X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/340cf649ea4e6fecb7aedc44ce8914f81d3ae5d8..0965bee0865fd8ea129b2de62a3c50e09c59a184:/ssh.c diff --git a/ssh.c b/ssh.c index 3eddd7bb..44075a7e 100644 --- a/ssh.c +++ b/ssh.c @@ -46,11 +46,17 @@ #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */ #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */ #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */ +#define SSH1_SMSG_X11_OPEN 27 /* 0x1b */ +#define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */ +#define SSH1_MSG_PORT_OPEN 29 /* 0x1d */ #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */ #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */ -#define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */ #define SSH1_MSG_IGNORE 32 /* 0x20 */ +#define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */ +#define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */ +#define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */ #define SSH1_MSG_DEBUG 36 /* 0x24 */ +#define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */ #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */ #define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */ #define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */ @@ -159,6 +165,11 @@ extern const struct ssh_cipher ssh_des; extern const struct ssh_cipher ssh_blowfish_ssh1; extern const struct ssh_cipher ssh_blowfish_ssh2; +extern char *x11_init (Socket *, char *, void *); +extern void x11_close (Socket); +extern void x11_send (Socket , char *, int); +extern void x11_invent_auth(char *, int, char *, int); + /* * Ciphers for SSH2. We miss out single-DES because it isn't * supported; also 3DES and Blowfish are both done differently from @@ -170,8 +181,8 @@ const static struct ssh_cipher *ciphers[] = { &ssh_blowfish_ssh2, &ssh_3des_ssh2 extern const struct ssh_kex ssh_diffiehellman; const static struct ssh_kex *kex_algs[] = { &ssh_diffiehellman }; -extern const struct ssh_hostkey ssh_dss; -const static struct ssh_hostkey *hostkey_algs[] = { &ssh_dss }; +extern const struct ssh_signkey ssh_dss; +const static struct ssh_signkey *hostkey_algs[] = { &ssh_dss }; extern const struct ssh_mac ssh_md5, ssh_sha1, ssh_sha1_buggy; @@ -186,10 +197,25 @@ const static struct ssh_mac *macs[] = { const static struct ssh_mac *buggymacs[] = { &ssh_sha1_buggy, &ssh_md5, &ssh_mac_none }; +static void ssh_comp_none_init(void) { } +static int ssh_comp_none_block(unsigned char *block, int len, + unsigned char **outblock, int *outlen) { + return 0; +} const static struct ssh_compress ssh_comp_none = { - "none" + "none", + ssh_comp_none_init, ssh_comp_none_block, + ssh_comp_none_init, ssh_comp_none_block +}; +extern const struct ssh_compress ssh_zlib; +const static struct ssh_compress *compressions[] = { + &ssh_zlib, &ssh_comp_none }; + +enum { /* channel types */ + CHAN_MAINSESSION, + CHAN_X11, + CHAN_AGENT, }; -const static struct ssh_compress *compressions[] = { &ssh_comp_none }; /* * 2-3-4 tree storing channels. @@ -198,17 +224,20 @@ struct ssh_channel { unsigned remoteid, localid; int type; int closes; + struct ssh2_data_channel { + unsigned char *outbuffer; + unsigned outbuflen, outbufsize; + unsigned remwindow, remmaxpkt; + } v2; union { struct ssh_agent_channel { unsigned char *message; unsigned char msglen[4]; int lensofar, totallen; } a; - struct ssh2_data_channel { - unsigned char *outbuffer; - unsigned outbuflen, outbufsize; - unsigned remwindow, remmaxpkt; - } v2; + struct ssh_x11_channel { + Socket s; + } x11; } u; }; @@ -221,11 +250,14 @@ struct Packet { long maxlen; }; -static SHA_State exhash; +static SHA_State exhash, exhashbase; static Socket s = NULL; static unsigned char session_key[32]; +static int ssh1_compressing; +static int ssh_agentfwd_enabled; +static int ssh_X11_fwd_enabled; static const struct ssh_cipher *cipher = NULL; static const struct ssh_cipher *cscipher = NULL; static const struct ssh_cipher *sccipher = NULL; @@ -234,24 +266,26 @@ static const struct ssh_mac *scmac = NULL; static const struct ssh_compress *cscomp = NULL; static const struct ssh_compress *sccomp = NULL; static const struct ssh_kex *kex = NULL; -static const struct ssh_hostkey *hostkey = NULL; +static const struct ssh_signkey *hostkey = NULL; int (*ssh_get_password)(const char *prompt, char *str, int maxlen) = NULL; static char *savedhost; static int savedport; static int ssh_send_ok; +static int ssh_echoing, ssh_editing; static tree234 *ssh_channels; /* indexed by local id */ static struct ssh_channel *mainchan; /* primary session channel */ static enum { + SSH_STATE_PREPACKET, SSH_STATE_BEFORE_SIZE, SSH_STATE_INTERMED, SSH_STATE_SESSION, SSH_STATE_CLOSED -} ssh_state = SSH_STATE_BEFORE_SIZE; +} ssh_state = SSH_STATE_PREPACKET; -static int size_needed = FALSE; +static int size_needed = FALSE, eof_needed = FALSE; static struct Packet pktin = { 0, 0, NULL, NULL, 0 }; static struct Packet pktout = { 0, 0, NULL, NULL, 0 }; @@ -261,6 +295,9 @@ static void (*ssh_protocol)(unsigned char *in, int inlen, int ispkt); static void ssh1_protocol(unsigned char *in, int inlen, int ispkt); static void ssh2_protocol(unsigned char *in, int inlen, int ispkt); static void ssh_size(void); +static void ssh_special (Telnet_Special); +static void ssh2_try_send(struct ssh_channel *c); +static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len); static int (*s_rdpkt)(unsigned char **data, int *datalen); @@ -343,8 +380,8 @@ next_packet: if (pktin.maxlen < st->biglen) { pktin.maxlen = st->biglen; - pktin.data = (pktin.data == NULL ? malloc(st->biglen+APIEXTRA) : - realloc(pktin.data, st->biglen+APIEXTRA)); + pktin.data = (pktin.data == NULL ? smalloc(st->biglen+APIEXTRA) : + srealloc(pktin.data, st->biglen+APIEXTRA)); if (!pktin.data) fatalbox("Out of memory"); } @@ -373,9 +410,6 @@ next_packet: debug(("\r\n")); #endif - pktin.type = pktin.data[st->pad]; - pktin.body = pktin.data + st->pad + 1; - st->realcrc = crc32(pktin.data, st->biglen-4); st->gotcrc = GET_32BIT(pktin.data+st->biglen-4); if (st->gotcrc != st->realcrc) { @@ -383,6 +417,40 @@ next_packet: crReturn(0); } + pktin.body = pktin.data + st->pad + 1; + + if (ssh1_compressing) { + unsigned char *decompblk; + int decomplen; +#if 0 + int i; + debug(("Packet payload pre-decompression:\n")); + for (i = -1; i < pktin.length; i++) + debug((" %02x", (unsigned char)pktin.body[i])); + debug(("\r\n")); +#endif + zlib_decompress_block(pktin.body-1, pktin.length+1, + &decompblk, &decomplen); + + if (pktin.maxlen < st->pad + decomplen) { + pktin.maxlen = st->pad + decomplen; + pktin.data = srealloc(pktin.data, pktin.maxlen+APIEXTRA); + pktin.body = pktin.data + st->pad + 1; + if (!pktin.data) + fatalbox("Out of memory"); + } + + memcpy(pktin.body-1, decompblk, decomplen); + sfree(decompblk); + pktin.length = decomplen-1; +#if 0 + debug(("Packet payload post-decompression:\n")); + for (i = -1; i < pktin.length; i++) + debug((" %02x", (unsigned char)pktin.body[i])); + debug(("\r\n")); +#endif + } + if (pktin.type == SSH1_SMSG_STDOUT_DATA || pktin.type == SSH1_SMSG_STDERR_DATA || pktin.type == SSH1_MSG_DEBUG || @@ -395,6 +463,8 @@ next_packet: } } + pktin.type = pktin.body[-1]; + if (pktin.type == SSH1_MSG_DEBUG) { /* log debug message */ char buf[80]; @@ -431,8 +501,8 @@ next_packet: if (pktin.maxlen < st->cipherblk) { pktin.maxlen = st->cipherblk; - pktin.data = (pktin.data == NULL ? malloc(st->cipherblk+APIEXTRA) : - realloc(pktin.data, st->cipherblk+APIEXTRA)); + pktin.data = (pktin.data == NULL ? smalloc(st->cipherblk+APIEXTRA) : + srealloc(pktin.data, st->cipherblk+APIEXTRA)); if (!pktin.data) fatalbox("Out of memory"); } @@ -479,8 +549,8 @@ next_packet: */ if (pktin.maxlen < st->packetlen+st->maclen) { pktin.maxlen = st->packetlen+st->maclen; - pktin.data = (pktin.data == NULL ? malloc(pktin.maxlen+APIEXTRA) : - realloc(pktin.data, pktin.maxlen+APIEXTRA)); + pktin.data = (pktin.data == NULL ? smalloc(pktin.maxlen+APIEXTRA) : + srealloc(pktin.data, pktin.maxlen+APIEXTRA)); if (!pktin.data) fatalbox("Out of memory"); } @@ -515,6 +585,34 @@ next_packet: } st->incoming_sequence++; /* whether or not we MACed */ + /* + * Decompress packet payload. + */ + { + unsigned char *newpayload; + int newlen; + if (sccomp && sccomp->decompress(pktin.data+5, pktin.length-5, + &newpayload, &newlen)) { + if (pktin.maxlen < newlen+5) { + pktin.maxlen = newlen+5; + pktin.data = (pktin.data == NULL ? smalloc(pktin.maxlen+APIEXTRA) : + srealloc(pktin.data, pktin.maxlen+APIEXTRA)); + if (!pktin.data) + fatalbox("Out of memory"); + } + pktin.length = 5 + newlen; + memcpy(pktin.data+5, newpayload, newlen); +#if 0 + debug(("Post-decompression payload:\r\n")); + for (st->i = 0; st->i < newlen; st->i++) + debug((" %02x", (unsigned char)pktin.data[5+st->i])); + debug(("\r\n")); +#endif + + sfree(newpayload); + } + } + pktin.savedpos = 6; pktin.type = pktin.data[5]; @@ -524,7 +622,7 @@ next_packet: crFinish(0); } -static void s_wrpkt_start(int type, int len) { +static void ssh1_pktout_size(int len) { int pad, biglen; len += 5; /* type and CRC */ @@ -537,29 +635,55 @@ static void s_wrpkt_start(int type, int len) { #ifdef MSCRYPTOAPI /* Allocate enough buffer space for extra block * for MS CryptEncrypt() */ - pktout.data = (pktout.data == NULL ? malloc(biglen+12) : - realloc(pktout.data, biglen+12)); + pktout.data = (pktout.data == NULL ? smalloc(biglen+12) : + srealloc(pktout.data, biglen+12)); #else - pktout.data = (pktout.data == NULL ? malloc(biglen+4) : - realloc(pktout.data, biglen+4)); + pktout.data = (pktout.data == NULL ? smalloc(biglen+4) : + srealloc(pktout.data, biglen+4)); #endif if (!pktout.data) fatalbox("Out of memory"); } + pktout.body = pktout.data+4+pad+1; +} +static void s_wrpkt_start(int type, int len) { + ssh1_pktout_size(len); pktout.type = type; - pktout.body = pktout.data+4+pad+1; } static void s_wrpkt(void) { int pad, len, biglen, i; unsigned long crc; + pktout.body[-1] = pktout.type; + + if (ssh1_compressing) { + unsigned char *compblk; + int complen; +#if 0 + debug(("Packet payload pre-compression:\n")); + for (i = -1; i < pktout.length; i++) + debug((" %02x", (unsigned char)pktout.body[i])); + debug(("\r\n")); +#endif + zlib_compress_block(pktout.body-1, pktout.length+1, + &compblk, &complen); + ssh1_pktout_size(complen-1); + memcpy(pktout.body-1, compblk, complen); + sfree(compblk); +#if 0 + debug(("Packet payload post-compression:\n")); + for (i = -1; i < pktout.length; i++) + debug((" %02x", (unsigned char)pktout.body[i])); + debug(("\r\n")); +#endif + } + len = pktout.length + 5; /* type and CRC */ pad = 8 - (len%8); biglen = len + pad; - pktout.body[-1] = pktout.type; for (i=0; icompress(pktout.data+5, pktout.length-5, + &newpayload, &newlen)) { + pktout.length = 5; + ssh2_pkt_adddata(newpayload, newlen); + sfree(newpayload); + } + } + + /* * Add padding. At least four bytes, and must also bring total * length (minus MAC) up to a multiple of the block size. */ @@ -775,6 +922,8 @@ static void ssh2_pkt_send(void) { cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */ padding = 4; padding += (cipherblk - (pktout.length + padding) % cipherblk) % cipherblk; + maclen = csmac ? csmac->len : 0; + ssh2_pkt_ensure(pktout.length + padding + maclen); pktout.data[4] = padding; for (i = 0; i < padding; i++) pktout.data[pktout.length + i] = random_byte(); @@ -793,7 +942,6 @@ static void ssh2_pkt_send(void) { if (cscipher) cscipher->encrypt(pktout.data, pktout.length + padding); - maclen = csmac ? csmac->len : 0; sk_write(s, pktout.data, pktout.length + padding + maclen); } @@ -807,7 +955,7 @@ void bndebug(char *string, Bignum b) { for (i = 0; i < len; i++) debug((" %02x", p[i])); debug(("\r\n")); - free(p); + sfree(p); } #endif @@ -816,7 +964,7 @@ static void sha_mpint(SHA_State *s, Bignum b) { int len; p = ssh2_mpint_fmt(b, &len); sha_string(s, p, len); - free(p); + sfree(p); } /* @@ -907,6 +1055,7 @@ static int do_ssh_init(unsigned char c) { break; } + ssh_agentfwd_enabled = FALSE; rdpkt2_state.incoming_sequence = 0; *vsp = 0; @@ -923,12 +1072,12 @@ static int do_ssh_init(unsigned char c) { * This is a v2 server. Begin v2 protocol. */ char *verstring = "SSH-2.0-PuTTY"; - SHA_Init(&exhash); + SHA_Init(&exhashbase); /* * Hash our version string and their version string. */ - sha_string(&exhash, verstring, strlen(verstring)); - sha_string(&exhash, vstring, strcspn(vstring, "\r\n")); + sha_string(&exhashbase, verstring, strlen(verstring)); + sha_string(&exhashbase, vstring, strcspn(vstring, "\r\n")); sprintf(vstring, "%s\n", verstring); sprintf(vlog, "We claim version: %s", verstring); logevent(vlog); @@ -952,6 +1101,7 @@ static int do_ssh_init(unsigned char c) { ssh_version = 1; s_rdpkt = ssh1_rdpkt; } + ssh_state = SSH_STATE_BEFORE_SIZE; crFinish(0); } @@ -999,8 +1149,14 @@ static void ssh_gotdata(unsigned char *data, int datalen) } static int ssh_receive(Socket skt, int urgent, char *data, int len) { + if (urgent==3) { + /* A socket error has occurred. */ + connection_fatal(data); + len = 0; + } if (!len) { /* Connection has closed. */ + ssh_state = SSH_STATE_CLOSED; sk_close(s); s = NULL; return 0; @@ -1030,7 +1186,7 @@ static char *connect_to_host(char *host, int port, char **realhost) int FWport; #endif - savedhost = malloc(1+strlen(host)); + savedhost = smalloc(1+strlen(host)); if (!savedhost) fatalbox("Out of memory"); strcpy(savedhost, host); @@ -1060,7 +1216,7 @@ static char *connect_to_host(char *host, int port, char **realhost) /* * Open socket. */ - s = sk_new(addr, port, ssh_receive); + s = sk_new(addr, port, 0, ssh_receive); if ( (err = sk_socket_error(s)) ) return err; @@ -1136,7 +1292,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes); - rsabuf = malloc(len); + rsabuf = smalloc(len); if (!rsabuf) fatalbox("Out of memory"); @@ -1149,13 +1305,13 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) */ int len = rsastr_len(&hostkey); char fingerprint[100]; - char *keystr = malloc(len); + char *keystr = smalloc(len); if (!keystr) fatalbox("Out of memory"); rsastr_fmt(keystr, &hostkey); rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey); verify_ssh_host_key(savedhost, savedport, "rsa", keystr, fingerprint); - free(keystr); + sfree(keystr); } for (i=0; i<32; i++) { @@ -1197,7 +1353,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) logevent("Trying to enable encryption..."); - free(rsabuf); + sfree(rsabuf); cipher = cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 : cipher_type == SSH_CIPHER_DES ? &ssh_des : @@ -1255,20 +1411,20 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) c_write("\r\n", 2); username[strcspn(username, "\n\r")] = '\0'; } else { - char stuff[200]; strncpy(username, cfg.username, 99); username[99] = '\0'; - if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) { - sprintf(stuff, "Sent username \"%s\".\r\n", username); - c_write(stuff, strlen(stuff)); - } } send_packet(SSH1_CMSG_USER, PKT_STR, username, PKT_END); { - char userlog[20+sizeof(username)]; + char userlog[22+sizeof(username)]; sprintf(userlog, "Sent username \"%s\"", username); logevent(userlog); + if (flags & FLAG_INTERACTIVE && + (!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) { + strcat(userlog, "\r\n"); + c_write(userlog, strlen(userlog)); + } } } @@ -1341,7 +1497,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) len += ssh1_bignum_length(challenge); len += 16; /* session id */ len += 4; /* response format */ - agentreq = malloc(4 + len); + agentreq = smalloc(4 + len); PUT_32BIT(agentreq, len); q = agentreq + 4; *q++ = SSH_AGENTC_RSA_CHALLENGE; @@ -1353,13 +1509,13 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) memcpy(q, session_id, 16); q += 16; PUT_32BIT(q, 1); /* response format */ agent_query(agentreq, len+4, &ret, &retlen); - free(agentreq); + sfree(agentreq); if (ret) { if (ret[4] == SSH_AGENT_RSA_RESPONSE) { logevent("Sending Pageant's response"); send_packet(SSH1_CMSG_AUTH_RSA_RESPONSE, PKT_DATA, ret+5, 16, PKT_END); - free(ret); + sfree(ret); crWaitUntil(ispkt); if (pktin.type == SSH1_SMSG_SUCCESS) { logevent("Pageant's response accepted"); @@ -1374,7 +1530,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) logevent("Pageant's response not accepted"); } else { logevent("Pageant failed to answer challenge"); - free(ret); + sfree(ret); } } else { logevent("No reply received from Pageant"); @@ -1454,7 +1610,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) goto tryauth; } sprintf(prompt, "Passphrase for key \"%.100s\": ", comment); - free(comment); + sfree(comment); } if (ssh_get_password) { @@ -1595,6 +1751,36 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) crFinish(1); } +void sshfwd_close(struct ssh_channel *c) { + if (c) { + if (ssh_version == 1) { + send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid, PKT_END); + } else { + ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE); + ssh2_pkt_adduint32(c->remoteid); + ssh2_pkt_send(); + } + c->closes = 1; + if (c->type == CHAN_X11) { + c->u.x11.s = NULL; + logevent("X11 connection terminated"); + } + } +} + +void sshfwd_write(struct ssh_channel *c, char *buf, int len) { + if (ssh_version == 1) { + send_packet(SSH1_MSG_CHANNEL_DATA, + PKT_INT, c->remoteid, + PKT_INT, len, + PKT_DATA, buf, len, + PKT_END); + } else { + ssh2_add_channel_data(c, buf, len); + ssh2_try_send(c); + } +} + static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { crBegin; @@ -1615,8 +1801,30 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { crReturnV; } else if (pktin.type == SSH1_SMSG_FAILURE) { logevent("Agent forwarding refused"); - } else + } else { logevent("Agent forwarding enabled"); + ssh_agentfwd_enabled = TRUE; + } + } + + if (cfg.x11_forward) { + char proto[20], data[64]; + logevent("Requesting X11 forwarding"); + x11_invent_auth(proto, sizeof(proto), data, sizeof(data)); + send_packet(SSH1_CMSG_X11_REQUEST_FORWARDING, + PKT_STR, proto, PKT_STR, data, + PKT_INT, 0, + PKT_END); + do { crReturnV; } while (!ispkt); + if (pktin.type != SSH1_SMSG_SUCCESS && pktin.type != SSH1_SMSG_FAILURE) { + bombout(("Protocol confusion")); + crReturnV; + } else if (pktin.type == SSH1_SMSG_FAILURE) { + logevent("X11 forwarding refused"); + } else { + logevent("X11 forwarding enabled"); + ssh_X11_fwd_enabled = TRUE; + } } if (!cfg.nopty) { @@ -1633,8 +1841,26 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { crReturnV; } else if (pktin.type == SSH1_SMSG_FAILURE) { c_write("Server refused to allocate pty\r\n", 32); + ssh_editing = ssh_echoing = 1; } logevent("Allocated pty"); + } else { + ssh_editing = ssh_echoing = 1; + } + + if (cfg.compression) { + send_packet(SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END); + do { crReturnV; } while (!ispkt); + if (pktin.type != SSH1_SMSG_SUCCESS && pktin.type != SSH1_SMSG_FAILURE) { + bombout(("Protocol confusion")); + crReturnV; + } else if (pktin.type == SSH1_SMSG_FAILURE) { + c_write("Server refused to compress\r\n", 32); + } + logevent("Started compression"); + ssh1_compressing = TRUE; + zlib_compress_init(); + zlib_decompress_init(); } if (*cfg.remote_cmd) @@ -1646,10 +1872,12 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { ssh_state = SSH_STATE_SESSION; if (size_needed) ssh_size(); + if (eof_needed) + ssh_special(TS_EOF); + ldisc_send(NULL, 0); /* cause ldisc to notice changes */ ssh_send_ok = 1; ssh_channels = newtree234(ssh_channelcmp); - begin_session(); while (1) { crReturnV; if (ispkt) { @@ -1662,29 +1890,79 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { ssh_state = SSH_STATE_CLOSED; logevent("Received disconnect request"); crReturnV; + } else if (pktin.type == SSH1_SMSG_X11_OPEN) { + /* Remote side is trying to open a channel to talk to our + * X-Server. Give them back a local channel number. */ + unsigned i; + struct ssh_channel *c, *d; + enum234 e; + + logevent("Received X11 connect request"); + /* Refuse if X11 forwarding is disabled. */ + if (!ssh_X11_fwd_enabled) { + send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE, + PKT_INT, GET_32BIT(pktin.body), + PKT_END); + logevent("Rejected X11 connect request"); + } else { + c = smalloc(sizeof(struct ssh_channel)); + + if ( x11_init(&c->u.x11.s, cfg.x11_display, c) != NULL ) { + logevent("opening X11 forward connection failed"); + sfree(c); + send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE, + PKT_INT, GET_32BIT(pktin.body), + PKT_END); + } else { + logevent("opening X11 forward connection succeeded"); + for (i=1, d = first234(ssh_channels, &e); d; d = next234(&e)) { + if (d->localid > i) + break; /* found a free number */ + i = d->localid + 1; + } + c->remoteid = GET_32BIT(pktin.body); + c->localid = i; + c->closes = 0; + c->type = CHAN_X11; /* identify channel type */ + add234(ssh_channels, c); + send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION, + PKT_INT, c->remoteid, PKT_INT, c->localid, + PKT_END); + logevent("Opened X11 forward channel"); + } + } } else if (pktin.type == SSH1_SMSG_AGENT_OPEN) { /* Remote side is trying to open a channel to talk to our * agent. Give them back a local channel number. */ - unsigned i = 1; + unsigned i; struct ssh_channel *c; enum234 e; - for (c = first234(ssh_channels, &e); c; c = next234(&e)) { - if (c->localid > i) - break; /* found a free number */ - i = c->localid + 1; - } - c = malloc(sizeof(struct ssh_channel)); - c->remoteid = GET_32BIT(pktin.body); - c->localid = i; - c->closes = 0; - c->type = SSH1_SMSG_AGENT_OPEN; /* identify channel type */ - c->u.a.lensofar = 0; - add234(ssh_channels, c); - send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION, - PKT_INT, c->remoteid, PKT_INT, c->localid, - PKT_END); - } else if (pktin.type == SSH1_MSG_CHANNEL_CLOSE || - pktin.type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION) { + + /* Refuse if agent forwarding is disabled. */ + if (!ssh_agentfwd_enabled) { + send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE, + PKT_INT, GET_32BIT(pktin.body), + PKT_END); + } else { + i = 1; + for (c = first234(ssh_channels, &e); c; c = next234(&e)) { + if (c->localid > i) + break; /* found a free number */ + i = c->localid + 1; + } + c = smalloc(sizeof(struct ssh_channel)); + c->remoteid = GET_32BIT(pktin.body); + c->localid = i; + c->closes = 0; + c->type = CHAN_AGENT; /* identify channel type */ + c->u.a.lensofar = 0; + add234(ssh_channels, c); + send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION, + PKT_INT, c->remoteid, PKT_INT, c->localid, + PKT_END); + } + } else if (pktin.type == SSH1_MSG_CHANNEL_CLOSE || + pktin.type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION) { /* Remote side closes a channel. */ unsigned i = GET_32BIT(pktin.body); struct ssh_channel *c; @@ -1693,10 +1971,16 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { int closetype; closetype = (pktin.type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2); send_packet(pktin.type, PKT_INT, c->remoteid, PKT_END); + if ((c->closes == 0) && (c->type == CHAN_X11)) { + logevent("X11 connection closed"); + assert(c->u.x11.s != NULL); + x11_close(c->u.x11.s); + c->u.x11.s = NULL; + } c->closes |= closetype; if (c->closes == 3) { del234(ssh_channels, c); - free(c); + sfree(c); } } } else if (pktin.type == SSH1_MSG_CHANNEL_DATA) { @@ -1708,7 +1992,10 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { c = find234(ssh_channels, &i, ssh_channelfind); if (c) { switch(c->type) { - case SSH1_SMSG_AGENT_OPEN: + case CHAN_X11: + x11_send(c->u.x11.s, p, len); + break; + case CHAN_AGENT: /* Data for an agent message. Buffer it. */ while (len > 0) { if (c->u.a.lensofar < 4) { @@ -1718,7 +2005,7 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { } if (c->u.a.lensofar == 4) { c->u.a.totallen = 4 + GET_32BIT(c->u.a.msglen); - c->u.a.message = malloc(c->u.a.totallen); + c->u.a.message = smalloc(c->u.a.totallen); memcpy(c->u.a.message, c->u.a.msglen, 4); } if (c->u.a.lensofar >= 4 && len > 0) { @@ -1744,8 +2031,8 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { PKT_DATA, sentreply, replylen, PKT_END); if (reply) - free(reply); - free(c->u.a.message); + sfree(reply); + sfree(c->u.a.message); c->u.a.lensofar = 0; } } @@ -1842,15 +2129,19 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) static const struct ssh_compress *sccomp_tobe = NULL; static char *hostkeydata, *sigdata, *keystr, *fingerprint; static int hostkeylen, siglen; + static void *hkey; /* actual host key */ static unsigned char exchange_hash[20]; static unsigned char keyspace[40]; static const struct ssh_cipher *preferred_cipher; + static const struct ssh_compress *preferred_comp; + static int first_kex; crBegin; random_init(); + first_kex = 1; /* - * Set up the preferred cipher. + * Set up the preferred cipher and compression. */ if (cfg.cipher == CIPHER_BLOWFISH) { preferred_cipher = &ssh_blowfish_ssh2; @@ -1863,6 +2154,10 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) /* Shouldn't happen, but we do want to initialise to _something_. */ preferred_cipher = &ssh_3des_ssh2; } + if (cfg.compression) + preferred_comp = &ssh_zlib; + else + preferred_comp = &ssh_comp_none; /* * Be prepared to work around the buggy MAC problem. @@ -1925,16 +2220,18 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) } /* List client->server compression algorithms. */ ssh2_pkt_addstring_start(); - for (i = 0; i < lenof(compressions); i++) { - ssh2_pkt_addstring_str(compressions[i]->name); - if (i < lenof(compressions)-1) + for (i = 0; i < lenof(compressions)+1; i++) { + const struct ssh_compress *c = i==0 ? preferred_comp : compressions[i-1]; + ssh2_pkt_addstring_str(c->name); + if (i < lenof(compressions)) ssh2_pkt_addstring_str(","); } /* List server->client compression algorithms. */ ssh2_pkt_addstring_start(); - for (i = 0; i < lenof(compressions); i++) { - ssh2_pkt_addstring_str(compressions[i]->name); - if (i < lenof(compressions)-1) + for (i = 0; i < lenof(compressions)+1; i++) { + const struct ssh_compress *c = i==0 ? preferred_comp : compressions[i-1]; + ssh2_pkt_addstring_str(c->name); + if (i < lenof(compressions)) ssh2_pkt_addstring_str(","); } /* List client->server languages. Empty list. */ @@ -1945,7 +2242,10 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) ssh2_pkt_addbool(FALSE); /* Reserved. */ ssh2_pkt_adduint32(0); + + exhash = exhashbase; sha_string(&exhash, pktout.data+5, pktout.length-5); + ssh2_pkt_send(); if (!ispkt) crWaitUntil(ispkt); @@ -2007,16 +2307,18 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) } } ssh2_pkt_getstring(&str, &len); /* client->server compression */ - for (i = 0; i < lenof(compressions); i++) { - if (in_commasep_string(compressions[i]->name, str, len)) { - cscomp_tobe = compressions[i]; + for (i = 0; i < lenof(compressions)+1; i++) { + const struct ssh_compress *c = i==0 ? preferred_comp : compressions[i-1]; + if (in_commasep_string(c->name, str, len)) { + cscomp_tobe = c; break; } } ssh2_pkt_getstring(&str, &len); /* server->client compression */ - for (i = 0; i < lenof(compressions); i++) { - if (in_commasep_string(compressions[i]->name, str, len)) { - sccomp_tobe = compressions[i]; + for (i = 0; i < lenof(compressions)+1; i++) { + const struct ssh_compress *c = i==0 ? preferred_comp : compressions[i-1]; + if (in_commasep_string(c->name, str, len)) { + sccomp_tobe = c; break; } } @@ -2062,8 +2364,8 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) debug(("\r\n")); #endif - hostkey->setkey(hostkeydata, hostkeylen); - if (!hostkey->verifysig(sigdata, siglen, exchange_hash, 20)) { + hkey = hostkey->newkey(hostkeydata, hostkeylen); + if (!hostkey->verifysig(hkey, sigdata, siglen, exchange_hash, 20)) { bombout(("Server failed host key check")); crReturn(0); } @@ -2081,14 +2383,15 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) * Authenticate remote host: verify host key. (We've already * checked the signature of the exchange hash.) */ - keystr = hostkey->fmtkey(); - fingerprint = hostkey->fingerprint(); + keystr = hostkey->fmtkey(hkey); + fingerprint = hostkey->fingerprint(hkey); verify_ssh_host_key(savedhost, savedport, hostkey->keytype, keystr, fingerprint); logevent("Host key fingerprint is:"); logevent(fingerprint); - free(fingerprint); - free(keystr); + sfree(fingerprint); + sfree(keystr); + hostkey->freekey(hkey); /* * Send SSH2_MSG_NEWKEYS. @@ -2105,17 +2408,32 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) scmac = scmac_tobe; cscomp = cscomp_tobe; sccomp = sccomp_tobe; + cscomp->compress_init(); + sccomp->decompress_init(); /* * Set IVs after keys. */ ssh2_mkkey(K, exchange_hash, 'C', keyspace); cscipher->setcskey(keyspace); - ssh2_mkkey(K, exchange_hash, 'D', keyspace); cscipher->setsckey(keyspace); + ssh2_mkkey(K, exchange_hash, 'D', keyspace); sccipher->setsckey(keyspace); ssh2_mkkey(K, exchange_hash, 'A', keyspace); cscipher->setcsiv(keyspace); ssh2_mkkey(K, exchange_hash, 'B', keyspace); sccipher->setsciv(keyspace); ssh2_mkkey(K, exchange_hash, 'E', keyspace); csmac->setcskey(keyspace); ssh2_mkkey(K, exchange_hash, 'F', keyspace); scmac->setsckey(keyspace); /* + * If this is the first key exchange phase, we must pass the + * SSH2_MSG_NEWKEYS packet to the next layer, not because it + * wants to see it but because it will need time to initialise + * itself before it sees an actual packet. In subsequent key + * exchange phases, we don't pass SSH2_MSG_NEWKEYS on, because + * it would only confuse the layer above. + */ + if (!first_kex) { + crReturn(0); + } + first_kex = 0; + + /* * Now we're encrypting. Begin returning 1 to the protocol main * function so that other things can run on top of the * transport. If we ever see a KEXINIT, we must go back to the @@ -2130,6 +2448,45 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) } /* + * Add data to an SSH2 channel output buffer. + */ +static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len) { + if (c->v2.outbufsize < + c->v2.outbuflen + len) { + c->v2.outbufsize = + c->v2.outbuflen + len + 1024; + c->v2.outbuffer = srealloc(c->v2.outbuffer, + c->v2.outbufsize); + } + memcpy(c->v2.outbuffer + c->v2.outbuflen, + buf, len); + c->v2.outbuflen += len; +} + +/* + * Attempt to send data on an SSH2 channel. + */ +static void ssh2_try_send(struct ssh_channel *c) { + while (c->v2.remwindow > 0 && + c->v2.outbuflen > 0) { + unsigned len = c->v2.remwindow; + if (len > c->v2.outbuflen) + len = c->v2.outbuflen; + if (len > c->v2.remmaxpkt) + len = c->v2.remmaxpkt; + ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA); + ssh2_pkt_adduint32(c->remoteid); + ssh2_pkt_addstring_start(); + ssh2_pkt_addstring_data(c->v2.outbuffer, len); + ssh2_pkt_send(); + c->v2.outbuflen -= len; + memmove(c->v2.outbuffer, c->v2.outbuffer+len, + c->v2.outbuflen); + c->v2.remwindow -= len; + } +} + +/* * Handle the SSH2 userauth and connection layers. */ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) @@ -2284,7 +2641,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) /* * So now create a channel with a session in it. */ - mainchan = malloc(sizeof(struct ssh_channel)); + mainchan = smalloc(sizeof(struct ssh_channel)); mainchan->localid = 100; /* as good as any */ ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN); ssh2_pkt_addstring("session"); @@ -2303,13 +2660,58 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) crReturnV; } mainchan->remoteid = ssh2_pkt_getuint32(); - mainchan->u.v2.remwindow = ssh2_pkt_getuint32(); - mainchan->u.v2.remmaxpkt = ssh2_pkt_getuint32(); - mainchan->u.v2.outbuffer = NULL; - mainchan->u.v2.outbuflen = mainchan->u.v2.outbufsize = 0; + mainchan->type = CHAN_MAINSESSION; + mainchan->closes = 0; + mainchan->v2.remwindow = ssh2_pkt_getuint32(); + mainchan->v2.remmaxpkt = ssh2_pkt_getuint32(); + mainchan->v2.outbuffer = NULL; + mainchan->v2.outbuflen = mainchan->v2.outbufsize = 0; + ssh_channels = newtree234(ssh_channelcmp); + add234(ssh_channels, mainchan); logevent("Opened channel for session"); /* + * Potentially enable X11 forwarding. + */ + if (cfg.x11_forward) { + char proto[20], data[64]; + logevent("Requesting X11 forwarding"); + x11_invent_auth(proto, sizeof(proto), data, sizeof(data)); + ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST); + ssh2_pkt_adduint32(mainchan->remoteid); + ssh2_pkt_addstring("x11-req"); + ssh2_pkt_addbool(1); /* want reply */ + ssh2_pkt_addbool(0); /* many connections */ + ssh2_pkt_addstring(proto); + ssh2_pkt_addstring(data); + ssh2_pkt_adduint32(0); /* screen number */ + ssh2_pkt_send(); + + do { + crWaitUntilV(ispkt); + if (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST) { + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + c->v2.remwindow += ssh2_pkt_getuint32(); + } + } while (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST); + + if (pktin.type != SSH2_MSG_CHANNEL_SUCCESS) { + if (pktin.type != SSH2_MSG_CHANNEL_FAILURE) { + bombout(("Server got confused by X11 forwarding request")); + crReturnV; + } + logevent("X11 forwarding refused"); + } else { + logevent("X11 forwarding enabled"); + ssh_X11_fwd_enabled = TRUE; + } + } + + /* * Now allocate a pty for the session. */ if (!cfg.nopty) { @@ -2330,10 +2732,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) do { crWaitUntilV(ispkt); if (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST) { - /* FIXME: be able to handle other channels here */ - if (ssh2_pkt_getuint32() != mainchan->localid) - continue; /* wrong channel */ - mainchan->u.v2.remwindow += ssh2_pkt_getuint32(); + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + c->v2.remwindow += ssh2_pkt_getuint32(); } } while (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST); @@ -2343,9 +2747,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) crReturnV; } c_write("Server refused to allocate pty\r\n", 32); + ssh_editing = ssh_echoing = 1; } else { logevent("Allocated pty"); } + } else { + ssh_editing = ssh_echoing = 1; } /* @@ -2365,10 +2772,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) do { crWaitUntilV(ispkt); if (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST) { - /* FIXME: be able to handle other channels here */ - if (ssh2_pkt_getuint32() != mainchan->localid) - continue; /* wrong channel */ - mainchan->u.v2.remwindow += ssh2_pkt_getuint32(); + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + c->v2.remwindow += ssh2_pkt_getuint32(); } } while (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST); if (pktin.type != SSH2_MSG_CHANNEL_SUCCESS) { @@ -2385,12 +2794,14 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) ssh_state = SSH_STATE_SESSION; if (size_needed) ssh_size(); + if (eof_needed) + ssh_special(TS_EOF); /* * Transfer data! */ + ldisc_send(NULL, 0); /* cause ldisc to notice changes */ ssh_send_ok = 1; - begin_session(); while (1) { static int try_send; crReturnV; @@ -2400,23 +2811,32 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) pktin.type == SSH2_MSG_CHANNEL_EXTENDED_DATA) { char *data; int length; - /* FIXME: be able to handle other channels here */ - if (ssh2_pkt_getuint32() != mainchan->localid) - continue; /* wrong channel */ + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ if (pktin.type == SSH2_MSG_CHANNEL_EXTENDED_DATA && ssh2_pkt_getuint32() != SSH2_EXTENDED_DATA_STDERR) continue; /* extended but not stderr */ ssh2_pkt_getstring(&data, &length); if (data) { - from_backend(pktin.type == SSH2_MSG_CHANNEL_EXTENDED_DATA, - data, length); + switch (c->type) { + case CHAN_MAINSESSION: + from_backend(pktin.type == SSH2_MSG_CHANNEL_EXTENDED_DATA, + data, length); + break; + case CHAN_X11: + x11_send(c->u.x11.s, data, length); + break; + } /* - * Enlarge the window again at the remote side, - * just in case it ever runs down and they fail - * to send us any more data. + * Enlarge the window again at the remote + * side, just in case it ever runs down and + * they fail to send us any more data. */ ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST); - ssh2_pkt_adduint32(mainchan->remoteid); + ssh2_pkt_adduint32(c->remoteid); ssh2_pkt_adduint32(length); ssh2_pkt_send(); } @@ -2427,16 +2847,50 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) } else if (pktin.type == SSH2_MSG_CHANNEL_REQUEST) { continue; /* exit status et al; ignore (FIXME?) */ } else if (pktin.type == SSH2_MSG_CHANNEL_EOF) { - continue; /* remote sends EOF; ignore */ + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + + if (c->type == CHAN_X11) { + /* + * Remote EOF on an X11 channel means we should + * wrap up and close the channel ourselves. + */ + x11_close(c->u.x11.s); + sshfwd_close(c); + } } else if (pktin.type == SSH2_MSG_CHANNEL_CLOSE) { - /* FIXME: be able to handle other channels here */ - if (ssh2_pkt_getuint32() != mainchan->localid) - continue; /* wrong channel */ - ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE); - ssh2_pkt_adduint32(mainchan->remoteid); - ssh2_pkt_send(); - /* FIXME: mark the channel as closed */ - if (1 /* FIXME: "all channels are closed" */) { + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + enum234 e; + + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + if (c->closes == 0) { + ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE); + ssh2_pkt_adduint32(c->remoteid); + ssh2_pkt_send(); + } + /* Do pre-close processing on the channel. */ + switch (c->type) { + case CHAN_MAINSESSION: + break; /* nothing to see here, move along */ + case CHAN_X11: + break; + } + del234(ssh_channels, c); + sfree(c->v2.outbuffer); + sfree(c); + + /* + * See if that was the last channel left open. + */ + c = first234(ssh_channels, &e); + if (!c) { logevent("All channels closed. Disconnecting"); ssh2_pkt_init(SSH2_MSG_DISCONNECT); ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION); @@ -2448,11 +2902,67 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) } continue; /* remote sends close; ignore (FIXME) */ } else if (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST) { - /* FIXME: be able to handle other channels here */ - if (ssh2_pkt_getuint32() != mainchan->localid) - continue; /* wrong channel */ - mainchan->u.v2.remwindow += ssh2_pkt_getuint32(); + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + mainchan->v2.remwindow += ssh2_pkt_getuint32(); try_send = TRUE; + } else if (pktin.type == SSH2_MSG_CHANNEL_OPEN) { + char *type; + int typelen; + char *error = NULL; + struct ssh_channel *c; + ssh2_pkt_getstring(&type, &typelen); + c = smalloc(sizeof(struct ssh_channel)); + + if (typelen == 3 && !memcmp(type, "x11", 3)) { + if (!ssh_X11_fwd_enabled) + error = "X11 forwarding is not enabled"; + else if ( x11_init(&c->u.x11.s, cfg.x11_display, c) != NULL ) { + error = "Unable to open an X11 connection"; + } else { + c->type = CHAN_X11; + } + } else { + error = "Unsupported channel type requested"; + } + + c->remoteid = ssh2_pkt_getuint32(); + if (error) { + ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE); + ssh2_pkt_adduint32(c->remoteid); + ssh2_pkt_adduint32(SSH2_OPEN_CONNECT_FAILED); + ssh2_pkt_addstring(error); + ssh2_pkt_addstring("en"); /* language tag */ + ssh2_pkt_send(); + sfree(c); + } else { + struct ssh_channel *d; + unsigned i; + enum234 e; + + for (i=1, d = first234(ssh_channels, &e); d; + d = next234(&e)) { + if (d->localid > i) + break; /* found a free number */ + i = d->localid + 1; + } + c->localid = i; + c->closes = 0; + c->v2.remwindow = ssh2_pkt_getuint32(); + c->v2.remmaxpkt = ssh2_pkt_getuint32(); + c->v2.outbuffer = NULL; + c->v2.outbuflen = c->v2.outbufsize = 0; + add234(ssh_channels, c); + ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); + ssh2_pkt_adduint32(c->remoteid); + ssh2_pkt_adduint32(c->localid); + ssh2_pkt_adduint32(0x8000UL); /* our window size */ + ssh2_pkt_adduint32(0x4000UL); /* our max pkt size */ + ssh2_pkt_send(); + } } else { bombout(("Strange packet received: type %d", pktin.type)); crReturnV; @@ -2461,40 +2971,17 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) /* * We have spare data. Add it to the channel buffer. */ - if (mainchan->u.v2.outbufsize < - mainchan->u.v2.outbuflen + inlen) { - mainchan->u.v2.outbufsize = - mainchan->u.v2.outbuflen + inlen + 1024; - mainchan->u.v2.outbuffer = srealloc(mainchan->u.v2.outbuffer, - mainchan->u.v2.outbufsize); - } - memcpy(mainchan->u.v2.outbuffer + mainchan->u.v2.outbuflen, - in, inlen); - mainchan->u.v2.outbuflen += inlen; + ssh2_add_channel_data(mainchan, in, inlen); try_send = TRUE; } if (try_send) { + enum234 e; + struct ssh_channel *c; /* - * Try to send data on the channel if we can. (FIXME: - * on _all_ channels.) + * Try to send data on all channels if we can. */ - while (mainchan->u.v2.remwindow > 0 && - mainchan->u.v2.outbuflen > 0) { - unsigned len = mainchan->u.v2.remwindow; - if (len > mainchan->u.v2.outbuflen) - len = mainchan->u.v2.outbuflen; - if (len > mainchan->u.v2.remmaxpkt) - len = mainchan->u.v2.remmaxpkt; - ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA); - ssh2_pkt_adduint32(mainchan->remoteid); - ssh2_pkt_addstring_start(); - ssh2_pkt_addstring_data(mainchan->u.v2.outbuffer, len); - ssh2_pkt_send(); - mainchan->u.v2.outbuflen -= len; - memmove(mainchan->u.v2.outbuffer, mainchan->u.v2.outbuffer+len, - mainchan->u.v2.outbuflen); - mainchan->u.v2.remwindow -= len; - } + for (c = first234(ssh_channels, &e); c; c = next234(&e)) + ssh2_try_send(c); } } @@ -2525,6 +3012,8 @@ static char *ssh_init (char *host, int port, char **realhost) { #endif ssh_send_ok = 0; + ssh_editing = 0; + ssh_echoing = 0; p = connect_to_host(host, port, realhost); if (p != NULL) @@ -2537,7 +3026,7 @@ static char *ssh_init (char *host, int port, char **realhost) { * Called to send data down the Telnet connection. */ static void ssh_send (char *buf, int len) { - if (s == NULL) + if (s == NULL || ssh_protocol == NULL) return; ssh_protocol(buf, len, 0); @@ -2549,6 +3038,7 @@ static void ssh_send (char *buf, int len) { static void ssh_size(void) { switch (ssh_state) { case SSH_STATE_BEFORE_SIZE: + case SSH_STATE_PREPACKET: case SSH_STATE_CLOSED: break; /* do nothing */ case SSH_STATE_INTERMED: @@ -2572,6 +3062,7 @@ static void ssh_size(void) { ssh2_pkt_send(); } } + break; } } @@ -2582,6 +3073,15 @@ static void ssh_size(void) { */ static void ssh_special (Telnet_Special code) { if (code == TS_EOF) { + if (ssh_state != SSH_STATE_SESSION) { + /* + * Buffer the EOF in case we are pre-SESSION, so we can + * send it as soon as we reach SESSION. + */ + if (code == TS_EOF) + eof_needed = TRUE; + return; + } if (ssh_version == 1) { send_packet(SSH1_CMSG_EOF, PKT_END); } else { @@ -2591,6 +3091,8 @@ static void ssh_special (Telnet_Special code) { } logevent("Sent EOF message"); } else if (code == TS_PING) { + if (ssh_state == SSH_STATE_CLOSED || ssh_state == SSH_STATE_PREPACKET) + return; if (ssh_version == 1) { send_packet(SSH1_MSG_IGNORE, PKT_STR, "", PKT_END); } else { @@ -2607,6 +3109,12 @@ static Socket ssh_socket(void) { return s; } static int ssh_sendok(void) { return ssh_send_ok; } +static int ssh_ldisc(int option) { + if (option == LD_ECHO) return ssh_echoing; + if (option == LD_EDIT) return ssh_editing; + return FALSE; +} + Backend ssh_backend = { ssh_init, ssh_send, @@ -2614,5 +3122,6 @@ Backend ssh_backend = { ssh_special, ssh_socket, ssh_sendok, + ssh_ldisc, 22 };