X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/58298665677f203965fd6ea2e0b9bfd173139a2e..7dbb9f565cd73e01515dadd6825c3cd0322b9783:/ssh.c diff --git a/ssh.c b/ssh.c index a408836a..2ef8ac4d 100644 --- a/ssh.c +++ b/ssh.c @@ -46,10 +46,15 @@ #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */ #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */ #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */ +#define SSH1_SMSG_X11_OPEN 27 /* 0x1b */ +#define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */ +#define SSH1_MSG_PORT_OPEN 29 /* 0x1d */ #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */ #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */ -#define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */ #define SSH1_MSG_IGNORE 32 /* 0x20 */ +#define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */ +#define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */ +#define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */ #define SSH1_MSG_DEBUG 36 /* 0x24 */ #define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */ #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */ @@ -160,6 +165,11 @@ extern const struct ssh_cipher ssh_des; extern const struct ssh_cipher ssh_blowfish_ssh1; extern const struct ssh_cipher ssh_blowfish_ssh2; +extern char *x11_init (Socket *, char *, void *); +extern void x11_close (Socket); +extern void x11_send (Socket , char *, int); +extern void x11_invent_auth(char *, int, char *, int); + /* * Ciphers for SSH2. We miss out single-DES because it isn't * supported; also 3DES and Blowfish are both done differently from @@ -201,6 +211,12 @@ extern const struct ssh_compress ssh_zlib; const static struct ssh_compress *compressions[] = { &ssh_zlib, &ssh_comp_none }; +enum { /* channel types */ + CHAN_MAINSESSION, + CHAN_X11, + CHAN_AGENT, +}; + /* * 2-3-4 tree storing channels. */ @@ -208,17 +224,20 @@ struct ssh_channel { unsigned remoteid, localid; int type; int closes; + struct ssh2_data_channel { + unsigned char *outbuffer; + unsigned outbuflen, outbufsize; + unsigned remwindow, remmaxpkt; + } v2; union { struct ssh_agent_channel { unsigned char *message; unsigned char msglen[4]; int lensofar, totallen; } a; - struct ssh2_data_channel { - unsigned char *outbuffer; - unsigned outbuflen, outbufsize; - unsigned remwindow, remmaxpkt; - } v2; + struct ssh_x11_channel { + Socket s; + } x11; } u; }; @@ -231,13 +250,14 @@ struct Packet { long maxlen; }; -static SHA_State exhash; +static SHA_State exhash, exhashbase; static Socket s = NULL; static unsigned char session_key[32]; static int ssh1_compressing; static int ssh_agentfwd_enabled; +static int ssh_X11_fwd_enabled; static const struct ssh_cipher *cipher = NULL; static const struct ssh_cipher *cscipher = NULL; static const struct ssh_cipher *sccipher = NULL; @@ -252,18 +272,20 @@ int (*ssh_get_password)(const char *prompt, char *str, int maxlen) = NULL; static char *savedhost; static int savedport; static int ssh_send_ok; +static int ssh_echoing, ssh_editing; static tree234 *ssh_channels; /* indexed by local id */ static struct ssh_channel *mainchan; /* primary session channel */ static enum { + SSH_STATE_PREPACKET, SSH_STATE_BEFORE_SIZE, SSH_STATE_INTERMED, SSH_STATE_SESSION, SSH_STATE_CLOSED -} ssh_state = SSH_STATE_BEFORE_SIZE; +} ssh_state = SSH_STATE_PREPACKET; -static int size_needed = FALSE; +static int size_needed = FALSE, eof_needed = FALSE; static struct Packet pktin = { 0, 0, NULL, NULL, 0 }; static struct Packet pktout = { 0, 0, NULL, NULL, 0 }; @@ -273,6 +295,9 @@ static void (*ssh_protocol)(unsigned char *in, int inlen, int ispkt); static void ssh1_protocol(unsigned char *in, int inlen, int ispkt); static void ssh2_protocol(unsigned char *in, int inlen, int ispkt); static void ssh_size(void); +static void ssh_special (Telnet_Special); +static void ssh2_try_send(struct ssh_channel *c); +static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len); static int (*s_rdpkt)(unsigned char **data, int *datalen); @@ -792,15 +817,18 @@ static void sha_string(SHA_State *s, void *str, int len) { /* * SSH2 packet construction functions. */ -static void ssh2_pkt_adddata(void *data, int len) { - pktout.length += len; - if (pktout.maxlen < pktout.length) { - pktout.maxlen = pktout.length + 256; +static void ssh2_pkt_ensure(int length) { + if (pktout.maxlen < length) { + pktout.maxlen = length + 256; pktout.data = (pktout.data == NULL ? smalloc(pktout.maxlen+APIEXTRA) : srealloc(pktout.data, pktout.maxlen+APIEXTRA)); if (!pktout.data) fatalbox("Out of memory"); } +} +static void ssh2_pkt_adddata(void *data, int len) { + pktout.length += len; + ssh2_pkt_ensure(pktout.length); memcpy(pktout.data+pktout.length-len, data, len); } static void ssh2_pkt_addbyte(unsigned char byte) { @@ -894,6 +922,8 @@ static void ssh2_pkt_send(void) { cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */ padding = 4; padding += (cipherblk - (pktout.length + padding) % cipherblk) % cipherblk; + maclen = csmac ? csmac->len : 0; + ssh2_pkt_ensure(pktout.length + padding + maclen); pktout.data[4] = padding; for (i = 0; i < padding; i++) pktout.data[pktout.length + i] = random_byte(); @@ -912,7 +942,6 @@ static void ssh2_pkt_send(void) { if (cscipher) cscipher->encrypt(pktout.data, pktout.length + padding); - maclen = csmac ? csmac->len : 0; sk_write(s, pktout.data, pktout.length + padding + maclen); } @@ -1043,12 +1072,12 @@ static int do_ssh_init(unsigned char c) { * This is a v2 server. Begin v2 protocol. */ char *verstring = "SSH-2.0-PuTTY"; - SHA_Init(&exhash); + SHA_Init(&exhashbase); /* * Hash our version string and their version string. */ - sha_string(&exhash, verstring, strlen(verstring)); - sha_string(&exhash, vstring, strcspn(vstring, "\r\n")); + sha_string(&exhashbase, verstring, strlen(verstring)); + sha_string(&exhashbase, vstring, strcspn(vstring, "\r\n")); sprintf(vstring, "%s\n", verstring); sprintf(vlog, "We claim version: %s", verstring); logevent(vlog); @@ -1072,6 +1101,7 @@ static int do_ssh_init(unsigned char c) { ssh_version = 1; s_rdpkt = ssh1_rdpkt; } + ssh_state = SSH_STATE_BEFORE_SIZE; crFinish(0); } @@ -1119,8 +1149,16 @@ static void ssh_gotdata(unsigned char *data, int datalen) } static int ssh_receive(Socket skt, int urgent, char *data, int len) { + if (urgent==3) { + /* A socket error has occurred. */ + ssh_state = SSH_STATE_CLOSED; + s = NULL; + connection_fatal(data); + len = 0; + } if (!len) { /* Connection has closed. */ + ssh_state = SSH_STATE_CLOSED; sk_close(s); s = NULL; return 0; @@ -1180,7 +1218,7 @@ static char *connect_to_host(char *host, int port, char **realhost) /* * Open socket. */ - s = sk_new(addr, port, ssh_receive); + s = sk_new(addr, port, 0, ssh_receive); if ( (err = sk_socket_error(s)) ) return err; @@ -1715,6 +1753,36 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) crFinish(1); } +void sshfwd_close(struct ssh_channel *c) { + if (c) { + if (ssh_version == 1) { + send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid, PKT_END); + } else { + ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE); + ssh2_pkt_adduint32(c->remoteid); + ssh2_pkt_send(); + } + c->closes = 1; + if (c->type == CHAN_X11) { + c->u.x11.s = NULL; + logevent("X11 connection terminated"); + } + } +} + +void sshfwd_write(struct ssh_channel *c, char *buf, int len) { + if (ssh_version == 1) { + send_packet(SSH1_MSG_CHANNEL_DATA, + PKT_INT, c->remoteid, + PKT_INT, len, + PKT_DATA, buf, len, + PKT_END); + } else { + ssh2_add_channel_data(c, buf, len); + ssh2_try_send(c); + } +} + static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { crBegin; @@ -1741,6 +1809,26 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { } } + if (cfg.x11_forward) { + char proto[20], data[64]; + logevent("Requesting X11 forwarding"); + x11_invent_auth(proto, sizeof(proto), data, sizeof(data)); + send_packet(SSH1_CMSG_X11_REQUEST_FORWARDING, + PKT_STR, proto, PKT_STR, data, + PKT_INT, 0, + PKT_END); + do { crReturnV; } while (!ispkt); + if (pktin.type != SSH1_SMSG_SUCCESS && pktin.type != SSH1_SMSG_FAILURE) { + bombout(("Protocol confusion")); + crReturnV; + } else if (pktin.type == SSH1_SMSG_FAILURE) { + logevent("X11 forwarding refused"); + } else { + logevent("X11 forwarding enabled"); + ssh_X11_fwd_enabled = TRUE; + } + } + if (!cfg.nopty) { send_packet(SSH1_CMSG_REQUEST_PTY, PKT_STR, cfg.termtype, @@ -1755,8 +1843,11 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { crReturnV; } else if (pktin.type == SSH1_SMSG_FAILURE) { c_write("Server refused to allocate pty\r\n", 32); + ssh_editing = ssh_echoing = 1; } logevent("Allocated pty"); + } else { + ssh_editing = ssh_echoing = 1; } if (cfg.compression) { @@ -1783,10 +1874,12 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { ssh_state = SSH_STATE_SESSION; if (size_needed) ssh_size(); + if (eof_needed) + ssh_special(TS_EOF); + ldisc_send(NULL, 0); /* cause ldisc to notice changes */ ssh_send_ok = 1; ssh_channels = newtree234(ssh_channelcmp); - begin_session(); while (1) { crReturnV; if (ispkt) { @@ -1799,6 +1892,47 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { ssh_state = SSH_STATE_CLOSED; logevent("Received disconnect request"); crReturnV; + } else if (pktin.type == SSH1_SMSG_X11_OPEN) { + /* Remote side is trying to open a channel to talk to our + * X-Server. Give them back a local channel number. */ + unsigned i; + struct ssh_channel *c, *d; + enum234 e; + + logevent("Received X11 connect request"); + /* Refuse if X11 forwarding is disabled. */ + if (!ssh_X11_fwd_enabled) { + send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE, + PKT_INT, GET_32BIT(pktin.body), + PKT_END); + logevent("Rejected X11 connect request"); + } else { + c = smalloc(sizeof(struct ssh_channel)); + + if ( x11_init(&c->u.x11.s, cfg.x11_display, c) != NULL ) { + logevent("opening X11 forward connection failed"); + sfree(c); + send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE, + PKT_INT, GET_32BIT(pktin.body), + PKT_END); + } else { + logevent("opening X11 forward connection succeeded"); + for (i=1, d = first234(ssh_channels, &e); d; d = next234(&e)) { + if (d->localid > i) + break; /* found a free number */ + i = d->localid + 1; + } + c->remoteid = GET_32BIT(pktin.body); + c->localid = i; + c->closes = 0; + c->type = CHAN_X11; /* identify channel type */ + add234(ssh_channels, c); + send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION, + PKT_INT, c->remoteid, PKT_INT, c->localid, + PKT_END); + logevent("Opened X11 forward channel"); + } + } } else if (pktin.type == SSH1_SMSG_AGENT_OPEN) { /* Remote side is trying to open a channel to talk to our * agent. Give them back a local channel number. */ @@ -1822,7 +1956,7 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { c->remoteid = GET_32BIT(pktin.body); c->localid = i; c->closes = 0; - c->type = SSH1_SMSG_AGENT_OPEN;/* identify channel type */ + c->type = CHAN_AGENT; /* identify channel type */ c->u.a.lensofar = 0; add234(ssh_channels, c); send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION, @@ -1839,6 +1973,12 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { int closetype; closetype = (pktin.type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2); send_packet(pktin.type, PKT_INT, c->remoteid, PKT_END); + if ((c->closes == 0) && (c->type == CHAN_X11)) { + logevent("X11 connection closed"); + assert(c->u.x11.s != NULL); + x11_close(c->u.x11.s); + c->u.x11.s = NULL; + } c->closes |= closetype; if (c->closes == 3) { del234(ssh_channels, c); @@ -1854,7 +1994,10 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { c = find234(ssh_channels, &i, ssh_channelfind); if (c) { switch(c->type) { - case SSH1_SMSG_AGENT_OPEN: + case CHAN_X11: + x11_send(c->u.x11.s, p, len); + break; + case CHAN_AGENT: /* Data for an agent message. Buffer it. */ while (len > 0) { if (c->u.a.lensofar < 4) { @@ -1993,9 +2136,11 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) static unsigned char keyspace[40]; static const struct ssh_cipher *preferred_cipher; static const struct ssh_compress *preferred_comp; + static int first_kex; crBegin; random_init(); + first_kex = 1; /* * Set up the preferred cipher and compression. @@ -2099,7 +2244,10 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) ssh2_pkt_addbool(FALSE); /* Reserved. */ ssh2_pkt_adduint32(0); + + exhash = exhashbase; sha_string(&exhash, pktout.data+5, pktout.length-5); + ssh2_pkt_send(); if (!ispkt) crWaitUntil(ispkt); @@ -2268,13 +2416,26 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) * Set IVs after keys. */ ssh2_mkkey(K, exchange_hash, 'C', keyspace); cscipher->setcskey(keyspace); - ssh2_mkkey(K, exchange_hash, 'D', keyspace); cscipher->setsckey(keyspace); + ssh2_mkkey(K, exchange_hash, 'D', keyspace); sccipher->setsckey(keyspace); ssh2_mkkey(K, exchange_hash, 'A', keyspace); cscipher->setcsiv(keyspace); ssh2_mkkey(K, exchange_hash, 'B', keyspace); sccipher->setsciv(keyspace); ssh2_mkkey(K, exchange_hash, 'E', keyspace); csmac->setcskey(keyspace); ssh2_mkkey(K, exchange_hash, 'F', keyspace); scmac->setsckey(keyspace); /* + * If this is the first key exchange phase, we must pass the + * SSH2_MSG_NEWKEYS packet to the next layer, not because it + * wants to see it but because it will need time to initialise + * itself before it sees an actual packet. In subsequent key + * exchange phases, we don't pass SSH2_MSG_NEWKEYS on, because + * it would only confuse the layer above. + */ + if (!first_kex) { + crReturn(0); + } + first_kex = 0; + + /* * Now we're encrypting. Begin returning 1 to the protocol main * function so that other things can run on top of the * transport. If we ever see a KEXINIT, we must go back to the @@ -2289,6 +2450,45 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) } /* + * Add data to an SSH2 channel output buffer. + */ +static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len) { + if (c->v2.outbufsize < + c->v2.outbuflen + len) { + c->v2.outbufsize = + c->v2.outbuflen + len + 1024; + c->v2.outbuffer = srealloc(c->v2.outbuffer, + c->v2.outbufsize); + } + memcpy(c->v2.outbuffer + c->v2.outbuflen, + buf, len); + c->v2.outbuflen += len; +} + +/* + * Attempt to send data on an SSH2 channel. + */ +static void ssh2_try_send(struct ssh_channel *c) { + while (c->v2.remwindow > 0 && + c->v2.outbuflen > 0) { + unsigned len = c->v2.remwindow; + if (len > c->v2.outbuflen) + len = c->v2.outbuflen; + if (len > c->v2.remmaxpkt) + len = c->v2.remmaxpkt; + ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA); + ssh2_pkt_adduint32(c->remoteid); + ssh2_pkt_addstring_start(); + ssh2_pkt_addstring_data(c->v2.outbuffer, len); + ssh2_pkt_send(); + c->v2.outbuflen -= len; + memmove(c->v2.outbuffer, c->v2.outbuffer+len, + c->v2.outbuflen); + c->v2.remwindow -= len; + } +} + +/* * Handle the SSH2 userauth and connection layers. */ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) @@ -2462,13 +2662,58 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) crReturnV; } mainchan->remoteid = ssh2_pkt_getuint32(); - mainchan->u.v2.remwindow = ssh2_pkt_getuint32(); - mainchan->u.v2.remmaxpkt = ssh2_pkt_getuint32(); - mainchan->u.v2.outbuffer = NULL; - mainchan->u.v2.outbuflen = mainchan->u.v2.outbufsize = 0; + mainchan->type = CHAN_MAINSESSION; + mainchan->closes = 0; + mainchan->v2.remwindow = ssh2_pkt_getuint32(); + mainchan->v2.remmaxpkt = ssh2_pkt_getuint32(); + mainchan->v2.outbuffer = NULL; + mainchan->v2.outbuflen = mainchan->v2.outbufsize = 0; + ssh_channels = newtree234(ssh_channelcmp); + add234(ssh_channels, mainchan); logevent("Opened channel for session"); /* + * Potentially enable X11 forwarding. + */ + if (cfg.x11_forward) { + char proto[20], data[64]; + logevent("Requesting X11 forwarding"); + x11_invent_auth(proto, sizeof(proto), data, sizeof(data)); + ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST); + ssh2_pkt_adduint32(mainchan->remoteid); + ssh2_pkt_addstring("x11-req"); + ssh2_pkt_addbool(1); /* want reply */ + ssh2_pkt_addbool(0); /* many connections */ + ssh2_pkt_addstring(proto); + ssh2_pkt_addstring(data); + ssh2_pkt_adduint32(0); /* screen number */ + ssh2_pkt_send(); + + do { + crWaitUntilV(ispkt); + if (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST) { + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + c->v2.remwindow += ssh2_pkt_getuint32(); + } + } while (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST); + + if (pktin.type != SSH2_MSG_CHANNEL_SUCCESS) { + if (pktin.type != SSH2_MSG_CHANNEL_FAILURE) { + bombout(("Server got confused by X11 forwarding request")); + crReturnV; + } + logevent("X11 forwarding refused"); + } else { + logevent("X11 forwarding enabled"); + ssh_X11_fwd_enabled = TRUE; + } + } + + /* * Now allocate a pty for the session. */ if (!cfg.nopty) { @@ -2489,10 +2734,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) do { crWaitUntilV(ispkt); if (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST) { - /* FIXME: be able to handle other channels here */ - if (ssh2_pkt_getuint32() != mainchan->localid) - continue; /* wrong channel */ - mainchan->u.v2.remwindow += ssh2_pkt_getuint32(); + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + c->v2.remwindow += ssh2_pkt_getuint32(); } } while (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST); @@ -2502,9 +2749,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) crReturnV; } c_write("Server refused to allocate pty\r\n", 32); + ssh_editing = ssh_echoing = 1; } else { logevent("Allocated pty"); } + } else { + ssh_editing = ssh_echoing = 1; } /* @@ -2524,10 +2774,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) do { crWaitUntilV(ispkt); if (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST) { - /* FIXME: be able to handle other channels here */ - if (ssh2_pkt_getuint32() != mainchan->localid) - continue; /* wrong channel */ - mainchan->u.v2.remwindow += ssh2_pkt_getuint32(); + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + c->v2.remwindow += ssh2_pkt_getuint32(); } } while (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST); if (pktin.type != SSH2_MSG_CHANNEL_SUCCESS) { @@ -2544,12 +2796,14 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) ssh_state = SSH_STATE_SESSION; if (size_needed) ssh_size(); + if (eof_needed) + ssh_special(TS_EOF); /* * Transfer data! */ + ldisc_send(NULL, 0); /* cause ldisc to notice changes */ ssh_send_ok = 1; - begin_session(); while (1) { static int try_send; crReturnV; @@ -2559,23 +2813,32 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) pktin.type == SSH2_MSG_CHANNEL_EXTENDED_DATA) { char *data; int length; - /* FIXME: be able to handle other channels here */ - if (ssh2_pkt_getuint32() != mainchan->localid) - continue; /* wrong channel */ + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ if (pktin.type == SSH2_MSG_CHANNEL_EXTENDED_DATA && ssh2_pkt_getuint32() != SSH2_EXTENDED_DATA_STDERR) continue; /* extended but not stderr */ ssh2_pkt_getstring(&data, &length); if (data) { - from_backend(pktin.type == SSH2_MSG_CHANNEL_EXTENDED_DATA, - data, length); + switch (c->type) { + case CHAN_MAINSESSION: + from_backend(pktin.type == SSH2_MSG_CHANNEL_EXTENDED_DATA, + data, length); + break; + case CHAN_X11: + x11_send(c->u.x11.s, data, length); + break; + } /* - * Enlarge the window again at the remote side, - * just in case it ever runs down and they fail - * to send us any more data. + * Enlarge the window again at the remote + * side, just in case it ever runs down and + * they fail to send us any more data. */ ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST); - ssh2_pkt_adduint32(mainchan->remoteid); + ssh2_pkt_adduint32(c->remoteid); ssh2_pkt_adduint32(length); ssh2_pkt_send(); } @@ -2586,16 +2849,50 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) } else if (pktin.type == SSH2_MSG_CHANNEL_REQUEST) { continue; /* exit status et al; ignore (FIXME?) */ } else if (pktin.type == SSH2_MSG_CHANNEL_EOF) { - continue; /* remote sends EOF; ignore */ + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + + if (c->type == CHAN_X11) { + /* + * Remote EOF on an X11 channel means we should + * wrap up and close the channel ourselves. + */ + x11_close(c->u.x11.s); + sshfwd_close(c); + } } else if (pktin.type == SSH2_MSG_CHANNEL_CLOSE) { - /* FIXME: be able to handle other channels here */ - if (ssh2_pkt_getuint32() != mainchan->localid) - continue; /* wrong channel */ - ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE); - ssh2_pkt_adduint32(mainchan->remoteid); - ssh2_pkt_send(); - /* FIXME: mark the channel as closed */ - if (1 /* FIXME: "all channels are closed" */) { + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + enum234 e; + + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + if (c->closes == 0) { + ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE); + ssh2_pkt_adduint32(c->remoteid); + ssh2_pkt_send(); + } + /* Do pre-close processing on the channel. */ + switch (c->type) { + case CHAN_MAINSESSION: + break; /* nothing to see here, move along */ + case CHAN_X11: + break; + } + del234(ssh_channels, c); + sfree(c->v2.outbuffer); + sfree(c); + + /* + * See if that was the last channel left open. + */ + c = first234(ssh_channels, &e); + if (!c) { logevent("All channels closed. Disconnecting"); ssh2_pkt_init(SSH2_MSG_DISCONNECT); ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION); @@ -2607,11 +2904,67 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) } continue; /* remote sends close; ignore (FIXME) */ } else if (pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST) { - /* FIXME: be able to handle other channels here */ - if (ssh2_pkt_getuint32() != mainchan->localid) - continue; /* wrong channel */ - mainchan->u.v2.remwindow += ssh2_pkt_getuint32(); + unsigned i = ssh2_pkt_getuint32(); + struct ssh_channel *c; + c = find234(ssh_channels, &i, ssh_channelfind); + if (!c) + continue; /* nonexistent channel */ + mainchan->v2.remwindow += ssh2_pkt_getuint32(); try_send = TRUE; + } else if (pktin.type == SSH2_MSG_CHANNEL_OPEN) { + char *type; + int typelen; + char *error = NULL; + struct ssh_channel *c; + ssh2_pkt_getstring(&type, &typelen); + c = smalloc(sizeof(struct ssh_channel)); + + if (typelen == 3 && !memcmp(type, "x11", 3)) { + if (!ssh_X11_fwd_enabled) + error = "X11 forwarding is not enabled"; + else if ( x11_init(&c->u.x11.s, cfg.x11_display, c) != NULL ) { + error = "Unable to open an X11 connection"; + } else { + c->type = CHAN_X11; + } + } else { + error = "Unsupported channel type requested"; + } + + c->remoteid = ssh2_pkt_getuint32(); + if (error) { + ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE); + ssh2_pkt_adduint32(c->remoteid); + ssh2_pkt_adduint32(SSH2_OPEN_CONNECT_FAILED); + ssh2_pkt_addstring(error); + ssh2_pkt_addstring("en"); /* language tag */ + ssh2_pkt_send(); + sfree(c); + } else { + struct ssh_channel *d; + unsigned i; + enum234 e; + + for (i=1, d = first234(ssh_channels, &e); d; + d = next234(&e)) { + if (d->localid > i) + break; /* found a free number */ + i = d->localid + 1; + } + c->localid = i; + c->closes = 0; + c->v2.remwindow = ssh2_pkt_getuint32(); + c->v2.remmaxpkt = ssh2_pkt_getuint32(); + c->v2.outbuffer = NULL; + c->v2.outbuflen = c->v2.outbufsize = 0; + add234(ssh_channels, c); + ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION); + ssh2_pkt_adduint32(c->remoteid); + ssh2_pkt_adduint32(c->localid); + ssh2_pkt_adduint32(0x8000UL); /* our window size */ + ssh2_pkt_adduint32(0x4000UL); /* our max pkt size */ + ssh2_pkt_send(); + } } else { bombout(("Strange packet received: type %d", pktin.type)); crReturnV; @@ -2620,40 +2973,17 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) /* * We have spare data. Add it to the channel buffer. */ - if (mainchan->u.v2.outbufsize < - mainchan->u.v2.outbuflen + inlen) { - mainchan->u.v2.outbufsize = - mainchan->u.v2.outbuflen + inlen + 1024; - mainchan->u.v2.outbuffer = srealloc(mainchan->u.v2.outbuffer, - mainchan->u.v2.outbufsize); - } - memcpy(mainchan->u.v2.outbuffer + mainchan->u.v2.outbuflen, - in, inlen); - mainchan->u.v2.outbuflen += inlen; + ssh2_add_channel_data(mainchan, in, inlen); try_send = TRUE; } if (try_send) { + enum234 e; + struct ssh_channel *c; /* - * Try to send data on the channel if we can. (FIXME: - * on _all_ channels.) + * Try to send data on all channels if we can. */ - while (mainchan->u.v2.remwindow > 0 && - mainchan->u.v2.outbuflen > 0) { - unsigned len = mainchan->u.v2.remwindow; - if (len > mainchan->u.v2.outbuflen) - len = mainchan->u.v2.outbuflen; - if (len > mainchan->u.v2.remmaxpkt) - len = mainchan->u.v2.remmaxpkt; - ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA); - ssh2_pkt_adduint32(mainchan->remoteid); - ssh2_pkt_addstring_start(); - ssh2_pkt_addstring_data(mainchan->u.v2.outbuffer, len); - ssh2_pkt_send(); - mainchan->u.v2.outbuflen -= len; - memmove(mainchan->u.v2.outbuffer, mainchan->u.v2.outbuffer+len, - mainchan->u.v2.outbuflen); - mainchan->u.v2.remwindow -= len; - } + for (c = first234(ssh_channels, &e); c; c = next234(&e)) + ssh2_try_send(c); } } @@ -2684,6 +3014,8 @@ static char *ssh_init (char *host, int port, char **realhost) { #endif ssh_send_ok = 0; + ssh_editing = 0; + ssh_echoing = 0; p = connect_to_host(host, port, realhost); if (p != NULL) @@ -2708,6 +3040,7 @@ static void ssh_send (char *buf, int len) { static void ssh_size(void) { switch (ssh_state) { case SSH_STATE_BEFORE_SIZE: + case SSH_STATE_PREPACKET: case SSH_STATE_CLOSED: break; /* do nothing */ case SSH_STATE_INTERMED: @@ -2731,6 +3064,7 @@ static void ssh_size(void) { ssh2_pkt_send(); } } + break; } } @@ -2741,6 +3075,15 @@ static void ssh_size(void) { */ static void ssh_special (Telnet_Special code) { if (code == TS_EOF) { + if (ssh_state != SSH_STATE_SESSION) { + /* + * Buffer the EOF in case we are pre-SESSION, so we can + * send it as soon as we reach SESSION. + */ + if (code == TS_EOF) + eof_needed = TRUE; + return; + } if (ssh_version == 1) { send_packet(SSH1_CMSG_EOF, PKT_END); } else { @@ -2750,6 +3093,8 @@ static void ssh_special (Telnet_Special code) { } logevent("Sent EOF message"); } else if (code == TS_PING) { + if (ssh_state == SSH_STATE_CLOSED || ssh_state == SSH_STATE_PREPACKET) + return; if (ssh_version == 1) { send_packet(SSH1_MSG_IGNORE, PKT_STR, "", PKT_END); } else { @@ -2766,6 +3111,12 @@ static Socket ssh_socket(void) { return s; } static int ssh_sendok(void) { return ssh_send_ok; } +static int ssh_ldisc(int option) { + if (option == LD_ECHO) return ssh_echoing; + if (option == LD_EDIT) return ssh_editing; + return FALSE; +} + Backend ssh_backend = { ssh_init, ssh_send, @@ -2773,5 +3124,6 @@ Backend ssh_backend = { ssh_special, ssh_socket, ssh_sendok, + ssh_ldisc, 22 };