X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/371e569c350575d3f9b41c71e2ff51de9ef62483..a832773496d46caa5e328d36a15b4918f24a804e:/ssh.c diff --git a/ssh.c b/ssh.c index c8ba298d..0cfba57e 100644 --- a/ssh.c +++ b/ssh.c @@ -15,26 +15,6 @@ #define TRUE 1 #endif -#define logevent(s) { logevent(s); \ - if ((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)) \ - { fprintf(stderr, "%s\n", s); fflush(stderr); } } - -/* logevent, only printf-formatted. */ -void logeventf(char *fmt, ...) -{ - va_list ap; - char stuff[200]; - - va_start(ap, fmt); - vsprintf(stuff, fmt, ap); - va_end(ap); - logevent(stuff); -} - -#define bombout(msg) ( ssh->state = SSH_STATE_CLOSED, \ - (ssh->s ? sk_close(ssh->s), ssh->s = NULL : 0), \ - logeventf msg, connection_fatal msg ) - #define SSH1_MSG_DISCONNECT 1 /* 0x1 */ #define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */ #define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */ @@ -312,15 +292,16 @@ enum { PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM }; typedef struct ssh_tag *Ssh; -extern char *x11_init(Socket *, char *, void *); +extern char *x11_init(Socket *, char *, void *, void *); extern void x11_close(Socket); extern int x11_send(Socket, char *, int); -extern void x11_invent_auth(char *, int, char *, int); +extern void *x11_invent_auth(char *, int, char *, int); extern void x11_unthrottle(Socket s); extern void x11_override_throttle(Socket s, int enable); extern char *pfd_newconnect(Socket * s, char *hostname, int port, void *c); -extern char *pfd_addforward(char *desthost, int destport, int port); +extern char *pfd_addforward(char *desthost, int destport, int port, + void *backhandle); extern void pfd_close(Socket s); extern int pfd_send(Socket s, char *data, int len); extern void pfd_confirm(Socket s); @@ -371,19 +352,28 @@ const static struct ssh_kex *kex_algs[] = { const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss }; -static void nullmac_key(unsigned char *key) +static void *nullmac_make_context(void) { + return NULL; } -static void nullmac_generate(unsigned char *blk, int len, +static void nullmac_free_context(void *handle) +{ +} +static void nullmac_key(void *handle, unsigned char *key) +{ +} +static void nullmac_generate(void *handle, unsigned char *blk, int len, unsigned long seq) { } -static int nullmac_verify(unsigned char *blk, int len, unsigned long seq) +static int nullmac_verify(void *handle, unsigned char *blk, int len, + unsigned long seq) { return 1; } const static struct ssh_mac ssh_mac_none = { - nullmac_key, nullmac_key, nullmac_generate, nullmac_verify, "none", 0 + nullmac_make_context, nullmac_free_context, nullmac_key, + nullmac_generate, nullmac_verify, "none", 0 }; const static struct ssh_mac *macs[] = { &ssh_sha1, &ssh_md5, &ssh_mac_none @@ -392,23 +382,27 @@ const static struct ssh_mac *buggymacs[] = { &ssh_sha1_buggy, &ssh_md5, &ssh_mac_none }; -static void ssh_comp_none_init(void) +static void *ssh_comp_none_init(void) +{ + return NULL; +} +static void ssh_comp_none_cleanup(void *handle) { } -static int ssh_comp_none_block(unsigned char *block, int len, +static int ssh_comp_none_block(void *handle, unsigned char *block, int len, unsigned char **outblock, int *outlen) { return 0; } -static int ssh_comp_none_disable(void) +static int ssh_comp_none_disable(void *handle) { return 0; } const static struct ssh_compress ssh_comp_none = { "none", - ssh_comp_none_init, ssh_comp_none_block, - ssh_comp_none_init, ssh_comp_none_block, - ssh_comp_none_disable + ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block, + ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block, + ssh_comp_none_disable, NULL }; extern const struct ssh_compress ssh_zlib; const static struct ssh_compress *compressions[] = { @@ -542,6 +536,9 @@ struct ssh_tag { Socket s; + void *ldisc; + void *logctx; + unsigned char session_key[32]; int v1_compressing; int v1_remote_protoflags; @@ -551,13 +548,17 @@ struct ssh_tag { int remote_bugs; const struct ssh_cipher *cipher; void *v1_cipher_ctx; + void *crcda_ctx; const struct ssh2_cipher *cscipher, *sccipher; void *cs_cipher_ctx, *sc_cipher_ctx; const struct ssh_mac *csmac, *scmac; + void *cs_mac_ctx, *sc_mac_ctx; const struct ssh_compress *cscomp, *sccomp; + void *cs_comp_ctx, *sc_comp_ctx; const struct ssh_kex *kex; const struct ssh_signkey *hostkey; unsigned char v2_session_id[20]; + void *kex_ctx; char *savedhost; int savedport; @@ -608,6 +609,8 @@ struct ssh_tag { char *portfwd_strptr; int pkt_ctx; + void *x11auth; + int version; int v1_throttle_count; int overall_bufsize; @@ -636,6 +639,26 @@ struct ssh_tag { int (*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen); }; +#define logevent(s) { logevent(ssh->frontend, s); \ + if ((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)) \ + { fprintf(stderr, "%s\n", s); fflush(stderr); } } + +/* logevent, only printf-formatted. */ +void logeventf(Ssh ssh, char *fmt, ...) +{ + va_list ap; + char stuff[200]; + + va_start(ap, fmt); + vsprintf(stuff, fmt, ap); + va_end(ap); + logevent(stuff); +} + +#define bombout(msg) ( ssh->state = SSH_STATE_CLOSED, \ + (ssh->s ? sk_close(ssh->s), ssh->s = NULL : 0), \ + logeventf msg, connection_fatal msg ) + static int ssh_channelcmp(void *av, void *bv) { struct ssh_channel *a = (struct ssh_channel *) av; @@ -799,8 +822,9 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen) st->to_read -= st->chunk; } - if (ssh->cipher && detect_attack(ssh->pktin.data, st->biglen, NULL)) { - bombout(("Network attack (CRC compensation) detected!")); + if (ssh->cipher && detect_attack(ssh->crcda_ctx, ssh->pktin.data, + st->biglen, NULL)) { + bombout((ssh,"Network attack (CRC compensation) detected!")); crReturn(0); } @@ -810,7 +834,7 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen) st->realcrc = crc32(ssh->pktin.data, st->biglen - 4); st->gotcrc = GET_32BIT(ssh->pktin.data + st->biglen - 4); if (st->gotcrc != st->realcrc) { - bombout(("Incorrect CRC received on packet")); + bombout((ssh,"Incorrect CRC received on packet")); crReturn(0); } @@ -819,7 +843,8 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen) if (ssh->v1_compressing) { unsigned char *decompblk; int decomplen; - zlib_decompress_block(ssh->pktin.body - 1, ssh->pktin.length + 1, + zlib_decompress_block(ssh->sc_comp_ctx, + ssh->pktin.body - 1, ssh->pktin.length + 1, &decompblk, &decomplen); if (ssh->pktin.maxlen < st->pad + decomplen) { @@ -836,8 +861,11 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen) ssh->pktin.type = ssh->pktin.body[-1]; - log_packet(PKT_INCOMING, ssh->pktin.type, ssh1_pkt_type(ssh->pktin.type), - ssh->pktin.body, ssh->pktin.length); + if (ssh->logctx) + log_packet(ssh->logctx, + PKT_INCOMING, ssh->pktin.type, + ssh1_pkt_type(ssh->pktin.type), + ssh->pktin.body, ssh->pktin.length); if (ssh->pktin.type == SSH1_SMSG_STDOUT_DATA || ssh->pktin.type == SSH1_SMSG_STDERR_DATA || @@ -846,7 +874,7 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen) ssh->pktin.type == SSH1_SMSG_AUTH_CCARD_CHALLENGE) { long stringlen = GET_32BIT(ssh->pktin.body); if (stringlen + 4 != ssh->pktin.length) { - bombout(("Received data packet with bogus string length")); + bombout((ssh,"Received data packet with bogus string length")); crReturn(0); } } @@ -879,7 +907,7 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen) memcpy(buf + nowlen, ssh->pktin.body + 4, msglen); buf[nowlen + msglen] = '\0'; /* logevent(buf); (this is now done within the bombout macro) */ - bombout(("Server sent disconnect message:\n\"%s\"", buf+nowlen)); + bombout((ssh,"Server sent disconnect message:\n\"%s\"", buf+nowlen)); crReturn(0); } @@ -933,7 +961,7 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen) * do us any more damage. */ if (st->len < 0 || st->pad < 0 || st->len + st->pad < 0) { - bombout(("Incoming packet was garbled on decryption")); + bombout((ssh,"Incoming packet was garbled on decryption")); crReturn(0); } @@ -979,9 +1007,9 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen) * Check the MAC. */ if (ssh->scmac - && !ssh->scmac->verify(ssh->pktin.data, st->len + 4, + && !ssh->scmac->verify(ssh->sc_mac_ctx, ssh->pktin.data, st->len + 4, st->incoming_sequence)) { - bombout(("Incorrect MAC received on packet")); + bombout((ssh,"Incorrect MAC received on packet")); crReturn(0); } st->incoming_sequence++; /* whether or not we MACed */ @@ -993,7 +1021,8 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen) unsigned char *newpayload; int newlen; if (ssh->sccomp && - ssh->sccomp->decompress(ssh->pktin.data + 5, ssh->pktin.length - 5, + ssh->sccomp->decompress(ssh->sc_comp_ctx, + ssh->pktin.data + 5, ssh->pktin.length - 5, &newpayload, &newlen)) { if (ssh->pktin.maxlen < newlen + 5) { ssh->pktin.maxlen = newlen + 5; @@ -1009,9 +1038,10 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen) ssh->pktin.savedpos = 6; ssh->pktin.type = ssh->pktin.data[5]; - log_packet(PKT_INCOMING, ssh->pktin.type, - ssh2_pkt_type(ssh->pkt_ctx, ssh->pktin.type), - ssh->pktin.data+6, ssh->pktin.length-6); + if (ssh->logctx) + log_packet(ssh->logctx, PKT_INCOMING, ssh->pktin.type, + ssh2_pkt_type(ssh->pkt_ctx, ssh->pktin.type), + ssh->pktin.data+6, ssh->pktin.length-6); switch (ssh->pktin.type) { /* @@ -1039,7 +1069,7 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen) memcpy(buf + nowlen, ssh->pktin.data + 14, msglen); buf[nowlen + msglen] = '\0'; logevent(buf); - bombout(("Server sent disconnect message\ntype %d (%s):\n\"%s\"", + bombout((ssh,"Server sent disconnect message\ntype %d (%s):\n\"%s\"", reason, (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ? ssh2_disconnect_reasons[reason] : "unknown", @@ -1152,13 +1182,16 @@ static int s_wrpkt_prepare(Ssh ssh) ssh->pktout.body[-1] = ssh->pktout.type; - log_packet(PKT_OUTGOING, ssh->pktout.type, ssh1_pkt_type(ssh->pktout.type), - ssh->pktout.body, ssh->pktout.length); + if (ssh->logctx) + log_packet(ssh->logctx, PKT_OUTGOING, ssh->pktout.type, + ssh1_pkt_type(ssh->pktout.type), + ssh->pktout.body, ssh->pktout.length); if (ssh->v1_compressing) { unsigned char *compblk; int complen; - zlib_compress_block(ssh->pktout.body - 1, ssh->pktout.length + 1, + zlib_compress_block(ssh->cs_comp_ctx, + ssh->pktout.body - 1, ssh->pktout.length + 1, &compblk, &complen); ssh1_pktout_size(ssh, complen - 1); memcpy(ssh->pktout.body - 1, compblk, complen); @@ -1433,9 +1466,10 @@ static int ssh2_pkt_construct(Ssh ssh) { int cipherblk, maclen, padding, i; - log_packet(PKT_OUTGOING, ssh->pktout.data[5], - ssh2_pkt_type(ssh->pkt_ctx, ssh->pktout.data[5]), - ssh->pktout.data + 6, ssh->pktout.length - 6); + if (ssh->logctx) + log_packet(ssh->logctx, PKT_OUTGOING, ssh->pktout.data[5], + ssh2_pkt_type(ssh->pkt_ctx, ssh->pktout.data[5]), + ssh->pktout.data + 6, ssh->pktout.length - 6); /* * Compress packet payload. @@ -1444,7 +1478,8 @@ static int ssh2_pkt_construct(Ssh ssh) unsigned char *newpayload; int newlen; if (ssh->cscomp && - ssh->cscomp->compress(ssh->pktout.data + 5, ssh->pktout.length - 5, + ssh->cscomp->compress(ssh->cs_comp_ctx, ssh->pktout.data + 5, + ssh->pktout.length - 5, &newpayload, &newlen)) { ssh->pktout.length = 5; ssh2_pkt_adddata(ssh, newpayload, newlen); @@ -1468,7 +1503,8 @@ static int ssh2_pkt_construct(Ssh ssh) ssh->pktout.data[ssh->pktout.length + i] = random_byte(); PUT_32BIT(ssh->pktout.data, ssh->pktout.length + padding - 4); if (ssh->csmac) - ssh->csmac->generate(ssh->pktout.data, ssh->pktout.length + padding, + ssh->csmac->generate(ssh->cs_mac_ctx, ssh->pktout.data, + ssh->pktout.length + padding, ssh->v2_outgoing_sequence); ssh->v2_outgoing_sequence++; /* whether or not we MACed */ @@ -1598,7 +1634,7 @@ static Bignum ssh2_pkt_getmp(Ssh ssh) if (!p) return NULL; if (p[0] & 0x80) { - bombout(("internal error: Can't handle negative mpints")); + bombout((ssh,"internal error: Can't handle negative mpints")); return NULL; } b = bignum_from_bytes(p, length); @@ -1850,11 +1886,11 @@ static int do_ssh_init(Ssh ssh, unsigned char c) s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0; if (cfg.sshprot == 0 && !s->proto1) { - bombout(("SSH protocol version 1 required by user but not provided by server")); + bombout((ssh,"SSH protocol version 1 required by user but not provided by server")); crReturn(0); } if (cfg.sshprot == 3 && !s->proto2) { - bombout(("SSH protocol version 2 required by user but not provided by server")); + bombout((ssh,"SSH protocol version 2 required by user but not provided by server")); crReturn(0); } @@ -1961,7 +1997,7 @@ static int ssh_closing(Plug plug, char *error_msg, int error_code, if (error_msg) { /* A socket error has occurred. */ logevent(error_msg); - connection_fatal(error_msg); + connection_fatal(ssh->frontend, error_msg); } else { /* Otherwise, the remote side closed the connection normally. */ } @@ -2210,7 +2246,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt) crWaitUntil(ispkt); if (ssh->pktin.type != SSH1_SMSG_PUBLIC_KEY) { - bombout(("Public key packet not received")); + bombout((ssh,"Public key packet not received")); crReturn(0); } @@ -2271,7 +2307,8 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt) fatalbox("Out of memory"); rsastr_fmt(keystr, &hostkey); rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey); - verify_ssh_host_key(ssh->savedhost, ssh->savedport, "rsa", keystr, + verify_ssh_host_key(ssh->frontend, + ssh->savedhost, ssh->savedport, "rsa", keystr, fingerprint); sfree(keystr); } @@ -2319,17 +2356,17 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt) } if (!cipher_chosen) { if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0) - bombout(("Server violates SSH 1 protocol by not " + bombout((ssh,"Server violates SSH 1 protocol by not " "supporting 3DES encryption")); else /* shouldn't happen */ - bombout(("No supported ciphers found")); + bombout((ssh,"No supported ciphers found")); crReturn(0); } /* Warn about chosen cipher if necessary. */ if (warn) - askcipher(cipher_string, 0); + askcipher(ssh->frontend, cipher_string, 0); } switch (s->cipher_type) { @@ -2366,10 +2403,13 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt) logevent(buf); } + ssh->crcda_ctx = crcda_make_context(); + logevent("Installing CRC compensation attack detector"); + crWaitUntil(ispkt); if (ssh->pktin.type != SSH1_SMSG_SUCCESS) { - bombout(("Encryption not successfully enabled")); + bombout((ssh,"Encryption not successfully enabled")); crReturn(0); } @@ -2663,7 +2703,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt) PKT_STR, "No more passwords available to try", PKT_END); logevent("Unable to authenticate"); - connection_fatal("Unable to authenticate"); + connection_fatal(ssh->frontend, "Unable to authenticate"); ssh->state = SSH_STATE_CLOSED; crReturn(1); } @@ -2719,7 +2759,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt) continue; /* go and try password */ } if (ssh->pktin.type != SSH1_SMSG_AUTH_RSA_CHALLENGE) { - bombout(("Bizarre response to offer of public key")); + bombout((ssh,"Bizarre response to offer of public key")); crReturn(0); } @@ -2755,7 +2795,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt) " our public key.\r\n"); continue; /* go and try password */ } else if (ssh->pktin.type != SSH1_SMSG_SUCCESS) { - bombout(("Bizarre response to RSA authentication response")); + bombout((ssh,"Bizarre response to RSA authentication response")); crReturn(0); } @@ -2888,7 +2928,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt) c_write_str(ssh, "Access denied\r\n"); logevent("Authentication refused"); } else if (ssh->pktin.type != SSH1_SMSG_SUCCESS) { - bombout(("Strange packet received, type %d", ssh->pktin.type)); + bombout((ssh,"Strange packet received, type %d", ssh->pktin.type)); crReturn(0); } } @@ -2988,7 +3028,7 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) } while (!ispkt); if (ssh->pktin.type != SSH1_SMSG_SUCCESS && ssh->pktin.type != SSH1_SMSG_FAILURE) { - bombout(("Protocol confusion")); + bombout((ssh,"Protocol confusion")); crReturnV; } else if (ssh->pktin.type == SSH1_SMSG_FAILURE) { logevent("Agent forwarding refused"); @@ -3001,7 +3041,8 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (cfg.x11_forward) { char proto[20], data[64]; logevent("Requesting X11 forwarding"); - x11_invent_auth(proto, sizeof(proto), data, sizeof(data)); + ssh->x11auth = x11_invent_auth(proto, sizeof(proto), + data, sizeof(data)); if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) { send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING, PKT_STR, proto, PKT_STR, data, @@ -3015,7 +3056,7 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) } while (!ispkt); if (ssh->pktin.type != SSH1_SMSG_SUCCESS && ssh->pktin.type != SSH1_SMSG_FAILURE) { - bombout(("Protocol confusion")); + bombout((ssh,"Protocol confusion")); crReturnV; } else if (ssh->pktin.type == SSH1_SMSG_FAILURE) { logevent("X11 forwarding refused"); @@ -3085,7 +3126,7 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) } if (sport && dport) { if (type == 'L') { - pfd_addforward(host, dport, sport); + pfd_addforward(host, dport, sport, ssh); sprintf(buf, "Local port %.*s%.*s%d%.*s forwarding to" " %s:%.*s%.*s%d%.*s", sserv ? strlen(sports) : 0, sports, @@ -3124,7 +3165,7 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) } while (!ispkt); if (ssh->pktin.type != SSH1_SMSG_SUCCESS && ssh->pktin.type != SSH1_SMSG_FAILURE) { - bombout(("Protocol confusion")); + bombout((ssh,"Protocol confusion")); crReturnV; } else if (ssh->pktin.type == SSH1_SMSG_FAILURE) { c_write_str(ssh, "Server refused port" @@ -3149,7 +3190,7 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) } while (!ispkt); if (ssh->pktin.type != SSH1_SMSG_SUCCESS && ssh->pktin.type != SSH1_SMSG_FAILURE) { - bombout(("Protocol confusion")); + bombout((ssh,"Protocol confusion")); crReturnV; } else if (ssh->pktin.type == SSH1_SMSG_FAILURE) { c_write_str(ssh, "Server refused to allocate pty\r\n"); @@ -3167,15 +3208,17 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) } while (!ispkt); if (ssh->pktin.type != SSH1_SMSG_SUCCESS && ssh->pktin.type != SSH1_SMSG_FAILURE) { - bombout(("Protocol confusion")); + bombout((ssh,"Protocol confusion")); crReturnV; } else if (ssh->pktin.type == SSH1_SMSG_FAILURE) { c_write_str(ssh, "Server refused to compress\r\n"); } logevent("Started compression"); ssh->v1_compressing = TRUE; - zlib_compress_init(); - zlib_decompress_init(); + ssh->cs_comp_ctx = zlib_compress_init(); + logevent("Initialised zlib (RFC1950) compression"); + ssh->sc_comp_ctx = zlib_decompress_init(); + logevent("Initialised zlib (RFC1950) decompression"); } /* @@ -3205,7 +3248,8 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (ssh->eof_needed) ssh_special(ssh, TS_EOF); - ldisc_send(NULL, 0, 0); /* cause ldisc to notice changes */ + if (ssh->ldisc) + ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */ ssh->send_ok = 1; ssh->channels = newtree234(ssh_channelcmp); while (1) { @@ -3241,7 +3285,8 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) c = smalloc(sizeof(struct ssh_channel)); c->ssh = ssh; - if (x11_init(&c->u.x11.s, cfg.x11_display, c) != NULL) { + if (x11_init(&c->u.x11.s, cfg.x11_display, c, + ssh->x11auth) != NULL) { logevent("opening X11 forward connection failed"); sfree(c); send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE, @@ -3414,7 +3459,7 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) sfree(c); } } else { - bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n", + bombout((ssh,"Received CHANNEL_CLOSE%s for %s channel %d\n", ssh->pktin.type == SSH1_MSG_CHANNEL_CLOSE ? "" : "_CONFIRMATION", c ? "half-open" : "nonexistent", i)); @@ -3516,7 +3561,7 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt) ssh->state = SSH_STATE_CLOSED; crReturnV; } else { - bombout(("Strange packet received: type %d", ssh->pktin.type)); + bombout((ssh,"Strange packet received: type %d", ssh->pktin.type)); crReturnV; } } else { @@ -3784,7 +3829,7 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) int i, j, len; if (ssh->pktin.type != SSH2_MSG_KEXINIT) { - bombout(("expected key exchange packet from server")); + bombout((ssh,"expected key exchange packet from server")); crReturn(0); } ssh->kex = NULL; @@ -3829,12 +3874,12 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) } if (s->cscipher_tobe) { if (s->warn) - askcipher(s->cscipher_tobe->name, 1); + askcipher(ssh->frontend, s->cscipher_tobe->name, 1); break; } } if (!s->cscipher_tobe) { - bombout(("Couldn't agree a client-to-server cipher (available: %s)", str)); + bombout((ssh,"Couldn't agree a client-to-server cipher (available: %s)", str)); crReturn(0); } @@ -3854,12 +3899,12 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) } if (s->sccipher_tobe) { if (s->warn) - askcipher(s->sccipher_tobe->name, 2); + askcipher(ssh->frontend, s->sccipher_tobe->name, 2); break; } } if (!s->sccipher_tobe) { - bombout(("Couldn't agree a server-to-client cipher (available: %s)", str)); + bombout((ssh,"Couldn't agree a server-to-client cipher (available: %s)", str)); crReturn(0); } @@ -3932,17 +3977,17 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) crWaitUntil(ispkt); if (ssh->pktin.type != SSH2_MSG_KEX_DH_GEX_GROUP) { - bombout(("expected key exchange group packet from server")); + bombout((ssh,"expected key exchange group packet from server")); crReturn(0); } s->p = ssh2_pkt_getmp(ssh); s->g = ssh2_pkt_getmp(ssh); - dh_setup_group(s->p, s->g); + ssh->kex_ctx = dh_setup_group(s->p, s->g); s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT; s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY; } else { ssh->pkt_ctx |= SSH2_PKTCTX_DHGROUP1; - dh_setup_group1(); + ssh->kex_ctx = dh_setup_group1(); s->kex_init_value = SSH2_MSG_KEXDH_INIT; s->kex_reply_value = SSH2_MSG_KEXDH_REPLY; } @@ -3951,21 +3996,21 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) /* * Now generate and send e for Diffie-Hellman. */ - s->e = dh_create_e(s->nbits * 2); + s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2); ssh2_pkt_init(ssh, s->kex_init_value); ssh2_pkt_addmp(ssh, s->e); ssh2_pkt_send(ssh); crWaitUntil(ispkt); if (ssh->pktin.type != s->kex_reply_value) { - bombout(("expected key exchange reply packet from server")); + bombout((ssh,"expected key exchange reply packet from server")); crReturn(0); } ssh2_pkt_getstring(ssh, &s->hostkeydata, &s->hostkeylen); s->f = ssh2_pkt_getmp(ssh); ssh2_pkt_getstring(ssh, &s->sigdata, &s->siglen); - s->K = dh_find_K(s->f); + s->K = dh_find_K(ssh->kex_ctx, s->f); sha_string(&ssh->exhash, s->hostkeydata, s->hostkeylen); if (ssh->kex == &ssh_diffiehellman_gex) { @@ -3978,7 +4023,7 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) sha_mpint(&ssh->exhash, s->K); SHA_Final(&ssh->exhash, s->exchange_hash); - dh_cleanup(); + dh_cleanup(ssh->kex_ctx); #if 0 debug(("Exchange hash is:\n")); @@ -3989,7 +4034,7 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (!s->hkey || !ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen, s->exchange_hash, 20)) { - bombout(("Server's host key did not match the signature supplied")); + bombout((ssh,"Server's host key did not match the signature supplied")); crReturn(0); } @@ -3999,7 +4044,8 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) */ s->keystr = ssh->hostkey->fmtkey(s->hkey); s->fingerprint = ssh->hostkey->fingerprint(s->hkey); - verify_ssh_host_key(ssh->savedhost, ssh->savedport, ssh->hostkey->keytype, + verify_ssh_host_key(ssh->frontend, + ssh->savedhost, ssh->savedport, ssh->hostkey->keytype, s->keystr, s->fingerprint); if (s->first_kex) { /* don't bother logging this in rekeys */ logevent("Host key fingerprint is:"); @@ -4020,7 +4066,7 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) */ crWaitUntil(ispkt); if (ssh->pktin.type != SSH2_MSG_NEWKEYS) { - bombout(("expected new-keys packet from server")); + bombout((ssh,"expected new-keys packet from server")); crReturn(0); } @@ -4031,16 +4077,32 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) ssh->cscipher->free_context(ssh->cs_cipher_ctx); ssh->cscipher = s->cscipher_tobe; ssh->cs_cipher_ctx = ssh->cscipher->make_context(); + if (ssh->sc_cipher_ctx) ssh->sccipher->free_context(ssh->sc_cipher_ctx); ssh->sccipher = s->sccipher_tobe; ssh->sc_cipher_ctx = ssh->sccipher->make_context(); + + if (ssh->cs_mac_ctx) + ssh->csmac->free_context(ssh->cs_mac_ctx); ssh->csmac = s->csmac_tobe; + ssh->cs_mac_ctx = ssh->csmac->make_context(); + + if (ssh->sc_mac_ctx) + ssh->scmac->free_context(ssh->sc_mac_ctx); ssh->scmac = s->scmac_tobe; + ssh->sc_mac_ctx = ssh->scmac->make_context(); + + if (ssh->cs_comp_ctx) + ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx); ssh->cscomp = s->cscomp_tobe; + ssh->cs_comp_ctx = ssh->cscomp->compress_init(); + + if (ssh->sc_comp_ctx) + ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx); ssh->sccomp = s->sccomp_tobe; - ssh->cscomp->compress_init(); - ssh->sccomp->decompress_init(); + ssh->sc_comp_ctx = ssh->sccomp->decompress_init(); + /* * Set IVs after keys. Here we use the exchange hash from the * _first_ key exchange. @@ -4059,9 +4121,9 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'B',keyspace); ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace); ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'E',keyspace); - ssh->csmac->setcskey(keyspace); + ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace); ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'F',keyspace); - ssh->scmac->setsckey(keyspace); + ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace); } { char buf[256]; @@ -4071,6 +4133,16 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt) sprintf(buf, "Initialised %.200s server->client encryption", ssh->sccipher->text_name); logevent(buf); + if (ssh->cscomp->text_name) { + sprintf(buf, "Initialised %.200s compression", + ssh->cscomp->text_name); + logevent(buf); + } + if (ssh->sccomp->text_name) { + sprintf(buf, "Initialised %.200s decompression", + ssh->sccomp->text_name); + logevent(buf); + } } @@ -4219,7 +4291,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) ssh2_pkt_send(ssh); crWaitUntilV(ispkt); if (ssh->pktin.type != SSH2_MSG_SERVICE_ACCEPT) { - bombout(("Server refused user authentication protocol")); + bombout((ssh,"Server refused user authentication protocol")); crReturnV; } @@ -4319,7 +4391,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) /* Load the pub half of cfg.keyfile so we notice if it's in Pageant */ if (*cfg.keyfile) { int keytype; - logeventf("Reading private key file \"%.150s\"", cfg.keyfile); + logeventf(ssh->frontend, + "Reading private key file \"%.150s\"", cfg.keyfile); keytype = key_type(cfg.keyfile); if (keytype == SSH_KEYTYPE_SSH2) { s->publickey_blob = @@ -4327,8 +4400,9 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) &s->publickey_bloblen); } else { char msgbuf[256]; - logeventf("Unable to use this key file (%s)", - key_type_to_str(keytype)); + logeventf(ssh->frontend, + "Unable to use this key file (%s)", + key_type_to_str(keytype)); sprintf(msgbuf, "Unable to use key file \"%.150s\" (%s)\r\n", cfg.keyfile, key_type_to_str(keytype)); c_write_str(ssh, msgbuf); @@ -4379,7 +4453,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (!s->gotit) s->curr_prompt = 0; } else if (ssh->pktin.type != SSH2_MSG_USERAUTH_FAILURE) { - bombout(("Strange packet received during authentication: type %d", + bombout((ssh,"Strange packet received during authentication: type %d", ssh->pktin.type)); crReturnV; } @@ -4768,7 +4842,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) ssh2_pkt_addstring(ssh, "en"); /* language tag */ ssh2_pkt_send(ssh); logevent("Unable to authenticate"); - connection_fatal("Unable to authenticate"); + connection_fatal(ssh->frontend, + "Unable to authenticate"); ssh->state = SSH_STATE_CLOSED; crReturnV; } @@ -4899,7 +4974,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) * bytes we should adjust our string length * by. */ - stringlen -= ssh->cscomp->disable_compression(); + stringlen -= + ssh->cscomp->disable_compression(ssh->cs_comp_ctx); } ssh2_pkt_init(ssh, SSH2_MSG_IGNORE); ssh2_pkt_addstring_start(ssh); @@ -4975,12 +5051,12 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) ssh2_pkt_send(ssh); crWaitUntilV(ispkt); if (ssh->pktin.type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) { - bombout(("Server refused to open a session")); + bombout((ssh,"Server refused to open a session")); crReturnV; /* FIXME: error data comes back in FAILURE packet */ } if (ssh2_pkt_getuint32(ssh) != ssh->mainchan->localid) { - bombout(("Server's channel confirmation cited wrong channel")); + bombout((ssh,"Server's channel confirmation cited wrong channel")); crReturnV; } ssh->mainchan->remoteid = ssh2_pkt_getuint32(ssh); @@ -4998,7 +5074,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (cfg.x11_forward) { char proto[20], data[64]; logevent("Requesting X11 forwarding"); - x11_invent_auth(proto, sizeof(proto), data, sizeof(data)); + ssh->x11auth = x11_invent_auth(proto, sizeof(proto), + data, sizeof(data)); ssh2_pkt_init(ssh, SSH2_MSG_CHANNEL_REQUEST); ssh2_pkt_adduint32(ssh, ssh->mainchan->remoteid); ssh2_pkt_addstring(ssh, "x11-req"); @@ -5023,7 +5100,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (ssh->pktin.type != SSH2_MSG_CHANNEL_SUCCESS) { if (ssh->pktin.type != SSH2_MSG_CHANNEL_FAILURE) { - bombout(("Unexpected response to X11 forwarding request:" + bombout((ssh,"Unexpected response to X11 forwarding request:" " packet type %d", ssh->pktin.type)); crReturnV; } @@ -5097,7 +5174,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) } if (sport && dport) { if (type == 'L') { - pfd_addforward(host, dport, sport); + pfd_addforward(host, dport, sport, ssh); sprintf(buf, "Local port %.*s%.*s%d%.*s forwarding to" " %s:%.*s%.*s%d%.*s", sserv ? strlen(sports) : 0, sports, @@ -5151,7 +5228,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (ssh->pktin.type != SSH2_MSG_REQUEST_SUCCESS) { if (ssh->pktin.type != SSH2_MSG_REQUEST_FAILURE) { - bombout(("Unexpected response to port " + bombout((ssh,"Unexpected response to port " "forwarding request: packet type %d", ssh->pktin.type)); crReturnV; @@ -5191,7 +5268,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (ssh->pktin.type != SSH2_MSG_CHANNEL_SUCCESS) { if (ssh->pktin.type != SSH2_MSG_CHANNEL_FAILURE) { - bombout(("Unexpected response to agent forwarding request:" + bombout((ssh,"Unexpected response to agent forwarding request:" " packet type %d", ssh->pktin.type)); crReturnV; } @@ -5234,7 +5311,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (ssh->pktin.type != SSH2_MSG_CHANNEL_SUCCESS) { if (ssh->pktin.type != SSH2_MSG_CHANNEL_FAILURE) { - bombout(("Unexpected response to pty request:" + bombout((ssh,"Unexpected response to pty request:" " packet type %d", ssh->pktin.type)); crReturnV; } @@ -5292,7 +5369,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) } while (ssh->pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST); if (ssh->pktin.type != SSH2_MSG_CHANNEL_SUCCESS) { if (ssh->pktin.type != SSH2_MSG_CHANNEL_FAILURE) { - bombout(("Unexpected response to shell/command request:" + bombout((ssh,"Unexpected response to shell/command request:" " packet type %d", ssh->pktin.type)); crReturnV; } @@ -5307,7 +5384,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) ssh->fallback_cmd = TRUE; continue; } - bombout(("Server refused to start a shell/command")); + bombout((ssh,"Server refused to start a shell/command")); crReturnV; } else { logevent("Started a shell/command"); @@ -5324,7 +5401,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) /* * Transfer data! */ - ldisc_send(NULL, 0, 0); /* cause ldisc to notice changes */ + if (ssh->ldisc) + ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */ ssh->send_ok = 1; while (1) { crReturnV; @@ -5443,7 +5521,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) c = find234(ssh->channels, &i, ssh_channelfind); if (!c || ((int)c->remoteid) == -1) { - bombout(("Received CHANNEL_CLOSE for %s channel %d\n", + bombout((ssh,"Received CHANNEL_CLOSE for %s channel %d\n", c ? "half-open" : "nonexistent", i)); } /* Do pre-close processing on the channel. */ @@ -5643,8 +5721,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) if (typelen == 3 && !memcmp(type, "x11", 3)) { if (!ssh->X11_fwd_enabled) error = "X11 forwarding is not enabled"; - else if (x11_init(&c->u.x11.s, cfg.x11_display, c) != - NULL) { + else if (x11_init(&c->u.x11.s, cfg.x11_display, c, + ssh->x11auth) != NULL) { error = "Unable to open an X11 connection"; } else { c->type = CHAN_X11; @@ -5712,7 +5790,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt) ssh2_pkt_send(ssh); } } else { - bombout(("Strange packet received: type %d", ssh->pktin.type)); + bombout((ssh,"Strange packet received: type %d", ssh->pktin.type)); crReturnV; } } else { @@ -5780,20 +5858,27 @@ static char *ssh_init(void *frontend_handle, void **backend_handle, ssh->s = NULL; ssh->cipher = NULL; ssh->v1_cipher_ctx = NULL; + ssh->crcda_ctx = NULL; ssh->cscipher = NULL; ssh->cs_cipher_ctx = NULL; ssh->sccipher = NULL; ssh->sc_cipher_ctx = NULL; ssh->csmac = NULL; + ssh->cs_mac_ctx = NULL; ssh->scmac = NULL; + ssh->sc_mac_ctx = NULL; ssh->cscomp = NULL; + ssh->cs_comp_ctx = NULL; ssh->sccomp = NULL; + ssh->sc_comp_ctx = NULL; ssh->kex = NULL; ssh->hostkey = NULL; ssh->exitcode = -1; ssh->state = SSH_STATE_PREPACKET; ssh->size_needed = FALSE; ssh->eof_needed = FALSE; + ssh->ldisc = NULL; + ssh->logctx = NULL; { static const struct Packet empty = { 0, 0, NULL, NULL, 0 }; ssh->pktin = ssh->pktout = empty; @@ -5803,6 +5888,7 @@ static char *ssh_init(void *frontend_handle, void **backend_handle, ssh->deferred_size = 0; ssh->fallback_cmd = 0; ssh->pkt_ctx = 0; + ssh->x11auth = NULL; ssh->v2_outgoing_sequence = 0; ssh->ssh1_rdpkt_crstate = 0; ssh->ssh2_rdpkt_crstate = 0; @@ -5909,8 +5995,6 @@ static void ssh_size(void *handle, int width, int height) break; case SSH_STATE_SESSION: if (!cfg.nopty) { - if (!term) - return; if (ssh->version == 1) { send_packet(ssh, SSH1_CMSG_WINDOW_SIZE, PKT_INT, ssh->term_height, @@ -6012,11 +6096,10 @@ void ssh_unthrottle(void *handle, int bufsize) } } -void ssh_send_port_open(void *handle, void *channel, char *hostname, - int port, char *org) +void ssh_send_port_open(void *channel, char *hostname, int port, char *org) { - Ssh ssh = (Ssh) handle; struct ssh_channel *c = (struct ssh_channel *)channel; + Ssh ssh = c->ssh; char buf[1024]; sprintf(buf, "Opening forwarded connection to %.512s:%d", hostname, port); @@ -6073,6 +6156,18 @@ static int ssh_ldisc(void *handle, int option) return FALSE; } +static void ssh_provide_ldisc(void *handle, void *ldisc) +{ + Ssh ssh = (Ssh) handle; + ssh->ldisc = ldisc; +} + +static void ssh_provide_logctx(void *handle, void *logctx) +{ + Ssh ssh = (Ssh) handle; + ssh->logctx = logctx; +} + static int ssh_return_exitcode(void *handle) { Ssh ssh = (Ssh) handle; @@ -6100,6 +6195,8 @@ Backend ssh_backend = { ssh_return_exitcode, ssh_sendok, ssh_ldisc, + ssh_provide_ldisc, + ssh_provide_logctx, ssh_unthrottle, 22 };