23 #define SSH1_MSG_DISCONNECT 1 /* 0x1 */
24 #define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */
25 #define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */
26 #define SSH1_CMSG_USER 4 /* 0x4 */
27 #define SSH1_CMSG_AUTH_RSA 6 /* 0x6 */
28 #define SSH1_SMSG_AUTH_RSA_CHALLENGE 7 /* 0x7 */
29 #define SSH1_CMSG_AUTH_RSA_RESPONSE 8 /* 0x8 */
30 #define SSH1_CMSG_AUTH_PASSWORD 9 /* 0x9 */
31 #define SSH1_CMSG_REQUEST_PTY 10 /* 0xa */
32 #define SSH1_CMSG_WINDOW_SIZE 11 /* 0xb */
33 #define SSH1_CMSG_EXEC_SHELL 12 /* 0xc */
34 #define SSH1_CMSG_EXEC_CMD 13 /* 0xd */
35 #define SSH1_SMSG_SUCCESS 14 /* 0xe */
36 #define SSH1_SMSG_FAILURE 15 /* 0xf */
37 #define SSH1_CMSG_STDIN_DATA 16 /* 0x10 */
38 #define SSH1_SMSG_STDOUT_DATA 17 /* 0x11 */
39 #define SSH1_SMSG_STDERR_DATA 18 /* 0x12 */
40 #define SSH1_CMSG_EOF 19 /* 0x13 */
41 #define SSH1_SMSG_EXIT_STATUS 20 /* 0x14 */
42 #define SSH1_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* 0x15 */
43 #define SSH1_MSG_CHANNEL_OPEN_FAILURE 22 /* 0x16 */
44 #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */
45 #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */
46 #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */
47 #define SSH1_SMSG_X11_OPEN 27 /* 0x1b */
48 #define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */
49 #define SSH1_MSG_PORT_OPEN 29 /* 0x1d */
50 #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */
51 #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */
52 #define SSH1_MSG_IGNORE 32 /* 0x20 */
53 #define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */
54 #define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */
55 #define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */
56 #define SSH1_MSG_DEBUG 36 /* 0x24 */
57 #define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */
58 #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */
59 #define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */
60 #define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */
61 #define SSH1_CMSG_AUTH_CCARD 70 /* 0x46 */
62 #define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71 /* 0x47 */
63 #define SSH1_CMSG_AUTH_CCARD_RESPONSE 72 /* 0x48 */
65 #define SSH1_AUTH_TIS 5 /* 0x5 */
66 #define SSH1_AUTH_CCARD 16 /* 0x10 */
68 #define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
69 /* Mask for protoflags we will echo back to server if seen */
70 #define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
72 #define SSH2_MSG_DISCONNECT 1 /* 0x1 */
73 #define SSH2_MSG_IGNORE 2 /* 0x2 */
74 #define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
75 #define SSH2_MSG_DEBUG 4 /* 0x4 */
76 #define SSH2_MSG_SERVICE_REQUEST 5 /* 0x5 */
77 #define SSH2_MSG_SERVICE_ACCEPT 6 /* 0x6 */
78 #define SSH2_MSG_KEXINIT 20 /* 0x14 */
79 #define SSH2_MSG_NEWKEYS 21 /* 0x15 */
80 #define SSH2_MSG_KEXDH_INIT 30 /* 0x1e */
81 #define SSH2_MSG_KEXDH_REPLY 31 /* 0x1f */
82 #define SSH2_MSG_KEX_DH_GEX_REQUEST 30 /* 0x1e */
83 #define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
84 #define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
85 #define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
86 #define SSH2_MSG_KEXRSA_PUBKEY 30 /* 0x1e */
87 #define SSH2_MSG_KEXRSA_SECRET 31 /* 0x1f */
88 #define SSH2_MSG_KEXRSA_DONE 32 /* 0x20 */
89 #define SSH2_MSG_USERAUTH_REQUEST 50 /* 0x32 */
90 #define SSH2_MSG_USERAUTH_FAILURE 51 /* 0x33 */
91 #define SSH2_MSG_USERAUTH_SUCCESS 52 /* 0x34 */
92 #define SSH2_MSG_USERAUTH_BANNER 53 /* 0x35 */
93 #define SSH2_MSG_USERAUTH_PK_OK 60 /* 0x3c */
94 #define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 /* 0x3c */
95 #define SSH2_MSG_USERAUTH_INFO_REQUEST 60 /* 0x3c */
96 #define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 /* 0x3d */
97 #define SSH2_MSG_GLOBAL_REQUEST 80 /* 0x50 */
98 #define SSH2_MSG_REQUEST_SUCCESS 81 /* 0x51 */
99 #define SSH2_MSG_REQUEST_FAILURE 82 /* 0x52 */
100 #define SSH2_MSG_CHANNEL_OPEN 90 /* 0x5a */
101 #define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 /* 0x5b */
102 #define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 /* 0x5c */
103 #define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 /* 0x5d */
104 #define SSH2_MSG_CHANNEL_DATA 94 /* 0x5e */
105 #define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 /* 0x5f */
106 #define SSH2_MSG_CHANNEL_EOF 96 /* 0x60 */
107 #define SSH2_MSG_CHANNEL_CLOSE 97 /* 0x61 */
108 #define SSH2_MSG_CHANNEL_REQUEST 98 /* 0x62 */
109 #define SSH2_MSG_CHANNEL_SUCCESS 99 /* 0x63 */
110 #define SSH2_MSG_CHANNEL_FAILURE 100 /* 0x64 */
113 * Packet type contexts, so that ssh2_pkt_type can correctly decode
114 * the ambiguous type numbers back into the correct type strings.
124 SSH2_PKTCTX_PUBLICKEY
,
125 SSH2_PKTCTX_PASSWORD
,
129 #define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
130 #define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
131 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
132 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
133 #define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
134 #define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
135 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
136 #define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
137 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
138 #define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
139 #define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
140 #define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
141 #define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
142 #define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
143 #define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
145 static const char *const ssh2_disconnect_reasons
[] = {
147 "host not allowed to connect",
149 "key exchange failed",
150 "host authentication failed",
153 "service not available",
154 "protocol version not supported",
155 "host key not verifiable",
158 "too many connections",
159 "auth cancelled by user",
160 "no more auth methods available",
164 #define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
165 #define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
166 #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
167 #define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
169 #define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
172 * Various remote-bug flags.
174 #define BUG_CHOKES_ON_SSH1_IGNORE 1
175 #define BUG_SSH2_HMAC 2
176 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
177 #define BUG_CHOKES_ON_RSA 8
178 #define BUG_SSH2_RSA_PADDING 16
179 #define BUG_SSH2_DERIVEKEY 32
180 #define BUG_SSH2_REKEY 64
181 #define BUG_SSH2_PK_SESSIONID 128
184 * Codes for terminal modes.
185 * Most of these are the same in SSH-1 and SSH-2.
186 * This list is derived from draft-ietf-secsh-connect-25 and
189 static const struct {
190 const char* const mode
;
192 enum { TTY_OP_CHAR
, TTY_OP_BOOL
} type
;
194 /* "V" prefix discarded for special characters relative to SSH specs */
195 { "INTR", 1, TTY_OP_CHAR
},
196 { "QUIT", 2, TTY_OP_CHAR
},
197 { "ERASE", 3, TTY_OP_CHAR
},
198 { "KILL", 4, TTY_OP_CHAR
},
199 { "EOF", 5, TTY_OP_CHAR
},
200 { "EOL", 6, TTY_OP_CHAR
},
201 { "EOL2", 7, TTY_OP_CHAR
},
202 { "START", 8, TTY_OP_CHAR
},
203 { "STOP", 9, TTY_OP_CHAR
},
204 { "SUSP", 10, TTY_OP_CHAR
},
205 { "DSUSP", 11, TTY_OP_CHAR
},
206 { "REPRINT", 12, TTY_OP_CHAR
},
207 { "WERASE", 13, TTY_OP_CHAR
},
208 { "LNEXT", 14, TTY_OP_CHAR
},
209 { "FLUSH", 15, TTY_OP_CHAR
},
210 { "SWTCH", 16, TTY_OP_CHAR
},
211 { "STATUS", 17, TTY_OP_CHAR
},
212 { "DISCARD", 18, TTY_OP_CHAR
},
213 { "IGNPAR", 30, TTY_OP_BOOL
},
214 { "PARMRK", 31, TTY_OP_BOOL
},
215 { "INPCK", 32, TTY_OP_BOOL
},
216 { "ISTRIP", 33, TTY_OP_BOOL
},
217 { "INLCR", 34, TTY_OP_BOOL
},
218 { "IGNCR", 35, TTY_OP_BOOL
},
219 { "ICRNL", 36, TTY_OP_BOOL
},
220 { "IUCLC", 37, TTY_OP_BOOL
},
221 { "IXON", 38, TTY_OP_BOOL
},
222 { "IXANY", 39, TTY_OP_BOOL
},
223 { "IXOFF", 40, TTY_OP_BOOL
},
224 { "IMAXBEL", 41, TTY_OP_BOOL
},
225 { "ISIG", 50, TTY_OP_BOOL
},
226 { "ICANON", 51, TTY_OP_BOOL
},
227 { "XCASE", 52, TTY_OP_BOOL
},
228 { "ECHO", 53, TTY_OP_BOOL
},
229 { "ECHOE", 54, TTY_OP_BOOL
},
230 { "ECHOK", 55, TTY_OP_BOOL
},
231 { "ECHONL", 56, TTY_OP_BOOL
},
232 { "NOFLSH", 57, TTY_OP_BOOL
},
233 { "TOSTOP", 58, TTY_OP_BOOL
},
234 { "IEXTEN", 59, TTY_OP_BOOL
},
235 { "ECHOCTL", 60, TTY_OP_BOOL
},
236 { "ECHOKE", 61, TTY_OP_BOOL
},
237 { "PENDIN", 62, TTY_OP_BOOL
}, /* XXX is this a real mode? */
238 { "OPOST", 70, TTY_OP_BOOL
},
239 { "OLCUC", 71, TTY_OP_BOOL
},
240 { "ONLCR", 72, TTY_OP_BOOL
},
241 { "OCRNL", 73, TTY_OP_BOOL
},
242 { "ONOCR", 74, TTY_OP_BOOL
},
243 { "ONLRET", 75, TTY_OP_BOOL
},
244 { "CS7", 90, TTY_OP_BOOL
},
245 { "CS8", 91, TTY_OP_BOOL
},
246 { "PARENB", 92, TTY_OP_BOOL
},
247 { "PARODD", 93, TTY_OP_BOOL
}
250 /* Miscellaneous other tty-related constants. */
251 #define SSH_TTY_OP_END 0
252 /* The opcodes for ISPEED/OSPEED differ between SSH-1 and SSH-2. */
253 #define SSH1_TTY_OP_ISPEED 192
254 #define SSH1_TTY_OP_OSPEED 193
255 #define SSH2_TTY_OP_ISPEED 128
256 #define SSH2_TTY_OP_OSPEED 129
258 /* Helper functions for parsing tty-related config. */
259 static unsigned int ssh_tty_parse_specchar(char *s
)
264 ret
= ctrlparse(s
, &next
);
265 if (!next
) ret
= s
[0];
267 ret
= 255; /* special value meaning "don't set" */
271 static unsigned int ssh_tty_parse_boolean(char *s
)
273 if (stricmp(s
, "yes") == 0 ||
274 stricmp(s
, "on") == 0 ||
275 stricmp(s
, "true") == 0 ||
276 stricmp(s
, "+") == 0)
278 else if (stricmp(s
, "no") == 0 ||
279 stricmp(s
, "off") == 0 ||
280 stricmp(s
, "false") == 0 ||
281 stricmp(s
, "-") == 0)
282 return 0; /* false */
284 return (atoi(s
) != 0);
287 #define translate(x) if (type == x) return #x
288 #define translatek(x,ctx) if (type == x && (pkt_kctx == ctx)) return #x
289 #define translatea(x,ctx) if (type == x && (pkt_actx == ctx)) return #x
290 static char *ssh1_pkt_type(int type
)
292 translate(SSH1_MSG_DISCONNECT
);
293 translate(SSH1_SMSG_PUBLIC_KEY
);
294 translate(SSH1_CMSG_SESSION_KEY
);
295 translate(SSH1_CMSG_USER
);
296 translate(SSH1_CMSG_AUTH_RSA
);
297 translate(SSH1_SMSG_AUTH_RSA_CHALLENGE
);
298 translate(SSH1_CMSG_AUTH_RSA_RESPONSE
);
299 translate(SSH1_CMSG_AUTH_PASSWORD
);
300 translate(SSH1_CMSG_REQUEST_PTY
);
301 translate(SSH1_CMSG_WINDOW_SIZE
);
302 translate(SSH1_CMSG_EXEC_SHELL
);
303 translate(SSH1_CMSG_EXEC_CMD
);
304 translate(SSH1_SMSG_SUCCESS
);
305 translate(SSH1_SMSG_FAILURE
);
306 translate(SSH1_CMSG_STDIN_DATA
);
307 translate(SSH1_SMSG_STDOUT_DATA
);
308 translate(SSH1_SMSG_STDERR_DATA
);
309 translate(SSH1_CMSG_EOF
);
310 translate(SSH1_SMSG_EXIT_STATUS
);
311 translate(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION
);
312 translate(SSH1_MSG_CHANNEL_OPEN_FAILURE
);
313 translate(SSH1_MSG_CHANNEL_DATA
);
314 translate(SSH1_MSG_CHANNEL_CLOSE
);
315 translate(SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION
);
316 translate(SSH1_SMSG_X11_OPEN
);
317 translate(SSH1_CMSG_PORT_FORWARD_REQUEST
);
318 translate(SSH1_MSG_PORT_OPEN
);
319 translate(SSH1_CMSG_AGENT_REQUEST_FORWARDING
);
320 translate(SSH1_SMSG_AGENT_OPEN
);
321 translate(SSH1_MSG_IGNORE
);
322 translate(SSH1_CMSG_EXIT_CONFIRMATION
);
323 translate(SSH1_CMSG_X11_REQUEST_FORWARDING
);
324 translate(SSH1_CMSG_AUTH_RHOSTS_RSA
);
325 translate(SSH1_MSG_DEBUG
);
326 translate(SSH1_CMSG_REQUEST_COMPRESSION
);
327 translate(SSH1_CMSG_AUTH_TIS
);
328 translate(SSH1_SMSG_AUTH_TIS_CHALLENGE
);
329 translate(SSH1_CMSG_AUTH_TIS_RESPONSE
);
330 translate(SSH1_CMSG_AUTH_CCARD
);
331 translate(SSH1_SMSG_AUTH_CCARD_CHALLENGE
);
332 translate(SSH1_CMSG_AUTH_CCARD_RESPONSE
);
335 static char *ssh2_pkt_type(Pkt_KCtx pkt_kctx
, Pkt_ACtx pkt_actx
, int type
)
337 translate(SSH2_MSG_DISCONNECT
);
338 translate(SSH2_MSG_IGNORE
);
339 translate(SSH2_MSG_UNIMPLEMENTED
);
340 translate(SSH2_MSG_DEBUG
);
341 translate(SSH2_MSG_SERVICE_REQUEST
);
342 translate(SSH2_MSG_SERVICE_ACCEPT
);
343 translate(SSH2_MSG_KEXINIT
);
344 translate(SSH2_MSG_NEWKEYS
);
345 translatek(SSH2_MSG_KEXDH_INIT
, SSH2_PKTCTX_DHGROUP
);
346 translatek(SSH2_MSG_KEXDH_REPLY
, SSH2_PKTCTX_DHGROUP
);
347 translatek(SSH2_MSG_KEX_DH_GEX_REQUEST
, SSH2_PKTCTX_DHGEX
);
348 translatek(SSH2_MSG_KEX_DH_GEX_GROUP
, SSH2_PKTCTX_DHGEX
);
349 translatek(SSH2_MSG_KEX_DH_GEX_INIT
, SSH2_PKTCTX_DHGEX
);
350 translatek(SSH2_MSG_KEX_DH_GEX_REPLY
, SSH2_PKTCTX_DHGEX
);
351 translatek(SSH2_MSG_KEXRSA_PUBKEY
, SSH2_PKTCTX_RSAKEX
);
352 translatek(SSH2_MSG_KEXRSA_SECRET
, SSH2_PKTCTX_RSAKEX
);
353 translatek(SSH2_MSG_KEXRSA_DONE
, SSH2_PKTCTX_RSAKEX
);
354 translate(SSH2_MSG_USERAUTH_REQUEST
);
355 translate(SSH2_MSG_USERAUTH_FAILURE
);
356 translate(SSH2_MSG_USERAUTH_SUCCESS
);
357 translate(SSH2_MSG_USERAUTH_BANNER
);
358 translatea(SSH2_MSG_USERAUTH_PK_OK
, SSH2_PKTCTX_PUBLICKEY
);
359 translatea(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ
, SSH2_PKTCTX_PASSWORD
);
360 translatea(SSH2_MSG_USERAUTH_INFO_REQUEST
, SSH2_PKTCTX_KBDINTER
);
361 translatea(SSH2_MSG_USERAUTH_INFO_RESPONSE
, SSH2_PKTCTX_KBDINTER
);
362 translate(SSH2_MSG_GLOBAL_REQUEST
);
363 translate(SSH2_MSG_REQUEST_SUCCESS
);
364 translate(SSH2_MSG_REQUEST_FAILURE
);
365 translate(SSH2_MSG_CHANNEL_OPEN
);
366 translate(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
);
367 translate(SSH2_MSG_CHANNEL_OPEN_FAILURE
);
368 translate(SSH2_MSG_CHANNEL_WINDOW_ADJUST
);
369 translate(SSH2_MSG_CHANNEL_DATA
);
370 translate(SSH2_MSG_CHANNEL_EXTENDED_DATA
);
371 translate(SSH2_MSG_CHANNEL_EOF
);
372 translate(SSH2_MSG_CHANNEL_CLOSE
);
373 translate(SSH2_MSG_CHANNEL_REQUEST
);
374 translate(SSH2_MSG_CHANNEL_SUCCESS
);
375 translate(SSH2_MSG_CHANNEL_FAILURE
);
381 /* Enumeration values for fields in SSH-1 packets */
383 PKT_END
, PKT_INT
, PKT_CHAR
, PKT_DATA
, PKT_STR
, PKT_BIGNUM
,
384 /* These values are for communicating relevant semantics of
385 * fields to the packet logging code. */
386 PKTT_OTHER
, PKTT_PASSWORD
, PKTT_DATA
390 * Coroutine mechanics for the sillier bits of the code. If these
391 * macros look impenetrable to you, you might find it helpful to
394 * http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
396 * which explains the theory behind these macros.
398 * In particular, if you are getting `case expression not constant'
399 * errors when building with MS Visual Studio, this is because MS's
400 * Edit and Continue debugging feature causes their compiler to
401 * violate ANSI C. To disable Edit and Continue debugging:
403 * - right-click ssh.c in the FileView
405 * - select the C/C++ tab and the General category
406 * - under `Debug info:', select anything _other_ than `Program
407 * Database for Edit and Continue'.
409 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
412 if (!ssh->t) ssh->t = snew(struct t); \
414 #define crFinish(z) } *crLine = 0; return (z); }
415 #define crFinishV } *crLine = 0; return; }
416 #define crReturn(z) \
418 *crLine =__LINE__; return (z); case __LINE__:;\
422 *crLine=__LINE__; return; case __LINE__:;\
424 #define crStop(z) do{ *crLine = 0; return (z); }while(0)
425 #define crStopV do{ *crLine = 0; return; }while(0)
426 #define crWaitUntil(c) do { crReturn(0); } while (!(c))
427 #define crWaitUntilV(c) do { crReturnV; } while (!(c))
429 typedef struct ssh_tag
*Ssh
;
432 static struct Packet
*ssh1_pkt_init(int pkt_type
);
433 static struct Packet
*ssh2_pkt_init(int pkt_type
);
434 static void ssh_pkt_ensure(struct Packet
*, int length
);
435 static void ssh_pkt_adddata(struct Packet
*, void *data
, int len
);
436 static void ssh_pkt_addbyte(struct Packet
*, unsigned char value
);
437 static void ssh2_pkt_addbool(struct Packet
*, unsigned char value
);
438 static void ssh_pkt_adduint32(struct Packet
*, unsigned long value
);
439 static void ssh_pkt_addstring_start(struct Packet
*);
440 static void ssh_pkt_addstring_str(struct Packet
*, char *data
);
441 static void ssh_pkt_addstring_data(struct Packet
*, char *data
, int len
);
442 static void ssh_pkt_addstring(struct Packet
*, char *data
);
443 static unsigned char *ssh2_mpint_fmt(Bignum b
, int *len
);
444 static void ssh1_pkt_addmp(struct Packet
*, Bignum b
);
445 static void ssh2_pkt_addmp(struct Packet
*, Bignum b
);
446 static int ssh2_pkt_construct(Ssh
, struct Packet
*);
447 static void ssh2_pkt_send(Ssh
, struct Packet
*);
448 static void ssh2_pkt_send_noqueue(Ssh
, struct Packet
*);
449 static int do_ssh1_login(Ssh ssh
, unsigned char *in
, int inlen
,
450 struct Packet
*pktin
);
451 static void do_ssh2_authconn(Ssh ssh
, unsigned char *in
, int inlen
,
452 struct Packet
*pktin
);
455 * Buffer management constants. There are several of these for
456 * various different purposes:
458 * - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
459 * on a local data stream before we throttle the whole SSH
460 * connection (in SSH-1 only). Throttling the whole connection is
461 * pretty drastic so we set this high in the hope it won't
464 * - SSH_MAX_BACKLOG is the amount of backlog that must build up
465 * on the SSH connection itself before we defensively throttle
466 * _all_ local data streams. This is pretty drastic too (though
467 * thankfully unlikely in SSH-2 since the window mechanism should
468 * ensure that the server never has any need to throttle its end
469 * of the connection), so we set this high as well.
471 * - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
475 #define SSH1_BUFFER_LIMIT 32768
476 #define SSH_MAX_BACKLOG 32768
477 #define OUR_V2_WINSIZE 16384
478 #define OUR_V2_MAXPKT 0x4000UL
480 /* Maximum length of passwords/passphrases (arbitrary) */
481 #define SSH_MAX_PASSWORD_LEN 100
483 const static struct ssh_signkey
*hostkey_algs
[] = { &ssh_rsa
, &ssh_dss
};
485 const static struct ssh_mac
*macs
[] = {
486 &ssh_hmac_sha1
, &ssh_hmac_sha1_96
, &ssh_hmac_md5
488 const static struct ssh_mac
*buggymacs
[] = {
489 &ssh_hmac_sha1_buggy
, &ssh_hmac_sha1_96_buggy
, &ssh_hmac_md5
492 static void *ssh_comp_none_init(void)
496 static void ssh_comp_none_cleanup(void *handle
)
499 static int ssh_comp_none_block(void *handle
, unsigned char *block
, int len
,
500 unsigned char **outblock
, int *outlen
)
504 static int ssh_comp_none_disable(void *handle
)
508 const static struct ssh_compress ssh_comp_none
= {
510 ssh_comp_none_init
, ssh_comp_none_cleanup
, ssh_comp_none_block
,
511 ssh_comp_none_init
, ssh_comp_none_cleanup
, ssh_comp_none_block
,
512 ssh_comp_none_disable
, NULL
514 extern const struct ssh_compress ssh_zlib
;
515 const static struct ssh_compress
*compressions
[] = {
516 &ssh_zlib
, &ssh_comp_none
519 enum { /* channel types */
524 CHAN_SOCKDATA_DORMANT
/* one the remote hasn't confirmed */
528 * 2-3-4 tree storing channels.
531 Ssh ssh
; /* pointer back to main context */
532 unsigned remoteid
, localid
;
534 /* True if we opened this channel but server hasn't confirmed. */
537 * In SSH-1, this value contains four bits:
539 * 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
540 * 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
541 * 4 We have received SSH1_MSG_CHANNEL_CLOSE.
542 * 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
544 * A channel is completely finished with when all four bits are set.
548 struct ssh1_data_channel
{
551 struct ssh2_data_channel
{
553 unsigned remwindow
, remmaxpkt
;
558 struct ssh_agent_channel
{
559 unsigned char *message
;
560 unsigned char msglen
[4];
561 unsigned lensofar
, totallen
;
563 struct ssh_x11_channel
{
566 struct ssh_pfd_channel
{
573 * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
574 * use this structure in different ways, reflecting SSH-2's
575 * altogether saner approach to port forwarding.
577 * In SSH-1, you arrange a remote forwarding by sending the server
578 * the remote port number, and the local destination host:port.
579 * When a connection comes in, the server sends you back that
580 * host:port pair, and you connect to it. This is a ready-made
581 * security hole if you're not on the ball: a malicious server
582 * could send you back _any_ host:port pair, so if you trustingly
583 * connect to the address it gives you then you've just opened the
584 * entire inside of your corporate network just by connecting
585 * through it to a dodgy SSH server. Hence, we must store a list of
586 * host:port pairs we _are_ trying to forward to, and reject a
587 * connection request from the server if it's not in the list.
589 * In SSH-2, each side of the connection minds its own business and
590 * doesn't send unnecessary information to the other. You arrange a
591 * remote forwarding by sending the server just the remote port
592 * number. When a connection comes in, the server tells you which
593 * of its ports was connected to; and _you_ have to remember what
594 * local host:port pair went with that port number.
596 * Hence, in SSH-1 this structure is indexed by destination
597 * host:port pair, whereas in SSH-2 it is indexed by source port.
599 struct ssh_portfwd
; /* forward declaration */
601 struct ssh_rportfwd
{
602 unsigned sport
, dport
;
605 struct ssh_portfwd
*pfrec
;
607 #define free_rportfwd(pf) ( \
608 ((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) )
611 * Separately to the rportfwd tree (which is for looking up port
612 * open requests from the server), a tree of _these_ structures is
613 * used to keep track of all the currently open port forwardings,
614 * so that we can reconfigure in mid-session if the user requests
618 enum { DESTROY
, KEEP
, CREATE
} status
;
620 unsigned sport
, dport
;
623 struct ssh_rportfwd
*remote
;
627 #define free_portfwd(pf) ( \
628 ((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr), \
629 sfree((pf)->sserv), sfree((pf)->dserv)) : (void)0 ), sfree(pf) )
632 long length
; /* length of `data' actually used */
633 long forcepad
; /* SSH-2: force padding to at least this length */
634 int type
; /* only used for incoming packets */
635 unsigned long sequence
; /* SSH-2 incoming sequence number */
636 unsigned char *data
; /* allocated storage */
637 unsigned char *body
; /* offset of payload within `data' */
638 long savedpos
; /* temporary index into `data' (for strings) */
639 long maxlen
; /* amount of storage allocated for `data' */
640 long encrypted_len
; /* for SSH-2 total-size counting */
643 * State associated with packet logging
647 struct logblank_t
*blanks
;
650 static void ssh1_protocol(Ssh ssh
, void *vin
, int inlen
,
651 struct Packet
*pktin
);
652 static void ssh2_protocol(Ssh ssh
, void *vin
, int inlen
,
653 struct Packet
*pktin
);
654 static void ssh1_protocol_setup(Ssh ssh
);
655 static void ssh2_protocol_setup(Ssh ssh
);
656 static void ssh_size(void *handle
, int width
, int height
);
657 static void ssh_special(void *handle
, Telnet_Special
);
658 static int ssh2_try_send(struct ssh_channel
*c
);
659 static void ssh2_add_channel_data(struct ssh_channel
*c
, char *buf
, int len
);
660 static void ssh_throttle_all(Ssh ssh
, int enable
, int bufsize
);
661 static void ssh2_set_window(struct ssh_channel
*c
, unsigned newwin
);
662 static int ssh_sendbuffer(void *handle
);
663 static int ssh_do_close(Ssh ssh
, int notify_exit
);
664 static unsigned long ssh_pkt_getuint32(struct Packet
*pkt
);
665 static int ssh2_pkt_getbool(struct Packet
*pkt
);
666 static void ssh_pkt_getstring(struct Packet
*pkt
, char **p
, int *length
);
667 static void ssh2_timer(void *ctx
, long now
);
668 static int do_ssh2_transport(Ssh ssh
, void *vin
, int inlen
,
669 struct Packet
*pktin
);
671 struct rdpkt1_state_tag
{
672 long len
, pad
, biglen
, to_read
;
673 unsigned long realcrc
, gotcrc
;
677 struct Packet
*pktin
;
680 struct rdpkt2_state_tag
{
681 long len
, pad
, payload
, packetlen
, maclen
;
684 unsigned long incoming_sequence
;
685 struct Packet
*pktin
;
688 typedef void (*handler_fn_t
)(Ssh ssh
, struct Packet
*pktin
);
689 typedef void (*chandler_fn_t
)(Ssh ssh
, struct Packet
*pktin
, void *ctx
);
691 struct queued_handler
;
692 struct queued_handler
{
694 chandler_fn_t handler
;
696 struct queued_handler
*next
;
700 const struct plug_function_table
*fn
;
701 /* the above field _must_ be first in the structure */
711 unsigned char session_key
[32];
713 int v1_remote_protoflags
;
714 int v1_local_protoflags
;
715 int agentfwd_enabled
;
718 const struct ssh_cipher
*cipher
;
721 const struct ssh2_cipher
*cscipher
, *sccipher
;
722 void *cs_cipher_ctx
, *sc_cipher_ctx
;
723 const struct ssh_mac
*csmac
, *scmac
;
724 void *cs_mac_ctx
, *sc_mac_ctx
;
725 const struct ssh_compress
*cscomp
, *sccomp
;
726 void *cs_comp_ctx
, *sc_comp_ctx
;
727 const struct ssh_kex
*kex
;
728 const struct ssh_signkey
*hostkey
;
729 unsigned char v2_session_id
[SSH2_KEX_MAX_HASH_LEN
];
730 int v2_session_id_len
;
736 int echoing
, editing
;
740 int ospeed
, ispeed
; /* temporaries */
741 int term_width
, term_height
;
743 tree234
*channels
; /* indexed by local id */
744 struct ssh_channel
*mainchan
; /* primary session channel */
745 int ncmode
; /* is primary channel direct-tcpip? */
750 tree234
*rportfwds
, *portfwds
;
754 SSH_STATE_BEFORE_SIZE
,
760 int size_needed
, eof_needed
;
762 struct Packet
**queue
;
763 int queuelen
, queuesize
;
765 unsigned char *deferred_send_data
;
766 int deferred_len
, deferred_size
;
769 * Gross hack: pscp will try to start SFTP but fall back to
770 * scp1 if that fails. This variable is the means by which
771 * scp.c can reach into the SSH code and find out which one it
776 bufchain banner
; /* accumulates banners during do_ssh2_authconn */
784 int v1_throttle_count
;
787 int v1_stdout_throttling
;
788 unsigned long v2_outgoing_sequence
;
790 int ssh1_rdpkt_crstate
;
791 int ssh2_rdpkt_crstate
;
792 int do_ssh_init_crstate
;
793 int ssh_gotdata_crstate
;
794 int do_ssh1_login_crstate
;
795 int do_ssh1_connection_crstate
;
796 int do_ssh2_transport_crstate
;
797 int do_ssh2_authconn_crstate
;
799 void *do_ssh_init_state
;
800 void *do_ssh1_login_state
;
801 void *do_ssh2_transport_state
;
802 void *do_ssh2_authconn_state
;
804 struct rdpkt1_state_tag rdpkt1_state
;
805 struct rdpkt2_state_tag rdpkt2_state
;
807 /* SSH-1 and SSH-2 use this for different things, but both use it */
808 int protocol_initial_phase_done
;
810 void (*protocol
) (Ssh ssh
, void *vin
, int inlen
,
812 struct Packet
*(*s_rdpkt
) (Ssh ssh
, unsigned char **data
, int *datalen
);
815 * We maintain a full _copy_ of a Config structure here, not
816 * merely a pointer to it. That way, when we're passed a new
817 * one for reconfiguration, we can check the differences and
818 * potentially reconfigure port forwardings etc in mid-session.
823 * Used to transfer data back from async callbacks.
825 void *agent_response
;
826 int agent_response_len
;
830 * The SSH connection can be set as `frozen', meaning we are
831 * not currently accepting incoming data from the network. This
832 * is slightly more serious than setting the _socket_ as
833 * frozen, because we may already have had data passed to us
834 * from the network which we need to delay processing until
835 * after the freeze is lifted, so we also need a bufchain to
839 bufchain queued_incoming_data
;
842 * Dispatch table for packet types that we may have to deal
845 handler_fn_t packet_dispatch
[256];
848 * Queues of one-off handler functions for success/failure
849 * indications from a request.
851 struct queued_handler
*qhead
, *qtail
;
854 * This module deals with sending keepalives.
859 * Track incoming and outgoing data sizes and time, for
862 unsigned long incoming_data_size
, outgoing_data_size
, deferred_data_size
;
863 unsigned long max_data_size
;
865 long next_rekey
, last_rekey
;
866 char *deferred_rekey_reason
; /* points to STATIC string; don't free */
869 #define logevent(s) logevent(ssh->frontend, s)
871 /* logevent, only printf-formatted. */
872 static void logeventf(Ssh ssh
, const char *fmt
, ...)
878 buf
= dupvprintf(fmt
, ap
);
884 #define bombout(msg) \
886 char *text = dupprintf msg; \
887 ssh_do_close(ssh, FALSE); \
889 connection_fatal(ssh->frontend, "%s", text); \
893 /* Functions to leave bits out of the SSH packet log file. */
895 static void dont_log_password(Ssh ssh
, struct Packet
*pkt
, int blanktype
)
897 if (ssh
->cfg
.logomitpass
)
898 pkt
->logmode
= blanktype
;
901 static void dont_log_data(Ssh ssh
, struct Packet
*pkt
, int blanktype
)
903 if (ssh
->cfg
.logomitdata
)
904 pkt
->logmode
= blanktype
;
907 static void end_log_omission(Ssh ssh
, struct Packet
*pkt
)
909 pkt
->logmode
= PKTLOG_EMIT
;
912 /* Helper function for common bits of parsing cfg.ttymodes. */
913 static void parse_ttymodes(Ssh ssh
, char *modes
,
914 void (*do_mode
)(void *data
, char *mode
, char *val
),
918 char *t
= strchr(modes
, '\t');
919 char *m
= snewn(t
-modes
+1, char);
921 strncpy(m
, modes
, t
-modes
);
924 val
= get_ttymode(ssh
->frontend
, m
);
928 do_mode(data
, m
, val
);
931 modes
+= strlen(modes
) + 1;
935 static int ssh_channelcmp(void *av
, void *bv
)
937 struct ssh_channel
*a
= (struct ssh_channel
*) av
;
938 struct ssh_channel
*b
= (struct ssh_channel
*) bv
;
939 if (a
->localid
< b
->localid
)
941 if (a
->localid
> b
->localid
)
945 static int ssh_channelfind(void *av
, void *bv
)
947 unsigned *a
= (unsigned *) av
;
948 struct ssh_channel
*b
= (struct ssh_channel
*) bv
;
956 static int ssh_rportcmp_ssh1(void *av
, void *bv
)
958 struct ssh_rportfwd
*a
= (struct ssh_rportfwd
*) av
;
959 struct ssh_rportfwd
*b
= (struct ssh_rportfwd
*) bv
;
961 if ( (i
= strcmp(a
->dhost
, b
->dhost
)) != 0)
962 return i
< 0 ?
-1 : +1;
963 if (a
->dport
> b
->dport
)
965 if (a
->dport
< b
->dport
)
970 static int ssh_rportcmp_ssh2(void *av
, void *bv
)
972 struct ssh_rportfwd
*a
= (struct ssh_rportfwd
*) av
;
973 struct ssh_rportfwd
*b
= (struct ssh_rportfwd
*) bv
;
975 if (a
->sport
> b
->sport
)
977 if (a
->sport
< b
->sport
)
983 * Special form of strcmp which can cope with NULL inputs. NULL is
984 * defined to sort before even the empty string.
986 static int nullstrcmp(const char *a
, const char *b
)
988 if (a
== NULL
&& b
== NULL
)
997 static int ssh_portcmp(void *av
, void *bv
)
999 struct ssh_portfwd
*a
= (struct ssh_portfwd
*) av
;
1000 struct ssh_portfwd
*b
= (struct ssh_portfwd
*) bv
;
1002 if (a
->type
> b
->type
)
1004 if (a
->type
< b
->type
)
1006 if (a
->addressfamily
> b
->addressfamily
)
1008 if (a
->addressfamily
< b
->addressfamily
)
1010 if ( (i
= nullstrcmp(a
->saddr
, b
->saddr
)) != 0)
1011 return i
< 0 ?
-1 : +1;
1012 if (a
->sport
> b
->sport
)
1014 if (a
->sport
< b
->sport
)
1016 if (a
->type
!= 'D') {
1017 if ( (i
= nullstrcmp(a
->daddr
, b
->daddr
)) != 0)
1018 return i
< 0 ?
-1 : +1;
1019 if (a
->dport
> b
->dport
)
1021 if (a
->dport
< b
->dport
)
1027 static int alloc_channel_id(Ssh ssh
)
1029 const unsigned CHANNEL_NUMBER_OFFSET
= 256;
1030 unsigned low
, high
, mid
;
1032 struct ssh_channel
*c
;
1035 * First-fit allocation of channel numbers: always pick the
1036 * lowest unused one. To do this, binary-search using the
1037 * counted B-tree to find the largest channel ID which is in a
1038 * contiguous sequence from the beginning. (Precisely
1039 * everything in that sequence must have ID equal to its tree
1040 * index plus CHANNEL_NUMBER_OFFSET.)
1042 tsize
= count234(ssh
->channels
);
1046 while (high
- low
> 1) {
1047 mid
= (high
+ low
) / 2;
1048 c
= index234(ssh
->channels
, mid
);
1049 if (c
->localid
== mid
+ CHANNEL_NUMBER_OFFSET
)
1050 low
= mid
; /* this one is fine */
1052 high
= mid
; /* this one is past it */
1055 * Now low points to either -1, or the tree index of the
1056 * largest ID in the initial sequence.
1059 unsigned i
= low
+ 1 + CHANNEL_NUMBER_OFFSET
;
1060 assert(NULL
== find234(ssh
->channels
, &i
, ssh_channelfind
));
1062 return low
+ 1 + CHANNEL_NUMBER_OFFSET
;
1065 static void c_write_stderr(int trusted
, const char *buf
, int len
)
1068 for (i
= 0; i
< len
; i
++)
1069 if (buf
[i
] != '\r' && (trusted
|| buf
[i
] == '\n' || (buf
[i
] & 0x60)))
1070 fputc(buf
[i
], stderr
);
1073 static void c_write(Ssh ssh
, const char *buf
, int len
)
1075 if (flags
& FLAG_STDERR
)
1076 c_write_stderr(1, buf
, len
);
1078 from_backend(ssh
->frontend
, 1, buf
, len
);
1081 static void c_write_untrusted(Ssh ssh
, const char *buf
, int len
)
1083 if (flags
& FLAG_STDERR
)
1084 c_write_stderr(0, buf
, len
);
1086 from_backend_untrusted(ssh
->frontend
, buf
, len
);
1089 static void c_write_str(Ssh ssh
, const char *buf
)
1091 c_write(ssh
, buf
, strlen(buf
));
1094 static void ssh_free_packet(struct Packet
*pkt
)
1099 static struct Packet
*ssh_new_packet(void)
1101 struct Packet
*pkt
= snew(struct Packet
);
1103 pkt
->body
= pkt
->data
= NULL
;
1105 pkt
->logmode
= PKTLOG_EMIT
;
1113 * Collect incoming data in the incoming packet buffer.
1114 * Decipher and verify the packet when it is completely read.
1115 * Drop SSH1_MSG_DEBUG and SSH1_MSG_IGNORE packets.
1116 * Update the *data and *datalen variables.
1117 * Return a Packet structure when a packet is completed.
1119 static struct Packet
*ssh1_rdpkt(Ssh ssh
, unsigned char **data
, int *datalen
)
1121 struct rdpkt1_state_tag
*st
= &ssh
->rdpkt1_state
;
1123 crBegin(ssh
->ssh1_rdpkt_crstate
);
1125 st
->pktin
= ssh_new_packet();
1127 st
->pktin
->type
= 0;
1128 st
->pktin
->length
= 0;
1130 for (st
->i
= st
->len
= 0; st
->i
< 4; st
->i
++) {
1131 while ((*datalen
) == 0)
1133 st
->len
= (st
->len
<< 8) + **data
;
1134 (*data
)++, (*datalen
)--;
1137 st
->pad
= 8 - (st
->len
% 8);
1138 st
->biglen
= st
->len
+ st
->pad
;
1139 st
->pktin
->length
= st
->len
- 5;
1141 if (st
->biglen
< 0) {
1142 bombout(("Extremely large packet length from server suggests"
1143 " data stream corruption"));
1144 ssh_free_packet(st
->pktin
);
1148 st
->pktin
->maxlen
= st
->biglen
;
1149 st
->pktin
->data
= snewn(st
->biglen
+ APIEXTRA
, unsigned char);
1151 st
->to_read
= st
->biglen
;
1152 st
->p
= st
->pktin
->data
;
1153 while (st
->to_read
> 0) {
1154 st
->chunk
= st
->to_read
;
1155 while ((*datalen
) == 0)
1157 if (st
->chunk
> (*datalen
))
1158 st
->chunk
= (*datalen
);
1159 memcpy(st
->p
, *data
, st
->chunk
);
1161 *datalen
-= st
->chunk
;
1163 st
->to_read
-= st
->chunk
;
1166 if (ssh
->cipher
&& detect_attack(ssh
->crcda_ctx
, st
->pktin
->data
,
1167 st
->biglen
, NULL
)) {
1168 bombout(("Network attack (CRC compensation) detected!"));
1169 ssh_free_packet(st
->pktin
);
1174 ssh
->cipher
->decrypt(ssh
->v1_cipher_ctx
, st
->pktin
->data
, st
->biglen
);
1176 st
->realcrc
= crc32_compute(st
->pktin
->data
, st
->biglen
- 4);
1177 st
->gotcrc
= GET_32BIT(st
->pktin
->data
+ st
->biglen
- 4);
1178 if (st
->gotcrc
!= st
->realcrc
) {
1179 bombout(("Incorrect CRC received on packet"));
1180 ssh_free_packet(st
->pktin
);
1184 st
->pktin
->body
= st
->pktin
->data
+ st
->pad
+ 1;
1185 st
->pktin
->savedpos
= 0;
1187 if (ssh
->v1_compressing
) {
1188 unsigned char *decompblk
;
1190 if (!zlib_decompress_block(ssh
->sc_comp_ctx
,
1191 st
->pktin
->body
- 1, st
->pktin
->length
+ 1,
1192 &decompblk
, &decomplen
)) {
1193 bombout(("Zlib decompression encountered invalid data"));
1194 ssh_free_packet(st
->pktin
);
1198 if (st
->pktin
->maxlen
< st
->pad
+ decomplen
) {
1199 st
->pktin
->maxlen
= st
->pad
+ decomplen
;
1200 st
->pktin
->data
= sresize(st
->pktin
->data
,
1201 st
->pktin
->maxlen
+ APIEXTRA
,
1203 st
->pktin
->body
= st
->pktin
->data
+ st
->pad
+ 1;
1206 memcpy(st
->pktin
->body
- 1, decompblk
, decomplen
);
1208 st
->pktin
->length
= decomplen
- 1;
1211 st
->pktin
->type
= st
->pktin
->body
[-1];
1214 * Log incoming packet, possibly omitting sensitive fields.
1218 struct logblank_t blank
;
1219 if (ssh
->cfg
.logomitdata
) {
1220 int do_blank
= FALSE
, blank_prefix
= 0;
1221 /* "Session data" packets - omit the data field */
1222 if ((st
->pktin
->type
== SSH1_SMSG_STDOUT_DATA
) ||
1223 (st
->pktin
->type
== SSH1_SMSG_STDERR_DATA
)) {
1224 do_blank
= TRUE
; blank_prefix
= 0;
1225 } else if (st
->pktin
->type
== SSH1_MSG_CHANNEL_DATA
) {
1226 do_blank
= TRUE
; blank_prefix
= 4;
1229 blank
.offset
= blank_prefix
;
1230 blank
.len
= st
->pktin
->length
;
1231 blank
.type
= PKTLOG_OMIT
;
1235 log_packet(ssh
->logctx
,
1236 PKT_INCOMING
, st
->pktin
->type
,
1237 ssh1_pkt_type(st
->pktin
->type
),
1238 st
->pktin
->body
, st
->pktin
->length
,
1242 crFinish(st
->pktin
);
1245 static struct Packet
*ssh2_rdpkt(Ssh ssh
, unsigned char **data
, int *datalen
)
1247 struct rdpkt2_state_tag
*st
= &ssh
->rdpkt2_state
;
1249 crBegin(ssh
->ssh2_rdpkt_crstate
);
1251 st
->pktin
= ssh_new_packet();
1253 st
->pktin
->type
= 0;
1254 st
->pktin
->length
= 0;
1256 st
->cipherblk
= ssh
->sccipher
->blksize
;
1259 if (st
->cipherblk
< 8)
1262 st
->pktin
->data
= snewn(st
->cipherblk
+ APIEXTRA
, unsigned char);
1265 * Acquire and decrypt the first block of the packet. This will
1266 * contain the length and padding details.
1268 for (st
->i
= st
->len
= 0; st
->i
< st
->cipherblk
; st
->i
++) {
1269 while ((*datalen
) == 0)
1271 st
->pktin
->data
[st
->i
] = *(*data
)++;
1276 ssh
->sccipher
->decrypt(ssh
->sc_cipher_ctx
,
1277 st
->pktin
->data
, st
->cipherblk
);
1280 * Now get the length and padding figures.
1282 st
->len
= GET_32BIT(st
->pktin
->data
);
1283 st
->pad
= st
->pktin
->data
[4];
1286 * _Completely_ silly lengths should be stomped on before they
1287 * do us any more damage.
1289 if (st
->len
< 0 || st
->len
> 35000 || st
->pad
< 4 ||
1290 st
->len
- st
->pad
< 1 || (st
->len
+ 4) % st
->cipherblk
!= 0) {
1291 bombout(("Incoming packet was garbled on decryption"));
1292 ssh_free_packet(st
->pktin
);
1297 * This enables us to deduce the payload length.
1299 st
->payload
= st
->len
- st
->pad
- 1;
1301 st
->pktin
->length
= st
->payload
+ 5;
1304 * So now we can work out the total packet length.
1306 st
->packetlen
= st
->len
+ 4;
1307 st
->maclen
= ssh
->scmac ? ssh
->scmac
->len
: 0;
1310 * Allocate memory for the rest of the packet.
1312 st
->pktin
->maxlen
= st
->packetlen
+ st
->maclen
;
1313 st
->pktin
->data
= sresize(st
->pktin
->data
,
1314 st
->pktin
->maxlen
+ APIEXTRA
,
1318 * Read and decrypt the remainder of the packet.
1320 for (st
->i
= st
->cipherblk
; st
->i
< st
->packetlen
+ st
->maclen
;
1322 while ((*datalen
) == 0)
1324 st
->pktin
->data
[st
->i
] = *(*data
)++;
1327 /* Decrypt everything _except_ the MAC. */
1329 ssh
->sccipher
->decrypt(ssh
->sc_cipher_ctx
,
1330 st
->pktin
->data
+ st
->cipherblk
,
1331 st
->packetlen
- st
->cipherblk
);
1333 st
->pktin
->encrypted_len
= st
->packetlen
;
1339 && !ssh
->scmac
->verify(ssh
->sc_mac_ctx
, st
->pktin
->data
, st
->len
+ 4,
1340 st
->incoming_sequence
)) {
1341 bombout(("Incorrect MAC received on packet"));
1342 ssh_free_packet(st
->pktin
);
1346 st
->pktin
->sequence
= st
->incoming_sequence
++;
1349 * Decompress packet payload.
1352 unsigned char *newpayload
;
1355 ssh
->sccomp
->decompress(ssh
->sc_comp_ctx
,
1356 st
->pktin
->data
+ 5, st
->pktin
->length
- 5,
1357 &newpayload
, &newlen
)) {
1358 if (st
->pktin
->maxlen
< newlen
+ 5) {
1359 st
->pktin
->maxlen
= newlen
+ 5;
1360 st
->pktin
->data
= sresize(st
->pktin
->data
,
1361 st
->pktin
->maxlen
+ APIEXTRA
,
1364 st
->pktin
->length
= 5 + newlen
;
1365 memcpy(st
->pktin
->data
+ 5, newpayload
, newlen
);
1370 st
->pktin
->savedpos
= 6;
1371 st
->pktin
->body
= st
->pktin
->data
;
1372 st
->pktin
->type
= st
->pktin
->data
[5];
1375 * Log incoming packet, possibly omitting sensitive fields.
1379 struct logblank_t blank
;
1380 if (ssh
->cfg
.logomitdata
) {
1381 int do_blank
= FALSE
, blank_prefix
= 0;
1382 /* "Session data" packets - omit the data field */
1383 if (st
->pktin
->type
== SSH2_MSG_CHANNEL_DATA
) {
1384 do_blank
= TRUE
; blank_prefix
= 4;
1385 } else if (st
->pktin
->type
== SSH2_MSG_CHANNEL_EXTENDED_DATA
) {
1386 do_blank
= TRUE
; blank_prefix
= 8;
1389 blank
.offset
= blank_prefix
;
1390 blank
.len
= (st
->pktin
->length
-6) - blank_prefix
;
1391 blank
.type
= PKTLOG_OMIT
;
1395 log_packet(ssh
->logctx
, PKT_INCOMING
, st
->pktin
->type
,
1396 ssh2_pkt_type(ssh
->pkt_kctx
, ssh
->pkt_actx
,
1398 st
->pktin
->data
+6, st
->pktin
->length
-6,
1402 crFinish(st
->pktin
);
1405 static int s_wrpkt_prepare(Ssh ssh
, struct Packet
*pkt
, int *offset_p
)
1407 int pad
, biglen
, i
, pktoffs
;
1411 * XXX various versions of SC (including 8.8.4) screw up the
1412 * register allocation in this function and use the same register
1413 * (D6) for len and as a temporary, with predictable results. The
1414 * following sledgehammer prevents this.
1421 log_packet(ssh
->logctx
, PKT_OUTGOING
, pkt
->data
[12],
1422 ssh1_pkt_type(pkt
->data
[12]),
1423 pkt
->body
, pkt
->length
- (pkt
->body
- pkt
->data
),
1424 pkt
->nblanks
, pkt
->blanks
);
1425 sfree(pkt
->blanks
); pkt
->blanks
= NULL
;
1428 if (ssh
->v1_compressing
) {
1429 unsigned char *compblk
;
1431 zlib_compress_block(ssh
->cs_comp_ctx
,
1432 pkt
->data
+ 12, pkt
->length
- 12,
1433 &compblk
, &complen
);
1434 ssh_pkt_ensure(pkt
, complen
+ 2); /* just in case it's got bigger */
1435 memcpy(pkt
->data
+ 12, compblk
, complen
);
1437 pkt
->length
= complen
+ 12;
1440 ssh_pkt_ensure(pkt
, pkt
->length
+ 4); /* space for CRC */
1442 len
= pkt
->length
- 4 - 8; /* len(type+data+CRC) */
1443 pad
= 8 - (len
% 8);
1445 biglen
= len
+ pad
; /* len(padding+type+data+CRC) */
1447 for (i
= pktoffs
; i
< 4+8; i
++)
1448 pkt
->data
[i
] = random_byte();
1449 crc
= crc32_compute(pkt
->data
+ pktoffs
+ 4, biglen
- 4); /* all ex len */
1450 PUT_32BIT(pkt
->data
+ pktoffs
+ 4 + biglen
- 4, crc
);
1451 PUT_32BIT(pkt
->data
+ pktoffs
, len
);
1454 ssh
->cipher
->encrypt(ssh
->v1_cipher_ctx
,
1455 pkt
->data
+ pktoffs
+ 4, biglen
);
1457 if (offset_p
) *offset_p
= pktoffs
;
1458 return biglen
+ 4; /* len(length+padding+type+data+CRC) */
1461 static int s_write(Ssh ssh
, void *data
, int len
)
1464 log_packet(ssh
->logctx
, PKT_OUTGOING
, -1, NULL
, data
, len
, 0, NULL
);
1465 return sk_write(ssh
->s
, (char *)data
, len
);
1468 static void s_wrpkt(Ssh ssh
, struct Packet
*pkt
)
1470 int len
, backlog
, offset
;
1471 len
= s_wrpkt_prepare(ssh
, pkt
, &offset
);
1472 backlog
= s_write(ssh
, pkt
->data
+ offset
, len
);
1473 if (backlog
> SSH_MAX_BACKLOG
)
1474 ssh_throttle_all(ssh
, 1, backlog
);
1475 ssh_free_packet(pkt
);
1478 static void s_wrpkt_defer(Ssh ssh
, struct Packet
*pkt
)
1481 len
= s_wrpkt_prepare(ssh
, pkt
, &offset
);
1482 if (ssh
->deferred_len
+ len
> ssh
->deferred_size
) {
1483 ssh
->deferred_size
= ssh
->deferred_len
+ len
+ 128;
1484 ssh
->deferred_send_data
= sresize(ssh
->deferred_send_data
,
1488 memcpy(ssh
->deferred_send_data
+ ssh
->deferred_len
,
1489 pkt
->data
+ offset
, len
);
1490 ssh
->deferred_len
+= len
;
1491 ssh_free_packet(pkt
);
1495 * Construct a SSH-1 packet with the specified contents.
1496 * (This all-at-once interface used to be the only one, but now SSH-1
1497 * packets can also be constructed incrementally.)
1499 static struct Packet
*construct_packet(Ssh ssh
, int pkttype
, va_list ap
)
1505 pkt
= ssh1_pkt_init(pkttype
);
1507 while ((argtype
= va_arg(ap
, int)) != PKT_END
) {
1508 unsigned char *argp
, argchar
;
1510 unsigned long argint
;
1513 /* Actual fields in the packet */
1515 argint
= va_arg(ap
, int);
1516 ssh_pkt_adduint32(pkt
, argint
);
1519 argchar
= (unsigned char) va_arg(ap
, int);
1520 ssh_pkt_addbyte(pkt
, argchar
);
1523 argp
= va_arg(ap
, unsigned char *);
1524 arglen
= va_arg(ap
, int);
1525 ssh_pkt_adddata(pkt
, argp
, arglen
);
1528 sargp
= va_arg(ap
, char *);
1529 ssh_pkt_addstring(pkt
, sargp
);
1532 bn
= va_arg(ap
, Bignum
);
1533 ssh1_pkt_addmp(pkt
, bn
);
1535 /* Tokens for modifications to packet logging */
1537 dont_log_password(ssh
, pkt
, PKTLOG_BLANK
);
1540 dont_log_data(ssh
, pkt
, PKTLOG_OMIT
);
1543 end_log_omission(ssh
, pkt
);
1551 static void send_packet(Ssh ssh
, int pkttype
, ...)
1555 va_start(ap
, pkttype
);
1556 pkt
= construct_packet(ssh
, pkttype
, ap
);
1561 static void defer_packet(Ssh ssh
, int pkttype
, ...)
1565 va_start(ap
, pkttype
);
1566 pkt
= construct_packet(ssh
, pkttype
, ap
);
1568 s_wrpkt_defer(ssh
, pkt
);
1571 static int ssh_versioncmp(char *a
, char *b
)
1574 unsigned long av
, bv
;
1576 av
= strtoul(a
, &ae
, 10);
1577 bv
= strtoul(b
, &be
, 10);
1579 return (av
< bv ?
-1 : +1);
1584 av
= strtoul(ae
, &ae
, 10);
1585 bv
= strtoul(be
, &be
, 10);
1587 return (av
< bv ?
-1 : +1);
1592 * Utility routines for putting an SSH-protocol `string' and
1593 * `uint32' into a hash state.
1595 static void hash_string(const struct ssh_hash
*h
, void *s
, void *str
, int len
)
1597 unsigned char lenblk
[4];
1598 PUT_32BIT(lenblk
, len
);
1599 h
->bytes(s
, lenblk
, 4);
1600 h
->bytes(s
, str
, len
);
1603 static void hash_uint32(const struct ssh_hash
*h
, void *s
, unsigned i
)
1605 unsigned char intblk
[4];
1606 PUT_32BIT(intblk
, i
);
1607 h
->bytes(s
, intblk
, 4);
1611 * Packet construction functions. Mostly shared between SSH-1 and SSH-2.
1613 static void ssh_pkt_ensure(struct Packet
*pkt
, int length
)
1615 if (pkt
->maxlen
< length
) {
1616 unsigned char *body
= pkt
->body
;
1617 int offset
= body ? body
- pkt
->data
: 0;
1618 pkt
->maxlen
= length
+ 256;
1619 pkt
->data
= sresize(pkt
->data
, pkt
->maxlen
+ APIEXTRA
, unsigned char);
1620 if (body
) pkt
->body
= pkt
->data
+ offset
;
1623 static void ssh_pkt_adddata(struct Packet
*pkt
, void *data
, int len
)
1625 if (pkt
->logmode
!= PKTLOG_EMIT
) {
1627 pkt
->blanks
= sresize(pkt
->blanks
, pkt
->nblanks
, struct logblank_t
);
1629 pkt
->blanks
[pkt
->nblanks
-1].offset
= pkt
->length
-
1630 (pkt
->body
- pkt
->data
);
1631 pkt
->blanks
[pkt
->nblanks
-1].len
= len
;
1632 pkt
->blanks
[pkt
->nblanks
-1].type
= pkt
->logmode
;
1635 ssh_pkt_ensure(pkt
, pkt
->length
);
1636 memcpy(pkt
->data
+ pkt
->length
- len
, data
, len
);
1638 static void ssh_pkt_addbyte(struct Packet
*pkt
, unsigned char byte
)
1640 ssh_pkt_adddata(pkt
, &byte
, 1);
1642 static void ssh2_pkt_addbool(struct Packet
*pkt
, unsigned char value
)
1644 ssh_pkt_adddata(pkt
, &value
, 1);
1646 static void ssh_pkt_adduint32(struct Packet
*pkt
, unsigned long value
)
1649 PUT_32BIT(x
, value
);
1650 ssh_pkt_adddata(pkt
, x
, 4);
1652 static void ssh_pkt_addstring_start(struct Packet
*pkt
)
1654 ssh_pkt_adduint32(pkt
, 0);
1655 pkt
->savedpos
= pkt
->length
;
1657 static void ssh_pkt_addstring_str(struct Packet
*pkt
, char *data
)
1659 ssh_pkt_adddata(pkt
, data
, strlen(data
));
1660 PUT_32BIT(pkt
->data
+ pkt
->savedpos
- 4, pkt
->length
- pkt
->savedpos
);
1662 static void ssh_pkt_addstring_data(struct Packet
*pkt
, char *data
, int len
)
1664 ssh_pkt_adddata(pkt
, data
, len
);
1665 PUT_32BIT(pkt
->data
+ pkt
->savedpos
- 4, pkt
->length
- pkt
->savedpos
);
1667 static void ssh_pkt_addstring(struct Packet
*pkt
, char *data
)
1669 ssh_pkt_addstring_start(pkt
);
1670 ssh_pkt_addstring_str(pkt
, data
);
1672 static void ssh1_pkt_addmp(struct Packet
*pkt
, Bignum b
)
1674 int len
= ssh1_bignum_length(b
);
1675 unsigned char *data
= snewn(len
, unsigned char);
1676 (void) ssh1_write_bignum(data
, b
);
1677 ssh_pkt_adddata(pkt
, data
, len
);
1680 static unsigned char *ssh2_mpint_fmt(Bignum b
, int *len
)
1683 int i
, n
= (bignum_bitcount(b
) + 7) / 8;
1684 p
= snewn(n
+ 1, unsigned char);
1686 for (i
= 1; i
<= n
; i
++)
1687 p
[i
] = bignum_byte(b
, n
- i
);
1689 while (i
<= n
&& p
[i
] == 0 && (p
[i
+ 1] & 0x80) == 0)
1691 memmove(p
, p
+ i
, n
+ 1 - i
);
1695 static void ssh2_pkt_addmp(struct Packet
*pkt
, Bignum b
)
1699 p
= ssh2_mpint_fmt(b
, &len
);
1700 ssh_pkt_addstring_start(pkt
);
1701 ssh_pkt_addstring_data(pkt
, (char *)p
, len
);
1705 static struct Packet
*ssh1_pkt_init(int pkt_type
)
1707 struct Packet
*pkt
= ssh_new_packet();
1708 pkt
->length
= 4 + 8; /* space for length + max padding */
1709 ssh_pkt_addbyte(pkt
, pkt_type
);
1710 pkt
->body
= pkt
->data
+ pkt
->length
;
1714 /* For legacy code (SSH-1 and -2 packet construction used to be separate) */
1715 #define ssh2_pkt_ensure(pkt, length) ssh_pkt_ensure(pkt, length)
1716 #define ssh2_pkt_adddata(pkt, data, len) ssh_pkt_adddata(pkt, data, len)
1717 #define ssh2_pkt_addbyte(pkt, byte) ssh_pkt_addbyte(pkt, byte)
1718 #define ssh2_pkt_adduint32(pkt, value) ssh_pkt_adduint32(pkt, value)
1719 #define ssh2_pkt_addstring_start(pkt) ssh_pkt_addstring_start(pkt)
1720 #define ssh2_pkt_addstring_str(pkt, data) ssh_pkt_addstring_str(pkt, data)
1721 #define ssh2_pkt_addstring_data(pkt, data, len) ssh_pkt_addstring_data(pkt, data, len)
1722 #define ssh2_pkt_addstring(pkt, data) ssh_pkt_addstring(pkt, data)
1724 static struct Packet
*ssh2_pkt_init(int pkt_type
)
1726 struct Packet
*pkt
= ssh_new_packet();
1727 pkt
->length
= 5; /* space for packet length + padding length */
1729 ssh_pkt_addbyte(pkt
, (unsigned char) pkt_type
);
1730 pkt
->body
= pkt
->data
+ pkt
->length
; /* after packet type */
1735 * Construct an SSH-2 final-form packet: compress it, encrypt it,
1736 * put the MAC on it. Final packet, ready to be sent, is stored in
1737 * pkt->data. Total length is returned.
1739 static int ssh2_pkt_construct(Ssh ssh
, struct Packet
*pkt
)
1741 int cipherblk
, maclen
, padding
, i
;
1744 log_packet(ssh
->logctx
, PKT_OUTGOING
, pkt
->data
[5],
1745 ssh2_pkt_type(ssh
->pkt_kctx
, ssh
->pkt_actx
, pkt
->data
[5]),
1746 pkt
->body
, pkt
->length
- (pkt
->body
- pkt
->data
),
1747 pkt
->nblanks
, pkt
->blanks
);
1748 sfree(pkt
->blanks
); pkt
->blanks
= NULL
;
1752 * Compress packet payload.
1755 unsigned char *newpayload
;
1758 ssh
->cscomp
->compress(ssh
->cs_comp_ctx
, pkt
->data
+ 5,
1760 &newpayload
, &newlen
)) {
1762 ssh2_pkt_adddata(pkt
, newpayload
, newlen
);
1768 * Add padding. At least four bytes, and must also bring total
1769 * length (minus MAC) up to a multiple of the block size.
1770 * If pkt->forcepad is set, make sure the packet is at least that size
1773 cipherblk
= ssh
->cscipher ? ssh
->cscipher
->blksize
: 8; /* block size */
1774 cipherblk
= cipherblk
< 8 ?
8 : cipherblk
; /* or 8 if blksize < 8 */
1776 if (pkt
->length
+ padding
< pkt
->forcepad
)
1777 padding
= pkt
->forcepad
- pkt
->length
;
1779 (cipherblk
- (pkt
->length
+ padding
) % cipherblk
) % cipherblk
;
1780 assert(padding
<= 255);
1781 maclen
= ssh
->csmac ? ssh
->csmac
->len
: 0;
1782 ssh2_pkt_ensure(pkt
, pkt
->length
+ padding
+ maclen
);
1783 pkt
->data
[4] = padding
;
1784 for (i
= 0; i
< padding
; i
++)
1785 pkt
->data
[pkt
->length
+ i
] = random_byte();
1786 PUT_32BIT(pkt
->data
, pkt
->length
+ padding
- 4);
1788 ssh
->csmac
->generate(ssh
->cs_mac_ctx
, pkt
->data
,
1789 pkt
->length
+ padding
,
1790 ssh
->v2_outgoing_sequence
);
1791 ssh
->v2_outgoing_sequence
++; /* whether or not we MACed */
1794 ssh
->cscipher
->encrypt(ssh
->cs_cipher_ctx
,
1795 pkt
->data
, pkt
->length
+ padding
);
1797 pkt
->encrypted_len
= pkt
->length
+ padding
;
1799 /* Ready-to-send packet starts at pkt->data. We return length. */
1800 return pkt
->length
+ padding
+ maclen
;
1804 * Routines called from the main SSH code to send packets. There
1805 * are quite a few of these, because we have two separate
1806 * mechanisms for delaying the sending of packets:
1808 * - In order to send an IGNORE message and a password message in
1809 * a single fixed-length blob, we require the ability to
1810 * concatenate the encrypted forms of those two packets _into_ a
1811 * single blob and then pass it to our <network.h> transport
1812 * layer in one go. Hence, there's a deferment mechanism which
1813 * works after packet encryption.
1815 * - In order to avoid sending any connection-layer messages
1816 * during repeat key exchange, we have to queue up any such
1817 * outgoing messages _before_ they are encrypted (and in
1818 * particular before they're allocated sequence numbers), and
1819 * then send them once we've finished.
1821 * I call these mechanisms `defer' and `queue' respectively, so as
1822 * to distinguish them reasonably easily.
1824 * The functions send_noqueue() and defer_noqueue() free the packet
1825 * structure they are passed. Every outgoing packet goes through
1826 * precisely one of these functions in its life; packets passed to
1827 * ssh2_pkt_send() or ssh2_pkt_defer() either go straight to one of
1828 * these or get queued, and then when the queue is later emptied
1829 * the packets are all passed to defer_noqueue().
1831 * When using a CBC-mode cipher, it's necessary to ensure that an
1832 * attacker can't provide data to be encrypted using an IV that they
1833 * know. We ensure this by prefixing each packet that might contain
1834 * user data with an SSH_MSG_IGNORE. This is done using the deferral
1835 * mechanism, so in this case send_noqueue() ends up redirecting to
1836 * defer_noqueue(). If you don't like this inefficiency, don't use
1840 static void ssh2_pkt_defer_noqueue(Ssh
, struct Packet
*, int);
1841 static void ssh_pkt_defersend(Ssh
);
1844 * Send an SSH-2 packet immediately, without queuing or deferring.
1846 static void ssh2_pkt_send_noqueue(Ssh ssh
, struct Packet
*pkt
)
1850 if (ssh
->cscipher
!= NULL
&& (ssh
->cscipher
->flags
& SSH_CIPHER_IS_CBC
)) {
1851 /* We need to send two packets, so use the deferral mechanism. */
1852 ssh2_pkt_defer_noqueue(ssh
, pkt
, FALSE
);
1853 ssh_pkt_defersend(ssh
);
1856 len
= ssh2_pkt_construct(ssh
, pkt
);
1857 backlog
= s_write(ssh
, pkt
->data
, len
);
1858 if (backlog
> SSH_MAX_BACKLOG
)
1859 ssh_throttle_all(ssh
, 1, backlog
);
1861 ssh
->outgoing_data_size
+= pkt
->encrypted_len
;
1862 if (!ssh
->kex_in_progress
&&
1863 ssh
->max_data_size
!= 0 &&
1864 ssh
->outgoing_data_size
> ssh
->max_data_size
)
1865 do_ssh2_transport(ssh
, "too much data sent", -1, NULL
);
1867 ssh_free_packet(pkt
);
1871 * Defer an SSH-2 packet.
1873 static void ssh2_pkt_defer_noqueue(Ssh ssh
, struct Packet
*pkt
, int noignore
)
1876 if (ssh
->cscipher
!= NULL
&& (ssh
->cscipher
->flags
& SSH_CIPHER_IS_CBC
) &&
1877 ssh
->deferred_len
== 0 && !noignore
) {
1879 * Interpose an SSH_MSG_IGNORE to ensure that user data don't
1880 * get encrypted with a known IV.
1882 struct Packet
*ipkt
= ssh2_pkt_init(SSH2_MSG_IGNORE
);
1883 ssh2_pkt_addstring_start(ipkt
);
1884 ssh2_pkt_defer_noqueue(ssh
, ipkt
, TRUE
);
1886 len
= ssh2_pkt_construct(ssh
, pkt
);
1887 if (ssh
->deferred_len
+ len
> ssh
->deferred_size
) {
1888 ssh
->deferred_size
= ssh
->deferred_len
+ len
+ 128;
1889 ssh
->deferred_send_data
= sresize(ssh
->deferred_send_data
,
1893 memcpy(ssh
->deferred_send_data
+ ssh
->deferred_len
, pkt
->data
, len
);
1894 ssh
->deferred_len
+= len
;
1895 ssh
->deferred_data_size
+= pkt
->encrypted_len
;
1896 ssh_free_packet(pkt
);
1900 * Queue an SSH-2 packet.
1902 static void ssh2_pkt_queue(Ssh ssh
, struct Packet
*pkt
)
1904 assert(ssh
->queueing
);
1906 if (ssh
->queuelen
>= ssh
->queuesize
) {
1907 ssh
->queuesize
= ssh
->queuelen
+ 32;
1908 ssh
->queue
= sresize(ssh
->queue
, ssh
->queuesize
, struct Packet
*);
1911 ssh
->queue
[ssh
->queuelen
++] = pkt
;
1915 * Either queue or send a packet, depending on whether queueing is
1918 static void ssh2_pkt_send(Ssh ssh
, struct Packet
*pkt
)
1921 ssh2_pkt_queue(ssh
, pkt
);
1923 ssh2_pkt_send_noqueue(ssh
, pkt
);
1927 * Either queue or defer a packet, depending on whether queueing is
1930 static void ssh2_pkt_defer(Ssh ssh
, struct Packet
*pkt
)
1933 ssh2_pkt_queue(ssh
, pkt
);
1935 ssh2_pkt_defer_noqueue(ssh
, pkt
, FALSE
);
1939 * Send the whole deferred data block constructed by
1940 * ssh2_pkt_defer() or SSH-1's defer_packet().
1942 * The expected use of the defer mechanism is that you call
1943 * ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
1944 * not currently queueing, this simply sets up deferred_send_data
1945 * and then sends it. If we _are_ currently queueing, the calls to
1946 * ssh2_pkt_defer() put the deferred packets on to the queue
1947 * instead, and therefore ssh_pkt_defersend() has no deferred data
1948 * to send. Hence, there's no need to make it conditional on
1951 static void ssh_pkt_defersend(Ssh ssh
)
1954 backlog
= s_write(ssh
, ssh
->deferred_send_data
, ssh
->deferred_len
);
1955 ssh
->deferred_len
= ssh
->deferred_size
= 0;
1956 sfree(ssh
->deferred_send_data
);
1957 ssh
->deferred_send_data
= NULL
;
1958 if (backlog
> SSH_MAX_BACKLOG
)
1959 ssh_throttle_all(ssh
, 1, backlog
);
1961 ssh
->outgoing_data_size
+= ssh
->deferred_data_size
;
1962 if (!ssh
->kex_in_progress
&&
1963 ssh
->max_data_size
!= 0 &&
1964 ssh
->outgoing_data_size
> ssh
->max_data_size
)
1965 do_ssh2_transport(ssh
, "too much data sent", -1, NULL
);
1966 ssh
->deferred_data_size
= 0;
1970 * Send a packet whose length needs to be disguised (typically
1971 * passwords or keyboard-interactive responses).
1973 static void ssh2_pkt_send_with_padding(Ssh ssh
, struct Packet
*pkt
,
1979 * The simplest way to do this is to adjust the
1980 * variable-length padding field in the outgoing packet.
1982 * Currently compiled out, because some Cisco SSH servers
1983 * don't like excessively padded packets (bah, why's it
1986 pkt
->forcepad
= padsize
;
1987 ssh2_pkt_send(ssh
, pkt
);
1992 * If we can't do that, however, an alternative approach is
1993 * to use the pkt_defer mechanism to bundle the packet
1994 * tightly together with an SSH_MSG_IGNORE such that their
1995 * combined length is a constant. So first we construct the
1996 * final form of this packet and defer its sending.
1998 ssh2_pkt_defer(ssh
, pkt
);
2001 * Now construct an SSH_MSG_IGNORE which includes a string
2002 * that's an exact multiple of the cipher block size. (If
2003 * the cipher is NULL so that the block size is
2004 * unavailable, we don't do this trick at all, because we
2005 * gain nothing by it.)
2007 if (ssh
->cscipher
) {
2010 stringlen
= (256 - ssh
->deferred_len
);
2011 stringlen
+= ssh
->cscipher
->blksize
- 1;
2012 stringlen
-= (stringlen
% ssh
->cscipher
->blksize
);
2015 * Temporarily disable actual compression, so we
2016 * can guarantee to get this string exactly the
2017 * length we want it. The compression-disabling
2018 * routine should return an integer indicating how
2019 * many bytes we should adjust our string length
2023 ssh
->cscomp
->disable_compression(ssh
->cs_comp_ctx
);
2025 pkt
= ssh2_pkt_init(SSH2_MSG_IGNORE
);
2026 ssh2_pkt_addstring_start(pkt
);
2027 for (i
= 0; i
< stringlen
; i
++) {
2028 char c
= (char) random_byte();
2029 ssh2_pkt_addstring_data(pkt
, &c
, 1);
2031 ssh2_pkt_defer(ssh
, pkt
);
2033 ssh_pkt_defersend(ssh
);
2038 * Send all queued SSH-2 packets. We send them by means of
2039 * ssh2_pkt_defer_noqueue(), in case they included a pair of
2040 * packets that needed to be lumped together.
2042 static void ssh2_pkt_queuesend(Ssh ssh
)
2046 assert(!ssh
->queueing
);
2048 for (i
= 0; i
< ssh
->queuelen
; i
++)
2049 ssh2_pkt_defer_noqueue(ssh
, ssh
->queue
[i
], FALSE
);
2052 ssh_pkt_defersend(ssh
);
2056 void bndebug(char *string
, Bignum b
)
2060 p
= ssh2_mpint_fmt(b
, &len
);
2061 debug(("%s", string
));
2062 for (i
= 0; i
< len
; i
++)
2063 debug((" %02x", p
[i
]));
2069 static void hash_mpint(const struct ssh_hash
*h
, void *s
, Bignum b
)
2073 p
= ssh2_mpint_fmt(b
, &len
);
2074 hash_string(h
, s
, p
, len
);
2079 * Packet decode functions for both SSH-1 and SSH-2.
2081 static unsigned long ssh_pkt_getuint32(struct Packet
*pkt
)
2083 unsigned long value
;
2084 if (pkt
->length
- pkt
->savedpos
< 4)
2085 return 0; /* arrgh, no way to decline (FIXME?) */
2086 value
= GET_32BIT(pkt
->body
+ pkt
->savedpos
);
2090 static int ssh2_pkt_getbool(struct Packet
*pkt
)
2092 unsigned long value
;
2093 if (pkt
->length
- pkt
->savedpos
< 1)
2094 return 0; /* arrgh, no way to decline (FIXME?) */
2095 value
= pkt
->body
[pkt
->savedpos
] != 0;
2099 static void ssh_pkt_getstring(struct Packet
*pkt
, char **p
, int *length
)
2104 if (pkt
->length
- pkt
->savedpos
< 4)
2106 len
= GET_32BIT(pkt
->body
+ pkt
->savedpos
);
2111 if (pkt
->length
- pkt
->savedpos
< *length
)
2113 *p
= (char *)(pkt
->body
+ pkt
->savedpos
);
2114 pkt
->savedpos
+= *length
;
2116 static void *ssh_pkt_getdata(struct Packet
*pkt
, int length
)
2118 if (pkt
->length
- pkt
->savedpos
< length
)
2120 pkt
->savedpos
+= length
;
2121 return pkt
->body
+ (pkt
->savedpos
- length
);
2123 static int ssh1_pkt_getrsakey(struct Packet
*pkt
, struct RSAKey
*key
,
2124 unsigned char **keystr
)
2128 j
= makekey(pkt
->body
+ pkt
->savedpos
,
2129 pkt
->length
- pkt
->savedpos
,
2136 assert(pkt
->savedpos
< pkt
->length
);
2140 static Bignum
ssh1_pkt_getmp(struct Packet
*pkt
)
2145 j
= ssh1_read_bignum(pkt
->body
+ pkt
->savedpos
,
2146 pkt
->length
- pkt
->savedpos
, &b
);
2154 static Bignum
ssh2_pkt_getmp(struct Packet
*pkt
)
2160 ssh_pkt_getstring(pkt
, &p
, &length
);
2165 b
= bignum_from_bytes((unsigned char *)p
, length
);
2170 * Helper function to add an SSH-2 signature blob to a packet.
2171 * Expects to be shown the public key blob as well as the signature
2172 * blob. Normally works just like ssh2_pkt_addstring, but will
2173 * fiddle with the signature packet if necessary for
2174 * BUG_SSH2_RSA_PADDING.
2176 static void ssh2_add_sigblob(Ssh ssh
, struct Packet
*pkt
,
2177 void *pkblob_v
, int pkblob_len
,
2178 void *sigblob_v
, int sigblob_len
)
2180 unsigned char *pkblob
= (unsigned char *)pkblob_v
;
2181 unsigned char *sigblob
= (unsigned char *)sigblob_v
;
2183 /* dmemdump(pkblob, pkblob_len); */
2184 /* dmemdump(sigblob, sigblob_len); */
2187 * See if this is in fact an ssh-rsa signature and a buggy
2188 * server; otherwise we can just do this the easy way.
2190 if ((ssh
->remote_bugs
& BUG_SSH2_RSA_PADDING
) &&
2191 (GET_32BIT(pkblob
) == 7 && !memcmp(pkblob
+4, "ssh-rsa", 7))) {
2192 int pos
, len
, siglen
;
2195 * Find the byte length of the modulus.
2198 pos
= 4+7; /* skip over "ssh-rsa" */
2199 pos
+= 4 + GET_32BIT(pkblob
+pos
); /* skip over exponent */
2200 len
= GET_32BIT(pkblob
+pos
); /* find length of modulus */
2201 pos
+= 4; /* find modulus itself */
2202 while (len
> 0 && pkblob
[pos
] == 0)
2204 /* debug(("modulus length is %d\n", len)); */
2207 * Now find the signature integer.
2209 pos
= 4+7; /* skip over "ssh-rsa" */
2210 siglen
= GET_32BIT(sigblob
+pos
);
2211 /* debug(("signature length is %d\n", siglen)); */
2213 if (len
!= siglen
) {
2214 unsigned char newlen
[4];
2215 ssh2_pkt_addstring_start(pkt
);
2216 ssh2_pkt_addstring_data(pkt
, (char *)sigblob
, pos
);
2217 /* dmemdump(sigblob, pos); */
2218 pos
+= 4; /* point to start of actual sig */
2219 PUT_32BIT(newlen
, len
);
2220 ssh2_pkt_addstring_data(pkt
, (char *)newlen
, 4);
2221 /* dmemdump(newlen, 4); */
2223 while (len
-- > siglen
) {
2224 ssh2_pkt_addstring_data(pkt
, (char *)newlen
, 1);
2225 /* dmemdump(newlen, 1); */
2227 ssh2_pkt_addstring_data(pkt
, (char *)(sigblob
+pos
), siglen
);
2228 /* dmemdump(sigblob+pos, siglen); */
2232 /* Otherwise fall through and do it the easy way. */
2235 ssh2_pkt_addstring_start(pkt
);
2236 ssh2_pkt_addstring_data(pkt
, (char *)sigblob
, sigblob_len
);
2240 * Examine the remote side's version string and compare it against
2241 * a list of known buggy implementations.
2243 static void ssh_detect_bugs(Ssh ssh
, char *vstring
)
2245 char *imp
; /* pointer to implementation part */
2247 imp
+= strcspn(imp
, "-");
2249 imp
+= strcspn(imp
, "-");
2252 ssh
->remote_bugs
= 0;
2255 * General notes on server version strings:
2256 * - Not all servers reporting "Cisco-1.25" have all the bugs listed
2257 * here -- in particular, we've heard of one that's perfectly happy
2258 * with SSH1_MSG_IGNOREs -- but this string never seems to change,
2259 * so we can't distinguish them.
2261 if (ssh
->cfg
.sshbug_ignore1
== FORCE_ON
||
2262 (ssh
->cfg
.sshbug_ignore1
== AUTO
&&
2263 (!strcmp(imp
, "1.2.18") || !strcmp(imp
, "1.2.19") ||
2264 !strcmp(imp
, "1.2.20") || !strcmp(imp
, "1.2.21") ||
2265 !strcmp(imp
, "1.2.22") || !strcmp(imp
, "Cisco-1.25") ||
2266 !strcmp(imp
, "OSU_1.4alpha3") || !strcmp(imp
, "OSU_1.5alpha4")))) {
2268 * These versions don't support SSH1_MSG_IGNORE, so we have
2269 * to use a different defence against password length
2272 ssh
->remote_bugs
|= BUG_CHOKES_ON_SSH1_IGNORE
;
2273 logevent("We believe remote version has SSH-1 ignore bug");
2276 if (ssh
->cfg
.sshbug_plainpw1
== FORCE_ON
||
2277 (ssh
->cfg
.sshbug_plainpw1
== AUTO
&&
2278 (!strcmp(imp
, "Cisco-1.25") || !strcmp(imp
, "OSU_1.4alpha3")))) {
2280 * These versions need a plain password sent; they can't
2281 * handle having a null and a random length of data after
2284 ssh
->remote_bugs
|= BUG_NEEDS_SSH1_PLAIN_PASSWORD
;
2285 logevent("We believe remote version needs a plain SSH-1 password");
2288 if (ssh
->cfg
.sshbug_rsa1
== FORCE_ON
||
2289 (ssh
->cfg
.sshbug_rsa1
== AUTO
&&
2290 (!strcmp(imp
, "Cisco-1.25")))) {
2292 * These versions apparently have no clue whatever about
2293 * RSA authentication and will panic and die if they see
2294 * an AUTH_RSA message.
2296 ssh
->remote_bugs
|= BUG_CHOKES_ON_RSA
;
2297 logevent("We believe remote version can't handle SSH-1 RSA authentication");
2300 if (ssh
->cfg
.sshbug_hmac2
== FORCE_ON
||
2301 (ssh
->cfg
.sshbug_hmac2
== AUTO
&&
2302 !wc_match("* VShell", imp
) &&
2303 (wc_match("2.1.0*", imp
) || wc_match("2.0.*", imp
) ||
2304 wc_match("2.2.0*", imp
) || wc_match("2.3.0*", imp
) ||
2305 wc_match("2.1 *", imp
)))) {
2307 * These versions have the HMAC bug.
2309 ssh
->remote_bugs
|= BUG_SSH2_HMAC
;
2310 logevent("We believe remote version has SSH-2 HMAC bug");
2313 if (ssh
->cfg
.sshbug_derivekey2
== FORCE_ON
||
2314 (ssh
->cfg
.sshbug_derivekey2
== AUTO
&&
2315 !wc_match("* VShell", imp
) &&
2316 (wc_match("2.0.0*", imp
) || wc_match("2.0.10*", imp
) ))) {
2318 * These versions have the key-derivation bug (failing to
2319 * include the literal shared secret in the hashes that
2320 * generate the keys).
2322 ssh
->remote_bugs
|= BUG_SSH2_DERIVEKEY
;
2323 logevent("We believe remote version has SSH-2 key-derivation bug");
2326 if (ssh
->cfg
.sshbug_rsapad2
== FORCE_ON
||
2327 (ssh
->cfg
.sshbug_rsapad2
== AUTO
&&
2328 (wc_match("OpenSSH_2.[5-9]*", imp
) ||
2329 wc_match("OpenSSH_3.[0-2]*", imp
)))) {
2331 * These versions have the SSH-2 RSA padding bug.
2333 ssh
->remote_bugs
|= BUG_SSH2_RSA_PADDING
;
2334 logevent("We believe remote version has SSH-2 RSA padding bug");
2337 if (ssh
->cfg
.sshbug_pksessid2
== FORCE_ON
||
2338 (ssh
->cfg
.sshbug_pksessid2
== AUTO
&&
2339 wc_match("OpenSSH_2.[0-2]*", imp
))) {
2341 * These versions have the SSH-2 session-ID bug in
2342 * public-key authentication.
2344 ssh
->remote_bugs
|= BUG_SSH2_PK_SESSIONID
;
2345 logevent("We believe remote version has SSH-2 public-key-session-ID bug");
2348 if (ssh
->cfg
.sshbug_rekey2
== FORCE_ON
||
2349 (ssh
->cfg
.sshbug_rekey2
== AUTO
&&
2350 (wc_match("DigiSSH_2.0", imp
) ||
2351 wc_match("OpenSSH_2.[0-4]*", imp
) ||
2352 wc_match("OpenSSH_2.5.[0-3]*", imp
) ||
2353 wc_match("Sun_SSH_1.0", imp
) ||
2354 wc_match("Sun_SSH_1.0.1", imp
) ||
2355 /* All versions <= 1.2.6 (they changed their format in 1.2.7) */
2356 wc_match("WeOnlyDo-*", imp
)))) {
2358 * These versions have the SSH-2 rekey bug.
2360 ssh
->remote_bugs
|= BUG_SSH2_REKEY
;
2361 logevent("We believe remote version has SSH-2 rekey bug");
2366 * The `software version' part of an SSH version string is required
2367 * to contain no spaces or minus signs.
2369 static void ssh_fix_verstring(char *str
)
2371 /* Eat "SSH-<protoversion>-". */
2372 assert(*str
== 'S'); str
++;
2373 assert(*str
== 'S'); str
++;
2374 assert(*str
== 'H'); str
++;
2375 assert(*str
== '-'); str
++;
2376 while (*str
&& *str
!= '-') str
++;
2377 assert(*str
== '-'); str
++;
2379 /* Convert minus signs and spaces in the remaining string into
2382 if (*str
== '-' || *str
== ' ')
2389 * Send an appropriate SSH version string.
2391 static void ssh_send_verstring(Ssh ssh
, char *svers
)
2395 if (ssh
->version
== 2) {
2397 * Construct a v2 version string.
2399 verstring
= dupprintf("SSH-2.0-%s\015\012", sshver
);
2402 * Construct a v1 version string.
2404 verstring
= dupprintf("SSH-%s-%s\012",
2405 (ssh_versioncmp(svers
, "1.5") <= 0 ?
2410 ssh_fix_verstring(verstring
);
2412 if (ssh
->version
== 2) {
2415 * Record our version string.
2417 len
= strcspn(verstring
, "\015\012");
2418 ssh
->v_c
= snewn(len
+ 1, char);
2419 memcpy(ssh
->v_c
, verstring
, len
);
2423 logeventf(ssh
, "We claim version: %.*s",
2424 strcspn(verstring
, "\015\012"), verstring
);
2425 s_write(ssh
, verstring
, strlen(verstring
));
2429 static int do_ssh_init(Ssh ssh
, unsigned char c
)
2431 struct do_ssh_init_state
{
2439 crState(do_ssh_init_state
);
2441 crBegin(ssh
->do_ssh_init_crstate
);
2443 /* Search for a line beginning with the string "SSH-" in the input. */
2445 if (c
!= 'S') goto no
;
2447 if (c
!= 'S') goto no
;
2449 if (c
!= 'H') goto no
;
2451 if (c
!= '-') goto no
;
2460 s
->vstring
= snewn(s
->vstrsize
, char);
2461 strcpy(s
->vstring
, "SSH-");
2465 crReturn(1); /* get another char */
2466 if (s
->vslen
>= s
->vstrsize
- 1) {
2468 s
->vstring
= sresize(s
->vstring
, s
->vstrsize
, char);
2470 s
->vstring
[s
->vslen
++] = c
;
2473 s
->version
[s
->i
] = '\0';
2475 } else if (s
->i
< sizeof(s
->version
) - 1)
2476 s
->version
[s
->i
++] = c
;
2477 } else if (c
== '\012')
2481 ssh
->agentfwd_enabled
= FALSE
;
2482 ssh
->rdpkt2_state
.incoming_sequence
= 0;
2484 s
->vstring
[s
->vslen
] = 0;
2485 s
->vstring
[strcspn(s
->vstring
, "\015\012")] = '\0';/* remove EOL chars */
2486 logeventf(ssh
, "Server version: %s", s
->vstring
);
2487 ssh_detect_bugs(ssh
, s
->vstring
);
2490 * Decide which SSH protocol version to support.
2493 /* Anything strictly below "2.0" means protocol 1 is supported. */
2494 s
->proto1
= ssh_versioncmp(s
->version
, "2.0") < 0;
2495 /* Anything greater or equal to "1.99" means protocol 2 is supported. */
2496 s
->proto2
= ssh_versioncmp(s
->version
, "1.99") >= 0;
2498 if (ssh
->cfg
.sshprot
== 0 && !s
->proto1
) {
2499 bombout(("SSH protocol version 1 required by user but not provided by server"));
2502 if (ssh
->cfg
.sshprot
== 3 && !s
->proto2
) {
2503 bombout(("SSH protocol version 2 required by user but not provided by server"));
2507 if (s
->proto2
&& (ssh
->cfg
.sshprot
>= 2 || !s
->proto1
))
2512 logeventf(ssh
, "Using SSH protocol version %d", ssh
->version
);
2514 /* Send the version string, if we haven't already */
2515 if (ssh
->cfg
.sshprot
!= 3)
2516 ssh_send_verstring(ssh
, s
->version
);
2518 if (ssh
->version
== 2) {
2521 * Record their version string.
2523 len
= strcspn(s
->vstring
, "\015\012");
2524 ssh
->v_s
= snewn(len
+ 1, char);
2525 memcpy(ssh
->v_s
, s
->vstring
, len
);
2529 * Initialise SSH-2 protocol.
2531 ssh
->protocol
= ssh2_protocol
;
2532 ssh2_protocol_setup(ssh
);
2533 ssh
->s_rdpkt
= ssh2_rdpkt
;
2536 * Initialise SSH-1 protocol.
2538 ssh
->protocol
= ssh1_protocol
;
2539 ssh1_protocol_setup(ssh
);
2540 ssh
->s_rdpkt
= ssh1_rdpkt
;
2542 if (ssh
->version
== 2)
2543 do_ssh2_transport(ssh
, NULL
, -1, NULL
);
2545 update_specials_menu(ssh
->frontend
);
2546 ssh
->state
= SSH_STATE_BEFORE_SIZE
;
2547 ssh
->pinger
= pinger_new(&ssh
->cfg
, &ssh_backend
, ssh
);
2554 static void ssh_process_incoming_data(Ssh ssh
,
2555 unsigned char **data
, int *datalen
)
2557 struct Packet
*pktin
;
2559 pktin
= ssh
->s_rdpkt(ssh
, data
, datalen
);
2561 ssh
->protocol(ssh
, NULL
, 0, pktin
);
2562 ssh_free_packet(pktin
);
2566 static void ssh_queue_incoming_data(Ssh ssh
,
2567 unsigned char **data
, int *datalen
)
2569 bufchain_add(&ssh
->queued_incoming_data
, *data
, *datalen
);
2574 static void ssh_process_queued_incoming_data(Ssh ssh
)
2577 unsigned char *data
;
2580 while (!ssh
->frozen
&& bufchain_size(&ssh
->queued_incoming_data
)) {
2581 bufchain_prefix(&ssh
->queued_incoming_data
, &vdata
, &len
);
2585 while (!ssh
->frozen
&& len
> 0)
2586 ssh_process_incoming_data(ssh
, &data
, &len
);
2589 bufchain_consume(&ssh
->queued_incoming_data
, origlen
- len
);
2593 static void ssh_set_frozen(Ssh ssh
, int frozen
)
2596 sk_set_frozen(ssh
->s
, frozen
);
2597 ssh
->frozen
= frozen
;
2600 static void ssh_gotdata(Ssh ssh
, unsigned char *data
, int datalen
)
2602 /* Log raw data, if we're in that mode. */
2604 log_packet(ssh
->logctx
, PKT_INCOMING
, -1, NULL
, data
, datalen
,
2607 crBegin(ssh
->ssh_gotdata_crstate
);
2610 * To begin with, feed the characters one by one to the
2611 * protocol initialisation / selection function do_ssh_init().
2612 * When that returns 0, we're done with the initial greeting
2613 * exchange and can move on to packet discipline.
2616 int ret
; /* need not be kept across crReturn */
2618 crReturnV
; /* more data please */
2619 ret
= do_ssh_init(ssh
, *data
);
2627 * We emerge from that loop when the initial negotiation is
2628 * over and we have selected an s_rdpkt function. Now pass
2629 * everything to s_rdpkt, and then pass the resulting packets
2630 * to the proper protocol handler.
2634 while (bufchain_size(&ssh
->queued_incoming_data
) > 0 || datalen
> 0) {
2636 ssh_queue_incoming_data(ssh
, &data
, &datalen
);
2637 /* This uses up all data and cannot cause anything interesting
2638 * to happen; indeed, for anything to happen at all, we must
2639 * return, so break out. */
2641 } else if (bufchain_size(&ssh
->queued_incoming_data
) > 0) {
2642 /* This uses up some or all data, and may freeze the
2644 ssh_process_queued_incoming_data(ssh
);
2646 /* This uses up some or all data, and may freeze the
2648 ssh_process_incoming_data(ssh
, &data
, &datalen
);
2650 /* FIXME this is probably EBW. */
2651 if (ssh
->state
== SSH_STATE_CLOSED
)
2654 /* We're out of data. Go and get some more. */
2660 static int ssh_do_close(Ssh ssh
, int notify_exit
)
2663 struct ssh_channel
*c
;
2665 ssh
->state
= SSH_STATE_CLOSED
;
2666 expire_timer_context(ssh
);
2671 notify_remote_exit(ssh
->frontend
);
2676 * Now we must shut down any port- and X-forwarded channels going
2677 * through this connection.
2679 if (ssh
->channels
) {
2680 while (NULL
!= (c
= index234(ssh
->channels
, 0))) {
2683 x11_close(c
->u
.x11
.s
);
2686 pfd_close(c
->u
.pfd
.s
);
2689 del234(ssh
->channels
, c
); /* moving next one to index 0 */
2690 if (ssh
->version
== 2)
2691 bufchain_clear(&c
->v
.v2
.outbuffer
);
2696 * Go through port-forwardings, and close any associated
2697 * listening sockets.
2699 if (ssh
->portfwds
) {
2700 struct ssh_portfwd
*pf
;
2701 while (NULL
!= (pf
= index234(ssh
->portfwds
, 0))) {
2702 /* Dispose of any listening socket. */
2704 pfd_terminate(pf
->local
);
2705 del234(ssh
->portfwds
, pf
); /* moving next one to index 0 */
2713 static void ssh_log(Plug plug
, int type
, SockAddr addr
, int port
,
2714 const char *error_msg
, int error_code
)
2716 Ssh ssh
= (Ssh
) plug
;
2717 char addrbuf
[256], *msg
;
2719 sk_getaddr(addr
, addrbuf
, lenof(addrbuf
));
2722 msg
= dupprintf("Connecting to %s port %d", addrbuf
, port
);
2724 msg
= dupprintf("Failed to connect to %s: %s", addrbuf
, error_msg
);
2730 static int ssh_closing(Plug plug
, const char *error_msg
, int error_code
,
2733 Ssh ssh
= (Ssh
) plug
;
2734 int need_notify
= ssh_do_close(ssh
, FALSE
);
2737 if (!ssh
->close_expected
)
2738 error_msg
= "Server unexpectedly closed network connection";
2740 error_msg
= "Server closed network connection";
2743 if (ssh
->close_expected
&& ssh
->clean_exit
&& ssh
->exitcode
< 0)
2747 notify_remote_exit(ssh
->frontend
);
2750 logevent(error_msg
);
2751 if (!ssh
->close_expected
|| !ssh
->clean_exit
)
2752 connection_fatal(ssh
->frontend
, "%s", error_msg
);
2756 static int ssh_receive(Plug plug
, int urgent
, char *data
, int len
)
2758 Ssh ssh
= (Ssh
) plug
;
2759 ssh_gotdata(ssh
, (unsigned char *)data
, len
);
2760 if (ssh
->state
== SSH_STATE_CLOSED
) {
2761 ssh_do_close(ssh
, TRUE
);
2767 static void ssh_sent(Plug plug
, int bufsize
)
2769 Ssh ssh
= (Ssh
) plug
;
2771 * If the send backlog on the SSH socket itself clears, we
2772 * should unthrottle the whole world if it was throttled.
2774 if (bufsize
< SSH_MAX_BACKLOG
)
2775 ssh_throttle_all(ssh
, 0, bufsize
);
2779 * Connect to specified host and port.
2780 * Returns an error message, or NULL on success.
2781 * Also places the canonical host name into `realhost'. It must be
2782 * freed by the caller.
2784 static const char *connect_to_host(Ssh ssh
, char *host
, int port
,
2785 char **realhost
, int nodelay
, int keepalive
)
2787 static const struct plug_function_table fn_table
= {
2798 ssh
->savedhost
= snewn(1 + strlen(host
), char);
2799 strcpy(ssh
->savedhost
, host
);
2802 port
= 22; /* default ssh port */
2803 ssh
->savedport
= port
;
2808 logeventf(ssh
, "Looking up host \"%s\"%s", host
,
2809 (ssh
->cfg
.addressfamily
== ADDRTYPE_IPV4 ?
" (IPv4)" :
2810 (ssh
->cfg
.addressfamily
== ADDRTYPE_IPV6 ?
" (IPv6)" : "")));
2811 addr
= name_lookup(host
, port
, realhost
, &ssh
->cfg
,
2812 ssh
->cfg
.addressfamily
);
2813 if ((err
= sk_addr_error(addr
)) != NULL
) {
2821 ssh
->fn
= &fn_table
;
2822 ssh
->s
= new_connection(addr
, *realhost
, port
,
2823 0, 1, nodelay
, keepalive
, (Plug
) ssh
, &ssh
->cfg
);
2824 if ((err
= sk_socket_error(ssh
->s
)) != NULL
) {
2826 notify_remote_exit(ssh
->frontend
);
2831 * If the SSH version number's fixed, set it now, and if it's SSH-2,
2832 * send the version string too.
2834 if (ssh
->cfg
.sshprot
== 0)
2836 if (ssh
->cfg
.sshprot
== 3) {
2838 ssh_send_verstring(ssh
, NULL
);
2845 * Throttle or unthrottle the SSH connection.
2847 static void ssh1_throttle(Ssh ssh
, int adjust
)
2849 int old_count
= ssh
->v1_throttle_count
;
2850 ssh
->v1_throttle_count
+= adjust
;
2851 assert(ssh
->v1_throttle_count
>= 0);
2852 if (ssh
->v1_throttle_count
&& !old_count
) {
2853 ssh_set_frozen(ssh
, 1);
2854 } else if (!ssh
->v1_throttle_count
&& old_count
) {
2855 ssh_set_frozen(ssh
, 0);
2860 * Throttle or unthrottle _all_ local data streams (for when sends
2861 * on the SSH connection itself back up).
2863 static void ssh_throttle_all(Ssh ssh
, int enable
, int bufsize
)
2866 struct ssh_channel
*c
;
2868 if (enable
== ssh
->throttled_all
)
2870 ssh
->throttled_all
= enable
;
2871 ssh
->overall_bufsize
= bufsize
;
2874 for (i
= 0; NULL
!= (c
= index234(ssh
->channels
, i
)); i
++) {
2876 case CHAN_MAINSESSION
:
2878 * This is treated separately, outside the switch.
2882 x11_override_throttle(c
->u
.x11
.s
, enable
);
2885 /* Agent channels require no buffer management. */
2888 pfd_override_throttle(c
->u
.pfd
.s
, enable
);
2894 static void ssh_agent_callback(void *sshv
, void *reply
, int replylen
)
2896 Ssh ssh
= (Ssh
) sshv
;
2898 ssh
->agent_response
= reply
;
2899 ssh
->agent_response_len
= replylen
;
2901 if (ssh
->version
== 1)
2902 do_ssh1_login(ssh
, NULL
, -1, NULL
);
2904 do_ssh2_authconn(ssh
, NULL
, -1, NULL
);
2907 static void ssh_dialog_callback(void *sshv
, int ret
)
2909 Ssh ssh
= (Ssh
) sshv
;
2911 ssh
->user_response
= ret
;
2913 if (ssh
->version
== 1)
2914 do_ssh1_login(ssh
, NULL
, -1, NULL
);
2916 do_ssh2_transport(ssh
, NULL
, -1, NULL
);
2919 * This may have unfrozen the SSH connection, so do a
2922 ssh_process_queued_incoming_data(ssh
);
2925 static void ssh_agentf_callback(void *cv
, void *reply
, int replylen
)
2927 struct ssh_channel
*c
= (struct ssh_channel
*)cv
;
2929 void *sentreply
= reply
;
2932 /* Fake SSH_AGENT_FAILURE. */
2933 sentreply
= "\0\0\0\1\5";
2936 if (ssh
->version
== 2) {
2937 ssh2_add_channel_data(c
, sentreply
, replylen
);
2940 send_packet(ssh
, SSH1_MSG_CHANNEL_DATA
,
2941 PKT_INT
, c
->remoteid
,
2944 PKT_DATA
, sentreply
, replylen
,
2953 * Client-initiated disconnection. Send a DISCONNECT if `wire_reason'
2954 * non-NULL, otherwise just close the connection. `client_reason' == NULL
2955 * => log `wire_reason'.
2957 static void ssh_disconnect(Ssh ssh
, char *client_reason
, char *wire_reason
,
2958 int code
, int clean_exit
)
2962 client_reason
= wire_reason
;
2964 error
= dupprintf("Disconnected: %s", client_reason
);
2966 error
= dupstr("Disconnected");
2968 if (ssh
->version
== 1) {
2969 send_packet(ssh
, SSH1_MSG_DISCONNECT
, PKT_STR
, wire_reason
,
2971 } else if (ssh
->version
== 2) {
2972 struct Packet
*pktout
= ssh2_pkt_init(SSH2_MSG_DISCONNECT
);
2973 ssh2_pkt_adduint32(pktout
, code
);
2974 ssh2_pkt_addstring(pktout
, wire_reason
);
2975 ssh2_pkt_addstring(pktout
, "en"); /* language tag */
2976 ssh2_pkt_send_noqueue(ssh
, pktout
);
2979 ssh
->close_expected
= TRUE
;
2980 ssh
->clean_exit
= clean_exit
;
2981 ssh_closing((Plug
)ssh
, error
, 0, 0);
2986 * Handle the key exchange and user authentication phases.
2988 static int do_ssh1_login(Ssh ssh
, unsigned char *in
, int inlen
,
2989 struct Packet
*pktin
)
2992 unsigned char cookie
[8], *ptr
;
2993 struct RSAKey servkey
, hostkey
;
2994 struct MD5Context md5c
;
2995 struct do_ssh1_login_state
{
2997 unsigned char *rsabuf
, *keystr1
, *keystr2
;
2998 unsigned long supported_ciphers_mask
, supported_auths_mask
;
2999 int tried_publickey
, tried_agent
;
3000 int tis_auth_refused
, ccard_auth_refused
;
3001 unsigned char session_id
[16];
3004 void *publickey_blob
;
3005 int publickey_bloblen
;
3006 char *publickey_comment
;
3007 int publickey_encrypted
;
3008 prompts_t
*cur_prompt
;
3011 unsigned char request
[5], *response
, *p
;
3021 crState(do_ssh1_login_state
);
3023 crBegin(ssh
->do_ssh1_login_crstate
);
3028 if (pktin
->type
!= SSH1_SMSG_PUBLIC_KEY
) {
3029 bombout(("Public key packet not received"));
3033 logevent("Received public keys");
3035 ptr
= ssh_pkt_getdata(pktin
, 8);
3037 bombout(("SSH-1 public key packet stopped before random cookie"));
3040 memcpy(cookie
, ptr
, 8);
3042 if (!ssh1_pkt_getrsakey(pktin
, &servkey
, &s
->keystr1
) ||
3043 !ssh1_pkt_getrsakey(pktin
, &hostkey
, &s
->keystr2
)) {
3044 bombout(("Failed to read SSH-1 public keys from public key packet"));
3049 * Log the host key fingerprint.
3053 logevent("Host key fingerprint is:");
3054 strcpy(logmsg
, " ");
3055 hostkey
.comment
= NULL
;
3056 rsa_fingerprint(logmsg
+ strlen(logmsg
),
3057 sizeof(logmsg
) - strlen(logmsg
), &hostkey
);
3061 ssh
->v1_remote_protoflags
= ssh_pkt_getuint32(pktin
);
3062 s
->supported_ciphers_mask
= ssh_pkt_getuint32(pktin
);
3063 s
->supported_auths_mask
= ssh_pkt_getuint32(pktin
);
3065 ssh
->v1_local_protoflags
=
3066 ssh
->v1_remote_protoflags
& SSH1_PROTOFLAGS_SUPPORTED
;
3067 ssh
->v1_local_protoflags
|= SSH1_PROTOFLAG_SCREEN_NUMBER
;
3070 MD5Update(&md5c
, s
->keystr2
, hostkey
.bytes
);
3071 MD5Update(&md5c
, s
->keystr1
, servkey
.bytes
);
3072 MD5Update(&md5c
, cookie
, 8);
3073 MD5Final(s
->session_id
, &md5c
);
3075 for (i
= 0; i
< 32; i
++)
3076 ssh
->session_key
[i
] = random_byte();
3079 * Verify that the `bits' and `bytes' parameters match.
3081 if (hostkey
.bits
> hostkey
.bytes
* 8 ||
3082 servkey
.bits
> servkey
.bytes
* 8) {
3083 bombout(("SSH-1 public keys were badly formatted"));
3087 s
->len
= (hostkey
.bytes
> servkey
.bytes ? hostkey
.bytes
: servkey
.bytes
);
3089 s
->rsabuf
= snewn(s
->len
, unsigned char);
3092 * Verify the host key.
3096 * First format the key into a string.
3098 int len
= rsastr_len(&hostkey
);
3099 char fingerprint
[100];
3100 char *keystr
= snewn(len
, char);
3101 rsastr_fmt(keystr
, &hostkey
);
3102 rsa_fingerprint(fingerprint
, sizeof(fingerprint
), &hostkey
);
3104 ssh_set_frozen(ssh
, 1);
3105 s
->dlgret
= verify_ssh_host_key(ssh
->frontend
,
3106 ssh
->savedhost
, ssh
->savedport
,
3107 "rsa", keystr
, fingerprint
,
3108 ssh_dialog_callback
, ssh
);
3110 if (s
->dlgret
< 0) {
3114 bombout(("Unexpected data from server while waiting"
3115 " for user host key response"));
3118 } while (pktin
|| inlen
> 0);
3119 s
->dlgret
= ssh
->user_response
;
3121 ssh_set_frozen(ssh
, 0);
3123 if (s
->dlgret
== 0) {
3124 ssh_disconnect(ssh
, "User aborted at host key verification",
3130 for (i
= 0; i
< 32; i
++) {
3131 s
->rsabuf
[i
] = ssh
->session_key
[i
];
3133 s
->rsabuf
[i
] ^= s
->session_id
[i
];
3136 if (hostkey
.bytes
> servkey
.bytes
) {
3137 ret
= rsaencrypt(s
->rsabuf
, 32, &servkey
);
3139 ret
= rsaencrypt(s
->rsabuf
, servkey
.bytes
, &hostkey
);
3141 ret
= rsaencrypt(s
->rsabuf
, 32, &hostkey
);
3143 ret
= rsaencrypt(s
->rsabuf
, hostkey
.bytes
, &servkey
);
3146 bombout(("SSH-1 public key encryptions failed due to bad formatting"));
3150 logevent("Encrypted session key");
3153 int cipher_chosen
= 0, warn
= 0;
3154 char *cipher_string
= NULL
;
3156 for (i
= 0; !cipher_chosen
&& i
< CIPHER_MAX
; i
++) {
3157 int next_cipher
= ssh
->cfg
.ssh_cipherlist
[i
];
3158 if (next_cipher
== CIPHER_WARN
) {
3159 /* If/when we choose a cipher, warn about it */
3161 } else if (next_cipher
== CIPHER_AES
) {
3162 /* XXX Probably don't need to mention this. */
3163 logevent("AES not supported in SSH-1, skipping");
3165 switch (next_cipher
) {
3166 case CIPHER_3DES
: s
->cipher_type
= SSH_CIPHER_3DES
;
3167 cipher_string
= "3DES"; break;
3168 case CIPHER_BLOWFISH
: s
->cipher_type
= SSH_CIPHER_BLOWFISH
;
3169 cipher_string
= "Blowfish"; break;
3170 case CIPHER_DES
: s
->cipher_type
= SSH_CIPHER_DES
;
3171 cipher_string
= "single-DES"; break;
3173 if (s
->supported_ciphers_mask
& (1 << s
->cipher_type
))
3177 if (!cipher_chosen
) {
3178 if ((s
->supported_ciphers_mask
& (1 << SSH_CIPHER_3DES
)) == 0)
3179 bombout(("Server violates SSH-1 protocol by not "
3180 "supporting 3DES encryption"));
3182 /* shouldn't happen */
3183 bombout(("No supported ciphers found"));
3187 /* Warn about chosen cipher if necessary. */
3189 ssh_set_frozen(ssh
, 1);
3190 s
->dlgret
= askalg(ssh
->frontend
, "cipher", cipher_string
,
3191 ssh_dialog_callback
, ssh
);
3192 if (s
->dlgret
< 0) {
3196 bombout(("Unexpected data from server while waiting"
3197 " for user response"));
3200 } while (pktin
|| inlen
> 0);
3201 s
->dlgret
= ssh
->user_response
;
3203 ssh_set_frozen(ssh
, 0);
3204 if (s
->dlgret
== 0) {
3205 ssh_disconnect(ssh
, "User aborted at cipher warning", NULL
,
3212 switch (s
->cipher_type
) {
3213 case SSH_CIPHER_3DES
:
3214 logevent("Using 3DES encryption");
3216 case SSH_CIPHER_DES
:
3217 logevent("Using single-DES encryption");
3219 case SSH_CIPHER_BLOWFISH
:
3220 logevent("Using Blowfish encryption");
3224 send_packet(ssh
, SSH1_CMSG_SESSION_KEY
,
3225 PKT_CHAR
, s
->cipher_type
,
3226 PKT_DATA
, cookie
, 8,
3227 PKT_CHAR
, (s
->len
* 8) >> 8, PKT_CHAR
, (s
->len
* 8) & 0xFF,
3228 PKT_DATA
, s
->rsabuf
, s
->len
,
3229 PKT_INT
, ssh
->v1_local_protoflags
, PKT_END
);
3231 logevent("Trying to enable encryption...");
3235 ssh
->cipher
= (s
->cipher_type
== SSH_CIPHER_BLOWFISH ?
&ssh_blowfish_ssh1
:
3236 s
->cipher_type
== SSH_CIPHER_DES ?
&ssh_des
:
3238 ssh
->v1_cipher_ctx
= ssh
->cipher
->make_context();
3239 ssh
->cipher
->sesskey(ssh
->v1_cipher_ctx
, ssh
->session_key
);
3240 logeventf(ssh
, "Initialised %s encryption", ssh
->cipher
->text_name
);
3242 ssh
->crcda_ctx
= crcda_make_context();
3243 logevent("Installing CRC compensation attack detector");
3245 if (servkey
.modulus
) {
3246 sfree(servkey
.modulus
);
3247 servkey
.modulus
= NULL
;
3249 if (servkey
.exponent
) {
3250 sfree(servkey
.exponent
);
3251 servkey
.exponent
= NULL
;
3253 if (hostkey
.modulus
) {
3254 sfree(hostkey
.modulus
);
3255 hostkey
.modulus
= NULL
;
3257 if (hostkey
.exponent
) {
3258 sfree(hostkey
.exponent
);
3259 hostkey
.exponent
= NULL
;
3263 if (pktin
->type
!= SSH1_SMSG_SUCCESS
) {
3264 bombout(("Encryption not successfully enabled"));
3268 logevent("Successfully started encryption");
3270 fflush(stdout
); /* FIXME eh? */
3272 if (!*ssh
->cfg
.username
) {
3273 int ret
; /* need not be kept over crReturn */
3274 s
->cur_prompt
= new_prompts(ssh
->frontend
);
3275 s
->cur_prompt
->to_server
= TRUE
;
3276 s
->cur_prompt
->name
= dupstr("SSH login name");
3277 add_prompt(s
->cur_prompt
, dupstr("login as: "), TRUE
,
3278 lenof(s
->username
));
3279 ret
= get_userpass_input(s
->cur_prompt
, NULL
, 0);
3282 crWaitUntil(!pktin
);
3283 ret
= get_userpass_input(s
->cur_prompt
, in
, inlen
);
3288 * Failed to get a username. Terminate.
3290 free_prompts(s
->cur_prompt
);
3291 ssh_disconnect(ssh
, "No username provided", NULL
, 0, TRUE
);
3294 memcpy(s
->username
, s
->cur_prompt
->prompts
[0]->result
,
3295 lenof(s
->username
));
3296 free_prompts(s
->cur_prompt
);
3298 strncpy(s
->username
, ssh
->cfg
.username
, sizeof(s
->username
));
3299 s
->username
[sizeof(s
->username
)-1] = '\0';
3302 send_packet(ssh
, SSH1_CMSG_USER
, PKT_STR
, s
->username
, PKT_END
);
3304 char *userlog
= dupprintf("Sent username \"%s\"", s
->username
);
3306 if (flags
& FLAG_INTERACTIVE
&&
3307 (!((flags
& FLAG_STDERR
) && (flags
& FLAG_VERBOSE
)))) {
3308 c_write_str(ssh
, userlog
);
3309 c_write_str(ssh
, "\r\n");
3317 if ((ssh
->remote_bugs
& BUG_CHOKES_ON_RSA
)) {
3318 /* We must not attempt PK auth. Pretend we've already tried it. */
3319 s
->tried_publickey
= s
->tried_agent
= 1;
3321 s
->tried_publickey
= s
->tried_agent
= 0;
3323 s
->tis_auth_refused
= s
->ccard_auth_refused
= 0;
3325 * Load the public half of any configured keyfile for later use.
3327 if (!filename_is_null(ssh
->cfg
.keyfile
)) {
3329 logeventf(ssh
, "Reading private key file \"%.150s\"",
3330 filename_to_str(&ssh
->cfg
.keyfile
));
3331 keytype
= key_type(&ssh
->cfg
.keyfile
);
3332 if (keytype
== SSH_KEYTYPE_SSH1
) {
3334 if (rsakey_pubblob(&ssh
->cfg
.keyfile
,
3335 &s
->publickey_blob
, &s
->publickey_bloblen
,
3336 &s
->publickey_comment
, &error
)) {
3337 s
->publickey_encrypted
= rsakey_encrypted(&ssh
->cfg
.keyfile
,
3341 logeventf(ssh
, "Unable to load private key (%s)", error
);
3342 msgbuf
= dupprintf("Unable to load private key file "
3343 "\"%.150s\" (%s)\r\n",
3344 filename_to_str(&ssh
->cfg
.keyfile
),
3346 c_write_str(ssh
, msgbuf
);
3348 s
->publickey_blob
= NULL
;
3352 logeventf(ssh
, "Unable to use this key file (%s)",
3353 key_type_to_str(keytype
));
3354 msgbuf
= dupprintf("Unable to use key file \"%.150s\""
3356 filename_to_str(&ssh
->cfg
.keyfile
),
3357 key_type_to_str(keytype
));
3358 c_write_str(ssh
, msgbuf
);
3360 s
->publickey_blob
= NULL
;
3363 s
->publickey_blob
= NULL
;
3365 while (pktin
->type
== SSH1_SMSG_FAILURE
) {
3366 s
->pwpkt_type
= SSH1_CMSG_AUTH_PASSWORD
;
3368 if (ssh
->cfg
.tryagent
&& agent_exists() && !s
->tried_agent
) {
3370 * Attempt RSA authentication using Pageant.
3376 logevent("Pageant is running. Requesting keys.");
3378 /* Request the keys held by the agent. */
3379 PUT_32BIT(s
->request
, 1);
3380 s
->request
[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES
;
3381 if (!agent_query(s
->request
, 5, &r
, &s
->responselen
,
3382 ssh_agent_callback
, ssh
)) {
3386 bombout(("Unexpected data from server while waiting"
3387 " for agent response"));
3390 } while (pktin
|| inlen
> 0);
3391 r
= ssh
->agent_response
;
3392 s
->responselen
= ssh
->agent_response_len
;
3394 s
->response
= (unsigned char *) r
;
3395 if (s
->response
&& s
->responselen
>= 5 &&
3396 s
->response
[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER
) {
3397 s
->p
= s
->response
+ 5;
3398 s
->nkeys
= GET_32BIT(s
->p
);
3400 logeventf(ssh
, "Pageant has %d SSH-1 keys", s
->nkeys
);
3401 for (s
->keyi
= 0; s
->keyi
< s
->nkeys
; s
->keyi
++) {
3402 unsigned char *pkblob
= s
->p
;
3406 do { /* do while (0) to make breaking easy */
3407 n
= ssh1_read_bignum
3408 (s
->p
, s
->responselen
-(s
->p
-s
->response
),
3413 n
= ssh1_read_bignum
3414 (s
->p
, s
->responselen
-(s
->p
-s
->response
),
3419 if (s
->responselen
- (s
->p
-s
->response
) < 4)
3421 s
->commentlen
= GET_32BIT(s
->p
);
3423 if (s
->responselen
- (s
->p
-s
->response
) <
3426 s
->commentp
= (char *)s
->p
;
3427 s
->p
+= s
->commentlen
;
3431 logevent("Pageant key list packet was truncated");
3435 if (s
->publickey_blob
) {
3436 if (!memcmp(pkblob
, s
->publickey_blob
,
3437 s
->publickey_bloblen
)) {
3438 logeventf(ssh
, "Pageant key #%d matches "
3439 "configured key file", s
->keyi
);
3440 s
->tried_publickey
= 1;
3442 /* Skip non-configured key */
3445 logeventf(ssh
, "Trying Pageant key #%d", s
->keyi
);
3446 send_packet(ssh
, SSH1_CMSG_AUTH_RSA
,
3447 PKT_BIGNUM
, s
->key
.modulus
, PKT_END
);
3449 if (pktin
->type
!= SSH1_SMSG_AUTH_RSA_CHALLENGE
) {
3450 logevent("Key refused");
3453 logevent("Received RSA challenge");
3454 if ((s
->challenge
= ssh1_pkt_getmp(pktin
)) == NULL
) {
3455 bombout(("Server's RSA challenge was badly formatted"));
3460 char *agentreq
, *q
, *ret
;
3463 len
= 1 + 4; /* message type, bit count */
3464 len
+= ssh1_bignum_length(s
->key
.exponent
);
3465 len
+= ssh1_bignum_length(s
->key
.modulus
);
3466 len
+= ssh1_bignum_length(s
->challenge
);
3467 len
+= 16; /* session id */
3468 len
+= 4; /* response format */
3469 agentreq
= snewn(4 + len
, char);
3470 PUT_32BIT(agentreq
, len
);
3472 *q
++ = SSH1_AGENTC_RSA_CHALLENGE
;
3473 PUT_32BIT(q
, bignum_bitcount(s
->key
.modulus
));
3475 q
+= ssh1_write_bignum(q
, s
->key
.exponent
);
3476 q
+= ssh1_write_bignum(q
, s
->key
.modulus
);
3477 q
+= ssh1_write_bignum(q
, s
->challenge
);
3478 memcpy(q
, s
->session_id
, 16);
3480 PUT_32BIT(q
, 1); /* response format */
3481 if (!agent_query(agentreq
, len
+ 4, &vret
, &retlen
,
3482 ssh_agent_callback
, ssh
)) {
3487 bombout(("Unexpected data from server"
3488 " while waiting for agent"
3492 } while (pktin
|| inlen
> 0);
3493 vret
= ssh
->agent_response
;
3494 retlen
= ssh
->agent_response_len
;
3499 if (ret
[4] == SSH1_AGENT_RSA_RESPONSE
) {
3500 logevent("Sending Pageant's response");
3501 send_packet(ssh
, SSH1_CMSG_AUTH_RSA_RESPONSE
,
3502 PKT_DATA
, ret
+ 5, 16,
3506 if (pktin
->type
== SSH1_SMSG_SUCCESS
) {
3508 ("Pageant's response accepted");
3509 if (flags
& FLAG_VERBOSE
) {
3510 c_write_str(ssh
, "Authenticated using"
3512 c_write(ssh
, s
->commentp
,
3514 c_write_str(ssh
, "\" from agent\r\n");
3519 ("Pageant's response not accepted");
3522 ("Pageant failed to answer challenge");
3526 logevent("No reply received from Pageant");
3529 freebn(s
->key
.exponent
);
3530 freebn(s
->key
.modulus
);
3531 freebn(s
->challenge
);
3536 if (s
->publickey_blob
&& !s
->tried_publickey
)
3537 logevent("Configured key file not in Pageant");
3542 if (s
->publickey_blob
&& !s
->tried_publickey
) {
3544 * Try public key authentication with the specified
3547 int got_passphrase
; /* need not be kept over crReturn */
3548 if (flags
& FLAG_VERBOSE
)
3549 c_write_str(ssh
, "Trying public key authentication.\r\n");
3550 logeventf(ssh
, "Trying public key \"%s\"",
3551 filename_to_str(&ssh
->cfg
.keyfile
));
3552 s
->tried_publickey
= 1;
3553 got_passphrase
= FALSE
;
3554 while (!got_passphrase
) {
3556 * Get a passphrase, if necessary.
3558 char *passphrase
= NULL
; /* only written after crReturn */
3560 if (!s
->publickey_encrypted
) {
3561 if (flags
& FLAG_VERBOSE
)
3562 c_write_str(ssh
, "No passphrase required.\r\n");
3565 int ret
; /* need not be kept over crReturn */
3566 s
->cur_prompt
= new_prompts(ssh
->frontend
);
3567 s
->cur_prompt
->to_server
= FALSE
;
3568 s
->cur_prompt
->name
= dupstr("SSH key passphrase");
3569 add_prompt(s
->cur_prompt
,
3570 dupprintf("Passphrase for key \"%.100s\": ",
3571 s
->publickey_comment
),
3572 FALSE
, SSH_MAX_PASSWORD_LEN
);
3573 ret
= get_userpass_input(s
->cur_prompt
, NULL
, 0);
3576 crWaitUntil(!pktin
);
3577 ret
= get_userpass_input(s
->cur_prompt
, in
, inlen
);
3581 /* Failed to get a passphrase. Terminate. */
3582 free_prompts(s
->cur_prompt
);
3583 ssh_disconnect(ssh
, NULL
, "Unable to authenticate",
3587 passphrase
= dupstr(s
->cur_prompt
->prompts
[0]->result
);
3588 free_prompts(s
->cur_prompt
);
3591 * Try decrypting key with passphrase.
3593 ret
= loadrsakey(&ssh
->cfg
.keyfile
, &s
->key
, passphrase
,
3596 memset(passphrase
, 0, strlen(passphrase
));
3600 /* Correct passphrase. */
3601 got_passphrase
= TRUE
;
3602 } else if (ret
== 0) {
3603 c_write_str(ssh
, "Couldn't load private key from ");
3604 c_write_str(ssh
, filename_to_str(&ssh
->cfg
.keyfile
));
3605 c_write_str(ssh
, " (");
3606 c_write_str(ssh
, error
);
3607 c_write_str(ssh
, ").\r\n");
3608 got_passphrase
= FALSE
;
3609 break; /* go and try something else */
3610 } else if (ret
== -1) {
3611 c_write_str(ssh
, "Wrong passphrase.\r\n"); /* FIXME */
3612 got_passphrase
= FALSE
;
3615 assert(0 && "unexpected return from loadrsakey()");
3616 got_passphrase
= FALSE
; /* placate optimisers */
3620 if (got_passphrase
) {
3623 * Send a public key attempt.
3625 send_packet(ssh
, SSH1_CMSG_AUTH_RSA
,
3626 PKT_BIGNUM
, s
->key
.modulus
, PKT_END
);
3629 if (pktin
->type
== SSH1_SMSG_FAILURE
) {
3630 c_write_str(ssh
, "Server refused our public key.\r\n");
3631 continue; /* go and try something else */
3633 if (pktin
->type
!= SSH1_SMSG_AUTH_RSA_CHALLENGE
) {
3634 bombout(("Bizarre response to offer of public key"));
3640 unsigned char buffer
[32];
3641 Bignum challenge
, response
;
3643 if ((challenge
= ssh1_pkt_getmp(pktin
)) == NULL
) {
3644 bombout(("Server's RSA challenge was badly formatted"));
3647 response
= rsadecrypt(challenge
, &s
->key
);
3648 freebn(s
->key
.private_exponent
);/* burn the evidence */
3650 for (i
= 0; i
< 32; i
++) {
3651 buffer
[i
] = bignum_byte(response
, 31 - i
);
3655 MD5Update(&md5c
, buffer
, 32);
3656 MD5Update(&md5c
, s
->session_id
, 16);
3657 MD5Final(buffer
, &md5c
);
3659 send_packet(ssh
, SSH1_CMSG_AUTH_RSA_RESPONSE
,
3660 PKT_DATA
, buffer
, 16, PKT_END
);
3667 if (pktin
->type
== SSH1_SMSG_FAILURE
) {
3668 if (flags
& FLAG_VERBOSE
)
3669 c_write_str(ssh
, "Failed to authenticate with"
3670 " our public key.\r\n");
3671 continue; /* go and try something else */
3672 } else if (pktin
->type
!= SSH1_SMSG_SUCCESS
) {
3673 bombout(("Bizarre response to RSA authentication response"));
3677 break; /* we're through! */
3683 * Otherwise, try various forms of password-like authentication.
3685 s
->cur_prompt
= new_prompts(ssh
->frontend
);
3687 if (ssh
->cfg
.try_tis_auth
&&
3688 (s
->supported_auths_mask
& (1 << SSH1_AUTH_TIS
)) &&
3689 !s
->tis_auth_refused
) {
3690 s
->pwpkt_type
= SSH1_CMSG_AUTH_TIS_RESPONSE
;
3691 logevent("Requested TIS authentication");
3692 send_packet(ssh
, SSH1_CMSG_AUTH_TIS
, PKT_END
);
3694 if (pktin
->type
!= SSH1_SMSG_AUTH_TIS_CHALLENGE
) {
3695 logevent("TIS authentication declined");
3696 if (flags
& FLAG_INTERACTIVE
)
3697 c_write_str(ssh
, "TIS authentication refused.\r\n");
3698 s
->tis_auth_refused
= 1;
3703 char *instr_suf
, *prompt
;
3705 ssh_pkt_getstring(pktin
, &challenge
, &challengelen
);
3707 bombout(("TIS challenge packet was badly formed"));
3710 logevent("Received TIS challenge");
3711 s
->cur_prompt
->to_server
= TRUE
;
3712 s
->cur_prompt
->name
= dupstr("SSH TIS authentication");
3713 /* Prompt heuristic comes from OpenSSH */
3714 if (memchr(challenge
, '\n', challengelen
)) {
3715 instr_suf
= dupstr("");
3716 prompt
= dupprintf("%.*s", challengelen
, challenge
);
3718 instr_suf
= dupprintf("%.*s", challengelen
, challenge
);
3719 prompt
= dupstr("Response: ");
3721 s
->cur_prompt
->instruction
=
3722 dupprintf("Using TIS authentication.%s%s",
3723 (*instr_suf
) ?
"\n" : "",
3725 s
->cur_prompt
->instr_reqd
= TRUE
;
3726 add_prompt(s
->cur_prompt
, prompt
, FALSE
, SSH_MAX_PASSWORD_LEN
);
3730 if (ssh
->cfg
.try_tis_auth
&&
3731 (s
->supported_auths_mask
& (1 << SSH1_AUTH_CCARD
)) &&
3732 !s
->ccard_auth_refused
) {
3733 s
->pwpkt_type
= SSH1_CMSG_AUTH_CCARD_RESPONSE
;
3734 logevent("Requested CryptoCard authentication");
3735 send_packet(ssh
, SSH1_CMSG_AUTH_CCARD
, PKT_END
);
3737 if (pktin
->type
!= SSH1_SMSG_AUTH_CCARD_CHALLENGE
) {
3738 logevent("CryptoCard authentication declined");
3739 c_write_str(ssh
, "CryptoCard authentication refused.\r\n");
3740 s
->ccard_auth_refused
= 1;
3745 char *instr_suf
, *prompt
;
3747 ssh_pkt_getstring(pktin
, &challenge
, &challengelen
);
3749 bombout(("CryptoCard challenge packet was badly formed"));
3752 logevent("Received CryptoCard challenge");
3753 s
->cur_prompt
->to_server
= TRUE
;
3754 s
->cur_prompt
->name
= dupstr("SSH CryptoCard authentication");
3755 s
->cur_prompt
->name_reqd
= FALSE
;
3756 /* Prompt heuristic comes from OpenSSH */
3757 if (memchr(challenge
, '\n', challengelen
)) {
3758 instr_suf
= dupstr("");
3759 prompt
= dupprintf("%.*s", challengelen
, challenge
);
3761 instr_suf
= dupprintf("%.*s", challengelen
, challenge
);
3762 prompt
= dupstr("Response: ");
3764 s
->cur_prompt
->instruction
=
3765 dupprintf("Using CryptoCard authentication.%s%s",
3766 (*instr_suf
) ?
"\n" : "",
3768 s
->cur_prompt
->instr_reqd
= TRUE
;
3769 add_prompt(s
->cur_prompt
, prompt
, FALSE
, SSH_MAX_PASSWORD_LEN
);
3773 if (s
->pwpkt_type
== SSH1_CMSG_AUTH_PASSWORD
) {
3774 s
->cur_prompt
->to_server
= TRUE
;
3775 s
->cur_prompt
->name
= dupstr("SSH password");
3776 add_prompt(s
->cur_prompt
, dupprintf("%.90s@%.90s's password: ",
3777 s
->username
, ssh
->savedhost
),
3778 FALSE
, SSH_MAX_PASSWORD_LEN
);
3782 * Show password prompt, having first obtained it via a TIS
3783 * or CryptoCard exchange if we're doing TIS or CryptoCard
3787 int ret
; /* need not be kept over crReturn */
3788 ret
= get_userpass_input(s
->cur_prompt
, NULL
, 0);
3791 crWaitUntil(!pktin
);
3792 ret
= get_userpass_input(s
->cur_prompt
, in
, inlen
);
3797 * Failed to get a password (for example
3798 * because one was supplied on the command line
3799 * which has already failed to work). Terminate.
3801 free_prompts(s
->cur_prompt
);
3802 ssh_disconnect(ssh
, NULL
, "Unable to authenticate", 0, TRUE
);
3807 if (s
->pwpkt_type
== SSH1_CMSG_AUTH_PASSWORD
) {
3809 * Defence against traffic analysis: we send a
3810 * whole bunch of packets containing strings of
3811 * different lengths. One of these strings is the
3812 * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
3813 * The others are all random data in
3814 * SSH1_MSG_IGNORE packets. This way a passive
3815 * listener can't tell which is the password, and
3816 * hence can't deduce the password length.
3818 * Anybody with a password length greater than 16
3819 * bytes is going to have enough entropy in their
3820 * password that a listener won't find it _that_
3821 * much help to know how long it is. So what we'll
3824 * - if password length < 16, we send 15 packets
3825 * containing string lengths 1 through 15
3827 * - otherwise, we let N be the nearest multiple
3828 * of 8 below the password length, and send 8
3829 * packets containing string lengths N through
3830 * N+7. This won't obscure the order of
3831 * magnitude of the password length, but it will
3832 * introduce a bit of extra uncertainty.
3834 * A few servers can't deal with SSH1_MSG_IGNORE, at
3835 * least in this context. For these servers, we need
3836 * an alternative defence. We make use of the fact
3837 * that the password is interpreted as a C string:
3838 * so we can append a NUL, then some random data.
3840 * A few servers can deal with neither SSH1_MSG_IGNORE
3841 * here _nor_ a padded password string.
3842 * For these servers we are left with no defences
3843 * against password length sniffing.
3845 if (!(ssh
->remote_bugs
& BUG_CHOKES_ON_SSH1_IGNORE
) &&
3846 !(ssh
->remote_bugs
& BUG_NEEDS_SSH1_PLAIN_PASSWORD
)) {
3848 * The server can deal with SSH1_MSG_IGNORE, so
3849 * we can use the primary defence.
3851 int bottom
, top
, pwlen
, i
;
3854 pwlen
= strlen(s
->cur_prompt
->prompts
[0]->result
);
3856 bottom
= 0; /* zero length passwords are OK! :-) */
3859 bottom
= pwlen
& ~7;
3863 assert(pwlen
>= bottom
&& pwlen
<= top
);
3865 randomstr
= snewn(top
+ 1, char);
3867 for (i
= bottom
; i
<= top
; i
++) {
3869 defer_packet(ssh
, s
->pwpkt_type
,
3870 PKTT_PASSWORD
, PKT_STR
,
3871 s
->cur_prompt
->prompts
[0]->result
,
3872 PKTT_OTHER
, PKT_END
);
3874 for (j
= 0; j
< i
; j
++) {
3876 randomstr
[j
] = random_byte();
3877 } while (randomstr
[j
] == '\0');
3879 randomstr
[i
] = '\0';
3880 defer_packet(ssh
, SSH1_MSG_IGNORE
,
3881 PKT_STR
, randomstr
, PKT_END
);
3884 logevent("Sending password with camouflage packets");
3885 ssh_pkt_defersend(ssh
);
3888 else if (!(ssh
->remote_bugs
& BUG_NEEDS_SSH1_PLAIN_PASSWORD
)) {
3890 * The server can't deal with SSH1_MSG_IGNORE
3891 * but can deal with padded passwords, so we
3892 * can use the secondary defence.
3898 len
= strlen(s
->cur_prompt
->prompts
[0]->result
);
3899 if (len
< sizeof(string
)) {
3901 strcpy(string
, s
->cur_prompt
->prompts
[0]->result
);
3902 len
++; /* cover the zero byte */
3903 while (len
< sizeof(string
)) {
3904 string
[len
++] = (char) random_byte();
3907 ss
= s
->cur_prompt
->prompts
[0]->result
;
3909 logevent("Sending length-padded password");
3910 send_packet(ssh
, s
->pwpkt_type
, PKTT_PASSWORD
,
3911 PKT_INT
, len
, PKT_DATA
, ss
, len
,
3912 PKTT_OTHER
, PKT_END
);
3915 * The server is believed unable to cope with
3916 * any of our password camouflage methods.
3919 len
= strlen(s
->cur_prompt
->prompts
[0]->result
);
3920 logevent("Sending unpadded password");
3921 send_packet(ssh
, s
->pwpkt_type
,
3922 PKTT_PASSWORD
, PKT_INT
, len
,
3923 PKT_DATA
, s
->cur_prompt
->prompts
[0]->result
, len
,
3924 PKTT_OTHER
, PKT_END
);
3927 send_packet(ssh
, s
->pwpkt_type
, PKTT_PASSWORD
,
3928 PKT_STR
, s
->cur_prompt
->prompts
[0]->result
,
3929 PKTT_OTHER
, PKT_END
);
3931 logevent("Sent password");
3932 free_prompts(s
->cur_prompt
);
3934 if (pktin
->type
== SSH1_SMSG_FAILURE
) {
3935 if (flags
& FLAG_VERBOSE
)
3936 c_write_str(ssh
, "Access denied\r\n");
3937 logevent("Authentication refused");
3938 } else if (pktin
->type
!= SSH1_SMSG_SUCCESS
) {
3939 bombout(("Strange packet received, type %d", pktin
->type
));
3945 if (s
->publickey_blob
) {
3946 sfree(s
->publickey_blob
);
3947 sfree(s
->publickey_comment
);
3950 logevent("Authentication successful");
3955 void sshfwd_close(struct ssh_channel
*c
)
3959 if (ssh
->state
== SSH_STATE_CLOSED
)
3962 if (c
&& !c
->closes
) {
3964 * If halfopen is true, we have sent
3965 * CHANNEL_OPEN for this channel, but it hasn't even been
3966 * acknowledged by the server. So we must set a close flag
3967 * on it now, and then when the server acks the channel
3968 * open, we can close it then.
3971 if (ssh
->version
== 1) {
3972 send_packet(ssh
, SSH1_MSG_CHANNEL_CLOSE
, PKT_INT
, c
->remoteid
,
3975 struct Packet
*pktout
;
3976 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE
);
3977 ssh2_pkt_adduint32(pktout
, c
->remoteid
);
3978 ssh2_pkt_send(ssh
, pktout
);
3981 c
->closes
= 1; /* sent MSG_CLOSE */
3982 if (c
->type
== CHAN_X11
) {
3984 logevent("Forwarded X11 connection terminated");
3985 } else if (c
->type
== CHAN_SOCKDATA
||
3986 c
->type
== CHAN_SOCKDATA_DORMANT
) {
3988 logevent("Forwarded port closed");
3993 int sshfwd_write(struct ssh_channel
*c
, char *buf
, int len
)
3997 if (ssh
->state
== SSH_STATE_CLOSED
)
4000 if (ssh
->version
== 1) {
4001 send_packet(ssh
, SSH1_MSG_CHANNEL_DATA
,
4002 PKT_INT
, c
->remoteid
,
4004 PKT_INT
, len
, PKT_DATA
, buf
, len
,
4005 PKTT_OTHER
, PKT_END
);
4007 * In SSH-1 we can return 0 here - implying that forwarded
4008 * connections are never individually throttled - because
4009 * the only circumstance that can cause throttling will be
4010 * the whole SSH connection backing up, in which case
4011 * _everything_ will be throttled as a whole.
4015 ssh2_add_channel_data(c
, buf
, len
);
4016 return ssh2_try_send(c
);
4020 void sshfwd_unthrottle(struct ssh_channel
*c
, int bufsize
)
4024 if (ssh
->state
== SSH_STATE_CLOSED
)
4027 if (ssh
->version
== 1) {
4028 if (c
->v
.v1
.throttling
&& bufsize
< SSH1_BUFFER_LIMIT
) {
4029 c
->v
.v1
.throttling
= 0;
4030 ssh1_throttle(ssh
, -1);
4033 ssh2_set_window(c
, OUR_V2_WINSIZE
- bufsize
);
4037 static void ssh_queueing_handler(Ssh ssh
, struct Packet
*pktin
)
4039 struct queued_handler
*qh
= ssh
->qhead
;
4043 assert(pktin
->type
== qh
->msg1
|| pktin
->type
== qh
->msg2
);
4046 assert(ssh
->packet_dispatch
[qh
->msg1
] == ssh_queueing_handler
);
4047 ssh
->packet_dispatch
[qh
->msg1
] = NULL
;
4050 assert(ssh
->packet_dispatch
[qh
->msg2
] == ssh_queueing_handler
);
4051 ssh
->packet_dispatch
[qh
->msg2
] = NULL
;
4055 ssh
->qhead
= qh
->next
;
4057 if (ssh
->qhead
->msg1
> 0) {
4058 assert(ssh
->packet_dispatch
[ssh
->qhead
->msg1
] == NULL
);
4059 ssh
->packet_dispatch
[ssh
->qhead
->msg1
] = ssh_queueing_handler
;
4061 if (ssh
->qhead
->msg2
> 0) {
4062 assert(ssh
->packet_dispatch
[ssh
->qhead
->msg2
] == NULL
);
4063 ssh
->packet_dispatch
[ssh
->qhead
->msg2
] = ssh_queueing_handler
;
4066 ssh
->qhead
= ssh
->qtail
= NULL
;
4067 ssh
->packet_dispatch
[pktin
->type
] = NULL
;
4070 qh
->handler(ssh
, pktin
, qh
->ctx
);
4075 static void ssh_queue_handler(Ssh ssh
, int msg1
, int msg2
,
4076 chandler_fn_t handler
, void *ctx
)
4078 struct queued_handler
*qh
;
4080 qh
= snew(struct queued_handler
);
4083 qh
->handler
= handler
;
4087 if (ssh
->qtail
== NULL
) {
4091 assert(ssh
->packet_dispatch
[qh
->msg1
] == NULL
);
4092 ssh
->packet_dispatch
[qh
->msg1
] = ssh_queueing_handler
;
4095 assert(ssh
->packet_dispatch
[qh
->msg2
] == NULL
);
4096 ssh
->packet_dispatch
[qh
->msg2
] = ssh_queueing_handler
;
4099 ssh
->qtail
->next
= qh
;
4104 static void ssh_rportfwd_succfail(Ssh ssh
, struct Packet
*pktin
, void *ctx
)
4106 struct ssh_rportfwd
*rpf
, *pf
= (struct ssh_rportfwd
*)ctx
;
4108 if (pktin
->type
== (ssh
->version
== 1 ? SSH1_SMSG_SUCCESS
:
4109 SSH2_MSG_REQUEST_SUCCESS
)) {
4110 logeventf(ssh
, "Remote port forwarding from %s enabled",
4113 logeventf(ssh
, "Remote port forwarding from %s refused",
4116 rpf
= del234(ssh
->rportfwds
, pf
);
4122 static void ssh_setup_portfwd(Ssh ssh
, const Config
*cfg
)
4124 const char *portfwd_strptr
= cfg
->portfwd
;
4125 struct ssh_portfwd
*epf
;
4128 if (!ssh
->portfwds
) {
4129 ssh
->portfwds
= newtree234(ssh_portcmp
);
4132 * Go through the existing port forwardings and tag them
4133 * with status==DESTROY. Any that we want to keep will be
4134 * re-enabled (status==KEEP) as we go through the
4135 * configuration and find out which bits are the same as
4138 struct ssh_portfwd
*epf
;
4140 for (i
= 0; (epf
= index234(ssh
->portfwds
, i
)) != NULL
; i
++)
4141 epf
->status
= DESTROY
;
4144 while (*portfwd_strptr
) {
4145 char address_family
, type
;
4146 int sport
,dport
,sserv
,dserv
;
4147 char sports
[256], dports
[256], saddr
[256], host
[256];
4150 address_family
= 'A';
4152 if (*portfwd_strptr
== 'A' ||
4153 *portfwd_strptr
== '4' ||
4154 *portfwd_strptr
== '6')
4155 address_family
= *portfwd_strptr
++;
4156 if (*portfwd_strptr
== 'L' ||
4157 *portfwd_strptr
== 'R' ||
4158 *portfwd_strptr
== 'D')
4159 type
= *portfwd_strptr
++;
4164 while (*portfwd_strptr
&& *portfwd_strptr
!= '\t') {
4165 if (*portfwd_strptr
== ':') {
4167 * We've seen a colon in the middle of the
4168 * source port number. This means that
4169 * everything we've seen until now is the
4170 * source _address_, so we'll move it into
4171 * saddr and start sports from the beginning
4176 if (ssh
->version
== 1 && type
== 'R') {
4177 logeventf(ssh
, "SSH-1 cannot handle remote source address "
4178 "spec \"%s\"; ignoring", sports
);
4180 strcpy(saddr
, sports
);
4183 if (n
< lenof(sports
)-1) sports
[n
++] = *portfwd_strptr
++;
4187 if (*portfwd_strptr
== '\t')
4190 while (*portfwd_strptr
&& *portfwd_strptr
!= ':') {
4191 if (n
< lenof(host
)-1) host
[n
++] = *portfwd_strptr
++;
4194 if (*portfwd_strptr
== ':')
4197 while (*portfwd_strptr
) {
4198 if (n
< lenof(dports
)-1) dports
[n
++] = *portfwd_strptr
++;
4202 dport
= atoi(dports
);
4206 dport
= net_service_lookup(dports
);
4208 logeventf(ssh
, "Service lookup failed for destination"
4209 " port \"%s\"", dports
);
4213 while (*portfwd_strptr
) portfwd_strptr
++;
4217 portfwd_strptr
++; /* eat the NUL and move to next one */
4219 sport
= atoi(sports
);
4223 sport
= net_service_lookup(sports
);
4225 logeventf(ssh
, "Service lookup failed for source"
4226 " port \"%s\"", sports
);
4229 if (sport
&& dport
) {
4230 /* Set up a description of the source port. */
4231 struct ssh_portfwd
*pfrec
, *epfrec
;
4233 pfrec
= snew(struct ssh_portfwd
);
4235 pfrec
->saddr
= *saddr ?
dupstr(saddr
) : NULL
;
4236 pfrec
->sserv
= sserv ?
dupstr(sports
) : NULL
;
4237 pfrec
->sport
= sport
;
4238 pfrec
->daddr
= *host ?
dupstr(host
) : NULL
;
4239 pfrec
->dserv
= dserv ?
dupstr(dports
) : NULL
;
4240 pfrec
->dport
= dport
;
4241 pfrec
->local
= NULL
;
4242 pfrec
->remote
= NULL
;
4243 pfrec
->addressfamily
= (address_family
== '4' ? ADDRTYPE_IPV4
:
4244 address_family
== '6' ? ADDRTYPE_IPV6
:
4247 epfrec
= add234(ssh
->portfwds
, pfrec
);
4248 if (epfrec
!= pfrec
) {
4250 * We already have a port forwarding with precisely
4251 * these parameters. Hence, no need to do anything;
4252 * simply tag the existing one as KEEP.
4254 epfrec
->status
= KEEP
;
4255 free_portfwd(pfrec
);
4257 pfrec
->status
= CREATE
;
4263 * Now go through and destroy any port forwardings which were
4266 for (i
= 0; (epf
= index234(ssh
->portfwds
, i
)) != NULL
; i
++)
4267 if (epf
->status
== DESTROY
) {
4270 message
= dupprintf("%s port forwarding from %s%s%d",
4271 epf
->type
== 'L' ?
"local" :
4272 epf
->type
== 'R' ?
"remote" : "dynamic",
4273 epf
->saddr ? epf
->saddr
: "",
4274 epf
->saddr ?
":" : "",
4277 if (epf
->type
!= 'D') {
4278 char *msg2
= dupprintf("%s to %s:%d", message
,
4279 epf
->daddr
, epf
->dport
);
4284 logeventf(ssh
, "Cancelling %s", message
);
4288 struct ssh_rportfwd
*rpf
= epf
->remote
;
4289 struct Packet
*pktout
;
4292 * Cancel the port forwarding at the server
4295 if (ssh
->version
== 1) {
4297 * We cannot cancel listening ports on the
4298 * server side in SSH-1! There's no message
4299 * to support it. Instead, we simply remove
4300 * the rportfwd record from the local end
4301 * so that any connections the server tries
4302 * to make on it are rejected.
4305 pktout
= ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST
);
4306 ssh2_pkt_addstring(pktout
, "cancel-tcpip-forward");
4307 ssh2_pkt_addbool(pktout
, 0);/* _don't_ want reply */
4309 ssh2_pkt_addstring(pktout
, epf
->saddr
);
4310 } else if (ssh
->cfg
.rport_acceptall
) {
4311 /* XXX: ssh->cfg.rport_acceptall may not represent
4312 * what was used to open the original connection,
4313 * since it's reconfigurable. */
4314 ssh2_pkt_addstring(pktout
, "0.0.0.0");
4316 ssh2_pkt_addstring(pktout
, "127.0.0.1");
4318 ssh2_pkt_adduint32(pktout
, epf
->sport
);
4319 ssh2_pkt_send(ssh
, pktout
);
4322 del234(ssh
->rportfwds
, rpf
);
4324 } else if (epf
->local
) {
4325 pfd_terminate(epf
->local
);
4328 delpos234(ssh
->portfwds
, i
);
4330 i
--; /* so we don't skip one in the list */
4334 * And finally, set up any new port forwardings (status==CREATE).
4336 for (i
= 0; (epf
= index234(ssh
->portfwds
, i
)) != NULL
; i
++)
4337 if (epf
->status
== CREATE
) {
4338 char *sportdesc
, *dportdesc
;
4339 sportdesc
= dupprintf("%s%s%s%s%d%s",
4340 epf
->saddr ? epf
->saddr
: "",
4341 epf
->saddr ?
":" : "",
4342 epf
->sserv ? epf
->sserv
: "",
4343 epf
->sserv ?
"(" : "",
4345 epf
->sserv ?
")" : "");
4346 if (epf
->type
== 'D') {
4349 dportdesc
= dupprintf("%s:%s%s%d%s",
4351 epf
->dserv ? epf
->dserv
: "",
4352 epf
->dserv ?
"(" : "",
4354 epf
->dserv ?
")" : "");
4357 if (epf
->type
== 'L') {
4358 const char *err
= pfd_addforward(epf
->daddr
, epf
->dport
,
4359 epf
->saddr
, epf
->sport
,
4362 epf
->addressfamily
);
4364 logeventf(ssh
, "Local %sport %s forwarding to %s%s%s",
4365 epf
->addressfamily
== ADDRTYPE_IPV4 ?
"IPv4 " :
4366 epf
->addressfamily
== ADDRTYPE_IPV6 ?
"IPv6 " : "",
4367 sportdesc
, dportdesc
,
4368 err ?
" failed: " : "", err ? err
: "");
4369 } else if (epf
->type
== 'D') {
4370 const char *err
= pfd_addforward(NULL
, -1,
4371 epf
->saddr
, epf
->sport
,
4374 epf
->addressfamily
);
4376 logeventf(ssh
, "Local %sport %s SOCKS dynamic forwarding%s%s",
4377 epf
->addressfamily
== ADDRTYPE_IPV4 ?
"IPv4 " :
4378 epf
->addressfamily
== ADDRTYPE_IPV6 ?
"IPv6 " : "",
4380 err ?
" failed: " : "", err ? err
: "");
4382 struct ssh_rportfwd
*pf
;
4385 * Ensure the remote port forwardings tree exists.
4387 if (!ssh
->rportfwds
) {
4388 if (ssh
->version
== 1)
4389 ssh
->rportfwds
= newtree234(ssh_rportcmp_ssh1
);
4391 ssh
->rportfwds
= newtree234(ssh_rportcmp_ssh2
);
4394 pf
= snew(struct ssh_rportfwd
);
4395 strncpy(pf
->dhost
, epf
->daddr
, lenof(pf
->dhost
)-1);
4396 pf
->dhost
[lenof(pf
->dhost
)-1] = '\0';
4397 pf
->dport
= epf
->dport
;
4398 pf
->sport
= epf
->sport
;
4399 if (add234(ssh
->rportfwds
, pf
) != pf
) {
4400 logeventf(ssh
, "Duplicate remote port forwarding to %s:%d",
4401 epf
->daddr
, epf
->dport
);
4404 logeventf(ssh
, "Requesting remote port %s"
4405 " forward to %s", sportdesc
, dportdesc
);
4407 pf
->sportdesc
= sportdesc
;
4412 if (ssh
->version
== 1) {
4413 send_packet(ssh
, SSH1_CMSG_PORT_FORWARD_REQUEST
,
4414 PKT_INT
, epf
->sport
,
4415 PKT_STR
, epf
->daddr
,
4416 PKT_INT
, epf
->dport
,
4418 ssh_queue_handler(ssh
, SSH1_SMSG_SUCCESS
,
4420 ssh_rportfwd_succfail
, pf
);
4422 struct Packet
*pktout
;
4423 pktout
= ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST
);
4424 ssh2_pkt_addstring(pktout
, "tcpip-forward");
4425 ssh2_pkt_addbool(pktout
, 1);/* want reply */
4427 ssh2_pkt_addstring(pktout
, epf
->saddr
);
4428 } else if (cfg
->rport_acceptall
) {
4429 ssh2_pkt_addstring(pktout
, "0.0.0.0");
4431 ssh2_pkt_addstring(pktout
, "127.0.0.1");
4433 ssh2_pkt_adduint32(pktout
, epf
->sport
);
4434 ssh2_pkt_send(ssh
, pktout
);
4436 ssh_queue_handler(ssh
, SSH2_MSG_REQUEST_SUCCESS
,
4437 SSH2_MSG_REQUEST_FAILURE
,
4438 ssh_rportfwd_succfail
, pf
);
4447 static void ssh1_smsg_stdout_stderr_data(Ssh ssh
, struct Packet
*pktin
)
4450 int stringlen
, bufsize
;
4452 ssh_pkt_getstring(pktin
, &string
, &stringlen
);
4453 if (string
== NULL
) {
4454 bombout(("Incoming terminal data packet was badly formed"));
4458 bufsize
= from_backend(ssh
->frontend
, pktin
->type
== SSH1_SMSG_STDERR_DATA
,
4460 if (!ssh
->v1_stdout_throttling
&& bufsize
> SSH1_BUFFER_LIMIT
) {
4461 ssh
->v1_stdout_throttling
= 1;
4462 ssh1_throttle(ssh
, +1);
4466 static void ssh1_smsg_x11_open(Ssh ssh
, struct Packet
*pktin
)
4468 /* Remote side is trying to open a channel to talk to our
4469 * X-Server. Give them back a local channel number. */
4470 struct ssh_channel
*c
;
4471 int remoteid
= ssh_pkt_getuint32(pktin
);
4473 logevent("Received X11 connect request");
4474 /* Refuse if X11 forwarding is disabled. */
4475 if (!ssh
->X11_fwd_enabled
) {
4476 send_packet(ssh
, SSH1_MSG_CHANNEL_OPEN_FAILURE
,
4477 PKT_INT
, remoteid
, PKT_END
);
4478 logevent("Rejected X11 connect request");
4480 c
= snew(struct ssh_channel
);
4483 if (x11_init(&c
->u
.x11
.s
, ssh
->cfg
.x11_display
, c
,
4484 ssh
->x11auth
, NULL
, -1, &ssh
->cfg
) != NULL
) {
4485 logevent("Opening X11 forward connection failed");
4487 send_packet(ssh
, SSH1_MSG_CHANNEL_OPEN_FAILURE
,
4488 PKT_INT
, remoteid
, PKT_END
);
4491 ("Opening X11 forward connection succeeded");
4492 c
->remoteid
= remoteid
;
4493 c
->halfopen
= FALSE
;
4494 c
->localid
= alloc_channel_id(ssh
);
4496 c
->v
.v1
.throttling
= 0;
4497 c
->type
= CHAN_X11
; /* identify channel type */
4498 add234(ssh
->channels
, c
);
4499 send_packet(ssh
, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION
,
4500 PKT_INT
, c
->remoteid
, PKT_INT
,
4501 c
->localid
, PKT_END
);
4502 logevent("Opened X11 forward channel");
4507 static void ssh1_smsg_agent_open(Ssh ssh
, struct Packet
*pktin
)
4509 /* Remote side is trying to open a channel to talk to our
4510 * agent. Give them back a local channel number. */
4511 struct ssh_channel
*c
;
4512 int remoteid
= ssh_pkt_getuint32(pktin
);
4514 /* Refuse if agent forwarding is disabled. */
4515 if (!ssh
->agentfwd_enabled
) {
4516 send_packet(ssh
, SSH1_MSG_CHANNEL_OPEN_FAILURE
,
4517 PKT_INT
, remoteid
, PKT_END
);
4519 c
= snew(struct ssh_channel
);
4521 c
->remoteid
= remoteid
;
4522 c
->halfopen
= FALSE
;
4523 c
->localid
= alloc_channel_id(ssh
);
4525 c
->v
.v1
.throttling
= 0;
4526 c
->type
= CHAN_AGENT
; /* identify channel type */
4527 c
->u
.a
.lensofar
= 0;
4528 add234(ssh
->channels
, c
);
4529 send_packet(ssh
, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION
,
4530 PKT_INT
, c
->remoteid
, PKT_INT
, c
->localid
,
4535 static void ssh1_msg_port_open(Ssh ssh
, struct Packet
*pktin
)
4537 /* Remote side is trying to open a channel to talk to a
4538 * forwarded port. Give them back a local channel number. */
4539 struct ssh_channel
*c
;
4540 struct ssh_rportfwd pf
, *pfp
;
4545 c
= snew(struct ssh_channel
);
4548 remoteid
= ssh_pkt_getuint32(pktin
);
4549 ssh_pkt_getstring(pktin
, &host
, &hostsize
);
4550 port
= ssh_pkt_getuint32(pktin
);
4552 if (hostsize
>= lenof(pf
.dhost
))
4553 hostsize
= lenof(pf
.dhost
)-1;
4554 memcpy(pf
.dhost
, host
, hostsize
);
4555 pf
.dhost
[hostsize
] = '\0';
4557 pfp
= find234(ssh
->rportfwds
, &pf
, NULL
);
4560 logeventf(ssh
, "Rejected remote port open request for %s:%d",
4562 send_packet(ssh
, SSH1_MSG_CHANNEL_OPEN_FAILURE
,
4563 PKT_INT
, remoteid
, PKT_END
);
4565 logeventf(ssh
, "Received remote port open request for %s:%d",
4567 e
= pfd_newconnect(&c
->u
.pfd
.s
, pf
.dhost
, port
,
4568 c
, &ssh
->cfg
, pfp
->pfrec
->addressfamily
);
4570 logeventf(ssh
, "Port open failed: %s", e
);
4572 send_packet(ssh
, SSH1_MSG_CHANNEL_OPEN_FAILURE
,
4573 PKT_INT
, remoteid
, PKT_END
);
4575 c
->remoteid
= remoteid
;
4576 c
->halfopen
= FALSE
;
4577 c
->localid
= alloc_channel_id(ssh
);
4579 c
->v
.v1
.throttling
= 0;
4580 c
->type
= CHAN_SOCKDATA
; /* identify channel type */
4581 add234(ssh
->channels
, c
);
4582 send_packet(ssh
, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION
,
4583 PKT_INT
, c
->remoteid
, PKT_INT
,
4584 c
->localid
, PKT_END
);
4585 logevent("Forwarded port opened successfully");
4590 static void ssh1_msg_channel_open_confirmation(Ssh ssh
, struct Packet
*pktin
)
4592 unsigned int remoteid
= ssh_pkt_getuint32(pktin
);
4593 unsigned int localid
= ssh_pkt_getuint32(pktin
);
4594 struct ssh_channel
*c
;
4596 c
= find234(ssh
->channels
, &remoteid
, ssh_channelfind
);
4597 if (c
&& c
->type
== CHAN_SOCKDATA_DORMANT
) {
4598 c
->remoteid
= localid
;
4599 c
->halfopen
= FALSE
;
4600 c
->type
= CHAN_SOCKDATA
;
4601 c
->v
.v1
.throttling
= 0;
4602 pfd_confirm(c
->u
.pfd
.s
);
4605 if (c
&& c
->closes
) {
4607 * We have a pending close on this channel,
4608 * which we decided on before the server acked
4609 * the channel open. So now we know the
4610 * remoteid, we can close it again.
4612 send_packet(ssh
, SSH1_MSG_CHANNEL_CLOSE
,
4613 PKT_INT
, c
->remoteid
, PKT_END
);
4617 static void ssh1_msg_channel_open_failure(Ssh ssh
, struct Packet
*pktin
)
4619 unsigned int remoteid
= ssh_pkt_getuint32(pktin
);
4620 struct ssh_channel
*c
;
4622 c
= find234(ssh
->channels
, &remoteid
, ssh_channelfind
);
4623 if (c
&& c
->type
== CHAN_SOCKDATA_DORMANT
) {
4624 logevent("Forwarded connection refused by server");
4625 pfd_close(c
->u
.pfd
.s
);
4626 del234(ssh
->channels
, c
);
4631 static void ssh1_msg_channel_close(Ssh ssh
, struct Packet
*pktin
)
4633 /* Remote side closes a channel. */
4634 unsigned i
= ssh_pkt_getuint32(pktin
);
4635 struct ssh_channel
*c
;
4636 c
= find234(ssh
->channels
, &i
, ssh_channelfind
);
4637 if (c
&& !c
->halfopen
) {
4640 (pktin
->type
== SSH1_MSG_CHANNEL_CLOSE ?
1 : 2);
4642 if ((c
->closes
== 0) && (c
->type
== CHAN_X11
)) {
4643 logevent("Forwarded X11 connection terminated");
4644 assert(c
->u
.x11
.s
!= NULL
);
4645 x11_close(c
->u
.x11
.s
);
4648 if ((c
->closes
== 0) && (c
->type
== CHAN_SOCKDATA
)) {
4649 logevent("Forwarded port closed");
4650 assert(c
->u
.pfd
.s
!= NULL
);
4651 pfd_close(c
->u
.pfd
.s
);
4655 c
->closes
|= (closetype
<< 2); /* seen this message */
4656 if (!(c
->closes
& closetype
)) {
4657 send_packet(ssh
, pktin
->type
, PKT_INT
, c
->remoteid
,
4659 c
->closes
|= closetype
; /* sent it too */
4662 if (c
->closes
== 15) {
4663 del234(ssh
->channels
, c
);
4667 bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
4668 pktin
->type
== SSH1_MSG_CHANNEL_CLOSE ?
"" :
4669 "_CONFIRMATION", c ?
"half-open" : "nonexistent",
4674 static void ssh1_msg_channel_data(Ssh ssh
, struct Packet
*pktin
)
4676 /* Data sent down one of our channels. */
4677 int i
= ssh_pkt_getuint32(pktin
);
4680 struct ssh_channel
*c
;
4682 ssh_pkt_getstring(pktin
, &p
, &len
);
4684 c
= find234(ssh
->channels
, &i
, ssh_channelfind
);
4689 bufsize
= x11_send(c
->u
.x11
.s
, p
, len
);
4692 bufsize
= pfd_send(c
->u
.pfd
.s
, p
, len
);
4695 /* Data for an agent message. Buffer it. */
4697 if (c
->u
.a
.lensofar
< 4) {
4698 unsigned int l
= min(4 - c
->u
.a
.lensofar
, (unsigned)len
);
4699 memcpy(c
->u
.a
.msglen
+ c
->u
.a
.lensofar
, p
,
4703 c
->u
.a
.lensofar
+= l
;
4705 if (c
->u
.a
.lensofar
== 4) {
4707 4 + GET_32BIT(c
->u
.a
.msglen
);
4708 c
->u
.a
.message
= snewn(c
->u
.a
.totallen
,
4710 memcpy(c
->u
.a
.message
, c
->u
.a
.msglen
, 4);
4712 if (c
->u
.a
.lensofar
>= 4 && len
> 0) {
4714 min(c
->u
.a
.totallen
- c
->u
.a
.lensofar
,
4716 memcpy(c
->u
.a
.message
+ c
->u
.a
.lensofar
, p
,
4720 c
->u
.a
.lensofar
+= l
;
4722 if (c
->u
.a
.lensofar
== c
->u
.a
.totallen
) {
4725 if (agent_query(c
->u
.a
.message
,
4728 ssh_agentf_callback
, c
))
4729 ssh_agentf_callback(c
, reply
, replylen
);
4730 sfree(c
->u
.a
.message
);
4731 c
->u
.a
.lensofar
= 0;
4734 bufsize
= 0; /* agent channels never back up */
4737 if (!c
->v
.v1
.throttling
&& bufsize
> SSH1_BUFFER_LIMIT
) {
4738 c
->v
.v1
.throttling
= 1;
4739 ssh1_throttle(ssh
, +1);
4744 static void ssh1_smsg_exit_status(Ssh ssh
, struct Packet
*pktin
)
4746 ssh
->exitcode
= ssh_pkt_getuint32(pktin
);
4747 logeventf(ssh
, "Server sent command exit status %d", ssh
->exitcode
);
4748 send_packet(ssh
, SSH1_CMSG_EXIT_CONFIRMATION
, PKT_END
);
4750 * In case `helpful' firewalls or proxies tack
4751 * extra human-readable text on the end of the
4752 * session which we might mistake for another
4753 * encrypted packet, we close the session once
4754 * we've sent EXIT_CONFIRMATION.
4756 ssh_disconnect(ssh
, NULL
, NULL
, 0, TRUE
);
4759 /* Helper function to deal with sending tty modes for REQUEST_PTY */
4760 static void ssh1_send_ttymode(void *data
, char *mode
, char *val
)
4762 struct Packet
*pktout
= (struct Packet
*)data
;
4764 unsigned int arg
= 0;
4765 while (strcmp(mode
, ssh_ttymodes
[i
].mode
) != 0) i
++;
4766 if (i
== lenof(ssh_ttymodes
)) return;
4767 switch (ssh_ttymodes
[i
].type
) {
4769 arg
= ssh_tty_parse_specchar(val
);
4772 arg
= ssh_tty_parse_boolean(val
);
4775 ssh2_pkt_addbyte(pktout
, ssh_ttymodes
[i
].opcode
);
4776 ssh2_pkt_addbyte(pktout
, arg
);
4780 static void do_ssh1_connection(Ssh ssh
, unsigned char *in
, int inlen
,
4781 struct Packet
*pktin
)
4783 crBegin(ssh
->do_ssh1_connection_crstate
);
4785 ssh
->packet_dispatch
[SSH1_SMSG_STDOUT_DATA
] =
4786 ssh
->packet_dispatch
[SSH1_SMSG_STDERR_DATA
] =
4787 ssh1_smsg_stdout_stderr_data
;
4789 ssh
->packet_dispatch
[SSH1_MSG_CHANNEL_OPEN_CONFIRMATION
] =
4790 ssh1_msg_channel_open_confirmation
;
4791 ssh
->packet_dispatch
[SSH1_MSG_CHANNEL_OPEN_FAILURE
] =
4792 ssh1_msg_channel_open_failure
;
4793 ssh
->packet_dispatch
[SSH1_MSG_CHANNEL_CLOSE
] =
4794 ssh
->packet_dispatch
[SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION
] =
4795 ssh1_msg_channel_close
;
4796 ssh
->packet_dispatch
[SSH1_MSG_CHANNEL_DATA
] = ssh1_msg_channel_data
;
4797 ssh
->packet_dispatch
[SSH1_SMSG_EXIT_STATUS
] = ssh1_smsg_exit_status
;
4799 if (ssh
->cfg
.agentfwd
&& agent_exists()) {
4800 logevent("Requesting agent forwarding");
4801 send_packet(ssh
, SSH1_CMSG_AGENT_REQUEST_FORWARDING
, PKT_END
);
4805 if (pktin
->type
!= SSH1_SMSG_SUCCESS
4806 && pktin
->type
!= SSH1_SMSG_FAILURE
) {
4807 bombout(("Protocol confusion"));
4809 } else if (pktin
->type
== SSH1_SMSG_FAILURE
) {
4810 logevent("Agent forwarding refused");
4812 logevent("Agent forwarding enabled");
4813 ssh
->agentfwd_enabled
= TRUE
;
4814 ssh
->packet_dispatch
[SSH1_SMSG_AGENT_OPEN
] = ssh1_smsg_agent_open
;
4818 if (ssh
->cfg
.x11_forward
) {
4819 char proto
[20], data
[64];
4820 logevent("Requesting X11 forwarding");
4821 ssh
->x11auth
= x11_invent_auth(proto
, sizeof(proto
),
4822 data
, sizeof(data
), ssh
->cfg
.x11_auth
);
4823 x11_get_real_auth(ssh
->x11auth
, ssh
->cfg
.x11_display
);
4825 * Note that while we blank the X authentication data here, we don't
4826 * take any special action to blank the start of an X11 channel,
4827 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
4828 * without having session blanking enabled is likely to leak your
4829 * cookie into the log.
4831 if (ssh
->v1_local_protoflags
& SSH1_PROTOFLAG_SCREEN_NUMBER
) {
4832 send_packet(ssh
, SSH1_CMSG_X11_REQUEST_FORWARDING
,
4834 PKTT_PASSWORD
, PKT_STR
, data
, PKTT_OTHER
,
4835 PKT_INT
, x11_get_screen_number(ssh
->cfg
.x11_display
),
4838 send_packet(ssh
, SSH1_CMSG_X11_REQUEST_FORWARDING
,
4840 PKTT_PASSWORD
, PKT_STR
, data
, PKTT_OTHER
, PKT_END
);
4845 if (pktin
->type
!= SSH1_SMSG_SUCCESS
4846 && pktin
->type
!= SSH1_SMSG_FAILURE
) {
4847 bombout(("Protocol confusion"));
4849 } else if (pktin
->type
== SSH1_SMSG_FAILURE
) {
4850 logevent("X11 forwarding refused");
4852 logevent("X11 forwarding enabled");
4853 ssh
->X11_fwd_enabled
= TRUE
;
4854 ssh
->packet_dispatch
[SSH1_SMSG_X11_OPEN
] = ssh1_smsg_x11_open
;
4858 ssh_setup_portfwd(ssh
, &ssh
->cfg
);
4859 ssh
->packet_dispatch
[SSH1_MSG_PORT_OPEN
] = ssh1_msg_port_open
;
4861 if (!ssh
->cfg
.nopty
) {
4863 /* Unpick the terminal-speed string. */
4864 /* XXX perhaps we should allow no speeds to be sent. */
4865 ssh
->ospeed
= 38400; ssh
->ispeed
= 38400; /* last-resort defaults */
4866 sscanf(ssh
->cfg
.termspeed
, "%d,%d", &ssh
->ospeed
, &ssh
->ispeed
);
4867 /* Send the pty request. */
4868 pkt
= ssh1_pkt_init(SSH1_CMSG_REQUEST_PTY
);
4869 ssh_pkt_addstring(pkt
, ssh
->cfg
.termtype
);
4870 ssh_pkt_adduint32(pkt
, ssh
->term_height
);
4871 ssh_pkt_adduint32(pkt
, ssh
->term_width
);
4872 ssh_pkt_adduint32(pkt
, 0); /* width in pixels */
4873 ssh_pkt_adduint32(pkt
, 0); /* height in pixels */
4874 parse_ttymodes(ssh
, ssh
->cfg
.ttymodes
,
4875 ssh1_send_ttymode
, (void *)pkt
);
4876 ssh_pkt_addbyte(pkt
, SSH1_TTY_OP_ISPEED
);
4877 ssh_pkt_adduint32(pkt
, ssh
->ispeed
);
4878 ssh_pkt_addbyte(pkt
, SSH1_TTY_OP_OSPEED
);
4879 ssh_pkt_adduint32(pkt
, ssh
->ospeed
);
4880 ssh_pkt_addbyte(pkt
, SSH_TTY_OP_END
);
4882 ssh
->state
= SSH_STATE_INTERMED
;
4886 if (pktin
->type
!= SSH1_SMSG_SUCCESS
4887 && pktin
->type
!= SSH1_SMSG_FAILURE
) {
4888 bombout(("Protocol confusion"));
4890 } else if (pktin
->type
== SSH1_SMSG_FAILURE
) {
4891 c_write_str(ssh
, "Server refused to allocate pty\r\n");
4892 ssh
->editing
= ssh
->echoing
= 1;
4894 logeventf(ssh
, "Allocated pty (ospeed %dbps, ispeed %dbps)",
4895 ssh
->ospeed
, ssh
->ispeed
);
4897 ssh
->editing
= ssh
->echoing
= 1;
4900 if (ssh
->cfg
.compression
) {
4901 send_packet(ssh
, SSH1_CMSG_REQUEST_COMPRESSION
, PKT_INT
, 6, PKT_END
);
4905 if (pktin
->type
!= SSH1_SMSG_SUCCESS
4906 && pktin
->type
!= SSH1_SMSG_FAILURE
) {
4907 bombout(("Protocol confusion"));
4909 } else if (pktin
->type
== SSH1_SMSG_FAILURE
) {
4910 c_write_str(ssh
, "Server refused to compress\r\n");
4912 logevent("Started compression");
4913 ssh
->v1_compressing
= TRUE
;
4914 ssh
->cs_comp_ctx
= zlib_compress_init();
4915 logevent("Initialised zlib (RFC1950) compression");
4916 ssh
->sc_comp_ctx
= zlib_decompress_init();
4917 logevent("Initialised zlib (RFC1950) decompression");
4921 * Start the shell or command.
4923 * Special case: if the first-choice command is an SSH-2
4924 * subsystem (hence not usable here) and the second choice
4925 * exists, we fall straight back to that.
4928 char *cmd
= ssh
->cfg
.remote_cmd_ptr
;
4930 if (!cmd
) cmd
= ssh
->cfg
.remote_cmd
;
4932 if (ssh
->cfg
.ssh_subsys
&& ssh
->cfg
.remote_cmd_ptr2
) {
4933 cmd
= ssh
->cfg
.remote_cmd_ptr2
;
4934 ssh
->fallback_cmd
= TRUE
;
4937 send_packet(ssh
, SSH1_CMSG_EXEC_CMD
, PKT_STR
, cmd
, PKT_END
);
4939 send_packet(ssh
, SSH1_CMSG_EXEC_SHELL
, PKT_END
);
4940 logevent("Started session");
4943 ssh
->state
= SSH_STATE_SESSION
;
4944 if (ssh
->size_needed
)
4945 ssh_size(ssh
, ssh
->term_width
, ssh
->term_height
);
4946 if (ssh
->eof_needed
)
4947 ssh_special(ssh
, TS_EOF
);
4950 ldisc_send(ssh
->ldisc
, NULL
, 0, 0);/* cause ldisc to notice changes */
4952 ssh
->channels
= newtree234(ssh_channelcmp
);
4956 * By this point, most incoming packets are already being
4957 * handled by the dispatch table, and we need only pay
4958 * attention to the unusual ones.
4963 if (pktin
->type
== SSH1_SMSG_SUCCESS
) {
4964 /* may be from EXEC_SHELL on some servers */
4965 } else if (pktin
->type
== SSH1_SMSG_FAILURE
) {
4966 /* may be from EXEC_SHELL on some servers
4967 * if no pty is available or in other odd cases. Ignore */
4969 bombout(("Strange packet received: type %d", pktin
->type
));
4974 int len
= min(inlen
, 512);
4975 send_packet(ssh
, SSH1_CMSG_STDIN_DATA
, PKTT_DATA
,
4976 PKT_INT
, len
, PKT_DATA
, in
, len
,
4977 PKTT_OTHER
, PKT_END
);
4988 * Handle the top-level SSH-2 protocol.
4990 static void ssh1_msg_debug(Ssh ssh
, struct Packet
*pktin
)
4995 ssh_pkt_getstring(pktin
, &msg
, &msglen
);
4996 logeventf(ssh
, "Remote debug message: %.*s", msglen
, msg
);
4999 static void ssh1_msg_disconnect(Ssh ssh
, struct Packet
*pktin
)
5001 /* log reason code in disconnect message */
5005 ssh_pkt_getstring(pktin
, &msg
, &msglen
);
5006 bombout(("Server sent disconnect message:\n\"%.*s\"", msglen
, msg
));
5009 static void ssh_msg_ignore(Ssh ssh
, struct Packet
*pktin
)
5011 /* Do nothing, because we're ignoring it! Duhh. */
5014 static void ssh1_protocol_setup(Ssh ssh
)
5019 * Most messages are handled by the coroutines.
5021 for (i
= 0; i
< 256; i
++)
5022 ssh
->packet_dispatch
[i
] = NULL
;
5025 * These special message types we install handlers for.
5027 ssh
->packet_dispatch
[SSH1_MSG_DISCONNECT
] = ssh1_msg_disconnect
;
5028 ssh
->packet_dispatch
[SSH1_MSG_IGNORE
] = ssh_msg_ignore
;
5029 ssh
->packet_dispatch
[SSH1_MSG_DEBUG
] = ssh1_msg_debug
;
5032 static void ssh1_protocol(Ssh ssh
, void *vin
, int inlen
,
5033 struct Packet
*pktin
)
5035 unsigned char *in
=(unsigned char*)vin
;
5036 if (ssh
->state
== SSH_STATE_CLOSED
)
5039 if (pktin
&& ssh
->packet_dispatch
[pktin
->type
]) {
5040 ssh
->packet_dispatch
[pktin
->type
](ssh
, pktin
);
5044 if (!ssh
->protocol_initial_phase_done
) {
5045 if (do_ssh1_login(ssh
, in
, inlen
, pktin
))
5046 ssh
->protocol_initial_phase_done
= TRUE
;
5051 do_ssh1_connection(ssh
, in
, inlen
, pktin
);
5055 * Utility routine for decoding comma-separated strings in KEXINIT.
5057 static int in_commasep_string(char *needle
, char *haystack
, int haylen
)
5060 if (!needle
|| !haystack
) /* protect against null pointers */
5062 needlen
= strlen(needle
);
5065 * Is it at the start of the string?
5067 if (haylen
>= needlen
&& /* haystack is long enough */
5068 !memcmp(needle
, haystack
, needlen
) && /* initial match */
5069 (haylen
== needlen
|| haystack
[needlen
] == ',')
5070 /* either , or EOS follows */
5074 * If not, search for the next comma and resume after that.
5075 * If no comma found, terminate.
5077 while (haylen
> 0 && *haystack
!= ',')
5078 haylen
--, haystack
++;
5081 haylen
--, haystack
++; /* skip over comma itself */
5086 * Similar routine for checking whether we have the first string in a list.
5088 static int first_in_commasep_string(char *needle
, char *haystack
, int haylen
)
5091 if (!needle
|| !haystack
) /* protect against null pointers */
5093 needlen
= strlen(needle
);
5095 * Is it at the start of the string?
5097 if (haylen
>= needlen
&& /* haystack is long enough */
5098 !memcmp(needle
, haystack
, needlen
) && /* initial match */
5099 (haylen
== needlen
|| haystack
[needlen
] == ',')
5100 /* either , or EOS follows */
5108 * SSH-2 key creation method.
5109 * (Currently assumes 2 lots of any hash are sufficient to generate
5110 * keys/IVs for any cipher/MAC. SSH2_MKKEY_ITERS documents this assumption.)
5112 #define SSH2_MKKEY_ITERS (2)
5113 static void ssh2_mkkey(Ssh ssh
, Bignum K
, unsigned char *H
, char chr
,
5114 unsigned char *keyspace
)
5116 const struct ssh_hash
*h
= ssh
->kex
->hash
;
5118 /* First hlen bytes. */
5120 if (!(ssh
->remote_bugs
& BUG_SSH2_DERIVEKEY
))
5121 hash_mpint(h
, s
, K
);
5122 h
->bytes(s
, H
, h
->hlen
);
5123 h
->bytes(s
, &chr
, 1);
5124 h
->bytes(s
, ssh
->v2_session_id
, ssh
->v2_session_id_len
);
5125 h
->final(s
, keyspace
);
5126 /* Next hlen bytes. */
5128 if (!(ssh
->remote_bugs
& BUG_SSH2_DERIVEKEY
))
5129 hash_mpint(h
, s
, K
);
5130 h
->bytes(s
, H
, h
->hlen
);
5131 h
->bytes(s
, keyspace
, h
->hlen
);
5132 h
->final(s
, keyspace
+ h
->hlen
);
5136 * Handle the SSH-2 transport layer.
5138 static int do_ssh2_transport(Ssh ssh
, void *vin
, int inlen
,
5139 struct Packet
*pktin
)
5141 unsigned char *in
= (unsigned char *)vin
;
5142 struct do_ssh2_transport_state
{
5143 int nbits
, pbits
, warn_kex
, warn_cscipher
, warn_sccipher
;
5144 Bignum p
, g
, e
, f
, K
;
5147 int kex_init_value
, kex_reply_value
;
5148 const struct ssh_mac
**maclist
;
5150 const struct ssh2_cipher
*cscipher_tobe
;
5151 const struct ssh2_cipher
*sccipher_tobe
;
5152 const struct ssh_mac
*csmac_tobe
;
5153 const struct ssh_mac
*scmac_tobe
;
5154 const struct ssh_compress
*cscomp_tobe
;
5155 const struct ssh_compress
*sccomp_tobe
;
5156 char *hostkeydata
, *sigdata
, *rsakeydata
, *keystr
, *fingerprint
;
5157 int hostkeylen
, siglen
, rsakeylen
;
5158 void *hkey
; /* actual host key */
5159 void *rsakey
; /* for RSA kex */
5160 unsigned char exchange_hash
[SSH2_KEX_MAX_HASH_LEN
];
5161 int n_preferred_kex
;
5162 const struct ssh_kexes
*preferred_kex
[KEX_MAX
];
5163 int n_preferred_ciphers
;
5164 const struct ssh2_ciphers
*preferred_ciphers
[CIPHER_MAX
];
5165 const struct ssh_compress
*preferred_comp
;
5166 int got_session_id
, activated_authconn
;
5167 struct Packet
*pktout
;
5172 crState(do_ssh2_transport_state
);
5174 crBegin(ssh
->do_ssh2_transport_crstate
);
5176 s
->cscipher_tobe
= s
->sccipher_tobe
= NULL
;
5177 s
->csmac_tobe
= s
->scmac_tobe
= NULL
;
5178 s
->cscomp_tobe
= s
->sccomp_tobe
= NULL
;
5180 s
->got_session_id
= s
->activated_authconn
= FALSE
;
5183 * Be prepared to work around the buggy MAC problem.
5185 if (ssh
->remote_bugs
& BUG_SSH2_HMAC
)
5186 s
->maclist
= buggymacs
, s
->nmacs
= lenof(buggymacs
);
5188 s
->maclist
= macs
, s
->nmacs
= lenof(macs
);
5191 ssh
->pkt_kctx
= SSH2_PKTCTX_NOKEX
;
5193 int i
, j
, commalist_started
;
5196 * Set up the preferred key exchange. (NULL => warn below here)
5198 s
->n_preferred_kex
= 0;
5199 for (i
= 0; i
< KEX_MAX
; i
++) {
5200 switch (ssh
->cfg
.ssh_kexlist
[i
]) {
5202 s
->preferred_kex
[s
->n_preferred_kex
++] =
5203 &ssh_diffiehellman_gex
;
5206 s
->preferred_kex
[s
->n_preferred_kex
++] =
5207 &ssh_diffiehellman_group14
;
5210 s
->preferred_kex
[s
->n_preferred_kex
++] =
5211 &ssh_diffiehellman_group1
;
5214 s
->preferred_kex
[s
->n_preferred_kex
++] =
5218 /* Flag for later. Don't bother if it's the last in
5220 if (i
< KEX_MAX
- 1) {
5221 s
->preferred_kex
[s
->n_preferred_kex
++] = NULL
;
5228 * Set up the preferred ciphers. (NULL => warn below here)
5230 s
->n_preferred_ciphers
= 0;
5231 for (i
= 0; i
< CIPHER_MAX
; i
++) {
5232 switch (ssh
->cfg
.ssh_cipherlist
[i
]) {
5233 case CIPHER_BLOWFISH
:
5234 s
->preferred_ciphers
[s
->n_preferred_ciphers
++] = &ssh2_blowfish
;
5237 if (ssh
->cfg
.ssh2_des_cbc
) {
5238 s
->preferred_ciphers
[s
->n_preferred_ciphers
++] = &ssh2_des
;
5242 s
->preferred_ciphers
[s
->n_preferred_ciphers
++] = &ssh2_3des
;
5245 s
->preferred_ciphers
[s
->n_preferred_ciphers
++] = &ssh2_aes
;
5247 case CIPHER_ARCFOUR
:
5248 s
->preferred_ciphers
[s
->n_preferred_ciphers
++] = &ssh2_arcfour
;
5251 /* Flag for later. Don't bother if it's the last in
5253 if (i
< CIPHER_MAX
- 1) {
5254 s
->preferred_ciphers
[s
->n_preferred_ciphers
++] = NULL
;
5261 * Set up preferred compression.
5263 if (ssh
->cfg
.compression
)
5264 s
->preferred_comp
= &ssh_zlib
;
5266 s
->preferred_comp
= &ssh_comp_none
;
5269 * Enable queueing of outgoing auth- or connection-layer
5270 * packets while we are in the middle of a key exchange.
5272 ssh
->queueing
= TRUE
;
5275 * Flag that KEX is in progress.
5277 ssh
->kex_in_progress
= TRUE
;
5280 * Construct and send our key exchange packet.
5282 s
->pktout
= ssh2_pkt_init(SSH2_MSG_KEXINIT
);
5283 for (i
= 0; i
< 16; i
++)
5284 ssh2_pkt_addbyte(s
->pktout
, (unsigned char) random_byte());
5285 /* List key exchange algorithms. */
5286 ssh2_pkt_addstring_start(s
->pktout
);
5287 commalist_started
= 0;
5288 for (i
= 0; i
< s
->n_preferred_kex
; i
++) {
5289 const struct ssh_kexes
*k
= s
->preferred_kex
[i
];
5290 if (!k
) continue; /* warning flag */
5291 for (j
= 0; j
< k
->nkexes
; j
++) {
5292 if (commalist_started
)
5293 ssh2_pkt_addstring_str(s
->pktout
, ",");
5294 ssh2_pkt_addstring_str(s
->pktout
, k
->list
[j
]->name
);
5295 commalist_started
= 1;
5298 /* List server host key algorithms. */
5299 ssh2_pkt_addstring_start(s
->pktout
);
5300 for (i
= 0; i
< lenof(hostkey_algs
); i
++) {
5301 ssh2_pkt_addstring_str(s
->pktout
, hostkey_algs
[i
]->name
);
5302 if (i
< lenof(hostkey_algs
) - 1)
5303 ssh2_pkt_addstring_str(s
->pktout
, ",");
5305 /* List client->server encryption algorithms. */
5306 ssh2_pkt_addstring_start(s
->pktout
);
5307 commalist_started
= 0;
5308 for (i
= 0; i
< s
->n_preferred_ciphers
; i
++) {
5309 const struct ssh2_ciphers
*c
= s
->preferred_ciphers
[i
];
5310 if (!c
) continue; /* warning flag */
5311 for (j
= 0; j
< c
->nciphers
; j
++) {
5312 if (commalist_started
)
5313 ssh2_pkt_addstring_str(s
->pktout
, ",");
5314 ssh2_pkt_addstring_str(s
->pktout
, c
->list
[j
]->name
);
5315 commalist_started
= 1;
5318 /* List server->client encryption algorithms. */
5319 ssh2_pkt_addstring_start(s
->pktout
);
5320 commalist_started
= 0;
5321 for (i
= 0; i
< s
->n_preferred_ciphers
; i
++) {
5322 const struct ssh2_ciphers
*c
= s
->preferred_ciphers
[i
];
5323 if (!c
) continue; /* warning flag */
5324 for (j
= 0; j
< c
->nciphers
; j
++) {
5325 if (commalist_started
)
5326 ssh2_pkt_addstring_str(s
->pktout
, ",");
5327 ssh2_pkt_addstring_str(s
->pktout
, c
->list
[j
]->name
);
5328 commalist_started
= 1;
5331 /* List client->server MAC algorithms. */
5332 ssh2_pkt_addstring_start(s
->pktout
);
5333 for (i
= 0; i
< s
->nmacs
; i
++) {
5334 ssh2_pkt_addstring_str(s
->pktout
, s
->maclist
[i
]->name
);
5335 if (i
< s
->nmacs
- 1)
5336 ssh2_pkt_addstring_str(s
->pktout
, ",");
5338 /* List server->client MAC algorithms. */
5339 ssh2_pkt_addstring_start(s
->pktout
);
5340 for (i
= 0; i
< s
->nmacs
; i
++) {
5341 ssh2_pkt_addstring_str(s
->pktout
, s
->maclist
[i
]->name
);
5342 if (i
< s
->nmacs
- 1)
5343 ssh2_pkt_addstring_str(s
->pktout
, ",");
5345 /* List client->server compression algorithms. */
5346 ssh2_pkt_addstring_start(s
->pktout
);
5347 assert(lenof(compressions
) > 1);
5348 ssh2_pkt_addstring_str(s
->pktout
, s
->preferred_comp
->name
);
5349 for (i
= 0; i
< lenof(compressions
); i
++) {
5350 const struct ssh_compress
*c
= compressions
[i
];
5351 if (c
!= s
->preferred_comp
) {
5352 ssh2_pkt_addstring_str(s
->pktout
, ",");
5353 ssh2_pkt_addstring_str(s
->pktout
, c
->name
);
5356 /* List server->client compression algorithms. */
5357 ssh2_pkt_addstring_start(s
->pktout
);
5358 assert(lenof(compressions
) > 1);
5359 ssh2_pkt_addstring_str(s
->pktout
, s
->preferred_comp
->name
);
5360 for (i
= 0; i
< lenof(compressions
); i
++) {
5361 const struct ssh_compress
*c
= compressions
[i
];
5362 if (c
!= s
->preferred_comp
) {
5363 ssh2_pkt_addstring_str(s
->pktout
, ",");
5364 ssh2_pkt_addstring_str(s
->pktout
, c
->name
);
5367 /* List client->server languages. Empty list. */
5368 ssh2_pkt_addstring_start(s
->pktout
);
5369 /* List server->client languages. Empty list. */
5370 ssh2_pkt_addstring_start(s
->pktout
);
5371 /* First KEX packet does _not_ follow, because we're not that brave. */
5372 ssh2_pkt_addbool(s
->pktout
, FALSE
);
5374 ssh2_pkt_adduint32(s
->pktout
, 0);
5377 s
->our_kexinitlen
= s
->pktout
->length
- 5;
5378 s
->our_kexinit
= snewn(s
->our_kexinitlen
, unsigned char);
5379 memcpy(s
->our_kexinit
, s
->pktout
->data
+ 5, s
->our_kexinitlen
);
5381 ssh2_pkt_send_noqueue(ssh
, s
->pktout
);
5387 * Now examine the other side's KEXINIT to see what we're up
5391 char *str
, *preferred
;
5394 if (pktin
->type
!= SSH2_MSG_KEXINIT
) {
5395 bombout(("expected key exchange packet from server"));
5399 ssh
->hostkey
= NULL
;
5400 s
->cscipher_tobe
= NULL
;
5401 s
->sccipher_tobe
= NULL
;
5402 s
->csmac_tobe
= NULL
;
5403 s
->scmac_tobe
= NULL
;
5404 s
->cscomp_tobe
= NULL
;
5405 s
->sccomp_tobe
= NULL
;
5406 s
->warn_kex
= s
->warn_cscipher
= s
->warn_sccipher
= FALSE
;
5408 pktin
->savedpos
+= 16; /* skip garbage cookie */
5409 ssh_pkt_getstring(pktin
, &str
, &len
); /* key exchange algorithms */
5412 for (i
= 0; i
< s
->n_preferred_kex
; i
++) {
5413 const struct ssh_kexes
*k
= s
->preferred_kex
[i
];
5417 for (j
= 0; j
< k
->nkexes
; j
++) {
5418 if (!preferred
) preferred
= k
->list
[j
]->name
;
5419 if (in_commasep_string(k
->list
[j
]->name
, str
, len
)) {
5420 ssh
->kex
= k
->list
[j
];
5429 bombout(("Couldn't agree a key exchange algorithm (available: %s)",
5430 str ? str
: "(null)"));
5434 * Note that the server's guess is considered wrong if it doesn't match
5435 * the first algorithm in our list, even if it's still the algorithm
5438 s
->guessok
= first_in_commasep_string(preferred
, str
, len
);
5439 ssh_pkt_getstring(pktin
, &str
, &len
); /* host key algorithms */
5440 for (i
= 0; i
< lenof(hostkey_algs
); i
++) {
5441 if (in_commasep_string(hostkey_algs
[i
]->name
, str
, len
)) {
5442 ssh
->hostkey
= hostkey_algs
[i
];
5446 s
->guessok
= s
->guessok
&&
5447 first_in_commasep_string(hostkey_algs
[0]->name
, str
, len
);
5448 ssh_pkt_getstring(pktin
, &str
, &len
); /* client->server cipher */
5449 for (i
= 0; i
< s
->n_preferred_ciphers
; i
++) {
5450 const struct ssh2_ciphers
*c
= s
->preferred_ciphers
[i
];
5452 s
->warn_cscipher
= TRUE
;
5454 for (j
= 0; j
< c
->nciphers
; j
++) {
5455 if (in_commasep_string(c
->list
[j
]->name
, str
, len
)) {
5456 s
->cscipher_tobe
= c
->list
[j
];
5461 if (s
->cscipher_tobe
)
5464 if (!s
->cscipher_tobe
) {
5465 bombout(("Couldn't agree a client-to-server cipher (available: %s)",
5466 str ? str
: "(null)"));
5470 ssh_pkt_getstring(pktin
, &str
, &len
); /* server->client cipher */
5471 for (i
= 0; i
< s
->n_preferred_ciphers
; i
++) {
5472 const struct ssh2_ciphers
*c
= s
->preferred_ciphers
[i
];
5474 s
->warn_sccipher
= TRUE
;
5476 for (j
= 0; j
< c
->nciphers
; j
++) {
5477 if (in_commasep_string(c
->list
[j
]->name
, str
, len
)) {
5478 s
->sccipher_tobe
= c
->list
[j
];
5483 if (s
->sccipher_tobe
)
5486 if (!s
->sccipher_tobe
) {
5487 bombout(("Couldn't agree a server-to-client cipher (available: %s)",
5488 str ? str
: "(null)"));
5492 ssh_pkt_getstring(pktin
, &str
, &len
); /* client->server mac */
5493 for (i
= 0; i
< s
->nmacs
; i
++) {
5494 if (in_commasep_string(s
->maclist
[i
]->name
, str
, len
)) {
5495 s
->csmac_tobe
= s
->maclist
[i
];
5499 ssh_pkt_getstring(pktin
, &str
, &len
); /* server->client mac */
5500 for (i
= 0; i
< s
->nmacs
; i
++) {
5501 if (in_commasep_string(s
->maclist
[i
]->name
, str
, len
)) {
5502 s
->scmac_tobe
= s
->maclist
[i
];
5506 ssh_pkt_getstring(pktin
, &str
, &len
); /* client->server compression */
5507 for (i
= 0; i
< lenof(compressions
) + 1; i
++) {
5508 const struct ssh_compress
*c
=
5509 i
== 0 ? s
->preferred_comp
: compressions
[i
- 1];
5510 if (in_commasep_string(c
->name
, str
, len
)) {
5515 ssh_pkt_getstring(pktin
, &str
, &len
); /* server->client compression */
5516 for (i
= 0; i
< lenof(compressions
) + 1; i
++) {
5517 const struct ssh_compress
*c
=
5518 i
== 0 ? s
->preferred_comp
: compressions
[i
- 1];
5519 if (in_commasep_string(c
->name
, str
, len
)) {
5524 ssh_pkt_getstring(pktin
, &str
, &len
); /* client->server language */
5525 ssh_pkt_getstring(pktin
, &str
, &len
); /* server->client language */
5526 s
->ignorepkt
= ssh2_pkt_getbool(pktin
) && !s
->guessok
;
5529 ssh_set_frozen(ssh
, 1);
5530 s
->dlgret
= askalg(ssh
->frontend
, "key-exchange algorithm",
5532 ssh_dialog_callback
, ssh
);
5533 if (s
->dlgret
< 0) {
5537 bombout(("Unexpected data from server while"
5538 " waiting for user response"));
5541 } while (pktin
|| inlen
> 0);
5542 s
->dlgret
= ssh
->user_response
;
5544 ssh_set_frozen(ssh
, 0);
5545 if (s
->dlgret
== 0) {
5546 ssh_disconnect(ssh
, "User aborted at kex warning", NULL
,
5552 if (s
->warn_cscipher
) {
5553 ssh_set_frozen(ssh
, 1);
5554 s
->dlgret
= askalg(ssh
->frontend
,
5555 "client-to-server cipher",
5556 s
->cscipher_tobe
->name
,
5557 ssh_dialog_callback
, ssh
);
5558 if (s
->dlgret
< 0) {
5562 bombout(("Unexpected data from server while"
5563 " waiting for user response"));
5566 } while (pktin
|| inlen
> 0);
5567 s
->dlgret
= ssh
->user_response
;
5569 ssh_set_frozen(ssh
, 0);
5570 if (s
->dlgret
== 0) {
5571 ssh_disconnect(ssh
, "User aborted at cipher warning", NULL
,
5577 if (s
->warn_sccipher
) {
5578 ssh_set_frozen(ssh
, 1);
5579 s
->dlgret
= askalg(ssh
->frontend
,
5580 "server-to-client cipher",
5581 s
->sccipher_tobe
->name
,
5582 ssh_dialog_callback
, ssh
);
5583 if (s
->dlgret
< 0) {
5587 bombout(("Unexpected data from server while"
5588 " waiting for user response"));
5591 } while (pktin
|| inlen
> 0);
5592 s
->dlgret
= ssh
->user_response
;
5594 ssh_set_frozen(ssh
, 0);
5595 if (s
->dlgret
== 0) {
5596 ssh_disconnect(ssh
, "User aborted at cipher warning", NULL
,
5602 ssh
->exhash
= ssh
->kex
->hash
->init();
5603 hash_string(ssh
->kex
->hash
, ssh
->exhash
, ssh
->v_c
, strlen(ssh
->v_c
));
5604 hash_string(ssh
->kex
->hash
, ssh
->exhash
, ssh
->v_s
, strlen(ssh
->v_s
));
5605 hash_string(ssh
->kex
->hash
, ssh
->exhash
,
5606 s
->our_kexinit
, s
->our_kexinitlen
);
5607 sfree(s
->our_kexinit
);
5608 if (pktin
->length
> 5)
5609 hash_string(ssh
->kex
->hash
, ssh
->exhash
,
5610 pktin
->data
+ 5, pktin
->length
- 5);
5612 if (s
->ignorepkt
) /* first_kex_packet_follows */
5613 crWaitUntil(pktin
); /* Ignore packet */
5616 if (ssh
->kex
->main_type
== KEXTYPE_DH
) {
5618 * Work out the number of bits of key we will need from the
5619 * key exchange. We start with the maximum key length of
5625 csbits
= s
->cscipher_tobe
->keylen
;
5626 scbits
= s
->sccipher_tobe
->keylen
;
5627 s
->nbits
= (csbits
> scbits ? csbits
: scbits
);
5629 /* The keys only have hlen-bit entropy, since they're based on
5630 * a hash. So cap the key size at hlen bits. */
5631 if (s
->nbits
> ssh
->kex
->hash
->hlen
* 8)
5632 s
->nbits
= ssh
->kex
->hash
->hlen
* 8;
5635 * If we're doing Diffie-Hellman group exchange, start by
5636 * requesting a group.
5638 if (!ssh
->kex
->pdata
) {
5639 logevent("Doing Diffie-Hellman group exchange");
5640 ssh
->pkt_kctx
= SSH2_PKTCTX_DHGEX
;
5642 * Work out how big a DH group we will need to allow that
5645 s
->pbits
= 512 << ((s
->nbits
- 1) / 64);
5646 s
->pktout
= ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST
);
5647 ssh2_pkt_adduint32(s
->pktout
, s
->pbits
);
5648 ssh2_pkt_send_noqueue(ssh
, s
->pktout
);
5651 if (pktin
->type
!= SSH2_MSG_KEX_DH_GEX_GROUP
) {
5652 bombout(("expected key exchange group packet from server"));
5655 s
->p
= ssh2_pkt_getmp(pktin
);
5656 s
->g
= ssh2_pkt_getmp(pktin
);
5657 if (!s
->p
|| !s
->g
) {
5658 bombout(("unable to read mp-ints from incoming group packet"));
5661 ssh
->kex_ctx
= dh_setup_gex(s
->p
, s
->g
);
5662 s
->kex_init_value
= SSH2_MSG_KEX_DH_GEX_INIT
;
5663 s
->kex_reply_value
= SSH2_MSG_KEX_DH_GEX_REPLY
;
5665 ssh
->pkt_kctx
= SSH2_PKTCTX_DHGROUP
;
5666 ssh
->kex_ctx
= dh_setup_group(ssh
->kex
);
5667 s
->kex_init_value
= SSH2_MSG_KEXDH_INIT
;
5668 s
->kex_reply_value
= SSH2_MSG_KEXDH_REPLY
;
5669 logeventf(ssh
, "Using Diffie-Hellman with standard group \"%s\"",
5670 ssh
->kex
->groupname
);
5673 logeventf(ssh
, "Doing Diffie-Hellman key exchange with hash %s",
5674 ssh
->kex
->hash
->text_name
);
5676 * Now generate and send e for Diffie-Hellman.
5678 set_busy_status(ssh
->frontend
, BUSY_CPU
); /* this can take a while */
5679 s
->e
= dh_create_e(ssh
->kex_ctx
, s
->nbits
* 2);
5680 s
->pktout
= ssh2_pkt_init(s
->kex_init_value
);
5681 ssh2_pkt_addmp(s
->pktout
, s
->e
);
5682 ssh2_pkt_send_noqueue(ssh
, s
->pktout
);
5684 set_busy_status(ssh
->frontend
, BUSY_WAITING
); /* wait for server */
5686 if (pktin
->type
!= s
->kex_reply_value
) {
5687 bombout(("expected key exchange reply packet from server"));
5690 set_busy_status(ssh
->frontend
, BUSY_CPU
); /* cogitate */
5691 ssh_pkt_getstring(pktin
, &s
->hostkeydata
, &s
->hostkeylen
);
5692 s
->hkey
= ssh
->hostkey
->newkey(s
->hostkeydata
, s
->hostkeylen
);
5693 s
->f
= ssh2_pkt_getmp(pktin
);
5695 bombout(("unable to parse key exchange reply packet"));
5698 ssh_pkt_getstring(pktin
, &s
->sigdata
, &s
->siglen
);
5700 s
->K
= dh_find_K(ssh
->kex_ctx
, s
->f
);
5702 /* We assume everything from now on will be quick, and it might
5703 * involve user interaction. */
5704 set_busy_status(ssh
->frontend
, BUSY_NOT
);
5706 hash_string(ssh
->kex
->hash
, ssh
->exhash
, s
->hostkeydata
, s
->hostkeylen
);
5707 if (!ssh
->kex
->pdata
) {
5708 hash_uint32(ssh
->kex
->hash
, ssh
->exhash
, s
->pbits
);
5709 hash_mpint(ssh
->kex
->hash
, ssh
->exhash
, s
->p
);
5710 hash_mpint(ssh
->kex
->hash
, ssh
->exhash
, s
->g
);
5712 hash_mpint(ssh
->kex
->hash
, ssh
->exhash
, s
->e
);
5713 hash_mpint(ssh
->kex
->hash
, ssh
->exhash
, s
->f
);
5715 dh_cleanup(ssh
->kex_ctx
);
5717 if (!ssh
->kex
->pdata
) {
5722 logeventf(ssh
, "Doing RSA key exchange with hash %s",
5723 ssh
->kex
->hash
->text_name
);
5724 ssh
->pkt_kctx
= SSH2_PKTCTX_RSAKEX
;
5726 * RSA key exchange. First expect a KEXRSA_PUBKEY packet
5730 if (pktin
->type
!= SSH2_MSG_KEXRSA_PUBKEY
) {
5731 bombout(("expected RSA public key packet from server"));
5735 ssh_pkt_getstring(pktin
, &s
->hostkeydata
, &s
->hostkeylen
);
5736 hash_string(ssh
->kex
->hash
, ssh
->exhash
,
5737 s
->hostkeydata
, s
->hostkeylen
);
5738 s
->hkey
= ssh
->hostkey
->newkey(s
->hostkeydata
, s
->hostkeylen
);
5742 ssh_pkt_getstring(pktin
, &keydata
, &s
->rsakeylen
);
5743 s
->rsakeydata
= snewn(s
->rsakeylen
, char);
5744 memcpy(s
->rsakeydata
, keydata
, s
->rsakeylen
);
5747 s
->rsakey
= ssh_rsakex_newkey(s
->rsakeydata
, s
->rsakeylen
);
5749 sfree(s
->rsakeydata
);
5750 bombout(("unable to parse RSA public key from server"));
5754 hash_string(ssh
->kex
->hash
, ssh
->exhash
, s
->rsakeydata
, s
->rsakeylen
);
5757 * Next, set up a shared secret K, of precisely KLEN -
5758 * 2*HLEN - 49 bits, where KLEN is the bit length of the
5759 * RSA key modulus and HLEN is the bit length of the hash
5763 int klen
= ssh_rsakex_klen(s
->rsakey
);
5764 int nbits
= klen
- (2*ssh
->kex
->hash
->hlen
*8 + 49);
5766 unsigned char *kstr1
, *kstr2
, *outstr
;
5767 int kstr1len
, kstr2len
, outstrlen
;
5769 s
->K
= bn_power_2(nbits
- 1);
5771 for (i
= 0; i
< nbits
; i
++) {
5773 byte
= random_byte();
5775 bignum_set_bit(s
->K
, i
, (byte
>> (i
& 7)) & 1);
5779 * Encode this as an mpint.
5781 kstr1
= ssh2_mpint_fmt(s
->K
, &kstr1len
);
5782 kstr2
= snewn(kstr2len
= 4 + kstr1len
, unsigned char);
5783 PUT_32BIT(kstr2
, kstr1len
);
5784 memcpy(kstr2
+ 4, kstr1
, kstr1len
);
5787 * Encrypt it with the given RSA key.
5789 outstrlen
= (klen
+ 7) / 8;
5790 outstr
= snewn(outstrlen
, unsigned char);
5791 ssh_rsakex_encrypt(ssh
->kex
->hash
, kstr2
, kstr2len
,
5792 outstr
, outstrlen
, s
->rsakey
);
5795 * And send it off in a return packet.
5797 s
->pktout
= ssh2_pkt_init(SSH2_MSG_KEXRSA_SECRET
);
5798 ssh2_pkt_addstring_start(s
->pktout
);
5799 ssh2_pkt_addstring_data(s
->pktout
, (char *)outstr
, outstrlen
);
5800 ssh2_pkt_send_noqueue(ssh
, s
->pktout
);
5802 hash_string(ssh
->kex
->hash
, ssh
->exhash
, outstr
, outstrlen
);
5809 ssh_rsakex_freekey(s
->rsakey
);
5812 if (pktin
->type
!= SSH2_MSG_KEXRSA_DONE
) {
5813 sfree(s
->rsakeydata
);
5814 bombout(("expected signature packet from server"));
5818 ssh_pkt_getstring(pktin
, &s
->sigdata
, &s
->siglen
);
5820 sfree(s
->rsakeydata
);
5823 hash_mpint(ssh
->kex
->hash
, ssh
->exhash
, s
->K
);
5824 assert(ssh
->kex
->hash
->hlen
<= sizeof(s
->exchange_hash
));
5825 ssh
->kex
->hash
->final(ssh
->exhash
, s
->exchange_hash
);
5827 ssh
->kex_ctx
= NULL
;
5830 debug(("Exchange hash is:\n"));
5831 dmemdump(s
->exchange_hash
, ssh
->kex
->hash
->hlen
);
5835 !ssh
->hostkey
->verifysig(s
->hkey
, s
->sigdata
, s
->siglen
,
5836 (char *)s
->exchange_hash
,
5837 ssh
->kex
->hash
->hlen
)) {
5838 bombout(("Server's host key did not match the signature supplied"));
5843 * Authenticate remote host: verify host key. (We've already
5844 * checked the signature of the exchange hash.)
5846 s
->keystr
= ssh
->hostkey
->fmtkey(s
->hkey
);
5847 s
->fingerprint
= ssh
->hostkey
->fingerprint(s
->hkey
);
5848 ssh_set_frozen(ssh
, 1);
5849 s
->dlgret
= verify_ssh_host_key(ssh
->frontend
,
5850 ssh
->savedhost
, ssh
->savedport
,
5851 ssh
->hostkey
->keytype
, s
->keystr
,
5853 ssh_dialog_callback
, ssh
);
5854 if (s
->dlgret
< 0) {
5858 bombout(("Unexpected data from server while waiting"
5859 " for user host key response"));
5862 } while (pktin
|| inlen
> 0);
5863 s
->dlgret
= ssh
->user_response
;
5865 ssh_set_frozen(ssh
, 0);
5866 if (s
->dlgret
== 0) {
5867 ssh_disconnect(ssh
, "User aborted at host key verification", NULL
,
5871 if (!s
->got_session_id
) { /* don't bother logging this in rekeys */
5872 logevent("Host key fingerprint is:");
5873 logevent(s
->fingerprint
);
5875 sfree(s
->fingerprint
);
5877 ssh
->hostkey
->freekey(s
->hkey
);
5880 * The exchange hash from the very first key exchange is also
5881 * the session id, used in session key construction and
5884 if (!s
->got_session_id
) {
5885 assert(sizeof(s
->exchange_hash
) <= sizeof(ssh
->v2_session_id
));
5886 memcpy(ssh
->v2_session_id
, s
->exchange_hash
,
5887 sizeof(s
->exchange_hash
));
5888 ssh
->v2_session_id_len
= ssh
->kex
->hash
->hlen
;
5889 assert(ssh
->v2_session_id_len
<= sizeof(ssh
->v2_session_id
));
5890 s
->got_session_id
= TRUE
;
5894 * Send SSH2_MSG_NEWKEYS.
5896 s
->pktout
= ssh2_pkt_init(SSH2_MSG_NEWKEYS
);
5897 ssh2_pkt_send_noqueue(ssh
, s
->pktout
);
5898 ssh
->outgoing_data_size
= 0; /* start counting from here */
5901 * We've sent client NEWKEYS, so create and initialise
5902 * client-to-server session keys.
5904 if (ssh
->cs_cipher_ctx
)
5905 ssh
->cscipher
->free_context(ssh
->cs_cipher_ctx
);
5906 ssh
->cscipher
= s
->cscipher_tobe
;
5907 ssh
->cs_cipher_ctx
= ssh
->cscipher
->make_context();
5909 if (ssh
->cs_mac_ctx
)
5910 ssh
->csmac
->free_context(ssh
->cs_mac_ctx
);
5911 ssh
->csmac
= s
->csmac_tobe
;
5912 ssh
->cs_mac_ctx
= ssh
->csmac
->make_context();
5914 if (ssh
->cs_comp_ctx
)
5915 ssh
->cscomp
->compress_cleanup(ssh
->cs_comp_ctx
);
5916 ssh
->cscomp
= s
->cscomp_tobe
;
5917 ssh
->cs_comp_ctx
= ssh
->cscomp
->compress_init();
5920 * Set IVs on client-to-server keys. Here we use the exchange
5921 * hash from the _first_ key exchange.
5924 unsigned char keyspace
[SSH2_KEX_MAX_HASH_LEN
* SSH2_MKKEY_ITERS
];
5925 assert(sizeof(keyspace
) >= ssh
->kex
->hash
->hlen
* SSH2_MKKEY_ITERS
);
5926 ssh2_mkkey(ssh
,s
->K
,s
->exchange_hash
,'C',keyspace
);
5927 assert((ssh
->cscipher
->keylen
+7) / 8 <=
5928 ssh
->kex
->hash
->hlen
* SSH2_MKKEY_ITERS
);
5929 ssh
->cscipher
->setkey(ssh
->cs_cipher_ctx
, keyspace
);
5930 ssh2_mkkey(ssh
,s
->K
,s
->exchange_hash
,'A',keyspace
);
5931 assert(ssh
->cscipher
->blksize
<=
5932 ssh
->kex
->hash
->hlen
* SSH2_MKKEY_ITERS
);
5933 ssh
->cscipher
->setiv(ssh
->cs_cipher_ctx
, keyspace
);
5934 ssh2_mkkey(ssh
,s
->K
,s
->exchange_hash
,'E',keyspace
);
5935 assert(ssh
->csmac
->len
<=
5936 ssh
->kex
->hash
->hlen
* SSH2_MKKEY_ITERS
);
5937 ssh
->csmac
->setkey(ssh
->cs_mac_ctx
, keyspace
);
5938 memset(keyspace
, 0, sizeof(keyspace
));
5941 logeventf(ssh
, "Initialised %.200s client->server encryption",
5942 ssh
->cscipher
->text_name
);
5943 logeventf(ssh
, "Initialised %.200s client->server MAC algorithm",
5944 ssh
->csmac
->text_name
);
5945 if (ssh
->cscomp
->text_name
)
5946 logeventf(ssh
, "Initialised %s compression",
5947 ssh
->cscomp
->text_name
);
5950 * Now our end of the key exchange is complete, we can send all
5951 * our queued higher-layer packets.
5953 ssh
->queueing
= FALSE
;
5954 ssh2_pkt_queuesend(ssh
);
5957 * Expect SSH2_MSG_NEWKEYS from server.
5960 if (pktin
->type
!= SSH2_MSG_NEWKEYS
) {
5961 bombout(("expected new-keys packet from server"));
5964 ssh
->incoming_data_size
= 0; /* start counting from here */
5967 * We've seen server NEWKEYS, so create and initialise
5968 * server-to-client session keys.
5970 if (ssh
->sc_cipher_ctx
)
5971 ssh
->sccipher
->free_context(ssh
->sc_cipher_ctx
);
5972 ssh
->sccipher
= s
->sccipher_tobe
;
5973 ssh
->sc_cipher_ctx
= ssh
->sccipher
->make_context();
5975 if (ssh
->sc_mac_ctx
)
5976 ssh
->scmac
->free_context(ssh
->sc_mac_ctx
);
5977 ssh
->scmac
= s
->scmac_tobe
;
5978 ssh
->sc_mac_ctx
= ssh
->scmac
->make_context();
5980 if (ssh
->sc_comp_ctx
)
5981 ssh
->sccomp
->decompress_cleanup(ssh
->sc_comp_ctx
);
5982 ssh
->sccomp
= s
->sccomp_tobe
;
5983 ssh
->sc_comp_ctx
= ssh
->sccomp
->decompress_init();
5986 * Set IVs on server-to-client keys. Here we use the exchange
5987 * hash from the _first_ key exchange.
5990 unsigned char keyspace
[SSH2_KEX_MAX_HASH_LEN
* SSH2_MKKEY_ITERS
];
5991 assert(sizeof(keyspace
) >= ssh
->kex
->hash
->hlen
* SSH2_MKKEY_ITERS
);
5992 ssh2_mkkey(ssh
,s
->K
,s
->exchange_hash
,'D',keyspace
);
5993 assert((ssh
->sccipher
->keylen
+7) / 8 <=
5994 ssh
->kex
->hash
->hlen
* SSH2_MKKEY_ITERS
);
5995 ssh
->sccipher
->setkey(ssh
->sc_cipher_ctx
, keyspace
);
5996 ssh2_mkkey(ssh
,s
->K
,s
->exchange_hash
,'B',keyspace
);
5997 assert(ssh
->sccipher
->blksize
<=
5998 ssh
->kex
->hash
->hlen
* SSH2_MKKEY_ITERS
);
5999 ssh
->sccipher
->setiv(ssh
->sc_cipher_ctx
, keyspace
);
6000 ssh2_mkkey(ssh
,s
->K
,s
->exchange_hash
,'F',keyspace
);
6001 assert(ssh
->scmac
->len
<=
6002 ssh
->kex
->hash
->hlen
* SSH2_MKKEY_ITERS
);
6003 ssh
->scmac
->setkey(ssh
->sc_mac_ctx
, keyspace
);
6004 memset(keyspace
, 0, sizeof(keyspace
));
6006 logeventf(ssh
, "Initialised %.200s server->client encryption",
6007 ssh
->sccipher
->text_name
);
6008 logeventf(ssh
, "Initialised %.200s server->client MAC algorithm",
6009 ssh
->scmac
->text_name
);
6010 if (ssh
->sccomp
->text_name
)
6011 logeventf(ssh
, "Initialised %s decompression",
6012 ssh
->sccomp
->text_name
);
6015 * Free shared secret.
6020 * Key exchange is over. Loop straight back round if we have a
6021 * deferred rekey reason.
6023 if (ssh
->deferred_rekey_reason
) {
6024 logevent(ssh
->deferred_rekey_reason
);
6026 ssh
->deferred_rekey_reason
= NULL
;
6027 goto begin_key_exchange
;
6031 * Otherwise, schedule a timer for our next rekey.
6033 ssh
->kex_in_progress
= FALSE
;
6034 ssh
->last_rekey
= GETTICKCOUNT();
6035 if (ssh
->cfg
.ssh_rekey_time
!= 0)
6036 ssh
->next_rekey
= schedule_timer(ssh
->cfg
.ssh_rekey_time
*60*TICKSPERSEC
,
6040 * If this is the first key exchange phase, we must pass the
6041 * SSH2_MSG_NEWKEYS packet to the next layer, not because it
6042 * wants to see it but because it will need time to initialise
6043 * itself before it sees an actual packet. In subsequent key
6044 * exchange phases, we don't pass SSH2_MSG_NEWKEYS on, because
6045 * it would only confuse the layer above.
6047 if (s
->activated_authconn
) {
6050 s
->activated_authconn
= TRUE
;
6053 * Now we're encrypting. Begin returning 1 to the protocol main
6054 * function so that other things can run on top of the
6055 * transport. If we ever see a KEXINIT, we must go back to the
6058 * We _also_ go back to the start if we see pktin==NULL and
6059 * inlen==-1, because this is a special signal meaning
6060 * `initiate client-driven rekey', and `in' contains a message
6061 * giving the reason for the rekey.
6063 while (!((pktin
&& pktin
->type
== SSH2_MSG_KEXINIT
) ||
6064 (!pktin
&& inlen
== -1))) {
6069 logevent("Server initiated key re-exchange");
6072 * Special case: if the server bug is set that doesn't
6073 * allow rekeying, we give a different log message and
6074 * continue waiting. (If such a server _initiates_ a rekey,
6075 * we process it anyway!)
6077 if ((ssh
->remote_bugs
& BUG_SSH2_REKEY
)) {
6078 logeventf(ssh
, "Server bug prevents key re-exchange (%s)",
6080 /* Reset the counters, so that at least this message doesn't
6081 * hit the event log _too_ often. */
6082 ssh
->outgoing_data_size
= 0;
6083 ssh
->incoming_data_size
= 0;
6084 if (ssh
->cfg
.ssh_rekey_time
!= 0) {
6086 schedule_timer(ssh
->cfg
.ssh_rekey_time
*60*TICKSPERSEC
,
6089 goto wait_for_rekey
; /* this is utterly horrid */
6091 logeventf(ssh
, "Initiating key re-exchange (%s)", (char *)in
);
6094 goto begin_key_exchange
;
6100 * Add data to an SSH-2 channel output buffer.
6102 static void ssh2_add_channel_data(struct ssh_channel
*c
, char *buf
,
6105 bufchain_add(&c
->v
.v2
.outbuffer
, buf
, len
);
6109 * Attempt to send data on an SSH-2 channel.
6111 static int ssh2_try_send(struct ssh_channel
*c
)
6114 struct Packet
*pktout
;
6116 while (c
->v
.v2
.remwindow
> 0 && bufchain_size(&c
->v
.v2
.outbuffer
) > 0) {
6119 bufchain_prefix(&c
->v
.v2
.outbuffer
, &data
, &len
);
6120 if ((unsigned)len
> c
->v
.v2
.remwindow
)
6121 len
= c
->v
.v2
.remwindow
;
6122 if ((unsigned)len
> c
->v
.v2
.remmaxpkt
)
6123 len
= c
->v
.v2
.remmaxpkt
;
6124 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA
);
6125 ssh2_pkt_adduint32(pktout
, c
->remoteid
);
6126 dont_log_data(ssh
, pktout
, PKTLOG_OMIT
);
6127 ssh2_pkt_addstring_start(pktout
);
6128 ssh2_pkt_addstring_data(pktout
, data
, len
);
6129 end_log_omission(ssh
, pktout
);
6130 ssh2_pkt_send(ssh
, pktout
);
6131 bufchain_consume(&c
->v
.v2
.outbuffer
, len
);
6132 c
->v
.v2
.remwindow
-= len
;
6136 * After having sent as much data as we can, return the amount
6139 return bufchain_size(&c
->v
.v2
.outbuffer
);
6142 static void ssh2_try_send_and_unthrottle(struct ssh_channel
*c
)
6146 return; /* don't send on closing channels */
6147 bufsize
= ssh2_try_send(c
);
6150 case CHAN_MAINSESSION
:
6151 /* stdin need not receive an unthrottle
6152 * notification since it will be polled */
6155 x11_unthrottle(c
->u
.x11
.s
);
6158 /* agent sockets are request/response and need no
6159 * buffer management */
6162 pfd_unthrottle(c
->u
.pfd
.s
);
6169 * Potentially enlarge the window on an SSH-2 channel.
6171 static void ssh2_set_window(struct ssh_channel
*c
, unsigned newwin
)
6176 * Never send WINDOW_ADJUST for a channel that the remote side
6177 * already thinks it's closed; there's no point, since it won't
6178 * be sending any more data anyway.
6184 * Only send a WINDOW_ADJUST if there's significantly more window
6185 * available than the other end thinks there is. This saves us
6186 * sending a WINDOW_ADJUST for every character in a shell session.
6188 * "Significant" is arbitrarily defined as half the window size.
6190 if (newwin
> c
->v
.v2
.locwindow
* 2) {
6191 struct Packet
*pktout
;
6193 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST
);
6194 ssh2_pkt_adduint32(pktout
, c
->remoteid
);
6195 ssh2_pkt_adduint32(pktout
, newwin
- c
->v
.v2
.locwindow
);
6196 ssh2_pkt_send(ssh
, pktout
);
6197 c
->v
.v2
.locwindow
= newwin
;
6201 static void ssh2_msg_channel_window_adjust(Ssh ssh
, struct Packet
*pktin
)
6203 unsigned i
= ssh_pkt_getuint32(pktin
);
6204 struct ssh_channel
*c
;
6205 c
= find234(ssh
->channels
, &i
, ssh_channelfind
);
6206 if (c
&& !c
->closes
) {
6207 c
->v
.v2
.remwindow
+= ssh_pkt_getuint32(pktin
);
6208 ssh2_try_send_and_unthrottle(c
);
6212 static void ssh2_msg_channel_data(Ssh ssh
, struct Packet
*pktin
)
6216 unsigned i
= ssh_pkt_getuint32(pktin
);
6217 struct ssh_channel
*c
;
6218 c
= find234(ssh
->channels
, &i
, ssh_channelfind
);
6220 return; /* nonexistent channel */
6221 if (pktin
->type
== SSH2_MSG_CHANNEL_EXTENDED_DATA
&&
6222 ssh_pkt_getuint32(pktin
) != SSH2_EXTENDED_DATA_STDERR
)
6223 return; /* extended but not stderr */
6224 ssh_pkt_getstring(pktin
, &data
, &length
);
6227 c
->v
.v2
.locwindow
-= length
;
6229 case CHAN_MAINSESSION
:
6231 from_backend(ssh
->frontend
, pktin
->type
==
6232 SSH2_MSG_CHANNEL_EXTENDED_DATA
,
6236 bufsize
= x11_send(c
->u
.x11
.s
, data
, length
);
6239 bufsize
= pfd_send(c
->u
.pfd
.s
, data
, length
);
6242 while (length
> 0) {
6243 if (c
->u
.a
.lensofar
< 4) {
6244 unsigned int l
= min(4 - c
->u
.a
.lensofar
,
6246 memcpy(c
->u
.a
.msglen
+ c
->u
.a
.lensofar
,
6250 c
->u
.a
.lensofar
+= l
;
6252 if (c
->u
.a
.lensofar
== 4) {
6254 4 + GET_32BIT(c
->u
.a
.msglen
);
6255 c
->u
.a
.message
= snewn(c
->u
.a
.totallen
,
6257 memcpy(c
->u
.a
.message
, c
->u
.a
.msglen
, 4);
6259 if (c
->u
.a
.lensofar
>= 4 && length
> 0) {
6261 min(c
->u
.a
.totallen
- c
->u
.a
.lensofar
,
6263 memcpy(c
->u
.a
.message
+ c
->u
.a
.lensofar
,
6267 c
->u
.a
.lensofar
+= l
;
6269 if (c
->u
.a
.lensofar
== c
->u
.a
.totallen
) {
6272 if (agent_query(c
->u
.a
.message
,
6275 ssh_agentf_callback
, c
))
6276 ssh_agentf_callback(c
, reply
, replylen
);
6277 sfree(c
->u
.a
.message
);
6278 c
->u
.a
.lensofar
= 0;
6285 * If we are not buffering too much data,
6286 * enlarge the window again at the remote side.
6288 if (bufsize
< OUR_V2_WINSIZE
)
6289 ssh2_set_window(c
, OUR_V2_WINSIZE
- bufsize
);
6293 static void ssh2_msg_channel_eof(Ssh ssh
, struct Packet
*pktin
)
6295 unsigned i
= ssh_pkt_getuint32(pktin
);
6296 struct ssh_channel
*c
;
6298 c
= find234(ssh
->channels
, &i
, ssh_channelfind
);
6300 return; /* nonexistent channel */
6302 if (c
->type
== CHAN_X11
) {
6304 * Remote EOF on an X11 channel means we should
6305 * wrap up and close the channel ourselves.
6307 x11_close(c
->u
.x11
.s
);
6309 } else if (c
->type
== CHAN_AGENT
) {
6311 } else if (c
->type
== CHAN_SOCKDATA
) {
6312 pfd_close(c
->u
.pfd
.s
);
6317 static void ssh2_msg_channel_close(Ssh ssh
, struct Packet
*pktin
)
6319 unsigned i
= ssh_pkt_getuint32(pktin
);
6320 struct ssh_channel
*c
;
6321 struct Packet
*pktout
;
6323 c
= find234(ssh
->channels
, &i
, ssh_channelfind
);
6324 if (!c
|| c
->halfopen
) {
6325 bombout(("Received CHANNEL_CLOSE for %s channel %d\n",
6326 c ?
"half-open" : "nonexistent", i
));
6329 /* Do pre-close processing on the channel. */
6331 case CHAN_MAINSESSION
:
6332 ssh
->mainchan
= NULL
;
6333 update_specials_menu(ssh
->frontend
);
6336 if (c
->u
.x11
.s
!= NULL
)
6337 x11_close(c
->u
.x11
.s
);
6344 if (c
->u
.pfd
.s
!= NULL
)
6345 pfd_close(c
->u
.pfd
.s
);
6349 if (c
->closes
== 0) {
6350 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE
);
6351 ssh2_pkt_adduint32(pktout
, c
->remoteid
);
6352 ssh2_pkt_send(ssh
, pktout
);
6354 del234(ssh
->channels
, c
);
6355 bufchain_clear(&c
->v
.v2
.outbuffer
);
6359 * See if that was the last channel left open.
6360 * (This is only our termination condition if we're
6361 * not running in -N mode.)
6363 if (!ssh
->cfg
.ssh_no_shell
&& count234(ssh
->channels
) == 0) {
6365 * We used to send SSH_MSG_DISCONNECT here,
6366 * because I'd believed that _every_ conforming
6367 * SSH-2 connection had to end with a disconnect
6368 * being sent by at least one side; apparently
6369 * I was wrong and it's perfectly OK to
6370 * unceremoniously slam the connection shut
6371 * when you're done, and indeed OpenSSH feels
6372 * this is more polite than sending a
6373 * DISCONNECT. So now we don't.
6375 ssh_disconnect(ssh
, "All channels closed", NULL
, 0, TRUE
);
6379 static void ssh2_msg_channel_open_confirmation(Ssh ssh
, struct Packet
*pktin
)
6381 unsigned i
= ssh_pkt_getuint32(pktin
);
6382 struct ssh_channel
*c
;
6383 struct Packet
*pktout
;
6385 c
= find234(ssh
->channels
, &i
, ssh_channelfind
);
6387 return; /* nonexistent channel */
6388 if (c
->type
!= CHAN_SOCKDATA_DORMANT
)
6389 return; /* dunno why they're confirming this */
6390 c
->remoteid
= ssh_pkt_getuint32(pktin
);
6391 c
->halfopen
= FALSE
;
6392 c
->type
= CHAN_SOCKDATA
;
6393 c
->v
.v2
.remwindow
= ssh_pkt_getuint32(pktin
);
6394 c
->v
.v2
.remmaxpkt
= ssh_pkt_getuint32(pktin
);
6396 pfd_confirm(c
->u
.pfd
.s
);
6399 * We have a pending close on this channel,
6400 * which we decided on before the server acked
6401 * the channel open. So now we know the
6402 * remoteid, we can close it again.
6404 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE
);
6405 ssh2_pkt_adduint32(pktout
, c
->remoteid
);
6406 ssh2_pkt_send(ssh
, pktout
);
6410 static void ssh2_msg_channel_open_failure(Ssh ssh
, struct Packet
*pktin
)
6412 static const char *const reasons
[] = {
6413 "<unknown reason code>",
6414 "Administratively prohibited",
6416 "Unknown channel type",
6417 "Resource shortage",
6419 unsigned i
= ssh_pkt_getuint32(pktin
);
6420 unsigned reason_code
;
6421 char *reason_string
;
6423 struct ssh_channel
*c
;
6424 c
= find234(ssh
->channels
, &i
, ssh_channelfind
);
6426 return; /* nonexistent channel */
6427 if (c
->type
!= CHAN_SOCKDATA_DORMANT
)
6428 return; /* dunno why they're failing this */
6430 reason_code
= ssh_pkt_getuint32(pktin
);
6431 if (reason_code
>= lenof(reasons
))
6432 reason_code
= 0; /* ensure reasons[reason_code] in range */
6433 ssh_pkt_getstring(pktin
, &reason_string
, &reason_length
);
6434 logeventf(ssh
, "Forwarded connection refused by server: %s [%.*s]",
6435 reasons
[reason_code
], reason_length
, reason_string
);
6437 pfd_close(c
->u
.pfd
.s
);
6439 del234(ssh
->channels
, c
);
6443 static void ssh2_msg_channel_request(Ssh ssh
, struct Packet
*pktin
)
6447 int typelen
, want_reply
;
6448 int reply
= SSH2_MSG_CHANNEL_FAILURE
; /* default */
6449 struct ssh_channel
*c
;
6450 struct Packet
*pktout
;
6452 localid
= ssh_pkt_getuint32(pktin
);
6453 ssh_pkt_getstring(pktin
, &type
, &typelen
);
6454 want_reply
= ssh2_pkt_getbool(pktin
);
6457 * First, check that the channel exists. Otherwise,
6458 * we can instantly disconnect with a rude message.
6460 c
= find234(ssh
->channels
, &localid
, ssh_channelfind
);
6462 char *buf
= dupprintf("Received channel request for nonexistent"
6463 " channel %d", localid
);
6464 ssh_disconnect(ssh
, NULL
, buf
, SSH2_DISCONNECT_PROTOCOL_ERROR
, FALSE
);
6470 * Having got the channel number, we now look at
6471 * the request type string to see if it's something
6474 if (c
== ssh
->mainchan
) {
6476 * We recognise "exit-status" and "exit-signal" on
6477 * the primary channel.
6479 if (typelen
== 11 &&
6480 !memcmp(type
, "exit-status", 11)) {
6482 ssh
->exitcode
= ssh_pkt_getuint32(pktin
);
6483 logeventf(ssh
, "Server sent command exit status %d",
6485 reply
= SSH2_MSG_CHANNEL_SUCCESS
;
6487 } else if (typelen
== 11 &&
6488 !memcmp(type
, "exit-signal", 11)) {
6490 int is_plausible
= TRUE
, is_int
= FALSE
;
6491 char *fmt_sig
= "", *fmt_msg
= "";
6493 int msglen
= 0, core
= FALSE
;
6494 /* ICK: older versions of OpenSSH (e.g. 3.4p1)
6495 * provide an `int' for the signal, despite its
6496 * having been a `string' in the drafts since at
6497 * least 2001. (Fixed in session.c 1.147.) Try to
6498 * infer which we can safely parse it as. */
6500 unsigned char *p
= pktin
->body
+
6502 long len
= pktin
->length
- pktin
->savedpos
;
6503 unsigned long num
= GET_32BIT(p
); /* what is it? */
6504 /* If it's 0, it hardly matters; assume string */
6508 int maybe_int
= FALSE
, maybe_str
= FALSE
;
6509 #define CHECK_HYPOTHESIS(offset, result) \
6512 if (q >= 0 && q+4 <= len) { \
6513 q = q + 4 + GET_32BIT(p+q); \
6514 if (q >= 0 && q+4 <= len && \
6515 ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \
6519 CHECK_HYPOTHESIS(4+1, maybe_int
);
6520 CHECK_HYPOTHESIS(4+num
+1, maybe_str
);
6521 #undef CHECK_HYPOTHESIS
6522 if (maybe_int
&& !maybe_str
)
6524 else if (!maybe_int
&& maybe_str
)
6527 /* Crikey. Either or neither. Panic. */
6528 is_plausible
= FALSE
;
6531 ssh
->exitcode
= 128; /* means `unknown signal' */
6534 /* Old non-standard OpenSSH. */
6535 int signum
= ssh_pkt_getuint32(pktin
);
6536 fmt_sig
= dupprintf(" %d", signum
);
6537 ssh
->exitcode
= 128 + signum
;
6539 /* As per the drafts. */
6542 ssh_pkt_getstring(pktin
, &sig
, &siglen
);
6543 /* Signal name isn't supposed to be blank, but
6544 * let's cope gracefully if it is. */
6546 fmt_sig
= dupprintf(" \"%.*s\"",
6551 * Really hideous method of translating the
6552 * signal description back into a locally
6553 * meaningful number.
6558 #define TRANSLATE_SIGNAL(s) \
6559 else if (siglen == lenof(#s)-1 && !memcmp(sig, #s, siglen)) \
6560 ssh->exitcode = 128 + SIG ## s
6562 TRANSLATE_SIGNAL(ABRT
);
6565 TRANSLATE_SIGNAL(ALRM
);
6568 TRANSLATE_SIGNAL(FPE
);
6571 TRANSLATE_SIGNAL(HUP
);
6574 TRANSLATE_SIGNAL(ILL
);
6577 TRANSLATE_SIGNAL(INT
);
6580 TRANSLATE_SIGNAL(KILL
);
6583 TRANSLATE_SIGNAL(PIPE
);
6586 TRANSLATE_SIGNAL(QUIT
);
6589 TRANSLATE_SIGNAL(SEGV
);
6592 TRANSLATE_SIGNAL(TERM
);
6595 TRANSLATE_SIGNAL(USR1
);
6598 TRANSLATE_SIGNAL(USR2
);
6600 #undef TRANSLATE_SIGNAL
6602 ssh
->exitcode
= 128;
6604 core
= ssh2_pkt_getbool(pktin
);
6605 ssh_pkt_getstring(pktin
, &msg
, &msglen
);
6607 fmt_msg
= dupprintf(" (\"%.*s\")", msglen
, msg
);
6609 /* ignore lang tag */
6610 } /* else don't attempt to parse */
6611 logeventf(ssh
, "Server exited on signal%s%s%s",
6612 fmt_sig
, core ?
" (core dumped)" : "",
6614 if (*fmt_sig
) sfree(fmt_sig
);
6615 if (*fmt_msg
) sfree(fmt_msg
);
6616 reply
= SSH2_MSG_CHANNEL_SUCCESS
;
6621 * This is a channel request we don't know
6622 * about, so we now either ignore the request
6623 * or respond with CHANNEL_FAILURE, depending
6626 reply
= SSH2_MSG_CHANNEL_FAILURE
;
6629 pktout
= ssh2_pkt_init(reply
);
6630 ssh2_pkt_adduint32(pktout
, c
->remoteid
);
6631 ssh2_pkt_send(ssh
, pktout
);
6635 static void ssh2_msg_global_request(Ssh ssh
, struct Packet
*pktin
)
6638 int typelen
, want_reply
;
6639 struct Packet
*pktout
;
6641 ssh_pkt_getstring(pktin
, &type
, &typelen
);
6642 want_reply
= ssh2_pkt_getbool(pktin
);
6645 * We currently don't support any global requests
6646 * at all, so we either ignore the request or
6647 * respond with REQUEST_FAILURE, depending on
6651 pktout
= ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE
);
6652 ssh2_pkt_send(ssh
, pktout
);
6656 static void ssh2_msg_channel_open(Ssh ssh
, struct Packet
*pktin
)
6664 struct ssh_channel
*c
;
6665 unsigned remid
, winsize
, pktsize
;
6666 struct Packet
*pktout
;
6668 ssh_pkt_getstring(pktin
, &type
, &typelen
);
6669 c
= snew(struct ssh_channel
);
6672 remid
= ssh_pkt_getuint32(pktin
);
6673 winsize
= ssh_pkt_getuint32(pktin
);
6674 pktsize
= ssh_pkt_getuint32(pktin
);
6676 if (typelen
== 3 && !memcmp(type
, "x11", 3)) {
6679 ssh_pkt_getstring(pktin
, &peeraddr
, &peeraddrlen
);
6680 addrstr
= snewn(peeraddrlen
+1, char);
6681 memcpy(addrstr
, peeraddr
, peeraddrlen
);
6682 addrstr
[peeraddrlen
] = '\0';
6683 peerport
= ssh_pkt_getuint32(pktin
);
6685 logeventf(ssh
, "Received X11 connect request from %s:%d",
6688 if (!ssh
->X11_fwd_enabled
)
6689 error
= "X11 forwarding is not enabled";
6690 else if (x11_init(&c
->u
.x11
.s
, ssh
->cfg
.x11_display
, c
,
6691 ssh
->x11auth
, addrstr
, peerport
,
6692 &ssh
->cfg
) != NULL
) {
6693 error
= "Unable to open an X11 connection";
6695 logevent("Opening X11 forward connection succeeded");
6700 } else if (typelen
== 15 &&
6701 !memcmp(type
, "forwarded-tcpip", 15)) {
6702 struct ssh_rportfwd pf
, *realpf
;
6705 ssh_pkt_getstring(pktin
, &dummy
, &dummylen
);/* skip address */
6706 pf
.sport
= ssh_pkt_getuint32(pktin
);
6707 ssh_pkt_getstring(pktin
, &peeraddr
, &peeraddrlen
);
6708 peerport
= ssh_pkt_getuint32(pktin
);
6709 realpf
= find234(ssh
->rportfwds
, &pf
, NULL
);
6710 logeventf(ssh
, "Received remote port %d open request "
6711 "from %s:%d", pf
.sport
, peeraddr
, peerport
);
6712 if (realpf
== NULL
) {
6713 error
= "Remote port is not recognised";
6715 const char *e
= pfd_newconnect(&c
->u
.pfd
.s
,
6719 realpf
->pfrec
->addressfamily
);
6720 logeventf(ssh
, "Attempting to forward remote port to "
6721 "%s:%d", realpf
->dhost
, realpf
->dport
);
6723 logeventf(ssh
, "Port open failed: %s", e
);
6724 error
= "Port open failed";
6726 logevent("Forwarded port opened successfully");
6727 c
->type
= CHAN_SOCKDATA
;
6730 } else if (typelen
== 22 &&
6731 !memcmp(type
, "auth-agent@openssh.com", 22)) {
6732 if (!ssh
->agentfwd_enabled
)
6733 error
= "Agent forwarding is not enabled";
6735 c
->type
= CHAN_AGENT
; /* identify channel type */
6736 c
->u
.a
.lensofar
= 0;
6739 error
= "Unsupported channel type requested";
6742 c
->remoteid
= remid
;
6743 c
->halfopen
= FALSE
;
6745 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE
);
6746 ssh2_pkt_adduint32(pktout
, c
->remoteid
);
6747 ssh2_pkt_adduint32(pktout
, SSH2_OPEN_CONNECT_FAILED
);
6748 ssh2_pkt_addstring(pktout
, error
);
6749 ssh2_pkt_addstring(pktout
, "en"); /* language tag */
6750 ssh2_pkt_send(ssh
, pktout
);
6751 logeventf(ssh
, "Rejected channel open: %s", error
);
6754 c
->localid
= alloc_channel_id(ssh
);
6756 c
->v
.v2
.locwindow
= OUR_V2_WINSIZE
;
6757 c
->v
.v2
.remwindow
= winsize
;
6758 c
->v
.v2
.remmaxpkt
= pktsize
;
6759 bufchain_init(&c
->v
.v2
.outbuffer
);
6760 add234(ssh
->channels
, c
);
6761 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
);
6762 ssh2_pkt_adduint32(pktout
, c
->remoteid
);
6763 ssh2_pkt_adduint32(pktout
, c
->localid
);
6764 ssh2_pkt_adduint32(pktout
, c
->v
.v2
.locwindow
);
6765 ssh2_pkt_adduint32(pktout
, OUR_V2_MAXPKT
); /* our max pkt size */
6766 ssh2_pkt_send(ssh
, pktout
);
6771 * Buffer banner messages for later display at some convenient point.
6773 static void ssh2_msg_userauth_banner(Ssh ssh
, struct Packet
*pktin
)
6775 /* Arbitrary limit to prevent unbounded inflation of buffer */
6776 if (bufchain_size(&ssh
->banner
) <= 131072) {
6777 char *banner
= NULL
;
6779 ssh_pkt_getstring(pktin
, &banner
, &size
);
6781 bufchain_add(&ssh
->banner
, banner
, size
);
6785 /* Helper function to deal with sending tty modes for "pty-req" */
6786 static void ssh2_send_ttymode(void *data
, char *mode
, char *val
)
6788 struct Packet
*pktout
= (struct Packet
*)data
;
6790 unsigned int arg
= 0;
6791 while (strcmp(mode
, ssh_ttymodes
[i
].mode
) != 0) i
++;
6792 if (i
== lenof(ssh_ttymodes
)) return;
6793 switch (ssh_ttymodes
[i
].type
) {
6795 arg
= ssh_tty_parse_specchar(val
);
6798 arg
= ssh_tty_parse_boolean(val
);
6801 ssh2_pkt_addbyte(pktout
, ssh_ttymodes
[i
].opcode
);
6802 ssh2_pkt_adduint32(pktout
, arg
);
6806 * Handle the SSH-2 userauth and connection layers.
6808 static void do_ssh2_authconn(Ssh ssh
, unsigned char *in
, int inlen
,
6809 struct Packet
*pktin
)
6811 struct do_ssh2_authconn_state
{
6814 AUTH_TYPE_PUBLICKEY
,
6815 AUTH_TYPE_PUBLICKEY_OFFER_LOUD
,
6816 AUTH_TYPE_PUBLICKEY_OFFER_QUIET
,
6818 AUTH_TYPE_KEYBOARD_INTERACTIVE
,
6819 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
6821 int done_service_req
;
6822 int gotit
, need_pw
, can_pubkey
, can_passwd
, can_keyb_inter
;
6823 int tried_pubkey_config
, done_agent
;
6824 int kbd_inter_refused
;
6826 prompts_t
*cur_prompt
;
6831 void *publickey_blob
;
6832 int publickey_bloblen
;
6833 int publickey_encrypted
;
6834 char *publickey_algorithm
;
6835 char *publickey_comment
;
6836 unsigned char agent_request
[5], *agent_response
, *agentp
;
6837 int agent_responselen
;
6838 unsigned char *pkblob_in_agent
;
6840 char *pkblob
, *alg
, *commentp
;
6841 int pklen
, alglen
, commentlen
;
6842 int siglen
, retlen
, len
;
6843 char *q
, *agentreq
, *ret
;
6845 int num_env
, env_left
, env_ok
;
6846 struct Packet
*pktout
;
6848 crState(do_ssh2_authconn_state
);
6850 crBegin(ssh
->do_ssh2_authconn_crstate
);
6852 s
->done_service_req
= FALSE
;
6853 s
->we_are_in
= FALSE
;
6854 if (!ssh
->cfg
.ssh_no_userauth
) {
6856 * Request userauth protocol, and await a response to it.
6858 s
->pktout
= ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST
);
6859 ssh2_pkt_addstring(s
->pktout
, "ssh-userauth");
6860 ssh2_pkt_send(ssh
, s
->pktout
);
6861 crWaitUntilV(pktin
);
6862 if (pktin
->type
== SSH2_MSG_SERVICE_ACCEPT
)
6863 s
->done_service_req
= TRUE
;
6865 if (!s
->done_service_req
) {
6867 * Request connection protocol directly, without authentication.
6869 s
->pktout
= ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST
);
6870 ssh2_pkt_addstring(s
->pktout
, "ssh-connection");
6871 ssh2_pkt_send(ssh
, s
->pktout
);
6872 crWaitUntilV(pktin
);
6873 if (pktin
->type
== SSH2_MSG_SERVICE_ACCEPT
) {
6874 s
->we_are_in
= TRUE
; /* no auth required */
6876 bombout(("Server refused service request"));
6881 /* Arrange to be able to deal with any BANNERs that come in.
6882 * (We do this now as packets may come in during the next bit.) */
6883 bufchain_init(&ssh
->banner
);
6884 ssh
->packet_dispatch
[SSH2_MSG_USERAUTH_BANNER
] =
6885 ssh2_msg_userauth_banner
;
6888 * Misc one-time setup for authentication.
6890 s
->publickey_blob
= NULL
;
6891 if (!s
->we_are_in
) {
6894 * Load the public half of any configured public key file
6897 if (!filename_is_null(ssh
->cfg
.keyfile
)) {
6899 logeventf(ssh
, "Reading private key file \"%.150s\"",
6900 filename_to_str(&ssh
->cfg
.keyfile
));
6901 keytype
= key_type(&ssh
->cfg
.keyfile
);
6902 if (keytype
== SSH_KEYTYPE_SSH2
) {
6905 ssh2_userkey_loadpub(&ssh
->cfg
.keyfile
,
6906 &s
->publickey_algorithm
,
6907 &s
->publickey_bloblen
,
6908 &s
->publickey_comment
, &error
);
6909 if (s
->publickey_blob
) {
6910 s
->publickey_encrypted
=
6911 ssh2_userkey_encrypted(&ssh
->cfg
.keyfile
, NULL
);
6914 logeventf(ssh
, "Unable to load private key (%s)",
6916 msgbuf
= dupprintf("Unable to load private key file "
6917 "\"%.150s\" (%s)\r\n",
6918 filename_to_str(&ssh
->cfg
.keyfile
),
6920 c_write_str(ssh
, msgbuf
);
6925 logeventf(ssh
, "Unable to use this key file (%s)",
6926 key_type_to_str(keytype
));
6927 msgbuf
= dupprintf("Unable to use key file \"%.150s\""
6929 filename_to_str(&ssh
->cfg
.keyfile
),
6930 key_type_to_str(keytype
));
6931 c_write_str(ssh
, msgbuf
);
6933 s
->publickey_blob
= NULL
;
6938 * Find out about any keys Pageant has (but if there's a
6939 * public key configured, filter out all others).
6942 s
->agent_response
= NULL
;
6943 s
->pkblob_in_agent
= NULL
;
6944 if (ssh
->cfg
.tryagent
&& agent_exists()) {
6948 logevent("Pageant is running. Requesting keys.");
6950 /* Request the keys held by the agent. */
6951 PUT_32BIT(s
->agent_request
, 1);
6952 s
->agent_request
[4] = SSH2_AGENTC_REQUEST_IDENTITIES
;
6953 if (!agent_query(s
->agent_request
, 5, &r
, &s
->agent_responselen
,
6954 ssh_agent_callback
, ssh
)) {
6958 bombout(("Unexpected data from server while"
6959 " waiting for agent response"));
6962 } while (pktin
|| inlen
> 0);
6963 r
= ssh
->agent_response
;
6964 s
->agent_responselen
= ssh
->agent_response_len
;
6966 s
->agent_response
= (unsigned char *) r
;
6967 if (s
->agent_response
&& s
->agent_responselen
>= 5 &&
6968 s
->agent_response
[4] == SSH2_AGENT_IDENTITIES_ANSWER
) {
6971 p
= s
->agent_response
+ 5;
6972 s
->nkeys
= GET_32BIT(p
);
6974 logeventf(ssh
, "Pageant has %d SSH-2 keys", s
->nkeys
);
6975 if (s
->publickey_blob
) {
6976 /* See if configured key is in agent. */
6977 for (keyi
= 0; keyi
< s
->nkeys
; keyi
++) {
6978 s
->pklen
= GET_32BIT(p
);
6979 if (s
->pklen
== s
->publickey_bloblen
&&
6980 !memcmp(p
+4, s
->publickey_blob
,
6981 s
->publickey_bloblen
)) {
6982 logeventf(ssh
, "Pageant key #%d matches "
6983 "configured key file", keyi
);
6985 s
->pkblob_in_agent
= p
;
6989 p
+= GET_32BIT(p
) + 4; /* comment */
6991 if (!s
->pkblob_in_agent
) {
6992 logevent("Configured key file not in Pageant");
7002 * We repeat this whole loop, including the username prompt,
7003 * until we manage a successful authentication. If the user
7004 * types the wrong _password_, they can be sent back to the
7005 * beginning to try another username, if this is configured on.
7006 * (If they specify a username in the config, they are never
7007 * asked, even if they do give a wrong password.)
7009 * I think this best serves the needs of
7011 * - the people who have no configuration, no keys, and just
7012 * want to try repeated (username,password) pairs until they
7013 * type both correctly
7015 * - people who have keys and configuration but occasionally
7016 * need to fall back to passwords
7018 * - people with a key held in Pageant, who might not have
7019 * logged in to a particular machine before; so they want to
7020 * type a username, and then _either_ their key will be
7021 * accepted, _or_ they will type a password. If they mistype
7022 * the username they will want to be able to get back and
7025 s
->username
[0] = '\0';
7026 s
->got_username
= FALSE
;
7027 while (!s
->we_are_in
) {
7031 if (s
->got_username
&& !ssh
->cfg
.change_username
) {
7033 * We got a username last time round this loop, and
7034 * with change_username turned off we don't try to get
7037 } else if (!*ssh
->cfg
.username
) {
7038 int ret
; /* need not be kept over crReturn */
7039 s
->cur_prompt
= new_prompts(ssh
->frontend
);
7040 s
->cur_prompt
->to_server
= TRUE
;
7041 s
->cur_prompt
->name
= dupstr("SSH login name");
7042 add_prompt(s
->cur_prompt
, dupstr("login as: "), TRUE
,
7043 lenof(s
->username
));
7044 ret
= get_userpass_input(s
->cur_prompt
, NULL
, 0);
7047 crWaitUntilV(!pktin
);
7048 ret
= get_userpass_input(s
->cur_prompt
, in
, inlen
);
7053 * get_userpass_input() failed to get a username.
7056 free_prompts(s
->cur_prompt
);
7057 ssh_disconnect(ssh
, "No username provided", NULL
, 0, TRUE
);
7060 memcpy(s
->username
, s
->cur_prompt
->prompts
[0]->result
,
7061 lenof(s
->username
));
7062 free_prompts(s
->cur_prompt
);
7065 strncpy(s
->username
, ssh
->cfg
.username
, sizeof(s
->username
));
7066 s
->username
[sizeof(s
->username
)-1] = '\0';
7067 if ((flags
& FLAG_VERBOSE
) || (flags
& FLAG_INTERACTIVE
)) {
7068 stuff
= dupprintf("Using username \"%s\".\r\n", s
->username
);
7069 c_write_str(ssh
, stuff
);
7073 s
->got_username
= TRUE
;
7076 * Send an authentication request using method "none": (a)
7077 * just in case it succeeds, and (b) so that we know what
7078 * authentication methods we can usefully try next.
7080 ssh
->pkt_actx
= SSH2_PKTCTX_NOAUTH
;
7082 s
->pktout
= ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST
);
7083 ssh2_pkt_addstring(s
->pktout
, s
->username
);
7084 ssh2_pkt_addstring(s
->pktout
, "ssh-connection");/* service requested */
7085 ssh2_pkt_addstring(s
->pktout
, "none"); /* method */
7086 ssh2_pkt_send(ssh
, s
->pktout
);
7087 s
->type
= AUTH_TYPE_NONE
;
7089 s
->we_are_in
= FALSE
;
7091 s
->tried_pubkey_config
= FALSE
;
7092 s
->kbd_inter_refused
= FALSE
;
7094 /* Reset agent request state. */
7095 s
->done_agent
= FALSE
;
7096 if (s
->agent_response
) {
7097 if (s
->pkblob_in_agent
) {
7098 s
->agentp
= s
->pkblob_in_agent
;
7100 s
->agentp
= s
->agent_response
+ 5 + 4;
7107 * Wait for the result of the last authentication request.
7110 crWaitUntilV(pktin
);
7112 * Now is a convenient point to spew any banner material
7113 * that we've accumulated. (This should ensure that when
7114 * we exit the auth loop, we haven't any left to deal
7118 int size
= bufchain_size(&ssh
->banner
);
7120 * Don't show the banner if we're operating in
7121 * non-verbose non-interactive mode. (It's probably
7122 * a script, which means nobody will read the
7123 * banner _anyway_, and moreover the printing of
7124 * the banner will screw up processing on the
7125 * output of (say) plink.)
7127 if (size
&& (flags
& (FLAG_VERBOSE
| FLAG_INTERACTIVE
))) {
7128 char *banner
= snewn(size
, char);
7129 bufchain_fetch(&ssh
->banner
, banner
, size
);
7130 c_write_untrusted(ssh
, banner
, size
);
7133 bufchain_clear(&ssh
->banner
);
7135 if (pktin
->type
== SSH2_MSG_USERAUTH_SUCCESS
) {
7136 logevent("Access granted");
7137 s
->we_are_in
= TRUE
;
7141 if (pktin
->type
!= SSH2_MSG_USERAUTH_FAILURE
) {
7142 bombout(("Strange packet received during authentication: "
7143 "type %d", pktin
->type
));
7150 * OK, we're now sitting on a USERAUTH_FAILURE message, so
7151 * we can look at the string in it and know what we can
7152 * helpfully try next.
7154 if (pktin
->type
== SSH2_MSG_USERAUTH_FAILURE
) {
7157 ssh_pkt_getstring(pktin
, &methods
, &methlen
);
7158 if (!ssh2_pkt_getbool(pktin
)) {
7160 * We have received an unequivocal Access
7161 * Denied. This can translate to a variety of
7164 * - if we'd just tried "none" authentication,
7165 * it's not worth printing anything at all
7167 * - if we'd just tried a public key _offer_,
7168 * the message should be "Server refused our
7169 * key" (or no message at all if the key
7170 * came from Pageant)
7172 * - if we'd just tried anything else, the
7173 * message really should be "Access denied".
7175 * Additionally, if we'd just tried password
7176 * authentication, we should break out of this
7177 * whole loop so as to go back to the username
7178 * prompt (iff we're configured to allow
7179 * username change attempts).
7181 if (s
->type
== AUTH_TYPE_NONE
) {
7183 } else if (s
->type
== AUTH_TYPE_PUBLICKEY_OFFER_LOUD
||
7184 s
->type
== AUTH_TYPE_PUBLICKEY_OFFER_QUIET
) {
7185 if (s
->type
== AUTH_TYPE_PUBLICKEY_OFFER_LOUD
)
7186 c_write_str(ssh
, "Server refused our key\r\n");
7187 logevent("Server refused public key");
7188 } else if (s
->type
==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
) {
7189 /* server declined keyboard-interactive; ignore */
7191 c_write_str(ssh
, "Access denied\r\n");
7192 logevent("Access denied");
7193 if (s
->type
== AUTH_TYPE_PASSWORD
&&
7194 ssh
->cfg
.change_username
) {
7195 /* XXX perhaps we should allow
7196 * keyboard-interactive to do this too? */
7197 s
->we_are_in
= FALSE
;
7202 c_write_str(ssh
, "Further authentication required\r\n");
7203 logevent("Further authentication required");
7207 in_commasep_string("publickey", methods
, methlen
);
7209 in_commasep_string("password", methods
, methlen
);
7210 s
->can_keyb_inter
= ssh
->cfg
.try_ki_auth
&&
7211 in_commasep_string("keyboard-interactive", methods
, methlen
);
7214 ssh
->pkt_actx
= SSH2_PKTCTX_NOAUTH
;
7216 if (s
->can_pubkey
&& !s
->done_agent
&& s
->nkeys
) {
7219 * Attempt public-key authentication using a key from Pageant.
7222 ssh
->pkt_actx
= SSH2_PKTCTX_PUBLICKEY
;
7224 logeventf(ssh
, "Trying Pageant key #%d", s
->keyi
);
7226 /* Unpack key from agent response */
7227 s
->pklen
= GET_32BIT(s
->agentp
);
7229 s
->pkblob
= (char *)s
->agentp
;
7230 s
->agentp
+= s
->pklen
;
7231 s
->alglen
= GET_32BIT(s
->pkblob
);
7232 s
->alg
= s
->pkblob
+ 4;
7233 s
->commentlen
= GET_32BIT(s
->agentp
);
7235 s
->commentp
= (char *)s
->agentp
;
7236 s
->agentp
+= s
->commentlen
;
7237 /* s->agentp now points at next key, if any */
7239 /* See if server will accept it */
7240 s
->pktout
= ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST
);
7241 ssh2_pkt_addstring(s
->pktout
, s
->username
);
7242 ssh2_pkt_addstring(s
->pktout
, "ssh-connection");
7243 /* service requested */
7244 ssh2_pkt_addstring(s
->pktout
, "publickey");
7246 ssh2_pkt_addbool(s
->pktout
, FALSE
); /* no signature included */
7247 ssh2_pkt_addstring_start(s
->pktout
);
7248 ssh2_pkt_addstring_data(s
->pktout
, s
->alg
, s
->alglen
);
7249 ssh2_pkt_addstring_start(s
->pktout
);
7250 ssh2_pkt_addstring_data(s
->pktout
, s
->pkblob
, s
->pklen
);
7251 ssh2_pkt_send(ssh
, s
->pktout
);
7252 s
->type
= AUTH_TYPE_PUBLICKEY_OFFER_QUIET
;
7254 crWaitUntilV(pktin
);
7255 if (pktin
->type
!= SSH2_MSG_USERAUTH_PK_OK
) {
7257 /* Offer of key refused. */
7264 if (flags
& FLAG_VERBOSE
) {
7265 c_write_str(ssh
, "Authenticating with "
7267 c_write(ssh
, s
->commentp
, s
->commentlen
);
7268 c_write_str(ssh
, "\" from agent\r\n");
7272 * Server is willing to accept the key.
7273 * Construct a SIGN_REQUEST.
7275 s
->pktout
= ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST
);
7276 ssh2_pkt_addstring(s
->pktout
, s
->username
);
7277 ssh2_pkt_addstring(s
->pktout
, "ssh-connection");
7278 /* service requested */
7279 ssh2_pkt_addstring(s
->pktout
, "publickey");
7281 ssh2_pkt_addbool(s
->pktout
, TRUE
); /* signature included */
7282 ssh2_pkt_addstring_start(s
->pktout
);
7283 ssh2_pkt_addstring_data(s
->pktout
, s
->alg
, s
->alglen
);
7284 ssh2_pkt_addstring_start(s
->pktout
);
7285 ssh2_pkt_addstring_data(s
->pktout
, s
->pkblob
, s
->pklen
);
7287 /* Ask agent for signature. */
7288 s
->siglen
= s
->pktout
->length
- 5 + 4 +
7289 ssh
->v2_session_id_len
;
7290 if (ssh
->remote_bugs
& BUG_SSH2_PK_SESSIONID
)
7292 s
->len
= 1; /* message type */
7293 s
->len
+= 4 + s
->pklen
; /* key blob */
7294 s
->len
+= 4 + s
->siglen
; /* data to sign */
7295 s
->len
+= 4; /* flags */
7296 s
->agentreq
= snewn(4 + s
->len
, char);
7297 PUT_32BIT(s
->agentreq
, s
->len
);
7298 s
->q
= s
->agentreq
+ 4;
7299 *s
->q
++ = SSH2_AGENTC_SIGN_REQUEST
;
7300 PUT_32BIT(s
->q
, s
->pklen
);
7302 memcpy(s
->q
, s
->pkblob
, s
->pklen
);
7304 PUT_32BIT(s
->q
, s
->siglen
);
7306 /* Now the data to be signed... */
7307 if (!(ssh
->remote_bugs
& BUG_SSH2_PK_SESSIONID
)) {
7308 PUT_32BIT(s
->q
, ssh
->v2_session_id_len
);
7311 memcpy(s
->q
, ssh
->v2_session_id
,
7312 ssh
->v2_session_id_len
);
7313 s
->q
+= ssh
->v2_session_id_len
;
7314 memcpy(s
->q
, s
->pktout
->data
+ 5,
7315 s
->pktout
->length
- 5);
7316 s
->q
+= s
->pktout
->length
- 5;
7317 /* And finally the (zero) flags word. */
7319 if (!agent_query(s
->agentreq
, s
->len
+ 4,
7321 ssh_agent_callback
, ssh
)) {
7325 bombout(("Unexpected data from server"
7326 " while waiting for agent"
7330 } while (pktin
|| inlen
> 0);
7331 vret
= ssh
->agent_response
;
7332 s
->retlen
= ssh
->agent_response_len
;
7337 if (s
->ret
[4] == SSH2_AGENT_SIGN_RESPONSE
) {
7338 logevent("Sending Pageant's response");
7339 ssh2_add_sigblob(ssh
, s
->pktout
,
7340 s
->pkblob
, s
->pklen
,
7342 GET_32BIT(s
->ret
+ 5));
7343 ssh2_pkt_send(ssh
, s
->pktout
);
7344 s
->type
= AUTH_TYPE_PUBLICKEY
;
7346 /* FIXME: less drastic response */
7347 bombout(("Pageant failed to answer challenge"));
7353 /* Do we have any keys left to try? */
7354 if (s
->pkblob_in_agent
) {
7355 s
->done_agent
= TRUE
;
7356 s
->tried_pubkey_config
= TRUE
;
7359 if (s
->keyi
>= s
->nkeys
)
7360 s
->done_agent
= TRUE
;
7363 } else if (s
->can_pubkey
&& s
->publickey_blob
&&
7364 !s
->tried_pubkey_config
) {
7366 struct ssh2_userkey
*key
; /* not live over crReturn */
7367 char *passphrase
; /* not live over crReturn */
7369 ssh
->pkt_actx
= SSH2_PKTCTX_PUBLICKEY
;
7371 s
->tried_pubkey_config
= TRUE
;
7374 * Try the public key supplied in the configuration.
7376 * First, offer the public blob to see if the server is
7377 * willing to accept it.
7379 s
->pktout
= ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST
);
7380 ssh2_pkt_addstring(s
->pktout
, s
->username
);
7381 ssh2_pkt_addstring(s
->pktout
, "ssh-connection");
7382 /* service requested */
7383 ssh2_pkt_addstring(s
->pktout
, "publickey"); /* method */
7384 ssh2_pkt_addbool(s
->pktout
, FALSE
);
7385 /* no signature included */
7386 ssh2_pkt_addstring(s
->pktout
, s
->publickey_algorithm
);
7387 ssh2_pkt_addstring_start(s
->pktout
);
7388 ssh2_pkt_addstring_data(s
->pktout
,
7389 (char *)s
->publickey_blob
,
7390 s
->publickey_bloblen
);
7391 ssh2_pkt_send(ssh
, s
->pktout
);
7392 logevent("Offered public key");
7394 crWaitUntilV(pktin
);
7395 if (pktin
->type
!= SSH2_MSG_USERAUTH_PK_OK
) {
7396 /* Key refused. Give up. */
7397 s
->gotit
= TRUE
; /* reconsider message next loop */
7398 s
->type
= AUTH_TYPE_PUBLICKEY_OFFER_LOUD
;
7399 continue; /* process this new message */
7401 logevent("Offer of public key accepted");
7404 * Actually attempt a serious authentication using
7407 if (flags
& FLAG_VERBOSE
) {
7408 c_write_str(ssh
, "Authenticating with public key \"");
7409 c_write_str(ssh
, s
->publickey_comment
);
7410 c_write_str(ssh
, "\"\r\n");
7414 const char *error
; /* not live over crReturn */
7415 if (s
->publickey_encrypted
) {
7417 * Get a passphrase from the user.
7419 int ret
; /* need not be kept over crReturn */
7420 s
->cur_prompt
= new_prompts(ssh
->frontend
);
7421 s
->cur_prompt
->to_server
= FALSE
;
7422 s
->cur_prompt
->name
= dupstr("SSH key passphrase");
7423 add_prompt(s
->cur_prompt
,
7424 dupprintf("Passphrase for key \"%.100s\": ",
7425 s
->publickey_comment
),
7426 FALSE
, SSH_MAX_PASSWORD_LEN
);
7427 ret
= get_userpass_input(s
->cur_prompt
, NULL
, 0);
7430 crWaitUntilV(!pktin
);
7431 ret
= get_userpass_input(s
->cur_prompt
,
7436 /* Failed to get a passphrase. Terminate. */
7437 free_prompts(s
->cur_prompt
);
7438 ssh_disconnect(ssh
, NULL
,
7439 "Unable to authenticate",
7440 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER
,
7445 dupstr(s
->cur_prompt
->prompts
[0]->result
);
7446 free_prompts(s
->cur_prompt
);
7448 passphrase
= NULL
; /* no passphrase needed */
7452 * Try decrypting the key.
7454 key
= ssh2_load_userkey(&ssh
->cfg
.keyfile
, passphrase
,
7457 /* burn the evidence */
7458 memset(passphrase
, 0, strlen(passphrase
));
7461 if (key
== SSH2_WRONG_PASSPHRASE
|| key
== NULL
) {
7463 (key
== SSH2_WRONG_PASSPHRASE
)) {
7464 c_write_str(ssh
, "Wrong passphrase\r\n");
7466 /* and loop again */
7468 c_write_str(ssh
, "Unable to load private key (");
7469 c_write_str(ssh
, error
);
7470 c_write_str(ssh
, ")\r\n");
7472 break; /* try something else */
7478 unsigned char *pkblob
, *sigblob
, *sigdata
;
7479 int pkblob_len
, sigblob_len
, sigdata_len
;
7483 * We have loaded the private key and the server
7484 * has announced that it's willing to accept it.
7485 * Hallelujah. Generate a signature and send it.
7487 s
->pktout
= ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST
);
7488 ssh2_pkt_addstring(s
->pktout
, s
->username
);
7489 ssh2_pkt_addstring(s
->pktout
, "ssh-connection");
7490 /* service requested */
7491 ssh2_pkt_addstring(s
->pktout
, "publickey");
7493 ssh2_pkt_addbool(s
->pktout
, TRUE
);
7494 /* signature follows */
7495 ssh2_pkt_addstring(s
->pktout
, key
->alg
->name
);
7496 pkblob
= key
->alg
->public_blob(key
->data
,
7498 ssh2_pkt_addstring_start(s
->pktout
);
7499 ssh2_pkt_addstring_data(s
->pktout
, (char *)pkblob
,
7503 * The data to be signed is:
7507 * followed by everything so far placed in the
7510 sigdata_len
= s
->pktout
->length
- 5 + 4 +
7511 ssh
->v2_session_id_len
;
7512 if (ssh
->remote_bugs
& BUG_SSH2_PK_SESSIONID
)
7514 sigdata
= snewn(sigdata_len
, unsigned char);
7516 if (!(ssh
->remote_bugs
& BUG_SSH2_PK_SESSIONID
)) {
7517 PUT_32BIT(sigdata
+p
, ssh
->v2_session_id_len
);
7520 memcpy(sigdata
+p
, ssh
->v2_session_id
,
7521 ssh
->v2_session_id_len
);
7522 p
+= ssh
->v2_session_id_len
;
7523 memcpy(sigdata
+p
, s
->pktout
->data
+ 5,
7524 s
->pktout
->length
- 5);
7525 p
+= s
->pktout
->length
- 5;
7526 assert(p
== sigdata_len
);
7527 sigblob
= key
->alg
->sign(key
->data
, (char *)sigdata
,
7528 sigdata_len
, &sigblob_len
);
7529 ssh2_add_sigblob(ssh
, s
->pktout
, pkblob
, pkblob_len
,
7530 sigblob
, sigblob_len
);
7535 ssh2_pkt_send(ssh
, s
->pktout
);
7536 s
->type
= AUTH_TYPE_PUBLICKEY
;
7537 key
->alg
->freekey(key
->data
);
7540 } else if (s
->can_keyb_inter
&& !s
->kbd_inter_refused
) {
7543 * Keyboard-interactive authentication.
7546 s
->type
= AUTH_TYPE_KEYBOARD_INTERACTIVE
;
7548 ssh
->pkt_actx
= SSH2_PKTCTX_KBDINTER
;
7550 s
->pktout
= ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST
);
7551 ssh2_pkt_addstring(s
->pktout
, s
->username
);
7552 ssh2_pkt_addstring(s
->pktout
, "ssh-connection");
7553 /* service requested */
7554 ssh2_pkt_addstring(s
->pktout
, "keyboard-interactive");
7556 ssh2_pkt_addstring(s
->pktout
, ""); /* lang */
7557 ssh2_pkt_addstring(s
->pktout
, ""); /* submethods */
7558 ssh2_pkt_send(ssh
, s
->pktout
);
7560 crWaitUntilV(pktin
);
7561 if (pktin
->type
!= SSH2_MSG_USERAUTH_INFO_REQUEST
) {
7562 /* Server is not willing to do keyboard-interactive
7563 * at all (or, bizarrely but legally, accepts the
7564 * user without actually issuing any prompts).
7565 * Give up on it entirely. */
7567 if (pktin
->type
== SSH2_MSG_USERAUTH_FAILURE
)
7568 logevent("Keyboard-interactive authentication refused");
7569 s
->type
= AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
;
7570 s
->kbd_inter_refused
= TRUE
; /* don't try it again */
7575 * Loop while the server continues to send INFO_REQUESTs.
7577 while (pktin
->type
== SSH2_MSG_USERAUTH_INFO_REQUEST
) {
7579 char *name
, *inst
, *lang
;
7580 int name_len
, inst_len
, lang_len
;
7584 * We've got a fresh USERAUTH_INFO_REQUEST.
7585 * Get the preamble and start building a prompt.
7587 ssh_pkt_getstring(pktin
, &name
, &name_len
);
7588 ssh_pkt_getstring(pktin
, &inst
, &inst_len
);
7589 ssh_pkt_getstring(pktin
, &lang
, &lang_len
);
7590 s
->cur_prompt
= new_prompts(ssh
->frontend
);
7591 s
->cur_prompt
->to_server
= TRUE
;
7593 /* FIXME: better prefix to distinguish from
7595 s
->cur_prompt
->name
=
7596 dupprintf("SSH server: %.*s", name_len
, name
);
7597 s
->cur_prompt
->name_reqd
= TRUE
;
7599 s
->cur_prompt
->name
=
7600 dupstr("SSH server authentication");
7601 s
->cur_prompt
->name_reqd
= FALSE
;
7603 /* FIXME: ugly to print "Using..." in prompt _every_
7604 * time round. Can this be done more subtly? */
7605 s
->cur_prompt
->instruction
=
7606 dupprintf("Using keyboard-interactive authentication.%s%.*s",
7607 inst_len ?
"\n" : "", inst_len
, inst
);
7608 s
->cur_prompt
->instr_reqd
= TRUE
;
7611 * Get the prompts from the packet.
7613 s
->num_prompts
= ssh_pkt_getuint32(pktin
);
7614 for (i
= 0; i
< s
->num_prompts
; i
++) {
7618 static char noprompt
[] =
7619 "<server failed to send prompt>: ";
7621 ssh_pkt_getstring(pktin
, &prompt
, &prompt_len
);
7622 echo
= ssh2_pkt_getbool(pktin
);
7625 prompt_len
= lenof(noprompt
)-1;
7627 add_prompt(s
->cur_prompt
,
7628 dupprintf("%.*s", prompt_len
, prompt
),
7629 echo
, SSH_MAX_PASSWORD_LEN
);
7633 * Get the user's responses.
7635 if (s
->num_prompts
) {
7636 int ret
; /* not live over crReturn */
7637 ret
= get_userpass_input(s
->cur_prompt
, NULL
, 0);
7640 crWaitUntilV(!pktin
);
7641 ret
= get_userpass_input(s
->cur_prompt
, in
, inlen
);
7646 * Failed to get responses. Terminate.
7648 free_prompts(s
->cur_prompt
);
7649 ssh_disconnect(ssh
, NULL
, "Unable to authenticate",
7650 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER
,
7657 * Send the responses to the server.
7659 s
->pktout
= ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE
);
7660 ssh2_pkt_adduint32(s
->pktout
, s
->num_prompts
);
7661 for (i
=0; i
< s
->num_prompts
; i
++) {
7662 dont_log_password(ssh
, s
->pktout
, PKTLOG_BLANK
);
7663 ssh2_pkt_addstring(s
->pktout
,
7664 s
->cur_prompt
->prompts
[i
]->result
);
7665 end_log_omission(ssh
, s
->pktout
);
7667 ssh2_pkt_send_with_padding(ssh
, s
->pktout
, 256);
7670 * Get the next packet in case it's another
7673 crWaitUntilV(pktin
);
7678 * We should have SUCCESS or FAILURE now.
7682 } else if (s
->can_passwd
) {
7685 * Plain old password authentication.
7687 int ret
; /* not live over crReturn */
7688 int changereq_first_time
; /* not live over crReturn */
7690 ssh
->pkt_actx
= SSH2_PKTCTX_PASSWORD
;
7692 s
->cur_prompt
= new_prompts(ssh
->frontend
);
7693 s
->cur_prompt
->to_server
= TRUE
;
7694 s
->cur_prompt
->name
= dupstr("SSH password");
7695 add_prompt(s
->cur_prompt
, dupprintf("%.90s@%.90s's password: ",
7698 FALSE
, SSH_MAX_PASSWORD_LEN
);
7700 ret
= get_userpass_input(s
->cur_prompt
, NULL
, 0);
7703 crWaitUntilV(!pktin
);
7704 ret
= get_userpass_input(s
->cur_prompt
, in
, inlen
);
7709 * Failed to get responses. Terminate.
7711 free_prompts(s
->cur_prompt
);
7712 ssh_disconnect(ssh
, NULL
, "Unable to authenticate",
7713 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER
,
7718 * Squirrel away the password. (We may need it later if
7719 * asked to change it.)
7721 s
->password
= dupstr(s
->cur_prompt
->prompts
[0]->result
);
7722 free_prompts(s
->cur_prompt
);
7725 * Send the password packet.
7727 * We pad out the password packet to 256 bytes to make
7728 * it harder for an attacker to find the length of the
7731 * Anyone using a password longer than 256 bytes
7732 * probably doesn't have much to worry about from
7733 * people who find out how long their password is!
7735 s
->pktout
= ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST
);
7736 ssh2_pkt_addstring(s
->pktout
, s
->username
);
7737 ssh2_pkt_addstring(s
->pktout
, "ssh-connection");
7738 /* service requested */
7739 ssh2_pkt_addstring(s
->pktout
, "password");
7740 ssh2_pkt_addbool(s
->pktout
, FALSE
);
7741 dont_log_password(ssh
, s
->pktout
, PKTLOG_BLANK
);
7742 ssh2_pkt_addstring(s
->pktout
, s
->password
);
7743 end_log_omission(ssh
, s
->pktout
);
7744 ssh2_pkt_send_with_padding(ssh
, s
->pktout
, 256);
7745 logevent("Sent password");
7746 s
->type
= AUTH_TYPE_PASSWORD
;
7749 * Wait for next packet, in case it's a password change
7752 crWaitUntilV(pktin
);
7753 changereq_first_time
= TRUE
;
7755 while (pktin
->type
== SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ
) {
7758 * We're being asked for a new password
7759 * (perhaps not for the first time).
7760 * Loop until the server accepts it.
7763 int got_new
= FALSE
; /* not live over crReturn */
7764 char *prompt
; /* not live over crReturn */
7765 int prompt_len
; /* not live over crReturn */
7769 if (changereq_first_time
)
7770 msg
= "Server requested password change";
7772 msg
= "Server rejected new password";
7774 c_write_str(ssh
, msg
);
7775 c_write_str(ssh
, "\r\n");
7778 ssh_pkt_getstring(pktin
, &prompt
, &prompt_len
);
7780 s
->cur_prompt
= new_prompts(ssh
->frontend
);
7781 s
->cur_prompt
->to_server
= TRUE
;
7782 s
->cur_prompt
->name
= dupstr("New SSH password");
7783 s
->cur_prompt
->instruction
=
7784 dupprintf("%.*s", prompt_len
, prompt
);
7785 s
->cur_prompt
->instr_reqd
= TRUE
;
7787 * There's no explicit requirement in the protocol
7788 * for the "old" passwords in the original and
7789 * password-change messages to be the same, and
7790 * apparently some Cisco kit supports password change
7791 * by the user entering a blank password originally
7792 * and the real password subsequently, so,
7793 * reluctantly, we prompt for the old password again.
7795 * (On the other hand, some servers don't even bother
7796 * to check this field.)
7798 add_prompt(s
->cur_prompt
,
7799 dupstr("Current password (blank for previously entered password): "),
7800 FALSE
, SSH_MAX_PASSWORD_LEN
);
7801 add_prompt(s
->cur_prompt
, dupstr("Enter new password: "),
7802 FALSE
, SSH_MAX_PASSWORD_LEN
);
7803 add_prompt(s
->cur_prompt
, dupstr("Confirm new password: "),
7804 FALSE
, SSH_MAX_PASSWORD_LEN
);
7807 * Loop until the user manages to enter the same
7812 ret
= get_userpass_input(s
->cur_prompt
, NULL
, 0);
7815 crWaitUntilV(!pktin
);
7816 ret
= get_userpass_input(s
->cur_prompt
, in
, inlen
);
7821 * Failed to get responses. Terminate.
7823 /* burn the evidence */
7824 free_prompts(s
->cur_prompt
);
7825 memset(s
->password
, 0, strlen(s
->password
));
7827 ssh_disconnect(ssh
, NULL
, "Unable to authenticate",
7828 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER
,
7834 * If the user specified a new original password
7835 * (IYSWIM), overwrite any previously specified
7837 * (A side effect is that the user doesn't have to
7838 * re-enter it if they louse up the new password.)
7840 if (s
->cur_prompt
->prompts
[0]->result
[0]) {
7841 memset(s
->password
, 0, strlen(s
->password
));
7842 /* burn the evidence */
7845 dupstr(s
->cur_prompt
->prompts
[0]->result
);
7849 * Check the two new passwords match.
7851 got_new
= (strcmp(s
->cur_prompt
->prompts
[1]->result
,
7852 s
->cur_prompt
->prompts
[2]->result
)
7855 /* They don't. Silly user. */
7856 c_write_str(ssh
, "Passwords do not match\r\n");
7861 * Send the new password (along with the old one).
7862 * (see above for padding rationale)
7864 s
->pktout
= ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST
);
7865 ssh2_pkt_addstring(s
->pktout
, s
->username
);
7866 ssh2_pkt_addstring(s
->pktout
, "ssh-connection");
7867 /* service requested */
7868 ssh2_pkt_addstring(s
->pktout
, "password");
7869 ssh2_pkt_addbool(s
->pktout
, TRUE
);
7870 dont_log_password(ssh
, s
->pktout
, PKTLOG_BLANK
);
7871 ssh2_pkt_addstring(s
->pktout
, s
->password
);
7872 ssh2_pkt_addstring(s
->pktout
,
7873 s
->cur_prompt
->prompts
[1]->result
);
7874 free_prompts(s
->cur_prompt
);
7875 end_log_omission(ssh
, s
->pktout
);
7876 ssh2_pkt_send_with_padding(ssh
, s
->pktout
, 256);
7877 logevent("Sent new password");
7880 * Now see what the server has to say about it.
7881 * (If it's CHANGEREQ again, it's not happy with the
7884 crWaitUntilV(pktin
);
7885 changereq_first_time
= FALSE
;
7890 * We need to reexamine the current pktin at the top
7891 * of the loop. Either:
7892 * - we weren't asked to change password at all, in
7893 * which case it's a SUCCESS or FAILURE with the
7895 * - we sent a new password, and the server was
7896 * either OK with it (SUCCESS or FAILURE w/partial
7897 * success) or unhappy with the _old_ password
7898 * (FAILURE w/o partial success)
7899 * In any of these cases, we go back to the top of
7900 * the loop and start again.
7905 * We don't need the old password any more, in any
7906 * case. Burn the evidence.
7908 memset(s
->password
, 0, strlen(s
->password
));
7913 ssh_disconnect(ssh
, NULL
,
7914 "No supported authentication methods available",
7915 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE
,
7923 ssh
->packet_dispatch
[SSH2_MSG_USERAUTH_BANNER
] = NULL
;
7925 /* Clear up various bits and pieces from authentication. */
7926 if (s
->publickey_blob
) {
7927 sfree(s
->publickey_blob
);
7928 sfree(s
->publickey_comment
);
7930 if (s
->agent_response
)
7931 sfree(s
->agent_response
);
7934 * Now the connection protocol has started, one way or another.
7937 ssh
->channels
= newtree234(ssh_channelcmp
);
7940 * Set up handlers for some connection protocol messages, so we
7941 * don't have to handle them repeatedly in this coroutine.
7943 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_WINDOW_ADJUST
] =
7944 ssh2_msg_channel_window_adjust
;
7945 ssh
->packet_dispatch
[SSH2_MSG_GLOBAL_REQUEST
] =
7946 ssh2_msg_global_request
;
7949 * Create the main session channel.
7951 if (ssh
->cfg
.ssh_no_shell
) {
7952 ssh
->mainchan
= NULL
;
7953 } else if (*ssh
->cfg
.ssh_nc_host
) {
7955 * Just start a direct-tcpip channel and use it as the main
7958 ssh
->mainchan
= snew(struct ssh_channel
);
7959 ssh
->mainchan
->ssh
= ssh
;
7960 ssh
->mainchan
->localid
= alloc_channel_id(ssh
);
7962 "Opening direct-tcpip channel to %s:%d in place of session",
7963 ssh
->cfg
.ssh_nc_host
, ssh
->cfg
.ssh_nc_port
);
7964 s
->pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN
);
7965 ssh2_pkt_addstring(s
->pktout
, "direct-tcpip");
7966 ssh2_pkt_adduint32(s
->pktout
, ssh
->mainchan
->localid
);
7967 ssh
->mainchan
->v
.v2
.locwindow
= OUR_V2_WINSIZE
;
7968 ssh2_pkt_adduint32(s
->pktout
, ssh
->mainchan
->v
.v2
.locwindow
);/* our window size */
7969 ssh2_pkt_adduint32(s
->pktout
, OUR_V2_MAXPKT
); /* our max pkt size */
7970 ssh2_pkt_addstring(s
->pktout
, ssh
->cfg
.ssh_nc_host
);
7971 ssh2_pkt_adduint32(s
->pktout
, ssh
->cfg
.ssh_nc_port
);
7973 * There's nothing meaningful to put in the originator
7974 * fields, but some servers insist on syntactically correct
7977 ssh2_pkt_addstring(s
->pktout
, "0.0.0.0");
7978 ssh2_pkt_adduint32(s
->pktout
, 0);
7979 ssh2_pkt_send(ssh
, s
->pktout
);
7981 crWaitUntilV(pktin
);
7982 if (pktin
->type
!= SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
) {
7983 bombout(("Server refused to open a direct-tcpip channel"));
7985 /* FIXME: error data comes back in FAILURE packet */
7987 if (ssh_pkt_getuint32(pktin
) != ssh
->mainchan
->localid
) {
7988 bombout(("Server's channel confirmation cited wrong channel"));
7991 ssh
->mainchan
->remoteid
= ssh_pkt_getuint32(pktin
);
7992 ssh
->mainchan
->halfopen
= FALSE
;
7993 ssh
->mainchan
->type
= CHAN_MAINSESSION
;
7994 ssh
->mainchan
->closes
= 0;
7995 ssh
->mainchan
->v
.v2
.remwindow
= ssh_pkt_getuint32(pktin
);
7996 ssh
->mainchan
->v
.v2
.remmaxpkt
= ssh_pkt_getuint32(pktin
);
7997 bufchain_init(&ssh
->mainchan
->v
.v2
.outbuffer
);
7998 add234(ssh
->channels
, ssh
->mainchan
);
7999 update_specials_menu(ssh
->frontend
);
8000 logevent("Opened direct-tcpip channel");
8003 ssh
->mainchan
= snew(struct ssh_channel
);
8004 ssh
->mainchan
->ssh
= ssh
;
8005 ssh
->mainchan
->localid
= alloc_channel_id(ssh
);
8006 s
->pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN
);
8007 ssh2_pkt_addstring(s
->pktout
, "session");
8008 ssh2_pkt_adduint32(s
->pktout
, ssh
->mainchan
->localid
);
8009 ssh
->mainchan
->v
.v2
.locwindow
= OUR_V2_WINSIZE
;
8010 ssh2_pkt_adduint32(s
->pktout
, ssh
->mainchan
->v
.v2
.locwindow
);/* our window size */
8011 ssh2_pkt_adduint32(s
->pktout
, OUR_V2_MAXPKT
); /* our max pkt size */
8012 ssh2_pkt_send(ssh
, s
->pktout
);
8013 crWaitUntilV(pktin
);
8014 if (pktin
->type
!= SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
) {
8015 bombout(("Server refused to open a session"));
8017 /* FIXME: error data comes back in FAILURE packet */
8019 if (ssh_pkt_getuint32(pktin
) != ssh
->mainchan
->localid
) {
8020 bombout(("Server's channel confirmation cited wrong channel"));
8023 ssh
->mainchan
->remoteid
= ssh_pkt_getuint32(pktin
);
8024 ssh
->mainchan
->halfopen
= FALSE
;
8025 ssh
->mainchan
->type
= CHAN_MAINSESSION
;
8026 ssh
->mainchan
->closes
= 0;
8027 ssh
->mainchan
->v
.v2
.remwindow
= ssh_pkt_getuint32(pktin
);
8028 ssh
->mainchan
->v
.v2
.remmaxpkt
= ssh_pkt_getuint32(pktin
);
8029 bufchain_init(&ssh
->mainchan
->v
.v2
.outbuffer
);
8030 add234(ssh
->channels
, ssh
->mainchan
);
8031 update_specials_menu(ssh
->frontend
);
8032 logevent("Opened channel for session");
8033 ssh
->ncmode
= FALSE
;
8037 * Now we have a channel, make dispatch table entries for
8038 * general channel-based messages.
8040 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_DATA
] =
8041 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_EXTENDED_DATA
] =
8042 ssh2_msg_channel_data
;
8043 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_EOF
] = ssh2_msg_channel_eof
;
8044 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_CLOSE
] = ssh2_msg_channel_close
;
8045 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
] =
8046 ssh2_msg_channel_open_confirmation
;
8047 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_OPEN_FAILURE
] =
8048 ssh2_msg_channel_open_failure
;
8049 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_REQUEST
] =
8050 ssh2_msg_channel_request
;
8051 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_OPEN
] =
8052 ssh2_msg_channel_open
;
8055 * Potentially enable X11 forwarding.
8057 if (ssh
->mainchan
&& !ssh
->ncmode
&& ssh
->cfg
.x11_forward
) {
8058 char proto
[20], data
[64];
8059 logevent("Requesting X11 forwarding");
8060 ssh
->x11auth
= x11_invent_auth(proto
, sizeof(proto
),
8061 data
, sizeof(data
), ssh
->cfg
.x11_auth
);
8062 x11_get_real_auth(ssh
->x11auth
, ssh
->cfg
.x11_display
);
8063 s
->pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST
);
8064 ssh2_pkt_adduint32(s
->pktout
, ssh
->mainchan
->remoteid
);
8065 ssh2_pkt_addstring(s
->pktout
, "x11-req");
8066 ssh2_pkt_addbool(s
->pktout
, 1); /* want reply */
8067 ssh2_pkt_addbool(s
->pktout
, 0); /* many connections */
8068 ssh2_pkt_addstring(s
->pktout
, proto
);
8070 * Note that while we blank the X authentication data here, we don't
8071 * take any special action to blank the start of an X11 channel,
8072 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
8073 * without having session blanking enabled is likely to leak your
8074 * cookie into the log.
8076 dont_log_password(ssh
, s
->pktout
, PKTLOG_BLANK
);
8077 ssh2_pkt_addstring(s
->pktout
, data
);
8078 end_log_omission(ssh
, s
->pktout
);
8079 ssh2_pkt_adduint32(s
->pktout
, x11_get_screen_number(ssh
->cfg
.x11_display
));
8080 ssh2_pkt_send(ssh
, s
->pktout
);
8082 crWaitUntilV(pktin
);
8084 if (pktin
->type
!= SSH2_MSG_CHANNEL_SUCCESS
) {
8085 if (pktin
->type
!= SSH2_MSG_CHANNEL_FAILURE
) {
8086 bombout(("Unexpected response to X11 forwarding request:"
8087 " packet type %d", pktin
->type
));
8090 logevent("X11 forwarding refused");
8092 logevent("X11 forwarding enabled");
8093 ssh
->X11_fwd_enabled
= TRUE
;
8098 * Enable port forwardings.
8100 ssh_setup_portfwd(ssh
, &ssh
->cfg
);
8103 * Potentially enable agent forwarding.
8105 if (ssh
->mainchan
&& !ssh
->ncmode
&& ssh
->cfg
.agentfwd
&& agent_exists()) {
8106 logevent("Requesting OpenSSH-style agent forwarding");
8107 s
->pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST
);
8108 ssh2_pkt_adduint32(s
->pktout
, ssh
->mainchan
->remoteid
);
8109 ssh2_pkt_addstring(s
->pktout
, "auth-agent-req@openssh.com");
8110 ssh2_pkt_addbool(s
->pktout
, 1); /* want reply */
8111 ssh2_pkt_send(ssh
, s
->pktout
);
8113 crWaitUntilV(pktin
);
8115 if (pktin
->type
!= SSH2_MSG_CHANNEL_SUCCESS
) {
8116 if (pktin
->type
!= SSH2_MSG_CHANNEL_FAILURE
) {
8117 bombout(("Unexpected response to agent forwarding request:"
8118 " packet type %d", pktin
->type
));
8121 logevent("Agent forwarding refused");
8123 logevent("Agent forwarding enabled");
8124 ssh
->agentfwd_enabled
= TRUE
;
8129 * Now allocate a pty for the session.
8131 if (ssh
->mainchan
&& !ssh
->ncmode
&& !ssh
->cfg
.nopty
) {
8132 /* Unpick the terminal-speed string. */
8133 /* XXX perhaps we should allow no speeds to be sent. */
8134 ssh
->ospeed
= 38400; ssh
->ispeed
= 38400; /* last-resort defaults */
8135 sscanf(ssh
->cfg
.termspeed
, "%d,%d", &ssh
->ospeed
, &ssh
->ispeed
);
8136 /* Build the pty request. */
8137 s
->pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST
);
8138 ssh2_pkt_adduint32(s
->pktout
, ssh
->mainchan
->remoteid
); /* recipient channel */
8139 ssh2_pkt_addstring(s
->pktout
, "pty-req");
8140 ssh2_pkt_addbool(s
->pktout
, 1); /* want reply */
8141 ssh2_pkt_addstring(s
->pktout
, ssh
->cfg
.termtype
);
8142 ssh2_pkt_adduint32(s
->pktout
, ssh
->term_width
);
8143 ssh2_pkt_adduint32(s
->pktout
, ssh
->term_height
);
8144 ssh2_pkt_adduint32(s
->pktout
, 0); /* pixel width */
8145 ssh2_pkt_adduint32(s
->pktout
, 0); /* pixel height */
8146 ssh2_pkt_addstring_start(s
->pktout
);
8147 parse_ttymodes(ssh
, ssh
->cfg
.ttymodes
,
8148 ssh2_send_ttymode
, (void *)s
->pktout
);
8149 ssh2_pkt_addbyte(s
->pktout
, SSH2_TTY_OP_ISPEED
);
8150 ssh2_pkt_adduint32(s
->pktout
, ssh
->ispeed
);
8151 ssh2_pkt_addbyte(s
->pktout
, SSH2_TTY_OP_OSPEED
);
8152 ssh2_pkt_adduint32(s
->pktout
, ssh
->ospeed
);
8153 ssh2_pkt_addstring_data(s
->pktout
, "\0", 1); /* TTY_OP_END */
8154 ssh2_pkt_send(ssh
, s
->pktout
);
8155 ssh
->state
= SSH_STATE_INTERMED
;
8157 crWaitUntilV(pktin
);
8159 if (pktin
->type
!= SSH2_MSG_CHANNEL_SUCCESS
) {
8160 if (pktin
->type
!= SSH2_MSG_CHANNEL_FAILURE
) {
8161 bombout(("Unexpected response to pty request:"
8162 " packet type %d", pktin
->type
));
8165 c_write_str(ssh
, "Server refused to allocate pty\r\n");
8166 ssh
->editing
= ssh
->echoing
= 1;
8168 logeventf(ssh
, "Allocated pty (ospeed %dbps, ispeed %dbps)",
8169 ssh
->ospeed
, ssh
->ispeed
);
8172 ssh
->editing
= ssh
->echoing
= 1;
8176 * Send environment variables.
8178 * Simplest thing here is to send all the requests at once, and
8179 * then wait for a whole bunch of successes or failures.
8181 if (ssh
->mainchan
&& !ssh
->ncmode
&& *ssh
->cfg
.environmt
) {
8182 char *e
= ssh
->cfg
.environmt
;
8183 char *var
, *varend
, *val
;
8189 while (*e
&& *e
!= '\t') e
++;
8191 if (*e
== '\t') e
++;
8196 s
->pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST
);
8197 ssh2_pkt_adduint32(s
->pktout
, ssh
->mainchan
->remoteid
);
8198 ssh2_pkt_addstring(s
->pktout
, "env");
8199 ssh2_pkt_addbool(s
->pktout
, 1); /* want reply */
8200 ssh2_pkt_addstring_start(s
->pktout
);
8201 ssh2_pkt_addstring_data(s
->pktout
, var
, varend
-var
);
8202 ssh2_pkt_addstring(s
->pktout
, val
);
8203 ssh2_pkt_send(ssh
, s
->pktout
);
8208 logeventf(ssh
, "Sent %d environment variables", s
->num_env
);
8211 s
->env_left
= s
->num_env
;
8213 while (s
->env_left
> 0) {
8214 crWaitUntilV(pktin
);
8216 if (pktin
->type
!= SSH2_MSG_CHANNEL_SUCCESS
) {
8217 if (pktin
->type
!= SSH2_MSG_CHANNEL_FAILURE
) {
8218 bombout(("Unexpected response to environment request:"
8219 " packet type %d", pktin
->type
));
8229 if (s
->env_ok
== s
->num_env
) {
8230 logevent("All environment variables successfully set");
8231 } else if (s
->env_ok
== 0) {
8232 logevent("All environment variables refused");
8233 c_write_str(ssh
, "Server refused to set environment variables\r\n");
8235 logeventf(ssh
, "%d environment variables refused",
8236 s
->num_env
- s
->env_ok
);
8237 c_write_str(ssh
, "Server refused to set all environment variables\r\n");
8242 * Start a shell or a remote command. We may have to attempt
8243 * this twice if the config data has provided a second choice
8246 if (ssh
->mainchan
&& !ssh
->ncmode
) while (1) {
8250 if (ssh
->fallback_cmd
) {
8251 subsys
= ssh
->cfg
.ssh_subsys2
;
8252 cmd
= ssh
->cfg
.remote_cmd_ptr2
;
8254 subsys
= ssh
->cfg
.ssh_subsys
;
8255 cmd
= ssh
->cfg
.remote_cmd_ptr
;
8256 if (!cmd
) cmd
= ssh
->cfg
.remote_cmd
;
8259 s
->pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST
);
8260 ssh2_pkt_adduint32(s
->pktout
, ssh
->mainchan
->remoteid
); /* recipient channel */
8262 ssh2_pkt_addstring(s
->pktout
, "subsystem");
8263 ssh2_pkt_addbool(s
->pktout
, 1); /* want reply */
8264 ssh2_pkt_addstring(s
->pktout
, cmd
);
8266 ssh2_pkt_addstring(s
->pktout
, "exec");
8267 ssh2_pkt_addbool(s
->pktout
, 1); /* want reply */
8268 ssh2_pkt_addstring(s
->pktout
, cmd
);
8270 ssh2_pkt_addstring(s
->pktout
, "shell");
8271 ssh2_pkt_addbool(s
->pktout
, 1); /* want reply */
8273 ssh2_pkt_send(ssh
, s
->pktout
);
8275 crWaitUntilV(pktin
);
8277 if (pktin
->type
!= SSH2_MSG_CHANNEL_SUCCESS
) {
8278 if (pktin
->type
!= SSH2_MSG_CHANNEL_FAILURE
) {
8279 bombout(("Unexpected response to shell/command request:"
8280 " packet type %d", pktin
->type
));
8284 * We failed to start the command. If this is the
8285 * fallback command, we really are finished; if it's
8286 * not, and if the fallback command exists, try falling
8287 * back to it before complaining.
8289 if (!ssh
->fallback_cmd
&& ssh
->cfg
.remote_cmd_ptr2
!= NULL
) {
8290 logevent("Primary command failed; attempting fallback");
8291 ssh
->fallback_cmd
= TRUE
;
8294 bombout(("Server refused to start a shell/command"));
8297 logevent("Started a shell/command");
8302 ssh
->state
= SSH_STATE_SESSION
;
8303 if (ssh
->size_needed
)
8304 ssh_size(ssh
, ssh
->term_width
, ssh
->term_height
);
8305 if (ssh
->eof_needed
)
8306 ssh_special(ssh
, TS_EOF
);
8312 ldisc_send(ssh
->ldisc
, NULL
, 0, 0);/* cause ldisc to notice changes */
8317 s
->try_send
= FALSE
;
8321 * _All_ the connection-layer packets we expect to
8322 * receive are now handled by the dispatch table.
8323 * Anything that reaches here must be bogus.
8326 bombout(("Strange packet received: type %d", pktin
->type
));
8328 } else if (ssh
->mainchan
) {
8330 * We have spare data. Add it to the channel buffer.
8332 ssh2_add_channel_data(ssh
->mainchan
, (char *)in
, inlen
);
8337 struct ssh_channel
*c
;
8339 * Try to send data on all channels if we can.
8341 for (i
= 0; NULL
!= (c
= index234(ssh
->channels
, i
)); i
++)
8342 ssh2_try_send_and_unthrottle(c
);
8350 * Handlers for SSH-2 messages that might arrive at any moment.
8352 static void ssh2_msg_disconnect(Ssh ssh
, struct Packet
*pktin
)
8354 /* log reason code in disconnect message */
8356 int nowlen
, reason
, msglen
;
8358 reason
= ssh_pkt_getuint32(pktin
);
8359 ssh_pkt_getstring(pktin
, &msg
, &msglen
);
8361 if (reason
> 0 && reason
< lenof(ssh2_disconnect_reasons
)) {
8362 buf
= dupprintf("Received disconnect message (%s)",
8363 ssh2_disconnect_reasons
[reason
]);
8365 buf
= dupprintf("Received disconnect message (unknown"
8366 " type %d)", reason
);
8370 buf
= dupprintf("Disconnection message text: %n%.*s",
8371 &nowlen
, msglen
, msg
);
8373 bombout(("Server sent disconnect message\ntype %d (%s):\n\"%s\"",
8375 (reason
> 0 && reason
< lenof(ssh2_disconnect_reasons
)) ?
8376 ssh2_disconnect_reasons
[reason
] : "unknown",
8381 static void ssh2_msg_debug(Ssh ssh
, struct Packet
*pktin
)
8383 /* log the debug message */
8388 /* XXX maybe we should actually take notice of this */
8389 always_display
= ssh2_pkt_getbool(pktin
);
8390 ssh_pkt_getstring(pktin
, &msg
, &msglen
);
8392 logeventf(ssh
, "Remote debug message: %.*s", msglen
, msg
);
8395 static void ssh2_msg_something_unimplemented(Ssh ssh
, struct Packet
*pktin
)
8397 struct Packet
*pktout
;
8398 pktout
= ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED
);
8399 ssh2_pkt_adduint32(pktout
, pktin
->sequence
);
8401 * UNIMPLEMENTED messages MUST appear in the same order as the
8402 * messages they respond to. Hence, never queue them.
8404 ssh2_pkt_send_noqueue(ssh
, pktout
);
8408 * Handle the top-level SSH-2 protocol.
8410 static void ssh2_protocol_setup(Ssh ssh
)
8415 * Most messages cause SSH2_MSG_UNIMPLEMENTED.
8417 for (i
= 0; i
< 256; i
++)
8418 ssh
->packet_dispatch
[i
] = ssh2_msg_something_unimplemented
;
8421 * Any message we actually understand, we set to NULL so that
8422 * the coroutines will get it.
8424 ssh
->packet_dispatch
[SSH2_MSG_UNIMPLEMENTED
] = NULL
;
8425 ssh
->packet_dispatch
[SSH2_MSG_SERVICE_REQUEST
] = NULL
;
8426 ssh
->packet_dispatch
[SSH2_MSG_SERVICE_ACCEPT
] = NULL
;
8427 ssh
->packet_dispatch
[SSH2_MSG_KEXINIT
] = NULL
;
8428 ssh
->packet_dispatch
[SSH2_MSG_NEWKEYS
] = NULL
;
8429 ssh
->packet_dispatch
[SSH2_MSG_KEXDH_INIT
] = NULL
;
8430 ssh
->packet_dispatch
[SSH2_MSG_KEXDH_REPLY
] = NULL
;
8431 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REQUEST] = NULL; duplicate case value */
8432 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_GROUP] = NULL; duplicate case value */
8433 ssh
->packet_dispatch
[SSH2_MSG_KEX_DH_GEX_INIT
] = NULL
;
8434 ssh
->packet_dispatch
[SSH2_MSG_KEX_DH_GEX_REPLY
] = NULL
;
8435 ssh
->packet_dispatch
[SSH2_MSG_USERAUTH_REQUEST
] = NULL
;
8436 ssh
->packet_dispatch
[SSH2_MSG_USERAUTH_FAILURE
] = NULL
;
8437 ssh
->packet_dispatch
[SSH2_MSG_USERAUTH_SUCCESS
] = NULL
;
8438 ssh
->packet_dispatch
[SSH2_MSG_USERAUTH_BANNER
] = NULL
;
8439 ssh
->packet_dispatch
[SSH2_MSG_USERAUTH_PK_OK
] = NULL
;
8440 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = NULL; duplicate case value */
8441 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = NULL; duplicate case value */
8442 ssh
->packet_dispatch
[SSH2_MSG_USERAUTH_INFO_RESPONSE
] = NULL
;
8443 ssh
->packet_dispatch
[SSH2_MSG_GLOBAL_REQUEST
] = NULL
;
8444 ssh
->packet_dispatch
[SSH2_MSG_REQUEST_SUCCESS
] = NULL
;
8445 ssh
->packet_dispatch
[SSH2_MSG_REQUEST_FAILURE
] = NULL
;
8446 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_OPEN
] = NULL
;
8447 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION
] = NULL
;
8448 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_OPEN_FAILURE
] = NULL
;
8449 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_WINDOW_ADJUST
] = NULL
;
8450 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_DATA
] = NULL
;
8451 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_EXTENDED_DATA
] = NULL
;
8452 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_EOF
] = NULL
;
8453 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_CLOSE
] = NULL
;
8454 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_REQUEST
] = NULL
;
8455 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_SUCCESS
] = NULL
;
8456 ssh
->packet_dispatch
[SSH2_MSG_CHANNEL_FAILURE
] = NULL
;
8459 * These special message types we install handlers for.
8461 ssh
->packet_dispatch
[SSH2_MSG_DISCONNECT
] = ssh2_msg_disconnect
;
8462 ssh
->packet_dispatch
[SSH2_MSG_IGNORE
] = ssh_msg_ignore
; /* shared with SSH-1 */
8463 ssh
->packet_dispatch
[SSH2_MSG_DEBUG
] = ssh2_msg_debug
;
8466 static void ssh2_timer(void *ctx
, long now
)
8470 if (ssh
->state
== SSH_STATE_CLOSED
)
8473 if (!ssh
->kex_in_progress
&& ssh
->cfg
.ssh_rekey_time
!= 0 &&
8474 now
- ssh
->next_rekey
>= 0) {
8475 do_ssh2_transport(ssh
, "timeout", -1, NULL
);
8479 static void ssh2_protocol(Ssh ssh
, void *vin
, int inlen
,
8480 struct Packet
*pktin
)
8482 unsigned char *in
= (unsigned char *)vin
;
8483 if (ssh
->state
== SSH_STATE_CLOSED
)
8487 ssh
->incoming_data_size
+= pktin
->encrypted_len
;
8488 if (!ssh
->kex_in_progress
&&
8489 ssh
->max_data_size
!= 0 &&
8490 ssh
->incoming_data_size
> ssh
->max_data_size
)
8491 do_ssh2_transport(ssh
, "too much data received", -1, NULL
);
8494 if (pktin
&& ssh
->packet_dispatch
[pktin
->type
]) {
8495 ssh
->packet_dispatch
[pktin
->type
](ssh
, pktin
);
8499 if (!ssh
->protocol_initial_phase_done
||
8500 (pktin
&& pktin
->type
>= 20 && pktin
->type
< 50)) {
8501 if (do_ssh2_transport(ssh
, in
, inlen
, pktin
) &&
8502 !ssh
->protocol_initial_phase_done
) {
8503 ssh
->protocol_initial_phase_done
= TRUE
;
8505 * Allow authconn to initialise itself.
8507 do_ssh2_authconn(ssh
, NULL
, 0, NULL
);
8510 do_ssh2_authconn(ssh
, in
, inlen
, pktin
);
8515 * Called to set up the connection.
8517 * Returns an error message, or NULL on success.
8519 static const char *ssh_init(void *frontend_handle
, void **backend_handle
,
8521 char *host
, int port
, char **realhost
, int nodelay
,
8527 ssh
= snew(struct ssh_tag
);
8528 ssh
->cfg
= *cfg
; /* STRUCTURE COPY */
8529 ssh
->version
= 0; /* when not ready yet */
8532 ssh
->v1_cipher_ctx
= NULL
;
8533 ssh
->crcda_ctx
= NULL
;
8534 ssh
->cscipher
= NULL
;
8535 ssh
->cs_cipher_ctx
= NULL
;
8536 ssh
->sccipher
= NULL
;
8537 ssh
->sc_cipher_ctx
= NULL
;
8539 ssh
->cs_mac_ctx
= NULL
;
8541 ssh
->sc_mac_ctx
= NULL
;
8543 ssh
->cs_comp_ctx
= NULL
;
8545 ssh
->sc_comp_ctx
= NULL
;
8547 ssh
->kex_ctx
= NULL
;
8548 ssh
->hostkey
= NULL
;
8550 ssh
->close_expected
= FALSE
;
8551 ssh
->clean_exit
= FALSE
;
8552 ssh
->state
= SSH_STATE_PREPACKET
;
8553 ssh
->size_needed
= FALSE
;
8554 ssh
->eof_needed
= FALSE
;
8557 ssh
->deferred_send_data
= NULL
;
8558 ssh
->deferred_len
= 0;
8559 ssh
->deferred_size
= 0;
8560 ssh
->fallback_cmd
= 0;
8561 ssh
->pkt_kctx
= SSH2_PKTCTX_NOKEX
;
8562 ssh
->pkt_actx
= SSH2_PKTCTX_NOAUTH
;
8563 ssh
->x11auth
= NULL
;
8564 ssh
->v1_compressing
= FALSE
;
8565 ssh
->v2_outgoing_sequence
= 0;
8566 ssh
->ssh1_rdpkt_crstate
= 0;
8567 ssh
->ssh2_rdpkt_crstate
= 0;
8568 ssh
->do_ssh_init_crstate
= 0;
8569 ssh
->ssh_gotdata_crstate
= 0;
8570 ssh
->do_ssh1_connection_crstate
= 0;
8571 ssh
->do_ssh1_login_crstate
= 0;
8572 ssh
->do_ssh2_transport_crstate
= 0;
8573 ssh
->do_ssh2_authconn_crstate
= 0;
8574 ssh
->do_ssh_init_state
= NULL
;
8575 ssh
->do_ssh1_login_state
= NULL
;
8576 ssh
->do_ssh2_transport_state
= NULL
;
8577 ssh
->do_ssh2_authconn_state
= NULL
;
8580 ssh
->mainchan
= NULL
;
8581 ssh
->throttled_all
= 0;
8582 ssh
->v1_stdout_throttling
= 0;
8584 ssh
->queuelen
= ssh
->queuesize
= 0;
8585 ssh
->queueing
= FALSE
;
8586 ssh
->qhead
= ssh
->qtail
= NULL
;
8587 ssh
->deferred_rekey_reason
= NULL
;
8588 bufchain_init(&ssh
->queued_incoming_data
);
8589 ssh
->frozen
= FALSE
;
8591 *backend_handle
= ssh
;
8594 if (crypto_startup() == 0)
8595 return "Microsoft high encryption pack not installed!";
8598 ssh
->frontend
= frontend_handle
;
8599 ssh
->term_width
= ssh
->cfg
.width
;
8600 ssh
->term_height
= ssh
->cfg
.height
;
8602 ssh
->channels
= NULL
;
8603 ssh
->rportfwds
= NULL
;
8604 ssh
->portfwds
= NULL
;
8609 ssh
->v1_throttle_count
= 0;
8610 ssh
->overall_bufsize
= 0;
8611 ssh
->fallback_cmd
= 0;
8613 ssh
->protocol
= NULL
;
8615 ssh
->protocol_initial_phase_done
= FALSE
;
8619 ssh
->incoming_data_size
= ssh
->outgoing_data_size
=
8620 ssh
->deferred_data_size
= 0L;
8621 ssh
->max_data_size
= parse_blocksize(ssh
->cfg
.ssh_rekey_data
);
8622 ssh
->kex_in_progress
= FALSE
;
8624 p
= connect_to_host(ssh
, host
, port
, realhost
, nodelay
, keepalive
);
8633 static void ssh_free(void *handle
)
8635 Ssh ssh
= (Ssh
) handle
;
8636 struct ssh_channel
*c
;
8637 struct ssh_rportfwd
*pf
;
8639 if (ssh
->v1_cipher_ctx
)
8640 ssh
->cipher
->free_context(ssh
->v1_cipher_ctx
);
8641 if (ssh
->cs_cipher_ctx
)
8642 ssh
->cscipher
->free_context(ssh
->cs_cipher_ctx
);
8643 if (ssh
->sc_cipher_ctx
)
8644 ssh
->sccipher
->free_context(ssh
->sc_cipher_ctx
);
8645 if (ssh
->cs_mac_ctx
)
8646 ssh
->csmac
->free_context(ssh
->cs_mac_ctx
);
8647 if (ssh
->sc_mac_ctx
)
8648 ssh
->scmac
->free_context(ssh
->sc_mac_ctx
);
8649 if (ssh
->cs_comp_ctx
) {
8651 ssh
->cscomp
->compress_cleanup(ssh
->cs_comp_ctx
);
8653 zlib_compress_cleanup(ssh
->cs_comp_ctx
);
8655 if (ssh
->sc_comp_ctx
) {
8657 ssh
->sccomp
->decompress_cleanup(ssh
->sc_comp_ctx
);
8659 zlib_decompress_cleanup(ssh
->sc_comp_ctx
);
8662 dh_cleanup(ssh
->kex_ctx
);
8663 sfree(ssh
->savedhost
);
8665 while (ssh
->queuelen
-- > 0)
8666 ssh_free_packet(ssh
->queue
[ssh
->queuelen
]);
8669 while (ssh
->qhead
) {
8670 struct queued_handler
*qh
= ssh
->qhead
;
8671 ssh
->qhead
= qh
->next
;
8674 ssh
->qhead
= ssh
->qtail
= NULL
;
8676 if (ssh
->channels
) {
8677 while ((c
= delpos234(ssh
->channels
, 0)) != NULL
) {
8680 if (c
->u
.x11
.s
!= NULL
)
8681 x11_close(c
->u
.x11
.s
);
8684 if (c
->u
.pfd
.s
!= NULL
)
8685 pfd_close(c
->u
.pfd
.s
);
8690 freetree234(ssh
->channels
);
8691 ssh
->channels
= NULL
;
8694 if (ssh
->rportfwds
) {
8695 while ((pf
= delpos234(ssh
->rportfwds
, 0)) != NULL
)
8697 freetree234(ssh
->rportfwds
);
8698 ssh
->rportfwds
= NULL
;
8700 sfree(ssh
->deferred_send_data
);
8702 x11_free_auth(ssh
->x11auth
);
8703 sfree(ssh
->do_ssh_init_state
);
8704 sfree(ssh
->do_ssh1_login_state
);
8705 sfree(ssh
->do_ssh2_transport_state
);
8706 sfree(ssh
->do_ssh2_authconn_state
);
8709 if (ssh
->crcda_ctx
) {
8710 crcda_free_context(ssh
->crcda_ctx
);
8711 ssh
->crcda_ctx
= NULL
;
8714 ssh_do_close(ssh
, TRUE
);
8715 expire_timer_context(ssh
);
8717 pinger_free(ssh
->pinger
);
8718 bufchain_clear(&ssh
->queued_incoming_data
);
8725 * Reconfigure the SSH backend.
8727 static void ssh_reconfig(void *handle
, Config
*cfg
)
8729 Ssh ssh
= (Ssh
) handle
;
8730 char *rekeying
= NULL
, rekey_mandatory
= FALSE
;
8731 unsigned long old_max_data_size
;
8733 pinger_reconfig(ssh
->pinger
, &ssh
->cfg
, cfg
);
8735 ssh_setup_portfwd(ssh
, cfg
);
8737 if (ssh
->cfg
.ssh_rekey_time
!= cfg
->ssh_rekey_time
&&
8738 cfg
->ssh_rekey_time
!= 0) {
8739 long new_next
= ssh
->last_rekey
+ cfg
->ssh_rekey_time
*60*TICKSPERSEC
;
8740 long now
= GETTICKCOUNT();
8742 if (new_next
- now
< 0) {
8743 rekeying
= "timeout shortened";
8745 ssh
->next_rekey
= schedule_timer(new_next
- now
, ssh2_timer
, ssh
);
8749 old_max_data_size
= ssh
->max_data_size
;
8750 ssh
->max_data_size
= parse_blocksize(cfg
->ssh_rekey_data
);
8751 if (old_max_data_size
!= ssh
->max_data_size
&&
8752 ssh
->max_data_size
!= 0) {
8753 if (ssh
->outgoing_data_size
> ssh
->max_data_size
||
8754 ssh
->incoming_data_size
> ssh
->max_data_size
)
8755 rekeying
= "data limit lowered";
8758 if (ssh
->cfg
.compression
!= cfg
->compression
) {
8759 rekeying
= "compression setting changed";
8760 rekey_mandatory
= TRUE
;
8763 if (ssh
->cfg
.ssh2_des_cbc
!= cfg
->ssh2_des_cbc
||
8764 memcmp(ssh
->cfg
.ssh_cipherlist
, cfg
->ssh_cipherlist
,
8765 sizeof(ssh
->cfg
.ssh_cipherlist
))) {
8766 rekeying
= "cipher settings changed";
8767 rekey_mandatory
= TRUE
;
8770 ssh
->cfg
= *cfg
; /* STRUCTURE COPY */
8773 if (!ssh
->kex_in_progress
) {
8774 do_ssh2_transport(ssh
, rekeying
, -1, NULL
);
8775 } else if (rekey_mandatory
) {
8776 ssh
->deferred_rekey_reason
= rekeying
;
8782 * Called to send data down the SSH connection.
8784 static int ssh_send(void *handle
, char *buf
, int len
)
8786 Ssh ssh
= (Ssh
) handle
;
8788 if (ssh
== NULL
|| ssh
->s
== NULL
|| ssh
->protocol
== NULL
)
8791 ssh
->protocol(ssh
, (unsigned char *)buf
, len
, 0);
8793 return ssh_sendbuffer(ssh
);
8797 * Called to query the current amount of buffered stdin data.
8799 static int ssh_sendbuffer(void *handle
)
8801 Ssh ssh
= (Ssh
) handle
;
8804 if (ssh
== NULL
|| ssh
->s
== NULL
|| ssh
->protocol
== NULL
)
8808 * If the SSH socket itself has backed up, add the total backup
8809 * size on that to any individual buffer on the stdin channel.
8812 if (ssh
->throttled_all
)
8813 override_value
= ssh
->overall_bufsize
;
8815 if (ssh
->version
== 1) {
8816 return override_value
;
8817 } else if (ssh
->version
== 2) {
8818 if (!ssh
->mainchan
|| ssh
->mainchan
->closes
> 0)
8819 return override_value
;
8821 return (override_value
+
8822 bufchain_size(&ssh
->mainchan
->v
.v2
.outbuffer
));
8829 * Called to set the size of the window from SSH's POV.
8831 static void ssh_size(void *handle
, int width
, int height
)
8833 Ssh ssh
= (Ssh
) handle
;
8834 struct Packet
*pktout
;
8836 ssh
->term_width
= width
;
8837 ssh
->term_height
= height
;
8839 switch (ssh
->state
) {
8840 case SSH_STATE_BEFORE_SIZE
:
8841 case SSH_STATE_PREPACKET
:
8842 case SSH_STATE_CLOSED
:
8843 break; /* do nothing */
8844 case SSH_STATE_INTERMED
:
8845 ssh
->size_needed
= TRUE
; /* buffer for later */
8847 case SSH_STATE_SESSION
:
8848 if (!ssh
->cfg
.nopty
) {
8849 if (ssh
->version
== 1) {
8850 send_packet(ssh
, SSH1_CMSG_WINDOW_SIZE
,
8851 PKT_INT
, ssh
->term_height
,
8852 PKT_INT
, ssh
->term_width
,
8853 PKT_INT
, 0, PKT_INT
, 0, PKT_END
);
8854 } else if (ssh
->mainchan
) {
8855 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST
);
8856 ssh2_pkt_adduint32(pktout
, ssh
->mainchan
->remoteid
);
8857 ssh2_pkt_addstring(pktout
, "window-change");
8858 ssh2_pkt_addbool(pktout
, 0);
8859 ssh2_pkt_adduint32(pktout
, ssh
->term_width
);
8860 ssh2_pkt_adduint32(pktout
, ssh
->term_height
);
8861 ssh2_pkt_adduint32(pktout
, 0);
8862 ssh2_pkt_adduint32(pktout
, 0);
8863 ssh2_pkt_send(ssh
, pktout
);
8871 * Return a list of the special codes that make sense in this
8874 static const struct telnet_special
*ssh_get_specials(void *handle
)
8876 static const struct telnet_special ssh1_ignore_special
[] = {
8877 {"IGNORE message", TS_NOP
}
8879 static const struct telnet_special ssh2_transport_specials
[] = {
8880 {"IGNORE message", TS_NOP
},
8881 {"Repeat key exchange", TS_REKEY
},
8883 static const struct telnet_special ssh2_session_specials
[] = {
8886 /* These are the signal names defined by draft-ietf-secsh-connect-23.
8887 * They include all the ISO C signals, but are a subset of the POSIX
8888 * required signals. */
8889 {"SIGINT (Interrupt)", TS_SIGINT
},
8890 {"SIGTERM (Terminate)", TS_SIGTERM
},
8891 {"SIGKILL (Kill)", TS_SIGKILL
},
8892 {"SIGQUIT (Quit)", TS_SIGQUIT
},
8893 {"SIGHUP (Hangup)", TS_SIGHUP
},
8894 {"More signals", TS_SUBMENU
},
8895 {"SIGABRT", TS_SIGABRT
}, {"SIGALRM", TS_SIGALRM
},
8896 {"SIGFPE", TS_SIGFPE
}, {"SIGILL", TS_SIGILL
},
8897 {"SIGPIPE", TS_SIGPIPE
}, {"SIGSEGV", TS_SIGSEGV
},
8898 {"SIGUSR1", TS_SIGUSR1
}, {"SIGUSR2", TS_SIGUSR2
},
8901 static const struct telnet_special specials_end
[] = {
8904 /* XXX review this length for any changes: */
8905 static struct telnet_special ssh_specials
[lenof(ssh2_transport_specials
) +
8906 lenof(ssh2_session_specials
) +
8907 lenof(specials_end
)];
8908 Ssh ssh
= (Ssh
) handle
;
8910 #define ADD_SPECIALS(name) \
8912 assert((i + lenof(name)) <= lenof(ssh_specials)); \
8913 memcpy(&ssh_specials[i], name, sizeof name); \
8917 if (ssh
->version
== 1) {
8918 /* Don't bother offering IGNORE if we've decided the remote
8919 * won't cope with it, since we wouldn't bother sending it if
8921 if (!(ssh
->remote_bugs
& BUG_CHOKES_ON_SSH1_IGNORE
))
8922 ADD_SPECIALS(ssh1_ignore_special
);
8923 } else if (ssh
->version
== 2) {
8924 ADD_SPECIALS(ssh2_transport_specials
);
8926 ADD_SPECIALS(ssh2_session_specials
);
8927 } /* else we're not ready yet */
8930 ADD_SPECIALS(specials_end
);
8931 return ssh_specials
;
8939 * Send special codes. TS_EOF is useful for `plink', so you
8940 * can send an EOF and collect resulting output (e.g. `plink
8943 static void ssh_special(void *handle
, Telnet_Special code
)
8945 Ssh ssh
= (Ssh
) handle
;
8946 struct Packet
*pktout
;
8948 if (code
== TS_EOF
) {
8949 if (ssh
->state
!= SSH_STATE_SESSION
) {
8951 * Buffer the EOF in case we are pre-SESSION, so we can
8952 * send it as soon as we reach SESSION.
8955 ssh
->eof_needed
= TRUE
;
8958 if (ssh
->version
== 1) {
8959 send_packet(ssh
, SSH1_CMSG_EOF
, PKT_END
);
8960 } else if (ssh
->mainchan
) {
8961 struct Packet
*pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_EOF
);
8962 ssh2_pkt_adduint32(pktout
, ssh
->mainchan
->remoteid
);
8963 ssh2_pkt_send(ssh
, pktout
);
8964 ssh
->send_ok
= 0; /* now stop trying to read from stdin */
8966 logevent("Sent EOF message");
8967 } else if (code
== TS_PING
|| code
== TS_NOP
) {
8968 if (ssh
->state
== SSH_STATE_CLOSED
8969 || ssh
->state
== SSH_STATE_PREPACKET
) return;
8970 if (ssh
->version
== 1) {
8971 if (!(ssh
->remote_bugs
& BUG_CHOKES_ON_SSH1_IGNORE
))
8972 send_packet(ssh
, SSH1_MSG_IGNORE
, PKT_STR
, "", PKT_END
);
8974 pktout
= ssh2_pkt_init(SSH2_MSG_IGNORE
);
8975 ssh2_pkt_addstring_start(pktout
);
8976 ssh2_pkt_send_noqueue(ssh
, pktout
);
8978 } else if (code
== TS_REKEY
) {
8979 if (!ssh
->kex_in_progress
&& ssh
->version
== 2) {
8980 do_ssh2_transport(ssh
, "at user request", -1, NULL
);
8982 } else if (code
== TS_BRK
) {
8983 if (ssh
->state
== SSH_STATE_CLOSED
8984 || ssh
->state
== SSH_STATE_PREPACKET
) return;
8985 if (ssh
->version
== 1) {
8986 logevent("Unable to send BREAK signal in SSH-1");
8987 } else if (ssh
->mainchan
) {
8988 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST
);
8989 ssh2_pkt_adduint32(pktout
, ssh
->mainchan
->remoteid
);
8990 ssh2_pkt_addstring(pktout
, "break");
8991 ssh2_pkt_addbool(pktout
, 0);
8992 ssh2_pkt_adduint32(pktout
, 0); /* default break length */
8993 ssh2_pkt_send(ssh
, pktout
);
8996 /* Is is a POSIX signal? */
8997 char *signame
= NULL
;
8998 if (code
== TS_SIGABRT
) signame
= "ABRT";
8999 if (code
== TS_SIGALRM
) signame
= "ALRM";
9000 if (code
== TS_SIGFPE
) signame
= "FPE";
9001 if (code
== TS_SIGHUP
) signame
= "HUP";
9002 if (code
== TS_SIGILL
) signame
= "ILL";
9003 if (code
== TS_SIGINT
) signame
= "INT";
9004 if (code
== TS_SIGKILL
) signame
= "KILL";
9005 if (code
== TS_SIGPIPE
) signame
= "PIPE";
9006 if (code
== TS_SIGQUIT
) signame
= "QUIT";
9007 if (code
== TS_SIGSEGV
) signame
= "SEGV";
9008 if (code
== TS_SIGTERM
) signame
= "TERM";
9009 if (code
== TS_SIGUSR1
) signame
= "USR1";
9010 if (code
== TS_SIGUSR2
) signame
= "USR2";
9011 /* The SSH-2 protocol does in principle support arbitrary named
9012 * signals, including signame@domain, but we don't support those. */
9014 /* It's a signal. */
9015 if (ssh
->version
== 2 && ssh
->mainchan
) {
9016 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST
);
9017 ssh2_pkt_adduint32(pktout
, ssh
->mainchan
->remoteid
);
9018 ssh2_pkt_addstring(pktout
, "signal");
9019 ssh2_pkt_addbool(pktout
, 0);
9020 ssh2_pkt_addstring(pktout
, signame
);
9021 ssh2_pkt_send(ssh
, pktout
);
9022 logeventf(ssh
, "Sent signal SIG%s", signame
);
9025 /* Never heard of it. Do nothing */
9030 void *new_sock_channel(void *handle
, Socket s
)
9032 Ssh ssh
= (Ssh
) handle
;
9033 struct ssh_channel
*c
;
9034 c
= snew(struct ssh_channel
);
9039 c
->localid
= alloc_channel_id(ssh
);
9041 c
->type
= CHAN_SOCKDATA_DORMANT
;/* identify channel type */
9043 bufchain_init(&c
->v
.v2
.outbuffer
);
9044 add234(ssh
->channels
, c
);
9050 * This is called when stdout/stderr (the entity to which
9051 * from_backend sends data) manages to clear some backlog.
9053 static void ssh_unthrottle(void *handle
, int bufsize
)
9055 Ssh ssh
= (Ssh
) handle
;
9056 if (ssh
->version
== 1) {
9057 if (ssh
->v1_stdout_throttling
&& bufsize
< SSH1_BUFFER_LIMIT
) {
9058 ssh
->v1_stdout_throttling
= 0;
9059 ssh1_throttle(ssh
, -1);
9062 ssh2_set_window(ssh
->mainchan
, OUR_V2_WINSIZE
- bufsize
);
9066 void ssh_send_port_open(void *channel
, char *hostname
, int port
, char *org
)
9068 struct ssh_channel
*c
= (struct ssh_channel
*)channel
;
9070 struct Packet
*pktout
;
9072 logeventf(ssh
, "Opening forwarded connection to %s:%d", hostname
, port
);
9074 if (ssh
->version
== 1) {
9075 send_packet(ssh
, SSH1_MSG_PORT_OPEN
,
9076 PKT_INT
, c
->localid
,
9079 /* PKT_STR, <org:orgport>, */
9082 pktout
= ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN
);
9083 ssh2_pkt_addstring(pktout
, "direct-tcpip");
9084 ssh2_pkt_adduint32(pktout
, c
->localid
);
9085 c
->v
.v2
.locwindow
= OUR_V2_WINSIZE
;
9086 ssh2_pkt_adduint32(pktout
, c
->v
.v2
.locwindow
);/* our window size */
9087 ssh2_pkt_adduint32(pktout
, OUR_V2_MAXPKT
); /* our max pkt size */
9088 ssh2_pkt_addstring(pktout
, hostname
);
9089 ssh2_pkt_adduint32(pktout
, port
);
9091 * We make up values for the originator data; partly it's
9092 * too much hassle to keep track, and partly I'm not
9093 * convinced the server should be told details like that
9094 * about my local network configuration.
9095 * The "originator IP address" is syntactically a numeric
9096 * IP address, and some servers (e.g., Tectia) get upset
9097 * if it doesn't match this syntax.
9099 ssh2_pkt_addstring(pktout
, "0.0.0.0");
9100 ssh2_pkt_adduint32(pktout
, 0);
9101 ssh2_pkt_send(ssh
, pktout
);
9105 static int ssh_connected(void *handle
)
9107 Ssh ssh
= (Ssh
) handle
;
9108 return ssh
->s
!= NULL
;
9111 static int ssh_sendok(void *handle
)
9113 Ssh ssh
= (Ssh
) handle
;
9114 return ssh
->send_ok
;
9117 static int ssh_ldisc(void *handle
, int option
)
9119 Ssh ssh
= (Ssh
) handle
;
9120 if (option
== LD_ECHO
)
9121 return ssh
->echoing
;
9122 if (option
== LD_EDIT
)
9123 return ssh
->editing
;
9127 static void ssh_provide_ldisc(void *handle
, void *ldisc
)
9129 Ssh ssh
= (Ssh
) handle
;
9133 static void ssh_provide_logctx(void *handle
, void *logctx
)
9135 Ssh ssh
= (Ssh
) handle
;
9136 ssh
->logctx
= logctx
;
9139 static int ssh_return_exitcode(void *handle
)
9141 Ssh ssh
= (Ssh
) handle
;
9145 return (ssh
->exitcode
>= 0 ? ssh
->exitcode
: INT_MAX
);
9149 * cfg_info for SSH is the currently running version of the
9150 * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
9152 static int ssh_cfg_info(void *handle
)
9154 Ssh ssh
= (Ssh
) handle
;
9155 return ssh
->version
;
9159 * Gross hack: pscp will try to start SFTP but fall back to scp1 if
9160 * that fails. This variable is the means by which scp.c can reach
9161 * into the SSH code and find out which one it got.
9163 extern int ssh_fallback_cmd(void *handle
)
9165 Ssh ssh
= (Ssh
) handle
;
9166 return ssh
->fallback_cmd
;
9169 Backend ssh_backend
= {
9179 ssh_return_exitcode
,