authentication methods available"
9053 " (server sent: %.*s)",
9054 methlen, methods);
edd0cb8a 9055
854caca5 9056 ssh_disconnect(ssh, str,
9e296bfa 9057 "No supported authentication methods available",
9058 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,
9059 FALSE);
854caca5 9060 sfree(str);
9061
7ffdbc1a 9062 crStopV;
edd0cb8a 9063
65a22376 9064 }
edd0cb8a 9065
65a22376 9066 }
a1a1fae4 9067 }
6bbce591 9068 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
7cca0d81 9069
edd0cb8a 9070 /* Clear up various bits and pieces from authentication. */
9071 if (s->publickey_blob) {
9072 sfree(s->publickey_blob);
9073 sfree(s->publickey_comment);
9074 }
94cd7c3a 9075 if (s->agent_response)
9076 sfree(s->agent_response);
edd0cb8a 9077
ab18ccff 9078 if (s->userauth_success) {
9079 /*
9080 * We've just received USERAUTH_SUCCESS, and we haven't sent any
9081 * packets since. Signal the transport layer to consider enacting
9082 * delayed compression.
9083 *
9084 * (Relying on we_are_in is not sufficient, as
9085 * draft-miller-secsh-compression-delayed is quite clear that it
9086 * triggers on USERAUTH_SUCCESS specifically, and we_are_in can
9087 * become set for other reasons.)
9088 */
9089 do_ssh2_transport(ssh, "enabling delayed compression", -2, NULL);
9090 }
9091
7cca0d81 9092 /*
a1a1fae4 9093 * Now the connection protocol has started, one way or another.
7cca0d81 9094 */
9095
0ed48730 9096 ssh->channels = newtree234(ssh_channelcmp);
9097
7cca0d81 9098 /*
b09eaa88 9099 * Set up handlers for some connection protocol messages, so we
9100 * don't have to handle them repeatedly in this coroutine.
9101 */
9102 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] =
9103 ssh2_msg_channel_window_adjust;
51df0ab5 9104 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] =
9105 ssh2_msg_global_request;
b09eaa88 9106
9107 /*
0ed48730 9108 * Create the main session channel.
7cca0d81 9109 */
4a693cfc 9110 if (conf_get_int(ssh->conf, CONF_ssh_no_shell)) {
feb02b4e 9111 ssh->mainchan = NULL;
4a693cfc 9112 } else if (*conf_get_str(ssh->conf, CONF_ssh_nc_host)) {
feb02b4e 9113 /*
9114 * Just start a direct-tcpip channel and use it as the main
9115 * channel.
9116 */
9117 ssh->mainchan = snew(struct ssh_channel);
9118 ssh->mainchan->ssh = ssh;
94bdfe40 9119 ssh2_channel_init(ssh->mainchan);
23828b7e 9120 logeventf(ssh,
9121 "Opening direct-tcpip channel to %s:%d in place of session",
4a693cfc 9122 conf_get_str(ssh->conf, CONF_ssh_nc_host),
9123 conf_get_int(ssh->conf, CONF_ssh_nc_port));
feb02b4e 9124 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
9125 ssh2_pkt_addstring(s->pktout, "direct-tcpip");
9126 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
feb02b4e 9127 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
9128 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
4a693cfc 9129 ssh2_pkt_addstring(s->pktout, conf_get_str(ssh->conf, CONF_ssh_nc_host));
9130 ssh2_pkt_adduint32(s->pktout, conf_get_int(ssh->conf, CONF_ssh_nc_port));
feb02b4e 9131 /*
23828b7e 9132 * There's nothing meaningful to put in the originator
9133 * fields, but some servers insist on syntactically correct
9134 * information.
feb02b4e 9135 */
9136 ssh2_pkt_addstring(s->pktout, "0.0.0.0");
9137 ssh2_pkt_adduint32(s->pktout, 0);
9138 ssh2_pkt_send(ssh, s->pktout);
9139
9140 crWaitUntilV(pktin);
9141 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
9142 bombout(("Server refused to open a direct-tcpip channel"));
9143 crStopV;
9144 /* FIXME: error data comes back in FAILURE packet */
9145 }
9146 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
9147 bombout(("Server's channel confirmation cited wrong channel"));
9148 crStopV;
9149 }
9150 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
9151 ssh->mainchan->halfopen = FALSE;
9152 ssh->mainchan->type = CHAN_MAINSESSION;
feb02b4e 9153 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
9154 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
feb02b4e 9155 add234(ssh->channels, ssh->mainchan);
9156 update_specials_menu(ssh->frontend);
23828b7e 9157 logevent("Opened direct-tcpip channel");
feb02b4e 9158 ssh->ncmode = TRUE;
9159 } else {
0ed48730 9160 ssh->mainchan = snew(struct ssh_channel);
9161 ssh->mainchan->ssh = ssh;
94bdfe40 9162 ssh2_channel_init(ssh->mainchan);
ff3187f6 9163 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
9164 ssh2_pkt_addstring(s->pktout, "session");
9165 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
ff3187f6 9166 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
954d5c5a 9167 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
ff3187f6 9168 ssh2_pkt_send(ssh, s->pktout);
9169 crWaitUntilV(pktin);
9170 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
0ed48730 9171 bombout(("Server refused to open a session"));
9172 crStopV;
9173 /* FIXME: error data comes back in FAILURE packet */
9174 }
ff3187f6 9175 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
0ed48730 9176 bombout(("Server's channel confirmation cited wrong channel"));
9177 crStopV;
9178 }
ff3187f6 9179 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
64d6ff88 9180 ssh->mainchan->halfopen = FALSE;
0ed48730 9181 ssh->mainchan->type = CHAN_MAINSESSION;
ff3187f6 9182 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
9183 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
0ed48730 9184 add234(ssh->channels, ssh->mainchan);
62638676 9185 update_specials_menu(ssh->frontend);
0ed48730 9186 logevent("Opened channel for session");
feb02b4e 9187 ssh->ncmode = FALSE;
9188 }
7cca0d81 9189
9190 /*
51df0ab5 9191 * Now we have a channel, make dispatch table entries for
9192 * general channel-based messages.
9193 */
9194 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] =
9195 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] =
9196 ssh2_msg_channel_data;
9197 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_channel_eof;
9198 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_channel_close;
9199 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] =
9200 ssh2_msg_channel_open_confirmation;
9201 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] =
9202 ssh2_msg_channel_open_failure;
9203 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] =
9204 ssh2_msg_channel_request;
9205 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] =
9206 ssh2_msg_channel_open;
ebbc254d 9207 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = ssh2_msg_channel_response;
9208 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = ssh2_msg_channel_response;
9209
51df0ab5 9210
4a693cfc 9211 if (ssh->mainchan && conf_get_int(ssh->conf, CONF_ssh_simple)) {
3361b80a 9212 /*
9213 * This message indicates to the server that we promise
9214 * not to try to run any other channel in parallel with
9215 * this one, so it's safe for it to advertise a very large
9216 * window and leave the flow control to TCP.
9217 */
134f5ece 9218 s->pktout = ssh2_chanreq_init(ssh->mainchan,
9219 "simple@putty.projects.tartarus.org",
9220 NULL, NULL);
3361b80a 9221 ssh2_pkt_send(ssh, s->pktout);
9222 }
9223
51df0ab5 9224 /*
c99deca4 9225 * Enable port forwardings.
9226 */
9227 ssh_setup_portfwd(ssh, ssh->conf);
9228
9229 /*
ebbc254d 9230 * Send the CHANNEL_REQUESTS for the main channel. Each one is
9231 * handled by its own little asynchronous co-routine.
c99deca4 9232 */
9233
9234 /*
783415f8 9235 * Potentially enable X11 forwarding.
9236 */
67a9ec92 9237 /*
9238 * Potentially enable X11 forwarding.
9239 */
9240 if (ssh->mainchan && !ssh->ncmode && conf_get_int(ssh->conf, CONF_x11_forward) &&
9241 (ssh->x11disp = x11_setup_display(conf_get_str(ssh->conf, CONF_x11_display),
9242 conf_get_int(ssh->conf, CONF_x11_auth), ssh->conf)))
9243 ssh2_setup_x11(ssh->mainchan, NULL, NULL);
bc240b21 9244
9245 /*
36c2a3e9 9246 * Potentially enable agent forwarding.
9247 */
67a9ec92 9248 if (ssh->mainchan && !ssh->ncmode && conf_get_int(ssh->conf, CONF_agentfwd) && agent_exists())
9249 ssh2_setup_agent(ssh->mainchan, NULL, NULL);
36c2a3e9 9250
9251 /*
7cca0d81 9252 * Now allocate a pty for the session.
9253 */
67a9ec92 9254 if (ssh->mainchan && !ssh->ncmode && !conf_get_int(ssh->conf, CONF_nopty)) {
9255 ssh2_setup_pty(ssh->mainchan, NULL, NULL);
9256 } else {
9257 ssh->editing = ssh->echoing = 1;
9258 }
7cca0d81 9259
9260 /*
73feed4f 9261 * Send environment variables.
73feed4f 9262 */
67a9ec92 9263 if (ssh->mainchan && !ssh->ncmode)
9264 ssh2_setup_env(ssh->mainchan, NULL, NULL);
73feed4f 9265
9266 /*
fd5e5847 9267 * Start a shell or a remote command. We may have to attempt
9268 * this twice if the config data has provided a second choice
9269 * of command.
7cca0d81 9270 */
feb02b4e 9271 if (ssh->mainchan && !ssh->ncmode) while (1) {
fd5e5847 9272 int subsys;
9273 char *cmd;
9274
51470298 9275 if (ssh->fallback_cmd) {
4a693cfc 9276 subsys = conf_get_int(ssh->conf, CONF_ssh_subsys2);
9277 cmd = conf_get_str(ssh->conf, CONF_remote_cmd2);
fd5e5847 9278 } else {
4a693cfc 9279 subsys = conf_get_int(ssh->conf, CONF_ssh_subsys);
9280 cmd = conf_get_str(ssh->conf, CONF_remote_cmd);
fd5e5847 9281 }
9282
fd5e5847 9283 if (subsys) {
134f5ece 9284 s->pktout = ssh2_chanreq_init(ssh->mainchan, "subsystem",
9285 ssh2_response_authconn, NULL);
ff3187f6 9286 ssh2_pkt_addstring(s->pktout, cmd);
fd5e5847 9287 } else if (*cmd) {
134f5ece 9288 s->pktout = ssh2_chanreq_init(ssh->mainchan, "exec",
9289 ssh2_response_authconn, NULL);
ff3187f6 9290 ssh2_pkt_addstring(s->pktout, cmd);
fd5e5847 9291 } else {
134f5ece 9292 s->pktout = ssh2_chanreq_init(ssh->mainchan, "shell",
9293 ssh2_response_authconn, NULL);
32874aea 9294 }
ff3187f6 9295 ssh2_pkt_send(ssh, s->pktout);
b09eaa88 9296
9297 crWaitUntilV(pktin);
9298
ff3187f6 9299 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
9300 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
6b5cf8b4 9301 bombout(("Unexpected response to shell/command request:"
ff3187f6 9302 " packet type %d", pktin->type));
7ffdbc1a 9303 crStopV;
fd5e5847 9304 }
9305 /*
9306 * We failed to start the command. If this is the
9307 * fallback command, we really are finished; if it's
9308 * not, and if the fallback command exists, try falling
9309 * back to it before complaining.
9310 */
4a693cfc 9311 if (!ssh->fallback_cmd &&
9312 *conf_get_str(ssh->conf, CONF_remote_cmd2)) {
fd5e5847 9313 logevent("Primary command failed; attempting fallback");
51470298 9314 ssh->fallback_cmd = TRUE;
fd5e5847 9315 continue;
9316 }
6b5cf8b4 9317 bombout(("Server refused to start a shell/command"));
7ffdbc1a 9318 crStopV;
fd5e5847 9319 } else {
9320 logevent("Started a shell/command");
32874aea 9321 }
fd5e5847 9322 break;
7cca0d81 9323 }
9324
51470298 9325 ssh->state = SSH_STATE_SESSION;
9326 if (ssh->size_needed)
9327 ssh_size(ssh, ssh->term_width, ssh->term_height);
9328 if (ssh->eof_needed)
9329 ssh_special(ssh, TS_EOF);
6e48c3fe 9330
7cca0d81 9331 /*
9332 * Transfer data!
9333 */
b9d7bcad 9334 if (ssh->ldisc)
9335 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
0ed48730 9336 if (ssh->mainchan)
9337 ssh->send_ok = 1;
7cca0d81 9338 while (1) {
e5574168 9339 crReturnV;
51470298 9340 s->try_send = FALSE;
ff3187f6 9341 if (pktin) {
2b7540a7 9342
51df0ab5 9343 /*
9344 * _All_ the connection-layer packets we expect to
9345 * receive are now handled by the dispatch table.
9346 * Anything that reaches here must be bogus.
9347 */
32874aea 9348
51df0ab5 9349 bombout(("Strange packet received: type %d", pktin->type));
9350 crStopV;
0ed48730 9351 } else if (ssh->mainchan) {
32874aea 9352 /*
9353 * We have spare data. Add it to the channel buffer.
9354 */
d8baa528 9355 ssh2_add_channel_data(ssh->mainchan, (char *)in, inlen);
51470298 9356 s->try_send = TRUE;
32874aea 9357 }
51470298 9358 if (s->try_send) {
32874aea 9359 int i;
9360 struct ssh_channel *c;
9361 /*
9362 * Try to send data on all channels if we can.
9363 */
1bfc7e93 9364 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
78280721 9365 ssh2_try_send_and_unthrottle(ssh, c);
7cca0d81 9366 }
e5574168 9367 }
9368
9369 crFinishV;
9370}
9371
9372/*
2e85c969 9373 * Handlers for SSH-2 messages that might arrive at any moment.
b09eaa88 9374 */
409bfa77 9375static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
b09eaa88 9376{
9377 /* log reason code in disconnect message */
9378 char *buf, *msg;
60860bc3 9379 int reason, msglen;
b09eaa88 9380
9381 reason = ssh_pkt_getuint32(pktin);
9382 ssh_pkt_getstring(pktin, &msg, &msglen);
9383
9384 if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
9385 buf = dupprintf("Received disconnect message (%s)",
9386 ssh2_disconnect_reasons[reason]);
9387 } else {
9388 buf = dupprintf("Received disconnect message (unknown"
9389 " type %d)", reason);
9390 }
9391 logevent(buf);
9392 sfree(buf);
60860bc3 9393 buf = dupprintf("Disconnection message text: %.*s",
9394 msglen, msg);
b09eaa88 9395 logevent(buf);
60860bc3 9396 bombout(("Server sent disconnect message\ntype %d (%s):\n\"%.*s\"",
b09eaa88 9397 reason,
9398 (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
9399 ssh2_disconnect_reasons[reason] : "unknown",
60860bc3 9400 msglen, msg));
b09eaa88 9401 sfree(buf);
9402}
9403
409bfa77 9404static void ssh2_msg_debug(Ssh ssh, struct Packet *pktin)
b09eaa88 9405{
9406 /* log the debug message */
fb983202 9407 char *msg;
b09eaa88 9408 int msglen;
b09eaa88 9409
3ab79841 9410 /* XXX maybe we should actually take notice of the return value */
9411 ssh2_pkt_getbool(pktin);
b09eaa88 9412 ssh_pkt_getstring(pktin, &msg, &msglen);
9413
fb983202 9414 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
b09eaa88 9415}
9416
bc074147 9417static void ssh2_msg_transport(Ssh ssh, struct Packet *pktin)
9418{
9419 do_ssh2_transport(ssh, NULL, 0, pktin);
9420}
9421
9422/*
9423 * Called if we receive a packet that isn't allowed by the protocol.
9424 * This only applies to packets whose meaning PuTTY understands.
9425 * Entirely unknown packets are handled below.
9426 */
9427static void ssh2_msg_unexpected(Ssh ssh, struct Packet *pktin)
9428{
9429 char *buf = dupprintf("Server protocol violation: unexpected %s packet",
9430 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
9431 pktin->type));
9432 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
1418b055 9433 sfree(buf);
bc074147 9434}
9435
409bfa77 9436static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
b09eaa88 9437{
9438 struct Packet *pktout;
9439 pktout = ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED);
9440 ssh2_pkt_adduint32(pktout, pktin->sequence);
9441 /*
9442 * UNIMPLEMENTED messages MUST appear in the same order as the
9443 * messages they respond to. Hence, never queue them.
9444 */
9445 ssh2_pkt_send_noqueue(ssh, pktout);
9446}
9447
9448/*
2e85c969 9449 * Handle the top-level SSH-2 protocol.
7cca0d81 9450 */
b09eaa88 9451static void ssh2_protocol_setup(Ssh ssh)
9452{
9453 int i;
9454
9455 /*
9456 * Most messages cause SSH2_MSG_UNIMPLEMENTED.
9457 */
9458 for (i = 0; i < 256; i++)
9459 ssh->packet_dispatch[i] = ssh2_msg_something_unimplemented;
9460
9461 /*
bc074147 9462 * Initially, we only accept transport messages (and a few generic
9463 * ones). do_ssh2_authconn will add more when it starts.
9464 * Messages that are understood but not currently acceptable go to
9465 * ssh2_msg_unexpected.
b09eaa88 9466 */
bc074147 9467 ssh->packet_dispatch[SSH2_MSG_UNIMPLEMENTED] = ssh2_msg_unexpected;
9468 ssh->packet_dispatch[SSH2_MSG_SERVICE_REQUEST] = ssh2_msg_unexpected;
9469 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = ssh2_msg_unexpected;
9470 ssh->packet_dispatch[SSH2_MSG_KEXINIT] = ssh2_msg_transport;
9471 ssh->packet_dispatch[SSH2_MSG_NEWKEYS] = ssh2_msg_transport;
9472 ssh->packet_dispatch[SSH2_MSG_KEXDH_INIT] = ssh2_msg_transport;
9473 ssh->packet_dispatch[SSH2_MSG_KEXDH_REPLY] = ssh2_msg_transport;
9474 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REQUEST] = ssh2_msg_transport; duplicate case value */
9475 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_GROUP] = ssh2_msg_transport; duplicate case value */
9476 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_INIT] = ssh2_msg_transport;
9477 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REPLY] = ssh2_msg_transport;
9478 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = ssh2_msg_unexpected;
9479 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = ssh2_msg_unexpected;
9480 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = ssh2_msg_unexpected;
9481 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = ssh2_msg_unexpected;
9482 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = ssh2_msg_unexpected;
9483 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = ssh2_msg_unexpected; duplicate case value */
9484 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = ssh2_msg_unexpected; duplicate case value */
9485 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = ssh2_msg_unexpected;
9486 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = ssh2_msg_unexpected;
9487 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = ssh2_msg_unexpected;
9488 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = ssh2_msg_unexpected;
9489 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = ssh2_msg_unexpected;
9490 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = ssh2_msg_unexpected;
9491 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = ssh2_msg_unexpected;
9492 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = ssh2_msg_unexpected;
9493 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = ssh2_msg_unexpected;
9494 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = ssh2_msg_unexpected;
9495 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_unexpected;
9496 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_unexpected;
9497 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] = ssh2_msg_unexpected;
9498 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = ssh2_msg_unexpected;
9499 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = ssh2_msg_unexpected;
b09eaa88 9500
9501 /*
bc074147 9502 * These messages have a special handler from the start.
b09eaa88 9503 */
9504 ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
2e85c969 9505 ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
b09eaa88 9506 ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
9507}
9508
9442dd57 9509static void ssh2_timer(void *ctx, long now)
9510{
9511 Ssh ssh = (Ssh)ctx;
9512
ecbb0000 9513 if (ssh->state == SSH_STATE_CLOSED)
9514 return;
9515
4a693cfc 9516 if (!ssh->kex_in_progress && conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0 &&
9442dd57 9517 now - ssh->next_rekey >= 0) {
f382c87d 9518 do_ssh2_transport(ssh, "timeout", -1, NULL);
9442dd57 9519 }
9520}
9521
1c1a7262 9522static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
ff3187f6 9523 struct Packet *pktin)
7cca0d81 9524{
1c1a7262 9525 unsigned char *in = (unsigned char *)vin;
b09eaa88 9526 if (ssh->state == SSH_STATE_CLOSED)
9527 return;
9528
9442dd57 9529 if (pktin) {
9530 ssh->incoming_data_size += pktin->encrypted_len;
9531 if (!ssh->kex_in_progress &&
d57f70af 9532 ssh->max_data_size != 0 &&
9533 ssh->incoming_data_size > ssh->max_data_size)
f382c87d 9534 do_ssh2_transport(ssh, "too much data received", -1, NULL);
9442dd57 9535 }
9536
bc074147 9537 if (pktin)
b09eaa88 9538 ssh->packet_dispatch[pktin->type](ssh, pktin);
bc074147 9539 else if (!ssh->protocol_initial_phase_done)
9540 do_ssh2_transport(ssh, in, inlen, pktin);
9541 else
b09eaa88 9542 do_ssh2_authconn(ssh, in, inlen, pktin);
7cca0d81 9543}
9544
4a693cfc 9545static void ssh_cache_conf_values(Ssh ssh)
9546{
9547 ssh->logomitdata = conf_get_int(ssh->conf, CONF_logomitdata);
9548}
9549
7cca0d81 9550/*
8df7a775 9551 * Called to set up the connection.
374330e2 9552 *
9553 * Returns an error message, or NULL on success.
374330e2 9554 */
cbe2d68f 9555static const char *ssh_init(void *frontend_handle, void **backend_handle,
4a693cfc 9556 Conf *conf, char *host, int port, char **realhost,
9557 int nodelay, int keepalive)
32874aea 9558{
cbe2d68f 9559 const char *p;
51470298 9560 Ssh ssh;
9561
3d88e64d 9562 ssh = snew(struct ssh_tag);
4a693cfc 9563 ssh->conf = conf_copy(conf);
9564 ssh_cache_conf_values(ssh);
125105d1 9565 ssh->version = 0; /* when not ready yet */
51470298 9566 ssh->s = NULL;
9567 ssh->cipher = NULL;
371e569c 9568 ssh->v1_cipher_ctx = NULL;
0183b242 9569 ssh->crcda_ctx = NULL;
51470298 9570 ssh->cscipher = NULL;
371e569c 9571 ssh->cs_cipher_ctx = NULL;
51470298 9572 ssh->sccipher = NULL;
371e569c 9573 ssh->sc_cipher_ctx = NULL;
51470298 9574 ssh->csmac = NULL;
a8327734 9575 ssh->cs_mac_ctx = NULL;
51470298 9576 ssh->scmac = NULL;
e0e1a00d 9577 ssh->sc_mac_ctx = NULL;
51470298 9578 ssh->cscomp = NULL;
5366aed8 9579 ssh->cs_comp_ctx = NULL;
51470298 9580 ssh->sccomp = NULL;
5366aed8 9581 ssh->sc_comp_ctx = NULL;
51470298 9582 ssh->kex = NULL;
389aa499 9583 ssh->kex_ctx = NULL;
51470298 9584 ssh->hostkey = NULL;
9585 ssh->exitcode = -1;
ac934965 9586 ssh->close_expected = FALSE;
9e296bfa 9587 ssh->clean_exit = FALSE;
51470298 9588 ssh->state = SSH_STATE_PREPACKET;
9589 ssh->size_needed = FALSE;
9590 ssh->eof_needed = FALSE;
b9d7bcad 9591 ssh->ldisc = NULL;
a8327734 9592 ssh->logctx = NULL;
51470298 9593 ssh->deferred_send_data = NULL;
9594 ssh->deferred_len = 0;
9595 ssh->deferred_size = 0;
9596 ssh->fallback_cmd = 0;
acab36bc 9597 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
9598 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
8def70c3 9599 ssh->x11disp = NULL;
be738459 9600 ssh->v1_compressing = FALSE;
51470298 9601 ssh->v2_outgoing_sequence = 0;
9602 ssh->ssh1_rdpkt_crstate = 0;
9603 ssh->ssh2_rdpkt_crstate = 0;
51470298 9604 ssh->ssh_gotdata_crstate = 0;
b09eaa88 9605 ssh->do_ssh1_connection_crstate = 0;
51470298 9606 ssh->do_ssh_init_state = NULL;
9607 ssh->do_ssh1_login_state = NULL;
9608 ssh->do_ssh2_transport_state = NULL;
9609 ssh->do_ssh2_authconn_state = NULL;
4320baf7 9610 ssh->v_c = NULL;
9611 ssh->v_s = NULL;
6571dbfd 9612 ssh->mainchan = NULL;
968d2d92 9613 ssh->throttled_all = 0;
9614 ssh->v1_stdout_throttling = 0;
590f6a5f 9615 ssh->queue = NULL;
9616 ssh->queuelen = ssh->queuesize = 0;
9617 ssh->queueing = FALSE;
06fadff5 9618 ssh->qhead = ssh->qtail = NULL;
e13bba36 9619 ssh->deferred_rekey_reason = NULL;
3d9449a1 9620 bufchain_init(&ssh->queued_incoming_data);
9621 ssh->frozen = FALSE;
4a693cfc 9622 ssh->username = NULL;
bc06669b 9623 ssh->sent_console_eof = FALSE;
4a202fc6 9624 ssh->got_pty = FALSE;
51470298 9625
9626 *backend_handle = ssh;
32874aea 9627
8f203108 9628#ifdef MSCRYPTOAPI
32874aea 9629 if (crypto_startup() == 0)
8f203108 9630 return "Microsoft high encryption pack not installed!";
9631#endif
374330e2 9632
51470298 9633 ssh->frontend = frontend_handle;
4a693cfc 9634 ssh->term_width = conf_get_int(ssh->conf, CONF_width);
9635 ssh->term_height = conf_get_int(ssh->conf, CONF_height);
887035a5 9636
fabd1805 9637 ssh->channels = NULL;
9638 ssh->rportfwds = NULL;
f47a5ffb 9639 ssh->portfwds = NULL;
fabd1805 9640
51470298 9641 ssh->send_ok = 0;
9642 ssh->editing = 0;
9643 ssh->echoing = 0;
ff68564b 9644 ssh->conn_throttle_count = 0;
51470298 9645 ssh->overall_bufsize = 0;
9646 ssh->fallback_cmd = 0;
8df7a775 9647
3648d4c5 9648 ssh->protocol = NULL;
9649
b09eaa88 9650 ssh->protocol_initial_phase_done = FALSE;
9651
39934deb 9652 ssh->pinger = NULL;
9653
9442dd57 9654 ssh->incoming_data_size = ssh->outgoing_data_size =
9655 ssh->deferred_data_size = 0L;
4a693cfc 9656 ssh->max_data_size = parse_blocksize(conf_get_str(ssh->conf,
9657 CONF_ssh_rekey_data));
9442dd57 9658 ssh->kex_in_progress = FALSE;
9659
1e00c92b 9660#ifndef NO_GSSAPI
9661 ssh->gsslibs = NULL;
9662#endif
9663
79bf227b 9664 p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
fb09bf1c 9665 if (p != NULL)
9666 return p;
374330e2 9667
5d17ccfc 9668 random_ref();
9669
374330e2 9670 return NULL;
9671}
9672
fabd1805 9673static void ssh_free(void *handle)
9674{
9675 Ssh ssh = (Ssh) handle;
9676 struct ssh_channel *c;
9677 struct ssh_rportfwd *pf;
9678
9679 if (ssh->v1_cipher_ctx)
9680 ssh->cipher->free_context(ssh->v1_cipher_ctx);
9681 if (ssh->cs_cipher_ctx)
9682 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
9683 if (ssh->sc_cipher_ctx)
9684 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
9685 if (ssh->cs_mac_ctx)
9686 ssh->csmac->free_context(ssh->cs_mac_ctx);
9687 if (ssh->sc_mac_ctx)
9688 ssh->scmac->free_context(ssh->sc_mac_ctx);
29b1d0b3 9689 if (ssh->cs_comp_ctx) {
9690 if (ssh->cscomp)
9691 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
9692 else
9693 zlib_compress_cleanup(ssh->cs_comp_ctx);
9694 }
9695 if (ssh->sc_comp_ctx) {
9696 if (ssh->sccomp)
9697 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
9698 else
9699 zlib_decompress_cleanup(ssh->sc_comp_ctx);
9700 }
fabd1805 9701 if (ssh->kex_ctx)
9702 dh_cleanup(ssh->kex_ctx);
9703 sfree(ssh->savedhost);
9704
590f6a5f 9705 while (ssh->queuelen-- > 0)
9706 ssh_free_packet(ssh->queue[ssh->queuelen]);
9707 sfree(ssh->queue);
9708
06fadff5 9709 while (ssh->qhead) {
9710 struct queued_handler *qh = ssh->qhead;
9711 ssh->qhead = qh->next;
9712 sfree(ssh->qhead);
9713 }
9714 ssh->qhead = ssh->qtail = NULL;
9715
fabd1805 9716 if (ssh->channels) {
9717 while ((c = delpos234(ssh->channels, 0)) != NULL) {
9718 switch (c->type) {
9719 case CHAN_X11:
9720 if (c->u.x11.s != NULL)
9721 x11_close(c->u.x11.s);
9722 break;
9723 case CHAN_SOCKDATA:
409eca86 9724 case CHAN_SOCKDATA_DORMANT:
fabd1805 9725 if (c->u.pfd.s != NULL)
9726 pfd_close(c->u.pfd.s);
9727 break;
9728 }
3620f307 9729 if (ssh->version == 2) {
9730 struct outstanding_channel_request *ocr, *nocr;
9731 ocr = c->v.v2.chanreq_head;
9732 while (ocr) {
9733 ocr->handler(c, NULL, ocr->ctx);
9734 nocr = ocr->next;
9735 sfree(ocr);
9736 ocr = nocr;
9737 }
9738 bufchain_clear(&c->v.v2.outbuffer);
9739 }
fabd1805 9740 sfree(c);
9741 }
9742 freetree234(ssh->channels);
cdb52705 9743 ssh->channels = NULL;
fabd1805 9744 }
9745
9746 if (ssh->rportfwds) {
9747 while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
8aea57fd 9748 free_rportfwd(pf);
fabd1805 9749 freetree234(ssh->rportfwds);
cdb52705 9750 ssh->rportfwds = NULL;
fabd1805 9751 }
9752 sfree(ssh->deferred_send_data);
8def70c3 9753 if (ssh->x11disp)
9754 x11_free_display(ssh->x11disp);
fabd1805 9755 sfree(ssh->do_ssh_init_state);
9756 sfree(ssh->do_ssh1_login_state);
9757 sfree(ssh->do_ssh2_transport_state);
9758 sfree(ssh->do_ssh2_authconn_state);
4320baf7 9759 sfree(ssh->v_c);
9760 sfree(ssh->v_s);
42af6a67 9761 sfree(ssh->fullhostname);
679539d7 9762 if (ssh->crcda_ctx) {
9763 crcda_free_context(ssh->crcda_ctx);
9764 ssh->crcda_ctx = NULL;
9765 }
fabd1805 9766 if (ssh->s)
ac934965 9767 ssh_do_close(ssh, TRUE);
9442dd57 9768 expire_timer_context(ssh);
39934deb 9769 if (ssh->pinger)
9770 pinger_free(ssh->pinger);
3d9449a1 9771 bufchain_clear(&ssh->queued_incoming_data);
4a693cfc 9772 sfree(ssh->username);
9773 conf_free(ssh->conf);
1e00c92b 9774#ifndef NO_GSSAPI
9775 if (ssh->gsslibs)
9776 ssh_gss_cleanup(ssh->gsslibs);
9777#endif
ee50e8b6 9778 sfree(ssh);
5d17ccfc 9779
9780 random_unref();
fabd1805 9781}
9782
374330e2 9783/*
86916870 9784 * Reconfigure the SSH backend.
86916870 9785 */
4a693cfc 9786static void ssh_reconfig(void *handle, Conf *conf)
86916870 9787{
9788 Ssh ssh = (Ssh) handle;
e13bba36 9789 char *rekeying = NULL, rekey_mandatory = FALSE;
e6c1536e 9790 unsigned long old_max_data_size;
4a693cfc 9791 int i, rekey_time;
e6c1536e 9792
4a693cfc 9793 pinger_reconfig(ssh->pinger, ssh->conf, conf);
3b6606c7 9794 if (ssh->portfwds)
4a693cfc 9795 ssh_setup_portfwd(ssh, conf);
e6c1536e 9796
4a693cfc 9797 rekey_time = conf_get_int(conf, CONF_ssh_rekey_time);
9798 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != rekey_time &&
9799 rekey_time != 0) {
9800 long new_next = ssh->last_rekey + rekey_time*60*TICKSPERSEC;
e6c1536e 9801 long now = GETTICKCOUNT();
9802
9803 if (new_next - now < 0) {
f382c87d 9804 rekeying = "timeout shortened";
e6c1536e 9805 } else {
9806 ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
9807 }
9808 }
9809
9810 old_max_data_size = ssh->max_data_size;
4a693cfc 9811 ssh->max_data_size = parse_blocksize(conf_get_str(ssh->conf,
9812 CONF_ssh_rekey_data));
e6c1536e 9813 if (old_max_data_size != ssh->max_data_size &&
9814 ssh->max_data_size != 0) {
9815 if (ssh->outgoing_data_size > ssh->max_data_size ||
9816 ssh->incoming_data_size > ssh->max_data_size)
f382c87d 9817 rekeying = "data limit lowered";
e6c1536e 9818 }
9819
4a693cfc 9820 if (conf_get_int(ssh->conf, CONF_compression) !=
9821 conf_get_int(conf, CONF_compression)) {
f382c87d 9822 rekeying = "compression setting changed";
e13bba36 9823 rekey_mandatory = TRUE;
9824 }
9825
4a693cfc 9826 for (i = 0; i < CIPHER_MAX; i++)
9827 if (conf_get_int_int(ssh->conf, CONF_ssh_cipherlist, i) !=
9828 conf_get_int_int(conf, CONF_ssh_cipherlist, i)) {
9829 rekeying = "cipher settings changed";
9830 rekey_mandatory = TRUE;
9831 }
9832 if (conf_get_int(ssh->conf, CONF_ssh2_des_cbc) !=
9833 conf_get_int(conf, CONF_ssh2_des_cbc)) {
f382c87d 9834 rekeying = "cipher settings changed";
e13bba36 9835 rekey_mandatory = TRUE;
e6c1536e 9836 }
9837
4a693cfc 9838 conf_free(ssh->conf);
9839 ssh->conf = conf_copy(conf);
9840 ssh_cache_conf_values(ssh);
e13bba36 9841
9842 if (rekeying) {
9843 if (!ssh->kex_in_progress) {
9844 do_ssh2_transport(ssh, rekeying, -1, NULL);
9845 } else if (rekey_mandatory) {
9846 ssh->deferred_rekey_reason = rekeying;
9847 }
9848 }
86916870 9849}
9850
9851/*
86dc445a 9852 * Called to send data down the SSH connection.
374330e2 9853 */
51470298 9854static int ssh_send(void *handle, char *buf, int len)
32874aea 9855{
51470298 9856 Ssh ssh = (Ssh) handle;
9857
9858 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
5471d09a 9859 return 0;
374330e2 9860
d8baa528 9861 ssh->protocol(ssh, (unsigned char *)buf, len, 0);
5471d09a 9862
51470298 9863 return ssh_sendbuffer(ssh);
5471d09a 9864}
9865
9866/*
9867 * Called to query the current amount of buffered stdin data.
9868 */
51470298 9869static int ssh_sendbuffer(void *handle)
5471d09a 9870{
51470298 9871 Ssh ssh = (Ssh) handle;
5471d09a 9872 int override_value;
9873
51470298 9874 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
5471d09a 9875 return 0;
9876
9877 /*
9878 * If the SSH socket itself has backed up, add the total backup
9879 * size on that to any individual buffer on the stdin channel.
9880 */
9881 override_value = 0;
51470298 9882 if (ssh->throttled_all)
9883 override_value = ssh->overall_bufsize;
5471d09a 9884
51470298 9885 if (ssh->version == 1) {
5471d09a 9886 return override_value;
51470298 9887 } else if (ssh->version == 2) {
bc06669b 9888 if (!ssh->mainchan)
5471d09a 9889 return override_value;
9890 else
51470298 9891 return (override_value +
9892 bufchain_size(&ssh->mainchan->v.v2.outbuffer));
5471d09a 9893 }
9894
9895 return 0;
374330e2 9896}
9897
9898/*
6e48c3fe 9899 * Called to set the size of the window from SSH's POV.
374330e2 9900 */
51470298 9901static void ssh_size(void *handle, int width, int height)
32874aea 9902{
51470298 9903 Ssh ssh = (Ssh) handle;
ff3187f6 9904 struct Packet *pktout;
51470298 9905
9906 ssh->term_width = width;
9907 ssh->term_height = height;
f278d6f8 9908
51470298 9909 switch (ssh->state) {
374330e2 9910 case SSH_STATE_BEFORE_SIZE:
3687d221 9911 case SSH_STATE_PREPACKET:
21248260 9912 case SSH_STATE_CLOSED:
374330e2 9913 break; /* do nothing */
9914 case SSH_STATE_INTERMED:
51470298 9915 ssh->size_needed = TRUE; /* buffer for later */
374330e2 9916 break;
9917 case SSH_STATE_SESSION:
4a693cfc 9918 if (!conf_get_int(ssh->conf, CONF_nopty)) {
51470298 9919 if (ssh->version == 1) {
9920 send_packet(ssh, SSH1_CMSG_WINDOW_SIZE,
9921 PKT_INT, ssh->term_height,
9922 PKT_INT, ssh->term_width,
32874aea 9923 PKT_INT, 0, PKT_INT, 0, PKT_END);
0ed48730 9924 } else if (ssh->mainchan) {
134f5ece 9925 pktout = ssh2_chanreq_init(ssh->mainchan, "window-change",
9926 NULL, NULL);
ff3187f6 9927 ssh2_pkt_adduint32(pktout, ssh->term_width);
9928 ssh2_pkt_adduint32(pktout, ssh->term_height);
9929 ssh2_pkt_adduint32(pktout, 0);
9930 ssh2_pkt_adduint32(pktout, 0);
9931 ssh2_pkt_send(ssh, pktout);
32874aea 9932 }
9933 }
9934 break;
374330e2 9935 }
9936}
9937
9938/*
125105d1 9939 * Return a list of the special codes that make sense in this
9940 * protocol.
9941 */
9942static const struct telnet_special *ssh_get_specials(void *handle)
9943{
786ba75e 9944 static const struct telnet_special ssh1_ignore_special[] = {
9945 {"IGNORE message", TS_NOP}
9946 };
cf6ddb95 9947 static const struct telnet_special ssh2_ignore_special[] = {
62638676 9948 {"IGNORE message", TS_NOP},
cf6ddb95 9949 };
9950 static const struct telnet_special ssh2_rekey_special[] = {
9442dd57 9951 {"Repeat key exchange", TS_REKEY},
62638676 9952 };
9953 static const struct telnet_special ssh2_session_specials[] = {
6f2d0cde 9954 {NULL, TS_SEP},
9955 {"Break", TS_BRK},
bccbeb71 9956 /* These are the signal names defined by RFC 4254.
6f2d0cde 9957 * They include all the ISO C signals, but are a subset of the POSIX
9958 * required signals. */
9959 {"SIGINT (Interrupt)", TS_SIGINT},
9960 {"SIGTERM (Terminate)", TS_SIGTERM},
9961 {"SIGKILL (Kill)", TS_SIGKILL},
9962 {"SIGQUIT (Quit)", TS_SIGQUIT},
9963 {"SIGHUP (Hangup)", TS_SIGHUP},
9964 {"More signals", TS_SUBMENU},
9965 {"SIGABRT", TS_SIGABRT}, {"SIGALRM", TS_SIGALRM},
9966 {"SIGFPE", TS_SIGFPE}, {"SIGILL", TS_SIGILL},
9967 {"SIGPIPE", TS_SIGPIPE}, {"SIGSEGV", TS_SIGSEGV},
9968 {"SIGUSR1", TS_SIGUSR1}, {"SIGUSR2", TS_SIGUSR2},
9969 {NULL, TS_EXITMENU}
62638676 9970 };
9971 static const struct telnet_special specials_end[] = {
6f2d0cde 9972 {NULL, TS_EXITMENU}
62638676 9973 };
786ba75e 9974 /* XXX review this length for any changes: */
cf6ddb95 9975 static struct telnet_special ssh_specials[lenof(ssh2_ignore_special) +
9976 lenof(ssh2_rekey_special) +
62638676 9977 lenof(ssh2_session_specials) +
9978 lenof(specials_end)];
125105d1 9979 Ssh ssh = (Ssh) handle;
62638676 9980 int i = 0;
9981#define ADD_SPECIALS(name) \
9982 do { \
9983 assert((i + lenof(name)) <= lenof(ssh_specials)); \
9984 memcpy(&ssh_specials[i], name, sizeof name); \
9985 i += lenof(name); \
9986 } while(0)
125105d1 9987
9988 if (ssh->version == 1) {
62638676 9989 /* Don't bother offering IGNORE if we've decided the remote
9990 * won't cope with it, since we wouldn't bother sending it if
9991 * asked anyway. */
9992 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
786ba75e 9993 ADD_SPECIALS(ssh1_ignore_special);
125105d1 9994 } else if (ssh->version == 2) {
cf6ddb95 9995 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE))
9996 ADD_SPECIALS(ssh2_ignore_special);
9997 if (!(ssh->remote_bugs & BUG_SSH2_REKEY))
9998 ADD_SPECIALS(ssh2_rekey_special);
62638676 9999 if (ssh->mainchan)
10000 ADD_SPECIALS(ssh2_session_specials);
10001 } /* else we're not ready yet */
10002
10003 if (i) {
10004 ADD_SPECIALS(specials_end);
10005 return ssh_specials;
10006 } else {
125105d1 10007 return NULL;
62638676 10008 }
10009#undef ADD_SPECIALS
125105d1 10010}
10011
10012/*
86dc445a 10013 * Send special codes. TS_EOF is useful for `plink', so you
6abbf9e3 10014 * can send an EOF and collect resulting output (e.g. `plink
10015 * hostname sort').
374330e2 10016 */
51470298 10017static void ssh_special(void *handle, Telnet_Special code)
32874aea 10018{
51470298 10019 Ssh ssh = (Ssh) handle;
ff3187f6 10020 struct Packet *pktout;
51470298 10021
6abbf9e3 10022 if (code == TS_EOF) {
51470298 10023 if (ssh->state != SSH_STATE_SESSION) {
32874aea 10024 /*
10025 * Buffer the EOF in case we are pre-SESSION, so we can
10026 * send it as soon as we reach SESSION.
10027 */
10028 if (code == TS_EOF)
51470298 10029 ssh->eof_needed = TRUE;
32874aea 10030 return;
10031 }
51470298 10032 if (ssh->version == 1) {
10033 send_packet(ssh, SSH1_CMSG_EOF, PKT_END);
0ed48730 10034 } else if (ssh->mainchan) {
bc06669b 10035 sshfwd_write_eof(ssh->mainchan);
00a0b113 10036 ssh->send_ok = 0; /* now stop trying to read from stdin */
32874aea 10037 }
10038 logevent("Sent EOF message");
125105d1 10039 } else if (code == TS_PING || code == TS_NOP) {
51470298 10040 if (ssh->state == SSH_STATE_CLOSED
10041 || ssh->state == SSH_STATE_PREPACKET) return;
10042 if (ssh->version == 1) {
10043 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
10044 send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
32874aea 10045 } else {
cf6ddb95 10046 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
10047 pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
10048 ssh2_pkt_addstring_start(pktout);
10049 ssh2_pkt_send_noqueue(ssh, pktout);
10050 }
32874aea 10051 }
9442dd57 10052 } else if (code == TS_REKEY) {
10053 if (!ssh->kex_in_progress && ssh->version == 2) {
f382c87d 10054 do_ssh2_transport(ssh, "at user request", -1, NULL);
9442dd57 10055 }
125105d1 10056 } else if (code == TS_BRK) {
10057 if (ssh->state == SSH_STATE_CLOSED
10058 || ssh->state == SSH_STATE_PREPACKET) return;
10059 if (ssh->version == 1) {
2e85c969 10060 logevent("Unable to send BREAK signal in SSH-1");
0ed48730 10061 } else if (ssh->mainchan) {
134f5ece 10062 pktout = ssh2_chanreq_init(ssh->mainchan, "break", NULL, NULL);
ff3187f6 10063 ssh2_pkt_adduint32(pktout, 0); /* default break length */
10064 ssh2_pkt_send(ssh, pktout);
125105d1 10065 }
6abbf9e3 10066 } else {
6f2d0cde 10067 /* Is is a POSIX signal? */
10068 char *signame = NULL;
10069 if (code == TS_SIGABRT) signame = "ABRT";
10070 if (code == TS_SIGALRM) signame = "ALRM";
10071 if (code == TS_SIGFPE) signame = "FPE";
10072 if (code == TS_SIGHUP) signame = "HUP";
10073 if (code == TS_SIGILL) signame = "ILL";
10074 if (code == TS_SIGINT) signame = "INT";
10075 if (code == TS_SIGKILL) signame = "KILL";
10076 if (code == TS_SIGPIPE) signame = "PIPE";
10077 if (code == TS_SIGQUIT) signame = "QUIT";
10078 if (code == TS_SIGSEGV) signame = "SEGV";
10079 if (code == TS_SIGTERM) signame = "TERM";
10080 if (code == TS_SIGUSR1) signame = "USR1";
10081 if (code == TS_SIGUSR2) signame = "USR2";
10082 /* The SSH-2 protocol does in principle support arbitrary named
10083 * signals, including signame@domain, but we don't support those. */
10084 if (signame) {
10085 /* It's a signal. */
10086 if (ssh->version == 2 && ssh->mainchan) {
134f5ece 10087 pktout = ssh2_chanreq_init(ssh->mainchan, "signal", NULL, NULL);
ff3187f6 10088 ssh2_pkt_addstring(pktout, signame);
10089 ssh2_pkt_send(ssh, pktout);
6f2d0cde 10090 logeventf(ssh, "Sent signal SIG%s", signame);
10091 }
10092 } else {
10093 /* Never heard of it. Do nothing */
10094 }
6abbf9e3 10095 }
374330e2 10096}
10097
51470298 10098void *new_sock_channel(void *handle, Socket s)
d74d141c 10099{
51470298 10100 Ssh ssh = (Ssh) handle;
d74d141c 10101 struct ssh_channel *c;
3d88e64d 10102 c = snew(struct ssh_channel);
d74d141c 10103
70c0cbe1 10104 c->ssh = ssh;
10105 ssh2_channel_init(c);
10106 c->halfopen = TRUE;
10107 c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */
10108 c->u.pfd.s = s;
10109 add234(ssh->channels, c);
d74d141c 10110 return c;
10111}
10112
5471d09a 10113/*
10114 * This is called when stdout/stderr (the entity to which
10115 * from_backend sends data) manages to clear some backlog.
10116 */
ae9ae89f 10117static void ssh_unthrottle(void *handle, int bufsize)
5471d09a 10118{
51470298 10119 Ssh ssh = (Ssh) handle;
ff68564b 10120 int buflimit;
10121
51470298 10122 if (ssh->version == 1) {
10123 if (ssh->v1_stdout_throttling && bufsize < SSH1_BUFFER_LIMIT) {
10124 ssh->v1_stdout_throttling = 0;
ff68564b 10125 ssh_throttle_conn(ssh, -1);
5471d09a 10126 }
10127 } else {
ff68564b 10128 if (ssh->mainchan) {
ab87bf1d 10129 ssh2_set_window(ssh->mainchan,
ff68564b 10130 bufsize < ssh->mainchan->v.v2.locmaxwin ?
10131 ssh->mainchan->v.v2.locmaxwin - bufsize : 0);
4a693cfc 10132 if (conf_get_int(ssh->conf, CONF_ssh_simple))
ff68564b 10133 buflimit = 0;
10134 else
10135 buflimit = ssh->mainchan->v.v2.locmaxwin;
10136 if (ssh->mainchan->throttling_conn && bufsize <= buflimit) {
10137 ssh->mainchan->throttling_conn = 0;
10138 ssh_throttle_conn(ssh, -1);
10139 }
10140 }
5471d09a 10141 }
78e71de1 10142
10143 /*
10144 * Now process any SSH connection data that was stashed in our
10145 * queue while we were frozen.
10146 */
10147 ssh_process_queued_incoming_data(ssh);
5471d09a 10148}
10149
6b78788a 10150void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
d74d141c 10151{
10152 struct ssh_channel *c = (struct ssh_channel *)channel;
6b78788a 10153 Ssh ssh = c->ssh;
ff3187f6 10154 struct Packet *pktout;
d74d141c 10155
57356d63 10156 logeventf(ssh, "Opening forwarded connection to %s:%d", hostname, port);
d74d141c 10157
51470298 10158 if (ssh->version == 1) {
10159 send_packet(ssh, SSH1_MSG_PORT_OPEN,
bc240b21 10160 PKT_INT, c->localid,
10161 PKT_STR, hostname,
10162 PKT_INT, port,
31fb1866 10163 /* PKT_STR, <org:orgport>, */
bc240b21 10164 PKT_END);
10165 } else {
ff3187f6 10166 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
10167 ssh2_pkt_addstring(pktout, "direct-tcpip");
10168 ssh2_pkt_adduint32(pktout, c->localid);
ff3187f6 10169 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);/* our window size */
954d5c5a 10170 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
ff3187f6 10171 ssh2_pkt_addstring(pktout, hostname);
10172 ssh2_pkt_adduint32(pktout, port);
bc240b21 10173 /*
10174 * We make up values for the originator data; partly it's
10175 * too much hassle to keep track, and partly I'm not
10176 * convinced the server should be told details like that
10177 * about my local network configuration.
1f182589 10178 * The "originator IP address" is syntactically a numeric
10179 * IP address, and some servers (e.g., Tectia) get upset
10180 * if it doesn't match this syntax.
bc240b21 10181 */
1f182589 10182 ssh2_pkt_addstring(pktout, "0.0.0.0");
ff3187f6 10183 ssh2_pkt_adduint32(pktout, 0);
10184 ssh2_pkt_send(ssh, pktout);
bc240b21 10185 }
d74d141c 10186}
10187
6226c939 10188static int ssh_connected(void *handle)
32874aea 10189{
51470298 10190 Ssh ssh = (Ssh) handle;
6226c939 10191 return ssh->s != NULL;
32874aea 10192}
8ccc75b0 10193
51470298 10194static int ssh_sendok(void *handle)
32874aea 10195{
51470298 10196 Ssh ssh = (Ssh) handle;
10197 return ssh->send_ok;
32874aea 10198}
fb09bf1c 10199
51470298 10200static int ssh_ldisc(void *handle, int option)
32874aea 10201{
51470298 10202 Ssh ssh = (Ssh) handle;
32874aea 10203 if (option == LD_ECHO)
51470298 10204 return ssh->echoing;
32874aea 10205 if (option == LD_EDIT)
51470298 10206 return ssh->editing;
0965bee0 10207 return FALSE;
10208}
10209
b9d7bcad 10210static void ssh_provide_ldisc(void *handle, void *ldisc)
10211{
10212 Ssh ssh = (Ssh) handle;
10213 ssh->ldisc = ldisc;
10214}
10215
a8327734 10216static void ssh_provide_logctx(void *handle, void *logctx)
10217{
10218 Ssh ssh = (Ssh) handle;
10219 ssh->logctx = logctx;
10220}
10221
51470298 10222static int ssh_return_exitcode(void *handle)
10223{
10224 Ssh ssh = (Ssh) handle;
3bb2f322 10225 if (ssh->s != NULL)
10226 return -1;
10227 else
3c112d53 10228 return (ssh->exitcode >= 0 ? ssh->exitcode : INT_MAX);
51470298 10229}
10230
10231/*
f89c3294 10232 * cfg_info for SSH is the currently running version of the
10233 * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
10234 */
10235static int ssh_cfg_info(void *handle)
10236{
10237 Ssh ssh = (Ssh) handle;
10238 return ssh->version;
10239}
10240
10241/*
51470298 10242 * Gross hack: pscp will try to start SFTP but fall back to scp1 if
10243 * that fails. This variable is the means by which scp.c can reach
10244 * into the SSH code and find out which one it got.
10245 */
10246extern int ssh_fallback_cmd(void *handle)
d8d6c7e5 10247{
51470298 10248 Ssh ssh = (Ssh) handle;
10249 return ssh->fallback_cmd;
d8d6c7e5 10250}
10251
374330e2 10252Backend ssh_backend = {
10253 ssh_init,
fabd1805 10254 ssh_free,
86916870 10255 ssh_reconfig,
374330e2 10256 ssh_send,
5471d09a 10257 ssh_sendbuffer,
374330e2 10258 ssh_size,
4017be6d 10259 ssh_special,
125105d1 10260 ssh_get_specials,
6226c939 10261 ssh_connected,
d8d6c7e5 10262 ssh_return_exitcode,
97db3be4 10263 ssh_sendok,
0965bee0 10264 ssh_ldisc,
b9d7bcad 10265 ssh_provide_ldisc,
a8327734 10266 ssh_provide_logctx,
5471d09a 10267 ssh_unthrottle,
f89c3294 10268 ssh_cfg_info,
9e164d82 10269 "ssh",
10270 PROT_SSH,
97db3be4 10271 22
bc240b21 10272};
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator