projects / u / mdw / putty / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Revamp of EOF handling in all network connections, pipes and other
[u/mdw/putty] / ssh.c
1 /*
2 * SSH backend.
3 */
4
5 #include <stdio.h>
6 #include <stdlib.h>
7 #include <stdarg.h>
8 #include <assert.h>
9 #include <limits.h>
10 #include <signal.h>
11
12 #include "putty.h"
13 #include "tree234.h"
14 #include "ssh.h"
15 #ifndef NO_GSSAPI
16 #include "sshgssc.h"
17 #include "sshgss.h"
18 #endif
19
20 #ifndef FALSE
21 #define FALSE 0
22 #endif
23 #ifndef TRUE
24 #define TRUE 1
25 #endif
26
27 #define SSH1_MSG_DISCONNECT 1 /* 0x1 */
28 #define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */
29 #define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */
30 #define SSH1_CMSG_USER 4 /* 0x4 */
31 #define SSH1_CMSG_AUTH_RSA 6 /* 0x6 */
32 #define SSH1_SMSG_AUTH_RSA_CHALLENGE 7 /* 0x7 */
33 #define SSH1_CMSG_AUTH_RSA_RESPONSE 8 /* 0x8 */
34 #define SSH1_CMSG_AUTH_PASSWORD 9 /* 0x9 */
35 #define SSH1_CMSG_REQUEST_PTY 10 /* 0xa */
36 #define SSH1_CMSG_WINDOW_SIZE 11 /* 0xb */
37 #define SSH1_CMSG_EXEC_SHELL 12 /* 0xc */
38 #define SSH1_CMSG_EXEC_CMD 13 /* 0xd */
39 #define SSH1_SMSG_SUCCESS 14 /* 0xe */
40 #define SSH1_SMSG_FAILURE 15 /* 0xf */
41 #define SSH1_CMSG_STDIN_DATA 16 /* 0x10 */
42 #define SSH1_SMSG_STDOUT_DATA 17 /* 0x11 */
43 #define SSH1_SMSG_STDERR_DATA 18 /* 0x12 */
44 #define SSH1_CMSG_EOF 19 /* 0x13 */
45 #define SSH1_SMSG_EXIT_STATUS 20 /* 0x14 */
46 #define SSH1_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* 0x15 */
47 #define SSH1_MSG_CHANNEL_OPEN_FAILURE 22 /* 0x16 */
48 #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */
49 #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */
50 #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */
51 #define SSH1_SMSG_X11_OPEN 27 /* 0x1b */
52 #define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */
53 #define SSH1_MSG_PORT_OPEN 29 /* 0x1d */
54 #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */
55 #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */
56 #define SSH1_MSG_IGNORE 32 /* 0x20 */
57 #define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */
58 #define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */
59 #define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */
60 #define SSH1_MSG_DEBUG 36 /* 0x24 */
61 #define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */
62 #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */
63 #define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */
64 #define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */
65 #define SSH1_CMSG_AUTH_CCARD 70 /* 0x46 */
66 #define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71 /* 0x47 */
67 #define SSH1_CMSG_AUTH_CCARD_RESPONSE 72 /* 0x48 */
68
69 #define SSH1_AUTH_RHOSTS 1 /* 0x1 */
70 #define SSH1_AUTH_RSA 2 /* 0x2 */
71 #define SSH1_AUTH_PASSWORD 3 /* 0x3 */
72 #define SSH1_AUTH_RHOSTS_RSA 4 /* 0x4 */
73 #define SSH1_AUTH_TIS 5 /* 0x5 */
74 #define SSH1_AUTH_CCARD 16 /* 0x10 */
75
76 #define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
77 /* Mask for protoflags we will echo back to server if seen */
78 #define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
79
80 #define SSH2_MSG_DISCONNECT 1 /* 0x1 */
81 #define SSH2_MSG_IGNORE 2 /* 0x2 */
82 #define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
83 #define SSH2_MSG_DEBUG 4 /* 0x4 */
84 #define SSH2_MSG_SERVICE_REQUEST 5 /* 0x5 */
85 #define SSH2_MSG_SERVICE_ACCEPT 6 /* 0x6 */
86 #define SSH2_MSG_KEXINIT 20 /* 0x14 */
87 #define SSH2_MSG_NEWKEYS 21 /* 0x15 */
88 #define SSH2_MSG_KEXDH_INIT 30 /* 0x1e */
89 #define SSH2_MSG_KEXDH_REPLY 31 /* 0x1f */
90 #define SSH2_MSG_KEX_DH_GEX_REQUEST 30 /* 0x1e */
91 #define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
92 #define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
93 #define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
94 #define SSH2_MSG_KEXRSA_PUBKEY 30 /* 0x1e */
95 #define SSH2_MSG_KEXRSA_SECRET 31 /* 0x1f */
96 #define SSH2_MSG_KEXRSA_DONE 32 /* 0x20 */
97 #define SSH2_MSG_USERAUTH_REQUEST 50 /* 0x32 */
98 #define SSH2_MSG_USERAUTH_FAILURE 51 /* 0x33 */
99 #define SSH2_MSG_USERAUTH_SUCCESS 52 /* 0x34 */
100 #define SSH2_MSG_USERAUTH_BANNER 53 /* 0x35 */
101 #define SSH2_MSG_USERAUTH_PK_OK 60 /* 0x3c */
102 #define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 /* 0x3c */
103 #define SSH2_MSG_USERAUTH_INFO_REQUEST 60 /* 0x3c */
104 #define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 /* 0x3d */
105 #define SSH2_MSG_GLOBAL_REQUEST 80 /* 0x50 */
106 #define SSH2_MSG_REQUEST_SUCCESS 81 /* 0x51 */
107 #define SSH2_MSG_REQUEST_FAILURE 82 /* 0x52 */
108 #define SSH2_MSG_CHANNEL_OPEN 90 /* 0x5a */
109 #define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 /* 0x5b */
110 #define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 /* 0x5c */
111 #define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 /* 0x5d */
112 #define SSH2_MSG_CHANNEL_DATA 94 /* 0x5e */
113 #define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 /* 0x5f */
114 #define SSH2_MSG_CHANNEL_EOF 96 /* 0x60 */
115 #define SSH2_MSG_CHANNEL_CLOSE 97 /* 0x61 */
116 #define SSH2_MSG_CHANNEL_REQUEST 98 /* 0x62 */
117 #define SSH2_MSG_CHANNEL_SUCCESS 99 /* 0x63 */
118 #define SSH2_MSG_CHANNEL_FAILURE 100 /* 0x64 */
119 #define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
120 #define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
121 #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
122 #define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
123 #define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
124 #define SSH2_MSG_USERAUTH_GSSAPI_MIC 66
125
126 /*
127 * Packet type contexts, so that ssh2_pkt_type can correctly decode
128 * the ambiguous type numbers back into the correct type strings.
129 */
130 typedef enum {
131 SSH2_PKTCTX_NOKEX,
132 SSH2_PKTCTX_DHGROUP,
133 SSH2_PKTCTX_DHGEX,
134 SSH2_PKTCTX_RSAKEX
135 } Pkt_KCtx;
136 typedef enum {
137 SSH2_PKTCTX_NOAUTH,
138 SSH2_PKTCTX_PUBLICKEY,
139 SSH2_PKTCTX_PASSWORD,
140 SSH2_PKTCTX_GSSAPI,
141 SSH2_PKTCTX_KBDINTER
142 } Pkt_ACtx;
143
144 #define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
145 #define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
146 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
147 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
148 #define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
149 #define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
150 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
151 #define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
152 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
153 #define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
154 #define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
155 #define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
156 #define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
157 #define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
158 #define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
159
160 static const char *const ssh2_disconnect_reasons[] = {
161 NULL,
162 "host not allowed to connect",
163 "protocol error",
164 "key exchange failed",
165 "host authentication failed",
166 "MAC error",
167 "compression error",
168 "service not available",
169 "protocol version not supported",
170 "host key not verifiable",
171 "connection lost",
172 "by application",
173 "too many connections",
174 "auth cancelled by user",
175 "no more auth methods available",
176 "illegal user name",
177 };
178
179 #define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
180 #define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
181 #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
182 #define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
183
184 #define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
185
186 /*
187 * Various remote-bug flags.
188 */
189 #define BUG_CHOKES_ON_SSH1_IGNORE 1
190 #define BUG_SSH2_HMAC 2
191 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
192 #define BUG_CHOKES_ON_RSA 8
193 #define BUG_SSH2_RSA_PADDING 16
194 #define BUG_SSH2_DERIVEKEY 32
195 #define BUG_SSH2_REKEY 64
196 #define BUG_SSH2_PK_SESSIONID 128
197 #define BUG_SSH2_MAXPKT 256
198 #define BUG_CHOKES_ON_SSH2_IGNORE 512
199
200 /*
201 * Codes for terminal modes.
202 * Most of these are the same in SSH-1 and SSH-2.
203 * This list is derived from RFC 4254 and
204 * SSH-1 RFC-1.2.31.
205 */
206 static const struct {
207 const char* const mode;
208 int opcode;
209 enum { TTY_OP_CHAR, TTY_OP_BOOL } type;
210 } ssh_ttymodes[] = {
211 /* "V" prefix discarded for special characters relative to SSH specs */
212 { "INTR", 1, TTY_OP_CHAR },
213 { "QUIT", 2, TTY_OP_CHAR },
214 { "ERASE", 3, TTY_OP_CHAR },
215 { "KILL", 4, TTY_OP_CHAR },
216 { "EOF", 5, TTY_OP_CHAR },
217 { "EOL", 6, TTY_OP_CHAR },
218 { "EOL2", 7, TTY_OP_CHAR },
219 { "START", 8, TTY_OP_CHAR },
220 { "STOP", 9, TTY_OP_CHAR },
221 { "SUSP", 10, TTY_OP_CHAR },
222 { "DSUSP", 11, TTY_OP_CHAR },
223 { "REPRINT", 12, TTY_OP_CHAR },
224 { "WERASE", 13, TTY_OP_CHAR },
225 { "LNEXT", 14, TTY_OP_CHAR },
226 { "FLUSH", 15, TTY_OP_CHAR },
227 { "SWTCH", 16, TTY_OP_CHAR },
228 { "STATUS", 17, TTY_OP_CHAR },
229 { "DISCARD", 18, TTY_OP_CHAR },
230 { "IGNPAR", 30, TTY_OP_BOOL },
231 { "PARMRK", 31, TTY_OP_BOOL },
232 { "INPCK", 32, TTY_OP_BOOL },
233 { "ISTRIP", 33, TTY_OP_BOOL },
234 { "INLCR", 34, TTY_OP_BOOL },
235 { "IGNCR", 35, TTY_OP_BOOL },
236 { "ICRNL", 36, TTY_OP_BOOL },
237 { "IUCLC", 37, TTY_OP_BOOL },
238 { "IXON", 38, TTY_OP_BOOL },
239 { "IXANY", 39, TTY_OP_BOOL },
240 { "IXOFF", 40, TTY_OP_BOOL },
241 { "IMAXBEL", 41, TTY_OP_BOOL },
242 { "ISIG", 50, TTY_OP_BOOL },
243 { "ICANON", 51, TTY_OP_BOOL },
244 { "XCASE", 52, TTY_OP_BOOL },
245 { "ECHO", 53, TTY_OP_BOOL },
246 { "ECHOE", 54, TTY_OP_BOOL },
247 { "ECHOK", 55, TTY_OP_BOOL },
248 { "ECHONL", 56, TTY_OP_BOOL },
249 { "NOFLSH", 57, TTY_OP_BOOL },
250 { "TOSTOP", 58, TTY_OP_BOOL },
251 { "IEXTEN", 59, TTY_OP_BOOL },
252 { "ECHOCTL", 60, TTY_OP_BOOL },
253 { "ECHOKE", 61, TTY_OP_BOOL },
254 { "PENDIN", 62, TTY_OP_BOOL }, /* XXX is this a real mode? */
255 { "OPOST", 70, TTY_OP_BOOL },
256 { "OLCUC", 71, TTY_OP_BOOL },
257 { "ONLCR", 72, TTY_OP_BOOL },
258 { "OCRNL", 73, TTY_OP_BOOL },
259 { "ONOCR", 74, TTY_OP_BOOL },
260 { "ONLRET", 75, TTY_OP_BOOL },
261 { "CS7", 90, TTY_OP_BOOL },
262 { "CS8", 91, TTY_OP_BOOL },
263 { "PARENB", 92, TTY_OP_BOOL },
264 { "PARODD", 93, TTY_OP_BOOL }
265 };
266
267 /* Miscellaneous other tty-related constants. */
268 #define SSH_TTY_OP_END 0
269 /* The opcodes for ISPEED/OSPEED differ between SSH-1 and SSH-2. */
270 #define SSH1_TTY_OP_ISPEED 192
271 #define SSH1_TTY_OP_OSPEED 193
272 #define SSH2_TTY_OP_ISPEED 128
273 #define SSH2_TTY_OP_OSPEED 129
274
275 /* Helper functions for parsing tty-related config. */
276 static unsigned int ssh_tty_parse_specchar(char *s)
277 {
278 unsigned int ret;
279 if (*s) {
280 char *next = NULL;
281 ret = ctrlparse(s, &next);
282 if (!next) ret = s[0];
283 } else {
284 ret = 255; /* special value meaning "don't set" */
285 }
286 return ret;
287 }
288 static unsigned int ssh_tty_parse_boolean(char *s)
289 {
290 if (stricmp(s, "yes") == 0 ||
291 stricmp(s, "on") == 0 ||
292 stricmp(s, "true") == 0 ||
293 stricmp(s, "+") == 0)
294 return 1; /* true */
295 else if (stricmp(s, "no") == 0 ||
296 stricmp(s, "off") == 0 ||
297 stricmp(s, "false") == 0 ||
298 stricmp(s, "-") == 0)
299 return 0; /* false */
300 else
301 return (atoi(s) != 0);
302 }
303
304 #define translate(x) if (type == x) return #x
305 #define translatek(x,ctx) if (type == x && (pkt_kctx == ctx)) return #x
306 #define translatea(x,ctx) if (type == x && (pkt_actx == ctx)) return #x
307 static char *ssh1_pkt_type(int type)
308 {
309 translate(SSH1_MSG_DISCONNECT);
310 translate(SSH1_SMSG_PUBLIC_KEY);
311 translate(SSH1_CMSG_SESSION_KEY);
312 translate(SSH1_CMSG_USER);
313 translate(SSH1_CMSG_AUTH_RSA);
314 translate(SSH1_SMSG_AUTH_RSA_CHALLENGE);
315 translate(SSH1_CMSG_AUTH_RSA_RESPONSE);
316 translate(SSH1_CMSG_AUTH_PASSWORD);
317 translate(SSH1_CMSG_REQUEST_PTY);
318 translate(SSH1_CMSG_WINDOW_SIZE);
319 translate(SSH1_CMSG_EXEC_SHELL);
320 translate(SSH1_CMSG_EXEC_CMD);
321 translate(SSH1_SMSG_SUCCESS);
322 translate(SSH1_SMSG_FAILURE);
323 translate(SSH1_CMSG_STDIN_DATA);
324 translate(SSH1_SMSG_STDOUT_DATA);
325 translate(SSH1_SMSG_STDERR_DATA);
326 translate(SSH1_CMSG_EOF);
327 translate(SSH1_SMSG_EXIT_STATUS);
328 translate(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION);
329 translate(SSH1_MSG_CHANNEL_OPEN_FAILURE);
330 translate(SSH1_MSG_CHANNEL_DATA);
331 translate(SSH1_MSG_CHANNEL_CLOSE);
332 translate(SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION);
333 translate(SSH1_SMSG_X11_OPEN);
334 translate(SSH1_CMSG_PORT_FORWARD_REQUEST);
335 translate(SSH1_MSG_PORT_OPEN);
336 translate(SSH1_CMSG_AGENT_REQUEST_FORWARDING);
337 translate(SSH1_SMSG_AGENT_OPEN);
338 translate(SSH1_MSG_IGNORE);
339 translate(SSH1_CMSG_EXIT_CONFIRMATION);
340 translate(SSH1_CMSG_X11_REQUEST_FORWARDING);
341 translate(SSH1_CMSG_AUTH_RHOSTS_RSA);
342 translate(SSH1_MSG_DEBUG);
343 translate(SSH1_CMSG_REQUEST_COMPRESSION);
344 translate(SSH1_CMSG_AUTH_TIS);
345 translate(SSH1_SMSG_AUTH_TIS_CHALLENGE);
346 translate(SSH1_CMSG_AUTH_TIS_RESPONSE);
347 translate(SSH1_CMSG_AUTH_CCARD);
348 translate(SSH1_SMSG_AUTH_CCARD_CHALLENGE);
349 translate(SSH1_CMSG_AUTH_CCARD_RESPONSE);
350 return "unknown";
351 }
352 static char *ssh2_pkt_type(Pkt_KCtx pkt_kctx, Pkt_ACtx pkt_actx, int type)
353 {
354 translatea(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE,SSH2_PKTCTX_GSSAPI);
355 translatea(SSH2_MSG_USERAUTH_GSSAPI_TOKEN,SSH2_PKTCTX_GSSAPI);
356 translatea(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,SSH2_PKTCTX_GSSAPI);
357 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERROR,SSH2_PKTCTX_GSSAPI);
358 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK,SSH2_PKTCTX_GSSAPI);
359 translatea(SSH2_MSG_USERAUTH_GSSAPI_MIC, SSH2_PKTCTX_GSSAPI);
360 translate(SSH2_MSG_DISCONNECT);
361 translate(SSH2_MSG_IGNORE);
362 translate(SSH2_MSG_UNIMPLEMENTED);
363 translate(SSH2_MSG_DEBUG);
364 translate(SSH2_MSG_SERVICE_REQUEST);
365 translate(SSH2_MSG_SERVICE_ACCEPT);
366 translate(SSH2_MSG_KEXINIT);
367 translate(SSH2_MSG_NEWKEYS);
368 translatek(SSH2_MSG_KEXDH_INIT, SSH2_PKTCTX_DHGROUP);
369 translatek(SSH2_MSG_KEXDH_REPLY, SSH2_PKTCTX_DHGROUP);
370 translatek(SSH2_MSG_KEX_DH_GEX_REQUEST, SSH2_PKTCTX_DHGEX);
371 translatek(SSH2_MSG_KEX_DH_GEX_GROUP, SSH2_PKTCTX_DHGEX);
372 translatek(SSH2_MSG_KEX_DH_GEX_INIT, SSH2_PKTCTX_DHGEX);
373 translatek(SSH2_MSG_KEX_DH_GEX_REPLY, SSH2_PKTCTX_DHGEX);
374 translatek(SSH2_MSG_KEXRSA_PUBKEY, SSH2_PKTCTX_RSAKEX);
375 translatek(SSH2_MSG_KEXRSA_SECRET, SSH2_PKTCTX_RSAKEX);
376 translatek(SSH2_MSG_KEXRSA_DONE, SSH2_PKTCTX_RSAKEX);
377 translate(SSH2_MSG_USERAUTH_REQUEST);
378 translate(SSH2_MSG_USERAUTH_FAILURE);
379 translate(SSH2_MSG_USERAUTH_SUCCESS);
380 translate(SSH2_MSG_USERAUTH_BANNER);
381 translatea(SSH2_MSG_USERAUTH_PK_OK, SSH2_PKTCTX_PUBLICKEY);
382 translatea(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, SSH2_PKTCTX_PASSWORD);
383 translatea(SSH2_MSG_USERAUTH_INFO_REQUEST, SSH2_PKTCTX_KBDINTER);
384 translatea(SSH2_MSG_USERAUTH_INFO_RESPONSE, SSH2_PKTCTX_KBDINTER);
385 translate(SSH2_MSG_GLOBAL_REQUEST);
386 translate(SSH2_MSG_REQUEST_SUCCESS);
387 translate(SSH2_MSG_REQUEST_FAILURE);
388 translate(SSH2_MSG_CHANNEL_OPEN);
389 translate(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
390 translate(SSH2_MSG_CHANNEL_OPEN_FAILURE);
391 translate(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
392 translate(SSH2_MSG_CHANNEL_DATA);
393 translate(SSH2_MSG_CHANNEL_EXTENDED_DATA);
394 translate(SSH2_MSG_CHANNEL_EOF);
395 translate(SSH2_MSG_CHANNEL_CLOSE);
396 translate(SSH2_MSG_CHANNEL_REQUEST);
397 translate(SSH2_MSG_CHANNEL_SUCCESS);
398 translate(SSH2_MSG_CHANNEL_FAILURE);
399 return "unknown";
400 }
401 #undef translate
402 #undef translatec
403
404 /* Enumeration values for fields in SSH-1 packets */
405 enum {
406 PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM,
407 /* These values are for communicating relevant semantics of
408 * fields to the packet logging code. */
409 PKTT_OTHER, PKTT_PASSWORD, PKTT_DATA
410 };
411
412 /*
413 * Coroutine mechanics for the sillier bits of the code. If these
414 * macros look impenetrable to you, you might find it helpful to
415 * read
416 *
417 * http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
418 *
419 * which explains the theory behind these macros.
420 *
421 * In particular, if you are getting `case expression not constant'
422 * errors when building with MS Visual Studio, this is because MS's
423 * Edit and Continue debugging feature causes their compiler to
424 * violate ANSI C. To disable Edit and Continue debugging:
425 *
426 * - right-click ssh.c in the FileView
427 * - click Settings
428 * - select the C/C++ tab and the General category
429 * - under `Debug info:', select anything _other_ than `Program
430 * Database for Edit and Continue'.
431 */
432 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
433 #define crState(t) \
434 struct t *s; \
435 if (!ssh->t) ssh->t = snew(struct t); \
436 s = ssh->t;
437 #define crFinish(z) } *crLine = 0; return (z); }
438 #define crFinishV } *crLine = 0; return; }
439 #define crReturn(z) \
440 do {\
441 *crLine =__LINE__; return (z); case __LINE__:;\
442 } while (0)
443 #define crReturnV \
444 do {\
445 *crLine=__LINE__; return; case __LINE__:;\
446 } while (0)
447 #define crStop(z) do{ *crLine = 0; return (z); }while(0)
448 #define crStopV do{ *crLine = 0; return; }while(0)
449 #define crWaitUntil(c) do { crReturn(0); } while (!(c))
450 #define crWaitUntilV(c) do { crReturnV; } while (!(c))
451
452 typedef struct ssh_tag *Ssh;
453 struct Packet;
454
455 static struct Packet *ssh1_pkt_init(int pkt_type);
456 static struct Packet *ssh2_pkt_init(int pkt_type);
457 static void ssh_pkt_ensure(struct Packet *, int length);
458 static void ssh_pkt_adddata(struct Packet *, void *data, int len);
459 static void ssh_pkt_addbyte(struct Packet *, unsigned char value);
460 static void ssh2_pkt_addbool(struct Packet *, unsigned char value);
461 static void ssh_pkt_adduint32(struct Packet *, unsigned long value);
462 static void ssh_pkt_addstring_start(struct Packet *);
463 static void ssh_pkt_addstring_str(struct Packet *, char *data);
464 static void ssh_pkt_addstring_data(struct Packet *, char *data, int len);
465 static void ssh_pkt_addstring(struct Packet *, char *data);
466 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len);
467 static void ssh1_pkt_addmp(struct Packet *, Bignum b);
468 static void ssh2_pkt_addmp(struct Packet *, Bignum b);
469 static int ssh2_pkt_construct(Ssh, struct Packet *);
470 static void ssh2_pkt_send(Ssh, struct Packet *);
471 static void ssh2_pkt_send_noqueue(Ssh, struct Packet *);
472 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
473 struct Packet *pktin);
474 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
475 struct Packet *pktin);
476 static void ssh_channel_destroy(struct ssh_channel *c);
477
478 /*
479 * Buffer management constants. There are several of these for
480 * various different purposes:
481 *
482 * - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
483 * on a local data stream before we throttle the whole SSH
484 * connection (in SSH-1 only). Throttling the whole connection is
485 * pretty drastic so we set this high in the hope it won't
486 * happen very often.
487 *
488 * - SSH_MAX_BACKLOG is the amount of backlog that must build up
489 * on the SSH connection itself before we defensively throttle
490 * _all_ local data streams. This is pretty drastic too (though
491 * thankfully unlikely in SSH-2 since the window mechanism should
492 * ensure that the server never has any need to throttle its end
493 * of the connection), so we set this high as well.
494 *
495 * - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
496 * channels.
497 *
498 * - OUR_V2_BIGWIN is the window size we advertise for the only
499 * channel in a simple connection. It must be <= INT_MAX.
500 *
501 * - OUR_V2_MAXPKT is the official "maximum packet size" we send
502 * to the remote side. This actually has nothing to do with the
503 * size of the _packet_, but is instead a limit on the amount
504 * of data we're willing to receive in a single SSH2 channel
505 * data message.
506 *
507 * - OUR_V2_PACKETLIMIT is actually the maximum size of SSH
508 * _packet_ we're prepared to cope with. It must be a multiple
509 * of the cipher block size, and must be at least 35000.
510 */
511
512 #define SSH1_BUFFER_LIMIT 32768
513 #define SSH_MAX_BACKLOG 32768
514 #define OUR_V2_WINSIZE 16384
515 #define OUR_V2_BIGWIN 0x7fffffff
516 #define OUR_V2_MAXPKT 0x4000UL
517 #define OUR_V2_PACKETLIMIT 0x9000UL
518
519 /* Maximum length of passwords/passphrases (arbitrary) */
520 #define SSH_MAX_PASSWORD_LEN 100
521
522 const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
523
524 const static struct ssh_mac *macs[] = {
525 &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
526 };
527 const static struct ssh_mac *buggymacs[] = {
528 &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5
529 };
530
531 static void *ssh_comp_none_init(void)
532 {
533 return NULL;
534 }
535 static void ssh_comp_none_cleanup(void *handle)
536 {
537 }
538 static int ssh_comp_none_block(void *handle, unsigned char *block, int len,
539 unsigned char **outblock, int *outlen)
540 {
541 return 0;
542 }
543 static int ssh_comp_none_disable(void *handle)
544 {
545 return 0;
546 }
547 const static struct ssh_compress ssh_comp_none = {
548 "none", NULL,
549 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
550 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
551 ssh_comp_none_disable, NULL
552 };
553 extern const struct ssh_compress ssh_zlib;
554 const static struct ssh_compress *compressions[] = {
555 &ssh_zlib, &ssh_comp_none
556 };
557
558 enum { /* channel types */
559 CHAN_MAINSESSION,
560 CHAN_X11,
561 CHAN_AGENT,
562 CHAN_SOCKDATA,
563 CHAN_SOCKDATA_DORMANT /* one the remote hasn't confirmed */
564 };
565
566 /*
567 * little structure to keep track of outstanding WINDOW_ADJUSTs
568 */
569 struct winadj {
570 struct winadj *next;
571 unsigned size;
572 };
573
574 /*
575 * 2-3-4 tree storing channels.
576 */
577 struct ssh_channel {
578 Ssh ssh; /* pointer back to main context */
579 unsigned remoteid, localid;
580 int type;
581 /* True if we opened this channel but server hasn't confirmed. */
582 int halfopen;
583 /*
584 * In SSH-1, this value contains four bits:
585 *
586 * 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
587 * 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
588 * 4 We have received SSH1_MSG_CHANNEL_CLOSE.
589 * 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
590 *
591 * A channel is completely finished with when all four bits are set.
592 *
593 * In SSH-2, the four bits mean:
594 *
595 * 1 We have sent SSH2_MSG_CHANNEL_EOF.
596 * 2 We have sent SSH2_MSG_CHANNEL_CLOSE.
597 * 4 We have received SSH2_MSG_CHANNEL_EOF.
598 * 8 We have received SSH2_MSG_CHANNEL_CLOSE.
599 *
600 * A channel is completely finished with when we have both sent
601 * and received CLOSE.
602 *
603 * The symbolic constants below use the SSH-2 terminology, which
604 * is a bit confusing in SSH-1, but we have to use _something_.
605 */
606 #define CLOSES_SENT_EOF 1
607 #define CLOSES_SENT_CLOSE 2
608 #define CLOSES_RCVD_EOF 4
609 #define CLOSES_RCVD_CLOSE 8
610 int closes;
611
612 /*
613 * This flag indicates that an EOF is pending on the outgoing side
614 * of the channel: that is, wherever we're getting the data for
615 * this channel has sent us some data followed by EOF. We can't
616 * actually send the EOF until we've finished sending the data, so
617 * we set this flag instead to remind us to do so once our buffer
618 * is clear.
619 */
620 int pending_eof;
621
622 /*
623 * True if this channel is causing the underlying connection to be
624 * throttled.
625 */
626 int throttling_conn;
627 union {
628 struct ssh2_data_channel {
629 bufchain outbuffer;
630 unsigned remwindow, remmaxpkt;
631 /* locwindow is signed so we can cope with excess data. */
632 int locwindow, locmaxwin;
633 /*
634 * remlocwin is the amount of local window that we think
635 * the remote end had available to it after it sent the
636 * last data packet or window adjust ack.
637 */
638 int remlocwin;
639 /*
640 * These store the list of window adjusts that haven't
641 * been acked.
642 */
643 struct winadj *winadj_head, *winadj_tail;
644 enum { THROTTLED, UNTHROTTLING, UNTHROTTLED } throttle_state;
645 } v2;
646 } v;
647 union {
648 struct ssh_agent_channel {
649 unsigned char *message;
650 unsigned char msglen[4];
651 unsigned lensofar, totallen;
652 } a;
653 struct ssh_x11_channel {
654 Socket s;
655 } x11;
656 struct ssh_pfd_channel {
657 Socket s;
658 } pfd;
659 } u;
660 };
661
662 /*
663 * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
664 * use this structure in different ways, reflecting SSH-2's
665 * altogether saner approach to port forwarding.
666 *
667 * In SSH-1, you arrange a remote forwarding by sending the server
668 * the remote port number, and the local destination host:port.
669 * When a connection comes in, the server sends you back that
670 * host:port pair, and you connect to it. This is a ready-made
671 * security hole if you're not on the ball: a malicious server
672 * could send you back _any_ host:port pair, so if you trustingly
673 * connect to the address it gives you then you've just opened the
674 * entire inside of your corporate network just by connecting
675 * through it to a dodgy SSH server. Hence, we must store a list of
676 * host:port pairs we _are_ trying to forward to, and reject a
677 * connection request from the server if it's not in the list.
678 *
679 * In SSH-2, each side of the connection minds its own business and
680 * doesn't send unnecessary information to the other. You arrange a
681 * remote forwarding by sending the server just the remote port
682 * number. When a connection comes in, the server tells you which
683 * of its ports was connected to; and _you_ have to remember what
684 * local host:port pair went with that port number.
685 *
686 * Hence, in SSH-1 this structure is indexed by destination
687 * host:port pair, whereas in SSH-2 it is indexed by source port.
688 */
689 struct ssh_portfwd; /* forward declaration */
690
691 struct ssh_rportfwd {
692 unsigned sport, dport;
693 char dhost[256];
694 char *sportdesc;
695 struct ssh_portfwd *pfrec;
696 };
697 #define free_rportfwd(pf) ( \
698 ((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) )
699
700 /*
701 * Separately to the rportfwd tree (which is for looking up port
702 * open requests from the server), a tree of _these_ structures is
703 * used to keep track of all the currently open port forwardings,
704 * so that we can reconfigure in mid-session if the user requests
705 * it.
706 */
707 struct ssh_portfwd {
708 enum { DESTROY, KEEP, CREATE } status;
709 int type;
710 unsigned sport, dport;
711 char *saddr, *daddr;
712 char *sserv, *dserv;
713 struct ssh_rportfwd *remote;
714 int addressfamily;
715 void *local;
716 };
717 #define free_portfwd(pf) ( \
718 ((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr), \
719 sfree((pf)->sserv), sfree((pf)->dserv)) : (void)0 ), sfree(pf) )
720
721 struct Packet {
722 long length; /* length of `data' actually used */
723 long forcepad; /* SSH-2: force padding to at least this length */
724 int type; /* only used for incoming packets */
725 unsigned long sequence; /* SSH-2 incoming sequence number */
726 unsigned char *data; /* allocated storage */
727 unsigned char *body; /* offset of payload within `data' */
728 long savedpos; /* temporary index into `data' (for strings) */
729 long maxlen; /* amount of storage allocated for `data' */
730 long encrypted_len; /* for SSH-2 total-size counting */
731
732 /*
733 * State associated with packet logging
734 */
735 int logmode;
736 int nblanks;
737 struct logblank_t *blanks;
738 };
739
740 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
741 struct Packet *pktin);
742 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
743 struct Packet *pktin);
744 static void ssh1_protocol_setup(Ssh ssh);
745 static void ssh2_protocol_setup(Ssh ssh);
746 static void ssh_size(void *handle, int width, int height);
747 static void ssh_special(void *handle, Telnet_Special);
748 static int ssh2_try_send(struct ssh_channel *c);
749 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len);
750 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize);
751 static void ssh2_set_window(struct ssh_channel *c, int newwin);
752 static int ssh_sendbuffer(void *handle);
753 static int ssh_do_close(Ssh ssh, int notify_exit);
754 static unsigned long ssh_pkt_getuint32(struct Packet *pkt);
755 static int ssh2_pkt_getbool(struct Packet *pkt);
756 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length);
757 static void ssh2_timer(void *ctx, long now);
758 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
759 struct Packet *pktin);
760
761 struct rdpkt1_state_tag {
762 long len, pad, biglen, to_read;
763 unsigned long realcrc, gotcrc;
764 unsigned char *p;
765 int i;
766 int chunk;
767 struct Packet *pktin;
768 };
769
770 struct rdpkt2_state_tag {
771 long len, pad, payload, packetlen, maclen;
772 int i;
773 int cipherblk;
774 unsigned long incoming_sequence;
775 struct Packet *pktin;
776 };
777
778 typedef void (*handler_fn_t)(Ssh ssh, struct Packet *pktin);
779 typedef void (*chandler_fn_t)(Ssh ssh, struct Packet *pktin, void *ctx);
780
781 struct queued_handler;
782 struct queued_handler {
783 int msg1, msg2;
784 chandler_fn_t handler;
785 void *ctx;
786 struct queued_handler *next;
787 };
788
789 struct ssh_tag {
790 const struct plug_function_table *fn;
791 /* the above field _must_ be first in the structure */
792
793 char *v_c, *v_s;
794 void *exhash;
795
796 Socket s;
797
798 void *ldisc;
799 void *logctx;
800
801 unsigned char session_key[32];
802 int v1_compressing;
803 int v1_remote_protoflags;
804 int v1_local_protoflags;
805 int agentfwd_enabled;
806 int X11_fwd_enabled;
807 int remote_bugs;
808 const struct ssh_cipher *cipher;
809 void *v1_cipher_ctx;
810 void *crcda_ctx;
811 const struct ssh2_cipher *cscipher, *sccipher;
812 void *cs_cipher_ctx, *sc_cipher_ctx;
813 const struct ssh_mac *csmac, *scmac;
814 void *cs_mac_ctx, *sc_mac_ctx;
815 const struct ssh_compress *cscomp, *sccomp;
816 void *cs_comp_ctx, *sc_comp_ctx;
817 const struct ssh_kex *kex;
818 const struct ssh_signkey *hostkey;
819 unsigned char v2_session_id[SSH2_KEX_MAX_HASH_LEN];
820 int v2_session_id_len;
821 void *kex_ctx;
822
823 char *savedhost;
824 int savedport;
825 int send_ok;
826 int echoing, editing;
827
828 void *frontend;
829
830 int ospeed, ispeed; /* temporaries */
831 int term_width, term_height;
832
833 tree234 *channels; /* indexed by local id */
834 struct ssh_channel *mainchan; /* primary session channel */
835 int ncmode; /* is primary channel direct-tcpip? */
836 int exitcode;
837 int close_expected;
838 int clean_exit;
839
840 tree234 *rportfwds, *portfwds;
841
842 enum {
843 SSH_STATE_PREPACKET,
844 SSH_STATE_BEFORE_SIZE,
845 SSH_STATE_INTERMED,
846 SSH_STATE_SESSION,
847 SSH_STATE_CLOSED
848 } state;
849
850 int size_needed, eof_needed;
851 int sent_console_eof;
852
853 struct Packet **queue;
854 int queuelen, queuesize;
855 int queueing;
856 unsigned char *deferred_send_data;
857 int deferred_len, deferred_size;
858
859 /*
860 * Gross hack: pscp will try to start SFTP but fall back to
861 * scp1 if that fails. This variable is the means by which
862 * scp.c can reach into the SSH code and find out which one it
863 * got.
864 */
865 int fallback_cmd;
866
867 bufchain banner; /* accumulates banners during do_ssh2_authconn */
868
869 Pkt_KCtx pkt_kctx;
870 Pkt_ACtx pkt_actx;
871
872 struct X11Display *x11disp;
873
874 int version;
875 int conn_throttle_count;
876 int overall_bufsize;
877 int throttled_all;
878 int v1_stdout_throttling;
879 unsigned long v2_outgoing_sequence;
880
881 int ssh1_rdpkt_crstate;
882 int ssh2_rdpkt_crstate;
883 int do_ssh_init_crstate;
884 int ssh_gotdata_crstate;
885 int do_ssh1_login_crstate;
886 int do_ssh1_connection_crstate;
887 int do_ssh2_transport_crstate;
888 int do_ssh2_authconn_crstate;
889
890 void *do_ssh_init_state;
891 void *do_ssh1_login_state;
892 void *do_ssh2_transport_state;
893 void *do_ssh2_authconn_state;
894
895 struct rdpkt1_state_tag rdpkt1_state;
896 struct rdpkt2_state_tag rdpkt2_state;
897
898 /* SSH-1 and SSH-2 use this for different things, but both use it */
899 int protocol_initial_phase_done;
900
901 void (*protocol) (Ssh ssh, void *vin, int inlen,
902 struct Packet *pkt);
903 struct Packet *(*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
904
905 /*
906 * We maintain our own copy of a Conf structure here. That way,
907 * when we're passed a new one for reconfiguration, we can check
908 * the differences and potentially reconfigure port forwardings
909 * etc in mid-session.
910 */
911 Conf *conf;
912
913 /*
914 * Values cached out of conf so as to avoid the tree234 lookup
915 * cost every time they're used.
916 */
917 int logomitdata;
918
919 /*
920 * Dynamically allocated username string created during SSH
921 * login. Stored in here rather than in the coroutine state so
922 * that it'll be reliably freed if we shut down the SSH session
923 * at some unexpected moment.
924 */
925 char *username;
926
927 /*
928 * Used to transfer data back from async callbacks.
929 */
930 void *agent_response;
931 int agent_response_len;
932 int user_response;
933
934 /*
935 * The SSH connection can be set as `frozen', meaning we are
936 * not currently accepting incoming data from the network. This
937 * is slightly more serious than setting the _socket_ as
938 * frozen, because we may already have had data passed to us
939 * from the network which we need to delay processing until
940 * after the freeze is lifted, so we also need a bufchain to
941 * store that data.
942 */
943 int frozen;
944 bufchain queued_incoming_data;
945
946 /*
947 * Dispatch table for packet types that we may have to deal
948 * with at any time.
949 */
950 handler_fn_t packet_dispatch[256];
951
952 /*
953 * Queues of one-off handler functions for success/failure
954 * indications from a request.
955 */
956 struct queued_handler *qhead, *qtail;
957
958 /*
959 * This module deals with sending keepalives.
960 */
961 Pinger pinger;
962
963 /*
964 * Track incoming and outgoing data sizes and time, for
965 * size-based rekeys.
966 */
967 unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
968 unsigned long max_data_size;
969 int kex_in_progress;
970 long next_rekey, last_rekey;
971 char *deferred_rekey_reason; /* points to STATIC string; don't free */
972
973 /*
974 * Fully qualified host name, which we need if doing GSSAPI.
975 */
976 char *fullhostname;
977
978 #ifndef NO_GSSAPI
979 /*
980 * GSSAPI libraries for this session.
981 */
982 struct ssh_gss_liblist *gsslibs;
983 #endif
984 };
985
986 #define logevent(s) logevent(ssh->frontend, s)
987
988 /* logevent, only printf-formatted. */
989 static void logeventf(Ssh ssh, const char *fmt, ...)
990 {
991 va_list ap;
992 char *buf;
993
994 va_start(ap, fmt);
995 buf = dupvprintf(fmt, ap);
996 va_end(ap);
997 logevent(buf);
998 sfree(buf);
999 }
1000
1001 #define bombout(msg) \
1002 do { \
1003 char *text = dupprintf msg; \
1004 ssh_do_close(ssh, FALSE); \
1005 logevent(text); \
1006 connection_fatal(ssh->frontend, "%s", text); \
1007 sfree(text); \
1008 } while (0)
1009
1010 /* Functions to leave bits out of the SSH packet log file. */
1011
1012 static void dont_log_password(Ssh ssh, struct Packet *pkt, int blanktype)
1013 {
1014 if (conf_get_int(ssh->conf, CONF_logomitpass))
1015 pkt->logmode = blanktype;
1016 }
1017
1018 static void dont_log_data(Ssh ssh, struct Packet *pkt, int blanktype)
1019 {
1020 if (ssh->logomitdata)
1021 pkt->logmode = blanktype;
1022 }
1023
1024 static void end_log_omission(Ssh ssh, struct Packet *pkt)
1025 {
1026 pkt->logmode = PKTLOG_EMIT;
1027 }
1028
1029 /* Helper function for common bits of parsing ttymodes. */
1030 static void parse_ttymodes(Ssh ssh,
1031 void (*do_mode)(void *data, char *mode, char *val),
1032 void *data)
1033 {
1034 char *key, *val;
1035
1036 for (val = conf_get_str_strs(ssh->conf, CONF_ttymodes, NULL, &key);
1037 val != NULL;
1038 val = conf_get_str_strs(ssh->conf, CONF_ttymodes, key, &key)) {
1039 /*
1040 * val[0] is either 'V', indicating that an explicit value
1041 * follows it, or 'A' indicating that we should pass the
1042 * value through from the local environment via get_ttymode.
1043 */
1044 if (val[0] == 'A')
1045 val = get_ttymode(ssh->frontend, key);
1046 else
1047 val++; /* skip the 'V' */
1048 if (val)
1049 do_mode(data, key, val);
1050 }
1051 }
1052
1053 static int ssh_channelcmp(void *av, void *bv)
1054 {
1055 struct ssh_channel *a = (struct ssh_channel *) av;
1056 struct ssh_channel *b = (struct ssh_channel *) bv;
1057 if (a->localid < b->localid)
1058 return -1;
1059 if (a->localid > b->localid)
1060 return +1;
1061 return 0;
1062 }
1063 static int ssh_channelfind(void *av, void *bv)
1064 {
1065 unsigned *a = (unsigned *) av;
1066 struct ssh_channel *b = (struct ssh_channel *) bv;
1067 if (*a < b->localid)
1068 return -1;
1069 if (*a > b->localid)
1070 return +1;
1071 return 0;
1072 }
1073
1074 static int ssh_rportcmp_ssh1(void *av, void *bv)
1075 {
1076 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1077 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1078 int i;
1079 if ( (i = strcmp(a->dhost, b->dhost)) != 0)
1080 return i < 0 ? -1 : +1;
1081 if (a->dport > b->dport)
1082 return +1;
1083 if (a->dport < b->dport)
1084 return -1;
1085 return 0;
1086 }
1087
1088 static int ssh_rportcmp_ssh2(void *av, void *bv)
1089 {
1090 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1091 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1092
1093 if (a->sport > b->sport)
1094 return +1;
1095 if (a->sport < b->sport)
1096 return -1;
1097 return 0;
1098 }
1099
1100 /*
1101 * Special form of strcmp which can cope with NULL inputs. NULL is
1102 * defined to sort before even the empty string.
1103 */
1104 static int nullstrcmp(const char *a, const char *b)
1105 {
1106 if (a == NULL && b == NULL)
1107 return 0;
1108 if (a == NULL)
1109 return -1;
1110 if (b == NULL)
1111 return +1;
1112 return strcmp(a, b);
1113 }
1114
1115 static int ssh_portcmp(void *av, void *bv)
1116 {
1117 struct ssh_portfwd *a = (struct ssh_portfwd *) av;
1118 struct ssh_portfwd *b = (struct ssh_portfwd *) bv;
1119 int i;
1120 if (a->type > b->type)
1121 return +1;
1122 if (a->type < b->type)
1123 return -1;
1124 if (a->addressfamily > b->addressfamily)
1125 return +1;
1126 if (a->addressfamily < b->addressfamily)
1127 return -1;
1128 if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0)
1129 return i < 0 ? -1 : +1;
1130 if (a->sport > b->sport)
1131 return +1;
1132 if (a->sport < b->sport)
1133 return -1;
1134 if (a->type != 'D') {
1135 if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0)
1136 return i < 0 ? -1 : +1;
1137 if (a->dport > b->dport)
1138 return +1;
1139 if (a->dport < b->dport)
1140 return -1;
1141 }
1142 return 0;
1143 }
1144
1145 static int alloc_channel_id(Ssh ssh)
1146 {
1147 const unsigned CHANNEL_NUMBER_OFFSET = 256;
1148 unsigned low, high, mid;
1149 int tsize;
1150 struct ssh_channel *c;
1151
1152 /*
1153 * First-fit allocation of channel numbers: always pick the
1154 * lowest unused one. To do this, binary-search using the
1155 * counted B-tree to find the largest channel ID which is in a
1156 * contiguous sequence from the beginning. (Precisely
1157 * everything in that sequence must have ID equal to its tree
1158 * index plus CHANNEL_NUMBER_OFFSET.)
1159 */
1160 tsize = count234(ssh->channels);
1161
1162 low = -1;
1163 high = tsize;
1164 while (high - low > 1) {
1165 mid = (high + low) / 2;
1166 c = index234(ssh->channels, mid);
1167 if (c->localid == mid + CHANNEL_NUMBER_OFFSET)
1168 low = mid; /* this one is fine */
1169 else
1170 high = mid; /* this one is past it */
1171 }
1172 /*
1173 * Now low points to either -1, or the tree index of the
1174 * largest ID in the initial sequence.
1175 */
1176 {
1177 unsigned i = low + 1 + CHANNEL_NUMBER_OFFSET;
1178 assert(NULL == find234(ssh->channels, &i, ssh_channelfind));
1179 }
1180 return low + 1 + CHANNEL_NUMBER_OFFSET;
1181 }
1182
1183 static void c_write_stderr(int trusted, const char *buf, int len)
1184 {
1185 int i;
1186 for (i = 0; i < len; i++)
1187 if (buf[i] != '\r' && (trusted || buf[i] == '\n' || (buf[i] & 0x60)))
1188 fputc(buf[i], stderr);
1189 }
1190
1191 static void c_write(Ssh ssh, const char *buf, int len)
1192 {
1193 if (flags & FLAG_STDERR)
1194 c_write_stderr(1, buf, len);
1195 else
1196 from_backend(ssh->frontend, 1, buf, len);
1197 }
1198
1199 static void c_write_untrusted(Ssh ssh, const char *buf, int len)
1200 {
1201 if (flags & FLAG_STDERR)
1202 c_write_stderr(0, buf, len);
1203 else
1204 from_backend_untrusted(ssh->frontend, buf, len);
1205 }
1206
1207 static void c_write_str(Ssh ssh, const char *buf)
1208 {
1209 c_write(ssh, buf, strlen(buf));
1210 }
1211
1212 static void ssh_free_packet(struct Packet *pkt)
1213 {
1214 sfree(pkt->data);
1215 sfree(pkt);
1216 }
1217 static struct Packet *ssh_new_packet(void)
1218 {
1219 struct Packet *pkt = snew(struct Packet);
1220
1221 pkt->body = pkt->data = NULL;
1222 pkt->maxlen = 0;
1223 pkt->logmode = PKTLOG_EMIT;
1224 pkt->nblanks = 0;
1225 pkt->blanks = NULL;
1226
1227 return pkt;
1228 }
1229
1230 /*
1231 * Collect incoming data in the incoming packet buffer.
1232 * Decipher and verify the packet when it is completely read.
1233 * Drop SSH1_MSG_DEBUG and SSH1_MSG_IGNORE packets.
1234 * Update the *data and *datalen variables.
1235 * Return a Packet structure when a packet is completed.
1236 */
1237 static struct Packet *ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1238 {
1239 struct rdpkt1_state_tag *st = &ssh->rdpkt1_state;
1240
1241 crBegin(ssh->ssh1_rdpkt_crstate);
1242
1243 st->pktin = ssh_new_packet();
1244
1245 st->pktin->type = 0;
1246 st->pktin->length = 0;
1247
1248 for (st->i = st->len = 0; st->i < 4; st->i++) {
1249 while ((*datalen) == 0)
1250 crReturn(NULL);
1251 st->len = (st->len << 8) + **data;
1252 (*data)++, (*datalen)--;
1253 }
1254
1255 st->pad = 8 - (st->len % 8);
1256 st->biglen = st->len + st->pad;
1257 st->pktin->length = st->len - 5;
1258
1259 if (st->biglen < 0) {
1260 bombout(("Extremely large packet length from server suggests"
1261 " data stream corruption"));
1262 ssh_free_packet(st->pktin);
1263 crStop(NULL);
1264 }
1265
1266 st->pktin->maxlen = st->biglen;
1267 st->pktin->data = snewn(st->biglen + APIEXTRA, unsigned char);
1268
1269 st->to_read = st->biglen;
1270 st->p = st->pktin->data;
1271 while (st->to_read > 0) {
1272 st->chunk = st->to_read;
1273 while ((*datalen) == 0)
1274 crReturn(NULL);
1275 if (st->chunk > (*datalen))
1276 st->chunk = (*datalen);
1277 memcpy(st->p, *data, st->chunk);
1278 *data += st->chunk;
1279 *datalen -= st->chunk;
1280 st->p += st->chunk;
1281 st->to_read -= st->chunk;
1282 }
1283
1284 if (ssh->cipher && detect_attack(ssh->crcda_ctx, st->pktin->data,
1285 st->biglen, NULL)) {
1286 bombout(("Network attack (CRC compensation) detected!"));
1287 ssh_free_packet(st->pktin);
1288 crStop(NULL);
1289 }
1290
1291 if (ssh->cipher)
1292 ssh->cipher->decrypt(ssh->v1_cipher_ctx, st->pktin->data, st->biglen);
1293
1294 st->realcrc = crc32_compute(st->pktin->data, st->biglen - 4);
1295 st->gotcrc = GET_32BIT(st->pktin->data + st->biglen - 4);
1296 if (st->gotcrc != st->realcrc) {
1297 bombout(("Incorrect CRC received on packet"));
1298 ssh_free_packet(st->pktin);
1299 crStop(NULL);
1300 }
1301
1302 st->pktin->body = st->pktin->data + st->pad + 1;
1303 st->pktin->savedpos = 0;
1304
1305 if (ssh->v1_compressing) {
1306 unsigned char *decompblk;
1307 int decomplen;
1308 if (!zlib_decompress_block(ssh->sc_comp_ctx,
1309 st->pktin->body - 1, st->pktin->length + 1,
1310 &decompblk, &decomplen)) {
1311 bombout(("Zlib decompression encountered invalid data"));
1312 ssh_free_packet(st->pktin);
1313 crStop(NULL);
1314 }
1315
1316 if (st->pktin->maxlen < st->pad + decomplen) {
1317 st->pktin->maxlen = st->pad + decomplen;
1318 st->pktin->data = sresize(st->pktin->data,
1319 st->pktin->maxlen + APIEXTRA,
1320 unsigned char);
1321 st->pktin->body = st->pktin->data + st->pad + 1;
1322 }
1323
1324 memcpy(st->pktin->body - 1, decompblk, decomplen);
1325 sfree(decompblk);
1326 st->pktin->length = decomplen - 1;
1327 }
1328
1329 st->pktin->type = st->pktin->body[-1];
1330
1331 /*
1332 * Log incoming packet, possibly omitting sensitive fields.
1333 */
1334 if (ssh->logctx) {
1335 int nblanks = 0;
1336 struct logblank_t blank;
1337 if (ssh->logomitdata) {
1338 int do_blank = FALSE, blank_prefix = 0;
1339 /* "Session data" packets - omit the data field */
1340 if ((st->pktin->type == SSH1_SMSG_STDOUT_DATA) ||
1341 (st->pktin->type == SSH1_SMSG_STDERR_DATA)) {
1342 do_blank = TRUE; blank_prefix = 4;
1343 } else if (st->pktin->type == SSH1_MSG_CHANNEL_DATA) {
1344 do_blank = TRUE; blank_prefix = 8;
1345 }
1346 if (do_blank) {
1347 blank.offset = blank_prefix;
1348 blank.len = st->pktin->length;
1349 blank.type = PKTLOG_OMIT;
1350 nblanks = 1;
1351 }
1352 }
1353 log_packet(ssh->logctx,
1354 PKT_INCOMING, st->pktin->type,
1355 ssh1_pkt_type(st->pktin->type),
1356 st->pktin->body, st->pktin->length,
1357 nblanks, &blank, NULL);
1358 }
1359
1360 crFinish(st->pktin);
1361 }
1362
1363 static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1364 {
1365 struct rdpkt2_state_tag *st = &ssh->rdpkt2_state;
1366
1367 crBegin(ssh->ssh2_rdpkt_crstate);
1368
1369 st->pktin = ssh_new_packet();
1370
1371 st->pktin->type = 0;
1372 st->pktin->length = 0;
1373 if (ssh->sccipher)
1374 st->cipherblk = ssh->sccipher->blksize;
1375 else
1376 st->cipherblk = 8;
1377 if (st->cipherblk < 8)
1378 st->cipherblk = 8;
1379 st->maclen = ssh->scmac ? ssh->scmac->len : 0;
1380
1381 if (ssh->sccipher && (ssh->sccipher->flags & SSH_CIPHER_IS_CBC) &&
1382 ssh->scmac) {
1383 /*
1384 * When dealing with a CBC-mode cipher, we want to avoid the
1385 * possibility of an attacker's tweaking the ciphertext stream
1386 * so as to cause us to feed the same block to the block
1387 * cipher more than once and thus leak information
1388 * (VU#958563). The way we do this is not to take any
1389 * decisions on the basis of anything we've decrypted until
1390 * we've verified it with a MAC. That includes the packet
1391 * length, so we just read data and check the MAC repeatedly,
1392 * and when the MAC passes, see if the length we've got is
1393 * plausible.
1394 */
1395
1396 /* May as well allocate the whole lot now. */
1397 st->pktin->data = snewn(OUR_V2_PACKETLIMIT + st->maclen + APIEXTRA,
1398 unsigned char);
1399
1400 /* Read an amount corresponding to the MAC. */
1401 for (st->i = 0; st->i < st->maclen; st->i++) {
1402 while ((*datalen) == 0)
1403 crReturn(NULL);
1404 st->pktin->data[st->i] = *(*data)++;
1405 (*datalen)--;
1406 }
1407
1408 st->packetlen = 0;
1409 {
1410 unsigned char seq[4];
1411 ssh->scmac->start(ssh->sc_mac_ctx);
1412 PUT_32BIT(seq, st->incoming_sequence);
1413 ssh->scmac->bytes(ssh->sc_mac_ctx, seq, 4);
1414 }
1415
1416 for (;;) { /* Once around this loop per cipher block. */
1417 /* Read another cipher-block's worth, and tack it onto the end. */
1418 for (st->i = 0; st->i < st->cipherblk; st->i++) {
1419 while ((*datalen) == 0)
1420 crReturn(NULL);
1421 st->pktin->data[st->packetlen+st->maclen+st->i] = *(*data)++;
1422 (*datalen)--;
1423 }
1424 /* Decrypt one more block (a little further back in the stream). */
1425 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1426 st->pktin->data + st->packetlen,
1427 st->cipherblk);
1428 /* Feed that block to the MAC. */
1429 ssh->scmac->bytes(ssh->sc_mac_ctx,
1430 st->pktin->data + st->packetlen, st->cipherblk);
1431 st->packetlen += st->cipherblk;
1432 /* See if that gives us a valid packet. */
1433 if (ssh->scmac->verresult(ssh->sc_mac_ctx,
1434 st->pktin->data + st->packetlen) &&
1435 (st->len = GET_32BIT(st->pktin->data)) + 4 == st->packetlen)
1436 break;
1437 if (st->packetlen >= OUR_V2_PACKETLIMIT) {
1438 bombout(("No valid incoming packet found"));
1439 ssh_free_packet(st->pktin);
1440 crStop(NULL);
1441 }
1442 }
1443 st->pktin->maxlen = st->packetlen + st->maclen;
1444 st->pktin->data = sresize(st->pktin->data,
1445 st->pktin->maxlen + APIEXTRA,
1446 unsigned char);
1447 } else {
1448 st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char);
1449
1450 /*
1451 * Acquire and decrypt the first block of the packet. This will
1452 * contain the length and padding details.
1453 */
1454 for (st->i = st->len = 0; st->i < st->cipherblk; st->i++) {
1455 while ((*datalen) == 0)
1456 crReturn(NULL);
1457 st->pktin->data[st->i] = *(*data)++;
1458 (*datalen)--;
1459 }
1460
1461 if (ssh->sccipher)
1462 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1463 st->pktin->data, st->cipherblk);
1464
1465 /*
1466 * Now get the length figure.
1467 */
1468 st->len = GET_32BIT(st->pktin->data);
1469
1470 /*
1471 * _Completely_ silly lengths should be stomped on before they
1472 * do us any more damage.
1473 */
1474 if (st->len < 0 || st->len > OUR_V2_PACKETLIMIT ||
1475 (st->len + 4) % st->cipherblk != 0) {
1476 bombout(("Incoming packet was garbled on decryption"));
1477 ssh_free_packet(st->pktin);
1478 crStop(NULL);
1479 }
1480
1481 /*
1482 * So now we can work out the total packet length.
1483 */
1484 st->packetlen = st->len + 4;
1485
1486 /*
1487 * Allocate memory for the rest of the packet.
1488 */
1489 st->pktin->maxlen = st->packetlen + st->maclen;
1490 st->pktin->data = sresize(st->pktin->data,
1491 st->pktin->maxlen + APIEXTRA,
1492 unsigned char);
1493
1494 /*
1495 * Read and decrypt the remainder of the packet.
1496 */
1497 for (st->i = st->cipherblk; st->i < st->packetlen + st->maclen;
1498 st->i++) {
1499 while ((*datalen) == 0)
1500 crReturn(NULL);
1501 st->pktin->data[st->i] = *(*data)++;
1502 (*datalen)--;
1503 }
1504 /* Decrypt everything _except_ the MAC. */
1505 if (ssh->sccipher)
1506 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1507 st->pktin->data + st->cipherblk,
1508 st->packetlen - st->cipherblk);
1509
1510 /*
1511 * Check the MAC.
1512 */
1513 if (ssh->scmac
1514 && !ssh->scmac->verify(ssh->sc_mac_ctx, st->pktin->data,
1515 st->len + 4, st->incoming_sequence)) {
1516 bombout(("Incorrect MAC received on packet"));
1517 ssh_free_packet(st->pktin);
1518 crStop(NULL);
1519 }
1520 }
1521 /* Get and sanity-check the amount of random padding. */
1522 st->pad = st->pktin->data[4];
1523 if (st->pad < 4 || st->len - st->pad < 1) {
1524 bombout(("Invalid padding length on received packet"));
1525 ssh_free_packet(st->pktin);
1526 crStop(NULL);
1527 }
1528 /*
1529 * This enables us to deduce the payload length.
1530 */
1531 st->payload = st->len - st->pad - 1;
1532
1533 st->pktin->length = st->payload + 5;
1534 st->pktin->encrypted_len = st->packetlen;
1535
1536 st->pktin->sequence = st->incoming_sequence++;
1537
1538 /*
1539 * Decompress packet payload.
1540 */
1541 {
1542 unsigned char *newpayload;
1543 int newlen;
1544 if (ssh->sccomp &&
1545 ssh->sccomp->decompress(ssh->sc_comp_ctx,
1546 st->pktin->data + 5, st->pktin->length - 5,
1547 &newpayload, &newlen)) {
1548 if (st->pktin->maxlen < newlen + 5) {
1549 st->pktin->maxlen = newlen + 5;
1550 st->pktin->data = sresize(st->pktin->data,
1551 st->pktin->maxlen + APIEXTRA,
1552 unsigned char);
1553 }
1554 st->pktin->length = 5 + newlen;
1555 memcpy(st->pktin->data + 5, newpayload, newlen);
1556 sfree(newpayload);
1557 }
1558 }
1559
1560 st->pktin->savedpos = 6;
1561 st->pktin->body = st->pktin->data;
1562 st->pktin->type = st->pktin->data[5];
1563
1564 /*
1565 * Log incoming packet, possibly omitting sensitive fields.
1566 */
1567 if (ssh->logctx) {
1568 int nblanks = 0;
1569 struct logblank_t blank;
1570 if (ssh->logomitdata) {
1571 int do_blank = FALSE, blank_prefix = 0;
1572 /* "Session data" packets - omit the data field */
1573 if (st->pktin->type == SSH2_MSG_CHANNEL_DATA) {
1574 do_blank = TRUE; blank_prefix = 8;
1575 } else if (st->pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA) {
1576 do_blank = TRUE; blank_prefix = 12;
1577 }
1578 if (do_blank) {
1579 blank.offset = blank_prefix;
1580 blank.len = (st->pktin->length-6) - blank_prefix;
1581 blank.type = PKTLOG_OMIT;
1582 nblanks = 1;
1583 }
1584 }
1585 log_packet(ssh->logctx, PKT_INCOMING, st->pktin->type,
1586 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
1587 st->pktin->type),
1588 st->pktin->data+6, st->pktin->length-6,
1589 nblanks, &blank, &st->pktin->sequence);
1590 }
1591
1592 crFinish(st->pktin);
1593 }
1594
1595 static int s_wrpkt_prepare(Ssh ssh, struct Packet *pkt, int *offset_p)
1596 {
1597 int pad, biglen, i, pktoffs;
1598 unsigned long crc;
1599 #ifdef __SC__
1600 /*
1601 * XXX various versions of SC (including 8.8.4) screw up the
1602 * register allocation in this function and use the same register
1603 * (D6) for len and as a temporary, with predictable results. The
1604 * following sledgehammer prevents this.
1605 */
1606 volatile
1607 #endif
1608 int len;
1609
1610 if (ssh->logctx)
1611 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[12],
1612 ssh1_pkt_type(pkt->data[12]),
1613 pkt->body, pkt->length - (pkt->body - pkt->data),
1614 pkt->nblanks, pkt->blanks, NULL);
1615 sfree(pkt->blanks); pkt->blanks = NULL;
1616 pkt->nblanks = 0;
1617
1618 if (ssh->v1_compressing) {
1619 unsigned char *compblk;
1620 int complen;
1621 zlib_compress_block(ssh->cs_comp_ctx,
1622 pkt->data + 12, pkt->length - 12,
1623 &compblk, &complen);
1624 ssh_pkt_ensure(pkt, complen + 2); /* just in case it's got bigger */
1625 memcpy(pkt->data + 12, compblk, complen);
1626 sfree(compblk);
1627 pkt->length = complen + 12;
1628 }
1629
1630 ssh_pkt_ensure(pkt, pkt->length + 4); /* space for CRC */
1631 pkt->length += 4;
1632 len = pkt->length - 4 - 8; /* len(type+data+CRC) */
1633 pad = 8 - (len % 8);
1634 pktoffs = 8 - pad;
1635 biglen = len + pad; /* len(padding+type+data+CRC) */
1636
1637 for (i = pktoffs; i < 4+8; i++)
1638 pkt->data[i] = random_byte();
1639 crc = crc32_compute(pkt->data + pktoffs + 4, biglen - 4); /* all ex len */
1640 PUT_32BIT(pkt->data + pktoffs + 4 + biglen - 4, crc);
1641 PUT_32BIT(pkt->data + pktoffs, len);
1642
1643 if (ssh->cipher)
1644 ssh->cipher->encrypt(ssh->v1_cipher_ctx,
1645 pkt->data + pktoffs + 4, biglen);
1646
1647 if (offset_p) *offset_p = pktoffs;
1648 return biglen + 4; /* len(length+padding+type+data+CRC) */
1649 }
1650
1651 static int s_write(Ssh ssh, void *data, int len)
1652 {
1653 if (ssh->logctx)
1654 log_packet(ssh->logctx, PKT_OUTGOING, -1, NULL, data, len,
1655 0, NULL, NULL);
1656 return sk_write(ssh->s, (char *)data, len);
1657 }
1658
1659 static void s_wrpkt(Ssh ssh, struct Packet *pkt)
1660 {
1661 int len, backlog, offset;
1662 len = s_wrpkt_prepare(ssh, pkt, &offset);
1663 backlog = s_write(ssh, pkt->data + offset, len);
1664 if (backlog > SSH_MAX_BACKLOG)
1665 ssh_throttle_all(ssh, 1, backlog);
1666 ssh_free_packet(pkt);
1667 }
1668
1669 static void s_wrpkt_defer(Ssh ssh, struct Packet *pkt)
1670 {
1671 int len, offset;
1672 len = s_wrpkt_prepare(ssh, pkt, &offset);
1673 if (ssh->deferred_len + len > ssh->deferred_size) {
1674 ssh->deferred_size = ssh->deferred_len + len + 128;
1675 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
1676 ssh->deferred_size,
1677 unsigned char);
1678 }
1679 memcpy(ssh->deferred_send_data + ssh->deferred_len,
1680 pkt->data + offset, len);
1681 ssh->deferred_len += len;
1682 ssh_free_packet(pkt);
1683 }
1684
1685 /*
1686 * Construct a SSH-1 packet with the specified contents.
1687 * (This all-at-once interface used to be the only one, but now SSH-1
1688 * packets can also be constructed incrementally.)
1689 */
1690 static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
1691 {
1692 int argtype;
1693 Bignum bn;
1694 struct Packet *pkt;
1695
1696 pkt = ssh1_pkt_init(pkttype);
1697
1698 while ((argtype = va_arg(ap, int)) != PKT_END) {
1699 unsigned char *argp, argchar;
1700 char *sargp;
1701 unsigned long argint;
1702 int arglen;
1703 switch (argtype) {
1704 /* Actual fields in the packet */
1705 case PKT_INT:
1706 argint = va_arg(ap, int);
1707 ssh_pkt_adduint32(pkt, argint);
1708 break;
1709 case PKT_CHAR:
1710 argchar = (unsigned char) va_arg(ap, int);
1711 ssh_pkt_addbyte(pkt, argchar);
1712 break;
1713 case PKT_DATA:
1714 argp = va_arg(ap, unsigned char *);
1715 arglen = va_arg(ap, int);
1716 ssh_pkt_adddata(pkt, argp, arglen);
1717 break;
1718 case PKT_STR:
1719 sargp = va_arg(ap, char *);
1720 ssh_pkt_addstring(pkt, sargp);
1721 break;
1722 case PKT_BIGNUM:
1723 bn = va_arg(ap, Bignum);
1724 ssh1_pkt_addmp(pkt, bn);
1725 break;
1726 /* Tokens for modifications to packet logging */
1727 case PKTT_PASSWORD:
1728 dont_log_password(ssh, pkt, PKTLOG_BLANK);
1729 break;
1730 case PKTT_DATA:
1731 dont_log_data(ssh, pkt, PKTLOG_OMIT);
1732 break;
1733 case PKTT_OTHER:
1734 end_log_omission(ssh, pkt);
1735 break;
1736 }
1737 }
1738
1739 return pkt;
1740 }
1741
1742 static void send_packet(Ssh ssh, int pkttype, ...)
1743 {
1744 struct Packet *pkt;
1745 va_list ap;
1746 va_start(ap, pkttype);
1747 pkt = construct_packet(ssh, pkttype, ap);
1748 va_end(ap);
1749 s_wrpkt(ssh, pkt);
1750 }
1751
1752 static void defer_packet(Ssh ssh, int pkttype, ...)
1753 {
1754 struct Packet *pkt;
1755 va_list ap;
1756 va_start(ap, pkttype);
1757 pkt = construct_packet(ssh, pkttype, ap);
1758 va_end(ap);
1759 s_wrpkt_defer(ssh, pkt);
1760 }
1761
1762 static int ssh_versioncmp(char *a, char *b)
1763 {
1764 char *ae, *be;
1765 unsigned long av, bv;
1766
1767 av = strtoul(a, &ae, 10);
1768 bv = strtoul(b, &be, 10);
1769 if (av != bv)
1770 return (av < bv ? -1 : +1);
1771 if (*ae == '.')
1772 ae++;
1773 if (*be == '.')
1774 be++;
1775 av = strtoul(ae, &ae, 10);
1776 bv = strtoul(be, &be, 10);
1777 if (av != bv)
1778 return (av < bv ? -1 : +1);
1779 return 0;
1780 }
1781
1782 /*
1783 * Utility routines for putting an SSH-protocol `string' and
1784 * `uint32' into a hash state.
1785 */
1786 static void hash_string(const struct ssh_hash *h, void *s, void *str, int len)
1787 {
1788 unsigned char lenblk[4];
1789 PUT_32BIT(lenblk, len);
1790 h->bytes(s, lenblk, 4);
1791 h->bytes(s, str, len);
1792 }
1793
1794 static void hash_uint32(const struct ssh_hash *h, void *s, unsigned i)
1795 {
1796 unsigned char intblk[4];
1797 PUT_32BIT(intblk, i);
1798 h->bytes(s, intblk, 4);
1799 }
1800
1801 /*
1802 * Packet construction functions. Mostly shared between SSH-1 and SSH-2.
1803 */
1804 static void ssh_pkt_ensure(struct Packet *pkt, int length)
1805 {
1806 if (pkt->maxlen < length) {
1807 unsigned char *body = pkt->body;
1808 int offset = body ? body - pkt->data : 0;
1809 pkt->maxlen = length + 256;
1810 pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char);
1811 if (body) pkt->body = pkt->data + offset;
1812 }
1813 }
1814 static void ssh_pkt_adddata(struct Packet *pkt, void *data, int len)
1815 {
1816 if (pkt->logmode != PKTLOG_EMIT) {
1817 pkt->nblanks++;
1818 pkt->blanks = sresize(pkt->blanks, pkt->nblanks, struct logblank_t);
1819 assert(pkt->body);
1820 pkt->blanks[pkt->nblanks-1].offset = pkt->length -
1821 (pkt->body - pkt->data);
1822 pkt->blanks[pkt->nblanks-1].len = len;
1823 pkt->blanks[pkt->nblanks-1].type = pkt->logmode;
1824 }
1825 pkt->length += len;
1826 ssh_pkt_ensure(pkt, pkt->length);
1827 memcpy(pkt->data + pkt->length - len, data, len);
1828 }
1829 static void ssh_pkt_addbyte(struct Packet *pkt, unsigned char byte)
1830 {
1831 ssh_pkt_adddata(pkt, &byte, 1);
1832 }
1833 static void ssh2_pkt_addbool(struct Packet *pkt, unsigned char value)
1834 {
1835 ssh_pkt_adddata(pkt, &value, 1);
1836 }
1837 static void ssh_pkt_adduint32(struct Packet *pkt, unsigned long value)
1838 {
1839 unsigned char x[4];
1840 PUT_32BIT(x, value);
1841 ssh_pkt_adddata(pkt, x, 4);
1842 }
1843 static void ssh_pkt_addstring_start(struct Packet *pkt)
1844 {
1845 ssh_pkt_adduint32(pkt, 0);
1846 pkt->savedpos = pkt->length;
1847 }
1848 static void ssh_pkt_addstring_str(struct Packet *pkt, char *data)
1849 {
1850 ssh_pkt_adddata(pkt, data, strlen(data));
1851 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1852 }
1853 static void ssh_pkt_addstring_data(struct Packet *pkt, char *data, int len)
1854 {
1855 ssh_pkt_adddata(pkt, data, len);
1856 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1857 }
1858 static void ssh_pkt_addstring(struct Packet *pkt, char *data)
1859 {
1860 ssh_pkt_addstring_start(pkt);
1861 ssh_pkt_addstring_str(pkt, data);
1862 }
1863 static void ssh1_pkt_addmp(struct Packet *pkt, Bignum b)
1864 {
1865 int len = ssh1_bignum_length(b);
1866 unsigned char *data = snewn(len, unsigned char);
1867 (void) ssh1_write_bignum(data, b);
1868 ssh_pkt_adddata(pkt, data, len);
1869 sfree(data);
1870 }
1871 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len)
1872 {
1873 unsigned char *p;
1874 int i, n = (bignum_bitcount(b) + 7) / 8;
1875 p = snewn(n + 1, unsigned char);
1876 p[0] = 0;
1877 for (i = 1; i <= n; i++)
1878 p[i] = bignum_byte(b, n - i);
1879 i = 0;
1880 while (i <= n && p[i] == 0 && (p[i + 1] & 0x80) == 0)
1881 i++;
1882 memmove(p, p + i, n + 1 - i);
1883 *len = n + 1 - i;
1884 return p;
1885 }
1886 static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
1887 {
1888 unsigned char *p;
1889 int len;
1890 p = ssh2_mpint_fmt(b, &len);
1891 ssh_pkt_addstring_start(pkt);
1892 ssh_pkt_addstring_data(pkt, (char *)p, len);
1893 sfree(p);
1894 }
1895
1896 static struct Packet *ssh1_pkt_init(int pkt_type)
1897 {
1898 struct Packet *pkt = ssh_new_packet();
1899 pkt->length = 4 + 8; /* space for length + max padding */
1900 ssh_pkt_addbyte(pkt, pkt_type);
1901 pkt->body = pkt->data + pkt->length;
1902 return pkt;
1903 }
1904
1905 /* For legacy code (SSH-1 and -2 packet construction used to be separate) */
1906 #define ssh2_pkt_ensure(pkt, length) ssh_pkt_ensure(pkt, length)
1907 #define ssh2_pkt_adddata(pkt, data, len) ssh_pkt_adddata(pkt, data, len)
1908 #define ssh2_pkt_addbyte(pkt, byte) ssh_pkt_addbyte(pkt, byte)
1909 #define ssh2_pkt_adduint32(pkt, value) ssh_pkt_adduint32(pkt, value)
1910 #define ssh2_pkt_addstring_start(pkt) ssh_pkt_addstring_start(pkt)
1911 #define ssh2_pkt_addstring_str(pkt, data) ssh_pkt_addstring_str(pkt, data)
1912 #define ssh2_pkt_addstring_data(pkt, data, len) ssh_pkt_addstring_data(pkt, data, len)
1913 #define ssh2_pkt_addstring(pkt, data) ssh_pkt_addstring(pkt, data)
1914
1915 static struct Packet *ssh2_pkt_init(int pkt_type)
1916 {
1917 struct Packet *pkt = ssh_new_packet();
1918 pkt->length = 5; /* space for packet length + padding length */
1919 pkt->forcepad = 0;
1920 ssh_pkt_addbyte(pkt, (unsigned char) pkt_type);
1921 pkt->body = pkt->data + pkt->length; /* after packet type */
1922 return pkt;
1923 }
1924
1925 /*
1926 * Construct an SSH-2 final-form packet: compress it, encrypt it,
1927 * put the MAC on it. Final packet, ready to be sent, is stored in
1928 * pkt->data. Total length is returned.
1929 */
1930 static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
1931 {
1932 int cipherblk, maclen, padding, i;
1933
1934 if (ssh->logctx)
1935 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[5],
1936 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx, pkt->data[5]),
1937 pkt->body, pkt->length - (pkt->body - pkt->data),
1938 pkt->nblanks, pkt->blanks, &ssh->v2_outgoing_sequence);
1939 sfree(pkt->blanks); pkt->blanks = NULL;
1940 pkt->nblanks = 0;
1941
1942 /*
1943 * Compress packet payload.
1944 */
1945 {
1946 unsigned char *newpayload;
1947 int newlen;
1948 if (ssh->cscomp &&
1949 ssh->cscomp->compress(ssh->cs_comp_ctx, pkt->data + 5,
1950 pkt->length - 5,
1951 &newpayload, &newlen)) {
1952 pkt->length = 5;
1953 ssh2_pkt_adddata(pkt, newpayload, newlen);
1954 sfree(newpayload);
1955 }
1956 }
1957
1958 /*
1959 * Add padding. At least four bytes, and must also bring total
1960 * length (minus MAC) up to a multiple of the block size.
1961 * If pkt->forcepad is set, make sure the packet is at least that size
1962 * after padding.
1963 */
1964 cipherblk = ssh->cscipher ? ssh->cscipher->blksize : 8; /* block size */
1965 cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */
1966 padding = 4;
1967 if (pkt->length + padding < pkt->forcepad)
1968 padding = pkt->forcepad - pkt->length;
1969 padding +=
1970 (cipherblk - (pkt->length + padding) % cipherblk) % cipherblk;
1971 assert(padding <= 255);
1972 maclen = ssh->csmac ? ssh->csmac->len : 0;
1973 ssh2_pkt_ensure(pkt, pkt->length + padding + maclen);
1974 pkt->data[4] = padding;
1975 for (i = 0; i < padding; i++)
1976 pkt->data[pkt->length + i] = random_byte();
1977 PUT_32BIT(pkt->data, pkt->length + padding - 4);
1978 if (ssh->csmac)
1979 ssh->csmac->generate(ssh->cs_mac_ctx, pkt->data,
1980 pkt->length + padding,
1981 ssh->v2_outgoing_sequence);
1982 ssh->v2_outgoing_sequence++; /* whether or not we MACed */
1983
1984 if (ssh->cscipher)
1985 ssh->cscipher->encrypt(ssh->cs_cipher_ctx,
1986 pkt->data, pkt->length + padding);
1987
1988 pkt->encrypted_len = pkt->length + padding;
1989
1990 /* Ready-to-send packet starts at pkt->data. We return length. */
1991 return pkt->length + padding + maclen;
1992 }
1993
1994 /*
1995 * Routines called from the main SSH code to send packets. There
1996 * are quite a few of these, because we have two separate
1997 * mechanisms for delaying the sending of packets:
1998 *
1999 * - In order to send an IGNORE message and a password message in
2000 * a single fixed-length blob, we require the ability to
2001 * concatenate the encrypted forms of those two packets _into_ a
2002 * single blob and then pass it to our <network.h> transport
2003 * layer in one go. Hence, there's a deferment mechanism which
2004 * works after packet encryption.
2005 *
2006 * - In order to avoid sending any connection-layer messages
2007 * during repeat key exchange, we have to queue up any such
2008 * outgoing messages _before_ they are encrypted (and in
2009 * particular before they're allocated sequence numbers), and
2010 * then send them once we've finished.
2011 *
2012 * I call these mechanisms `defer' and `queue' respectively, so as
2013 * to distinguish them reasonably easily.
2014 *
2015 * The functions send_noqueue() and defer_noqueue() free the packet
2016 * structure they are passed. Every outgoing packet goes through
2017 * precisely one of these functions in its life; packets passed to
2018 * ssh2_pkt_send() or ssh2_pkt_defer() either go straight to one of
2019 * these or get queued, and then when the queue is later emptied
2020 * the packets are all passed to defer_noqueue().
2021 *
2022 * When using a CBC-mode cipher, it's necessary to ensure that an
2023 * attacker can't provide data to be encrypted using an IV that they
2024 * know. We ensure this by prefixing each packet that might contain
2025 * user data with an SSH_MSG_IGNORE. This is done using the deferral
2026 * mechanism, so in this case send_noqueue() ends up redirecting to
2027 * defer_noqueue(). If you don't like this inefficiency, don't use
2028 * CBC.
2029 */
2030
2031 static void ssh2_pkt_defer_noqueue(Ssh, struct Packet *, int);
2032 static void ssh_pkt_defersend(Ssh);
2033
2034 /*
2035 * Send an SSH-2 packet immediately, without queuing or deferring.
2036 */
2037 static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
2038 {
2039 int len;
2040 int backlog;
2041 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC)) {
2042 /* We need to send two packets, so use the deferral mechanism. */
2043 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
2044 ssh_pkt_defersend(ssh);
2045 return;
2046 }
2047 len = ssh2_pkt_construct(ssh, pkt);
2048 backlog = s_write(ssh, pkt->data, len);
2049 if (backlog > SSH_MAX_BACKLOG)
2050 ssh_throttle_all(ssh, 1, backlog);
2051
2052 ssh->outgoing_data_size += pkt->encrypted_len;
2053 if (!ssh->kex_in_progress &&
2054 ssh->max_data_size != 0 &&
2055 ssh->outgoing_data_size > ssh->max_data_size)
2056 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
2057
2058 ssh_free_packet(pkt);
2059 }
2060
2061 /*
2062 * Defer an SSH-2 packet.
2063 */
2064 static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)
2065 {
2066 int len;
2067 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC) &&
2068 ssh->deferred_len == 0 && !noignore &&
2069 !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
2070 /*
2071 * Interpose an SSH_MSG_IGNORE to ensure that user data don't
2072 * get encrypted with a known IV.
2073 */
2074 struct Packet *ipkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2075 ssh2_pkt_addstring_start(ipkt);
2076 ssh2_pkt_defer_noqueue(ssh, ipkt, TRUE);
2077 }
2078 len = ssh2_pkt_construct(ssh, pkt);
2079 if (ssh->deferred_len + len > ssh->deferred_size) {
2080 ssh->deferred_size = ssh->deferred_len + len + 128;
2081 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
2082 ssh->deferred_size,
2083 unsigned char);
2084 }
2085 memcpy(ssh->deferred_send_data + ssh->deferred_len, pkt->data, len);
2086 ssh->deferred_len += len;
2087 ssh->deferred_data_size += pkt->encrypted_len;
2088 ssh_free_packet(pkt);
2089 }
2090
2091 /*
2092 * Queue an SSH-2 packet.
2093 */
2094 static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
2095 {
2096 assert(ssh->queueing);
2097
2098 if (ssh->queuelen >= ssh->queuesize) {
2099 ssh->queuesize = ssh->queuelen + 32;
2100 ssh->queue = sresize(ssh->queue, ssh->queuesize, struct Packet *);
2101 }
2102
2103 ssh->queue[ssh->queuelen++] = pkt;
2104 }
2105
2106 /*
2107 * Either queue or send a packet, depending on whether queueing is
2108 * set.
2109 */
2110 static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt)
2111 {
2112 if (ssh->queueing)
2113 ssh2_pkt_queue(ssh, pkt);
2114 else
2115 ssh2_pkt_send_noqueue(ssh, pkt);
2116 }
2117
2118 /*
2119 * Either queue or defer a packet, depending on whether queueing is
2120 * set.
2121 */
2122 static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
2123 {
2124 if (ssh->queueing)
2125 ssh2_pkt_queue(ssh, pkt);
2126 else
2127 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
2128 }
2129
2130 /*
2131 * Send the whole deferred data block constructed by
2132 * ssh2_pkt_defer() or SSH-1's defer_packet().
2133 *
2134 * The expected use of the defer mechanism is that you call
2135 * ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
2136 * not currently queueing, this simply sets up deferred_send_data
2137 * and then sends it. If we _are_ currently queueing, the calls to
2138 * ssh2_pkt_defer() put the deferred packets on to the queue
2139 * instead, and therefore ssh_pkt_defersend() has no deferred data
2140 * to send. Hence, there's no need to make it conditional on
2141 * ssh->queueing.
2142 */
2143 static void ssh_pkt_defersend(Ssh ssh)
2144 {
2145 int backlog;
2146 backlog = s_write(ssh, ssh->deferred_send_data, ssh->deferred_len);
2147 ssh->deferred_len = ssh->deferred_size = 0;
2148 sfree(ssh->deferred_send_data);
2149 ssh->deferred_send_data = NULL;
2150 if (backlog > SSH_MAX_BACKLOG)
2151 ssh_throttle_all(ssh, 1, backlog);
2152
2153 ssh->outgoing_data_size += ssh->deferred_data_size;
2154 if (!ssh->kex_in_progress &&
2155 ssh->max_data_size != 0 &&
2156 ssh->outgoing_data_size > ssh->max_data_size)
2157 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
2158 ssh->deferred_data_size = 0;
2159 }
2160
2161 /*
2162 * Send a packet whose length needs to be disguised (typically
2163 * passwords or keyboard-interactive responses).
2164 */
2165 static void ssh2_pkt_send_with_padding(Ssh ssh, struct Packet *pkt,
2166 int padsize)
2167 {
2168 #if 0
2169 if (0) {
2170 /*
2171 * The simplest way to do this is to adjust the
2172 * variable-length padding field in the outgoing packet.
2173 *
2174 * Currently compiled out, because some Cisco SSH servers
2175 * don't like excessively padded packets (bah, why's it
2176 * always Cisco?)
2177 */
2178 pkt->forcepad = padsize;
2179 ssh2_pkt_send(ssh, pkt);
2180 } else
2181 #endif
2182 {
2183 /*
2184 * If we can't do that, however, an alternative approach is
2185 * to use the pkt_defer mechanism to bundle the packet
2186 * tightly together with an SSH_MSG_IGNORE such that their
2187 * combined length is a constant. So first we construct the
2188 * final form of this packet and defer its sending.
2189 */
2190 ssh2_pkt_defer(ssh, pkt);
2191
2192 /*
2193 * Now construct an SSH_MSG_IGNORE which includes a string
2194 * that's an exact multiple of the cipher block size. (If
2195 * the cipher is NULL so that the block size is
2196 * unavailable, we don't do this trick at all, because we
2197 * gain nothing by it.)
2198 */
2199 if (ssh->cscipher &&
2200 !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
2201 int stringlen, i;
2202
2203 stringlen = (256 - ssh->deferred_len);
2204 stringlen += ssh->cscipher->blksize - 1;
2205 stringlen -= (stringlen % ssh->cscipher->blksize);
2206 if (ssh->cscomp) {
2207 /*
2208 * Temporarily disable actual compression, so we
2209 * can guarantee to get this string exactly the
2210 * length we want it. The compression-disabling
2211 * routine should return an integer indicating how
2212 * many bytes we should adjust our string length
2213 * by.
2214 */
2215 stringlen -=
2216 ssh->cscomp->disable_compression(ssh->cs_comp_ctx);
2217 }
2218 pkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2219 ssh2_pkt_addstring_start(pkt);
2220 for (i = 0; i < stringlen; i++) {
2221 char c = (char) random_byte();
2222 ssh2_pkt_addstring_data(pkt, &c, 1);
2223 }
2224 ssh2_pkt_defer(ssh, pkt);
2225 }
2226 ssh_pkt_defersend(ssh);
2227 }
2228 }
2229
2230 /*
2231 * Send all queued SSH-2 packets. We send them by means of
2232 * ssh2_pkt_defer_noqueue(), in case they included a pair of
2233 * packets that needed to be lumped together.
2234 */
2235 static void ssh2_pkt_queuesend(Ssh ssh)
2236 {
2237 int i;
2238
2239 assert(!ssh->queueing);
2240
2241 for (i = 0; i < ssh->queuelen; i++)
2242 ssh2_pkt_defer_noqueue(ssh, ssh->queue[i], FALSE);
2243 ssh->queuelen = 0;
2244
2245 ssh_pkt_defersend(ssh);
2246 }
2247
2248 #if 0
2249 void bndebug(char *string, Bignum b)
2250 {
2251 unsigned char *p;
2252 int i, len;
2253 p = ssh2_mpint_fmt(b, &len);
2254 debug(("%s", string));
2255 for (i = 0; i < len; i++)
2256 debug((" %02x", p[i]));
2257 debug(("\n"));
2258 sfree(p);
2259 }
2260 #endif
2261
2262 static void hash_mpint(const struct ssh_hash *h, void *s, Bignum b)
2263 {
2264 unsigned char *p;
2265 int len;
2266 p = ssh2_mpint_fmt(b, &len);
2267 hash_string(h, s, p, len);
2268 sfree(p);
2269 }
2270
2271 /*
2272 * Packet decode functions for both SSH-1 and SSH-2.
2273 */
2274 static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
2275 {
2276 unsigned long value;
2277 if (pkt->length - pkt->savedpos < 4)
2278 return 0; /* arrgh, no way to decline (FIXME?) */
2279 value = GET_32BIT(pkt->body + pkt->savedpos);
2280 pkt->savedpos += 4;
2281 return value;
2282 }
2283 static int ssh2_pkt_getbool(struct Packet *pkt)
2284 {
2285 unsigned long value;
2286 if (pkt->length - pkt->savedpos < 1)
2287 return 0; /* arrgh, no way to decline (FIXME?) */
2288 value = pkt->body[pkt->savedpos] != 0;
2289 pkt->savedpos++;
2290 return value;
2291 }
2292 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length)
2293 {
2294 int len;
2295 *p = NULL;
2296 *length = 0;
2297 if (pkt->length - pkt->savedpos < 4)
2298 return;
2299 len = GET_32BIT(pkt->body + pkt->savedpos);
2300 if (len < 0)
2301 return;
2302 *length = len;
2303 pkt->savedpos += 4;
2304 if (pkt->length - pkt->savedpos < *length)
2305 return;
2306 *p = (char *)(pkt->body + pkt->savedpos);
2307 pkt->savedpos += *length;
2308 }
2309 static void *ssh_pkt_getdata(struct Packet *pkt, int length)
2310 {
2311 if (pkt->length - pkt->savedpos < length)
2312 return NULL;
2313 pkt->savedpos += length;
2314 return pkt->body + (pkt->savedpos - length);
2315 }
2316 static int ssh1_pkt_getrsakey(struct Packet *pkt, struct RSAKey *key,
2317 unsigned char **keystr)
2318 {
2319 int j;
2320
2321 j = makekey(pkt->body + pkt->savedpos,
2322 pkt->length - pkt->savedpos,
2323 key, keystr, 0);
2324
2325 if (j < 0)
2326 return FALSE;
2327
2328 pkt->savedpos += j;
2329 assert(pkt->savedpos < pkt->length);
2330
2331 return TRUE;
2332 }
2333 static Bignum ssh1_pkt_getmp(struct Packet *pkt)
2334 {
2335 int j;
2336 Bignum b;
2337
2338 j = ssh1_read_bignum(pkt->body + pkt->savedpos,
2339 pkt->length - pkt->savedpos, &b);
2340
2341 if (j < 0)
2342 return NULL;
2343
2344 pkt->savedpos += j;
2345 return b;
2346 }
2347 static Bignum ssh2_pkt_getmp(struct Packet *pkt)
2348 {
2349 char *p;
2350 int length;
2351 Bignum b;
2352
2353 ssh_pkt_getstring(pkt, &p, &length);
2354 if (!p)
2355 return NULL;
2356 if (p[0] & 0x80)
2357 return NULL;
2358 b = bignum_from_bytes((unsigned char *)p, length);
2359 return b;
2360 }
2361
2362 /*
2363 * Helper function to add an SSH-2 signature blob to a packet.
2364 * Expects to be shown the public key blob as well as the signature
2365 * blob. Normally works just like ssh2_pkt_addstring, but will
2366 * fiddle with the signature packet if necessary for
2367 * BUG_SSH2_RSA_PADDING.
2368 */
2369 static void ssh2_add_sigblob(Ssh ssh, struct Packet *pkt,
2370 void *pkblob_v, int pkblob_len,
2371 void *sigblob_v, int sigblob_len)
2372 {
2373 unsigned char *pkblob = (unsigned char *)pkblob_v;
2374 unsigned char *sigblob = (unsigned char *)sigblob_v;
2375
2376 /* dmemdump(pkblob, pkblob_len); */
2377 /* dmemdump(sigblob, sigblob_len); */
2378
2379 /*
2380 * See if this is in fact an ssh-rsa signature and a buggy
2381 * server; otherwise we can just do this the easy way.
2382 */
2383 if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) &&
2384 (GET_32BIT(pkblob) == 7 && !memcmp(pkblob+4, "ssh-rsa", 7))) {
2385 int pos, len, siglen;
2386
2387 /*
2388 * Find the byte length of the modulus.
2389 */
2390
2391 pos = 4+7; /* skip over "ssh-rsa" */
2392 pos += 4 + GET_32BIT(pkblob+pos); /* skip over exponent */
2393 len = GET_32BIT(pkblob+pos); /* find length of modulus */
2394 pos += 4; /* find modulus itself */
2395 while (len > 0 && pkblob[pos] == 0)
2396 len--, pos++;
2397 /* debug(("modulus length is %d\n", len)); */
2398
2399 /*
2400 * Now find the signature integer.
2401 */
2402 pos = 4+7; /* skip over "ssh-rsa" */
2403 siglen = GET_32BIT(sigblob+pos);
2404 /* debug(("signature length is %d\n", siglen)); */
2405
2406 if (len != siglen) {
2407 unsigned char newlen[4];
2408 ssh2_pkt_addstring_start(pkt);
2409 ssh2_pkt_addstring_data(pkt, (char *)sigblob, pos);
2410 /* dmemdump(sigblob, pos); */
2411 pos += 4; /* point to start of actual sig */
2412 PUT_32BIT(newlen, len);
2413 ssh2_pkt_addstring_data(pkt, (char *)newlen, 4);
2414 /* dmemdump(newlen, 4); */
2415 newlen[0] = 0;
2416 while (len-- > siglen) {
2417 ssh2_pkt_addstring_data(pkt, (char *)newlen, 1);
2418 /* dmemdump(newlen, 1); */
2419 }
2420 ssh2_pkt_addstring_data(pkt, (char *)(sigblob+pos), siglen);
2421 /* dmemdump(sigblob+pos, siglen); */
2422 return;
2423 }
2424
2425 /* Otherwise fall through and do it the easy way. */
2426 }
2427
2428 ssh2_pkt_addstring_start(pkt);
2429 ssh2_pkt_addstring_data(pkt, (char *)sigblob, sigblob_len);
2430 }
2431
2432 /*
2433 * Examine the remote side's version string and compare it against
2434 * a list of known buggy implementations.
2435 */
2436 static void ssh_detect_bugs(Ssh ssh, char *vstring)
2437 {
2438 char *imp; /* pointer to implementation part */
2439 imp = vstring;
2440 imp += strcspn(imp, "-");
2441 if (*imp) imp++;
2442 imp += strcspn(imp, "-");
2443 if (*imp) imp++;
2444
2445 ssh->remote_bugs = 0;
2446
2447 /*
2448 * General notes on server version strings:
2449 * - Not all servers reporting "Cisco-1.25" have all the bugs listed
2450 * here -- in particular, we've heard of one that's perfectly happy
2451 * with SSH1_MSG_IGNOREs -- but this string never seems to change,
2452 * so we can't distinguish them.
2453 */
2454 if (conf_get_int(ssh->conf, CONF_sshbug_ignore1) == FORCE_ON ||
2455 (conf_get_int(ssh->conf, CONF_sshbug_ignore1) == AUTO &&
2456 (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
2457 !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
2458 !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
2459 !strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
2460 /*
2461 * These versions don't support SSH1_MSG_IGNORE, so we have
2462 * to use a different defence against password length
2463 * sniffing.
2464 */
2465 ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
2466 logevent("We believe remote version has SSH-1 ignore bug");
2467 }
2468
2469 if (conf_get_int(ssh->conf, CONF_sshbug_plainpw1) == FORCE_ON ||
2470 (conf_get_int(ssh->conf, CONF_sshbug_plainpw1) == AUTO &&
2471 (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
2472 /*
2473 * These versions need a plain password sent; they can't
2474 * handle having a null and a random length of data after
2475 * the password.
2476 */
2477 ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
2478 logevent("We believe remote version needs a plain SSH-1 password");
2479 }
2480
2481 if (conf_get_int(ssh->conf, CONF_sshbug_rsa1) == FORCE_ON ||
2482 (conf_get_int(ssh->conf, CONF_sshbug_rsa1) == AUTO &&
2483 (!strcmp(imp, "Cisco-1.25")))) {
2484 /*
2485 * These versions apparently have no clue whatever about
2486 * RSA authentication and will panic and die if they see
2487 * an AUTH_RSA message.
2488 */
2489 ssh->remote_bugs |= BUG_CHOKES_ON_RSA;
2490 logevent("We believe remote version can't handle SSH-1 RSA authentication");
2491 }
2492
2493 if (conf_get_int(ssh->conf, CONF_sshbug_hmac2) == FORCE_ON ||
2494 (conf_get_int(ssh->conf, CONF_sshbug_hmac2) == AUTO &&
2495 !wc_match("* VShell", imp) &&
2496 (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
2497 wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
2498 wc_match("2.1 *", imp)))) {
2499 /*
2500 * These versions have the HMAC bug.
2501 */
2502 ssh->remote_bugs |= BUG_SSH2_HMAC;
2503 logevent("We believe remote version has SSH-2 HMAC bug");
2504 }
2505
2506 if (conf_get_int(ssh->conf, CONF_sshbug_derivekey2) == FORCE_ON ||
2507 (conf_get_int(ssh->conf, CONF_sshbug_derivekey2) == AUTO &&
2508 !wc_match("* VShell", imp) &&
2509 (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
2510 /*
2511 * These versions have the key-derivation bug (failing to
2512 * include the literal shared secret in the hashes that
2513 * generate the keys).
2514 */
2515 ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
2516 logevent("We believe remote version has SSH-2 key-derivation bug");
2517 }
2518
2519 if (conf_get_int(ssh->conf, CONF_sshbug_rsapad2) == FORCE_ON ||
2520 (conf_get_int(ssh->conf, CONF_sshbug_rsapad2) == AUTO &&
2521 (wc_match("OpenSSH_2.[5-9]*", imp) ||
2522 wc_match("OpenSSH_3.[0-2]*", imp)))) {
2523 /*
2524 * These versions have the SSH-2 RSA padding bug.
2525 */
2526 ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
2527 logevent("We believe remote version has SSH-2 RSA padding bug");
2528 }
2529
2530 if (conf_get_int(ssh->conf, CONF_sshbug_pksessid2) == FORCE_ON ||
2531 (conf_get_int(ssh->conf, CONF_sshbug_pksessid2) == AUTO &&
2532 wc_match("OpenSSH_2.[0-2]*", imp))) {
2533 /*
2534 * These versions have the SSH-2 session-ID bug in
2535 * public-key authentication.
2536 */
2537 ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
2538 logevent("We believe remote version has SSH-2 public-key-session-ID bug");
2539 }
2540
2541 if (conf_get_int(ssh->conf, CONF_sshbug_rekey2) == FORCE_ON ||
2542 (conf_get_int(ssh->conf, CONF_sshbug_rekey2) == AUTO &&
2543 (wc_match("DigiSSH_2.0", imp) ||
2544 wc_match("OpenSSH_2.[0-4]*", imp) ||
2545 wc_match("OpenSSH_2.5.[0-3]*", imp) ||
2546 wc_match("Sun_SSH_1.0", imp) ||
2547 wc_match("Sun_SSH_1.0.1", imp) ||
2548 /* All versions <= 1.2.6 (they changed their format in 1.2.7) */
2549 wc_match("WeOnlyDo-*", imp)))) {
2550 /*
2551 * These versions have the SSH-2 rekey bug.
2552 */
2553 ssh->remote_bugs |= BUG_SSH2_REKEY;
2554 logevent("We believe remote version has SSH-2 rekey bug");
2555 }
2556
2557 if (conf_get_int(ssh->conf, CONF_sshbug_maxpkt2) == FORCE_ON ||
2558 (conf_get_int(ssh->conf, CONF_sshbug_maxpkt2) == AUTO &&
2559 (wc_match("1.36_sshlib GlobalSCAPE", imp) ||
2560 wc_match("1.36 sshlib: GlobalScape", imp)))) {
2561 /*
2562 * This version ignores our makpkt and needs to be throttled.
2563 */
2564 ssh->remote_bugs |= BUG_SSH2_MAXPKT;
2565 logevent("We believe remote version ignores SSH-2 maximum packet size");
2566 }
2567
2568 if (conf_get_int(ssh->conf, CONF_sshbug_ignore2) == FORCE_ON) {
2569 /*
2570 * Servers that don't support SSH2_MSG_IGNORE. Currently,
2571 * none detected automatically.
2572 */
2573 ssh->remote_bugs |= BUG_CHOKES_ON_SSH2_IGNORE;
2574 logevent("We believe remote version has SSH-2 ignore bug");
2575 }
2576 }
2577
2578 /*
2579 * The `software version' part of an SSH version string is required
2580 * to contain no spaces or minus signs.
2581 */
2582 static void ssh_fix_verstring(char *str)
2583 {
2584 /* Eat "SSH-<protoversion>-". */
2585 assert(*str == 'S'); str++;
2586 assert(*str == 'S'); str++;
2587 assert(*str == 'H'); str++;
2588 assert(*str == '-'); str++;
2589 while (*str && *str != '-') str++;
2590 assert(*str == '-'); str++;
2591
2592 /* Convert minus signs and spaces in the remaining string into
2593 * underscores. */
2594 while (*str) {
2595 if (*str == '-' || *str == ' ')
2596 *str = '_';
2597 str++;
2598 }
2599 }
2600
2601 /*
2602 * Send an appropriate SSH version string.
2603 */
2604 static void ssh_send_verstring(Ssh ssh, char *svers)
2605 {
2606 char *verstring;
2607
2608 if (ssh->version == 2) {
2609 /*
2610 * Construct a v2 version string.
2611 */
2612 verstring = dupprintf("SSH-2.0-%s\015\012", sshver);
2613 } else {
2614 /*
2615 * Construct a v1 version string.
2616 */
2617 verstring = dupprintf("SSH-%s-%s\012",
2618 (ssh_versioncmp(svers, "1.5") <= 0 ?
2619 svers : "1.5"),
2620 sshver);
2621 }
2622
2623 ssh_fix_verstring(verstring);
2624
2625 if (ssh->version == 2) {
2626 size_t len;
2627 /*
2628 * Record our version string.
2629 */
2630 len = strcspn(verstring, "\015\012");
2631 ssh->v_c = snewn(len + 1, char);
2632 memcpy(ssh->v_c, verstring, len);
2633 ssh->v_c[len] = 0;
2634 }
2635
2636 logeventf(ssh, "We claim version: %.*s",
2637 strcspn(verstring, "\015\012"), verstring);
2638 s_write(ssh, verstring, strlen(verstring));
2639 sfree(verstring);
2640 }
2641
2642 static int do_ssh_init(Ssh ssh, unsigned char c)
2643 {
2644 struct do_ssh_init_state {
2645 int vslen;
2646 char version[10];
2647 char *vstring;
2648 int vstrsize;
2649 int i;
2650 int proto1, proto2;
2651 };
2652 crState(do_ssh_init_state);
2653
2654 crBegin(ssh->do_ssh_init_crstate);
2655
2656 /* Search for a line beginning with the string "SSH-" in the input. */
2657 for (;;) {
2658 if (c != 'S') goto no;
2659 crReturn(1);
2660 if (c != 'S') goto no;
2661 crReturn(1);
2662 if (c != 'H') goto no;
2663 crReturn(1);
2664 if (c != '-') goto no;
2665 break;
2666 no:
2667 while (c != '\012')
2668 crReturn(1);
2669 crReturn(1);
2670 }
2671
2672 s->vstrsize = 16;
2673 s->vstring = snewn(s->vstrsize, char);
2674 strcpy(s->vstring, "SSH-");
2675 s->vslen = 4;
2676 s->i = 0;
2677 while (1) {
2678 crReturn(1); /* get another char */
2679 if (s->vslen >= s->vstrsize - 1) {
2680 s->vstrsize += 16;
2681 s->vstring = sresize(s->vstring, s->vstrsize, char);
2682 }
2683 s->vstring[s->vslen++] = c;
2684 if (s->i >= 0) {
2685 if (c == '-') {
2686 s->version[s->i] = '\0';
2687 s->i = -1;
2688 } else if (s->i < sizeof(s->version) - 1)
2689 s->version[s->i++] = c;
2690 } else if (c == '\012')
2691 break;
2692 }
2693
2694 ssh->agentfwd_enabled = FALSE;
2695 ssh->rdpkt2_state.incoming_sequence = 0;
2696
2697 s->vstring[s->vslen] = 0;
2698 s->vstring[strcspn(s->vstring, "\015\012")] = '\0';/* remove EOL chars */
2699 logeventf(ssh, "Server version: %s", s->vstring);
2700 ssh_detect_bugs(ssh, s->vstring);
2701
2702 /*
2703 * Decide which SSH protocol version to support.
2704 */
2705
2706 /* Anything strictly below "2.0" means protocol 1 is supported. */
2707 s->proto1 = ssh_versioncmp(s->version, "2.0") < 0;
2708 /* Anything greater or equal to "1.99" means protocol 2 is supported. */
2709 s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
2710
2711 if (conf_get_int(ssh->conf, CONF_sshprot) == 0 && !s->proto1) {
2712 bombout(("SSH protocol version 1 required by user but not provided by server"));
2713 crStop(0);
2714 }
2715 if (conf_get_int(ssh->conf, CONF_sshprot) == 3 && !s->proto2) {
2716 bombout(("SSH protocol version 2 required by user but not provided by server"));
2717 crStop(0);
2718 }
2719
2720 if (s->proto2 && (conf_get_int(ssh->conf, CONF_sshprot) >= 2 || !s->proto1))
2721 ssh->version = 2;
2722 else
2723 ssh->version = 1;
2724
2725 logeventf(ssh, "Using SSH protocol version %d", ssh->version);
2726
2727 /* Send the version string, if we haven't already */
2728 if (conf_get_int(ssh->conf, CONF_sshprot) != 3)
2729 ssh_send_verstring(ssh, s->version);
2730
2731 if (ssh->version == 2) {
2732 size_t len;
2733 /*
2734 * Record their version string.
2735 */
2736 len = strcspn(s->vstring, "\015\012");
2737 ssh->v_s = snewn(len + 1, char);
2738 memcpy(ssh->v_s, s->vstring, len);
2739 ssh->v_s[len] = 0;
2740
2741 /*
2742 * Initialise SSH-2 protocol.
2743 */
2744 ssh->protocol = ssh2_protocol;
2745 ssh2_protocol_setup(ssh);
2746 ssh->s_rdpkt = ssh2_rdpkt;
2747 } else {
2748 /*
2749 * Initialise SSH-1 protocol.
2750 */
2751 ssh->protocol = ssh1_protocol;
2752 ssh1_protocol_setup(ssh);
2753 ssh->s_rdpkt = ssh1_rdpkt;
2754 }
2755 if (ssh->version == 2)
2756 do_ssh2_transport(ssh, NULL, -1, NULL);
2757
2758 update_specials_menu(ssh->frontend);
2759 ssh->state = SSH_STATE_BEFORE_SIZE;
2760 ssh->pinger = pinger_new(ssh->conf, &ssh_backend, ssh);
2761
2762 sfree(s->vstring);
2763
2764 crFinish(0);
2765 }
2766
2767 static void ssh_process_incoming_data(Ssh ssh,
2768 unsigned char **data, int *datalen)
2769 {
2770 struct Packet *pktin;
2771
2772 pktin = ssh->s_rdpkt(ssh, data, datalen);
2773 if (pktin) {
2774 ssh->protocol(ssh, NULL, 0, pktin);
2775 ssh_free_packet(pktin);
2776 }
2777 }
2778
2779 static void ssh_queue_incoming_data(Ssh ssh,
2780 unsigned char **data, int *datalen)
2781 {
2782 bufchain_add(&ssh->queued_incoming_data, *data, *datalen);
2783 *data += *datalen;
2784 *datalen = 0;
2785 }
2786
2787 static void ssh_process_queued_incoming_data(Ssh ssh)
2788 {
2789 void *vdata;
2790 unsigned char *data;
2791 int len, origlen;
2792
2793 while (!ssh->frozen && bufchain_size(&ssh->queued_incoming_data)) {
2794 bufchain_prefix(&ssh->queued_incoming_data, &vdata, &len);
2795 data = vdata;
2796 origlen = len;
2797
2798 while (!ssh->frozen && len > 0)
2799 ssh_process_incoming_data(ssh, &data, &len);
2800
2801 if (origlen > len)
2802 bufchain_consume(&ssh->queued_incoming_data, origlen - len);
2803 }
2804 }
2805
2806 static void ssh_set_frozen(Ssh ssh, int frozen)
2807 {
2808 if (ssh->s)
2809 sk_set_frozen(ssh->s, frozen);
2810 ssh->frozen = frozen;
2811 }
2812
2813 static void ssh_gotdata(Ssh ssh, unsigned char *data, int datalen)
2814 {
2815 /* Log raw data, if we're in that mode. */
2816 if (ssh->logctx)
2817 log_packet(ssh->logctx, PKT_INCOMING, -1, NULL, data, datalen,
2818 0, NULL, NULL);
2819
2820 crBegin(ssh->ssh_gotdata_crstate);
2821
2822 /*
2823 * To begin with, feed the characters one by one to the
2824 * protocol initialisation / selection function do_ssh_init().
2825 * When that returns 0, we're done with the initial greeting
2826 * exchange and can move on to packet discipline.
2827 */
2828 while (1) {
2829 int ret; /* need not be kept across crReturn */
2830 if (datalen == 0)
2831 crReturnV; /* more data please */
2832 ret = do_ssh_init(ssh, *data);
2833 data++;
2834 datalen--;
2835 if (ret == 0)
2836 break;
2837 }
2838
2839 /*
2840 * We emerge from that loop when the initial negotiation is
2841 * over and we have selected an s_rdpkt function. Now pass
2842 * everything to s_rdpkt, and then pass the resulting packets
2843 * to the proper protocol handler.
2844 */
2845
2846 while (1) {
2847 while (bufchain_size(&ssh->queued_incoming_data) > 0 || datalen > 0) {
2848 if (ssh->frozen) {
2849 ssh_queue_incoming_data(ssh, &data, &datalen);
2850 /* This uses up all data and cannot cause anything interesting
2851 * to happen; indeed, for anything to happen at all, we must
2852 * return, so break out. */
2853 break;
2854 } else if (bufchain_size(&ssh->queued_incoming_data) > 0) {
2855 /* This uses up some or all data, and may freeze the
2856 * session. */
2857 ssh_process_queued_incoming_data(ssh);
2858 } else {
2859 /* This uses up some or all data, and may freeze the
2860 * session. */
2861 ssh_process_incoming_data(ssh, &data, &datalen);
2862 }
2863 /* FIXME this is probably EBW. */
2864 if (ssh->state == SSH_STATE_CLOSED)
2865 return;
2866 }
2867 /* We're out of data. Go and get some more. */
2868 crReturnV;
2869 }
2870 crFinishV;
2871 }
2872
2873 static int ssh_do_close(Ssh ssh, int notify_exit)
2874 {
2875 int ret = 0;
2876 struct ssh_channel *c;
2877
2878 ssh->state = SSH_STATE_CLOSED;
2879 expire_timer_context(ssh);
2880 if (ssh->s) {
2881 sk_close(ssh->s);
2882 ssh->s = NULL;
2883 if (notify_exit)
2884 notify_remote_exit(ssh->frontend);
2885 else
2886 ret = 1;
2887 }
2888 /*
2889 * Now we must shut down any port- and X-forwarded channels going
2890 * through this connection.
2891 */
2892 if (ssh->channels) {
2893 while (NULL != (c = index234(ssh->channels, 0))) {
2894 switch (c->type) {
2895 case CHAN_X11:
2896 x11_close(c->u.x11.s);
2897 break;
2898 case CHAN_SOCKDATA:
2899 case CHAN_SOCKDATA_DORMANT:
2900 pfd_close(c->u.pfd.s);
2901 break;
2902 }
2903 del234(ssh->channels, c); /* moving next one to index 0 */
2904 if (ssh->version == 2)
2905 bufchain_clear(&c->v.v2.outbuffer);
2906 sfree(c);
2907 }
2908 }
2909 /*
2910 * Go through port-forwardings, and close any associated
2911 * listening sockets.
2912 */
2913 if (ssh->portfwds) {
2914 struct ssh_portfwd *pf;
2915 while (NULL != (pf = index234(ssh->portfwds, 0))) {
2916 /* Dispose of any listening socket. */
2917 if (pf->local)
2918 pfd_terminate(pf->local);
2919 del234(ssh->portfwds, pf); /* moving next one to index 0 */
2920 free_portfwd(pf);
2921 }
2922 freetree234(ssh->portfwds);
2923 ssh->portfwds = NULL;
2924 }
2925
2926 return ret;
2927 }
2928
2929 static void ssh_log(Plug plug, int type, SockAddr addr, int port,
2930 const char *error_msg, int error_code)
2931 {
2932 Ssh ssh = (Ssh) plug;
2933 char addrbuf[256], *msg;
2934
2935 sk_getaddr(addr, addrbuf, lenof(addrbuf));
2936
2937 if (type == 0)
2938 msg = dupprintf("Connecting to %s port %d", addrbuf, port);
2939 else
2940 msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg);
2941
2942 logevent(msg);
2943 sfree(msg);
2944 }
2945
2946 static int ssh_closing(Plug plug, const char *error_msg, int error_code,
2947 int calling_back)
2948 {
2949 Ssh ssh = (Ssh) plug;
2950 int need_notify = ssh_do_close(ssh, FALSE);
2951
2952 if (!error_msg) {
2953 if (!ssh->close_expected)
2954 error_msg = "Server unexpectedly closed network connection";
2955 else
2956 error_msg = "Server closed network connection";
2957 }
2958
2959 if (ssh->close_expected && ssh->clean_exit && ssh->exitcode < 0)
2960 ssh->exitcode = 0;
2961
2962 if (need_notify)
2963 notify_remote_exit(ssh->frontend);
2964
2965 if (error_msg)
2966 logevent(error_msg);
2967 if (!ssh->close_expected || !ssh->clean_exit)
2968 connection_fatal(ssh->frontend, "%s", error_msg);
2969 return 0;
2970 }
2971
2972 static int ssh_receive(Plug plug, int urgent, char *data, int len)
2973 {
2974 Ssh ssh = (Ssh) plug;
2975 ssh_gotdata(ssh, (unsigned char *)data, len);
2976 if (ssh->state == SSH_STATE_CLOSED) {
2977 ssh_do_close(ssh, TRUE);
2978 return 0;
2979 }
2980 return 1;
2981 }
2982
2983 static void ssh_sent(Plug plug, int bufsize)
2984 {
2985 Ssh ssh = (Ssh) plug;
2986 /*
2987 * If the send backlog on the SSH socket itself clears, we
2988 * should unthrottle the whole world if it was throttled.
2989 */
2990 if (bufsize < SSH_MAX_BACKLOG)
2991 ssh_throttle_all(ssh, 0, bufsize);
2992 }
2993
2994 /*
2995 * Connect to specified host and port.
2996 * Returns an error message, or NULL on success.
2997 * Also places the canonical host name into `realhost'. It must be
2998 * freed by the caller.
2999 */
3000 static const char *connect_to_host(Ssh ssh, char *host, int port,
3001 char **realhost, int nodelay, int keepalive)
3002 {
3003 static const struct plug_function_table fn_table = {
3004 ssh_log,
3005 ssh_closing,
3006 ssh_receive,
3007 ssh_sent,
3008 NULL
3009 };
3010
3011 SockAddr addr;
3012 const char *err;
3013 char *loghost;
3014 int addressfamily, sshprot;
3015
3016 loghost = conf_get_str(ssh->conf, CONF_loghost);
3017 if (*loghost) {
3018 char *colon;
3019
3020 ssh->savedhost = dupstr(loghost);
3021 ssh->savedport = 22; /* default ssh port */
3022
3023 /*
3024 * A colon suffix on savedhost also lets us affect
3025 * savedport.
3026 *
3027 * (FIXME: do something about IPv6 address literals here.)
3028 */
3029 colon = strrchr(ssh->savedhost, ':');
3030 if (colon) {
3031 *colon++ = '\0';
3032 if (*colon)
3033 ssh->savedport = atoi(colon);
3034 }
3035 } else {
3036 ssh->savedhost = dupstr(host);
3037 if (port < 0)
3038 port = 22; /* default ssh port */
3039 ssh->savedport = port;
3040 }
3041
3042 /*
3043 * Try to find host.
3044 */
3045 addressfamily = conf_get_int(ssh->conf, CONF_addressfamily);
3046 logeventf(ssh, "Looking up host \"%s\"%s", host,
3047 (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
3048 (addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
3049 addr = name_lookup(host, port, realhost, ssh->conf, addressfamily);
3050 if ((err = sk_addr_error(addr)) != NULL) {
3051 sk_addr_free(addr);
3052 return err;
3053 }
3054 ssh->fullhostname = dupstr(*realhost); /* save in case of GSSAPI */
3055
3056 /*
3057 * Open socket.
3058 */
3059 ssh->fn = &fn_table;
3060 ssh->s = new_connection(addr, *realhost, port,
3061 0, 1, nodelay, keepalive, (Plug) ssh, ssh->conf);
3062 if ((err = sk_socket_error(ssh->s)) != NULL) {
3063 ssh->s = NULL;
3064 notify_remote_exit(ssh->frontend);
3065 return err;
3066 }
3067
3068 /*
3069 * If the SSH version number's fixed, set it now, and if it's SSH-2,
3070 * send the version string too.
3071 */
3072 sshprot = conf_get_int(ssh->conf, CONF_sshprot);
3073 if (sshprot == 0)
3074 ssh->version = 1;
3075 if (sshprot == 3) {
3076 ssh->version = 2;
3077 ssh_send_verstring(ssh, NULL);
3078 }
3079
3080 /*
3081 * loghost, if configured, overrides realhost.
3082 */
3083 if (*loghost) {
3084 sfree(*realhost);
3085 *realhost = dupstr(loghost);
3086 }
3087
3088 return NULL;
3089 }
3090
3091 /*
3092 * Throttle or unthrottle the SSH connection.
3093 */
3094 static void ssh_throttle_conn(Ssh ssh, int adjust)
3095 {
3096 int old_count = ssh->conn_throttle_count;
3097 ssh->conn_throttle_count += adjust;
3098 assert(ssh->conn_throttle_count >= 0);
3099 if (ssh->conn_throttle_count && !old_count) {
3100 ssh_set_frozen(ssh, 1);
3101 } else if (!ssh->conn_throttle_count && old_count) {
3102 ssh_set_frozen(ssh, 0);
3103 }
3104 }
3105
3106 /*
3107 * Throttle or unthrottle _all_ local data streams (for when sends
3108 * on the SSH connection itself back up).
3109 */
3110 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
3111 {
3112 int i;
3113 struct ssh_channel *c;
3114
3115 if (enable == ssh->throttled_all)
3116 return;
3117 ssh->throttled_all = enable;
3118 ssh->overall_bufsize = bufsize;
3119 if (!ssh->channels)
3120 return;
3121 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
3122 switch (c->type) {
3123 case CHAN_MAINSESSION:
3124 /*
3125 * This is treated separately, outside the switch.
3126 */
3127 break;
3128 case CHAN_X11:
3129 x11_override_throttle(c->u.x11.s, enable);
3130 break;
3131 case CHAN_AGENT:
3132 /* Agent channels require no buffer management. */
3133 break;
3134 case CHAN_SOCKDATA:
3135 pfd_override_throttle(c->u.pfd.s, enable);
3136 break;
3137 }
3138 }
3139 }
3140
3141 static void ssh_agent_callback(void *sshv, void *reply, int replylen)
3142 {
3143 Ssh ssh = (Ssh) sshv;
3144
3145 ssh->agent_response = reply;
3146 ssh->agent_response_len = replylen;
3147
3148 if (ssh->version == 1)
3149 do_ssh1_login(ssh, NULL, -1, NULL);
3150 else
3151 do_ssh2_authconn(ssh, NULL, -1, NULL);
3152 }
3153
3154 static void ssh_dialog_callback(void *sshv, int ret)
3155 {
3156 Ssh ssh = (Ssh) sshv;
3157
3158 ssh->user_response = ret;
3159
3160 if (ssh->version == 1)
3161 do_ssh1_login(ssh, NULL, -1, NULL);
3162 else
3163 do_ssh2_transport(ssh, NULL, -1, NULL);
3164
3165 /*
3166 * This may have unfrozen the SSH connection, so do a
3167 * queued-data run.
3168 */
3169 ssh_process_queued_incoming_data(ssh);
3170 }
3171
3172 static void ssh_agentf_callback(void *cv, void *reply, int replylen)
3173 {
3174 struct ssh_channel *c = (struct ssh_channel *)cv;
3175 Ssh ssh = c->ssh;
3176 void *sentreply = reply;
3177
3178 if (!sentreply) {
3179 /* Fake SSH_AGENT_FAILURE. */
3180 sentreply = "\0\0\0\1\5";
3181 replylen = 5;
3182 }
3183 if (ssh->version == 2) {
3184 ssh2_add_channel_data(c, sentreply, replylen);
3185 ssh2_try_send(c);
3186 } else {
3187 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
3188 PKT_INT, c->remoteid,
3189 PKT_INT, replylen,
3190 PKTT_DATA,
3191 PKT_DATA, sentreply, replylen,
3192 PKTT_OTHER,
3193 PKT_END);
3194 }
3195 if (reply)
3196 sfree(reply);
3197 }
3198
3199 /*
3200 * Client-initiated disconnection. Send a DISCONNECT if `wire_reason'
3201 * non-NULL, otherwise just close the connection. `client_reason' == NULL
3202 * => log `wire_reason'.
3203 */
3204 static void ssh_disconnect(Ssh ssh, char *client_reason, char *wire_reason,
3205 int code, int clean_exit)
3206 {
3207 char *error;
3208 if (!client_reason)
3209 client_reason = wire_reason;
3210 if (client_reason)
3211 error = dupprintf("Disconnected: %s", client_reason);
3212 else
3213 error = dupstr("Disconnected");
3214 if (wire_reason) {
3215 if (ssh->version == 1) {
3216 send_packet(ssh, SSH1_MSG_DISCONNECT, PKT_STR, wire_reason,
3217 PKT_END);
3218 } else if (ssh->version == 2) {
3219 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
3220 ssh2_pkt_adduint32(pktout, code);
3221 ssh2_pkt_addstring(pktout, wire_reason);
3222 ssh2_pkt_addstring(pktout, "en"); /* language tag */
3223 ssh2_pkt_send_noqueue(ssh, pktout);
3224 }
3225 }
3226 ssh->close_expected = TRUE;
3227 ssh->clean_exit = clean_exit;
3228 ssh_closing((Plug)ssh, error, 0, 0);
3229 sfree(error);
3230 }
3231
3232 /*
3233 * Handle the key exchange and user authentication phases.
3234 */
3235 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
3236 struct Packet *pktin)
3237 {
3238 int i, j, ret;
3239 unsigned char cookie[8], *ptr;
3240 struct RSAKey servkey, hostkey;
3241 struct MD5Context md5c;
3242 struct do_ssh1_login_state {
3243 int len;
3244 unsigned char *rsabuf, *keystr1, *keystr2;
3245 unsigned long supported_ciphers_mask, supported_auths_mask;
3246 int tried_publickey, tried_agent;
3247 int tis_auth_refused, ccard_auth_refused;
3248 unsigned char session_id[16];
3249 int cipher_type;
3250 void *publickey_blob;
3251 int publickey_bloblen;
3252 char *publickey_comment;
3253 int publickey_encrypted;
3254 prompts_t *cur_prompt;
3255 char c;
3256 int pwpkt_type;
3257 unsigned char request[5], *response, *p;
3258 int responselen;
3259 int keyi, nkeys;
3260 int authed;
3261 struct RSAKey key;
3262 Bignum challenge;
3263 char *commentp;
3264 int commentlen;
3265 int dlgret;
3266 Filename *keyfile;
3267 };
3268 crState(do_ssh1_login_state);
3269
3270 crBegin(ssh->do_ssh1_login_crstate);
3271
3272 if (!pktin)
3273 crWaitUntil(pktin);
3274
3275 if (pktin->type != SSH1_SMSG_PUBLIC_KEY) {
3276 bombout(("Public key packet not received"));
3277 crStop(0);
3278 }
3279
3280 logevent("Received public keys");
3281
3282 ptr = ssh_pkt_getdata(pktin, 8);
3283 if (!ptr) {
3284 bombout(("SSH-1 public key packet stopped before random cookie"));
3285 crStop(0);
3286 }
3287 memcpy(cookie, ptr, 8);
3288
3289 if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
3290 !ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
3291 bombout(("Failed to read SSH-1 public keys from public key packet"));
3292 crStop(0);
3293 }
3294
3295 /*
3296 * Log the host key fingerprint.
3297 */
3298 {
3299 char logmsg[80];
3300 logevent("Host key fingerprint is:");
3301 strcpy(logmsg, " ");
3302 hostkey.comment = NULL;
3303 rsa_fingerprint(logmsg + strlen(logmsg),
3304 sizeof(logmsg) - strlen(logmsg), &hostkey);
3305 logevent(logmsg);
3306 }
3307
3308 ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
3309 s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
3310 s->supported_auths_mask = ssh_pkt_getuint32(pktin);
3311 if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA))
3312 s->supported_auths_mask &= ~(1 << SSH1_AUTH_RSA);
3313
3314 ssh->v1_local_protoflags =
3315 ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
3316 ssh->v1_local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
3317
3318 MD5Init(&md5c);
3319 MD5Update(&md5c, s->keystr2, hostkey.bytes);
3320 MD5Update(&md5c, s->keystr1, servkey.bytes);
3321 MD5Update(&md5c, cookie, 8);
3322 MD5Final(s->session_id, &md5c);
3323
3324 for (i = 0; i < 32; i++)
3325 ssh->session_key[i] = random_byte();
3326
3327 /*
3328 * Verify that the `bits' and `bytes' parameters match.
3329 */
3330 if (hostkey.bits > hostkey.bytes * 8 ||
3331 servkey.bits > servkey.bytes * 8) {
3332 bombout(("SSH-1 public keys were badly formatted"));
3333 crStop(0);
3334 }
3335
3336 s->len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
3337
3338 s->rsabuf = snewn(s->len, unsigned char);
3339
3340 /*
3341 * Verify the host key.
3342 */
3343 {
3344 /*
3345 * First format the key into a string.
3346 */
3347 int len = rsastr_len(&hostkey);
3348 char fingerprint[100];
3349 char *keystr = snewn(len, char);
3350 rsastr_fmt(keystr, &hostkey);
3351 rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey);
3352
3353 ssh_set_frozen(ssh, 1);
3354 s->dlgret = verify_ssh_host_key(ssh->frontend,
3355 ssh->savedhost, ssh->savedport,
3356 "rsa", keystr, fingerprint,
3357 ssh_dialog_callback, ssh);
3358 sfree(keystr);
3359 if (s->dlgret < 0) {
3360 do {
3361 crReturn(0);
3362 if (pktin) {
3363 bombout(("Unexpected data from server while waiting"
3364 " for user host key response"));
3365 crStop(0);
3366 }
3367 } while (pktin || inlen > 0);
3368 s->dlgret = ssh->user_response;
3369 }
3370 ssh_set_frozen(ssh, 0);
3371
3372 if (s->dlgret == 0) {
3373 ssh_disconnect(ssh, "User aborted at host key verification",
3374 NULL, 0, TRUE);
3375 crStop(0);
3376 }
3377 }
3378
3379 for (i = 0; i < 32; i++) {
3380 s->rsabuf[i] = ssh->session_key[i];
3381 if (i < 16)
3382 s->rsabuf[i] ^= s->session_id[i];
3383 }
3384
3385 if (hostkey.bytes > servkey.bytes) {
3386 ret = rsaencrypt(s->rsabuf, 32, &servkey);
3387 if (ret)
3388 ret = rsaencrypt(s->rsabuf, servkey.bytes, &hostkey);
3389 } else {
3390 ret = rsaencrypt(s->rsabuf, 32, &hostkey);
3391 if (ret)
3392 ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
3393 }
3394 if (!ret) {
3395 bombout(("SSH-1 public key encryptions failed due to bad formatting"));
3396 crStop(0);
3397 }
3398
3399 logevent("Encrypted session key");
3400
3401 {
3402 int cipher_chosen = 0, warn = 0;
3403 char *cipher_string = NULL;
3404 int i;
3405 for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
3406 int next_cipher = conf_get_int_int(ssh->conf,
3407 CONF_ssh_cipherlist, i);
3408 if (next_cipher == CIPHER_WARN) {
3409 /* If/when we choose a cipher, warn about it */
3410 warn = 1;
3411 } else if (next_cipher == CIPHER_AES) {
3412 /* XXX Probably don't need to mention this. */
3413 logevent("AES not supported in SSH-1, skipping");
3414 } else {
3415 switch (next_cipher) {
3416 case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
3417 cipher_string = "3DES"; break;
3418 case CIPHER_BLOWFISH: s->cipher_type = SSH_CIPHER_BLOWFISH;
3419 cipher_string = "Blowfish"; break;
3420 case CIPHER_DES: s->cipher_type = SSH_CIPHER_DES;
3421 cipher_string = "single-DES"; break;
3422 }
3423 if (s->supported_ciphers_mask & (1 << s->cipher_type))
3424 cipher_chosen = 1;
3425 }
3426 }
3427 if (!cipher_chosen) {
3428 if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
3429 bombout(("Server violates SSH-1 protocol by not "
3430 "supporting 3DES encryption"));
3431 else
3432 /* shouldn't happen */
3433 bombout(("No supported ciphers found"));
3434 crStop(0);
3435 }
3436
3437 /* Warn about chosen cipher if necessary. */
3438 if (warn) {
3439 ssh_set_frozen(ssh, 1);
3440 s->dlgret = askalg(ssh->frontend, "cipher", cipher_string,
3441 ssh_dialog_callback, ssh);
3442 if (s->dlgret < 0) {
3443 do {
3444 crReturn(0);
3445 if (pktin) {
3446 bombout(("Unexpected data from server while waiting"
3447 " for user response"));
3448 crStop(0);
3449 }
3450 } while (pktin || inlen > 0);
3451 s->dlgret = ssh->user_response;
3452 }
3453 ssh_set_frozen(ssh, 0);
3454 if (s->dlgret == 0) {
3455 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
3456 0, TRUE);
3457 crStop(0);
3458 }
3459 }
3460 }
3461
3462 switch (s->cipher_type) {
3463 case SSH_CIPHER_3DES:
3464 logevent("Using 3DES encryption");
3465 break;
3466 case SSH_CIPHER_DES:
3467 logevent("Using single-DES encryption");
3468 break;
3469 case SSH_CIPHER_BLOWFISH:
3470 logevent("Using Blowfish encryption");
3471 break;
3472 }
3473
3474 send_packet(ssh, SSH1_CMSG_SESSION_KEY,
3475 PKT_CHAR, s->cipher_type,
3476 PKT_DATA, cookie, 8,
3477 PKT_CHAR, (s->len * 8) >> 8, PKT_CHAR, (s->len * 8) & 0xFF,
3478 PKT_DATA, s->rsabuf, s->len,
3479 PKT_INT, ssh->v1_local_protoflags, PKT_END);
3480
3481 logevent("Trying to enable encryption...");
3482
3483 sfree(s->rsabuf);
3484
3485 ssh->cipher = (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 :
3486 s->cipher_type == SSH_CIPHER_DES ? &ssh_des :
3487 &ssh_3des);
3488 ssh->v1_cipher_ctx = ssh->cipher->make_context();
3489 ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key);
3490 logeventf(ssh, "Initialised %s encryption", ssh->cipher->text_name);
3491
3492 ssh->crcda_ctx = crcda_make_context();
3493 logevent("Installing CRC compensation attack detector");
3494
3495 if (servkey.modulus) {
3496 sfree(servkey.modulus);
3497 servkey.modulus = NULL;
3498 }
3499 if (servkey.exponent) {
3500 sfree(servkey.exponent);
3501 servkey.exponent = NULL;
3502 }
3503 if (hostkey.modulus) {
3504 sfree(hostkey.modulus);
3505 hostkey.modulus = NULL;
3506 }
3507 if (hostkey.exponent) {
3508 sfree(hostkey.exponent);
3509 hostkey.exponent = NULL;
3510 }
3511 crWaitUntil(pktin);
3512
3513 if (pktin->type != SSH1_SMSG_SUCCESS) {
3514 bombout(("Encryption not successfully enabled"));
3515 crStop(0);
3516 }
3517
3518 logevent("Successfully started encryption");
3519
3520 fflush(stdout); /* FIXME eh? */
3521 {
3522 if ((ssh->username = get_remote_username(ssh->conf)) == NULL) {
3523 int ret; /* need not be kept over crReturn */
3524 s->cur_prompt = new_prompts(ssh->frontend);
3525 s->cur_prompt->to_server = TRUE;
3526 s->cur_prompt->name = dupstr("SSH login name");
3527 /* 512 is an arbitrary upper limit on username size */
3528 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE, 512);
3529 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3530 while (ret < 0) {
3531 ssh->send_ok = 1;
3532 crWaitUntil(!pktin);
3533 ret = get_userpass_input(s->cur_prompt, in, inlen);
3534 ssh->send_ok = 0;
3535 }
3536 if (!ret) {
3537 /*
3538 * Failed to get a username. Terminate.
3539 */
3540 free_prompts(s->cur_prompt);
3541 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
3542 crStop(0);
3543 }
3544 ssh->username = dupstr(s->cur_prompt->prompts[0]->result);
3545 free_prompts(s->cur_prompt);
3546 }
3547
3548 send_packet(ssh, SSH1_CMSG_USER, PKT_STR, ssh->username, PKT_END);
3549 {
3550 char *userlog = dupprintf("Sent username \"%s\"", ssh->username);
3551 logevent(userlog);
3552 if (flags & FLAG_INTERACTIVE &&
3553 (!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
3554 c_write_str(ssh, userlog);
3555 c_write_str(ssh, "\r\n");
3556 }
3557 sfree(userlog);
3558 }
3559 }
3560
3561 crWaitUntil(pktin);
3562
3563 if ((s->supported_auths_mask & (1 << SSH1_AUTH_RSA)) == 0) {
3564 /* We must not attempt PK auth. Pretend we've already tried it. */
3565 s->tried_publickey = s->tried_agent = 1;
3566 } else {
3567 s->tried_publickey = s->tried_agent = 0;
3568 }
3569 s->tis_auth_refused = s->ccard_auth_refused = 0;
3570 /*
3571 * Load the public half of any configured keyfile for later use.
3572 */
3573 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3574 if (!filename_is_null(*s->keyfile)) {
3575 int keytype;
3576 logeventf(ssh, "Reading private key file \"%.150s\"",
3577 filename_to_str(s->keyfile));
3578 keytype = key_type(s->keyfile);
3579 if (keytype == SSH_KEYTYPE_SSH1) {
3580 const char *error;
3581 if (rsakey_pubblob(s->keyfile,
3582 &s->publickey_blob, &s->publickey_bloblen,
3583 &s->publickey_comment, &error)) {
3584 s->publickey_encrypted = rsakey_encrypted(s->keyfile,
3585 NULL);
3586 } else {
3587 char *msgbuf;
3588 logeventf(ssh, "Unable to load private key (%s)", error);
3589 msgbuf = dupprintf("Unable to load private key file "
3590 "\"%.150s\" (%s)\r\n",
3591 filename_to_str(s->keyfile),
3592 error);
3593 c_write_str(ssh, msgbuf);
3594 sfree(msgbuf);
3595 s->publickey_blob = NULL;
3596 }
3597 } else {
3598 char *msgbuf;
3599 logeventf(ssh, "Unable to use this key file (%s)",
3600 key_type_to_str(keytype));
3601 msgbuf = dupprintf("Unable to use key file \"%.150s\""
3602 " (%s)\r\n",
3603 filename_to_str(s->keyfile),
3604 key_type_to_str(keytype));
3605 c_write_str(ssh, msgbuf);
3606 sfree(msgbuf);
3607 s->publickey_blob = NULL;
3608 }
3609 } else
3610 s->publickey_blob = NULL;
3611
3612 while (pktin->type == SSH1_SMSG_FAILURE) {
3613 s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
3614
3615 if (conf_get_int(ssh->conf, CONF_tryagent) && agent_exists() && !s->tried_agent) {
3616 /*
3617 * Attempt RSA authentication using Pageant.
3618 */
3619 void *r;
3620
3621 s->authed = FALSE;
3622 s->tried_agent = 1;
3623 logevent("Pageant is running. Requesting keys.");
3624
3625 /* Request the keys held by the agent. */
3626 PUT_32BIT(s->request, 1);
3627 s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
3628 if (!agent_query(s->request, 5, &r, &s->responselen,
3629 ssh_agent_callback, ssh)) {
3630 do {
3631 crReturn(0);
3632 if (pktin) {
3633 bombout(("Unexpected data from server while waiting"
3634 " for agent response"));
3635 crStop(0);
3636 }
3637 } while (pktin || inlen > 0);
3638 r = ssh->agent_response;
3639 s->responselen = ssh->agent_response_len;
3640 }
3641 s->response = (unsigned char *) r;
3642 if (s->response && s->responselen >= 5 &&
3643 s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
3644 s->p = s->response + 5;
3645 s->nkeys = GET_32BIT(s->p);
3646 s->p += 4;
3647 logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
3648 for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
3649 unsigned char *pkblob = s->p;
3650 s->p += 4;
3651 {
3652 int n, ok = FALSE;
3653 do { /* do while (0) to make breaking easy */
3654 n = ssh1_read_bignum
3655 (s->p, s->responselen-(s->p-s->response),
3656 &s->key.exponent);
3657 if (n < 0)
3658 break;
3659 s->p += n;
3660 n = ssh1_read_bignum
3661 (s->p, s->responselen-(s->p-s->response),
3662 &s->key.modulus);
3663 if (n < 0)
3664 break;
3665 s->p += n;
3666 if (s->responselen - (s->p-s->response) < 4)
3667 break;
3668 s->commentlen = GET_32BIT(s->p);
3669 s->p += 4;
3670 if (s->responselen - (s->p-s->response) <
3671 s->commentlen)
3672 break;
3673 s->commentp = (char *)s->p;
3674 s->p += s->commentlen;
3675 ok = TRUE;
3676 } while (0);
3677 if (!ok) {
3678 logevent("Pageant key list packet was truncated");
3679 break;
3680 }
3681 }
3682 if (s->publickey_blob) {
3683 if (!memcmp(pkblob, s->publickey_blob,
3684 s->publickey_bloblen)) {
3685 logeventf(ssh, "Pageant key #%d matches "
3686 "configured key file", s->keyi);
3687 s->tried_publickey = 1;
3688 } else
3689 /* Skip non-configured key */
3690 continue;
3691 }
3692 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
3693 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3694 PKT_BIGNUM, s->key.modulus, PKT_END);
3695 crWaitUntil(pktin);
3696 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3697 logevent("Key refused");
3698 continue;
3699 }
3700 logevent("Received RSA challenge");
3701 if ((s->challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3702 bombout(("Server's RSA challenge was badly formatted"));
3703 crStop(0);
3704 }
3705
3706 {
3707 char *agentreq, *q, *ret;
3708 void *vret;
3709 int len, retlen;
3710 len = 1 + 4; /* message type, bit count */
3711 len += ssh1_bignum_length(s->key.exponent);
3712 len += ssh1_bignum_length(s->key.modulus);
3713 len += ssh1_bignum_length(s->challenge);
3714 len += 16; /* session id */
3715 len += 4; /* response format */
3716 agentreq = snewn(4 + len, char);
3717 PUT_32BIT(agentreq, len);
3718 q = agentreq + 4;
3719 *q++ = SSH1_AGENTC_RSA_CHALLENGE;
3720 PUT_32BIT(q, bignum_bitcount(s->key.modulus));
3721 q += 4;
3722 q += ssh1_write_bignum(q, s->key.exponent);
3723 q += ssh1_write_bignum(q, s->key.modulus);
3724 q += ssh1_write_bignum(q, s->challenge);
3725 memcpy(q, s->session_id, 16);
3726 q += 16;
3727 PUT_32BIT(q, 1); /* response format */
3728 if (!agent_query(agentreq, len + 4, &vret, &retlen,
3729 ssh_agent_callback, ssh)) {
3730 sfree(agentreq);
3731 do {
3732 crReturn(0);
3733 if (pktin) {
3734 bombout(("Unexpected data from server"
3735 " while waiting for agent"
3736 " response"));
3737 crStop(0);
3738 }
3739 } while (pktin || inlen > 0);
3740 vret = ssh->agent_response;
3741 retlen = ssh->agent_response_len;
3742 } else
3743 sfree(agentreq);
3744 ret = vret;
3745 if (ret) {
3746 if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
3747 logevent("Sending Pageant's response");
3748 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3749 PKT_DATA, ret + 5, 16,
3750 PKT_END);
3751 sfree(ret);
3752 crWaitUntil(pktin);
3753 if (pktin->type == SSH1_SMSG_SUCCESS) {
3754 logevent
3755 ("Pageant's response accepted");
3756 if (flags & FLAG_VERBOSE) {
3757 c_write_str(ssh, "Authenticated using"
3758 " RSA key \"");
3759 c_write(ssh, s->commentp,
3760 s->commentlen);
3761 c_write_str(ssh, "\" from agent\r\n");
3762 }
3763 s->authed = TRUE;
3764 } else
3765 logevent
3766 ("Pageant's response not accepted");
3767 } else {
3768 logevent
3769 ("Pageant failed to answer challenge");
3770 sfree(ret);
3771 }
3772 } else {
3773 logevent("No reply received from Pageant");
3774 }
3775 }
3776 freebn(s->key.exponent);
3777 freebn(s->key.modulus);
3778 freebn(s->challenge);
3779 if (s->authed)
3780 break;
3781 }
3782 sfree(s->response);
3783 if (s->publickey_blob && !s->tried_publickey)
3784 logevent("Configured key file not in Pageant");
3785 } else {
3786 logevent("Failed to get reply from Pageant");
3787 }
3788 if (s->authed)
3789 break;
3790 }
3791 if (s->publickey_blob && !s->tried_publickey) {
3792 /*
3793 * Try public key authentication with the specified
3794 * key file.
3795 */
3796 int got_passphrase; /* need not be kept over crReturn */
3797 if (flags & FLAG_VERBOSE)
3798 c_write_str(ssh, "Trying public key authentication.\r\n");
3799 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3800 logeventf(ssh, "Trying public key \"%s\"",
3801 filename_to_str(s->keyfile));
3802 s->tried_publickey = 1;
3803 got_passphrase = FALSE;
3804 while (!got_passphrase) {
3805 /*
3806 * Get a passphrase, if necessary.
3807 */
3808 char *passphrase = NULL; /* only written after crReturn */
3809 const char *error;
3810 if (!s->publickey_encrypted) {
3811 if (flags & FLAG_VERBOSE)
3812 c_write_str(ssh, "No passphrase required.\r\n");
3813 passphrase = NULL;
3814 } else {
3815 int ret; /* need not be kept over crReturn */
3816 s->cur_prompt = new_prompts(ssh->frontend);
3817 s->cur_prompt->to_server = FALSE;
3818 s->cur_prompt->name = dupstr("SSH key passphrase");
3819 add_prompt(s->cur_prompt,
3820 dupprintf("Passphrase for key \"%.100s\": ",
3821 s->publickey_comment),
3822 FALSE, SSH_MAX_PASSWORD_LEN);
3823 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3824 while (ret < 0) {
3825 ssh->send_ok = 1;
3826 crWaitUntil(!pktin);
3827 ret = get_userpass_input(s->cur_prompt, in, inlen);
3828 ssh->send_ok = 0;
3829 }
3830 if (!ret) {
3831 /* Failed to get a passphrase. Terminate. */
3832 free_prompts(s->cur_prompt);
3833 ssh_disconnect(ssh, NULL, "Unable to authenticate",
3834 0, TRUE);
3835 crStop(0);
3836 }
3837 passphrase = dupstr(s->cur_prompt->prompts[0]->result);
3838 free_prompts(s->cur_prompt);
3839 }
3840 /*
3841 * Try decrypting key with passphrase.
3842 */
3843 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3844 ret = loadrsakey(s->keyfile, &s->key, passphrase,
3845 &error);
3846 if (passphrase) {
3847 memset(passphrase, 0, strlen(passphrase));
3848 sfree(passphrase);
3849 }
3850 if (ret == 1) {
3851 /* Correct passphrase. */
3852 got_passphrase = TRUE;
3853 } else if (ret == 0) {
3854 c_write_str(ssh, "Couldn't load private key from ");
3855 c_write_str(ssh, filename_to_str(s->keyfile));
3856 c_write_str(ssh, " (");
3857 c_write_str(ssh, error);
3858 c_write_str(ssh, ").\r\n");
3859 got_passphrase = FALSE;
3860 break; /* go and try something else */
3861 } else if (ret == -1) {
3862 c_write_str(ssh, "Wrong passphrase.\r\n"); /* FIXME */
3863 got_passphrase = FALSE;
3864 /* and try again */
3865 } else {
3866 assert(0 && "unexpected return from loadrsakey()");
3867 got_passphrase = FALSE; /* placate optimisers */
3868 }
3869 }
3870
3871 if (got_passphrase) {
3872
3873 /*
3874 * Send a public key attempt.
3875 */
3876 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3877 PKT_BIGNUM, s->key.modulus, PKT_END);
3878
3879 crWaitUntil(pktin);
3880 if (pktin->type == SSH1_SMSG_FAILURE) {
3881 c_write_str(ssh, "Server refused our public key.\r\n");
3882 continue; /* go and try something else */
3883 }
3884 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3885 bombout(("Bizarre response to offer of public key"));
3886 crStop(0);
3887 }
3888
3889 {
3890 int i;
3891 unsigned char buffer[32];
3892 Bignum challenge, response;
3893
3894 if ((challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3895 bombout(("Server's RSA challenge was badly formatted"));
3896 crStop(0);
3897 }
3898 response = rsadecrypt(challenge, &s->key);
3899 freebn(s->key.private_exponent);/* burn the evidence */
3900
3901 for (i = 0; i < 32; i++) {
3902 buffer[i] = bignum_byte(response, 31 - i);
3903 }
3904
3905 MD5Init(&md5c);
3906 MD5Update(&md5c, buffer, 32);
3907 MD5Update(&md5c, s->session_id, 16);
3908 MD5Final(buffer, &md5c);
3909
3910 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3911 PKT_DATA, buffer, 16, PKT_END);
3912
3913 freebn(challenge);
3914 freebn(response);
3915 }
3916
3917 crWaitUntil(pktin);
3918 if (pktin->type == SSH1_SMSG_FAILURE) {
3919 if (flags & FLAG_VERBOSE)
3920 c_write_str(ssh, "Failed to authenticate with"
3921 " our public key.\r\n");
3922 continue; /* go and try something else */
3923 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
3924 bombout(("Bizarre response to RSA authentication response"));
3925 crStop(0);
3926 }
3927
3928 break; /* we're through! */
3929 }
3930
3931 }
3932
3933 /*
3934 * Otherwise, try various forms of password-like authentication.
3935 */
3936 s->cur_prompt = new_prompts(ssh->frontend);
3937
3938 if (conf_get_int(ssh->conf, CONF_try_tis_auth) &&
3939 (s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
3940 !s->tis_auth_refused) {
3941 s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
3942 logevent("Requested TIS authentication");
3943 send_packet(ssh, SSH1_CMSG_AUTH_TIS, PKT_END);
3944 crWaitUntil(pktin);
3945 if (pktin->type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
3946 logevent("TIS authentication declined");
3947 if (flags & FLAG_INTERACTIVE)
3948 c_write_str(ssh, "TIS authentication refused.\r\n");
3949 s->tis_auth_refused = 1;
3950 continue;
3951 } else {
3952 char *challenge;
3953 int challengelen;
3954 char *instr_suf, *prompt;
3955
3956 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3957 if (!challenge) {
3958 bombout(("TIS challenge packet was badly formed"));
3959 crStop(0);
3960 }
3961 logevent("Received TIS challenge");
3962 s->cur_prompt->to_server = TRUE;
3963 s->cur_prompt->name = dupstr("SSH TIS authentication");
3964 /* Prompt heuristic comes from OpenSSH */
3965 if (memchr(challenge, '\n', challengelen)) {
3966 instr_suf = dupstr("");
3967 prompt = dupprintf("%.*s", challengelen, challenge);
3968 } else {
3969 instr_suf = dupprintf("%.*s", challengelen, challenge);
3970 prompt = dupstr("Response: ");
3971 }
3972 s->cur_prompt->instruction =
3973 dupprintf("Using TIS authentication.%s%s",
3974 (*instr_suf) ? "\n" : "",
3975 instr_suf);
3976 s->cur_prompt->instr_reqd = TRUE;
3977 add_prompt(s->cur_prompt, prompt, FALSE, SSH_MAX_PASSWORD_LEN);
3978 sfree(instr_suf);
3979 }
3980 }
3981 if (conf_get_int(ssh->conf, CONF_try_tis_auth) &&
3982 (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
3983 !s->ccard_auth_refused) {
3984 s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
3985 logevent("Requested CryptoCard authentication");
3986 send_packet(ssh, SSH1_CMSG_AUTH_CCARD, PKT_END);
3987 crWaitUntil(pktin);
3988 if (pktin->type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
3989 logevent("CryptoCard authentication declined");
3990 c_write_str(ssh, "CryptoCard authentication refused.\r\n");
3991 s->ccard_auth_refused = 1;
3992 continue;
3993 } else {
3994 char *challenge;
3995 int challengelen;
3996 char *instr_suf, *prompt;
3997
3998 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3999 if (!challenge) {
4000 bombout(("CryptoCard challenge packet was badly formed"));
4001 crStop(0);
4002 }
4003 logevent("Received CryptoCard challenge");
4004 s->cur_prompt->to_server = TRUE;
4005 s->cur_prompt->name = dupstr("SSH CryptoCard authentication");
4006 s->cur_prompt->name_reqd = FALSE;
4007 /* Prompt heuristic comes from OpenSSH */
4008 if (memchr(challenge, '\n', challengelen)) {
4009 instr_suf = dupstr("");
4010 prompt = dupprintf("%.*s", challengelen, challenge);
4011 } else {
4012 instr_suf = dupprintf("%.*s", challengelen, challenge);
4013 prompt = dupstr("Response: ");
4014 }
4015 s->cur_prompt->instruction =
4016 dupprintf("Using CryptoCard authentication.%s%s",
4017 (*instr_suf) ? "\n" : "",
4018 instr_suf);
4019 s->cur_prompt->instr_reqd = TRUE;
4020 add_prompt(s->cur_prompt, prompt, FALSE, SSH_MAX_PASSWORD_LEN);
4021 sfree(instr_suf);
4022 }
4023 }
4024 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
4025 if ((s->supported_auths_mask & (1 << SSH1_AUTH_PASSWORD)) == 0) {
4026 bombout(("No supported authentication methods available"));
4027 crStop(0);
4028 }
4029 s->cur_prompt->to_server = TRUE;
4030 s->cur_prompt->name = dupstr("SSH password");
4031 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
4032 ssh->username, ssh->savedhost),
4033 FALSE, SSH_MAX_PASSWORD_LEN);
4034 }
4035
4036 /*
4037 * Show password prompt, having first obtained it via a TIS
4038 * or CryptoCard exchange if we're doing TIS or CryptoCard
4039 * authentication.
4040 */
4041 {
4042 int ret; /* need not be kept over crReturn */
4043 ret = get_userpass_input(s->cur_prompt, NULL, 0);
4044 while (ret < 0) {
4045 ssh->send_ok = 1;
4046 crWaitUntil(!pktin);
4047 ret = get_userpass_input(s->cur_prompt, in, inlen);
4048 ssh->send_ok = 0;
4049 }
4050 if (!ret) {
4051 /*
4052 * Failed to get a password (for example
4053 * because one was supplied on the command line
4054 * which has already failed to work). Terminate.
4055 */
4056 free_prompts(s->cur_prompt);
4057 ssh_disconnect(ssh, NULL, "Unable to authenticate", 0, TRUE);
4058 crStop(0);
4059 }
4060 }
4061
4062 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
4063 /*
4064 * Defence against traffic analysis: we send a
4065 * whole bunch of packets containing strings of
4066 * different lengths. One of these strings is the
4067 * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
4068 * The others are all random data in
4069 * SSH1_MSG_IGNORE packets. This way a passive
4070 * listener can't tell which is the password, and
4071 * hence can't deduce the password length.
4072 *
4073 * Anybody with a password length greater than 16
4074 * bytes is going to have enough entropy in their
4075 * password that a listener won't find it _that_
4076 * much help to know how long it is. So what we'll
4077 * do is:
4078 *
4079 * - if password length < 16, we send 15 packets
4080 * containing string lengths 1 through 15
4081 *
4082 * - otherwise, we let N be the nearest multiple
4083 * of 8 below the password length, and send 8
4084 * packets containing string lengths N through
4085 * N+7. This won't obscure the order of
4086 * magnitude of the password length, but it will
4087 * introduce a bit of extra uncertainty.
4088 *
4089 * A few servers can't deal with SSH1_MSG_IGNORE, at
4090 * least in this context. For these servers, we need
4091 * an alternative defence. We make use of the fact
4092 * that the password is interpreted as a C string:
4093 * so we can append a NUL, then some random data.
4094 *
4095 * A few servers can deal with neither SSH1_MSG_IGNORE
4096 * here _nor_ a padded password string.
4097 * For these servers we are left with no defences
4098 * against password length sniffing.
4099 */
4100 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE) &&
4101 !(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4102 /*
4103 * The server can deal with SSH1_MSG_IGNORE, so
4104 * we can use the primary defence.
4105 */
4106 int bottom, top, pwlen, i;
4107 char *randomstr;
4108
4109 pwlen = strlen(s->cur_prompt->prompts[0]->result);
4110 if (pwlen < 16) {
4111 bottom = 0; /* zero length passwords are OK! :-) */
4112 top = 15;
4113 } else {
4114 bottom = pwlen & ~7;
4115 top = bottom + 7;
4116 }
4117
4118 assert(pwlen >= bottom && pwlen <= top);
4119
4120 randomstr = snewn(top + 1, char);
4121
4122 for (i = bottom; i <= top; i++) {
4123 if (i == pwlen) {
4124 defer_packet(ssh, s->pwpkt_type,
4125 PKTT_PASSWORD, PKT_STR,
4126 s->cur_prompt->prompts[0]->result,
4127 PKTT_OTHER, PKT_END);
4128 } else {
4129 for (j = 0; j < i; j++) {
4130 do {
4131 randomstr[j] = random_byte();
4132 } while (randomstr[j] == '\0');
4133 }
4134 randomstr[i] = '\0';
4135 defer_packet(ssh, SSH1_MSG_IGNORE,
4136 PKT_STR, randomstr, PKT_END);
4137 }
4138 }
4139 logevent("Sending password with camouflage packets");
4140 ssh_pkt_defersend(ssh);
4141 sfree(randomstr);
4142 }
4143 else if (!(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4144 /*
4145 * The server can't deal with SSH1_MSG_IGNORE
4146 * but can deal with padded passwords, so we
4147 * can use the secondary defence.
4148 */
4149 char string[64];
4150 char *ss;
4151 int len;
4152
4153 len = strlen(s->cur_prompt->prompts[0]->result);
4154 if (len < sizeof(string)) {
4155 ss = string;
4156 strcpy(string, s->cur_prompt->prompts[0]->result);
4157 len++; /* cover the zero byte */
4158 while (len < sizeof(string)) {
4159 string[len++] = (char) random_byte();
4160 }
4161 } else {
4162 ss = s->cur_prompt->prompts[0]->result;
4163 }
4164 logevent("Sending length-padded password");
4165 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4166 PKT_INT, len, PKT_DATA, ss, len,
4167 PKTT_OTHER, PKT_END);
4168 } else {
4169 /*
4170 * The server is believed unable to cope with
4171 * any of our password camouflage methods.
4172 */
4173 int len;
4174 len = strlen(s->cur_prompt->prompts[0]->result);
4175 logevent("Sending unpadded password");
4176 send_packet(ssh, s->pwpkt_type,
4177 PKTT_PASSWORD, PKT_INT, len,
4178 PKT_DATA, s->cur_prompt->prompts[0]->result, len,
4179 PKTT_OTHER, PKT_END);
4180 }
4181 } else {
4182 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4183 PKT_STR, s->cur_prompt->prompts[0]->result,
4184 PKTT_OTHER, PKT_END);
4185 }
4186 logevent("Sent password");
4187 free_prompts(s->cur_prompt);
4188 crWaitUntil(pktin);
4189 if (pktin->type == SSH1_SMSG_FAILURE) {
4190 if (flags & FLAG_VERBOSE)
4191 c_write_str(ssh, "Access denied\r\n");
4192 logevent("Authentication refused");
4193 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
4194 bombout(("Strange packet received, type %d", pktin->type));
4195 crStop(0);
4196 }
4197 }
4198
4199 /* Clear up */
4200 if (s->publickey_blob) {
4201 sfree(s->publickey_blob);
4202 sfree(s->publickey_comment);
4203 }
4204
4205 logevent("Authentication successful");
4206
4207 crFinish(1);
4208 }
4209
4210 static void ssh_channel_try_eof(struct ssh_channel *c)
4211 {
4212 Ssh ssh = c->ssh;
4213 assert(c->pending_eof); /* precondition for calling us */
4214 if (c->halfopen)
4215 return; /* can't close: not even opened yet */
4216 if (ssh->version == 2 && bufchain_size(&c->v.v2.outbuffer) > 0)
4217 return; /* can't send EOF: pending outgoing data */
4218
4219 if (ssh->version == 1) {
4220 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4221 PKT_END);
4222 c->closes |= CLOSES_SENT_EOF;
4223 } else {
4224 struct Packet *pktout;
4225 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_EOF);
4226 ssh2_pkt_adduint32(pktout, c->remoteid);
4227 ssh2_pkt_send(ssh, pktout);
4228 c->closes |= CLOSES_SENT_EOF;
4229 if (!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes)) {
4230 /*
4231 * Also send MSG_CLOSE.
4232 */
4233 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
4234 ssh2_pkt_adduint32(pktout, c->remoteid);
4235 ssh2_pkt_send(ssh, pktout);
4236 c->closes |= CLOSES_SENT_CLOSE;
4237 }
4238 }
4239 c->pending_eof = FALSE; /* we've sent it now */
4240 }
4241
4242 void sshfwd_write_eof(struct ssh_channel *c)
4243 {
4244 Ssh ssh = c->ssh;
4245
4246 if (ssh->state == SSH_STATE_CLOSED)
4247 return;
4248
4249 if (c->closes & CLOSES_SENT_EOF)
4250 return;
4251
4252 c->pending_eof = TRUE;
4253 ssh_channel_try_eof(c);
4254 }
4255
4256 int sshfwd_write(struct ssh_channel *c, char *buf, int len)
4257 {
4258 Ssh ssh = c->ssh;
4259
4260 if (ssh->state == SSH_STATE_CLOSED)
4261 return 0;
4262
4263 if (ssh->version == 1) {
4264 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
4265 PKT_INT, c->remoteid,
4266 PKT_INT, len, PKTT_DATA, PKT_DATA, buf, len,
4267 PKTT_OTHER, PKT_END);
4268 /*
4269 * In SSH-1 we can return 0 here - implying that forwarded
4270 * connections are never individually throttled - because
4271 * the only circumstance that can cause throttling will be
4272 * the whole SSH connection backing up, in which case
4273 * _everything_ will be throttled as a whole.
4274 */
4275 return 0;
4276 } else {
4277 ssh2_add_channel_data(c, buf, len);
4278 return ssh2_try_send(c);
4279 }
4280 }
4281
4282 void sshfwd_unthrottle(struct ssh_channel *c, int bufsize)
4283 {
4284 Ssh ssh = c->ssh;
4285 int buflimit;
4286
4287 if (ssh->state == SSH_STATE_CLOSED)
4288 return;
4289
4290 if (ssh->version == 1) {
4291 buflimit = SSH1_BUFFER_LIMIT;
4292 } else {
4293 buflimit = c->v.v2.locmaxwin;
4294 ssh2_set_window(c, bufsize < buflimit ? buflimit - bufsize : 0);
4295 }
4296 if (c->throttling_conn && bufsize <= buflimit) {
4297 c->throttling_conn = 0;
4298 ssh_throttle_conn(ssh, -1);
4299 }
4300 }
4301
4302 static void ssh_queueing_handler(Ssh ssh, struct Packet *pktin)
4303 {
4304 struct queued_handler *qh = ssh->qhead;
4305
4306 assert(qh != NULL);
4307
4308 assert(pktin->type == qh->msg1 || pktin->type == qh->msg2);
4309
4310 if (qh->msg1 > 0) {
4311 assert(ssh->packet_dispatch[qh->msg1] == ssh_queueing_handler);
4312 ssh->packet_dispatch[qh->msg1] = NULL;
4313 }
4314 if (qh->msg2 > 0) {
4315 assert(ssh->packet_dispatch[qh->msg2] == ssh_queueing_handler);
4316 ssh->packet_dispatch[qh->msg2] = NULL;
4317 }
4318
4319 if (qh->next) {
4320 ssh->qhead = qh->next;
4321
4322 if (ssh->qhead->msg1 > 0) {
4323 assert(ssh->packet_dispatch[ssh->qhead->msg1] == NULL);
4324 ssh->packet_dispatch[ssh->qhead->msg1] = ssh_queueing_handler;
4325 }
4326 if (ssh->qhead->msg2 > 0) {
4327 assert(ssh->packet_dispatch[ssh->qhead->msg2] == NULL);
4328 ssh->packet_dispatch[ssh->qhead->msg2] = ssh_queueing_handler;
4329 }
4330 } else {
4331 ssh->qhead = ssh->qtail = NULL;
4332 ssh->packet_dispatch[pktin->type] = NULL;
4333 }
4334
4335 qh->handler(ssh, pktin, qh->ctx);
4336
4337 sfree(qh);
4338 }
4339
4340 static void ssh_queue_handler(Ssh ssh, int msg1, int msg2,
4341 chandler_fn_t handler, void *ctx)
4342 {
4343 struct queued_handler *qh;
4344
4345 qh = snew(struct queued_handler);
4346 qh->msg1 = msg1;
4347 qh->msg2 = msg2;
4348 qh->handler = handler;
4349 qh->ctx = ctx;
4350 qh->next = NULL;
4351
4352 if (ssh->qtail == NULL) {
4353 ssh->qhead = qh;
4354
4355 if (qh->msg1 > 0) {
4356 assert(ssh->packet_dispatch[qh->msg1] == NULL);
4357 ssh->packet_dispatch[qh->msg1] = ssh_queueing_handler;
4358 }
4359 if (qh->msg2 > 0) {
4360 assert(ssh->packet_dispatch[qh->msg2] == NULL);
4361 ssh->packet_dispatch[qh->msg2] = ssh_queueing_handler;
4362 }
4363 } else {
4364 ssh->qtail->next = qh;
4365 }
4366 ssh->qtail = qh;
4367 }
4368
4369 static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)
4370 {
4371 struct ssh_rportfwd *rpf, *pf = (struct ssh_rportfwd *)ctx;
4372
4373 if (pktin->type == (ssh->version == 1 ? SSH1_SMSG_SUCCESS :
4374 SSH2_MSG_REQUEST_SUCCESS)) {
4375 logeventf(ssh, "Remote port forwarding from %s enabled",
4376 pf->sportdesc);
4377 } else {
4378 logeventf(ssh, "Remote port forwarding from %s refused",
4379 pf->sportdesc);
4380
4381 rpf = del234(ssh->rportfwds, pf);
4382 assert(rpf == pf);
4383 pf->pfrec->remote = NULL;
4384 free_rportfwd(pf);
4385 }
4386 }
4387
4388 static void ssh_setup_portfwd(Ssh ssh, Conf *conf)
4389 {
4390 struct ssh_portfwd *epf;
4391 int i;
4392 char *key, *val;
4393
4394 if (!ssh->portfwds) {
4395 ssh->portfwds = newtree234(ssh_portcmp);
4396 } else {
4397 /*
4398 * Go through the existing port forwardings and tag them
4399 * with status==DESTROY. Any that we want to keep will be
4400 * re-enabled (status==KEEP) as we go through the
4401 * configuration and find out which bits are the same as
4402 * they were before.
4403 */
4404 struct ssh_portfwd *epf;
4405 int i;
4406 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4407 epf->status = DESTROY;
4408 }
4409
4410 for (val = conf_get_str_strs(conf, CONF_portfwd, NULL, &key);
4411 val != NULL;
4412 val = conf_get_str_strs(conf, CONF_portfwd, key, &key)) {
4413 char *kp, *kp2, *vp, *vp2;
4414 char address_family, type;
4415 int sport,dport,sserv,dserv;
4416 char *sports, *dports, *saddr, *host;
4417
4418 kp = key;
4419
4420 address_family = 'A';
4421 type = 'L';
4422 if (*kp == 'A' || *kp == '4' || *kp == '6')
4423 address_family = *kp++;
4424 if (*kp == 'L' || *kp == 'R')
4425 type = *kp++;
4426
4427 if ((kp2 = strchr(kp, ':')) != NULL) {
4428 /*
4429 * There's a colon in the middle of the source port
4430 * string, which means that the part before it is
4431 * actually a source address.
4432 */
4433 saddr = dupprintf("%.*s", (int)(kp2 - kp), kp);
4434 sports = kp2+1;
4435 } else {
4436 saddr = NULL;
4437 sports = kp;
4438 }
4439 sport = atoi(sports);
4440 sserv = 0;
4441 if (sport == 0) {
4442 sserv = 1;
4443 sport = net_service_lookup(sports);
4444 if (!sport) {
4445 logeventf(ssh, "Service lookup failed for source"
4446 " port \"%s\"", sports);
4447 }
4448 }
4449
4450 if (type == 'L' && !strcmp(val, "D")) {
4451 /* dynamic forwarding */
4452 host = NULL;
4453 dports = NULL;
4454 dport = -1;
4455 dserv = 0;
4456 type = 'D';
4457 } else {
4458 /* ordinary forwarding */
4459 vp = val;
4460 vp2 = vp + strcspn(vp, ":");
4461 host = dupprintf("%.*s", (int)(vp2 - vp), vp);
4462 if (vp2)
4463 vp2++;
4464 dports = vp2;
4465 dport = atoi(dports);
4466 dserv = 0;
4467 if (dport == 0) {
4468 dserv = 1;
4469 dport = net_service_lookup(dports);
4470 if (!dport) {
4471 logeventf(ssh, "Service lookup failed for destination"
4472 " port \"%s\"", dports);
4473 }
4474 }
4475 }
4476
4477 if (sport && dport) {
4478 /* Set up a description of the source port. */
4479 struct ssh_portfwd *pfrec, *epfrec;
4480
4481 pfrec = snew(struct ssh_portfwd);
4482 pfrec->type = type;
4483 pfrec->saddr = saddr;
4484 pfrec->sserv = sserv ? dupstr(sports) : NULL;
4485 pfrec->sport = sport;
4486 pfrec->daddr = host;
4487 pfrec->dserv = dserv ? dupstr(dports) : NULL;
4488 pfrec->dport = dport;
4489 pfrec->local = NULL;
4490 pfrec->remote = NULL;
4491 pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
4492 address_family == '6' ? ADDRTYPE_IPV6 :
4493 ADDRTYPE_UNSPEC);
4494
4495 epfrec = add234(ssh->portfwds, pfrec);
4496 if (epfrec != pfrec) {
4497 if (epfrec->status == DESTROY) {
4498 /*
4499 * We already have a port forwarding up and running
4500 * with precisely these parameters. Hence, no need
4501 * to do anything; simply re-tag the existing one
4502 * as KEEP.
4503 */
4504 epfrec->status = KEEP;
4505 }
4506 /*
4507 * Anything else indicates that there was a duplicate
4508 * in our input, which we'll silently ignore.
4509 */
4510 free_portfwd(pfrec);
4511 } else {
4512 pfrec->status = CREATE;
4513 }
4514 } else {
4515 sfree(saddr);
4516 sfree(host);
4517 }
4518 }
4519
4520 /*
4521 * Now go through and destroy any port forwardings which were
4522 * not re-enabled.
4523 */
4524 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4525 if (epf->status == DESTROY) {
4526 char *message;
4527
4528 message = dupprintf("%s port forwarding from %s%s%d",
4529 epf->type == 'L' ? "local" :
4530 epf->type == 'R' ? "remote" : "dynamic",
4531 epf->saddr ? epf->saddr : "",
4532 epf->saddr ? ":" : "",
4533 epf->sport);
4534
4535 if (epf->type != 'D') {
4536 char *msg2 = dupprintf("%s to %s:%d", message,
4537 epf->daddr, epf->dport);
4538 sfree(message);
4539 message = msg2;
4540 }
4541
4542 logeventf(ssh, "Cancelling %s", message);
4543 sfree(message);
4544
4545 /* epf->remote or epf->local may be NULL if setting up a
4546 * forwarding failed. */
4547 if (epf->remote) {
4548 struct ssh_rportfwd *rpf = epf->remote;
4549 struct Packet *pktout;
4550
4551 /*
4552 * Cancel the port forwarding at the server
4553 * end.
4554 */
4555 if (ssh->version == 1) {
4556 /*
4557 * We cannot cancel listening ports on the
4558 * server side in SSH-1! There's no message
4559 * to support it. Instead, we simply remove
4560 * the rportfwd record from the local end
4561 * so that any connections the server tries
4562 * to make on it are rejected.
4563 */
4564 } else {
4565 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4566 ssh2_pkt_addstring(pktout, "cancel-tcpip-forward");
4567 ssh2_pkt_addbool(pktout, 0);/* _don't_ want reply */
4568 if (epf->saddr) {
4569 ssh2_pkt_addstring(pktout, epf->saddr);
4570 } else if (conf_get_int(conf, CONF_rport_acceptall)) {
4571 /* XXX: rport_acceptall may not represent
4572 * what was used to open the original connection,
4573 * since it's reconfigurable. */
4574 ssh2_pkt_addstring(pktout, "0.0.0.0");
4575 } else {
4576 ssh2_pkt_addstring(pktout, "127.0.0.1");
4577 }
4578 ssh2_pkt_adduint32(pktout, epf->sport);
4579 ssh2_pkt_send(ssh, pktout);
4580 }
4581
4582 del234(ssh->rportfwds, rpf);
4583 free_rportfwd(rpf);
4584 } else if (epf->local) {
4585 pfd_terminate(epf->local);
4586 }
4587
4588 delpos234(ssh->portfwds, i);
4589 free_portfwd(epf);
4590 i--; /* so we don't skip one in the list */
4591 }
4592
4593 /*
4594 * And finally, set up any new port forwardings (status==CREATE).
4595 */
4596 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4597 if (epf->status == CREATE) {
4598 char *sportdesc, *dportdesc;
4599 sportdesc = dupprintf("%s%s%s%s%d%s",
4600 epf->saddr ? epf->saddr : "",
4601 epf->saddr ? ":" : "",
4602 epf->sserv ? epf->sserv : "",
4603 epf->sserv ? "(" : "",
4604 epf->sport,
4605 epf->sserv ? ")" : "");
4606 if (epf->type == 'D') {
4607 dportdesc = NULL;
4608 } else {
4609 dportdesc = dupprintf("%s:%s%s%d%s",
4610 epf->daddr,
4611 epf->dserv ? epf->dserv : "",
4612 epf->dserv ? "(" : "",
4613 epf->dport,
4614 epf->dserv ? ")" : "");
4615 }
4616
4617 if (epf->type == 'L') {
4618 const char *err = pfd_addforward(epf->daddr, epf->dport,
4619 epf->saddr, epf->sport,
4620 ssh, conf,
4621 &epf->local,
4622 epf->addressfamily);
4623
4624 logeventf(ssh, "Local %sport %s forwarding to %s%s%s",
4625 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4626 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4627 sportdesc, dportdesc,
4628 err ? " failed: " : "", err ? err : "");
4629 } else if (epf->type == 'D') {
4630 const char *err = pfd_addforward(NULL, -1,
4631 epf->saddr, epf->sport,
4632 ssh, conf,
4633 &epf->local,
4634 epf->addressfamily);
4635
4636 logeventf(ssh, "Local %sport %s SOCKS dynamic forwarding%s%s",
4637 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4638 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4639 sportdesc,
4640 err ? " failed: " : "", err ? err : "");
4641 } else {
4642 struct ssh_rportfwd *pf;
4643
4644 /*
4645 * Ensure the remote port forwardings tree exists.
4646 */
4647 if (!ssh->rportfwds) {
4648 if (ssh->version == 1)
4649 ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
4650 else
4651 ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
4652 }
4653
4654 pf = snew(struct ssh_rportfwd);
4655 strncpy(pf->dhost, epf->daddr, lenof(pf->dhost)-1);
4656 pf->dhost[lenof(pf->dhost)-1] = '\0';
4657 pf->dport = epf->dport;
4658 pf->sport = epf->sport;
4659 if (add234(ssh->rportfwds, pf) != pf) {
4660 logeventf(ssh, "Duplicate remote port forwarding to %s:%d",
4661 epf->daddr, epf->dport);
4662 sfree(pf);
4663 } else {
4664 logeventf(ssh, "Requesting remote port %s"
4665 " forward to %s", sportdesc, dportdesc);
4666
4667 pf->sportdesc = sportdesc;
4668 sportdesc = NULL;
4669 epf->remote = pf;
4670 pf->pfrec = epf;
4671
4672 if (ssh->version == 1) {
4673 send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST,
4674 PKT_INT, epf->sport,
4675 PKT_STR, epf->daddr,
4676 PKT_INT, epf->dport,
4677 PKT_END);
4678 ssh_queue_handler(ssh, SSH1_SMSG_SUCCESS,
4679 SSH1_SMSG_FAILURE,
4680 ssh_rportfwd_succfail, pf);
4681 } else {
4682 struct Packet *pktout;
4683 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4684 ssh2_pkt_addstring(pktout, "tcpip-forward");
4685 ssh2_pkt_addbool(pktout, 1);/* want reply */
4686 if (epf->saddr) {
4687 ssh2_pkt_addstring(pktout, epf->saddr);
4688 } else if (conf_get_int(conf, CONF_rport_acceptall)) {
4689 ssh2_pkt_addstring(pktout, "0.0.0.0");
4690 } else {
4691 ssh2_pkt_addstring(pktout, "127.0.0.1");
4692 }
4693 ssh2_pkt_adduint32(pktout, epf->sport);
4694 ssh2_pkt_send(ssh, pktout);
4695
4696 ssh_queue_handler(ssh, SSH2_MSG_REQUEST_SUCCESS,
4697 SSH2_MSG_REQUEST_FAILURE,
4698 ssh_rportfwd_succfail, pf);
4699 }
4700 }
4701 }
4702 sfree(sportdesc);
4703 sfree(dportdesc);
4704 }
4705 }
4706
4707 static void ssh1_smsg_stdout_stderr_data(Ssh ssh, struct Packet *pktin)
4708 {
4709 char *string;
4710 int stringlen, bufsize;
4711
4712 ssh_pkt_getstring(pktin, &string, &stringlen);
4713 if (string == NULL) {
4714 bombout(("Incoming terminal data packet was badly formed"));
4715 return;
4716 }
4717
4718 bufsize = from_backend(ssh->frontend, pktin->type == SSH1_SMSG_STDERR_DATA,
4719 string, stringlen);
4720 if (!ssh->v1_stdout_throttling && bufsize > SSH1_BUFFER_LIMIT) {
4721 ssh->v1_stdout_throttling = 1;
4722 ssh_throttle_conn(ssh, +1);
4723 }
4724 }
4725
4726 static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)
4727 {
4728 /* Remote side is trying to open a channel to talk to our
4729 * X-Server. Give them back a local channel number. */
4730 struct ssh_channel *c;
4731 int remoteid = ssh_pkt_getuint32(pktin);
4732
4733 logevent("Received X11 connect request");
4734 /* Refuse if X11 forwarding is disabled. */
4735 if (!ssh->X11_fwd_enabled) {
4736 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4737 PKT_INT, remoteid, PKT_END);
4738 logevent("Rejected X11 connect request");
4739 } else {
4740 c = snew(struct ssh_channel);
4741 c->ssh = ssh;
4742
4743 if (x11_init(&c->u.x11.s, ssh->x11disp, c,
4744 NULL, -1, ssh->conf) != NULL) {
4745 logevent("Opening X11 forward connection failed");
4746 sfree(c);
4747 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4748 PKT_INT, remoteid, PKT_END);
4749 } else {
4750 logevent
4751 ("Opening X11 forward connection succeeded");
4752 c->remoteid = remoteid;
4753 c->halfopen = FALSE;
4754 c->localid = alloc_channel_id(ssh);
4755 c->closes = 0;
4756 c->pending_eof = FALSE;
4757 c->throttling_conn = 0;
4758 c->type = CHAN_X11; /* identify channel type */
4759 add234(ssh->channels, c);
4760 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4761 PKT_INT, c->remoteid, PKT_INT,
4762 c->localid, PKT_END);
4763 logevent("Opened X11 forward channel");
4764 }
4765 }
4766 }
4767
4768 static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
4769 {
4770 /* Remote side is trying to open a channel to talk to our
4771 * agent. Give them back a local channel number. */
4772 struct ssh_channel *c;
4773 int remoteid = ssh_pkt_getuint32(pktin);
4774
4775 /* Refuse if agent forwarding is disabled. */
4776 if (!ssh->agentfwd_enabled) {
4777 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4778 PKT_INT, remoteid, PKT_END);
4779 } else {
4780 c = snew(struct ssh_channel);
4781 c->ssh = ssh;
4782 c->remoteid = remoteid;
4783 c->halfopen = FALSE;
4784 c->localid = alloc_channel_id(ssh);
4785 c->closes = 0;
4786 c->pending_eof = FALSE;
4787 c->throttling_conn = 0;
4788 c->type = CHAN_AGENT; /* identify channel type */
4789 c->u.a.lensofar = 0;
4790 c->u.a.message = NULL;
4791 add234(ssh->channels, c);
4792 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4793 PKT_INT, c->remoteid, PKT_INT, c->localid,
4794 PKT_END);
4795 }
4796 }
4797
4798 static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
4799 {
4800 /* Remote side is trying to open a channel to talk to a
4801 * forwarded port. Give them back a local channel number. */
4802 struct ssh_channel *c;
4803 struct ssh_rportfwd pf, *pfp;
4804 int remoteid;
4805 int hostsize, port;
4806 char *host;
4807 const char *e;
4808 c = snew(struct ssh_channel);
4809 c->ssh = ssh;
4810
4811 remoteid = ssh_pkt_getuint32(pktin);
4812 ssh_pkt_getstring(pktin, &host, &hostsize);
4813 port = ssh_pkt_getuint32(pktin);
4814
4815 if (hostsize >= lenof(pf.dhost))
4816 hostsize = lenof(pf.dhost)-1;
4817 memcpy(pf.dhost, host, hostsize);
4818 pf.dhost[hostsize] = '\0';
4819 pf.dport = port;
4820 pfp = find234(ssh->rportfwds, &pf, NULL);
4821
4822 if (pfp == NULL) {
4823 logeventf(ssh, "Rejected remote port open request for %s:%d",
4824 pf.dhost, port);
4825 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4826 PKT_INT, remoteid, PKT_END);
4827 } else {
4828 logeventf(ssh, "Received remote port open request for %s:%d",
4829 pf.dhost, port);
4830 e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port,
4831 c, ssh->conf, pfp->pfrec->addressfamily);
4832 if (e != NULL) {
4833 logeventf(ssh, "Port open failed: %s", e);
4834 sfree(c);
4835 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4836 PKT_INT, remoteid, PKT_END);
4837 } else {
4838 c->remoteid = remoteid;
4839 c->halfopen = FALSE;
4840 c->localid = alloc_channel_id(ssh);
4841 c->closes = 0;
4842 c->pending_eof = FALSE;
4843 c->throttling_conn = 0;
4844 c->type = CHAN_SOCKDATA; /* identify channel type */
4845 add234(ssh->channels, c);
4846 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4847 PKT_INT, c->remoteid, PKT_INT,
4848 c->localid, PKT_END);
4849 logevent("Forwarded port opened successfully");
4850 }
4851 }
4852 }
4853
4854 static void ssh1_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
4855 {
4856 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4857 unsigned int localid = ssh_pkt_getuint32(pktin);
4858 struct ssh_channel *c;
4859
4860 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4861 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4862 c->remoteid = localid;
4863 c->halfopen = FALSE;
4864 c->type = CHAN_SOCKDATA;
4865 c->throttling_conn = 0;
4866 pfd_confirm(c->u.pfd.s);
4867 }
4868
4869 if (c && c->pending_eof) {
4870 /*
4871 * We have a pending close on this channel,
4872 * which we decided on before the server acked
4873 * the channel open. So now we know the
4874 * remoteid, we can close it again.
4875 */
4876 ssh_channel_try_eof(c);
4877 }
4878 }
4879
4880 static void ssh1_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
4881 {
4882 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4883 struct ssh_channel *c;
4884
4885 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4886 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4887 logevent("Forwarded connection refused by server");
4888 pfd_close(c->u.pfd.s);
4889 del234(ssh->channels, c);
4890 sfree(c);
4891 }
4892 }
4893
4894 static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin)
4895 {
4896 /* Remote side closes a channel. */
4897 unsigned i = ssh_pkt_getuint32(pktin);
4898 struct ssh_channel *c;
4899 c = find234(ssh->channels, &i, ssh_channelfind);
4900 if (c && !c->halfopen) {
4901
4902 if (pktin->type == SSH1_MSG_CHANNEL_CLOSE &&
4903 !(c->closes & CLOSES_RCVD_EOF)) {
4904 /*
4905 * Received CHANNEL_CLOSE, which we translate into
4906 * outgoing EOF.
4907 */
4908 int send_close = FALSE;
4909
4910 c->closes |= CLOSES_RCVD_EOF;
4911
4912 switch (c->type) {
4913 case CHAN_X11:
4914 if (c->u.x11.s)
4915 x11_send_eof(c->u.x11.s);
4916 else
4917 send_close = TRUE;
4918 case CHAN_SOCKDATA:
4919 if (c->u.pfd.s)
4920 x11_send_eof(c->u.pfd.s);
4921 else
4922 send_close = TRUE;
4923 case CHAN_AGENT:
4924 send_close = TRUE;
4925 }
4926
4927 if (send_close && !(c->closes & CLOSES_SENT_EOF)) {
4928 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4929 PKT_END);
4930 c->closes |= CLOSES_SENT_EOF;
4931 }
4932 }
4933
4934 if (pktin->type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION &&
4935 !(c->closes & CLOSES_RCVD_CLOSE)) {
4936
4937 if (!(c->closes & CLOSES_SENT_EOF)) {
4938 bombout(("Received CHANNEL_CLOSE_CONFIRMATION for channel %d"
4939 " for which we never sent CHANNEL_CLOSE\n", i));
4940 }
4941
4942 c->closes |= CLOSES_RCVD_CLOSE;
4943 }
4944
4945 if (!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes) &&
4946 !(c->closes & CLOSES_SENT_CLOSE)) {
4947 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION,
4948 PKT_INT, c->remoteid, PKT_END);
4949 c->closes |= CLOSES_SENT_CLOSE;
4950 }
4951
4952 if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes))
4953 ssh_channel_destroy(c);
4954 } else {
4955 bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
4956 pktin->type == SSH1_MSG_CHANNEL_CLOSE ? "" :
4957 "_CONFIRMATION", c ? "half-open" : "nonexistent",
4958 i));
4959 }
4960 }
4961
4962 static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
4963 {
4964 /* Data sent down one of our channels. */
4965 int i = ssh_pkt_getuint32(pktin);
4966 char *p;
4967 int len;
4968 struct ssh_channel *c;
4969
4970 ssh_pkt_getstring(pktin, &p, &len);
4971
4972 c = find234(ssh->channels, &i, ssh_channelfind);
4973 if (c) {
4974 int bufsize = 0;
4975 switch (c->type) {
4976 case CHAN_X11:
4977 bufsize = x11_send(c->u.x11.s, p, len);
4978 break;
4979 case CHAN_SOCKDATA:
4980 bufsize = pfd_send(c->u.pfd.s, p, len);
4981 break;
4982 case CHAN_AGENT:
4983 /* Data for an agent message. Buffer it. */
4984 while (len > 0) {
4985 if (c->u.a.lensofar < 4) {
4986 unsigned int l = min(4 - c->u.a.lensofar, (unsigned)len);
4987 memcpy(c->u.a.msglen + c->u.a.lensofar, p,
4988 l);
4989 p += l;
4990 len -= l;
4991 c->u.a.lensofar += l;
4992 }
4993 if (c->u.a.lensofar == 4) {
4994 c->u.a.totallen =
4995 4 + GET_32BIT(c->u.a.msglen);
4996 c->u.a.message = snewn(c->u.a.totallen,
4997 unsigned char);
4998 memcpy(c->u.a.message, c->u.a.msglen, 4);
4999 }
5000 if (c->u.a.lensofar >= 4 && len > 0) {
5001 unsigned int l =
5002 min(c->u.a.totallen - c->u.a.lensofar,
5003 (unsigned)len);
5004 memcpy(c->u.a.message + c->u.a.lensofar, p,
5005 l);
5006 p += l;
5007 len -= l;
5008 c->u.a.lensofar += l;
5009 }
5010 if (c->u.a.lensofar == c->u.a.totallen) {
5011 void *reply;
5012 int replylen;
5013 if (agent_query(c->u.a.message,
5014 c->u.a.totallen,
5015 &reply, &replylen,
5016 ssh_agentf_callback, c))
5017 ssh_agentf_callback(c, reply, replylen);
5018 sfree(c->u.a.message);
5019 c->u.a.lensofar = 0;
5020 }
5021 }
5022 bufsize = 0; /* agent channels never back up */
5023 break;
5024 }
5025 if (!c->throttling_conn && bufsize > SSH1_BUFFER_LIMIT) {
5026 c->throttling_conn = 1;
5027 ssh_throttle_conn(ssh, +1);
5028 }
5029 }
5030 }
5031
5032 static void ssh1_smsg_exit_status(Ssh ssh, struct Packet *pktin)
5033 {
5034 ssh->exitcode = ssh_pkt_getuint32(pktin);
5035 logeventf(ssh, "Server sent command exit status %d", ssh->exitcode);
5036 send_packet(ssh, SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
5037 /*
5038 * In case `helpful' firewalls or proxies tack
5039 * extra human-readable text on the end of the
5040 * session which we might mistake for another
5041 * encrypted packet, we close the session once
5042 * we've sent EXIT_CONFIRMATION.
5043 */
5044 ssh_disconnect(ssh, NULL, NULL, 0, TRUE);
5045 }
5046
5047 /* Helper function to deal with sending tty modes for REQUEST_PTY */
5048 static void ssh1_send_ttymode(void *data, char *mode, char *val)
5049 {
5050 struct Packet *pktout = (struct Packet *)data;
5051 int i = 0;
5052 unsigned int arg = 0;
5053 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
5054 if (i == lenof(ssh_ttymodes)) return;
5055 switch (ssh_ttymodes[i].type) {
5056 case TTY_OP_CHAR:
5057 arg = ssh_tty_parse_specchar(val);
5058 break;
5059 case TTY_OP_BOOL:
5060 arg = ssh_tty_parse_boolean(val);
5061 break;
5062 }
5063 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
5064 ssh2_pkt_addbyte(pktout, arg);
5065 }
5066
5067
5068 static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
5069 struct Packet *pktin)
5070 {
5071 crBegin(ssh->do_ssh1_connection_crstate);
5072
5073 ssh->packet_dispatch[SSH1_SMSG_STDOUT_DATA] =
5074 ssh->packet_dispatch[SSH1_SMSG_STDERR_DATA] =
5075 ssh1_smsg_stdout_stderr_data;
5076
5077 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_CONFIRMATION] =
5078 ssh1_msg_channel_open_confirmation;
5079 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_FAILURE] =
5080 ssh1_msg_channel_open_failure;
5081 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE] =
5082 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION] =
5083 ssh1_msg_channel_close;
5084 ssh->packet_dispatch[SSH1_MSG_CHANNEL_DATA] = ssh1_msg_channel_data;
5085 ssh->packet_dispatch[SSH1_SMSG_EXIT_STATUS] = ssh1_smsg_exit_status;
5086
5087 if (conf_get_int(ssh->conf, CONF_agentfwd) && agent_exists()) {
5088 logevent("Requesting agent forwarding");
5089 send_packet(ssh, SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
5090 do {
5091 crReturnV;
5092 } while (!pktin);
5093 if (pktin->type != SSH1_SMSG_SUCCESS
5094 && pktin->type != SSH1_SMSG_FAILURE) {
5095 bombout(("Protocol confusion"));
5096 crStopV;
5097 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5098 logevent("Agent forwarding refused");
5099 } else {
5100 logevent("Agent forwarding enabled");
5101 ssh->agentfwd_enabled = TRUE;
5102 ssh->packet_dispatch[SSH1_SMSG_AGENT_OPEN] = ssh1_smsg_agent_open;
5103 }
5104 }
5105
5106 if (conf_get_int(ssh->conf, CONF_x11_forward) &&
5107 (ssh->x11disp = x11_setup_display(conf_get_str(ssh->conf, CONF_x11_display),
5108 conf_get_int(ssh->conf, CONF_x11_auth), ssh->conf))) {
5109 logevent("Requesting X11 forwarding");
5110 /*
5111 * Note that while we blank the X authentication data here, we don't
5112 * take any special action to blank the start of an X11 channel,
5113 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
5114 * without having session blanking enabled is likely to leak your
5115 * cookie into the log.
5116 */
5117 if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
5118 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
5119 PKT_STR, ssh->x11disp->remoteauthprotoname,
5120 PKTT_PASSWORD,
5121 PKT_STR, ssh->x11disp->remoteauthdatastring,
5122 PKTT_OTHER,
5123 PKT_INT, ssh->x11disp->screennum,
5124 PKT_END);
5125 } else {
5126 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
5127 PKT_STR, ssh->x11disp->remoteauthprotoname,
5128 PKTT_PASSWORD,
5129 PKT_STR, ssh->x11disp->remoteauthdatastring,
5130 PKTT_OTHER,
5131 PKT_END);
5132 }
5133 do {
5134 crReturnV;
5135 } while (!pktin);
5136 if (pktin->type != SSH1_SMSG_SUCCESS
5137 && pktin->type != SSH1_SMSG_FAILURE) {
5138 bombout(("Protocol confusion"));
5139 crStopV;
5140 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5141 logevent("X11 forwarding refused");
5142 } else {
5143 logevent("X11 forwarding enabled");
5144 ssh->X11_fwd_enabled = TRUE;
5145 ssh->packet_dispatch[SSH1_SMSG_X11_OPEN] = ssh1_smsg_x11_open;
5146 }
5147 }
5148
5149 ssh_setup_portfwd(ssh, ssh->conf);
5150 ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = ssh1_msg_port_open;
5151
5152 if (!conf_get_int(ssh->conf, CONF_nopty)) {
5153 struct Packet *pkt;
5154 /* Unpick the terminal-speed string. */
5155 /* XXX perhaps we should allow no speeds to be sent. */
5156 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
5157 sscanf(conf_get_str(ssh->conf, CONF_termspeed), "%d,%d", &ssh->ospeed, &ssh->ispeed);
5158 /* Send the pty request. */
5159 pkt = ssh1_pkt_init(SSH1_CMSG_REQUEST_PTY);
5160 ssh_pkt_addstring(pkt, conf_get_str(ssh->conf, CONF_termtype));
5161 ssh_pkt_adduint32(pkt, ssh->term_height);
5162 ssh_pkt_adduint32(pkt, ssh->term_width);
5163 ssh_pkt_adduint32(pkt, 0); /* width in pixels */
5164 ssh_pkt_adduint32(pkt, 0); /* height in pixels */
5165 parse_ttymodes(ssh, ssh1_send_ttymode, (void *)pkt);
5166 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_ISPEED);
5167 ssh_pkt_adduint32(pkt, ssh->ispeed);
5168 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_OSPEED);
5169 ssh_pkt_adduint32(pkt, ssh->ospeed);
5170 ssh_pkt_addbyte(pkt, SSH_TTY_OP_END);
5171 s_wrpkt(ssh, pkt);
5172 ssh->state = SSH_STATE_INTERMED;
5173 do {
5174 crReturnV;
5175 } while (!pktin);
5176 if (pktin->type != SSH1_SMSG_SUCCESS
5177 && pktin->type != SSH1_SMSG_FAILURE) {
5178 bombout(("Protocol confusion"));
5179 crStopV;
5180 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5181 c_write_str(ssh, "Server refused to allocate pty\r\n");
5182 ssh->editing = ssh->echoing = 1;
5183 }
5184 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
5185 ssh->ospeed, ssh->ispeed);
5186 } else {
5187 ssh->editing = ssh->echoing = 1;
5188 }
5189
5190 if (conf_get_int(ssh->conf, CONF_compression)) {
5191 send_packet(ssh, SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
5192 do {
5193 crReturnV;
5194 } while (!pktin);
5195 if (pktin->type != SSH1_SMSG_SUCCESS
5196 && pktin->type != SSH1_SMSG_FAILURE) {
5197 bombout(("Protocol confusion"));
5198 crStopV;
5199 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5200 c_write_str(ssh, "Server refused to compress\r\n");
5201 }
5202 logevent("Started compression");
5203 ssh->v1_compressing = TRUE;
5204 ssh->cs_comp_ctx = zlib_compress_init();
5205 logevent("Initialised zlib (RFC1950) compression");
5206 ssh->sc_comp_ctx = zlib_decompress_init();
5207 logevent("Initialised zlib (RFC1950) decompression");
5208 }
5209
5210 /*
5211 * Start the shell or command.
5212 *
5213 * Special case: if the first-choice command is an SSH-2
5214 * subsystem (hence not usable here) and the second choice
5215 * exists, we fall straight back to that.
5216 */
5217 {
5218 char *cmd = conf_get_str(ssh->conf, CONF_remote_cmd);
5219
5220 if (conf_get_int(ssh->conf, CONF_ssh_subsys) &&
5221 conf_get_str(ssh->conf, CONF_remote_cmd2)) {
5222 cmd = conf_get_str(ssh->conf, CONF_remote_cmd2);
5223 ssh->fallback_cmd = TRUE;
5224 }
5225 if (*cmd)
5226 send_packet(ssh, SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END);
5227 else
5228 send_packet(ssh, SSH1_CMSG_EXEC_SHELL, PKT_END);
5229 logevent("Started session");
5230 }
5231
5232 ssh->state = SSH_STATE_SESSION;
5233 if (ssh->size_needed)
5234 ssh_size(ssh, ssh->term_width, ssh->term_height);
5235 if (ssh->eof_needed)
5236 ssh_special(ssh, TS_EOF);
5237
5238 if (ssh->ldisc)
5239 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
5240 ssh->send_ok = 1;
5241 ssh->channels = newtree234(ssh_channelcmp);
5242 while (1) {
5243
5244 /*
5245 * By this point, most incoming packets are already being
5246 * handled by the dispatch table, and we need only pay
5247 * attention to the unusual ones.
5248 */
5249
5250 crReturnV;
5251 if (pktin) {
5252 if (pktin->type == SSH1_SMSG_SUCCESS) {
5253 /* may be from EXEC_SHELL on some servers */
5254 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5255 /* may be from EXEC_SHELL on some servers
5256 * if no pty is available or in other odd cases. Ignore */
5257 } else {
5258 bombout(("Strange packet received: type %d", pktin->type));
5259 crStopV;
5260 }
5261 } else {
5262 while (inlen > 0) {
5263 int len = min(inlen, 512);
5264 send_packet(ssh, SSH1_CMSG_STDIN_DATA,
5265 PKT_INT, len, PKTT_DATA, PKT_DATA, in, len,
5266 PKTT_OTHER, PKT_END);
5267 in += len;
5268 inlen -= len;
5269 }
5270 }
5271 }
5272
5273 crFinishV;
5274 }
5275
5276 /*
5277 * Handle the top-level SSH-2 protocol.
5278 */
5279 static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
5280 {
5281 char *msg;
5282 int msglen;
5283
5284 ssh_pkt_getstring(pktin, &msg, &msglen);
5285 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
5286 }
5287
5288 static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
5289 {
5290 /* log reason code in disconnect message */
5291 char *msg;
5292 int msglen;
5293
5294 ssh_pkt_getstring(pktin, &msg, &msglen);
5295 bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg));
5296 }
5297
5298 static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin)
5299 {
5300 /* Do nothing, because we're ignoring it! Duhh. */
5301 }
5302
5303 static void ssh1_protocol_setup(Ssh ssh)
5304 {
5305 int i;
5306
5307 /*
5308 * Most messages are handled by the coroutines.
5309 */
5310 for (i = 0; i < 256; i++)
5311 ssh->packet_dispatch[i] = NULL;
5312
5313 /*
5314 * These special message types we install handlers for.
5315 */
5316 ssh->packet_dispatch[SSH1_MSG_DISCONNECT] = ssh1_msg_disconnect;
5317 ssh->packet_dispatch[SSH1_MSG_IGNORE] = ssh_msg_ignore;
5318 ssh->packet_dispatch[SSH1_MSG_DEBUG] = ssh1_msg_debug;
5319 }
5320
5321 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
5322 struct Packet *pktin)
5323 {
5324 unsigned char *in=(unsigned char*)vin;
5325 if (ssh->state == SSH_STATE_CLOSED)
5326 return;
5327
5328 if (pktin && ssh->packet_dispatch[pktin->type]) {
5329 ssh->packet_dispatch[pktin->type](ssh, pktin);
5330 return;
5331 }
5332
5333 if (!ssh->protocol_initial_phase_done) {
5334 if (do_ssh1_login(ssh, in, inlen, pktin))
5335 ssh->protocol_initial_phase_done = TRUE;
5336 else
5337 return;
5338 }
5339
5340 do_ssh1_connection(ssh, in, inlen, pktin);
5341 }
5342
5343 /*
5344 * Utility routine for decoding comma-separated strings in KEXINIT.
5345 */
5346 static int in_commasep_string(char *needle, char *haystack, int haylen)
5347 {
5348 int needlen;
5349 if (!needle || !haystack) /* protect against null pointers */
5350 return 0;
5351 needlen = strlen(needle);
5352 while (1) {
5353 /*
5354 * Is it at the start of the string?
5355 */
5356 if (haylen >= needlen && /* haystack is long enough */
5357 !memcmp(needle, haystack, needlen) && /* initial match */
5358 (haylen == needlen || haystack[needlen] == ',')
5359 /* either , or EOS follows */
5360 )
5361 return 1;
5362 /*
5363 * If not, search for the next comma and resume after that.
5364 * If no comma found, terminate.
5365 */
5366 while (haylen > 0 && *haystack != ',')
5367 haylen--, haystack++;
5368 if (haylen == 0)
5369 return 0;
5370 haylen--, haystack++; /* skip over comma itself */
5371 }
5372 }
5373
5374 /*
5375 * Similar routine for checking whether we have the first string in a list.
5376 */
5377 static int first_in_commasep_string(char *needle, char *haystack, int haylen)
5378 {
5379 int needlen;
5380 if (!needle || !haystack) /* protect against null pointers */
5381 return 0;
5382 needlen = strlen(needle);
5383 /*
5384 * Is it at the start of the string?
5385 */
5386 if (haylen >= needlen && /* haystack is long enough */
5387 !memcmp(needle, haystack, needlen) && /* initial match */
5388 (haylen == needlen || haystack[needlen] == ',')
5389 /* either , or EOS follows */
5390 )
5391 return 1;
5392 return 0;
5393 }
5394
5395
5396 /*
5397 * SSH-2 key creation method.
5398 * (Currently assumes 2 lots of any hash are sufficient to generate
5399 * keys/IVs for any cipher/MAC. SSH2_MKKEY_ITERS documents this assumption.)
5400 */
5401 #define SSH2_MKKEY_ITERS (2)
5402 static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr,
5403 unsigned char *keyspace)
5404 {
5405 const struct ssh_hash *h = ssh->kex->hash;
5406 void *s;
5407 /* First hlen bytes. */
5408 s = h->init();
5409 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
5410 hash_mpint(h, s, K);
5411 h->bytes(s, H, h->hlen);
5412 h->bytes(s, &chr, 1);
5413 h->bytes(s, ssh->v2_session_id, ssh->v2_session_id_len);
5414 h->final(s, keyspace);
5415 /* Next hlen bytes. */
5416 s = h->init();
5417 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
5418 hash_mpint(h, s, K);
5419 h->bytes(s, H, h->hlen);
5420 h->bytes(s, keyspace, h->hlen);
5421 h->final(s, keyspace + h->hlen);
5422 }
5423
5424 /*
5425 * Handle the SSH-2 transport layer.
5426 */
5427 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
5428 struct Packet *pktin)
5429 {
5430 unsigned char *in = (unsigned char *)vin;
5431 struct do_ssh2_transport_state {
5432 int nbits, pbits, warn_kex, warn_cscipher, warn_sccipher;
5433 Bignum p, g, e, f, K;
5434 void *our_kexinit;
5435 int our_kexinitlen;
5436 int kex_init_value, kex_reply_value;
5437 const struct ssh_mac **maclist;
5438 int nmacs;
5439 const struct ssh2_cipher *cscipher_tobe;
5440 const struct ssh2_cipher *sccipher_tobe;
5441 const struct ssh_mac *csmac_tobe;
5442 const struct ssh_mac *scmac_tobe;
5443 const struct ssh_compress *cscomp_tobe;
5444 const struct ssh_compress *sccomp_tobe;
5445 char *hostkeydata, *sigdata, *rsakeydata, *keystr, *fingerprint;
5446 int hostkeylen, siglen, rsakeylen;
5447 void *hkey; /* actual host key */
5448 void *rsakey; /* for RSA kex */
5449 unsigned char exchange_hash[SSH2_KEX_MAX_HASH_LEN];
5450 int n_preferred_kex;
5451 const struct ssh_kexes *preferred_kex[KEX_MAX];
5452 int n_preferred_ciphers;
5453 const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
5454 const struct ssh_compress *preferred_comp;
5455 int userauth_succeeded; /* for delayed compression */
5456 int pending_compression;
5457 int got_session_id, activated_authconn;
5458 struct Packet *pktout;
5459 int dlgret;
5460 int guessok;
5461 int ignorepkt;
5462 };
5463 crState(do_ssh2_transport_state);
5464
5465 crBegin(ssh->do_ssh2_transport_crstate);
5466
5467 s->cscipher_tobe = s->sccipher_tobe = NULL;
5468 s->csmac_tobe = s->scmac_tobe = NULL;
5469 s->cscomp_tobe = s->sccomp_tobe = NULL;
5470
5471 s->got_session_id = s->activated_authconn = FALSE;
5472 s->userauth_succeeded = FALSE;
5473 s->pending_compression = FALSE;
5474
5475 /*
5476 * Be prepared to work around the buggy MAC problem.
5477 */
5478 if (ssh->remote_bugs & BUG_SSH2_HMAC)
5479 s->maclist = buggymacs, s->nmacs = lenof(buggymacs);
5480 else
5481 s->maclist = macs, s->nmacs = lenof(macs);
5482
5483 begin_key_exchange:
5484 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
5485 {
5486 int i, j, commalist_started;
5487
5488 /*
5489 * Set up the preferred key exchange. (NULL => warn below here)
5490 */
5491 s->n_preferred_kex = 0;
5492 for (i = 0; i < KEX_MAX; i++) {
5493 switch (conf_get_int_int(ssh->conf, CONF_ssh_kexlist, i)) {
5494 case KEX_DHGEX:
5495 s->preferred_kex[s->n_preferred_kex++] =
5496 &ssh_diffiehellman_gex;
5497 break;
5498 case KEX_DHGROUP14:
5499 s->preferred_kex[s->n_preferred_kex++] =
5500 &ssh_diffiehellman_group14;
5501 break;
5502 case KEX_DHGROUP1:
5503 s->preferred_kex[s->n_preferred_kex++] =
5504 &ssh_diffiehellman_group1;
5505 break;
5506 case KEX_RSA:
5507 s->preferred_kex[s->n_preferred_kex++] =
5508 &ssh_rsa_kex;
5509 break;
5510 case KEX_WARN:
5511 /* Flag for later. Don't bother if it's the last in
5512 * the list. */
5513 if (i < KEX_MAX - 1) {
5514 s->preferred_kex[s->n_preferred_kex++] = NULL;
5515 }
5516 break;
5517 }
5518 }
5519
5520 /*
5521 * Set up the preferred ciphers. (NULL => warn below here)
5522 */
5523 s->n_preferred_ciphers = 0;
5524 for (i = 0; i < CIPHER_MAX; i++) {
5525 switch (conf_get_int_int(ssh->conf, CONF_ssh_cipherlist, i)) {
5526 case CIPHER_BLOWFISH:
5527 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_blowfish;
5528 break;
5529 case CIPHER_DES:
5530 if (conf_get_int(ssh->conf, CONF_ssh2_des_cbc)) {
5531 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_des;
5532 }
5533 break;
5534 case CIPHER_3DES:
5535 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_3des;
5536 break;
5537 case CIPHER_AES:
5538 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_aes;
5539 break;
5540 case CIPHER_ARCFOUR:
5541 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_arcfour;
5542 break;
5543 case CIPHER_WARN:
5544 /* Flag for later. Don't bother if it's the last in
5545 * the list. */
5546 if (i < CIPHER_MAX - 1) {
5547 s->preferred_ciphers[s->n_preferred_ciphers++] = NULL;
5548 }
5549 break;
5550 }
5551 }
5552
5553 /*
5554 * Set up preferred compression.
5555 */
5556 if (conf_get_int(ssh->conf, CONF_compression))
5557 s->preferred_comp = &ssh_zlib;
5558 else
5559 s->preferred_comp = &ssh_comp_none;
5560
5561 /*
5562 * Enable queueing of outgoing auth- or connection-layer
5563 * packets while we are in the middle of a key exchange.
5564 */
5565 ssh->queueing = TRUE;
5566
5567 /*
5568 * Flag that KEX is in progress.
5569 */
5570 ssh->kex_in_progress = TRUE;
5571
5572 /*
5573 * Construct and send our key exchange packet.
5574 */
5575 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXINIT);
5576 for (i = 0; i < 16; i++)
5577 ssh2_pkt_addbyte(s->pktout, (unsigned char) random_byte());
5578 /* List key exchange algorithms. */
5579 ssh2_pkt_addstring_start(s->pktout);
5580 commalist_started = 0;
5581 for (i = 0; i < s->n_preferred_kex; i++) {
5582 const struct ssh_kexes *k = s->preferred_kex[i];
5583 if (!k) continue; /* warning flag */
5584 for (j = 0; j < k->nkexes; j++) {
5585 if (commalist_started)
5586 ssh2_pkt_addstring_str(s->pktout, ",");
5587 ssh2_pkt_addstring_str(s->pktout, k->list[j]->name);
5588 commalist_started = 1;
5589 }
5590 }
5591 /* List server host key algorithms. */
5592 ssh2_pkt_addstring_start(s->pktout);
5593 for (i = 0; i < lenof(hostkey_algs); i++) {
5594 ssh2_pkt_addstring_str(s->pktout, hostkey_algs[i]->name);
5595 if (i < lenof(hostkey_algs) - 1)
5596 ssh2_pkt_addstring_str(s->pktout, ",");
5597 }
5598 /* List client->server encryption algorithms. */
5599 ssh2_pkt_addstring_start(s->pktout);
5600 commalist_started = 0;
5601 for (i = 0; i < s->n_preferred_ciphers; i++) {
5602 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5603 if (!c) continue; /* warning flag */
5604 for (j = 0; j < c->nciphers; j++) {
5605 if (commalist_started)
5606 ssh2_pkt_addstring_str(s->pktout, ",");
5607 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5608 commalist_started = 1;
5609 }
5610 }
5611 /* List server->client encryption algorithms. */
5612 ssh2_pkt_addstring_start(s->pktout);
5613 commalist_started = 0;
5614 for (i = 0; i < s->n_preferred_ciphers; i++) {
5615 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5616 if (!c) continue; /* warning flag */
5617 for (j = 0; j < c->nciphers; j++) {
5618 if (commalist_started)
5619 ssh2_pkt_addstring_str(s->pktout, ",");
5620 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5621 commalist_started = 1;
5622 }
5623 }
5624 /* List client->server MAC algorithms. */
5625 ssh2_pkt_addstring_start(s->pktout);
5626 for (i = 0; i < s->nmacs; i++) {
5627 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5628 if (i < s->nmacs - 1)
5629 ssh2_pkt_addstring_str(s->pktout, ",");
5630 }
5631 /* List server->client MAC algorithms. */
5632 ssh2_pkt_addstring_start(s->pktout);
5633 for (i = 0; i < s->nmacs; i++) {
5634 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5635 if (i < s->nmacs - 1)
5636 ssh2_pkt_addstring_str(s->pktout, ",");
5637 }
5638 /* List client->server compression algorithms,
5639 * then server->client compression algorithms. (We use the
5640 * same set twice.) */
5641 for (j = 0; j < 2; j++) {
5642 ssh2_pkt_addstring_start(s->pktout);
5643 assert(lenof(compressions) > 1);
5644 /* Prefer non-delayed versions */
5645 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5646 /* We don't even list delayed versions of algorithms until
5647 * they're allowed to be used, to avoid a race. See the end of
5648 * this function. */
5649 if (s->userauth_succeeded && s->preferred_comp->delayed_name) {
5650 ssh2_pkt_addstring_str(s->pktout, ",");
5651 ssh2_pkt_addstring_str(s->pktout,
5652 s->preferred_comp->delayed_name);
5653 }
5654 for (i = 0; i < lenof(compressions); i++) {
5655 const struct ssh_compress *c = compressions[i];
5656 if (c != s->preferred_comp) {
5657 ssh2_pkt_addstring_str(s->pktout, ",");
5658 ssh2_pkt_addstring_str(s->pktout, c->name);
5659 if (s->userauth_succeeded && c->delayed_name) {
5660 ssh2_pkt_addstring_str(s->pktout, ",");
5661 ssh2_pkt_addstring_str(s->pktout, c->delayed_name);
5662 }
5663 }
5664 }
5665 }
5666 /* List client->server languages. Empty list. */
5667 ssh2_pkt_addstring_start(s->pktout);
5668 /* List server->client languages. Empty list. */
5669 ssh2_pkt_addstring_start(s->pktout);
5670 /* First KEX packet does _not_ follow, because we're not that brave. */
5671 ssh2_pkt_addbool(s->pktout, FALSE);
5672 /* Reserved. */
5673 ssh2_pkt_adduint32(s->pktout, 0);
5674 }
5675
5676 s->our_kexinitlen = s->pktout->length - 5;
5677 s->our_kexinit = snewn(s->our_kexinitlen, unsigned char);
5678 memcpy(s->our_kexinit, s->pktout->data + 5, s->our_kexinitlen);
5679
5680 ssh2_pkt_send_noqueue(ssh, s->pktout);
5681
5682 if (!pktin)
5683 crWaitUntil(pktin);
5684
5685 /*
5686 * Now examine the other side's KEXINIT to see what we're up
5687 * to.
5688 */
5689 {
5690 char *str, *preferred;
5691 int i, j, len;
5692
5693 if (pktin->type != SSH2_MSG_KEXINIT) {
5694 bombout(("expected key exchange packet from server"));
5695 crStop(0);
5696 }
5697 ssh->kex = NULL;
5698 ssh->hostkey = NULL;
5699 s->cscipher_tobe = NULL;
5700 s->sccipher_tobe = NULL;
5701 s->csmac_tobe = NULL;
5702 s->scmac_tobe = NULL;
5703 s->cscomp_tobe = NULL;
5704 s->sccomp_tobe = NULL;
5705 s->warn_kex = s->warn_cscipher = s->warn_sccipher = FALSE;
5706
5707 pktin->savedpos += 16; /* skip garbage cookie */
5708 ssh_pkt_getstring(pktin, &str, &len); /* key exchange algorithms */
5709
5710 preferred = NULL;
5711 for (i = 0; i < s->n_preferred_kex; i++) {
5712 const struct ssh_kexes *k = s->preferred_kex[i];
5713 if (!k) {
5714 s->warn_kex = TRUE;
5715 } else {
5716 for (j = 0; j < k->nkexes; j++) {
5717 if (!preferred) preferred = k->list[j]->name;
5718 if (in_commasep_string(k->list[j]->name, str, len)) {
5719 ssh->kex = k->list[j];
5720 break;
5721 }
5722 }
5723 }
5724 if (ssh->kex)
5725 break;
5726 }
5727 if (!ssh->kex) {
5728 bombout(("Couldn't agree a key exchange algorithm (available: %s)",
5729 str ? str : "(null)"));
5730 crStop(0);
5731 }
5732 /*
5733 * Note that the server's guess is considered wrong if it doesn't match
5734 * the first algorithm in our list, even if it's still the algorithm
5735 * we end up using.
5736 */
5737 s->guessok = first_in_commasep_string(preferred, str, len);
5738 ssh_pkt_getstring(pktin, &str, &len); /* host key algorithms */
5739 for (i = 0; i < lenof(hostkey_algs); i++) {
5740 if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
5741 ssh->hostkey = hostkey_algs[i];
5742 break;
5743 }
5744 }
5745 s->guessok = s->guessok &&
5746 first_in_commasep_string(hostkey_algs[0]->name, str, len);
5747 ssh_pkt_getstring(pktin, &str, &len); /* client->server cipher */
5748 for (i = 0; i < s->n_preferred_ciphers; i++) {
5749 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5750 if (!c) {
5751 s->warn_cscipher = TRUE;
5752 } else {
5753 for (j = 0; j < c->nciphers; j++) {
5754 if (in_commasep_string(c->list[j]->name, str, len)) {
5755 s->cscipher_tobe = c->list[j];
5756 break;
5757 }
5758 }
5759 }
5760 if (s->cscipher_tobe)
5761 break;
5762 }
5763 if (!s->cscipher_tobe) {
5764 bombout(("Couldn't agree a client-to-server cipher (available: %s)",
5765 str ? str : "(null)"));
5766 crStop(0);
5767 }
5768
5769 ssh_pkt_getstring(pktin, &str, &len); /* server->client cipher */
5770 for (i = 0; i < s->n_preferred_ciphers; i++) {
5771 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5772 if (!c) {
5773 s->warn_sccipher = TRUE;
5774 } else {
5775 for (j = 0; j < c->nciphers; j++) {
5776 if (in_commasep_string(c->list[j]->name, str, len)) {
5777 s->sccipher_tobe = c->list[j];
5778 break;
5779 }
5780 }
5781 }
5782 if (s->sccipher_tobe)
5783 break;
5784 }
5785 if (!s->sccipher_tobe) {
5786 bombout(("Couldn't agree a server-to-client cipher (available: %s)",
5787 str ? str : "(null)"));
5788 crStop(0);
5789 }
5790
5791 ssh_pkt_getstring(pktin, &str, &len); /* client->server mac */
5792 for (i = 0; i < s->nmacs; i++) {
5793 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5794 s->csmac_tobe = s->maclist[i];
5795 break;
5796 }
5797 }
5798 ssh_pkt_getstring(pktin, &str, &len); /* server->client mac */
5799 for (i = 0; i < s->nmacs; i++) {
5800 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5801 s->scmac_tobe = s->maclist[i];
5802 break;
5803 }
5804 }
5805 ssh_pkt_getstring(pktin, &str, &len); /* client->server compression */
5806 for (i = 0; i < lenof(compressions) + 1; i++) {
5807 const struct ssh_compress *c =
5808 i == 0 ? s->preferred_comp : compressions[i - 1];
5809 if (in_commasep_string(c->name, str, len)) {
5810 s->cscomp_tobe = c;
5811 break;
5812 } else if (in_commasep_string(c->delayed_name, str, len)) {
5813 if (s->userauth_succeeded) {
5814 s->cscomp_tobe = c;
5815 break;
5816 } else {
5817 s->pending_compression = TRUE; /* try this later */
5818 }
5819 }
5820 }
5821 ssh_pkt_getstring(pktin, &str, &len); /* server->client compression */
5822 for (i = 0; i < lenof(compressions) + 1; i++) {
5823 const struct ssh_compress *c =
5824 i == 0 ? s->preferred_comp : compressions[i - 1];
5825 if (in_commasep_string(c->name, str, len)) {
5826 s->sccomp_tobe = c;
5827 break;
5828 } else if (in_commasep_string(c->delayed_name, str, len)) {
5829 if (s->userauth_succeeded) {
5830 s->sccomp_tobe = c;
5831 break;
5832 } else {
5833 s->pending_compression = TRUE; /* try this later */
5834 }
5835 }
5836 }
5837 if (s->pending_compression) {
5838 logevent("Server supports delayed compression; "
5839 "will try this later");
5840 }
5841 ssh_pkt_getstring(pktin, &str, &len); /* client->server language */
5842 ssh_pkt_getstring(pktin, &str, &len); /* server->client language */
5843 s->ignorepkt = ssh2_pkt_getbool(pktin) && !s->guessok;
5844
5845 if (s->warn_kex) {
5846 ssh_set_frozen(ssh, 1);
5847 s->dlgret = askalg(ssh->frontend, "key-exchange algorithm",
5848 ssh->kex->name,
5849 ssh_dialog_callback, ssh);
5850 if (s->dlgret < 0) {
5851 do {
5852 crReturn(0);
5853 if (pktin) {
5854 bombout(("Unexpected data from server while"
5855 " waiting for user response"));
5856 crStop(0);
5857 }
5858 } while (pktin || inlen > 0);
5859 s->dlgret = ssh->user_response;
5860 }
5861 ssh_set_frozen(ssh, 0);
5862 if (s->dlgret == 0) {
5863 ssh_disconnect(ssh, "User aborted at kex warning", NULL,
5864 0, TRUE);
5865 crStop(0);
5866 }
5867 }
5868
5869 if (s->warn_cscipher) {
5870 ssh_set_frozen(ssh, 1);
5871 s->dlgret = askalg(ssh->frontend,
5872 "client-to-server cipher",
5873 s->cscipher_tobe->name,
5874 ssh_dialog_callback, ssh);
5875 if (s->dlgret < 0) {
5876 do {
5877 crReturn(0);
5878 if (pktin) {
5879 bombout(("Unexpected data from server while"
5880 " waiting for user response"));
5881 crStop(0);
5882 }
5883 } while (pktin || inlen > 0);
5884 s->dlgret = ssh->user_response;
5885 }
5886 ssh_set_frozen(ssh, 0);
5887 if (s->dlgret == 0) {
5888 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5889 0, TRUE);
5890 crStop(0);
5891 }
5892 }
5893
5894 if (s->warn_sccipher) {
5895 ssh_set_frozen(ssh, 1);
5896 s->dlgret = askalg(ssh->frontend,
5897 "server-to-client cipher",
5898 s->sccipher_tobe->name,
5899 ssh_dialog_callback, ssh);
5900 if (s->dlgret < 0) {
5901 do {
5902 crReturn(0);
5903 if (pktin) {
5904 bombout(("Unexpected data from server while"
5905 " waiting for user response"));
5906 crStop(0);
5907 }
5908 } while (pktin || inlen > 0);
5909 s->dlgret = ssh->user_response;
5910 }
5911 ssh_set_frozen(ssh, 0);
5912 if (s->dlgret == 0) {
5913 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5914 0, TRUE);
5915 crStop(0);
5916 }
5917 }
5918
5919 ssh->exhash = ssh->kex->hash->init();
5920 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c));
5921 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s));
5922 hash_string(ssh->kex->hash, ssh->exhash,
5923 s->our_kexinit, s->our_kexinitlen);
5924 sfree(s->our_kexinit);
5925 if (pktin->length > 5)
5926 hash_string(ssh->kex->hash, ssh->exhash,
5927 pktin->data + 5, pktin->length - 5);
5928
5929 if (s->ignorepkt) /* first_kex_packet_follows */
5930 crWaitUntil(pktin); /* Ignore packet */
5931 }
5932
5933 if (ssh->kex->main_type == KEXTYPE_DH) {
5934 /*
5935 * Work out the number of bits of key we will need from the
5936 * key exchange. We start with the maximum key length of
5937 * either cipher...
5938 */
5939 {
5940 int csbits, scbits;
5941
5942 csbits = s->cscipher_tobe->keylen;
5943 scbits = s->sccipher_tobe->keylen;
5944 s->nbits = (csbits > scbits ? csbits : scbits);
5945 }
5946 /* The keys only have hlen-bit entropy, since they're based on
5947 * a hash. So cap the key size at hlen bits. */
5948 if (s->nbits > ssh->kex->hash->hlen * 8)
5949 s->nbits = ssh->kex->hash->hlen * 8;
5950
5951 /*
5952 * If we're doing Diffie-Hellman group exchange, start by
5953 * requesting a group.
5954 */
5955 if (!ssh->kex->pdata) {
5956 logevent("Doing Diffie-Hellman group exchange");
5957 ssh->pkt_kctx = SSH2_PKTCTX_DHGEX;
5958 /*
5959 * Work out how big a DH group we will need to allow that
5960 * much data.
5961 */
5962 s->pbits = 512 << ((s->nbits - 1) / 64);
5963 s->pktout = ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST);
5964 ssh2_pkt_adduint32(s->pktout, s->pbits);
5965 ssh2_pkt_send_noqueue(ssh, s->pktout);
5966
5967 crWaitUntil(pktin);
5968 if (pktin->type != SSH2_MSG_KEX_DH_GEX_GROUP) {
5969 bombout(("expected key exchange group packet from server"));
5970 crStop(0);
5971 }
5972 s->p = ssh2_pkt_getmp(pktin);
5973 s->g = ssh2_pkt_getmp(pktin);
5974 if (!s->p || !s->g) {
5975 bombout(("unable to read mp-ints from incoming group packet"));
5976 crStop(0);
5977 }
5978 ssh->kex_ctx = dh_setup_gex(s->p, s->g);
5979 s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
5980 s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
5981 } else {
5982 ssh->pkt_kctx = SSH2_PKTCTX_DHGROUP;
5983 ssh->kex_ctx = dh_setup_group(ssh->kex);
5984 s->kex_init_value = SSH2_MSG_KEXDH_INIT;
5985 s->kex_reply_value = SSH2_MSG_KEXDH_REPLY;
5986 logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"",
5987 ssh->kex->groupname);
5988 }
5989
5990 logeventf(ssh, "Doing Diffie-Hellman key exchange with hash %s",
5991 ssh->kex->hash->text_name);
5992 /*
5993 * Now generate and send e for Diffie-Hellman.
5994 */
5995 set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */
5996 s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2);
5997 s->pktout = ssh2_pkt_init(s->kex_init_value);
5998 ssh2_pkt_addmp(s->pktout, s->e);
5999 ssh2_pkt_send_noqueue(ssh, s->pktout);
6000
6001 set_busy_status(ssh->frontend, BUSY_WAITING); /* wait for server */
6002 crWaitUntil(pktin);
6003 if (pktin->type != s->kex_reply_value) {
6004 bombout(("expected key exchange reply packet from server"));
6005 crStop(0);
6006 }
6007 set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
6008 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
6009 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
6010 s->f = ssh2_pkt_getmp(pktin);
6011 if (!s->f) {
6012 bombout(("unable to parse key exchange reply packet"));
6013 crStop(0);
6014 }
6015 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
6016
6017 s->K = dh_find_K(ssh->kex_ctx, s->f);
6018
6019 /* We assume everything from now on will be quick, and it might
6020 * involve user interaction. */
6021 set_busy_status(ssh->frontend, BUSY_NOT);
6022
6023 hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
6024 if (!ssh->kex->pdata) {
6025 hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
6026 hash_mpint(ssh->kex->hash, ssh->exhash, s->p);
6027 hash_mpint(ssh->kex->hash, ssh->exhash, s->g);
6028 }
6029 hash_mpint(ssh->kex->hash, ssh->exhash, s->e);
6030 hash_mpint(ssh->kex->hash, ssh->exhash, s->f);
6031
6032 dh_cleanup(ssh->kex_ctx);
6033 freebn(s->f);
6034 if (!ssh->kex->pdata) {
6035 freebn(s->g);
6036 freebn(s->p);
6037 }
6038 } else {
6039 logeventf(ssh, "Doing RSA key exchange with hash %s",
6040 ssh->kex->hash->text_name);
6041 ssh->pkt_kctx = SSH2_PKTCTX_RSAKEX;
6042 /*
6043 * RSA key exchange. First expect a KEXRSA_PUBKEY packet
6044 * from the server.
6045 */
6046 crWaitUntil(pktin);
6047 if (pktin->type != SSH2_MSG_KEXRSA_PUBKEY) {
6048 bombout(("expected RSA public key packet from server"));
6049 crStop(0);
6050 }
6051
6052 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
6053 hash_string(ssh->kex->hash, ssh->exhash,
6054 s->hostkeydata, s->hostkeylen);
6055 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
6056
6057 {
6058 char *keydata;
6059 ssh_pkt_getstring(pktin, &keydata, &s->rsakeylen);
6060 s->rsakeydata = snewn(s->rsakeylen, char);
6061 memcpy(s->rsakeydata, keydata, s->rsakeylen);
6062 }
6063
6064 s->rsakey = ssh_rsakex_newkey(s->rsakeydata, s->rsakeylen);
6065 if (!s->rsakey) {
6066 sfree(s->rsakeydata);
6067 bombout(("unable to parse RSA public key from server"));
6068 crStop(0);
6069 }
6070
6071 hash_string(ssh->kex->hash, ssh->exhash, s->rsakeydata, s->rsakeylen);
6072
6073 /*
6074 * Next, set up a shared secret K, of precisely KLEN -
6075 * 2*HLEN - 49 bits, where KLEN is the bit length of the
6076 * RSA key modulus and HLEN is the bit length of the hash
6077 * we're using.
6078 */
6079 {
6080 int klen = ssh_rsakex_klen(s->rsakey);
6081 int nbits = klen - (2*ssh->kex->hash->hlen*8 + 49);
6082 int i, byte = 0;
6083 unsigned char *kstr1, *kstr2, *outstr;
6084 int kstr1len, kstr2len, outstrlen;
6085
6086 s->K = bn_power_2(nbits - 1);
6087
6088 for (i = 0; i < nbits; i++) {
6089 if ((i & 7) == 0) {
6090 byte = random_byte();
6091 }
6092 bignum_set_bit(s->K, i, (byte >> (i & 7)) & 1);
6093 }
6094
6095 /*
6096 * Encode this as an mpint.
6097 */
6098 kstr1 = ssh2_mpint_fmt(s->K, &kstr1len);
6099 kstr2 = snewn(kstr2len = 4 + kstr1len, unsigned char);
6100 PUT_32BIT(kstr2, kstr1len);
6101 memcpy(kstr2 + 4, kstr1, kstr1len);
6102
6103 /*
6104 * Encrypt it with the given RSA key.
6105 */
6106 outstrlen = (klen + 7) / 8;
6107 outstr = snewn(outstrlen, unsigned char);
6108 ssh_rsakex_encrypt(ssh->kex->hash, kstr2, kstr2len,
6109 outstr, outstrlen, s->rsakey);
6110
6111 /*
6112 * And send it off in a return packet.
6113 */
6114 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXRSA_SECRET);
6115 ssh2_pkt_addstring_start(s->pktout);
6116 ssh2_pkt_addstring_data(s->pktout, (char *)outstr, outstrlen);
6117 ssh2_pkt_send_noqueue(ssh, s->pktout);
6118
6119 hash_string(ssh->kex->hash, ssh->exhash, outstr, outstrlen);
6120
6121 sfree(kstr2);
6122 sfree(kstr1);
6123 sfree(outstr);
6124 }
6125
6126 ssh_rsakex_freekey(s->rsakey);
6127
6128 crWaitUntil(pktin);
6129 if (pktin->type != SSH2_MSG_KEXRSA_DONE) {
6130 sfree(s->rsakeydata);
6131 bombout(("expected signature packet from server"));
6132 crStop(0);
6133 }
6134
6135 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
6136
6137 sfree(s->rsakeydata);
6138 }
6139
6140 hash_mpint(ssh->kex->hash, ssh->exhash, s->K);
6141 assert(ssh->kex->hash->hlen <= sizeof(s->exchange_hash));
6142 ssh->kex->hash->final(ssh->exhash, s->exchange_hash);
6143
6144 ssh->kex_ctx = NULL;
6145
6146 #if 0
6147 debug(("Exchange hash is:\n"));
6148 dmemdump(s->exchange_hash, ssh->kex->hash->hlen);
6149 #endif
6150
6151 if (!s->hkey ||
6152 !ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
6153 (char *)s->exchange_hash,
6154 ssh->kex->hash->hlen)) {
6155 bombout(("Server's host key did not match the signature supplied"));
6156 crStop(0);
6157 }
6158
6159 /*
6160 * Authenticate remote host: verify host key. (We've already
6161 * checked the signature of the exchange hash.)
6162 */
6163 s->keystr = ssh->hostkey->fmtkey(s->hkey);
6164 s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
6165 ssh_set_frozen(ssh, 1);
6166 s->dlgret = verify_ssh_host_key(ssh->frontend,
6167 ssh->savedhost, ssh->savedport,
6168 ssh->hostkey->keytype, s->keystr,
6169 s->fingerprint,
6170 ssh_dialog_callback, ssh);
6171 if (s->dlgret < 0) {
6172 do {
6173 crReturn(0);
6174 if (pktin) {
6175 bombout(("Unexpected data from server while waiting"
6176 " for user host key response"));
6177 crStop(0);
6178 }
6179 } while (pktin || inlen > 0);
6180 s->dlgret = ssh->user_response;
6181 }
6182 ssh_set_frozen(ssh, 0);
6183 if (s->dlgret == 0) {
6184 ssh_disconnect(ssh, "User aborted at host key verification", NULL,
6185 0, TRUE);
6186 crStop(0);
6187 }
6188 if (!s->got_session_id) { /* don't bother logging this in rekeys */
6189 logevent("Host key fingerprint is:");
6190 logevent(s->fingerprint);
6191 }
6192 sfree(s->fingerprint);
6193 sfree(s->keystr);
6194 ssh->hostkey->freekey(s->hkey);
6195
6196 /*
6197 * The exchange hash from the very first key exchange is also
6198 * the session id, used in session key construction and
6199 * authentication.
6200 */
6201 if (!s->got_session_id) {
6202 assert(sizeof(s->exchange_hash) <= sizeof(ssh->v2_session_id));
6203 memcpy(ssh->v2_session_id, s->exchange_hash,
6204 sizeof(s->exchange_hash));
6205 ssh->v2_session_id_len = ssh->kex->hash->hlen;
6206 assert(ssh->v2_session_id_len <= sizeof(ssh->v2_session_id));
6207 s->got_session_id = TRUE;
6208 }
6209
6210 /*
6211 * Send SSH2_MSG_NEWKEYS.
6212 */
6213 s->pktout = ssh2_pkt_init(SSH2_MSG_NEWKEYS);
6214 ssh2_pkt_send_noqueue(ssh, s->pktout);
6215 ssh->outgoing_data_size = 0; /* start counting from here */
6216
6217 /*
6218 * We've sent client NEWKEYS, so create and initialise
6219 * client-to-server session keys.
6220 */
6221 if (ssh->cs_cipher_ctx)
6222 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
6223 ssh->cscipher = s->cscipher_tobe;
6224 ssh->cs_cipher_ctx = ssh->cscipher->make_context();
6225
6226 if (ssh->cs_mac_ctx)
6227 ssh->csmac->free_context(ssh->cs_mac_ctx);
6228 ssh->csmac = s->csmac_tobe;
6229 ssh->cs_mac_ctx = ssh->csmac->make_context();
6230
6231 if (ssh->cs_comp_ctx)
6232 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
6233 ssh->cscomp = s->cscomp_tobe;
6234 ssh->cs_comp_ctx = ssh->cscomp->compress_init();
6235
6236 /*
6237 * Set IVs on client-to-server keys. Here we use the exchange
6238 * hash from the _first_ key exchange.
6239 */
6240 {
6241 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6242 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6243 ssh2_mkkey(ssh,s->K,s->exchange_hash,'C',keyspace);
6244 assert((ssh->cscipher->keylen+7) / 8 <=
6245 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6246 ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace);
6247 ssh2_mkkey(ssh,s->K,s->exchange_hash,'A',keyspace);
6248 assert(ssh->cscipher->blksize <=
6249 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6250 ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace);
6251 ssh2_mkkey(ssh,s->K,s->exchange_hash,'E',keyspace);
6252 assert(ssh->csmac->len <=
6253 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6254 ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace);
6255 memset(keyspace, 0, sizeof(keyspace));
6256 }
6257
6258 logeventf(ssh, "Initialised %.200s client->server encryption",
6259 ssh->cscipher->text_name);
6260 logeventf(ssh, "Initialised %.200s client->server MAC algorithm",
6261 ssh->csmac->text_name);
6262 if (ssh->cscomp->text_name)
6263 logeventf(ssh, "Initialised %s compression",
6264 ssh->cscomp->text_name);
6265
6266 /*
6267 * Now our end of the key exchange is complete, we can send all
6268 * our queued higher-layer packets.
6269 */
6270 ssh->queueing = FALSE;
6271 ssh2_pkt_queuesend(ssh);
6272
6273 /*
6274 * Expect SSH2_MSG_NEWKEYS from server.
6275 */
6276 crWaitUntil(pktin);
6277 if (pktin->type != SSH2_MSG_NEWKEYS) {
6278 bombout(("expected new-keys packet from server"));
6279 crStop(0);
6280 }
6281 ssh->incoming_data_size = 0; /* start counting from here */
6282
6283 /*
6284 * We've seen server NEWKEYS, so create and initialise
6285 * server-to-client session keys.
6286 */
6287 if (ssh->sc_cipher_ctx)
6288 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
6289 ssh->sccipher = s->sccipher_tobe;
6290 ssh->sc_cipher_ctx = ssh->sccipher->make_context();
6291
6292 if (ssh->sc_mac_ctx)
6293 ssh->scmac->free_context(ssh->sc_mac_ctx);
6294 ssh->scmac = s->scmac_tobe;
6295 ssh->sc_mac_ctx = ssh->scmac->make_context();
6296
6297 if (ssh->sc_comp_ctx)
6298 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
6299 ssh->sccomp = s->sccomp_tobe;
6300 ssh->sc_comp_ctx = ssh->sccomp->decompress_init();
6301
6302 /*
6303 * Set IVs on server-to-client keys. Here we use the exchange
6304 * hash from the _first_ key exchange.
6305 */
6306 {
6307 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6308 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6309 ssh2_mkkey(ssh,s->K,s->exchange_hash,'D',keyspace);
6310 assert((ssh->sccipher->keylen+7) / 8 <=
6311 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6312 ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace);
6313 ssh2_mkkey(ssh,s->K,s->exchange_hash,'B',keyspace);
6314 assert(ssh->sccipher->blksize <=
6315 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6316 ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace);
6317 ssh2_mkkey(ssh,s->K,s->exchange_hash,'F',keyspace);
6318 assert(ssh->scmac->len <=
6319 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6320 ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
6321 memset(keyspace, 0, sizeof(keyspace));
6322 }
6323 logeventf(ssh, "Initialised %.200s server->client encryption",
6324 ssh->sccipher->text_name);
6325 logeventf(ssh, "Initialised %.200s server->client MAC algorithm",
6326 ssh->scmac->text_name);
6327 if (ssh->sccomp->text_name)
6328 logeventf(ssh, "Initialised %s decompression",
6329 ssh->sccomp->text_name);
6330
6331 /*
6332 * Free shared secret.
6333 */
6334 freebn(s->K);
6335
6336 /*
6337 * Key exchange is over. Loop straight back round if we have a
6338 * deferred rekey reason.
6339 */
6340 if (ssh->deferred_rekey_reason) {
6341 logevent(ssh->deferred_rekey_reason);
6342 pktin = NULL;
6343 ssh->deferred_rekey_reason = NULL;
6344 goto begin_key_exchange;
6345 }
6346
6347 /*
6348 * Otherwise, schedule a timer for our next rekey.
6349 */
6350 ssh->kex_in_progress = FALSE;
6351 ssh->last_rekey = GETTICKCOUNT();
6352 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0)
6353 ssh->next_rekey = schedule_timer(conf_get_int(ssh->conf, CONF_ssh_rekey_time)*60*TICKSPERSEC,
6354 ssh2_timer, ssh);
6355
6356 /*
6357 * If this is the first key exchange phase, we must pass the
6358 * SSH2_MSG_NEWKEYS packet to the next layer, not because it
6359 * wants to see it but because it will need time to initialise
6360 * itself before it sees an actual packet. In subsequent key
6361 * exchange phases, we don't pass SSH2_MSG_NEWKEYS on, because
6362 * it would only confuse the layer above.
6363 */
6364 if (s->activated_authconn) {
6365 crReturn(0);
6366 }
6367 s->activated_authconn = TRUE;
6368
6369 /*
6370 * Now we're encrypting. Begin returning 1 to the protocol main
6371 * function so that other things can run on top of the
6372 * transport. If we ever see a KEXINIT, we must go back to the
6373 * start.
6374 *
6375 * We _also_ go back to the start if we see pktin==NULL and
6376 * inlen negative, because this is a special signal meaning
6377 * `initiate client-driven rekey', and `in' contains a message
6378 * giving the reason for the rekey.
6379 *
6380 * inlen==-1 means always initiate a rekey;
6381 * inlen==-2 means that userauth has completed successfully and
6382 * we should consider rekeying (for delayed compression).
6383 */
6384 while (!((pktin && pktin->type == SSH2_MSG_KEXINIT) ||
6385 (!pktin && inlen < 0))) {
6386 wait_for_rekey:
6387 crReturn(1);
6388 }
6389 if (pktin) {
6390 logevent("Server initiated key re-exchange");
6391 } else {
6392 if (inlen == -2) {
6393 /*
6394 * authconn has seen a USERAUTH_SUCCEEDED. Time to enable
6395 * delayed compression, if it's available.
6396 *
6397 * draft-miller-secsh-compression-delayed-00 says that you
6398 * negotiate delayed compression in the first key exchange, and
6399 * both sides start compressing when the server has sent
6400 * USERAUTH_SUCCESS. This has a race condition -- the server
6401 * can't know when the client has seen it, and thus which incoming
6402 * packets it should treat as compressed.
6403 *
6404 * Instead, we do the initial key exchange without offering the
6405 * delayed methods, but note if the server offers them; when we
6406 * get here, if a delayed method was available that was higher
6407 * on our list than what we got, we initiate a rekey in which we
6408 * _do_ list the delayed methods (and hopefully get it as a
6409 * result). Subsequent rekeys will do the same.
6410 */
6411 assert(!s->userauth_succeeded); /* should only happen once */
6412 s->userauth_succeeded = TRUE;
6413 if (!s->pending_compression)
6414 /* Can't see any point rekeying. */
6415 goto wait_for_rekey; /* this is utterly horrid */
6416 /* else fall through to rekey... */
6417 s->pending_compression = FALSE;
6418 }
6419 /*
6420 * Now we've decided to rekey.
6421 *
6422 * Special case: if the server bug is set that doesn't
6423 * allow rekeying, we give a different log message and
6424 * continue waiting. (If such a server _initiates_ a rekey,
6425 * we process it anyway!)
6426 */
6427 if ((ssh->remote_bugs & BUG_SSH2_REKEY)) {
6428 logeventf(ssh, "Server bug prevents key re-exchange (%s)",
6429 (char *)in);
6430 /* Reset the counters, so that at least this message doesn't
6431 * hit the event log _too_ often. */
6432 ssh->outgoing_data_size = 0;
6433 ssh->incoming_data_size = 0;
6434 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0) {
6435 ssh->next_rekey =
6436 schedule_timer(conf_get_int(ssh->conf, CONF_ssh_rekey_time)*60*TICKSPERSEC,
6437 ssh2_timer, ssh);
6438 }
6439 goto wait_for_rekey; /* this is still utterly horrid */
6440 } else {
6441 logeventf(ssh, "Initiating key re-exchange (%s)", (char *)in);
6442 }
6443 }
6444 goto begin_key_exchange;
6445
6446 crFinish(1);
6447 }
6448
6449 /*
6450 * Add data to an SSH-2 channel output buffer.
6451 */
6452 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
6453 int len)
6454 {
6455 bufchain_add(&c->v.v2.outbuffer, buf, len);
6456 }
6457
6458 /*
6459 * Attempt to send data on an SSH-2 channel.
6460 */
6461 static int ssh2_try_send(struct ssh_channel *c)
6462 {
6463 Ssh ssh = c->ssh;
6464 struct Packet *pktout;
6465 int ret;
6466
6467 while (c->v.v2.remwindow > 0 && bufchain_size(&c->v.v2.outbuffer) > 0) {
6468 int len;
6469 void *data;
6470 bufchain_prefix(&c->v.v2.outbuffer, &data, &len);
6471 if ((unsigned)len > c->v.v2.remwindow)
6472 len = c->v.v2.remwindow;
6473 if ((unsigned)len > c->v.v2.remmaxpkt)
6474 len = c->v.v2.remmaxpkt;
6475 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA);
6476 ssh2_pkt_adduint32(pktout, c->remoteid);
6477 ssh2_pkt_addstring_start(pktout);
6478 dont_log_data(ssh, pktout, PKTLOG_OMIT);
6479 ssh2_pkt_addstring_data(pktout, data, len);
6480 end_log_omission(ssh, pktout);
6481 ssh2_pkt_send(ssh, pktout);
6482 bufchain_consume(&c->v.v2.outbuffer, len);
6483 c->v.v2.remwindow -= len;
6484 }
6485
6486 /*
6487 * After having sent as much data as we can, return the amount
6488 * still buffered.
6489 */
6490 ret = bufchain_size(&c->v.v2.outbuffer);
6491
6492 /*
6493 * And if there's no data pending but we need to send an EOF, send
6494 * it.
6495 */
6496 if (!ret && c->pending_eof)
6497 ssh_channel_try_eof(c);
6498
6499 return ret;
6500 }
6501
6502 static void ssh2_try_send_and_unthrottle(Ssh ssh, struct ssh_channel *c)
6503 {
6504 int bufsize;
6505 if (c->closes & CLOSES_SENT_EOF)
6506 return; /* don't send on channels we've EOFed */
6507 bufsize = ssh2_try_send(c);
6508 if (bufsize == 0) {
6509 switch (c->type) {
6510 case CHAN_MAINSESSION:
6511 /* stdin need not receive an unthrottle
6512 * notification since it will be polled */
6513 break;
6514 case CHAN_X11:
6515 x11_unthrottle(c->u.x11.s);
6516 break;
6517 case CHAN_AGENT:
6518 /* agent sockets are request/response and need no
6519 * buffer management */
6520 break;
6521 case CHAN_SOCKDATA:
6522 pfd_unthrottle(c->u.pfd.s);
6523 break;
6524 }
6525 }
6526 }
6527
6528 /*
6529 * Set up most of a new ssh_channel for SSH-2.
6530 */
6531 static void ssh2_channel_init(struct ssh_channel *c)
6532 {
6533 Ssh ssh = c->ssh;
6534 c->localid = alloc_channel_id(ssh);
6535 c->closes = 0;
6536 c->pending_eof = FALSE;
6537 c->throttling_conn = FALSE;
6538 c->v.v2.locwindow = c->v.v2.locmaxwin = c->v.v2.remlocwin =
6539 conf_get_int(ssh->conf, CONF_ssh_simple) ? OUR_V2_BIGWIN : OUR_V2_WINSIZE;
6540 c->v.v2.winadj_head = c->v.v2.winadj_tail = NULL;
6541 c->v.v2.throttle_state = UNTHROTTLED;
6542 bufchain_init(&c->v.v2.outbuffer);
6543 }
6544
6545 /*
6546 * Potentially enlarge the window on an SSH-2 channel.
6547 */
6548 static void ssh2_set_window(struct ssh_channel *c, int newwin)
6549 {
6550 Ssh ssh = c->ssh;
6551
6552 /*
6553 * Never send WINDOW_ADJUST for a channel that the remote side has
6554 * already sent EOF on; there's no point, since it won't be
6555 * sending any more data anyway.
6556 */
6557 if (c->closes & CLOSES_RCVD_EOF)
6558 return;
6559
6560 /*
6561 * If the remote end has a habit of ignoring maxpkt, limit the
6562 * window so that it has no choice (assuming it doesn't ignore the
6563 * window as well).
6564 */
6565 if ((ssh->remote_bugs & BUG_SSH2_MAXPKT) && newwin > OUR_V2_MAXPKT)
6566 newwin = OUR_V2_MAXPKT;
6567
6568
6569 /*
6570 * Only send a WINDOW_ADJUST if there's significantly more window
6571 * available than the other end thinks there is. This saves us
6572 * sending a WINDOW_ADJUST for every character in a shell session.
6573 *
6574 * "Significant" is arbitrarily defined as half the window size.
6575 */
6576 if (newwin / 2 >= c->v.v2.locwindow) {
6577 struct Packet *pktout;
6578 struct winadj *wa;
6579
6580 /*
6581 * In order to keep track of how much window the client
6582 * actually has available, we'd like it to acknowledge each
6583 * WINDOW_ADJUST. We can't do that directly, so we accompany
6584 * it with a CHANNEL_REQUEST that has to be acknowledged.
6585 *
6586 * This is only necessary if we're opening the window wide.
6587 * If we're not, then throughput is being constrained by
6588 * something other than the maximum window size anyway.
6589 *
6590 * We also only send this if the main channel has finished its
6591 * initial CHANNEL_REQUESTs and installed the default
6592 * CHANNEL_FAILURE handler, so as not to risk giving it
6593 * unexpected CHANNEL_FAILUREs.
6594 */
6595 if (newwin == c->v.v2.locmaxwin &&
6596 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE]) {
6597 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
6598 ssh2_pkt_adduint32(pktout, c->remoteid);
6599 ssh2_pkt_addstring(pktout, "winadj@putty.projects.tartarus.org");
6600 ssh2_pkt_addbool(pktout, TRUE);
6601 ssh2_pkt_send(ssh, pktout);
6602
6603 /*
6604 * CHANNEL_FAILURE doesn't come with any indication of
6605 * what message caused it, so we have to keep track of the
6606 * outstanding CHANNEL_REQUESTs ourselves.
6607 */
6608 wa = snew(struct winadj);
6609 wa->size = newwin - c->v.v2.locwindow;
6610 wa->next = NULL;
6611 if (!c->v.v2.winadj_head)
6612 c->v.v2.winadj_head = wa;
6613 else
6614 c->v.v2.winadj_tail->next = wa;
6615 c->v.v2.winadj_tail = wa;
6616 if (c->v.v2.throttle_state != UNTHROTTLED)
6617 c->v.v2.throttle_state = UNTHROTTLING;
6618 } else {
6619 /* Pretend the WINDOW_ADJUST was acked immediately. */
6620 c->v.v2.remlocwin = newwin;
6621 c->v.v2.throttle_state = THROTTLED;
6622 }
6623 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
6624 ssh2_pkt_adduint32(pktout, c->remoteid);
6625 ssh2_pkt_adduint32(pktout, newwin - c->v.v2.locwindow);
6626 ssh2_pkt_send(ssh, pktout);
6627 c->v.v2.locwindow = newwin;
6628 }
6629 }
6630
6631 /*
6632 * Find the channel associated with a message. If there's no channel,
6633 * or it's not properly open, make a noise about it and return NULL.
6634 */
6635 static struct ssh_channel *ssh2_channel_msg(Ssh ssh, struct Packet *pktin)
6636 {
6637 unsigned localid = ssh_pkt_getuint32(pktin);
6638 struct ssh_channel *c;
6639
6640 c = find234(ssh->channels, &localid, ssh_channelfind);
6641 if (!c ||
6642 (c->halfopen && pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION &&
6643 pktin->type != SSH2_MSG_CHANNEL_OPEN_FAILURE)) {
6644 char *buf = dupprintf("Received %s for %s channel %u",
6645 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
6646 pktin->type),
6647 c ? "half-open" : "nonexistent", localid);
6648 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6649 sfree(buf);
6650 return NULL;
6651 }
6652 return c;
6653 }
6654
6655 static int ssh2_handle_winadj_response(struct ssh_channel *c)
6656 {
6657 struct winadj *wa = c->v.v2.winadj_head;
6658 if (!wa)
6659 return FALSE;
6660 c->v.v2.winadj_head = wa->next;
6661 c->v.v2.remlocwin += wa->size;
6662 sfree(wa);
6663 /*
6664 * winadj messages are only sent when the window is fully open, so
6665 * if we get an ack of one, we know any pending unthrottle is
6666 * complete.
6667 */
6668 if (c->v.v2.throttle_state == UNTHROTTLING)
6669 c->v.v2.throttle_state = UNTHROTTLED;
6670 return TRUE;
6671 }
6672
6673 static void ssh2_msg_channel_success(Ssh ssh, struct Packet *pktin)
6674 {
6675 /*
6676 * This should never get called. All channel requests are either
6677 * sent with want_reply false, are sent before this handler gets
6678 * installed, or are "winadj@putty" requests, which servers should
6679 * never respond to with success.
6680 *
6681 * However, at least one server ("boks_sshd") is known to return
6682 * SUCCESS for channel requests it's never heard of, such as
6683 * "winadj@putty". Raised with foxt.com as bug 090916-090424, but
6684 * for the sake of a quiet life, we handle it just the same as the
6685 * expected FAILURE.
6686 */
6687 struct ssh_channel *c;
6688
6689 c = ssh2_channel_msg(ssh, pktin);
6690 if (!c)
6691 return;
6692 if (!ssh2_handle_winadj_response(c))
6693 ssh_disconnect(ssh, NULL,
6694 "Received unsolicited SSH_MSG_CHANNEL_SUCCESS",
6695 SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6696 }
6697
6698 static void ssh2_msg_channel_failure(Ssh ssh, struct Packet *pktin)
6699 {
6700 /*
6701 * The only time this should get called is for "winadj@putty"
6702 * messages sent above. All other channel requests are either
6703 * sent with want_reply false or are sent before this handler gets
6704 * installed.
6705 */
6706 struct ssh_channel *c;
6707
6708 c = ssh2_channel_msg(ssh, pktin);
6709 if (!c)
6710 return;
6711 if (!ssh2_handle_winadj_response(c))
6712 ssh_disconnect(ssh, NULL,
6713 "Received unsolicited SSH_MSG_CHANNEL_FAILURE",
6714 SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6715 }
6716
6717 static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)
6718 {
6719 struct ssh_channel *c;
6720 c = ssh2_channel_msg(ssh, pktin);
6721 if (!c)
6722 return;
6723 if (!(c->closes & CLOSES_SENT_EOF)) {
6724 c->v.v2.remwindow += ssh_pkt_getuint32(pktin);
6725 ssh2_try_send_and_unthrottle(ssh, c);
6726 }
6727 }
6728
6729 static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
6730 {
6731 char *data;
6732 int length;
6733 struct ssh_channel *c;
6734 c = ssh2_channel_msg(ssh, pktin);
6735 if (!c)
6736 return;
6737 if (pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA &&
6738 ssh_pkt_getuint32(pktin) != SSH2_EXTENDED_DATA_STDERR)
6739 return; /* extended but not stderr */
6740 ssh_pkt_getstring(pktin, &data, &length);
6741 if (data) {
6742 int bufsize = 0;
6743 c->v.v2.locwindow -= length;
6744 c->v.v2.remlocwin -= length;
6745 switch (c->type) {
6746 case CHAN_MAINSESSION:
6747 bufsize =
6748 from_backend(ssh->frontend, pktin->type ==
6749 SSH2_MSG_CHANNEL_EXTENDED_DATA,
6750 data, length);
6751 break;
6752 case CHAN_X11:
6753 bufsize = x11_send(c->u.x11.s, data, length);
6754 break;
6755 case CHAN_SOCKDATA:
6756 bufsize = pfd_send(c->u.pfd.s, data, length);
6757 break;
6758 case CHAN_AGENT:
6759 while (length > 0) {
6760 if (c->u.a.lensofar < 4) {
6761 unsigned int l = min(4 - c->u.a.lensofar,
6762 (unsigned)length);
6763 memcpy(c->u.a.msglen + c->u.a.lensofar,
6764 data, l);
6765 data += l;
6766 length -= l;
6767 c->u.a.lensofar += l;
6768 }
6769 if (c->u.a.lensofar == 4) {
6770 c->u.a.totallen =
6771 4 + GET_32BIT(c->u.a.msglen);
6772 c->u.a.message = snewn(c->u.a.totallen,
6773 unsigned char);
6774 memcpy(c->u.a.message, c->u.a.msglen, 4);
6775 }
6776 if (c->u.a.lensofar >= 4 && length > 0) {
6777 unsigned int l =
6778 min(c->u.a.totallen - c->u.a.lensofar,
6779 (unsigned)length);
6780 memcpy(c->u.a.message + c->u.a.lensofar,
6781 data, l);
6782 data += l;
6783 length -= l;
6784 c->u.a.lensofar += l;
6785 }
6786 if (c->u.a.lensofar == c->u.a.totallen) {
6787 void *reply;
6788 int replylen;
6789 if (agent_query(c->u.a.message,
6790 c->u.a.totallen,
6791 &reply, &replylen,
6792 ssh_agentf_callback, c))
6793 ssh_agentf_callback(c, reply, replylen);
6794 sfree(c->u.a.message);
6795 c->u.a.message = NULL;
6796 c->u.a.lensofar = 0;
6797 }
6798 }
6799 bufsize = 0;
6800 break;
6801 }
6802 /*
6803 * If it looks like the remote end hit the end of its window,
6804 * and we didn't want it to do that, think about using a
6805 * larger window.
6806 */
6807 if (c->v.v2.remlocwin <= 0 && c->v.v2.throttle_state == UNTHROTTLED &&
6808 c->v.v2.locmaxwin < 0x40000000)
6809 c->v.v2.locmaxwin += OUR_V2_WINSIZE;
6810 /*
6811 * If we are not buffering too much data,
6812 * enlarge the window again at the remote side.
6813 * If we are buffering too much, we may still
6814 * need to adjust the window if the server's
6815 * sent excess data.
6816 */
6817 ssh2_set_window(c, bufsize < c->v.v2.locmaxwin ?
6818 c->v.v2.locmaxwin - bufsize : 0);
6819 /*
6820 * If we're either buffering way too much data, or if we're
6821 * buffering anything at all and we're in "simple" mode,
6822 * throttle the whole channel.
6823 */
6824 if ((bufsize > c->v.v2.locmaxwin ||
6825 (conf_get_int(ssh->conf, CONF_ssh_simple) && bufsize > 0)) &&
6826 !c->throttling_conn) {
6827 c->throttling_conn = 1;
6828 ssh_throttle_conn(ssh, +1);
6829 }
6830 }
6831 }
6832
6833 static void ssh_channel_destroy(struct ssh_channel *c)
6834 {
6835 Ssh ssh = c->ssh;
6836
6837 switch (c->type) {
6838 case CHAN_MAINSESSION:
6839 ssh->mainchan = NULL;
6840 update_specials_menu(ssh->frontend);
6841 break;
6842 case CHAN_X11:
6843 if (c->u.x11.s != NULL)
6844 x11_close(c->u.x11.s);
6845 logevent("Forwarded X11 connection terminated");
6846 break;
6847 case CHAN_AGENT:
6848 sfree(c->u.a.message);
6849 break;
6850 case CHAN_SOCKDATA:
6851 if (c->u.pfd.s != NULL)
6852 pfd_close(c->u.pfd.s);
6853 logevent("Forwarded port closed");
6854 break;
6855 }
6856
6857 del234(ssh->channels, c);
6858 if (ssh->version == 2)
6859 bufchain_clear(&c->v.v2.outbuffer);
6860 sfree(c);
6861
6862 /*
6863 * See if that was the last channel left open.
6864 * (This is only our termination condition if we're
6865 * not running in -N mode.)
6866 */
6867 if (ssh->version == 2 &&
6868 !conf_get_int(ssh->conf, CONF_ssh_no_shell) &&
6869 count234(ssh->channels) == 0) {
6870 /*
6871 * We used to send SSH_MSG_DISCONNECT here,
6872 * because I'd believed that _every_ conforming
6873 * SSH-2 connection had to end with a disconnect
6874 * being sent by at least one side; apparently
6875 * I was wrong and it's perfectly OK to
6876 * unceremoniously slam the connection shut
6877 * when you're done, and indeed OpenSSH feels
6878 * this is more polite than sending a
6879 * DISCONNECT. So now we don't.
6880 */
6881 ssh_disconnect(ssh, "All channels closed", NULL, 0, TRUE);
6882 }
6883 }
6884
6885 static void ssh2_channel_check_close(struct ssh_channel *c)
6886 {
6887 Ssh ssh = c->ssh;
6888 struct Packet *pktout;
6889
6890 if ((c->closes & (CLOSES_SENT_EOF | CLOSES_RCVD_EOF | CLOSES_SENT_CLOSE))
6891 == (CLOSES_SENT_EOF | CLOSES_RCVD_EOF)) {
6892 /*
6893 * We have both sent and received EOF, which means the channel
6894 * is in final wind-up. But we haven't sent CLOSE, so let's.
6895 */
6896 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6897 ssh2_pkt_adduint32(pktout, c->remoteid);
6898 ssh2_pkt_send(ssh, pktout);
6899 c->closes |= CLOSES_SENT_CLOSE;
6900 }
6901
6902 if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes)) {
6903 /*
6904 * We have both sent and received CLOSE, which means we're
6905 * completely done with the channel.
6906 */
6907 ssh_channel_destroy(c);
6908 }
6909 }
6910
6911 static void ssh2_channel_got_eof(struct ssh_channel *c)
6912 {
6913 if (c->closes & CLOSES_RCVD_EOF)
6914 return; /* already seen EOF */
6915 c->closes |= CLOSES_RCVD_EOF;
6916
6917 if (c->type == CHAN_X11) {
6918 x11_send_eof(c->u.x11.s);
6919 } else if (c->type == CHAN_AGENT) {
6920 /* Manufacture an outgoing EOF in response to the incoming one. */
6921 sshfwd_write_eof(c);
6922 } else if (c->type == CHAN_SOCKDATA) {
6923 pfd_send_eof(c->u.pfd.s);
6924 } else if (c->type == CHAN_MAINSESSION) {
6925 Ssh ssh = c->ssh;
6926
6927 if (!ssh->sent_console_eof && from_backend_eof(ssh->frontend)) {
6928 /*
6929 * The front end wants us to close the outgoing side of the
6930 * connection as soon as we see EOF from the far end.
6931 */
6932 sshfwd_write_eof(c);
6933 }
6934 ssh->sent_console_eof = TRUE;
6935 }
6936
6937 ssh2_channel_check_close(c);
6938 }
6939
6940 static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)
6941 {
6942 struct ssh_channel *c;
6943
6944 c = ssh2_channel_msg(ssh, pktin);
6945 if (!c)
6946 return;
6947 ssh2_channel_got_eof(c);
6948 }
6949
6950 static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
6951 {
6952 struct ssh_channel *c;
6953
6954 c = ssh2_channel_msg(ssh, pktin);
6955 if (!c)
6956 return;
6957
6958 /*
6959 * When we receive CLOSE on a channel, we assume it comes with an
6960 * implied EOF if we haven't seen EOF yet.
6961 */
6962 ssh2_channel_got_eof(c);
6963
6964 /*
6965 * Now process the actual close.
6966 */
6967 if (!(c->closes & CLOSES_RCVD_CLOSE)) {
6968 c->closes |= CLOSES_RCVD_CLOSE;
6969 ssh2_channel_check_close(c);
6970 }
6971 }
6972
6973 static void ssh2_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
6974 {
6975 struct ssh_channel *c;
6976
6977 c = ssh2_channel_msg(ssh, pktin);
6978 if (!c)
6979 return;
6980 if (c->type != CHAN_SOCKDATA_DORMANT)
6981 return; /* dunno why they're confirming this */
6982 c->remoteid = ssh_pkt_getuint32(pktin);
6983 c->halfopen = FALSE;
6984 c->type = CHAN_SOCKDATA;
6985 c->v.v2.remwindow = ssh_pkt_getuint32(pktin);
6986 c->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
6987 if (c->u.pfd.s)
6988 pfd_confirm(c->u.pfd.s);
6989 if (c->pending_eof)
6990 ssh_channel_try_eof(c);
6991 }
6992
6993 static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
6994 {
6995 static const char *const reasons[] = {
6996 "<unknown reason code>",
6997 "Administratively prohibited",
6998 "Connect failed",
6999 "Unknown channel type",
7000 "Resource shortage",
7001 };
7002 unsigned reason_code;
7003 char *reason_string;
7004 int reason_length;
7005 struct ssh_channel *c;
7006 c = ssh2_channel_msg(ssh, pktin);
7007 if (!c)
7008 return;
7009 if (c->type != CHAN_SOCKDATA_DORMANT)
7010 return; /* dunno why they're failing this */
7011
7012 reason_code = ssh_pkt_getuint32(pktin);
7013 if (reason_code >= lenof(reasons))
7014 reason_code = 0; /* ensure reasons[reason_code] in range */
7015 ssh_pkt_getstring(pktin, &reason_string, &reason_length);
7016 logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]",
7017 reasons[reason_code], reason_length, reason_string);
7018
7019 pfd_close(c->u.pfd.s);
7020
7021 del234(ssh->channels, c);
7022 sfree(c);
7023 }
7024
7025 static void ssh2_msg_channel_request(Ssh ssh, struct Packet *pktin)
7026 {
7027 char *type;
7028 int typelen, want_reply;
7029 int reply = SSH2_MSG_CHANNEL_FAILURE; /* default */
7030 struct ssh_channel *c;
7031 struct Packet *pktout;
7032
7033 c = ssh2_channel_msg(ssh, pktin);
7034 if (!c)
7035 return;
7036 ssh_pkt_getstring(pktin, &type, &typelen);
7037 want_reply = ssh2_pkt_getbool(pktin);
7038
7039 /*
7040 * Having got the channel number, we now look at
7041 * the request type string to see if it's something
7042 * we recognise.
7043 */
7044 if (c == ssh->mainchan) {
7045 /*
7046 * We recognise "exit-status" and "exit-signal" on
7047 * the primary channel.
7048 */
7049 if (typelen == 11 &&
7050 !memcmp(type, "exit-status", 11)) {
7051
7052 ssh->exitcode = ssh_pkt_getuint32(pktin);
7053 logeventf(ssh, "Server sent command exit status %d",
7054 ssh->exitcode);
7055 reply = SSH2_MSG_CHANNEL_SUCCESS;
7056
7057 } else if (typelen == 11 &&
7058 !memcmp(type, "exit-signal", 11)) {
7059
7060 int is_plausible = TRUE, is_int = FALSE;
7061 char *fmt_sig = "", *fmt_msg = "";
7062 char *msg;
7063 int msglen = 0, core = FALSE;
7064 /* ICK: older versions of OpenSSH (e.g. 3.4p1)
7065 * provide an `int' for the signal, despite its
7066 * having been a `string' in the drafts of RFC 4254 since at
7067 * least 2001. (Fixed in session.c 1.147.) Try to
7068 * infer which we can safely parse it as. */
7069 {
7070 unsigned char *p = pktin->body +
7071 pktin->savedpos;
7072 long len = pktin->length - pktin->savedpos;
7073 unsigned long num = GET_32BIT(p); /* what is it? */
7074 /* If it's 0, it hardly matters; assume string */
7075 if (num == 0) {
7076 is_int = FALSE;
7077 } else {
7078 int maybe_int = FALSE, maybe_str = FALSE;
7079 #define CHECK_HYPOTHESIS(offset, result) \
7080 do { \
7081 long q = offset; \
7082 if (q >= 0 && q+4 <= len) { \
7083 q = q + 4 + GET_32BIT(p+q); \
7084 if (q >= 0 && q+4 <= len && \
7085 ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \
7086 result = TRUE; \
7087 } \
7088 } while(0)
7089 CHECK_HYPOTHESIS(4+1, maybe_int);
7090 CHECK_HYPOTHESIS(4+num+1, maybe_str);
7091 #undef CHECK_HYPOTHESIS
7092 if (maybe_int && !maybe_str)
7093 is_int = TRUE;
7094 else if (!maybe_int && maybe_str)
7095 is_int = FALSE;
7096 else
7097 /* Crikey. Either or neither. Panic. */
7098 is_plausible = FALSE;
7099 }
7100 }
7101 ssh->exitcode = 128; /* means `unknown signal' */
7102 if (is_plausible) {
7103 if (is_int) {
7104 /* Old non-standard OpenSSH. */
7105 int signum = ssh_pkt_getuint32(pktin);
7106 fmt_sig = dupprintf(" %d", signum);
7107 ssh->exitcode = 128 + signum;
7108 } else {
7109 /* As per RFC 4254. */
7110 char *sig;
7111 int siglen;
7112 ssh_pkt_getstring(pktin, &sig, &siglen);
7113 /* Signal name isn't supposed to be blank, but
7114 * let's cope gracefully if it is. */
7115 if (siglen) {
7116 fmt_sig = dupprintf(" \"%.*s\"",
7117 siglen, sig);
7118 }
7119
7120 /*
7121 * Really hideous method of translating the
7122 * signal description back into a locally
7123 * meaningful number.
7124 */
7125
7126 if (0)
7127 ;
7128 #define TRANSLATE_SIGNAL(s) \
7129 else if (siglen == lenof(#s)-1 && !memcmp(sig, #s, siglen)) \
7130 ssh->exitcode = 128 + SIG ## s
7131 #ifdef SIGABRT
7132 TRANSLATE_SIGNAL(ABRT);
7133 #endif
7134 #ifdef SIGALRM
7135 TRANSLATE_SIGNAL(ALRM);
7136 #endif
7137 #ifdef SIGFPE
7138 TRANSLATE_SIGNAL(FPE);
7139 #endif
7140 #ifdef SIGHUP
7141 TRANSLATE_SIGNAL(HUP);
7142 #endif
7143 #ifdef SIGILL
7144 TRANSLATE_SIGNAL(ILL);
7145 #endif
7146 #ifdef SIGINT
7147 TRANSLATE_SIGNAL(INT);
7148 #endif
7149 #ifdef SIGKILL
7150 TRANSLATE_SIGNAL(KILL);
7151 #endif
7152 #ifdef SIGPIPE
7153 TRANSLATE_SIGNAL(PIPE);
7154 #endif
7155 #ifdef SIGQUIT
7156 TRANSLATE_SIGNAL(QUIT);
7157 #endif
7158 #ifdef SIGSEGV
7159 TRANSLATE_SIGNAL(SEGV);
7160 #endif
7161 #ifdef SIGTERM
7162 TRANSLATE_SIGNAL(TERM);
7163 #endif
7164 #ifdef SIGUSR1
7165 TRANSLATE_SIGNAL(USR1);
7166 #endif
7167 #ifdef SIGUSR2
7168 TRANSLATE_SIGNAL(USR2);
7169 #endif
7170 #undef TRANSLATE_SIGNAL
7171 else
7172 ssh->exitcode = 128;
7173 }
7174 core = ssh2_pkt_getbool(pktin);
7175 ssh_pkt_getstring(pktin, &msg, &msglen);
7176 if (msglen) {
7177 fmt_msg = dupprintf(" (\"%.*s\")", msglen, msg);
7178 }
7179 /* ignore lang tag */
7180 } /* else don't attempt to parse */
7181 logeventf(ssh, "Server exited on signal%s%s%s",
7182 fmt_sig, core ? " (core dumped)" : "",
7183 fmt_msg);
7184 if (*fmt_sig) sfree(fmt_sig);
7185 if (*fmt_msg) sfree(fmt_msg);
7186 reply = SSH2_MSG_CHANNEL_SUCCESS;
7187
7188 }
7189 } else {
7190 /*
7191 * This is a channel request we don't know
7192 * about, so we now either ignore the request
7193 * or respond with CHANNEL_FAILURE, depending
7194 * on want_reply.
7195 */
7196 reply = SSH2_MSG_CHANNEL_FAILURE;
7197 }
7198 if (want_reply) {
7199 pktout = ssh2_pkt_init(reply);
7200 ssh2_pkt_adduint32(pktout, c->remoteid);
7201 ssh2_pkt_send(ssh, pktout);
7202 }
7203 }
7204
7205 static void ssh2_msg_global_request(Ssh ssh, struct Packet *pktin)
7206 {
7207 char *type;
7208 int typelen, want_reply;
7209 struct Packet *pktout;
7210
7211 ssh_pkt_getstring(pktin, &type, &typelen);
7212 want_reply = ssh2_pkt_getbool(pktin);
7213
7214 /*
7215 * We currently don't support any global requests
7216 * at all, so we either ignore the request or
7217 * respond with REQUEST_FAILURE, depending on
7218 * want_reply.
7219 */
7220 if (want_reply) {
7221 pktout = ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
7222 ssh2_pkt_send(ssh, pktout);
7223 }
7224 }
7225
7226 static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
7227 {
7228 char *type;
7229 int typelen;
7230 char *peeraddr;
7231 int peeraddrlen;
7232 int peerport;
7233 char *error = NULL;
7234 struct ssh_channel *c;
7235 unsigned remid, winsize, pktsize;
7236 struct Packet *pktout;
7237
7238 ssh_pkt_getstring(pktin, &type, &typelen);
7239 c = snew(struct ssh_channel);
7240 c->ssh = ssh;
7241
7242 remid = ssh_pkt_getuint32(pktin);
7243 winsize = ssh_pkt_getuint32(pktin);
7244 pktsize = ssh_pkt_getuint32(pktin);
7245
7246 if (typelen == 3 && !memcmp(type, "x11", 3)) {
7247 char *addrstr;
7248 const char *x11err;
7249
7250 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7251 addrstr = snewn(peeraddrlen+1, char);
7252 memcpy(addrstr, peeraddr, peeraddrlen);
7253 addrstr[peeraddrlen] = '\0';
7254 peerport = ssh_pkt_getuint32(pktin);
7255
7256 logeventf(ssh, "Received X11 connect request from %s:%d",
7257 addrstr, peerport);
7258
7259 if (!ssh->X11_fwd_enabled)
7260 error = "X11 forwarding is not enabled";
7261 else if ((x11err = x11_init(&c->u.x11.s, ssh->x11disp, c,
7262 addrstr, peerport, ssh->conf)) != NULL) {
7263 logeventf(ssh, "Local X11 connection failed: %s", x11err);
7264 error = "Unable to open an X11 connection";
7265 } else {
7266 logevent("Opening X11 forward connection succeeded");
7267 c->type = CHAN_X11;
7268 }
7269
7270 sfree(addrstr);
7271 } else if (typelen == 15 &&
7272 !memcmp(type, "forwarded-tcpip", 15)) {
7273 struct ssh_rportfwd pf, *realpf;
7274 char *dummy;
7275 int dummylen;
7276 ssh_pkt_getstring(pktin, &dummy, &dummylen);/* skip address */
7277 pf.sport = ssh_pkt_getuint32(pktin);
7278 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7279 peerport = ssh_pkt_getuint32(pktin);
7280 realpf = find234(ssh->rportfwds, &pf, NULL);
7281 logeventf(ssh, "Received remote port %d open request "
7282 "from %s:%d", pf.sport, peeraddr, peerport);
7283 if (realpf == NULL) {
7284 error = "Remote port is not recognised";
7285 } else {
7286 const char *e = pfd_newconnect(&c->u.pfd.s,
7287 realpf->dhost,
7288 realpf->dport, c,
7289 ssh->conf,
7290 realpf->pfrec->addressfamily);
7291 logeventf(ssh, "Attempting to forward remote port to "
7292 "%s:%d", realpf->dhost, realpf->dport);
7293 if (e != NULL) {
7294 logeventf(ssh, "Port open failed: %s", e);
7295 error = "Port open failed";
7296 } else {
7297 logevent("Forwarded port opened successfully");
7298 c->type = CHAN_SOCKDATA;
7299 }
7300 }
7301 } else if (typelen == 22 &&
7302 !memcmp(type, "auth-agent@openssh.com", 22)) {
7303 if (!ssh->agentfwd_enabled)
7304 error = "Agent forwarding is not enabled";
7305 else {
7306 c->type = CHAN_AGENT; /* identify channel type */
7307 c->u.a.lensofar = 0;
7308 }
7309 } else {
7310 error = "Unsupported channel type requested";
7311 }
7312
7313 c->remoteid = remid;
7314 c->halfopen = FALSE;
7315 if (error) {
7316 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE);
7317 ssh2_pkt_adduint32(pktout, c->remoteid);
7318 ssh2_pkt_adduint32(pktout, SSH2_OPEN_CONNECT_FAILED);
7319 ssh2_pkt_addstring(pktout, error);
7320 ssh2_pkt_addstring(pktout, "en"); /* language tag */
7321 ssh2_pkt_send(ssh, pktout);
7322 logeventf(ssh, "Rejected channel open: %s", error);
7323 sfree(c);
7324 } else {
7325 ssh2_channel_init(c);
7326 c->v.v2.remwindow = winsize;
7327 c->v.v2.remmaxpkt = pktsize;
7328 add234(ssh->channels, c);
7329 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
7330 ssh2_pkt_adduint32(pktout, c->remoteid);
7331 ssh2_pkt_adduint32(pktout, c->localid);
7332 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);
7333 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
7334 ssh2_pkt_send(ssh, pktout);
7335 }
7336 }
7337
7338 /*
7339 * Buffer banner messages for later display at some convenient point,
7340 * if we're going to display them.
7341 */
7342 static void ssh2_msg_userauth_banner(Ssh ssh, struct Packet *pktin)
7343 {
7344 /* Arbitrary limit to prevent unbounded inflation of buffer */
7345 if (conf_get_int(ssh->conf, CONF_ssh_show_banner) &&
7346 bufchain_size(&ssh->banner) <= 131072) {
7347 char *banner = NULL;
7348 int size = 0;
7349 ssh_pkt_getstring(pktin, &banner, &size);
7350 if (banner)
7351 bufchain_add(&ssh->banner, banner, size);
7352 }
7353 }
7354
7355 /* Helper function to deal with sending tty modes for "pty-req" */
7356 static void ssh2_send_ttymode(void *data, char *mode, char *val)
7357 {
7358 struct Packet *pktout = (struct Packet *)data;
7359 int i = 0;
7360 unsigned int arg = 0;
7361 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
7362 if (i == lenof(ssh_ttymodes)) return;
7363 switch (ssh_ttymodes[i].type) {
7364 case TTY_OP_CHAR:
7365 arg = ssh_tty_parse_specchar(val);
7366 break;
7367 case TTY_OP_BOOL:
7368 arg = ssh_tty_parse_boolean(val);
7369 break;
7370 }
7371 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
7372 ssh2_pkt_adduint32(pktout, arg);
7373 }
7374
7375 /*
7376 * Handle the SSH-2 userauth and connection layers.
7377 */
7378 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
7379 struct Packet *pktin)
7380 {
7381 struct do_ssh2_authconn_state {
7382 enum {
7383 AUTH_TYPE_NONE,
7384 AUTH_TYPE_PUBLICKEY,
7385 AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
7386 AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
7387 AUTH_TYPE_PASSWORD,
7388 AUTH_TYPE_GSSAPI, /* always QUIET */
7389 AUTH_TYPE_KEYBOARD_INTERACTIVE,
7390 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
7391 } type;
7392 int done_service_req;
7393 int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
7394 int tried_pubkey_config, done_agent;
7395 #ifndef NO_GSSAPI
7396 int can_gssapi;
7397 int tried_gssapi;
7398 #endif
7399 int kbd_inter_refused;
7400 int we_are_in, userauth_success;
7401 prompts_t *cur_prompt;
7402 int num_prompts;
7403 char *username;
7404 char *password;
7405 int got_username;
7406 void *publickey_blob;
7407 int publickey_bloblen;
7408 int publickey_encrypted;
7409 char *publickey_algorithm;
7410 char *publickey_comment;
7411 unsigned char agent_request[5], *agent_response, *agentp;
7412 int agent_responselen;
7413 unsigned char *pkblob_in_agent;
7414 int keyi, nkeys;
7415 char *pkblob, *alg, *commentp;
7416 int pklen, alglen, commentlen;
7417 int siglen, retlen, len;
7418 char *q, *agentreq, *ret;
7419 int try_send;
7420 int num_env, env_left, env_ok;
7421 struct Packet *pktout;
7422 Filename *keyfile;
7423 #ifndef NO_GSSAPI
7424 struct ssh_gss_library *gsslib;
7425 Ssh_gss_ctx gss_ctx;
7426 Ssh_gss_buf gss_buf;
7427 Ssh_gss_buf gss_rcvtok, gss_sndtok;
7428 Ssh_gss_name gss_srv_name;
7429 Ssh_gss_stat gss_stat;
7430 #endif
7431 };
7432 crState(do_ssh2_authconn_state);
7433
7434 crBegin(ssh->do_ssh2_authconn_crstate);
7435
7436 s->done_service_req = FALSE;
7437 s->we_are_in = s->userauth_success = FALSE;
7438 #ifndef NO_GSSAPI
7439 s->tried_gssapi = FALSE;
7440 #endif
7441
7442 if (!conf_get_int(ssh->conf, CONF_ssh_no_userauth)) {
7443 /*
7444 * Request userauth protocol, and await a response to it.
7445 */
7446 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7447 ssh2_pkt_addstring(s->pktout, "ssh-userauth");
7448 ssh2_pkt_send(ssh, s->pktout);
7449 crWaitUntilV(pktin);
7450 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT)
7451 s->done_service_req = TRUE;
7452 }
7453 if (!s->done_service_req) {
7454 /*
7455 * Request connection protocol directly, without authentication.
7456 */
7457 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7458 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7459 ssh2_pkt_send(ssh, s->pktout);
7460 crWaitUntilV(pktin);
7461 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT) {
7462 s->we_are_in = TRUE; /* no auth required */
7463 } else {
7464 bombout(("Server refused service request"));
7465 crStopV;
7466 }
7467 }
7468
7469 /* Arrange to be able to deal with any BANNERs that come in.
7470 * (We do this now as packets may come in during the next bit.) */
7471 bufchain_init(&ssh->banner);
7472 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] =
7473 ssh2_msg_userauth_banner;
7474
7475 /*
7476 * Misc one-time setup for authentication.
7477 */
7478 s->publickey_blob = NULL;
7479 if (!s->we_are_in) {
7480
7481 /*
7482 * Load the public half of any configured public key file
7483 * for later use.
7484 */
7485 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
7486 if (!filename_is_null(*s->keyfile)) {
7487 int keytype;
7488 logeventf(ssh, "Reading private key file \"%.150s\"",
7489 filename_to_str(s->keyfile));
7490 keytype = key_type(s->keyfile);
7491 if (keytype == SSH_KEYTYPE_SSH2) {
7492 const char *error;
7493 s->publickey_blob =
7494 ssh2_userkey_loadpub(s->keyfile,
7495 &s->publickey_algorithm,
7496 &s->publickey_bloblen,
7497 &s->publickey_comment, &error);
7498 if (s->publickey_blob) {
7499 s->publickey_encrypted =
7500 ssh2_userkey_encrypted(s->keyfile, NULL);
7501 } else {
7502 char *msgbuf;
7503 logeventf(ssh, "Unable to load private key (%s)",
7504 error);
7505 msgbuf = dupprintf("Unable to load private key file "
7506 "\"%.150s\" (%s)\r\n",
7507 filename_to_str(s->keyfile),
7508 error);
7509 c_write_str(ssh, msgbuf);
7510 sfree(msgbuf);
7511 }
7512 } else {
7513 char *msgbuf;
7514 logeventf(ssh, "Unable to use this key file (%s)",
7515 key_type_to_str(keytype));
7516 msgbuf = dupprintf("Unable to use key file \"%.150s\""
7517 " (%s)\r\n",
7518 filename_to_str(s->keyfile),
7519 key_type_to_str(keytype));
7520 c_write_str(ssh, msgbuf);
7521 sfree(msgbuf);
7522 s->publickey_blob = NULL;
7523 }
7524 }
7525
7526 /*
7527 * Find out about any keys Pageant has (but if there's a
7528 * public key configured, filter out all others).
7529 */
7530 s->nkeys = 0;
7531 s->agent_response = NULL;
7532 s->pkblob_in_agent = NULL;
7533 if (conf_get_int(ssh->conf, CONF_tryagent) && agent_exists()) {
7534
7535 void *r;
7536
7537 logevent("Pageant is running. Requesting keys.");
7538
7539 /* Request the keys held by the agent. */
7540 PUT_32BIT(s->agent_request, 1);
7541 s->agent_request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
7542 if (!agent_query(s->agent_request, 5, &r, &s->agent_responselen,
7543 ssh_agent_callback, ssh)) {
7544 do {
7545 crReturnV;
7546 if (pktin) {
7547 bombout(("Unexpected data from server while"
7548 " waiting for agent response"));
7549 crStopV;
7550 }
7551 } while (pktin || inlen > 0);
7552 r = ssh->agent_response;
7553 s->agent_responselen = ssh->agent_response_len;
7554 }
7555 s->agent_response = (unsigned char *) r;
7556 if (s->agent_response && s->agent_responselen >= 5 &&
7557 s->agent_response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
7558 int keyi;
7559 unsigned char *p;
7560 p = s->agent_response + 5;
7561 s->nkeys = GET_32BIT(p);
7562 p += 4;
7563 logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
7564 if (s->publickey_blob) {
7565 /* See if configured key is in agent. */
7566 for (keyi = 0; keyi < s->nkeys; keyi++) {
7567 s->pklen = GET_32BIT(p);
7568 if (s->pklen == s->publickey_bloblen &&
7569 !memcmp(p+4, s->publickey_blob,
7570 s->publickey_bloblen)) {
7571 logeventf(ssh, "Pageant key #%d matches "
7572 "configured key file", keyi);
7573 s->keyi = keyi;
7574 s->pkblob_in_agent = p;
7575 break;
7576 }
7577 p += 4 + s->pklen;
7578 p += GET_32BIT(p) + 4; /* comment */
7579 }
7580 if (!s->pkblob_in_agent) {
7581 logevent("Configured key file not in Pageant");
7582 s->nkeys = 0;
7583 }
7584 }
7585 } else {
7586 logevent("Failed to get reply from Pageant");
7587 }
7588 }
7589
7590 }
7591
7592 /*
7593 * We repeat this whole loop, including the username prompt,
7594 * until we manage a successful authentication. If the user
7595 * types the wrong _password_, they can be sent back to the
7596 * beginning to try another username, if this is configured on.
7597 * (If they specify a username in the config, they are never
7598 * asked, even if they do give a wrong password.)
7599 *
7600 * I think this best serves the needs of
7601 *
7602 * - the people who have no configuration, no keys, and just
7603 * want to try repeated (username,password) pairs until they
7604 * type both correctly
7605 *
7606 * - people who have keys and configuration but occasionally
7607 * need to fall back to passwords
7608 *
7609 * - people with a key held in Pageant, who might not have
7610 * logged in to a particular machine before; so they want to
7611 * type a username, and then _either_ their key will be
7612 * accepted, _or_ they will type a password. If they mistype
7613 * the username they will want to be able to get back and
7614 * retype it!
7615 */
7616 s->got_username = FALSE;
7617 while (!s->we_are_in) {
7618 /*
7619 * Get a username.
7620 */
7621 if (s->got_username && !conf_get_int(ssh->conf, CONF_change_username)) {
7622 /*
7623 * We got a username last time round this loop, and
7624 * with change_username turned off we don't try to get
7625 * it again.
7626 */
7627 } else if ((ssh->username = get_remote_username(ssh->conf)) == NULL) {
7628 int ret; /* need not be kept over crReturn */
7629 s->cur_prompt = new_prompts(ssh->frontend);
7630 s->cur_prompt->to_server = TRUE;
7631 s->cur_prompt->name = dupstr("SSH login name");
7632 /* 512 is an arbitrary limit :-( */
7633 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE, 512);
7634 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7635 while (ret < 0) {
7636 ssh->send_ok = 1;
7637 crWaitUntilV(!pktin);
7638 ret = get_userpass_input(s->cur_prompt, in, inlen);
7639 ssh->send_ok = 0;
7640 }
7641 if (!ret) {
7642 /*
7643 * get_userpass_input() failed to get a username.
7644 * Terminate.
7645 */
7646 free_prompts(s->cur_prompt);
7647 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
7648 crStopV;
7649 }
7650 ssh->username = dupstr(s->cur_prompt->prompts[0]->result);
7651 free_prompts(s->cur_prompt);
7652 } else {
7653 char *stuff;
7654 if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
7655 stuff = dupprintf("Using username \"%s\".\r\n", ssh->username);
7656 c_write_str(ssh, stuff);
7657 sfree(stuff);
7658 }
7659 }
7660 s->got_username = TRUE;
7661
7662 /*
7663 * Send an authentication request using method "none": (a)
7664 * just in case it succeeds, and (b) so that we know what
7665 * authentication methods we can usefully try next.
7666 */
7667 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
7668
7669 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7670 ssh2_pkt_addstring(s->pktout, ssh->username);
7671 ssh2_pkt_addstring(s->pktout, "ssh-connection");/* service requested */
7672 ssh2_pkt_addstring(s->pktout, "none"); /* method */
7673 ssh2_pkt_send(ssh, s->pktout);
7674 s->type = AUTH_TYPE_NONE;
7675 s->gotit = FALSE;
7676 s->we_are_in = FALSE;
7677
7678 s->tried_pubkey_config = FALSE;
7679 s->kbd_inter_refused = FALSE;
7680
7681 /* Reset agent request state. */
7682 s->done_agent = FALSE;
7683 if (s->agent_response) {
7684 if (s->pkblob_in_agent) {
7685 s->agentp = s->pkblob_in_agent;
7686 } else {
7687 s->agentp = s->agent_response + 5 + 4;
7688 s->keyi = 0;
7689 }
7690 }
7691
7692 while (1) {
7693 char *methods = NULL;
7694 int methlen = 0;
7695
7696 /*
7697 * Wait for the result of the last authentication request.
7698 */
7699 if (!s->gotit)
7700 crWaitUntilV(pktin);
7701 /*
7702 * Now is a convenient point to spew any banner material
7703 * that we've accumulated. (This should ensure that when
7704 * we exit the auth loop, we haven't any left to deal
7705 * with.)
7706 */
7707 {
7708 int size = bufchain_size(&ssh->banner);
7709 /*
7710 * Don't show the banner if we're operating in
7711 * non-verbose non-interactive mode. (It's probably
7712 * a script, which means nobody will read the
7713 * banner _anyway_, and moreover the printing of
7714 * the banner will screw up processing on the
7715 * output of (say) plink.)
7716 */
7717 if (size && (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE))) {
7718 char *banner = snewn(size, char);
7719 bufchain_fetch(&ssh->banner, banner, size);
7720 c_write_untrusted(ssh, banner, size);
7721 sfree(banner);
7722 }
7723 bufchain_clear(&ssh->banner);
7724 }
7725 if (pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
7726 logevent("Access granted");
7727 s->we_are_in = s->userauth_success = TRUE;
7728 break;
7729 }
7730
7731 if (pktin->type != SSH2_MSG_USERAUTH_FAILURE && s->type != AUTH_TYPE_GSSAPI) {
7732 bombout(("Strange packet received during authentication: "
7733 "type %d", pktin->type));
7734 crStopV;
7735 }
7736
7737 s->gotit = FALSE;
7738
7739 /*
7740 * OK, we're now sitting on a USERAUTH_FAILURE message, so
7741 * we can look at the string in it and know what we can
7742 * helpfully try next.
7743 */
7744 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
7745 ssh_pkt_getstring(pktin, &methods, &methlen);
7746 if (!ssh2_pkt_getbool(pktin)) {
7747 /*
7748 * We have received an unequivocal Access
7749 * Denied. This can translate to a variety of
7750 * messages, or no message at all.
7751 *
7752 * For forms of authentication which are attempted
7753 * implicitly, by which I mean without printing
7754 * anything in the window indicating that we're
7755 * trying them, we should never print 'Access
7756 * denied'.
7757 *
7758 * If we do print a message saying that we're
7759 * attempting some kind of authentication, it's OK
7760 * to print a followup message saying it failed -
7761 * but the message may sometimes be more specific
7762 * than simply 'Access denied'.
7763 *
7764 * Additionally, if we'd just tried password
7765 * authentication, we should break out of this
7766 * whole loop so as to go back to the username
7767 * prompt (iff we're configured to allow
7768 * username change attempts).
7769 */
7770 if (s->type == AUTH_TYPE_NONE) {
7771 /* do nothing */
7772 } else if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
7773 s->type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
7774 if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
7775 c_write_str(ssh, "Server refused our key\r\n");
7776 logevent("Server refused our key");
7777 } else if (s->type == AUTH_TYPE_PUBLICKEY) {
7778 /* This _shouldn't_ happen except by a
7779 * protocol bug causing client and server to
7780 * disagree on what is a correct signature. */
7781 c_write_str(ssh, "Server refused public-key signature"
7782 " despite accepting key!\r\n");
7783 logevent("Server refused public-key signature"
7784 " despite accepting key!");
7785 } else if (s->type==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
7786 /* quiet, so no c_write */
7787 logevent("Server refused keyboard-interactive authentication");
7788 } else if (s->type==AUTH_TYPE_GSSAPI) {
7789 /* always quiet, so no c_write */
7790 /* also, the code down in the GSSAPI block has
7791 * already logged this in the Event Log */
7792 } else if (s->type == AUTH_TYPE_KEYBOARD_INTERACTIVE) {
7793 logevent("Keyboard-interactive authentication failed");
7794 c_write_str(ssh, "Access denied\r\n");
7795 } else {
7796 assert(s->type == AUTH_TYPE_PASSWORD);
7797 logevent("Password authentication failed");
7798 c_write_str(ssh, "Access denied\r\n");
7799
7800 if (conf_get_int(ssh->conf, CONF_change_username)) {
7801 /* XXX perhaps we should allow
7802 * keyboard-interactive to do this too? */
7803 s->we_are_in = FALSE;
7804 break;
7805 }
7806 }
7807 } else {
7808 c_write_str(ssh, "Further authentication required\r\n");
7809 logevent("Further authentication required");
7810 }
7811
7812 s->can_pubkey =
7813 in_commasep_string("publickey", methods, methlen);
7814 s->can_passwd =
7815 in_commasep_string("password", methods, methlen);
7816 s->can_keyb_inter = conf_get_int(ssh->conf, CONF_try_ki_auth) &&
7817 in_commasep_string("keyboard-interactive", methods, methlen);
7818 #ifndef NO_GSSAPI
7819 if (!ssh->gsslibs)
7820 ssh->gsslibs = ssh_gss_setup(ssh->conf);
7821 s->can_gssapi = conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
7822 in_commasep_string("gssapi-with-mic", methods, methlen) &&
7823 ssh->gsslibs->nlibraries > 0;
7824 #endif
7825 }
7826
7827 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
7828
7829 if (s->can_pubkey && !s->done_agent && s->nkeys) {
7830
7831 /*
7832 * Attempt public-key authentication using a key from Pageant.
7833 */
7834
7835 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
7836
7837 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
7838
7839 /* Unpack key from agent response */
7840 s->pklen = GET_32BIT(s->agentp);
7841 s->agentp += 4;
7842 s->pkblob = (char *)s->agentp;
7843 s->agentp += s->pklen;
7844 s->alglen = GET_32BIT(s->pkblob);
7845 s->alg = s->pkblob + 4;
7846 s->commentlen = GET_32BIT(s->agentp);
7847 s->agentp += 4;
7848 s->commentp = (char *)s->agentp;
7849 s->agentp += s->commentlen;
7850 /* s->agentp now points at next key, if any */
7851
7852 /* See if server will accept it */
7853 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7854 ssh2_pkt_addstring(s->pktout, ssh->username);
7855 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7856 /* service requested */
7857 ssh2_pkt_addstring(s->pktout, "publickey");
7858 /* method */
7859 ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
7860 ssh2_pkt_addstring_start(s->pktout);
7861 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
7862 ssh2_pkt_addstring_start(s->pktout);
7863 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
7864 ssh2_pkt_send(ssh, s->pktout);
7865 s->type = AUTH_TYPE_PUBLICKEY_OFFER_QUIET;
7866
7867 crWaitUntilV(pktin);
7868 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
7869
7870 /* Offer of key refused. */
7871 s->gotit = TRUE;
7872
7873 } else {
7874
7875 void *vret;
7876
7877 if (flags & FLAG_VERBOSE) {
7878 c_write_str(ssh, "Authenticating with "
7879 "public key \"");
7880 c_write(ssh, s->commentp, s->commentlen);
7881 c_write_str(ssh, "\" from agent\r\n");
7882 }
7883
7884 /*
7885 * Server is willing to accept the key.
7886 * Construct a SIGN_REQUEST.
7887 */
7888 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7889 ssh2_pkt_addstring(s->pktout, ssh->username);
7890 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7891 /* service requested */
7892 ssh2_pkt_addstring(s->pktout, "publickey");
7893 /* method */
7894 ssh2_pkt_addbool(s->pktout, TRUE); /* signature included */
7895 ssh2_pkt_addstring_start(s->pktout);
7896 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
7897 ssh2_pkt_addstring_start(s->pktout);
7898 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
7899
7900 /* Ask agent for signature. */
7901 s->siglen = s->pktout->length - 5 + 4 +
7902 ssh->v2_session_id_len;
7903 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
7904 s->siglen -= 4;
7905 s->len = 1; /* message type */
7906 s->len += 4 + s->pklen; /* key blob */
7907 s->len += 4 + s->siglen; /* data to sign */
7908 s->len += 4; /* flags */
7909 s->agentreq = snewn(4 + s->len, char);
7910 PUT_32BIT(s->agentreq, s->len);
7911 s->q = s->agentreq + 4;
7912 *s->q++ = SSH2_AGENTC_SIGN_REQUEST;
7913 PUT_32BIT(s->q, s->pklen);
7914 s->q += 4;
7915 memcpy(s->q, s->pkblob, s->pklen);
7916 s->q += s->pklen;
7917 PUT_32BIT(s->q, s->siglen);
7918 s->q += 4;
7919 /* Now the data to be signed... */
7920 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
7921 PUT_32BIT(s->q, ssh->v2_session_id_len);
7922 s->q += 4;
7923 }
7924 memcpy(s->q, ssh->v2_session_id,
7925 ssh->v2_session_id_len);
7926 s->q += ssh->v2_session_id_len;
7927 memcpy(s->q, s->pktout->data + 5,
7928 s->pktout->length - 5);
7929 s->q += s->pktout->length - 5;
7930 /* And finally the (zero) flags word. */
7931 PUT_32BIT(s->q, 0);
7932 if (!agent_query(s->agentreq, s->len + 4,
7933 &vret, &s->retlen,
7934 ssh_agent_callback, ssh)) {
7935 do {
7936 crReturnV;
7937 if (pktin) {
7938 bombout(("Unexpected data from server"
7939 " while waiting for agent"
7940 " response"));
7941 crStopV;
7942 }
7943 } while (pktin || inlen > 0);
7944 vret = ssh->agent_response;
7945 s->retlen = ssh->agent_response_len;
7946 }
7947 s->ret = vret;
7948 sfree(s->agentreq);
7949 if (s->ret) {
7950 if (s->ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
7951 logevent("Sending Pageant's response");
7952 ssh2_add_sigblob(ssh, s->pktout,
7953 s->pkblob, s->pklen,
7954 s->ret + 9,
7955 GET_32BIT(s->ret + 5));
7956 ssh2_pkt_send(ssh, s->pktout);
7957 s->type = AUTH_TYPE_PUBLICKEY;
7958 } else {
7959 /* FIXME: less drastic response */
7960 bombout(("Pageant failed to answer challenge"));
7961 crStopV;
7962 }
7963 }
7964 }
7965
7966 /* Do we have any keys left to try? */
7967 if (s->pkblob_in_agent) {
7968 s->done_agent = TRUE;
7969 s->tried_pubkey_config = TRUE;
7970 } else {
7971 s->keyi++;
7972 if (s->keyi >= s->nkeys)
7973 s->done_agent = TRUE;
7974 }
7975
7976 } else if (s->can_pubkey && s->publickey_blob &&
7977 !s->tried_pubkey_config) {
7978
7979 struct ssh2_userkey *key; /* not live over crReturn */
7980 char *passphrase; /* not live over crReturn */
7981
7982 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
7983
7984 s->tried_pubkey_config = TRUE;
7985
7986 /*
7987 * Try the public key supplied in the configuration.
7988 *
7989 * First, offer the public blob to see if the server is
7990 * willing to accept it.
7991 */
7992 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7993 ssh2_pkt_addstring(s->pktout, ssh->username);
7994 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7995 /* service requested */
7996 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
7997 ssh2_pkt_addbool(s->pktout, FALSE);
7998 /* no signature included */
7999 ssh2_pkt_addstring(s->pktout, s->publickey_algorithm);
8000 ssh2_pkt_addstring_start(s->pktout);
8001 ssh2_pkt_addstring_data(s->pktout,
8002 (char *)s->publickey_blob,
8003 s->publickey_bloblen);
8004 ssh2_pkt_send(ssh, s->pktout);
8005 logevent("Offered public key");
8006
8007 crWaitUntilV(pktin);
8008 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
8009 /* Key refused. Give up. */
8010 s->gotit = TRUE; /* reconsider message next loop */
8011 s->type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
8012 continue; /* process this new message */
8013 }
8014 logevent("Offer of public key accepted");
8015
8016 /*
8017 * Actually attempt a serious authentication using
8018 * the key.
8019 */
8020 if (flags & FLAG_VERBOSE) {
8021 c_write_str(ssh, "Authenticating with public key \"");
8022 c_write_str(ssh, s->publickey_comment);
8023 c_write_str(ssh, "\"\r\n");
8024 }
8025 key = NULL;
8026 while (!key) {
8027 const char *error; /* not live over crReturn */
8028 if (s->publickey_encrypted) {
8029 /*
8030 * Get a passphrase from the user.
8031 */
8032 int ret; /* need not be kept over crReturn */
8033 s->cur_prompt = new_prompts(ssh->frontend);
8034 s->cur_prompt->to_server = FALSE;
8035 s->cur_prompt->name = dupstr("SSH key passphrase");
8036 add_prompt(s->cur_prompt,
8037 dupprintf("Passphrase for key \"%.100s\": ",
8038 s->publickey_comment),
8039 FALSE, SSH_MAX_PASSWORD_LEN);
8040 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8041 while (ret < 0) {
8042 ssh->send_ok = 1;
8043 crWaitUntilV(!pktin);
8044 ret = get_userpass_input(s->cur_prompt,
8045 in, inlen);
8046 ssh->send_ok = 0;
8047 }
8048 if (!ret) {
8049 /* Failed to get a passphrase. Terminate. */
8050 free_prompts(s->cur_prompt);
8051 ssh_disconnect(ssh, NULL,
8052 "Unable to authenticate",
8053 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8054 TRUE);
8055 crStopV;
8056 }
8057 passphrase =
8058 dupstr(s->cur_prompt->prompts[0]->result);
8059 free_prompts(s->cur_prompt);
8060 } else {
8061 passphrase = NULL; /* no passphrase needed */
8062 }
8063
8064 /*
8065 * Try decrypting the key.
8066 */
8067 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
8068 key = ssh2_load_userkey(s->keyfile, passphrase, &error);
8069 if (passphrase) {
8070 /* burn the evidence */
8071 memset(passphrase, 0, strlen(passphrase));
8072 sfree(passphrase);
8073 }
8074 if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
8075 if (passphrase &&
8076 (key == SSH2_WRONG_PASSPHRASE)) {
8077 c_write_str(ssh, "Wrong passphrase\r\n");
8078 key = NULL;
8079 /* and loop again */
8080 } else {
8081 c_write_str(ssh, "Unable to load private key (");
8082 c_write_str(ssh, error);
8083 c_write_str(ssh, ")\r\n");
8084 key = NULL;
8085 break; /* try something else */
8086 }
8087 }
8088 }
8089
8090 if (key) {
8091 unsigned char *pkblob, *sigblob, *sigdata;
8092 int pkblob_len, sigblob_len, sigdata_len;
8093 int p;
8094
8095 /*
8096 * We have loaded the private key and the server
8097 * has announced that it's willing to accept it.
8098 * Hallelujah. Generate a signature and send it.
8099 */
8100 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8101 ssh2_pkt_addstring(s->pktout, ssh->username);
8102 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8103 /* service requested */
8104 ssh2_pkt_addstring(s->pktout, "publickey");
8105 /* method */
8106 ssh2_pkt_addbool(s->pktout, TRUE);
8107 /* signature follows */
8108 ssh2_pkt_addstring(s->pktout, key->alg->name);
8109 pkblob = key->alg->public_blob(key->data,
8110 &pkblob_len);
8111 ssh2_pkt_addstring_start(s->pktout);
8112 ssh2_pkt_addstring_data(s->pktout, (char *)pkblob,
8113 pkblob_len);
8114
8115 /*
8116 * The data to be signed is:
8117 *
8118 * string session-id
8119 *
8120 * followed by everything so far placed in the
8121 * outgoing packet.
8122 */
8123 sigdata_len = s->pktout->length - 5 + 4 +
8124 ssh->v2_session_id_len;
8125 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
8126 sigdata_len -= 4;
8127 sigdata = snewn(sigdata_len, unsigned char);
8128 p = 0;
8129 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
8130 PUT_32BIT(sigdata+p, ssh->v2_session_id_len);
8131 p += 4;
8132 }
8133 memcpy(sigdata+p, ssh->v2_session_id,
8134 ssh->v2_session_id_len);
8135 p += ssh->v2_session_id_len;
8136 memcpy(sigdata+p, s->pktout->data + 5,
8137 s->pktout->length - 5);
8138 p += s->pktout->length - 5;
8139 assert(p == sigdata_len);
8140 sigblob = key->alg->sign(key->data, (char *)sigdata,
8141 sigdata_len, &sigblob_len);
8142 ssh2_add_sigblob(ssh, s->pktout, pkblob, pkblob_len,
8143 sigblob, sigblob_len);
8144 sfree(pkblob);
8145 sfree(sigblob);
8146 sfree(sigdata);
8147
8148 ssh2_pkt_send(ssh, s->pktout);
8149 logevent("Sent public key signature");
8150 s->type = AUTH_TYPE_PUBLICKEY;
8151 key->alg->freekey(key->data);
8152 }
8153
8154 #ifndef NO_GSSAPI
8155 } else if (s->can_gssapi && !s->tried_gssapi) {
8156
8157 /* GSSAPI Authentication */
8158
8159 int micoffset, len;
8160 char *data;
8161 Ssh_gss_buf mic;
8162 s->type = AUTH_TYPE_GSSAPI;
8163 s->tried_gssapi = TRUE;
8164 s->gotit = TRUE;
8165 ssh->pkt_actx = SSH2_PKTCTX_GSSAPI;
8166
8167 /*
8168 * Pick the highest GSS library on the preference
8169 * list.
8170 */
8171 {
8172 int i, j;
8173 s->gsslib = NULL;
8174 for (i = 0; i < ngsslibs; i++) {
8175 int want_id = conf_get_int_int(ssh->conf,
8176 CONF_ssh_gsslist, i);
8177 for (j = 0; j < ssh->gsslibs->nlibraries; j++)
8178 if (ssh->gsslibs->libraries[j].id == want_id) {
8179 s->gsslib = &ssh->gsslibs->libraries[j];
8180 goto got_gsslib; /* double break */
8181 }
8182 }
8183 got_gsslib:
8184 /*
8185 * We always expect to have found something in
8186 * the above loop: we only came here if there
8187 * was at least one viable GSS library, and the
8188 * preference list should always mention
8189 * everything and only change the order.
8190 */
8191 assert(s->gsslib);
8192 }
8193
8194 if (s->gsslib->gsslogmsg)
8195 logevent(s->gsslib->gsslogmsg);
8196
8197 /* Sending USERAUTH_REQUEST with "gssapi-with-mic" method */
8198 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8199 ssh2_pkt_addstring(s->pktout, ssh->username);
8200 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8201 ssh2_pkt_addstring(s->pktout, "gssapi-with-mic");
8202 logevent("Attempting GSSAPI authentication");
8203
8204 /* add mechanism info */
8205 s->gsslib->indicate_mech(s->gsslib, &s->gss_buf);
8206
8207 /* number of GSSAPI mechanisms */
8208 ssh2_pkt_adduint32(s->pktout,1);
8209
8210 /* length of OID + 2 */
8211 ssh2_pkt_adduint32(s->pktout, s->gss_buf.length + 2);
8212 ssh2_pkt_addbyte(s->pktout, SSH2_GSS_OIDTYPE);
8213
8214 /* length of OID */
8215 ssh2_pkt_addbyte(s->pktout, (unsigned char) s->gss_buf.length);
8216
8217 ssh_pkt_adddata(s->pktout, s->gss_buf.value,
8218 s->gss_buf.length);
8219 ssh2_pkt_send(ssh, s->pktout);
8220 crWaitUntilV(pktin);
8221 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_RESPONSE) {
8222 logevent("GSSAPI authentication request refused");
8223 continue;
8224 }
8225
8226 /* check returned packet ... */
8227
8228 ssh_pkt_getstring(pktin, &data, &len);
8229 s->gss_rcvtok.value = data;
8230 s->gss_rcvtok.length = len;
8231 if (s->gss_rcvtok.length != s->gss_buf.length + 2 ||
8232 ((char *)s->gss_rcvtok.value)[0] != SSH2_GSS_OIDTYPE ||
8233 ((char *)s->gss_rcvtok.value)[1] != s->gss_buf.length ||
8234 memcmp((char *)s->gss_rcvtok.value + 2,
8235 s->gss_buf.value,s->gss_buf.length) ) {
8236 logevent("GSSAPI authentication - wrong response from server");
8237 continue;
8238 }
8239
8240 /* now start running */
8241 s->gss_stat = s->gsslib->import_name(s->gsslib,
8242 ssh->fullhostname,
8243 &s->gss_srv_name);
8244 if (s->gss_stat != SSH_GSS_OK) {
8245 if (s->gss_stat == SSH_GSS_BAD_HOST_NAME)
8246 logevent("GSSAPI import name failed - Bad service name");
8247 else
8248 logevent("GSSAPI import name failed");
8249 continue;
8250 }
8251
8252 /* fetch TGT into GSS engine */
8253 s->gss_stat = s->gsslib->acquire_cred(s->gsslib, &s->gss_ctx);
8254
8255 if (s->gss_stat != SSH_GSS_OK) {
8256 logevent("GSSAPI authentication failed to get credentials");
8257 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8258 continue;
8259 }
8260
8261 /* initial tokens are empty */
8262 SSH_GSS_CLEAR_BUF(&s->gss_rcvtok);
8263 SSH_GSS_CLEAR_BUF(&s->gss_sndtok);
8264
8265 /* now enter the loop */
8266 do {
8267 s->gss_stat = s->gsslib->init_sec_context
8268 (s->gsslib,
8269 &s->gss_ctx,
8270 s->gss_srv_name,
8271 conf_get_int(ssh->conf, CONF_gssapifwd),
8272 &s->gss_rcvtok,
8273 &s->gss_sndtok);
8274
8275 if (s->gss_stat!=SSH_GSS_S_COMPLETE &&
8276 s->gss_stat!=SSH_GSS_S_CONTINUE_NEEDED) {
8277 logevent("GSSAPI authentication initialisation failed");
8278
8279 if (s->gsslib->display_status(s->gsslib, s->gss_ctx,
8280 &s->gss_buf) == SSH_GSS_OK) {
8281 logevent(s->gss_buf.value);
8282 sfree(s->gss_buf.value);
8283 }
8284
8285 break;
8286 }
8287 logevent("GSSAPI authentication initialised");
8288
8289 /* Client and server now exchange tokens until GSSAPI
8290 * no longer says CONTINUE_NEEDED */
8291
8292 if (s->gss_sndtok.length != 0) {
8293 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
8294 ssh_pkt_addstring_start(s->pktout);
8295 ssh_pkt_addstring_data(s->pktout,s->gss_sndtok.value,s->gss_sndtok.length);
8296 ssh2_pkt_send(ssh, s->pktout);
8297 s->gsslib->free_tok(s->gsslib, &s->gss_sndtok);
8298 }
8299
8300 if (s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED) {
8301 crWaitUntilV(pktin);
8302 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_TOKEN) {
8303 logevent("GSSAPI authentication - bad server response");
8304 s->gss_stat = SSH_GSS_FAILURE;
8305 break;
8306 }
8307 ssh_pkt_getstring(pktin, &data, &len);
8308 s->gss_rcvtok.value = data;
8309 s->gss_rcvtok.length = len;
8310 }
8311 } while (s-> gss_stat == SSH_GSS_S_CONTINUE_NEEDED);
8312
8313 if (s->gss_stat != SSH_GSS_OK) {
8314 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8315 s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
8316 continue;
8317 }
8318 logevent("GSSAPI authentication loop finished OK");
8319
8320 /* Now send the MIC */
8321
8322 s->pktout = ssh2_pkt_init(0);
8323 micoffset = s->pktout->length;
8324 ssh_pkt_addstring_start(s->pktout);
8325 ssh_pkt_addstring_data(s->pktout, (char *)ssh->v2_session_id, ssh->v2_session_id_len);
8326 ssh_pkt_addbyte(s->pktout, SSH2_MSG_USERAUTH_REQUEST);
8327 ssh_pkt_addstring(s->pktout, ssh->username);
8328 ssh_pkt_addstring(s->pktout, "ssh-connection");
8329 ssh_pkt_addstring(s->pktout, "gssapi-with-mic");
8330
8331 s->gss_buf.value = (char *)s->pktout->data + micoffset;
8332 s->gss_buf.length = s->pktout->length - micoffset;
8333
8334 s->gsslib->get_mic(s->gsslib, s->gss_ctx, &s->gss_buf, &mic);
8335 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_MIC);
8336 ssh_pkt_addstring_start(s->pktout);
8337 ssh_pkt_addstring_data(s->pktout, mic.value, mic.length);
8338 ssh2_pkt_send(ssh, s->pktout);
8339 s->gsslib->free_mic(s->gsslib, &mic);
8340
8341 s->gotit = FALSE;
8342
8343 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8344 s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
8345 continue;
8346 #endif
8347 } else if (s->can_keyb_inter && !s->kbd_inter_refused) {
8348
8349 /*
8350 * Keyboard-interactive authentication.
8351 */
8352
8353 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
8354
8355 ssh->pkt_actx = SSH2_PKTCTX_KBDINTER;
8356
8357 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8358 ssh2_pkt_addstring(s->pktout, ssh->username);
8359 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8360 /* service requested */
8361 ssh2_pkt_addstring(s->pktout, "keyboard-interactive");
8362 /* method */
8363 ssh2_pkt_addstring(s->pktout, ""); /* lang */
8364 ssh2_pkt_addstring(s->pktout, ""); /* submethods */
8365 ssh2_pkt_send(ssh, s->pktout);
8366
8367 logevent("Attempting keyboard-interactive authentication");
8368
8369 crWaitUntilV(pktin);
8370 if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
8371 /* Server is not willing to do keyboard-interactive
8372 * at all (or, bizarrely but legally, accepts the
8373 * user without actually issuing any prompts).
8374 * Give up on it entirely. */
8375 s->gotit = TRUE;
8376 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
8377 s->kbd_inter_refused = TRUE; /* don't try it again */
8378 continue;
8379 }
8380
8381 /*
8382 * Loop while the server continues to send INFO_REQUESTs.
8383 */
8384 while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
8385
8386 char *name, *inst, *lang;
8387 int name_len, inst_len, lang_len;
8388 int i;
8389
8390 /*
8391 * We've got a fresh USERAUTH_INFO_REQUEST.
8392 * Get the preamble and start building a prompt.
8393 */
8394 ssh_pkt_getstring(pktin, &name, &name_len);
8395 ssh_pkt_getstring(pktin, &inst, &inst_len);
8396 ssh_pkt_getstring(pktin, &lang, &lang_len);
8397 s->cur_prompt = new_prompts(ssh->frontend);
8398 s->cur_prompt->to_server = TRUE;
8399
8400 /*
8401 * Get any prompt(s) from the packet.
8402 */
8403 s->num_prompts = ssh_pkt_getuint32(pktin);
8404 for (i = 0; i < s->num_prompts; i++) {
8405 char *prompt;
8406 int prompt_len;
8407 int echo;
8408 static char noprompt[] =
8409 "<server failed to send prompt>: ";
8410
8411 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8412 echo = ssh2_pkt_getbool(pktin);
8413 if (!prompt_len) {
8414 prompt = noprompt;
8415 prompt_len = lenof(noprompt)-1;
8416 }
8417 add_prompt(s->cur_prompt,
8418 dupprintf("%.*s", prompt_len, prompt),
8419 echo, SSH_MAX_PASSWORD_LEN);
8420 }
8421
8422 if (name_len) {
8423 /* FIXME: better prefix to distinguish from
8424 * local prompts? */
8425 s->cur_prompt->name =
8426 dupprintf("SSH server: %.*s", name_len, name);
8427 s->cur_prompt->name_reqd = TRUE;
8428 } else {
8429 s->cur_prompt->name =
8430 dupstr("SSH server authentication");
8431 s->cur_prompt->name_reqd = FALSE;
8432 }
8433 /* We add a prefix to try to make it clear that a prompt
8434 * has come from the server.
8435 * FIXME: ugly to print "Using..." in prompt _every_
8436 * time round. Can this be done more subtly? */
8437 /* Special case: for reasons best known to themselves,
8438 * some servers send k-i requests with no prompts and
8439 * nothing to display. Keep quiet in this case. */
8440 if (s->num_prompts || name_len || inst_len) {
8441 s->cur_prompt->instruction =
8442 dupprintf("Using keyboard-interactive authentication.%s%.*s",
8443 inst_len ? "\n" : "", inst_len, inst);
8444 s->cur_prompt->instr_reqd = TRUE;
8445 } else {
8446 s->cur_prompt->instr_reqd = FALSE;
8447 }
8448
8449 /*
8450 * Display any instructions, and get the user's
8451 * response(s).
8452 */
8453 {
8454 int ret; /* not live over crReturn */
8455 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8456 while (ret < 0) {
8457 ssh->send_ok = 1;
8458 crWaitUntilV(!pktin);
8459 ret = get_userpass_input(s->cur_prompt, in, inlen);
8460 ssh->send_ok = 0;
8461 }
8462 if (!ret) {
8463 /*
8464 * Failed to get responses. Terminate.
8465 */
8466 free_prompts(s->cur_prompt);
8467 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8468 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8469 TRUE);
8470 crStopV;
8471 }
8472 }
8473
8474 /*
8475 * Send the response(s) to the server.
8476 */
8477 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
8478 ssh2_pkt_adduint32(s->pktout, s->num_prompts);
8479 for (i=0; i < s->num_prompts; i++) {
8480 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8481 ssh2_pkt_addstring(s->pktout,
8482 s->cur_prompt->prompts[i]->result);
8483 end_log_omission(ssh, s->pktout);
8484 }
8485 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8486
8487 /*
8488 * Get the next packet in case it's another
8489 * INFO_REQUEST.
8490 */
8491 crWaitUntilV(pktin);
8492
8493 }
8494
8495 /*
8496 * We should have SUCCESS or FAILURE now.
8497 */
8498 s->gotit = TRUE;
8499
8500 } else if (s->can_passwd) {
8501
8502 /*
8503 * Plain old password authentication.
8504 */
8505 int ret; /* not live over crReturn */
8506 int changereq_first_time; /* not live over crReturn */
8507
8508 ssh->pkt_actx = SSH2_PKTCTX_PASSWORD;
8509
8510 s->cur_prompt = new_prompts(ssh->frontend);
8511 s->cur_prompt->to_server = TRUE;
8512 s->cur_prompt->name = dupstr("SSH password");
8513 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
8514 ssh->username,
8515 ssh->savedhost),
8516 FALSE, SSH_MAX_PASSWORD_LEN);
8517
8518 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8519 while (ret < 0) {
8520 ssh->send_ok = 1;
8521 crWaitUntilV(!pktin);
8522 ret = get_userpass_input(s->cur_prompt, in, inlen);
8523 ssh->send_ok = 0;
8524 }
8525 if (!ret) {
8526 /*
8527 * Failed to get responses. Terminate.
8528 */
8529 free_prompts(s->cur_prompt);
8530 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8531 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8532 TRUE);
8533 crStopV;
8534 }
8535 /*
8536 * Squirrel away the password. (We may need it later if
8537 * asked to change it.)
8538 */
8539 s->password = dupstr(s->cur_prompt->prompts[0]->result);
8540 free_prompts(s->cur_prompt);
8541
8542 /*
8543 * Send the password packet.
8544 *
8545 * We pad out the password packet to 256 bytes to make
8546 * it harder for an attacker to find the length of the
8547 * user's password.
8548 *
8549 * Anyone using a password longer than 256 bytes
8550 * probably doesn't have much to worry about from
8551 * people who find out how long their password is!
8552 */
8553 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8554 ssh2_pkt_addstring(s->pktout, ssh->username);
8555 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8556 /* service requested */
8557 ssh2_pkt_addstring(s->pktout, "password");
8558 ssh2_pkt_addbool(s->pktout, FALSE);
8559 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8560 ssh2_pkt_addstring(s->pktout, s->password);
8561 end_log_omission(ssh, s->pktout);
8562 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8563 logevent("Sent password");
8564 s->type = AUTH_TYPE_PASSWORD;
8565
8566 /*
8567 * Wait for next packet, in case it's a password change
8568 * request.
8569 */
8570 crWaitUntilV(pktin);
8571 changereq_first_time = TRUE;
8572
8573 while (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
8574
8575 /*
8576 * We're being asked for a new password
8577 * (perhaps not for the first time).
8578 * Loop until the server accepts it.
8579 */
8580
8581 int got_new = FALSE; /* not live over crReturn */
8582 char *prompt; /* not live over crReturn */
8583 int prompt_len; /* not live over crReturn */
8584
8585 {
8586 char *msg;
8587 if (changereq_first_time)
8588 msg = "Server requested password change";
8589 else
8590 msg = "Server rejected new password";
8591 logevent(msg);
8592 c_write_str(ssh, msg);
8593 c_write_str(ssh, "\r\n");
8594 }
8595
8596 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8597
8598 s->cur_prompt = new_prompts(ssh->frontend);
8599 s->cur_prompt->to_server = TRUE;
8600 s->cur_prompt->name = dupstr("New SSH password");
8601 s->cur_prompt->instruction =
8602 dupprintf("%.*s", prompt_len, prompt);
8603 s->cur_prompt->instr_reqd = TRUE;
8604 /*
8605 * There's no explicit requirement in the protocol
8606 * for the "old" passwords in the original and
8607 * password-change messages to be the same, and
8608 * apparently some Cisco kit supports password change
8609 * by the user entering a blank password originally
8610 * and the real password subsequently, so,
8611 * reluctantly, we prompt for the old password again.
8612 *
8613 * (On the other hand, some servers don't even bother
8614 * to check this field.)
8615 */
8616 add_prompt(s->cur_prompt,
8617 dupstr("Current password (blank for previously entered password): "),
8618 FALSE, SSH_MAX_PASSWORD_LEN);
8619 add_prompt(s->cur_prompt, dupstr("Enter new password: "),
8620 FALSE, SSH_MAX_PASSWORD_LEN);
8621 add_prompt(s->cur_prompt, dupstr("Confirm new password: "),
8622 FALSE, SSH_MAX_PASSWORD_LEN);
8623
8624 /*
8625 * Loop until the user manages to enter the same
8626 * password twice.
8627 */
8628 while (!got_new) {
8629
8630 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8631 while (ret < 0) {
8632 ssh->send_ok = 1;
8633 crWaitUntilV(!pktin);
8634 ret = get_userpass_input(s->cur_prompt, in, inlen);
8635 ssh->send_ok = 0;
8636 }
8637 if (!ret) {
8638 /*
8639 * Failed to get responses. Terminate.
8640 */
8641 /* burn the evidence */
8642 free_prompts(s->cur_prompt);
8643 memset(s->password, 0, strlen(s->password));
8644 sfree(s->password);
8645 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8646 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8647 TRUE);
8648 crStopV;
8649 }
8650
8651 /*
8652 * If the user specified a new original password
8653 * (IYSWIM), overwrite any previously specified
8654 * one.
8655 * (A side effect is that the user doesn't have to
8656 * re-enter it if they louse up the new password.)
8657 */
8658 if (s->cur_prompt->prompts[0]->result[0]) {
8659 memset(s->password, 0, strlen(s->password));
8660 /* burn the evidence */
8661 sfree(s->password);
8662 s->password =
8663 dupstr(s->cur_prompt->prompts[0]->result);
8664 }
8665
8666 /*
8667 * Check the two new passwords match.
8668 */
8669 got_new = (strcmp(s->cur_prompt->prompts[1]->result,
8670 s->cur_prompt->prompts[2]->result)
8671 == 0);
8672 if (!got_new)
8673 /* They don't. Silly user. */
8674 c_write_str(ssh, "Passwords do not match\r\n");
8675
8676 }
8677
8678 /*
8679 * Send the new password (along with the old one).
8680 * (see above for padding rationale)
8681 */
8682 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8683 ssh2_pkt_addstring(s->pktout, ssh->username);
8684 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8685 /* service requested */
8686 ssh2_pkt_addstring(s->pktout, "password");
8687 ssh2_pkt_addbool(s->pktout, TRUE);
8688 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8689 ssh2_pkt_addstring(s->pktout, s->password);
8690 ssh2_pkt_addstring(s->pktout,
8691 s->cur_prompt->prompts[1]->result);
8692 free_prompts(s->cur_prompt);
8693 end_log_omission(ssh, s->pktout);
8694 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8695 logevent("Sent new password");
8696
8697 /*
8698 * Now see what the server has to say about it.
8699 * (If it's CHANGEREQ again, it's not happy with the
8700 * new password.)
8701 */
8702 crWaitUntilV(pktin);
8703 changereq_first_time = FALSE;
8704
8705 }
8706
8707 /*
8708 * We need to reexamine the current pktin at the top
8709 * of the loop. Either:
8710 * - we weren't asked to change password at all, in
8711 * which case it's a SUCCESS or FAILURE with the
8712 * usual meaning
8713 * - we sent a new password, and the server was
8714 * either OK with it (SUCCESS or FAILURE w/partial
8715 * success) or unhappy with the _old_ password
8716 * (FAILURE w/o partial success)
8717 * In any of these cases, we go back to the top of
8718 * the loop and start again.
8719 */
8720 s->gotit = TRUE;
8721
8722 /*
8723 * We don't need the old password any more, in any
8724 * case. Burn the evidence.
8725 */
8726 memset(s->password, 0, strlen(s->password));
8727 sfree(s->password);
8728
8729 } else {
8730 char *str = dupprintf("No supported authentication methods available"
8731 " (server sent: %.*s)",
8732 methlen, methods);
8733
8734 ssh_disconnect(ssh, str,
8735 "No supported authentication methods available",
8736 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,
8737 FALSE);
8738 sfree(str);
8739
8740 crStopV;
8741
8742 }
8743
8744 }
8745 }
8746 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
8747
8748 /* Clear up various bits and pieces from authentication. */
8749 if (s->publickey_blob) {
8750 sfree(s->publickey_blob);
8751 sfree(s->publickey_comment);
8752 }
8753 if (s->agent_response)
8754 sfree(s->agent_response);
8755
8756 if (s->userauth_success) {
8757 /*
8758 * We've just received USERAUTH_SUCCESS, and we haven't sent any
8759 * packets since. Signal the transport layer to consider enacting
8760 * delayed compression.
8761 *
8762 * (Relying on we_are_in is not sufficient, as
8763 * draft-miller-secsh-compression-delayed is quite clear that it
8764 * triggers on USERAUTH_SUCCESS specifically, and we_are_in can
8765 * become set for other reasons.)
8766 */
8767 do_ssh2_transport(ssh, "enabling delayed compression", -2, NULL);
8768 }
8769
8770 /*
8771 * Now the connection protocol has started, one way or another.
8772 */
8773
8774 ssh->channels = newtree234(ssh_channelcmp);
8775
8776 /*
8777 * Set up handlers for some connection protocol messages, so we
8778 * don't have to handle them repeatedly in this coroutine.
8779 */
8780 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] =
8781 ssh2_msg_channel_window_adjust;
8782 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] =
8783 ssh2_msg_global_request;
8784
8785 /*
8786 * Create the main session channel.
8787 */
8788 if (conf_get_int(ssh->conf, CONF_ssh_no_shell)) {
8789 ssh->mainchan = NULL;
8790 } else if (*conf_get_str(ssh->conf, CONF_ssh_nc_host)) {
8791 /*
8792 * Just start a direct-tcpip channel and use it as the main
8793 * channel.
8794 */
8795 ssh->mainchan = snew(struct ssh_channel);
8796 ssh->mainchan->ssh = ssh;
8797 ssh2_channel_init(ssh->mainchan);
8798 logeventf(ssh,
8799 "Opening direct-tcpip channel to %s:%d in place of session",
8800 conf_get_str(ssh->conf, CONF_ssh_nc_host),
8801 conf_get_int(ssh->conf, CONF_ssh_nc_port));
8802 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
8803 ssh2_pkt_addstring(s->pktout, "direct-tcpip");
8804 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
8805 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
8806 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
8807 ssh2_pkt_addstring(s->pktout, conf_get_str(ssh->conf, CONF_ssh_nc_host));
8808 ssh2_pkt_adduint32(s->pktout, conf_get_int(ssh->conf, CONF_ssh_nc_port));
8809 /*
8810 * There's nothing meaningful to put in the originator
8811 * fields, but some servers insist on syntactically correct
8812 * information.
8813 */
8814 ssh2_pkt_addstring(s->pktout, "0.0.0.0");
8815 ssh2_pkt_adduint32(s->pktout, 0);
8816 ssh2_pkt_send(ssh, s->pktout);
8817
8818 crWaitUntilV(pktin);
8819 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
8820 bombout(("Server refused to open a direct-tcpip channel"));
8821 crStopV;
8822 /* FIXME: error data comes back in FAILURE packet */
8823 }
8824 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
8825 bombout(("Server's channel confirmation cited wrong channel"));
8826 crStopV;
8827 }
8828 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
8829 ssh->mainchan->halfopen = FALSE;
8830 ssh->mainchan->type = CHAN_MAINSESSION;
8831 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
8832 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
8833 add234(ssh->channels, ssh->mainchan);
8834 update_specials_menu(ssh->frontend);
8835 logevent("Opened direct-tcpip channel");
8836 ssh->ncmode = TRUE;
8837 } else {
8838 ssh->mainchan = snew(struct ssh_channel);
8839 ssh->mainchan->ssh = ssh;
8840 ssh2_channel_init(ssh->mainchan);
8841 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
8842 ssh2_pkt_addstring(s->pktout, "session");
8843 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
8844 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
8845 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
8846 ssh2_pkt_send(ssh, s->pktout);
8847 crWaitUntilV(pktin);
8848 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
8849 bombout(("Server refused to open a session"));
8850 crStopV;
8851 /* FIXME: error data comes back in FAILURE packet */
8852 }
8853 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
8854 bombout(("Server's channel confirmation cited wrong channel"));
8855 crStopV;
8856 }
8857 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
8858 ssh->mainchan->halfopen = FALSE;
8859 ssh->mainchan->type = CHAN_MAINSESSION;
8860 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
8861 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
8862 add234(ssh->channels, ssh->mainchan);
8863 update_specials_menu(ssh->frontend);
8864 logevent("Opened channel for session");
8865 ssh->ncmode = FALSE;
8866 }
8867
8868 /*
8869 * Now we have a channel, make dispatch table entries for
8870 * general channel-based messages.
8871 */
8872 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] =
8873 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] =
8874 ssh2_msg_channel_data;
8875 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_channel_eof;
8876 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_channel_close;
8877 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] =
8878 ssh2_msg_channel_open_confirmation;
8879 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] =
8880 ssh2_msg_channel_open_failure;
8881 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] =
8882 ssh2_msg_channel_request;
8883 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] =
8884 ssh2_msg_channel_open;
8885
8886 if (ssh->mainchan && conf_get_int(ssh->conf, CONF_ssh_simple)) {
8887 /*
8888 * This message indicates to the server that we promise
8889 * not to try to run any other channel in parallel with
8890 * this one, so it's safe for it to advertise a very large
8891 * window and leave the flow control to TCP.
8892 */
8893 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8894 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
8895 ssh2_pkt_addstring(s->pktout, "simple@putty.projects.tartarus.org");
8896 ssh2_pkt_addbool(s->pktout, 0); /* no reply */
8897 ssh2_pkt_send(ssh, s->pktout);
8898 }
8899
8900 /*
8901 * Potentially enable X11 forwarding.
8902 */
8903 if (ssh->mainchan && !ssh->ncmode && conf_get_int(ssh->conf, CONF_x11_forward) &&
8904 (ssh->x11disp = x11_setup_display(conf_get_str(ssh->conf, CONF_x11_display),
8905 conf_get_int(ssh->conf, CONF_x11_auth), ssh->conf))) {
8906 logevent("Requesting X11 forwarding");
8907 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8908 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
8909 ssh2_pkt_addstring(s->pktout, "x11-req");
8910 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8911 ssh2_pkt_addbool(s->pktout, 0); /* many connections */
8912 ssh2_pkt_addstring(s->pktout, ssh->x11disp->remoteauthprotoname);
8913 /*
8914 * Note that while we blank the X authentication data here, we don't
8915 * take any special action to blank the start of an X11 channel,
8916 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
8917 * without having session blanking enabled is likely to leak your
8918 * cookie into the log.
8919 */
8920 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8921 ssh2_pkt_addstring(s->pktout, ssh->x11disp->remoteauthdatastring);
8922 end_log_omission(ssh, s->pktout);
8923 ssh2_pkt_adduint32(s->pktout, ssh->x11disp->screennum);
8924 ssh2_pkt_send(ssh, s->pktout);
8925
8926 crWaitUntilV(pktin);
8927
8928 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
8929 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
8930 bombout(("Unexpected response to X11 forwarding request:"
8931 " packet type %d", pktin->type));
8932 crStopV;
8933 }
8934 logevent("X11 forwarding refused");
8935 } else {
8936 logevent("X11 forwarding enabled");
8937 ssh->X11_fwd_enabled = TRUE;
8938 }
8939 }
8940
8941 /*
8942 * Enable port forwardings.
8943 */
8944 ssh_setup_portfwd(ssh, ssh->conf);
8945
8946 /*
8947 * Potentially enable agent forwarding.
8948 */
8949 if (ssh->mainchan && !ssh->ncmode && conf_get_int(ssh->conf, CONF_agentfwd) && agent_exists()) {
8950 logevent("Requesting OpenSSH-style agent forwarding");
8951 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8952 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
8953 ssh2_pkt_addstring(s->pktout, "auth-agent-req@openssh.com");
8954 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8955 ssh2_pkt_send(ssh, s->pktout);
8956
8957 crWaitUntilV(pktin);
8958
8959 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
8960 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
8961 bombout(("Unexpected response to agent forwarding request:"
8962 " packet type %d", pktin->type));
8963 crStopV;
8964 }
8965 logevent("Agent forwarding refused");
8966 } else {
8967 logevent("Agent forwarding enabled");
8968 ssh->agentfwd_enabled = TRUE;
8969 }
8970 }
8971
8972 /*
8973 * Now allocate a pty for the session.
8974 */
8975 if (ssh->mainchan && !ssh->ncmode && !conf_get_int(ssh->conf, CONF_nopty)) {
8976 /* Unpick the terminal-speed string. */
8977 /* XXX perhaps we should allow no speeds to be sent. */
8978 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
8979 sscanf(conf_get_str(ssh->conf, CONF_termspeed), "%d,%d", &ssh->ospeed, &ssh->ispeed);
8980 /* Build the pty request. */
8981 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8982 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
8983 ssh2_pkt_addstring(s->pktout, "pty-req");
8984 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8985 ssh2_pkt_addstring(s->pktout, conf_get_str(ssh->conf, CONF_termtype));
8986 ssh2_pkt_adduint32(s->pktout, ssh->term_width);
8987 ssh2_pkt_adduint32(s->pktout, ssh->term_height);
8988 ssh2_pkt_adduint32(s->pktout, 0); /* pixel width */
8989 ssh2_pkt_adduint32(s->pktout, 0); /* pixel height */
8990 ssh2_pkt_addstring_start(s->pktout);
8991 parse_ttymodes(ssh, ssh2_send_ttymode, (void *)s->pktout);
8992 ssh2_pkt_addbyte(s->pktout, SSH2_TTY_OP_ISPEED);
8993 ssh2_pkt_adduint32(s->pktout, ssh->ispeed);
8994 ssh2_pkt_addbyte(s->pktout, SSH2_TTY_OP_OSPEED);
8995 ssh2_pkt_adduint32(s->pktout, ssh->ospeed);
8996 ssh2_pkt_addstring_data(s->pktout, "\0", 1); /* TTY_OP_END */
8997 ssh2_pkt_send(ssh, s->pktout);
8998 ssh->state = SSH_STATE_INTERMED;
8999
9000 crWaitUntilV(pktin);
9001
9002 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
9003 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
9004 bombout(("Unexpected response to pty request:"
9005 " packet type %d", pktin->type));
9006 crStopV;
9007 }
9008 c_write_str(ssh, "Server refused to allocate pty\r\n");
9009 ssh->editing = ssh->echoing = 1;
9010 } else {
9011 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
9012 ssh->ospeed, ssh->ispeed);
9013 }
9014 } else {
9015 ssh->editing = ssh->echoing = 1;
9016 }
9017
9018 /*
9019 * Send environment variables.
9020 *
9021 * Simplest thing here is to send all the requests at once, and
9022 * then wait for a whole bunch of successes or failures.
9023 */
9024 if (ssh->mainchan && !ssh->ncmode) {
9025 char *key, *val;
9026
9027 s->num_env = 0;
9028
9029 for (val = conf_get_str_strs(ssh->conf, CONF_environmt, NULL, &key);
9030 val != NULL;
9031 val = conf_get_str_strs(ssh->conf, CONF_environmt, key, &key)) {
9032 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9033 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
9034 ssh2_pkt_addstring(s->pktout, "env");
9035 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
9036 ssh2_pkt_addstring(s->pktout, key);
9037 ssh2_pkt_addstring(s->pktout, val);
9038 ssh2_pkt_send(ssh, s->pktout);
9039
9040 s->num_env++;
9041 }
9042
9043 if (s->num_env) {
9044 logeventf(ssh, "Sent %d environment variables", s->num_env);
9045
9046 s->env_ok = 0;
9047 s->env_left = s->num_env;
9048
9049 while (s->env_left > 0) {
9050 crWaitUntilV(pktin);
9051
9052 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
9053 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
9054 bombout(("Unexpected response to environment request:"
9055 " packet type %d", pktin->type));
9056 crStopV;
9057 }
9058 } else {
9059 s->env_ok++;
9060 }
9061
9062 s->env_left--;
9063 }
9064
9065 if (s->env_ok == s->num_env) {
9066 logevent("All environment variables successfully set");
9067 } else if (s->env_ok == 0) {
9068 logevent("All environment variables refused");
9069 c_write_str(ssh, "Server refused to set environment variables\r\n");
9070 } else {
9071 logeventf(ssh, "%d environment variables refused",
9072 s->num_env - s->env_ok);
9073 c_write_str(ssh, "Server refused to set all environment variables\r\n");
9074 }
9075 }
9076 }
9077
9078 /*
9079 * Start a shell or a remote command. We may have to attempt
9080 * this twice if the config data has provided a second choice
9081 * of command.
9082 */
9083 if (ssh->mainchan && !ssh->ncmode) while (1) {
9084 int subsys;
9085 char *cmd;
9086
9087 if (ssh->fallback_cmd) {
9088 subsys = conf_get_int(ssh->conf, CONF_ssh_subsys2);
9089 cmd = conf_get_str(ssh->conf, CONF_remote_cmd2);
9090 } else {
9091 subsys = conf_get_int(ssh->conf, CONF_ssh_subsys);
9092 cmd = conf_get_str(ssh->conf, CONF_remote_cmd);
9093 }
9094
9095 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9096 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
9097 if (subsys) {
9098 ssh2_pkt_addstring(s->pktout, "subsystem");
9099 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
9100 ssh2_pkt_addstring(s->pktout, cmd);
9101 } else if (*cmd) {
9102 ssh2_pkt_addstring(s->pktout, "exec");
9103 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
9104 ssh2_pkt_addstring(s->pktout, cmd);
9105 } else {
9106 ssh2_pkt_addstring(s->pktout, "shell");
9107 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
9108 }
9109 ssh2_pkt_send(ssh, s->pktout);
9110
9111 crWaitUntilV(pktin);
9112
9113 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
9114 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
9115 bombout(("Unexpected response to shell/command request:"
9116 " packet type %d", pktin->type));
9117 crStopV;
9118 }
9119 /*
9120 * We failed to start the command. If this is the
9121 * fallback command, we really are finished; if it's
9122 * not, and if the fallback command exists, try falling
9123 * back to it before complaining.
9124 */
9125 if (!ssh->fallback_cmd &&
9126 *conf_get_str(ssh->conf, CONF_remote_cmd2)) {
9127 logevent("Primary command failed; attempting fallback");
9128 ssh->fallback_cmd = TRUE;
9129 continue;
9130 }
9131 bombout(("Server refused to start a shell/command"));
9132 crStopV;
9133 } else {
9134 logevent("Started a shell/command");
9135 }
9136 break;
9137 }
9138
9139 ssh->state = SSH_STATE_SESSION;
9140 if (ssh->size_needed)
9141 ssh_size(ssh, ssh->term_width, ssh->term_height);
9142 if (ssh->eof_needed)
9143 ssh_special(ssh, TS_EOF);
9144
9145 /*
9146 * All the initial channel requests are done, so install the default
9147 * failure handler.
9148 */
9149 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = ssh2_msg_channel_success;
9150 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = ssh2_msg_channel_failure;
9151
9152 /*
9153 * Transfer data!
9154 */
9155 if (ssh->ldisc)
9156 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
9157 if (ssh->mainchan)
9158 ssh->send_ok = 1;
9159 while (1) {
9160 crReturnV;
9161 s->try_send = FALSE;
9162 if (pktin) {
9163
9164 /*
9165 * _All_ the connection-layer packets we expect to
9166 * receive are now handled by the dispatch table.
9167 * Anything that reaches here must be bogus.
9168 */
9169
9170 bombout(("Strange packet received: type %d", pktin->type));
9171 crStopV;
9172 } else if (ssh->mainchan) {
9173 /*
9174 * We have spare data. Add it to the channel buffer.
9175 */
9176 ssh2_add_channel_data(ssh->mainchan, (char *)in, inlen);
9177 s->try_send = TRUE;
9178 }
9179 if (s->try_send) {
9180 int i;
9181 struct ssh_channel *c;
9182 /*
9183 * Try to send data on all channels if we can.
9184 */
9185 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
9186 ssh2_try_send_and_unthrottle(ssh, c);
9187 }
9188 }
9189
9190 crFinishV;
9191 }
9192
9193 /*
9194 * Handlers for SSH-2 messages that might arrive at any moment.
9195 */
9196 static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
9197 {
9198 /* log reason code in disconnect message */
9199 char *buf, *msg;
9200 int reason, msglen;
9201
9202 reason = ssh_pkt_getuint32(pktin);
9203 ssh_pkt_getstring(pktin, &msg, &msglen);
9204
9205 if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
9206 buf = dupprintf("Received disconnect message (%s)",
9207 ssh2_disconnect_reasons[reason]);
9208 } else {
9209 buf = dupprintf("Received disconnect message (unknown"
9210 " type %d)", reason);
9211 }
9212 logevent(buf);
9213 sfree(buf);
9214 buf = dupprintf("Disconnection message text: %.*s",
9215 msglen, msg);
9216 logevent(buf);
9217 bombout(("Server sent disconnect message\ntype %d (%s):\n\"%.*s\"",
9218 reason,
9219 (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
9220 ssh2_disconnect_reasons[reason] : "unknown",
9221 msglen, msg));
9222 sfree(buf);
9223 }
9224
9225 static void ssh2_msg_debug(Ssh ssh, struct Packet *pktin)
9226 {
9227 /* log the debug message */
9228 char *msg;
9229 int msglen;
9230
9231 /* XXX maybe we should actually take notice of the return value */
9232 ssh2_pkt_getbool(pktin);
9233 ssh_pkt_getstring(pktin, &msg, &msglen);
9234
9235 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
9236 }
9237
9238 static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
9239 {
9240 struct Packet *pktout;
9241 pktout = ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED);
9242 ssh2_pkt_adduint32(pktout, pktin->sequence);
9243 /*
9244 * UNIMPLEMENTED messages MUST appear in the same order as the
9245 * messages they respond to. Hence, never queue them.
9246 */
9247 ssh2_pkt_send_noqueue(ssh, pktout);
9248 }
9249
9250 /*
9251 * Handle the top-level SSH-2 protocol.
9252 */
9253 static void ssh2_protocol_setup(Ssh ssh)
9254 {
9255 int i;
9256
9257 /*
9258 * Most messages cause SSH2_MSG_UNIMPLEMENTED.
9259 */
9260 for (i = 0; i < 256; i++)
9261 ssh->packet_dispatch[i] = ssh2_msg_something_unimplemented;
9262
9263 /*
9264 * Any message we actually understand, we set to NULL so that
9265 * the coroutines will get it.
9266 */
9267 ssh->packet_dispatch[SSH2_MSG_UNIMPLEMENTED] = NULL;
9268 ssh->packet_dispatch[SSH2_MSG_SERVICE_REQUEST] = NULL;
9269 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = NULL;
9270 ssh->packet_dispatch[SSH2_MSG_KEXINIT] = NULL;
9271 ssh->packet_dispatch[SSH2_MSG_NEWKEYS] = NULL;
9272 ssh->packet_dispatch[SSH2_MSG_KEXDH_INIT] = NULL;
9273 ssh->packet_dispatch[SSH2_MSG_KEXDH_REPLY] = NULL;
9274 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REQUEST] = NULL; duplicate case value */
9275 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_GROUP] = NULL; duplicate case value */
9276 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_INIT] = NULL;
9277 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REPLY] = NULL;
9278 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = NULL;
9279 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = NULL;
9280 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = NULL;
9281 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
9282 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = NULL;
9283 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = NULL; duplicate case value */
9284 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = NULL; duplicate case value */
9285 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = NULL;
9286 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = NULL;
9287 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = NULL;
9288 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = NULL;
9289 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = NULL;
9290 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = NULL;
9291 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = NULL;
9292 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = NULL;
9293 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = NULL;
9294 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = NULL;
9295 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = NULL;
9296 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = NULL;
9297 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] = NULL;
9298 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = NULL;
9299 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = NULL;
9300
9301 /*
9302 * These special message types we install handlers for.
9303 */
9304 ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
9305 ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
9306 ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
9307 }
9308
9309 static void ssh2_timer(void *ctx, long now)
9310 {
9311 Ssh ssh = (Ssh)ctx;
9312
9313 if (ssh->state == SSH_STATE_CLOSED)
9314 return;
9315
9316 if (!ssh->kex_in_progress && conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0 &&
9317 now - ssh->next_rekey >= 0) {
9318 do_ssh2_transport(ssh, "timeout", -1, NULL);
9319 }
9320 }
9321
9322 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
9323 struct Packet *pktin)
9324 {
9325 unsigned char *in = (unsigned char *)vin;
9326 if (ssh->state == SSH_STATE_CLOSED)
9327 return;
9328
9329 if (pktin) {
9330 ssh->incoming_data_size += pktin->encrypted_len;
9331 if (!ssh->kex_in_progress &&
9332 ssh->max_data_size != 0 &&
9333 ssh->incoming_data_size > ssh->max_data_size)
9334 do_ssh2_transport(ssh, "too much data received", -1, NULL);
9335 }
9336
9337 if (pktin && ssh->packet_dispatch[pktin->type]) {
9338 ssh->packet_dispatch[pktin->type](ssh, pktin);
9339 return;
9340 }
9341
9342 if (!ssh->protocol_initial_phase_done ||
9343 (pktin && pktin->type >= 20 && pktin->type < 50)) {
9344 if (do_ssh2_transport(ssh, in, inlen, pktin) &&
9345 !ssh->protocol_initial_phase_done) {
9346 ssh->protocol_initial_phase_done = TRUE;
9347 /*
9348 * Allow authconn to initialise itself.
9349 */
9350 do_ssh2_authconn(ssh, NULL, 0, NULL);
9351 }
9352 } else {
9353 do_ssh2_authconn(ssh, in, inlen, pktin);
9354 }
9355 }
9356
9357 static void ssh_cache_conf_values(Ssh ssh)
9358 {
9359 ssh->logomitdata = conf_get_int(ssh->conf, CONF_logomitdata);
9360 }
9361
9362 /*
9363 * Called to set up the connection.
9364 *
9365 * Returns an error message, or NULL on success.
9366 */
9367 static const char *ssh_init(void *frontend_handle, void **backend_handle,
9368 Conf *conf, char *host, int port, char **realhost,
9369 int nodelay, int keepalive)
9370 {
9371 const char *p;
9372 Ssh ssh;
9373
9374 ssh = snew(struct ssh_tag);
9375 ssh->conf = conf_copy(conf);
9376 ssh_cache_conf_values(ssh);
9377 ssh->version = 0; /* when not ready yet */
9378 ssh->s = NULL;
9379 ssh->cipher = NULL;
9380 ssh->v1_cipher_ctx = NULL;
9381 ssh->crcda_ctx = NULL;
9382 ssh->cscipher = NULL;
9383 ssh->cs_cipher_ctx = NULL;
9384 ssh->sccipher = NULL;
9385 ssh->sc_cipher_ctx = NULL;
9386 ssh->csmac = NULL;
9387 ssh->cs_mac_ctx = NULL;
9388 ssh->scmac = NULL;
9389 ssh->sc_mac_ctx = NULL;
9390 ssh->cscomp = NULL;
9391 ssh->cs_comp_ctx = NULL;
9392 ssh->sccomp = NULL;
9393 ssh->sc_comp_ctx = NULL;
9394 ssh->kex = NULL;
9395 ssh->kex_ctx = NULL;
9396 ssh->hostkey = NULL;
9397 ssh->exitcode = -1;
9398 ssh->close_expected = FALSE;
9399 ssh->clean_exit = FALSE;
9400 ssh->state = SSH_STATE_PREPACKET;
9401 ssh->size_needed = FALSE;
9402 ssh->eof_needed = FALSE;
9403 ssh->ldisc = NULL;
9404 ssh->logctx = NULL;
9405 ssh->deferred_send_data = NULL;
9406 ssh->deferred_len = 0;
9407 ssh->deferred_size = 0;
9408 ssh->fallback_cmd = 0;
9409 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
9410 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
9411 ssh->x11disp = NULL;
9412 ssh->v1_compressing = FALSE;
9413 ssh->v2_outgoing_sequence = 0;
9414 ssh->ssh1_rdpkt_crstate = 0;
9415 ssh->ssh2_rdpkt_crstate = 0;
9416 ssh->do_ssh_init_crstate = 0;
9417 ssh->ssh_gotdata_crstate = 0;
9418 ssh->do_ssh1_connection_crstate = 0;
9419 ssh->do_ssh1_login_crstate = 0;
9420 ssh->do_ssh2_transport_crstate = 0;
9421 ssh->do_ssh2_authconn_crstate = 0;
9422 ssh->do_ssh_init_state = NULL;
9423 ssh->do_ssh1_login_state = NULL;
9424 ssh->do_ssh2_transport_state = NULL;
9425 ssh->do_ssh2_authconn_state = NULL;
9426 ssh->v_c = NULL;
9427 ssh->v_s = NULL;
9428 ssh->mainchan = NULL;
9429 ssh->throttled_all = 0;
9430 ssh->v1_stdout_throttling = 0;
9431 ssh->queue = NULL;
9432 ssh->queuelen = ssh->queuesize = 0;
9433 ssh->queueing = FALSE;
9434 ssh->qhead = ssh->qtail = NULL;
9435 ssh->deferred_rekey_reason = NULL;
9436 bufchain_init(&ssh->queued_incoming_data);
9437 ssh->frozen = FALSE;
9438 ssh->username = NULL;
9439 ssh->sent_console_eof = FALSE;
9440
9441 *backend_handle = ssh;
9442
9443 #ifdef MSCRYPTOAPI
9444 if (crypto_startup() == 0)
9445 return "Microsoft high encryption pack not installed!";
9446 #endif
9447
9448 ssh->frontend = frontend_handle;
9449 ssh->term_width = conf_get_int(ssh->conf, CONF_width);
9450 ssh->term_height = conf_get_int(ssh->conf, CONF_height);
9451
9452 ssh->channels = NULL;
9453 ssh->rportfwds = NULL;
9454 ssh->portfwds = NULL;
9455
9456 ssh->send_ok = 0;
9457 ssh->editing = 0;
9458 ssh->echoing = 0;
9459 ssh->conn_throttle_count = 0;
9460 ssh->overall_bufsize = 0;
9461 ssh->fallback_cmd = 0;
9462
9463 ssh->protocol = NULL;
9464
9465 ssh->protocol_initial_phase_done = FALSE;
9466
9467 ssh->pinger = NULL;
9468
9469 ssh->incoming_data_size = ssh->outgoing_data_size =
9470 ssh->deferred_data_size = 0L;
9471 ssh->max_data_size = parse_blocksize(conf_get_str(ssh->conf,
9472 CONF_ssh_rekey_data));
9473 ssh->kex_in_progress = FALSE;
9474
9475 #ifndef NO_GSSAPI
9476 ssh->gsslibs = NULL;
9477 #endif
9478
9479 p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
9480 if (p != NULL)
9481 return p;
9482
9483 random_ref();
9484
9485 return NULL;
9486 }
9487
9488 static void ssh_free(void *handle)
9489 {
9490 Ssh ssh = (Ssh) handle;
9491 struct ssh_channel *c;
9492 struct ssh_rportfwd *pf;
9493
9494 if (ssh->v1_cipher_ctx)
9495 ssh->cipher->free_context(ssh->v1_cipher_ctx);
9496 if (ssh->cs_cipher_ctx)
9497 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
9498 if (ssh->sc_cipher_ctx)
9499 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
9500 if (ssh->cs_mac_ctx)
9501 ssh->csmac->free_context(ssh->cs_mac_ctx);
9502 if (ssh->sc_mac_ctx)
9503 ssh->scmac->free_context(ssh->sc_mac_ctx);
9504 if (ssh->cs_comp_ctx) {
9505 if (ssh->cscomp)
9506 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
9507 else
9508 zlib_compress_cleanup(ssh->cs_comp_ctx);
9509 }
9510 if (ssh->sc_comp_ctx) {
9511 if (ssh->sccomp)
9512 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
9513 else
9514 zlib_decompress_cleanup(ssh->sc_comp_ctx);
9515 }
9516 if (ssh->kex_ctx)
9517 dh_cleanup(ssh->kex_ctx);
9518 sfree(ssh->savedhost);
9519
9520 while (ssh->queuelen-- > 0)
9521 ssh_free_packet(ssh->queue[ssh->queuelen]);
9522 sfree(ssh->queue);
9523
9524 while (ssh->qhead) {
9525 struct queued_handler *qh = ssh->qhead;
9526 ssh->qhead = qh->next;
9527 sfree(ssh->qhead);
9528 }
9529 ssh->qhead = ssh->qtail = NULL;
9530
9531 if (ssh->channels) {
9532 while ((c = delpos234(ssh->channels, 0)) != NULL) {
9533 switch (c->type) {
9534 case CHAN_X11:
9535 if (c->u.x11.s != NULL)
9536 x11_close(c->u.x11.s);
9537 break;
9538 case CHAN_SOCKDATA:
9539 case CHAN_SOCKDATA_DORMANT:
9540 if (c->u.pfd.s != NULL)
9541 pfd_close(c->u.pfd.s);
9542 break;
9543 }
9544 sfree(c);
9545 }
9546 freetree234(ssh->channels);
9547 ssh->channels = NULL;
9548 }
9549
9550 if (ssh->rportfwds) {
9551 while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
9552 free_rportfwd(pf);
9553 freetree234(ssh->rportfwds);
9554 ssh->rportfwds = NULL;
9555 }
9556 sfree(ssh->deferred_send_data);
9557 if (ssh->x11disp)
9558 x11_free_display(ssh->x11disp);
9559 sfree(ssh->do_ssh_init_state);
9560 sfree(ssh->do_ssh1_login_state);
9561 sfree(ssh->do_ssh2_transport_state);
9562 sfree(ssh->do_ssh2_authconn_state);
9563 sfree(ssh->v_c);
9564 sfree(ssh->v_s);
9565 sfree(ssh->fullhostname);
9566 if (ssh->crcda_ctx) {
9567 crcda_free_context(ssh->crcda_ctx);
9568 ssh->crcda_ctx = NULL;
9569 }
9570 if (ssh->s)
9571 ssh_do_close(ssh, TRUE);
9572 expire_timer_context(ssh);
9573 if (ssh->pinger)
9574 pinger_free(ssh->pinger);
9575 bufchain_clear(&ssh->queued_incoming_data);
9576 sfree(ssh->username);
9577 conf_free(ssh->conf);
9578 #ifndef NO_GSSAPI
9579 if (ssh->gsslibs)
9580 ssh_gss_cleanup(ssh->gsslibs);
9581 #endif
9582 sfree(ssh);
9583
9584 random_unref();
9585 }
9586
9587 /*
9588 * Reconfigure the SSH backend.
9589 */
9590 static void ssh_reconfig(void *handle, Conf *conf)
9591 {
9592 Ssh ssh = (Ssh) handle;
9593 char *rekeying = NULL, rekey_mandatory = FALSE;
9594 unsigned long old_max_data_size;
9595 int i, rekey_time;
9596
9597 pinger_reconfig(ssh->pinger, ssh->conf, conf);
9598 if (ssh->portfwds)
9599 ssh_setup_portfwd(ssh, conf);
9600
9601 rekey_time = conf_get_int(conf, CONF_ssh_rekey_time);
9602 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != rekey_time &&
9603 rekey_time != 0) {
9604 long new_next = ssh->last_rekey + rekey_time*60*TICKSPERSEC;
9605 long now = GETTICKCOUNT();
9606
9607 if (new_next - now < 0) {
9608 rekeying = "timeout shortened";
9609 } else {
9610 ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
9611 }
9612 }
9613
9614 old_max_data_size = ssh->max_data_size;
9615 ssh->max_data_size = parse_blocksize(conf_get_str(ssh->conf,
9616 CONF_ssh_rekey_data));
9617 if (old_max_data_size != ssh->max_data_size &&
9618 ssh->max_data_size != 0) {
9619 if (ssh->outgoing_data_size > ssh->max_data_size ||
9620 ssh->incoming_data_size > ssh->max_data_size)
9621 rekeying = "data limit lowered";
9622 }
9623
9624 if (conf_get_int(ssh->conf, CONF_compression) !=
9625 conf_get_int(conf, CONF_compression)) {
9626 rekeying = "compression setting changed";
9627 rekey_mandatory = TRUE;
9628 }
9629
9630 for (i = 0; i < CIPHER_MAX; i++)
9631 if (conf_get_int_int(ssh->conf, CONF_ssh_cipherlist, i) !=
9632 conf_get_int_int(conf, CONF_ssh_cipherlist, i)) {
9633 rekeying = "cipher settings changed";
9634 rekey_mandatory = TRUE;
9635 }
9636 if (conf_get_int(ssh->conf, CONF_ssh2_des_cbc) !=
9637 conf_get_int(conf, CONF_ssh2_des_cbc)) {
9638 rekeying = "cipher settings changed";
9639 rekey_mandatory = TRUE;
9640 }
9641
9642 conf_free(ssh->conf);
9643 ssh->conf = conf_copy(conf);
9644 ssh_cache_conf_values(ssh);
9645
9646 if (rekeying) {
9647 if (!ssh->kex_in_progress) {
9648 do_ssh2_transport(ssh, rekeying, -1, NULL);
9649 } else if (rekey_mandatory) {
9650 ssh->deferred_rekey_reason = rekeying;
9651 }
9652 }
9653 }
9654
9655 /*
9656 * Called to send data down the SSH connection.
9657 */
9658 static int ssh_send(void *handle, char *buf, int len)
9659 {
9660 Ssh ssh = (Ssh) handle;
9661
9662 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
9663 return 0;
9664
9665 ssh->protocol(ssh, (unsigned char *)buf, len, 0);
9666
9667 return ssh_sendbuffer(ssh);
9668 }
9669
9670 /*
9671 * Called to query the current amount of buffered stdin data.
9672 */
9673 static int ssh_sendbuffer(void *handle)
9674 {
9675 Ssh ssh = (Ssh) handle;
9676 int override_value;
9677
9678 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
9679 return 0;
9680
9681 /*
9682 * If the SSH socket itself has backed up, add the total backup
9683 * size on that to any individual buffer on the stdin channel.
9684 */
9685 override_value = 0;
9686 if (ssh->throttled_all)
9687 override_value = ssh->overall_bufsize;
9688
9689 if (ssh->version == 1) {
9690 return override_value;
9691 } else if (ssh->version == 2) {
9692 if (!ssh->mainchan)
9693 return override_value;
9694 else
9695 return (override_value +
9696 bufchain_size(&ssh->mainchan->v.v2.outbuffer));
9697 }
9698
9699 return 0;
9700 }
9701
9702 /*
9703 * Called to set the size of the window from SSH's POV.
9704 */
9705 static void ssh_size(void *handle, int width, int height)
9706 {
9707 Ssh ssh = (Ssh) handle;
9708 struct Packet *pktout;
9709
9710 ssh->term_width = width;
9711 ssh->term_height = height;
9712
9713 switch (ssh->state) {
9714 case SSH_STATE_BEFORE_SIZE:
9715 case SSH_STATE_PREPACKET:
9716 case SSH_STATE_CLOSED:
9717 break; /* do nothing */
9718 case SSH_STATE_INTERMED:
9719 ssh->size_needed = TRUE; /* buffer for later */
9720 break;
9721 case SSH_STATE_SESSION:
9722 if (!conf_get_int(ssh->conf, CONF_nopty)) {
9723 if (ssh->version == 1) {
9724 send_packet(ssh, SSH1_CMSG_WINDOW_SIZE,
9725 PKT_INT, ssh->term_height,
9726 PKT_INT, ssh->term_width,
9727 PKT_INT, 0, PKT_INT, 0, PKT_END);
9728 } else if (ssh->mainchan) {
9729 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9730 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
9731 ssh2_pkt_addstring(pktout, "window-change");
9732 ssh2_pkt_addbool(pktout, 0);
9733 ssh2_pkt_adduint32(pktout, ssh->term_width);
9734 ssh2_pkt_adduint32(pktout, ssh->term_height);
9735 ssh2_pkt_adduint32(pktout, 0);
9736 ssh2_pkt_adduint32(pktout, 0);
9737 ssh2_pkt_send(ssh, pktout);
9738 }
9739 }
9740 break;
9741 }
9742 }
9743
9744 /*
9745 * Return a list of the special codes that make sense in this
9746 * protocol.
9747 */
9748 static const struct telnet_special *ssh_get_specials(void *handle)
9749 {
9750 static const struct telnet_special ssh1_ignore_special[] = {
9751 {"IGNORE message", TS_NOP}
9752 };
9753 static const struct telnet_special ssh2_ignore_special[] = {
9754 {"IGNORE message", TS_NOP},
9755 };
9756 static const struct telnet_special ssh2_rekey_special[] = {
9757 {"Repeat key exchange", TS_REKEY},
9758 };
9759 static const struct telnet_special ssh2_session_specials[] = {
9760 {NULL, TS_SEP},
9761 {"Break", TS_BRK},
9762 /* These are the signal names defined by RFC 4254.
9763 * They include all the ISO C signals, but are a subset of the POSIX
9764 * required signals. */
9765 {"SIGINT (Interrupt)", TS_SIGINT},
9766 {"SIGTERM (Terminate)", TS_SIGTERM},
9767 {"SIGKILL (Kill)", TS_SIGKILL},
9768 {"SIGQUIT (Quit)", TS_SIGQUIT},
9769 {"SIGHUP (Hangup)", TS_SIGHUP},
9770 {"More signals", TS_SUBMENU},
9771 {"SIGABRT", TS_SIGABRT}, {"SIGALRM", TS_SIGALRM},
9772 {"SIGFPE", TS_SIGFPE}, {"SIGILL", TS_SIGILL},
9773 {"SIGPIPE", TS_SIGPIPE}, {"SIGSEGV", TS_SIGSEGV},
9774 {"SIGUSR1", TS_SIGUSR1}, {"SIGUSR2", TS_SIGUSR2},
9775 {NULL, TS_EXITMENU}
9776 };
9777 static const struct telnet_special specials_end[] = {
9778 {NULL, TS_EXITMENU}
9779 };
9780 /* XXX review this length for any changes: */
9781 static struct telnet_special ssh_specials[lenof(ssh2_ignore_special) +
9782 lenof(ssh2_rekey_special) +
9783 lenof(ssh2_session_specials) +
9784 lenof(specials_end)];
9785 Ssh ssh = (Ssh) handle;
9786 int i = 0;
9787 #define ADD_SPECIALS(name) \
9788 do { \
9789 assert((i + lenof(name)) <= lenof(ssh_specials)); \
9790 memcpy(&ssh_specials[i], name, sizeof name); \
9791 i += lenof(name); \
9792 } while(0)
9793
9794 if (ssh->version == 1) {
9795 /* Don't bother offering IGNORE if we've decided the remote
9796 * won't cope with it, since we wouldn't bother sending it if
9797 * asked anyway. */
9798 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
9799 ADD_SPECIALS(ssh1_ignore_special);
9800 } else if (ssh->version == 2) {
9801 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE))
9802 ADD_SPECIALS(ssh2_ignore_special);
9803 if (!(ssh->remote_bugs & BUG_SSH2_REKEY))
9804 ADD_SPECIALS(ssh2_rekey_special);
9805 if (ssh->mainchan)
9806 ADD_SPECIALS(ssh2_session_specials);
9807 } /* else we're not ready yet */
9808
9809 if (i) {
9810 ADD_SPECIALS(specials_end);
9811 return ssh_specials;
9812 } else {
9813 return NULL;
9814 }
9815 #undef ADD_SPECIALS
9816 }
9817
9818 /*
9819 * Send special codes. TS_EOF is useful for `plink', so you
9820 * can send an EOF and collect resulting output (e.g. `plink
9821 * hostname sort').
9822 */
9823 static void ssh_special(void *handle, Telnet_Special code)
9824 {
9825 Ssh ssh = (Ssh) handle;
9826 struct Packet *pktout;
9827
9828 if (code == TS_EOF) {
9829 if (ssh->state != SSH_STATE_SESSION) {
9830 /*
9831 * Buffer the EOF in case we are pre-SESSION, so we can
9832 * send it as soon as we reach SESSION.
9833 */
9834 if (code == TS_EOF)
9835 ssh->eof_needed = TRUE;
9836 return;
9837 }
9838 if (ssh->version == 1) {
9839 send_packet(ssh, SSH1_CMSG_EOF, PKT_END);
9840 } else if (ssh->mainchan) {
9841 sshfwd_write_eof(ssh->mainchan);
9842 ssh->send_ok = 0; /* now stop trying to read from stdin */
9843 }
9844 logevent("Sent EOF message");
9845 } else if (code == TS_PING || code == TS_NOP) {
9846 if (ssh->state == SSH_STATE_CLOSED
9847 || ssh->state == SSH_STATE_PREPACKET) return;
9848 if (ssh->version == 1) {
9849 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
9850 send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
9851 } else {
9852 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
9853 pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
9854 ssh2_pkt_addstring_start(pktout);
9855 ssh2_pkt_send_noqueue(ssh, pktout);
9856 }
9857 }
9858 } else if (code == TS_REKEY) {
9859 if (!ssh->kex_in_progress && ssh->version == 2) {
9860 do_ssh2_transport(ssh, "at user request", -1, NULL);
9861 }
9862 } else if (code == TS_BRK) {
9863 if (ssh->state == SSH_STATE_CLOSED
9864 || ssh->state == SSH_STATE_PREPACKET) return;
9865 if (ssh->version == 1) {
9866 logevent("Unable to send BREAK signal in SSH-1");
9867 } else if (ssh->mainchan) {
9868 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9869 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
9870 ssh2_pkt_addstring(pktout, "break");
9871 ssh2_pkt_addbool(pktout, 0);
9872 ssh2_pkt_adduint32(pktout, 0); /* default break length */
9873 ssh2_pkt_send(ssh, pktout);
9874 }
9875 } else {
9876 /* Is is a POSIX signal? */
9877 char *signame = NULL;
9878 if (code == TS_SIGABRT) signame = "ABRT";
9879 if (code == TS_SIGALRM) signame = "ALRM";
9880 if (code == TS_SIGFPE) signame = "FPE";
9881 if (code == TS_SIGHUP) signame = "HUP";
9882 if (code == TS_SIGILL) signame = "ILL";
9883 if (code == TS_SIGINT) signame = "INT";
9884 if (code == TS_SIGKILL) signame = "KILL";
9885 if (code == TS_SIGPIPE) signame = "PIPE";
9886 if (code == TS_SIGQUIT) signame = "QUIT";
9887 if (code == TS_SIGSEGV) signame = "SEGV";
9888 if (code == TS_SIGTERM) signame = "TERM";
9889 if (code == TS_SIGUSR1) signame = "USR1";
9890 if (code == TS_SIGUSR2) signame = "USR2";
9891 /* The SSH-2 protocol does in principle support arbitrary named
9892 * signals, including signame@domain, but we don't support those. */
9893 if (signame) {
9894 /* It's a signal. */
9895 if (ssh->version == 2 && ssh->mainchan) {
9896 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9897 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
9898 ssh2_pkt_addstring(pktout, "signal");
9899 ssh2_pkt_addbool(pktout, 0);
9900 ssh2_pkt_addstring(pktout, signame);
9901 ssh2_pkt_send(ssh, pktout);
9902 logeventf(ssh, "Sent signal SIG%s", signame);
9903 }
9904 } else {
9905 /* Never heard of it. Do nothing */
9906 }
9907 }
9908 }
9909
9910 void *new_sock_channel(void *handle, Socket s)
9911 {
9912 Ssh ssh = (Ssh) handle;
9913 struct ssh_channel *c;
9914 c = snew(struct ssh_channel);
9915
9916 c->ssh = ssh;
9917 ssh2_channel_init(c);
9918 c->halfopen = TRUE;
9919 c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */
9920 c->u.pfd.s = s;
9921 add234(ssh->channels, c);
9922 return c;
9923 }
9924
9925 /*
9926 * This is called when stdout/stderr (the entity to which
9927 * from_backend sends data) manages to clear some backlog.
9928 */
9929 static void ssh_unthrottle(void *handle, int bufsize)
9930 {
9931 Ssh ssh = (Ssh) handle;
9932 int buflimit;
9933
9934 if (ssh->version == 1) {
9935 if (ssh->v1_stdout_throttling && bufsize < SSH1_BUFFER_LIMIT) {
9936 ssh->v1_stdout_throttling = 0;
9937 ssh_throttle_conn(ssh, -1);
9938 }
9939 } else {
9940 if (ssh->mainchan) {
9941 ssh2_set_window(ssh->mainchan,
9942 bufsize < ssh->mainchan->v.v2.locmaxwin ?
9943 ssh->mainchan->v.v2.locmaxwin - bufsize : 0);
9944 if (conf_get_int(ssh->conf, CONF_ssh_simple))
9945 buflimit = 0;
9946 else
9947 buflimit = ssh->mainchan->v.v2.locmaxwin;
9948 if (ssh->mainchan->throttling_conn && bufsize <= buflimit) {
9949 ssh->mainchan->throttling_conn = 0;
9950 ssh_throttle_conn(ssh, -1);
9951 }
9952 }
9953 }
9954 }
9955
9956 void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
9957 {
9958 struct ssh_channel *c = (struct ssh_channel *)channel;
9959 Ssh ssh = c->ssh;
9960 struct Packet *pktout;
9961
9962 logeventf(ssh, "Opening forwarded connection to %s:%d", hostname, port);
9963
9964 if (ssh->version == 1) {
9965 send_packet(ssh, SSH1_MSG_PORT_OPEN,
9966 PKT_INT, c->localid,
9967 PKT_STR, hostname,
9968 PKT_INT, port,
9969 /* PKT_STR, <org:orgport>, */
9970 PKT_END);
9971 } else {
9972 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
9973 ssh2_pkt_addstring(pktout, "direct-tcpip");
9974 ssh2_pkt_adduint32(pktout, c->localid);
9975 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);/* our window size */
9976 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
9977 ssh2_pkt_addstring(pktout, hostname);
9978 ssh2_pkt_adduint32(pktout, port);
9979 /*
9980 * We make up values for the originator data; partly it's
9981 * too much hassle to keep track, and partly I'm not
9982 * convinced the server should be told details like that
9983 * about my local network configuration.
9984 * The "originator IP address" is syntactically a numeric
9985 * IP address, and some servers (e.g., Tectia) get upset
9986 * if it doesn't match this syntax.
9987 */
9988 ssh2_pkt_addstring(pktout, "0.0.0.0");
9989 ssh2_pkt_adduint32(pktout, 0);
9990 ssh2_pkt_send(ssh, pktout);
9991 }
9992 }
9993
9994 static int ssh_connected(void *handle)
9995 {
9996 Ssh ssh = (Ssh) handle;
9997 return ssh->s != NULL;
9998 }
9999
10000 static int ssh_sendok(void *handle)
10001 {
10002 Ssh ssh = (Ssh) handle;
10003 return ssh->send_ok;
10004 }
10005
10006 static int ssh_ldisc(void *handle, int option)
10007 {
10008 Ssh ssh = (Ssh) handle;
10009 if (option == LD_ECHO)
10010 return ssh->echoing;
10011 if (option == LD_EDIT)
10012 return ssh->editing;
10013 return FALSE;
10014 }
10015
10016 static void ssh_provide_ldisc(void *handle, void *ldisc)
10017 {
10018 Ssh ssh = (Ssh) handle;
10019 ssh->ldisc = ldisc;
10020 }
10021
10022 static void ssh_provide_logctx(void *handle, void *logctx)
10023 {
10024 Ssh ssh = (Ssh) handle;
10025 ssh->logctx = logctx;
10026 }
10027
10028 static int ssh_return_exitcode(void *handle)
10029 {
10030 Ssh ssh = (Ssh) handle;
10031 if (ssh->s != NULL)
10032 return -1;
10033 else
10034 return (ssh->exitcode >= 0 ? ssh->exitcode : INT_MAX);
10035 }
10036
10037 /*
10038 * cfg_info for SSH is the currently running version of the
10039 * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
10040 */
10041 static int ssh_cfg_info(void *handle)
10042 {
10043 Ssh ssh = (Ssh) handle;
10044 return ssh->version;
10045 }
10046
10047 /*
10048 * Gross hack: pscp will try to start SFTP but fall back to scp1 if
10049 * that fails. This variable is the means by which scp.c can reach
10050 * into the SSH code and find out which one it got.
10051 */
10052 extern int ssh_fallback_cmd(void *handle)
10053 {
10054 Ssh ssh = (Ssh) handle;
10055 return ssh->fallback_cmd;
10056 }
10057
10058 Backend ssh_backend = {
10059 ssh_init,
10060 ssh_free,
10061 ssh_reconfig,
10062 ssh_send,
10063 ssh_sendbuffer,
10064 ssh_size,
10065 ssh_special,
10066 ssh_get_specials,
10067 ssh_connected,
10068 ssh_return_exitcode,
10069 ssh_sendok,
10070 ssh_ldisc,
10071 ssh_provide_ldisc,
10072 ssh_provide_logctx,
10073 ssh_unthrottle,
10074 ssh_cfg_info,
10075 "ssh",
10076 PROT_SSH,
10077 22
10078 };
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator