X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/a52f067e0510f49ff0473878280521bd11cd3c78..d4857987945f49a51477e26da18b46ef222b2346:/ssh.c?ds=sidebyside diff --git a/ssh.c b/ssh.c index 4068aa72..add4ae5a 100644 --- a/ssh.c +++ b/ssh.c @@ -13,7 +13,6 @@ #include "putty.h" #include "tree234.h" #include "ssh.h" -#include "scp.h" #ifndef FALSE #define FALSE 0 @@ -204,6 +203,7 @@ static struct ssh_hostkey *hostkey = NULL; int (*ssh_get_password)(const char *prompt, char *str, int maxlen) = NULL; static char *savedhost; +static int savedport; static int ssh_send_ok; /* @@ -291,6 +291,11 @@ static void c_write (char *buf, int len) { c_write1(*buf++); } +static void c_writedata (char *buf, int len) { + while (len--) + c_write1(*buf++); +} + struct Packet { long length; int type; @@ -700,6 +705,7 @@ static char *connect_to_host(char *host, int port, char **realhost) if (port < 0) port = 22; /* default ssh port */ + savedport = port; #ifdef FWHACK FWhost = host; @@ -1100,21 +1106,15 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) j = makekey(pktin.body+8+i, &hostkey, &keystr2, 0); /* - * Hash the host key and print the hash in the log box. Just as - * a last resort in case the registry's host key checking is - * compromised, we'll allow the user some ability to verify - * host keys by eye. + * Log the host key fingerprint. */ - MD5Init(&md5c); - MD5Update(&md5c, keystr2, hostkey.bytes); - MD5Final(session_id, &md5c); { char logmsg[80]; - int i; - logevent("Host key MD5 is:"); + logevent("Host key fingerprint is:"); strcpy(logmsg, " "); - for (i = 0; i < 16; i++) - sprintf(logmsg+strlen(logmsg), "%02x", session_id[i]); + hostkey.comment = NULL; + rsa_fingerprint(logmsg+strlen(logmsg), sizeof(logmsg)-strlen(logmsg), + &hostkey); logevent(logmsg); } @@ -1144,11 +1144,13 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) * First format the key into a string. */ int len = rsastr_len(&hostkey); + char fingerprint[100]; char *keystr = malloc(len); if (!keystr) fatalbox("Out of memory"); rsastr_fmt(keystr, &hostkey); - verify_ssh_host_key(savedhost, keystr); + rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey); + verify_ssh_host_key(savedhost, savedport, "rsa", keystr, fingerprint); free(keystr); } @@ -1358,10 +1360,12 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) crWaitUntil(ispkt); if (pktin.type == SSH1_SMSG_SUCCESS) { logevent("Pageant's response accepted"); - c_write("Authenticated using RSA key \"", - 29); - c_write(commentp, commentlen); - c_write("\" from agent\r\n", 14); + if (flags & FLAG_VERBOSE) { + c_write("Authenticated using RSA key \"", + 29); + c_write(commentp, commentlen); + c_write("\" from agent\r\n", 14); + } authed = TRUE; } else logevent("Pageant's response not accepted"); @@ -1649,7 +1653,7 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { if (pktin.type == SSH1_SMSG_STDOUT_DATA || pktin.type == SSH1_SMSG_STDERR_DATA) { long len = GET_32BIT(pktin.body); - c_write(pktin.body+4, len); + c_writedata(pktin.body+4, len); } else if (pktin.type == SSH1_MSG_DISCONNECT) { ssh_state = SSH_STATE_CLOSED; logevent("Received disconnect request"); @@ -1669,6 +1673,7 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) { c->localid = i; c->closes = 0; c->type = SSH1_SMSG_AGENT_OPEN; /* identify channel type */ + c->u.a.lensofar = 0; add234(ssh_channels, c); send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION, PKT_INT, c->remoteid, PKT_INT, c->localid, @@ -1823,7 +1828,7 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) static struct ssh_mac *scmac_tobe = NULL; static struct ssh_compress *cscomp_tobe = NULL; static struct ssh_compress *sccomp_tobe = NULL; - static char *hostkeydata, *sigdata, *keystr; + static char *hostkeydata, *sigdata, *keystr, *fingerprint; static int hostkeylen, siglen; static unsigned char exchange_hash[20]; static unsigned char keyspace[40]; @@ -2052,7 +2057,12 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) * checked the signature of the exchange hash.) */ keystr = hostkey->fmtkey(); - verify_ssh_host_key(savedhost, keystr); + fingerprint = hostkey->fingerprint(); + verify_ssh_host_key(savedhost, savedport, hostkey->keytype, + keystr, fingerprint); + logevent("Host key fingerprint is:"); + logevent(fingerprint); + free(fingerprint); free(keystr); /* @@ -2179,7 +2189,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) if (!(flags & FLAG_INTERACTIVE)) { char prompt[200]; - sprintf(prompt, "%s@%s's password: ", cfg.username, savedhost); + sprintf(prompt, "%.90s@%.90s's password: ", cfg.username, savedhost); if (!ssh_get_password(prompt, password, sizeof(password))) { /* * get_password failed to get a password (for @@ -2368,7 +2378,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) continue; /* extended but not stderr */ ssh2_pkt_getstring(&data, &length); if (data) { - c_write(data, length); + c_writedata(data, length); /* * Enlarge the window again at the remote side, * just in case it ever runs down and they fail @@ -2595,171 +2605,6 @@ static void ssh_special (Telnet_Special code) { } } - -/* - * Read and decrypt one incoming SSH packet. - * (only used by pSCP) - */ -static void get_packet(void) -{ - unsigned char buf[4096], *p; - long to_read; - int len; - - p = NULL; - len = 0; - - while ((to_read = s_rdpkt(&p, &len)) > 0) { - if (to_read > sizeof(buf)) to_read = sizeof(buf); - len = s_read(buf, to_read); - if (len != to_read) { - closesocket(s); - s = INVALID_SOCKET; - return; - } - p = buf; - } - - assert(len == 0); -} - -/* - * Receive a block of data over the SSH link. Block until - * all data is available. Return nr of bytes read (0 if lost connection). - * (only used by pSCP) - */ -int ssh_scp_recv(unsigned char *buf, int len) -{ - static int pending_input_len = 0; - static unsigned char *pending_input_ptr; - int to_read = len; - - if (pending_input_len >= to_read) { - memcpy(buf, pending_input_ptr, to_read); - pending_input_ptr += to_read; - pending_input_len -= to_read; - return len; - } - - if (pending_input_len > 0) { - memcpy(buf, pending_input_ptr, pending_input_len); - buf += pending_input_len; - to_read -= pending_input_len; - pending_input_len = 0; - } - - if (s == INVALID_SOCKET) - return 0; - while (to_read > 0) { - get_packet(); - if (s == INVALID_SOCKET) - return 0; - if (pktin.type == SSH1_SMSG_STDOUT_DATA) { - int plen = GET_32BIT(pktin.body); - if (plen <= to_read) { - memcpy(buf, pktin.body + 4, plen); - buf += plen; - to_read -= plen; - } else { - memcpy(buf, pktin.body + 4, to_read); - pending_input_len = plen - to_read; - pending_input_ptr = pktin.body + 4 + to_read; - to_read = 0; - } - } else if (pktin.type == SSH1_SMSG_STDERR_DATA) { - int plen = GET_32BIT(pktin.body); - fwrite(pktin.body + 4, plen, 1, stderr); - } else if (pktin.type == SSH1_MSG_DISCONNECT) { - logevent("Received disconnect request"); - } else if (pktin.type == SSH1_SMSG_SUCCESS || - pktin.type == SSH1_SMSG_FAILURE) { - /* ignore */ - } else if (pktin.type == SSH1_SMSG_EXIT_STATUS) { - char logbuf[100]; - sprintf(logbuf, "Remote exit status: %d", GET_32BIT(pktin.body)); - logevent(logbuf); - send_packet(SSH1_CMSG_EXIT_CONFIRMATION, PKT_END); - logevent("Closing connection"); - closesocket(s); - s = INVALID_SOCKET; - } else { - bombout(("Strange packet received: type %d", pktin.type)); - return 0; - } - } - - return len; -} - -/* - * Send a block of data over the SSH link. - * Block until all data is sent. - * (only used by pSCP) - */ -void ssh_scp_send(unsigned char *buf, int len) -{ - if (s == INVALID_SOCKET) - return; - send_packet(SSH1_CMSG_STDIN_DATA, - PKT_INT, len, PKT_DATA, buf, len, PKT_END); -} - -/* - * Send an EOF notification to the server. - * (only used by pSCP) - */ -void ssh_scp_send_eof(void) -{ - if (s == INVALID_SOCKET) - return; - send_packet(SSH1_CMSG_EOF, PKT_END); -} - -/* - * Set up the connection, login on the remote host and - * start execution of a command. - * Returns an error message, or NULL on success. - * (only used by pSCP) - */ -char *ssh_scp_init(char *host, int port, char *cmd, char **realhost) -{ - char buf[160], *p; - -#ifdef MSCRYPTOAPI - if (crypto_startup() == 0) - return "Microsoft high encryption pack not installed!"; -#endif - - p = connect_to_host(host, port, realhost); - if (p != NULL) - return p; - - random_init(); - - if (!do_ssh_init()) - return "Protocol initialisation error"; - - /* Exchange keys and login */ - do { - get_packet(); - if (s == INVALID_SOCKET) - return "Connection closed by remote host"; - } while (!do_ssh1_login(NULL, 0, 1)); - - if (ssh_state == SSH_STATE_CLOSED) { - closesocket(s); - s = INVALID_SOCKET; - return "Session initialisation error"; - } - - /* Execute command */ - sprintf(buf, "Sending command: %.100s", cmd); - logevent(buf); - send_packet(SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END); - - return NULL; -} - static SOCKET ssh_socket(void) { return s; } static int ssh_sendok(void) { return ssh_send_ok; }