X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/697d4856818a042f5adf2711a10e9cc255317892..0df73905d1f5b678d5f6eac58712b6cce2f77434:/ssh.c?ds=inline diff --git a/ssh.c b/ssh.c index 22b8f5e7..270d76b0 100644 --- a/ssh.c +++ b/ssh.c @@ -168,6 +168,7 @@ static const char *const ssh2_disconnect_reasons[] = { #define BUG_CHOKES_ON_SSH1_IGNORE 1 #define BUG_SSH2_HMAC 2 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4 +#define BUG_CHOKES_ON_RSA 8 static int ssh_pkt_ctx = 0; @@ -309,6 +310,18 @@ extern void pfd_confirm(Socket s); extern void pfd_unthrottle(Socket s); extern void pfd_override_throttle(Socket s, int enable); +static void ssh2_pkt_init(int pkt_type); +static void ssh2_pkt_addbool(unsigned char value); +static void ssh2_pkt_adduint32(unsigned long value); +static void ssh2_pkt_addstring_start(void); +static void ssh2_pkt_addstring_str(char *data); +static void ssh2_pkt_addstring_data(char *data, int len); +static void ssh2_pkt_addstring(char *data); +static char *ssh2_mpint_fmt(Bignum b, int *len); +static void ssh2_pkt_addmp(Bignum b); +static int ssh2_pkt_construct(void); +static void ssh2_pkt_send(void); + /* * Buffer management constants. There are several of these for * various different purposes: @@ -770,8 +783,8 @@ static int ssh1_rdpkt(unsigned char **data, int *datalen) pktin.type == SSH1_MSG_DEBUG || pktin.type == SSH1_SMSG_AUTH_TIS_CHALLENGE || pktin.type == SSH1_SMSG_AUTH_CCARD_CHALLENGE) { - long strlen = GET_32BIT(pktin.body); - if (strlen + 4 != pktin.length) { + long stringlen = GET_32BIT(pktin.body); + if (stringlen + 4 != pktin.length) { bombout(("Received data packet with bogus string length")); crReturn(0); } @@ -780,12 +793,12 @@ static int ssh1_rdpkt(unsigned char **data, int *datalen) if (pktin.type == SSH1_MSG_DEBUG) { /* log debug message */ char buf[80]; - int strlen = GET_32BIT(pktin.body); + int stringlen = GET_32BIT(pktin.body); strcpy(buf, "Remote: "); - if (strlen > 70) - strlen = 70; - memcpy(buf + 8, pktin.body + 4, strlen); - buf[8 + strlen] = '\0'; + if (stringlen > 70) + stringlen = 70; + memcpy(buf + 8, pktin.body + 4, stringlen); + buf[8 + stringlen] = '\0'; logevent(buf); goto next_packet; } else if (pktin.type == SSH1_MSG_IGNORE) { @@ -945,36 +958,105 @@ static int ssh2_rdpkt(unsigned char **data, int *datalen) log_packet(PKT_INCOMING, pktin.type, ssh2_pkt_type(pktin.type), pktin.data+6, pktin.length-6); - if (pktin.type == SSH2_MSG_IGNORE || pktin.type == SSH2_MSG_DEBUG) - goto next_packet; /* FIXME: print DEBUG message */ - - if (pktin.type == SSH2_MSG_DISCONNECT) { - /* log reason code in disconnect message */ - char buf[256]; - int reason = GET_32BIT(pktin.data + 6); - unsigned msglen = GET_32BIT(pktin.data + 10); - unsigned nowlen; - if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) { - sprintf(buf, "Received disconnect message (%s)", - ssh2_disconnect_reasons[reason]); - } else { - sprintf(buf, "Received disconnect message (unknown type %d)", - reason); + switch (pktin.type) { + /* + * These packets we must handle instantly. + */ + case SSH2_MSG_DISCONNECT: + { + /* log reason code in disconnect message */ + char buf[256]; + int reason = GET_32BIT(pktin.data + 6); + unsigned msglen = GET_32BIT(pktin.data + 10); + unsigned nowlen; + if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) { + sprintf(buf, "Received disconnect message (%s)", + ssh2_disconnect_reasons[reason]); + } else { + sprintf(buf, "Received disconnect message (unknown type %d)", + reason); + } + logevent(buf); + strcpy(buf, "Disconnection message text: "); + nowlen = strlen(buf); + if (msglen > sizeof(buf) - nowlen - 1) + msglen = sizeof(buf) - nowlen - 1; + memcpy(buf + nowlen, pktin.data + 14, msglen); + buf[nowlen + msglen] = '\0'; + logevent(buf); + bombout(("Server sent disconnect message\ntype %d (%s):\n\"%s\"", + reason, + (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ? + ssh2_disconnect_reasons[reason] : "unknown", + buf+nowlen)); + crReturn(0); + } + break; + case SSH2_MSG_IGNORE: + goto next_packet; + case SSH2_MSG_DEBUG: + { + /* log the debug message */ + char buf[512]; + /* int display = pktin.body[6]; */ + int stringlen = GET_32BIT(pktin.data+7); + int prefix; + strcpy(buf, "Remote debug message: "); + prefix = strlen(buf); + if (stringlen > sizeof(buf)-prefix-1) + stringlen = sizeof(buf)-prefix-1; + memcpy(buf + prefix, pktin.data + 11, stringlen); + buf[prefix + stringlen] = '\0'; + logevent(buf); } - logevent(buf); - strcpy(buf, "Disconnection message text: "); - nowlen = strlen(buf); - if (msglen > sizeof(buf) - nowlen - 1) - msglen = sizeof(buf) - nowlen - 1; - memcpy(buf + nowlen, pktin.data + 14, msglen); - buf[nowlen + msglen] = '\0'; - logevent(buf); - bombout(("Server sent disconnect message\ntype %d (%s):\n\"%s\"", - reason, - (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ? - ssh2_disconnect_reasons[reason] : "unknown", - buf+nowlen)); - crReturn(0); + goto next_packet; /* FIXME: print the debug message */ + + /* + * These packets we need do nothing about here. + */ + case SSH2_MSG_UNIMPLEMENTED: + case SSH2_MSG_SERVICE_REQUEST: + case SSH2_MSG_SERVICE_ACCEPT: + case SSH2_MSG_KEXINIT: + case SSH2_MSG_NEWKEYS: + case SSH2_MSG_KEXDH_INIT: + case SSH2_MSG_KEXDH_REPLY: + /* case SSH2_MSG_KEX_DH_GEX_REQUEST: duplicate case value */ + /* case SSH2_MSG_KEX_DH_GEX_GROUP: duplicate case value */ + case SSH2_MSG_KEX_DH_GEX_INIT: + case SSH2_MSG_KEX_DH_GEX_REPLY: + case SSH2_MSG_USERAUTH_REQUEST: + case SSH2_MSG_USERAUTH_FAILURE: + case SSH2_MSG_USERAUTH_SUCCESS: + case SSH2_MSG_USERAUTH_BANNER: + case SSH2_MSG_USERAUTH_PK_OK: + /* case SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: duplicate case value */ + /* case SSH2_MSG_USERAUTH_INFO_REQUEST: duplicate case value */ + case SSH2_MSG_USERAUTH_INFO_RESPONSE: + case SSH2_MSG_GLOBAL_REQUEST: + case SSH2_MSG_REQUEST_SUCCESS: + case SSH2_MSG_REQUEST_FAILURE: + case SSH2_MSG_CHANNEL_OPEN: + case SSH2_MSG_CHANNEL_OPEN_CONFIRMATION: + case SSH2_MSG_CHANNEL_OPEN_FAILURE: + case SSH2_MSG_CHANNEL_WINDOW_ADJUST: + case SSH2_MSG_CHANNEL_DATA: + case SSH2_MSG_CHANNEL_EXTENDED_DATA: + case SSH2_MSG_CHANNEL_EOF: + case SSH2_MSG_CHANNEL_CLOSE: + case SSH2_MSG_CHANNEL_REQUEST: + case SSH2_MSG_CHANNEL_SUCCESS: + case SSH2_MSG_CHANNEL_FAILURE: + break; + + /* + * For anything else we send SSH2_MSG_UNIMPLEMENTED. + */ + default: + ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED); + ssh2_pkt_adduint32(st->incoming_sequence - 1); + ssh2_pkt_send(); + break; } crFinish(0); @@ -1509,6 +1591,16 @@ static void ssh_detect_bugs(char *vstring) logevent("We believe remote version needs a plain SSH1 password"); } + if (!strcmp(imp, "Cisco-1.25")) { + /* + * These versions apparently have no clue whatever about + * RSA authentication and will panic and die if they see + * an AUTH_RSA message. + */ + ssh_remote_bugs |= BUG_CHOKES_ON_RSA; + logevent("We believe remote version can't handle RSA authentication"); + } + if (!strncmp(imp, "2.1.0", 5) || !strncmp(imp, "2.0.", 4) || !strncmp(imp, "2.2.0", 5) || !strncmp(imp, "2.3.0", 5) || !strncmp(imp, "2.1 ", 4)) { @@ -2110,7 +2202,12 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) crWaitUntil(ispkt); - tried_publickey = tried_agent = 0; + if ((ssh_remote_bugs & BUG_CHOKES_ON_RSA)) { + /* We must not attempt PK auth. Pretend we've already tried it. */ + tried_publickey = tried_agent = 1; + } else { + tried_publickey = tried_agent = 0; + } tis_auth_refused = ccard_auth_refused = 0; /* Load the public half of cfg.keyfile so we notice if it's in Pageant */ if (*cfg.keyfile) {