X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/0db56f733e15942e0fce3b28f427d4f15a1513aa..f419e49248fa5343da5b472c99728fc39a22bad8:/ssh.c diff --git a/ssh.c b/ssh.c index 8aa6437d..4023dd6d 100644 --- a/ssh.c +++ b/ssh.c @@ -46,10 +46,15 @@ #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */ #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */ #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */ +#define SSH1_SMSG_X11_OPEN 27 /* 0x1b */ +#define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */ +#define SSH1_MSG_PORT_OPEN 29 /* 0x1d */ #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */ #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */ -#define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */ #define SSH1_MSG_IGNORE 32 /* 0x20 */ +#define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */ +#define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */ +#define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */ #define SSH1_MSG_DEBUG 36 /* 0x24 */ #define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */ #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */ @@ -160,6 +165,11 @@ extern const struct ssh_cipher ssh_des; extern const struct ssh_cipher ssh_blowfish_ssh1; extern const struct ssh_cipher ssh_blowfish_ssh2; +extern char *x11_init (Socket *, char *, void *, char **); +extern void x11_close (Socket); +extern void x11_send (Socket , char *, int); +extern void x11_invent_auth(char *, int, char *, int); + /* * Ciphers for SSH2. We miss out single-DES because it isn't * supported; also 3DES and Blowfish are both done differently from @@ -214,6 +224,9 @@ struct ssh_channel { unsigned char msglen[4]; int lensofar, totallen; } a; + struct ssh_x11_channel { + Socket s; + } x11; struct ssh2_data_channel { unsigned char *outbuffer; unsigned outbuflen, outbufsize; @@ -238,6 +251,7 @@ static Socket s = NULL; static unsigned char session_key[32]; static int ssh1_compressing; static int ssh_agentfwd_enabled; +static int ssh_X11_fwd_enabled; static const struct ssh_cipher *cipher = NULL; static const struct ssh_cipher *cscipher = NULL; static const struct ssh_cipher *sccipher = NULL; @@ -257,13 +271,14 @@ static tree234 *ssh_channels; /* indexed by local id */ static struct ssh_channel *mainchan; /* primary session channel */ static enum { + SSH_STATE_PREPACKET, SSH_STATE_BEFORE_SIZE, SSH_STATE_INTERMED, SSH_STATE_SESSION, SSH_STATE_CLOSED -} ssh_state = SSH_STATE_BEFORE_SIZE; +} ssh_state = SSH_STATE_PREPACKET; -static int size_needed = FALSE; +static int size_needed = FALSE, eof_needed = FALSE; static struct Packet pktin = { 0, 0, NULL, NULL, 0 }; static struct Packet pktout = { 0, 0, NULL, NULL, 0 }; @@ -273,6 +288,7 @@ static void (*ssh_protocol)(unsigned char *in, int inlen, int ispkt); static void ssh1_protocol(unsigned char *in, int inlen, int ispkt); static void ssh2_protocol(unsigned char *in, int inlen, int ispkt); static void ssh_size(void); +static void ssh_special (Telnet_Special); static int (*s_rdpkt)(unsigned char **data, int *datalen); @@ -1072,6 +1088,7 @@ static int do_ssh_init(unsigned char c) { ssh_version = 1; s_rdpkt = ssh1_rdpkt; } + ssh_state = SSH_STATE_BEFORE_SIZE; crFinish(0); } @@ -1121,6 +1138,7 @@ static void ssh_gotdata(unsigned char *data, int datalen) static int ssh_receive(Socket skt, int urgent, char *data, int len) { if (!len) { /* Connection has closed. */ + ssh_state = SSH_STATE_CLOSED; sk_close(s); s = NULL; return 0; @@ -1180,7 +1198,7 @@ static char *connect_to_host(char *host, int port, char **realhost) /* * Open socket. */ - s = sk_new(addr, port, ssh_receive); + s = sk_new(addr, port, 0, ssh_receive); if ( (err = sk_socket_error(s)) ) return err; @@ -1715,6 +1733,25 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) crFinish(1); } +void sshfwd_close(struct ssh_channel *c) { + + if (c) { + send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid, PKT_END); + logevent("X11 connection terminated"); + c->closes = 1; + c->u.x11.s = NULL; + } +} + +void sshfwd_write(struct ssh_channel *c, char *buf, int len) { + + send_packet(SSH1_MSG_CHANNEL_DATA, + PKT_INT, c->remoteid, + PKT_INT, len, + PKT_DATA, buf, len, + PKT_END); +} + static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { crBegin; @@ -1741,6 +1778,26 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { } } + if (cfg.x11_forward) { + char proto[20], data[64]; + logevent("Requesting X11 forwarding"); + x11_invent_auth(proto, sizeof(proto), data, sizeof(data)); + send_packet(SSH1_CMSG_X11_REQUEST_FORWARDING, + PKT_STR, proto, PKT_STR, data, + PKT_INT, 0, + PKT_END); + do { crReturnV; } while (!ispkt); + if (pktin.type != SSH1_SMSG_SUCCESS && pktin.type != SSH1_SMSG_FAILURE) { + bombout(("Protocol confusion")); + crReturnV; + } else if (pktin.type == SSH1_SMSG_FAILURE) { + logevent("X11 forwarding refused"); + } else { + logevent("X11 forwarding enabled"); + ssh_X11_fwd_enabled = TRUE; + } + } + if (!cfg.nopty) { send_packet(SSH1_CMSG_REQUEST_PTY, PKT_STR, cfg.termtype, @@ -1783,6 +1840,8 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { ssh_state = SSH_STATE_SESSION; if (size_needed) ssh_size(); + if (eof_needed) + ssh_special(TS_EOF); ssh_send_ok = 1; ssh_channels = newtree234(ssh_channelcmp); @@ -1799,6 +1858,49 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { ssh_state = SSH_STATE_CLOSED; logevent("Received disconnect request"); crReturnV; + } else if (pktin.type == SSH1_SMSG_X11_OPEN) { + /* Remote side is trying to open a channel to talk to our + * X-Server. Give them back a local channel number. */ + unsigned i; + struct ssh_channel *c, *d; + enum234 e; + + logevent("Received X11 connect request"); + /* Refuse if X11 forwarding is disabled. */ + if (!ssh_X11_fwd_enabled) { + send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE, + PKT_INT, GET_32BIT(pktin.body), + PKT_END); + logevent("Rejected X11 connect request"); + } else { + char *rh; + + c = smalloc(sizeof(struct ssh_channel)); + + if ( x11_init(&c->u.x11.s, cfg.x11_display, c, &rh) != NULL ) { + logevent("opening X11 forward connection failed"); + sfree(c); + send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE, + PKT_INT, GET_32BIT(pktin.body), + PKT_END); + } else { + logevent("opening X11 forward connection succeeded"); + for (i=1, d = first234(ssh_channels, &e); d; d = next234(&e)) { + if (d->localid > i) + break; /* found a free number */ + i = d->localid + 1; + } + c->remoteid = GET_32BIT(pktin.body); + c->localid = i; + c->closes = 0; + c->type = SSH1_SMSG_X11_OPEN;/* identify channel type */ + add234(ssh_channels, c); + send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION, + PKT_INT, c->remoteid, PKT_INT, c->localid, + PKT_END); + logevent("Opened X11 forward channel"); + } + } } else if (pktin.type == SSH1_SMSG_AGENT_OPEN) { /* Remote side is trying to open a channel to talk to our * agent. Give them back a local channel number. */ @@ -1839,6 +1941,12 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { int closetype; closetype = (pktin.type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2); send_packet(pktin.type, PKT_INT, c->remoteid, PKT_END); + if ((c->closes == 0) && (c->type == SSH1_SMSG_X11_OPEN)) { + logevent("X11 connection closed"); + assert(c->u.x11.s != NULL); + x11_close(c->u.x11.s); + c->u.x11.s = NULL; + } c->closes |= closetype; if (c->closes == 3) { del234(ssh_channels, c); @@ -1854,6 +1962,9 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { c = find234(ssh_channels, &i, ssh_channelfind); if (c) { switch(c->type) { + case SSH1_SMSG_X11_OPEN: + x11_send(c->u.x11.s, p, len); + break; case SSH1_SMSG_AGENT_OPEN: /* Data for an agent message. Buffer it. */ while (len > 0) { @@ -2273,7 +2384,7 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) * Set IVs after keys. */ ssh2_mkkey(K, exchange_hash, 'C', keyspace); cscipher->setcskey(keyspace); - ssh2_mkkey(K, exchange_hash, 'D', keyspace); cscipher->setsckey(keyspace); + ssh2_mkkey(K, exchange_hash, 'D', keyspace); sccipher->setsckey(keyspace); ssh2_mkkey(K, exchange_hash, 'A', keyspace); cscipher->setcsiv(keyspace); ssh2_mkkey(K, exchange_hash, 'B', keyspace); sccipher->setsciv(keyspace); ssh2_mkkey(K, exchange_hash, 'E', keyspace); csmac->setcskey(keyspace); @@ -2562,6 +2673,8 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) ssh_state = SSH_STATE_SESSION; if (size_needed) ssh_size(); + if (eof_needed) + ssh_special(TS_EOF); /* * Transfer data! @@ -2726,6 +2839,7 @@ static void ssh_send (char *buf, int len) { static void ssh_size(void) { switch (ssh_state) { case SSH_STATE_BEFORE_SIZE: + case SSH_STATE_PREPACKET: case SSH_STATE_CLOSED: break; /* do nothing */ case SSH_STATE_INTERMED: @@ -2749,6 +2863,7 @@ static void ssh_size(void) { ssh2_pkt_send(); } } + break; } } @@ -2759,6 +2874,15 @@ static void ssh_size(void) { */ static void ssh_special (Telnet_Special code) { if (code == TS_EOF) { + if (ssh_state != SSH_STATE_SESSION) { + /* + * Buffer the EOF in case we are pre-SESSION, so we can + * send it as soon as we reach SESSION. + */ + if (code == TS_EOF) + eof_needed = TRUE; + return; + } if (ssh_version == 1) { send_packet(SSH1_CMSG_EOF, PKT_END); } else { @@ -2768,6 +2892,8 @@ static void ssh_special (Telnet_Special code) { } logevent("Sent EOF message"); } else if (code == TS_PING) { + if (ssh_state == SSH_STATE_CLOSED || ssh_state == SSH_STATE_PREPACKET) + return; if (ssh_version == 1) { send_packet(SSH1_MSG_IGNORE, PKT_STR, "", PKT_END); } else {