#define BUG_SSH2_RSA_PADDING 16
#define BUG_SSH2_DERIVEKEY 32
#define BUG_SSH2_DH_GEX 64
+#define BUG_SSH2_PK_SESSIONID 128
#define translate(x) if (type == x) return #x
#define translatec(x,ctx) if (type == x && (pkt_ctx & ctx)) return #x
enum { PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM };
-/* Coroutine mechanics for the sillier bits of the code */
+/*
+ * Coroutine mechanics for the sillier bits of the code. If these
+ * macros look impenetrable to you, you might find it helpful to
+ * read
+ *
+ * http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
+ *
+ * which explains the theory behind these macros.
+ *
+ * In particular, if you are getting `case expression not constant'
+ * errors when building with MS Visual Studio, this is because MS's
+ * Edit and Continue debugging feature causes their compiler to
+ * violate ANSI C. To disable Edit and Continue debugging:
+ *
+ * - right-click ssh.c in the FileView
+ * - click Settings
+ * - select the C/C++ tab and the General category
+ * - under `Debug info:', select anything _other_ than `Program
+ * Database for Edit and Continue'.
+ */
#define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
#define crState(t) \
struct t *s; \
- if (!ssh->t) ssh->t = smalloc(sizeof(struct t)); \
+ if (!ssh->t) ssh->t = snew(struct t); \
s = ssh->t;
#define crFinish(z) } *crLine = 0; return (z); }
#define crFinishV } *crLine = 0; return; }
void (*protocol) (Ssh ssh, unsigned char *in, int inlen, int ispkt);
int (*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
+
+ /*
+ * We maintain a full _copy_ of a Config structure here, not
+ * merely a pointer to it. That way, when we're passed a new
+ * one for reconfiguration, we can check the differences and
+ * potentially reconfigure port forwardings etc in mid-session.
+ */
+ Config cfg;
};
#define logevent(s) logevent(ssh->frontend, s)
sfree(buf);
}
-#define bombout(msg) ( ssh->state = SSH_STATE_CLOSED, \
- (ssh->s ? sk_close(ssh->s), ssh->s = NULL : 0), \
- logeventf msg, connection_fatal msg )
+#define bombout(msg) \
+ do { \
+ char *text = dupprintf msg; \
+ ssh->state = SSH_STATE_CLOSED; \
+ if (ssh->s) { sk_close(ssh->s); ssh->s = NULL; } \
+ logevent(text); \
+ connection_fatal(ssh->frontend, "%s", text); \
+ sfree(text); \
+ } while (0)
static int ssh_channelcmp(void *av, void *bv)
{
return low + 1 + CHANNEL_NUMBER_OFFSET;
}
-static void c_write(Ssh ssh, char *buf, int len)
+static void c_write(Ssh ssh, const char *buf, int len)
{
if ((flags & FLAG_STDERR)) {
int i;
from_backend(ssh->frontend, 1, buf, len);
}
-static void c_write_untrusted(Ssh ssh, char *buf, int len)
+static void c_write_untrusted(Ssh ssh, const char *buf, int len)
{
int i;
for (i = 0; i < len; i++) {
}
}
-static void c_write_str(Ssh ssh, char *buf)
+static void c_write_str(Ssh ssh, const char *buf)
{
c_write(ssh, buf, strlen(buf));
}
if (ssh->pktin.maxlen < st->biglen) {
ssh->pktin.maxlen = st->biglen;
- ssh->pktin.data = srealloc(ssh->pktin.data, st->biglen + APIEXTRA);
+ ssh->pktin.data = sresize(ssh->pktin.data, st->biglen + APIEXTRA,
+ unsigned char);
}
st->to_read = st->biglen;
if (ssh->cipher && detect_attack(ssh->crcda_ctx, ssh->pktin.data,
st->biglen, NULL)) {
- bombout((ssh,"Network attack (CRC compensation) detected!"));
+ bombout(("Network attack (CRC compensation) detected!"));
crReturn(0);
}
st->realcrc = crc32(ssh->pktin.data, st->biglen - 4);
st->gotcrc = GET_32BIT(ssh->pktin.data + st->biglen - 4);
if (st->gotcrc != st->realcrc) {
- bombout((ssh,"Incorrect CRC received on packet"));
+ bombout(("Incorrect CRC received on packet"));
crReturn(0);
}
if (ssh->pktin.maxlen < st->pad + decomplen) {
ssh->pktin.maxlen = st->pad + decomplen;
- ssh->pktin.data = srealloc(ssh->pktin.data,
- ssh->pktin.maxlen + APIEXTRA);
+ ssh->pktin.data = sresize(ssh->pktin.data,
+ ssh->pktin.maxlen + APIEXTRA,
+ unsigned char);
ssh->pktin.body = ssh->pktin.data + st->pad + 1;
}
ssh->pktin.type == SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
long stringlen = GET_32BIT(ssh->pktin.body);
if (stringlen + 4 != ssh->pktin.length) {
- bombout((ssh,"Received data packet with bogus string length"));
+ bombout(("Received data packet with bogus string length"));
crReturn(0);
}
}
memcpy(buf + nowlen, ssh->pktin.body + 4, msglen);
buf[nowlen + msglen] = '\0';
/* logevent(buf); (this is now done within the bombout macro) */
- bombout((ssh,"Server sent disconnect message:\n\"%s\"", buf+nowlen));
+ bombout(("Server sent disconnect message:\n\"%s\"", buf+nowlen));
crReturn(0);
}
if (ssh->pktin.maxlen < st->cipherblk) {
ssh->pktin.maxlen = st->cipherblk;
- ssh->pktin.data = srealloc(ssh->pktin.data, st->cipherblk + APIEXTRA);
+ ssh->pktin.data = sresize(ssh->pktin.data, st->cipherblk + APIEXTRA,
+ unsigned char);
}
/*
* do us any more damage.
*/
if (st->len < 0 || st->pad < 0 || st->len + st->pad < 0) {
- bombout((ssh,"Incoming packet was garbled on decryption"));
+ bombout(("Incoming packet was garbled on decryption"));
crReturn(0);
}
*/
if (ssh->pktin.maxlen < st->packetlen + st->maclen) {
ssh->pktin.maxlen = st->packetlen + st->maclen;
- ssh->pktin.data = srealloc(ssh->pktin.data,
- ssh->pktin.maxlen + APIEXTRA);
+ ssh->pktin.data = sresize(ssh->pktin.data,
+ ssh->pktin.maxlen + APIEXTRA,
+ unsigned char);
}
/*
if (ssh->scmac
&& !ssh->scmac->verify(ssh->sc_mac_ctx, ssh->pktin.data, st->len + 4,
st->incoming_sequence)) {
- bombout((ssh,"Incorrect MAC received on packet"));
+ bombout(("Incorrect MAC received on packet"));
crReturn(0);
}
st->incoming_sequence++; /* whether or not we MACed */
&newpayload, &newlen)) {
if (ssh->pktin.maxlen < newlen + 5) {
ssh->pktin.maxlen = newlen + 5;
- ssh->pktin.data = srealloc(ssh->pktin.data,
- ssh->pktin.maxlen + APIEXTRA);
+ ssh->pktin.data = sresize(ssh->pktin.data,
+ ssh->pktin.maxlen + APIEXTRA,
+ unsigned char);
}
ssh->pktin.length = 5 + newlen;
memcpy(ssh->pktin.data + 5, newpayload, newlen);
buf = dupprintf("Disconnection message text: %n%.*s",
&nowlen, msglen, ssh->pktin.data + 14);
logevent(buf);
- bombout((ssh,"Server sent disconnect message\ntype %d (%s):\n\"%s\"",
+ bombout(("Server sent disconnect message\ntype %d (%s):\n\"%s\"",
reason,
(reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
ssh2_disconnect_reasons[reason] : "unknown",
#ifdef MSCRYPTOAPI
/* Allocate enough buffer space for extra block
* for MS CryptEncrypt() */
- ssh->pktout.data = srealloc(ssh->pktout.data, biglen + 12);
+ ssh->pktout.data = sresize(ssh->pktout.data, biglen + 12,
+ unsigned char);
#else
- ssh->pktout.data = srealloc(ssh->pktout.data, biglen + 4);
+ ssh->pktout.data = sresize(ssh->pktout.data, biglen + 4,
+ unsigned char);
#endif
}
ssh->pktout.body = ssh->pktout.data + 4 + pad + 1;
static int s_wrpkt_prepare(Ssh ssh)
{
- int pad, len, biglen, i;
+ int pad, biglen, i;
unsigned long crc;
+#ifdef __SC__
+ /*
+ * XXX various versions of SC (including 8.8.4) screw up the
+ * register allocation in this function and use the same register
+ * (D6) for len and as a temporary, with predictable results. The
+ * following sledgehammer prevents this.
+ */
+ volatile
+#endif
+ int len;
ssh->pktout.body[-1] = ssh->pktout.type;
len = s_wrpkt_prepare(ssh);
if (ssh->deferred_len + len > ssh->deferred_size) {
ssh->deferred_size = ssh->deferred_len + len + 128;
- ssh->deferred_send_data = srealloc(ssh->deferred_send_data,
- ssh->deferred_size);
+ ssh->deferred_send_data = sresize(ssh->deferred_send_data,
+ ssh->deferred_size,
+ unsigned char);
}
memcpy(ssh->deferred_send_data + ssh->deferred_len, ssh->pktout.data, len);
ssh->deferred_len += len;
{
if (ssh->pktout.maxlen < length) {
ssh->pktout.maxlen = length + 256;
- ssh->pktout.data = srealloc(ssh->pktout.data,
- ssh->pktout.maxlen + APIEXTRA);
+ ssh->pktout.data = sresize(ssh->pktout.data,
+ ssh->pktout.maxlen + APIEXTRA,
+ unsigned char);
if (!ssh->pktout.data)
fatalbox("Out of memory");
}
{
unsigned char *p;
int i, n = (bignum_bitcount(b) + 7) / 8;
- p = smalloc(n + 1);
+ p = snewn(n + 1, unsigned char);
if (!p)
fatalbox("out of memory");
p[0] = 0;
int len = ssh2_pkt_construct(ssh);
if (ssh->deferred_len + len > ssh->deferred_size) {
ssh->deferred_size = ssh->deferred_len + len + 128;
- ssh->deferred_send_data = srealloc(ssh->deferred_send_data,
- ssh->deferred_size);
+ ssh->deferred_send_data = sresize(ssh->deferred_send_data,
+ ssh->deferred_size,
+ unsigned char);
}
memcpy(ssh->deferred_send_data + ssh->deferred_len, ssh->pktout.data, len);
ssh->deferred_len += len;
if (!p)
return NULL;
if (p[0] & 0x80) {
- bombout((ssh,"internal error: Can't handle negative mpints"));
+ bombout(("internal error: Can't handle negative mpints"));
return NULL;
}
b = bignum_from_bytes((unsigned char *)p, length);
ssh->remote_bugs = 0;
- if (cfg.sshbug_ignore1 == BUG_ON ||
- (cfg.sshbug_ignore1 == BUG_AUTO &&
+ if (ssh->cfg.sshbug_ignore1 == FORCE_ON ||
+ (ssh->cfg.sshbug_ignore1 == AUTO &&
(!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
!strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
!strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25")))) {
logevent("We believe remote version has SSH1 ignore bug");
}
- if (cfg.sshbug_plainpw1 == BUG_ON ||
- (cfg.sshbug_plainpw1 == BUG_AUTO &&
+ if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
+ (ssh->cfg.sshbug_plainpw1 == AUTO &&
(!strcmp(imp, "Cisco-1.25")))) {
/*
* These versions need a plain password sent; they can't
logevent("We believe remote version needs a plain SSH1 password");
}
- if (cfg.sshbug_rsa1 == BUG_ON ||
- (cfg.sshbug_rsa1 == BUG_AUTO &&
+ if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
+ (ssh->cfg.sshbug_rsa1 == AUTO &&
(!strcmp(imp, "Cisco-1.25")))) {
/*
* These versions apparently have no clue whatever about
logevent("We believe remote version can't handle RSA authentication");
}
- if (cfg.sshbug_hmac2 == BUG_ON ||
- (cfg.sshbug_hmac2 == BUG_AUTO &&
+ if (ssh->cfg.sshbug_hmac2 == FORCE_ON ||
+ (ssh->cfg.sshbug_hmac2 == AUTO &&
(wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
wc_match("2.1 *", imp)))) {
logevent("We believe remote version has SSH2 HMAC bug");
}
- if (cfg.sshbug_derivekey2 == BUG_ON ||
- (cfg.sshbug_derivekey2 == BUG_AUTO &&
- (wc_match("2.0.0*", imp) || wc_match("2.0.1[01]*", imp) ))) {
+ if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
+ (ssh->cfg.sshbug_derivekey2 == AUTO &&
+ (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
/*
* These versions have the key-derivation bug (failing to
* include the literal shared secret in the hashes that
logevent("We believe remote version has SSH2 key-derivation bug");
}
- if (cfg.sshbug_rsapad2 == BUG_ON ||
- (cfg.sshbug_rsapad2 == BUG_AUTO &&
+ if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
+ (ssh->cfg.sshbug_rsapad2 == AUTO &&
(wc_match("OpenSSH_2.[5-9]*", imp) ||
wc_match("OpenSSH_3.[0-2]*", imp)))) {
/*
logevent("We believe remote version has SSH2 RSA padding bug");
}
- if (cfg.sshbug_dhgex2 == BUG_ON) {
+ if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
+ (ssh->cfg.sshbug_pksessid2 == AUTO &&
+ wc_match("OpenSSH_2.[0-2]*", imp))) {
+ /*
+ * These versions have the SSH2 session-ID bug in
+ * public-key authentication.
+ */
+ ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
+ logevent("We believe remote version has SSH2 public-key-session-ID bug");
+ }
+
+ if (ssh->cfg.sshbug_dhgex2 == FORCE_ON) {
/*
* User specified the SSH2 DH GEX bug.
*/
}
s->vstrsize = 16;
- s->vstring = smalloc(s->vstrsize);
+ s->vstring = snewn(s->vstrsize, char);
strcpy(s->vstring, "SSH-");
s->vslen = 4;
s->i = 0;
crReturn(1); /* get another char */
if (s->vslen >= s->vstrsize - 1) {
s->vstrsize += 16;
- s->vstring = srealloc(s->vstring, s->vstrsize);
+ s->vstring = sresize(s->vstring, s->vstrsize, char);
}
s->vstring[s->vslen++] = c;
if (s->i >= 0) {
s->vstring[strcspn(s->vstring, "\r\n")] = '\0';/* remove EOL chars */
{
char *vlog;
- vlog = smalloc(20 + s->vslen);
+ vlog = snewn(20 + s->vslen, char);
sprintf(vlog, "Server version: %s", s->vstring);
logevent(vlog);
sfree(vlog);
/* Anything greater or equal to "1.99" means protocol 2 is supported. */
s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
- if (cfg.sshprot == 0 && !s->proto1) {
- bombout((ssh,"SSH protocol version 1 required by user but not provided by server"));
+ if (ssh->cfg.sshprot == 0 && !s->proto1) {
+ bombout(("SSH protocol version 1 required by user but not provided by server"));
crReturn(0);
}
- if (cfg.sshprot == 3 && !s->proto2) {
- bombout((ssh,"SSH protocol version 2 required by user but not provided by server"));
+ if (ssh->cfg.sshprot == 3 && !s->proto2) {
+ bombout(("SSH protocol version 2 required by user but not provided by server"));
crReturn(0);
}
- if (s->proto2 && (cfg.sshprot >= 2 || !s->proto1)) {
+ if (s->proto2 && (ssh->cfg.sshprot >= 2 || !s->proto1)) {
/*
* Use v2 protocol.
*/
ssh->version = 1;
ssh->s_rdpkt = ssh1_rdpkt;
}
+ update_specials_menu(ssh->frontend);
ssh->state = SSH_STATE_BEFORE_SIZE;
sfree(s->vstring);
SockAddr addr;
char *err;
- ssh->savedhost = smalloc(1 + strlen(host));
+ ssh->savedhost = snewn(1 + strlen(host), char);
if (!ssh->savedhost)
fatalbox("Out of memory");
strcpy(ssh->savedhost, host);
* Try to find host.
*/
logeventf(ssh, "Looking up host \"%s\"", host);
- addr = name_lookup(host, port, realhost);
+ addr = name_lookup(host, port, realhost, &ssh->cfg);
if ((err = sk_addr_error(addr)) != NULL)
return err;
logeventf(ssh, "Connecting to %s port %d", addrbuf, port);
}
ssh->fn = &fn_table;
- ssh->s = new_connection(addr, *realhost, port, 0, 1, nodelay, (Plug) ssh);
+ ssh->s = new_connection(addr, *realhost, port,
+ 0, 1, nodelay, (Plug) ssh, &ssh->cfg);
if ((err = sk_socket_error(ssh->s)) != NULL) {
ssh->s = NULL;
return err;
return -1;
break;
default:
- if (((c >= ' ' && c <= '~') ||
+ /*
+ * This simplistic check for printability is disabled
+ * when we're doing password input, because some people
+ * have control characters in their passwords.o
+ */
+ if ((!ssh->userpass_input_echo ||
+ (c >= ' ' && c <= '~') ||
((unsigned char) c >= 160))
&& ssh->userpass_input_bufpos < ssh->userpass_input_buflen-1) {
ssh->userpass_input_buffer[ssh->userpass_input_bufpos++] = c;
crWaitUntil(ispkt);
if (ssh->pktin.type != SSH1_SMSG_PUBLIC_KEY) {
- bombout((ssh,"Public key packet not received"));
+ bombout(("Public key packet not received"));
crReturn(0);
}
s->len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
- s->rsabuf = smalloc(s->len);
+ s->rsabuf = snewn(s->len, unsigned char);
if (!s->rsabuf)
fatalbox("Out of memory");
*/
int len = rsastr_len(&hostkey);
char fingerprint[100];
- char *keystr = smalloc(len);
+ char *keystr = snewn(len, char);
if (!keystr)
fatalbox("Out of memory");
rsastr_fmt(keystr, &hostkey);
char *cipher_string = NULL;
int i;
for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
- int next_cipher = cfg.ssh_cipherlist[i];
+ int next_cipher = ssh->cfg.ssh_cipherlist[i];
if (next_cipher == CIPHER_WARN) {
/* If/when we choose a cipher, warn about it */
warn = 1;
}
if (!cipher_chosen) {
if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
- bombout((ssh,"Server violates SSH 1 protocol by not "
+ bombout(("Server violates SSH 1 protocol by not "
"supporting 3DES encryption"));
else
/* shouldn't happen */
- bombout((ssh,"No supported ciphers found"));
+ bombout(("No supported ciphers found"));
crReturn(0);
}
crWaitUntil(ispkt);
if (ssh->pktin.type != SSH1_SMSG_SUCCESS) {
- bombout((ssh,"Encryption not successfully enabled"));
+ bombout(("Encryption not successfully enabled"));
crReturn(0);
}
fflush(stdout);
{
- if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
+ if ((flags & FLAG_INTERACTIVE) && !*ssh->cfg.username) {
if (ssh_get_line && !ssh_getline_pw_only) {
if (!ssh_get_line("login as: ",
s->username, sizeof(s->username), FALSE)) {
* Terminate.
*/
logevent("No username provided. Abandoning session.");
- ssh->state = SSH_STATE_CLOSED;
+ ssh_closing((Plug)ssh, NULL, 0, 0);
crReturn(1);
}
} else {
c_write_str(ssh, "\r\n");
}
} else {
- strncpy(s->username, cfg.username, sizeof(s->username));
+ strncpy(s->username, ssh->cfg.username, sizeof(s->username));
s->username[sizeof(s->username)-1] = '\0';
}
s->tried_publickey = s->tried_agent = 0;
}
s->tis_auth_refused = s->ccard_auth_refused = 0;
- /* Load the public half of cfg.keyfile so we notice if it's in Pageant */
- if (*cfg.keyfile) {
- if (!rsakey_pubblob(cfg.keyfile,
+ /* Load the public half of ssh->cfg.keyfile so we notice if it's in Pageant */
+ if (!filename_is_null(ssh->cfg.keyfile)) {
+ if (!rsakey_pubblob(&ssh->cfg.keyfile,
&s->publickey_blob, &s->publickey_bloblen))
s->publickey_blob = NULL;
} else
len += ssh1_bignum_length(s->challenge);
len += 16; /* session id */
len += 4; /* response format */
- agentreq = smalloc(4 + len);
+ agentreq = snewn(4 + len, char);
PUT_32BIT(agentreq, len);
q = agentreq + 4;
*q++ = SSH1_AGENTC_RSA_CHALLENGE;
if (s->authed)
break;
}
- if (*cfg.keyfile && !s->tried_publickey)
+ if (!filename_is_null(ssh->cfg.keyfile) && !s->tried_publickey)
s->pwpkt_type = SSH1_CMSG_AUTH_RSA;
- if (cfg.try_tis_auth &&
+ if (ssh->cfg.try_tis_auth &&
(s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
!s->tis_auth_refused) {
s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
s->prompt[(sizeof s->prompt) - 1] = '\0';
}
}
- if (cfg.try_tis_auth &&
+ if (ssh->cfg.try_tis_auth &&
(s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
!s->ccard_auth_refused) {
s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
char msgbuf[256];
if (flags & FLAG_VERBOSE)
c_write_str(ssh, "Trying public key authentication.\r\n");
- logeventf(ssh, "Trying public key \"%s\"", cfg.keyfile);
- type = key_type(cfg.keyfile);
+ logeventf(ssh, "Trying public key \"%s\"",
+ filename_to_str(&ssh->cfg.keyfile));
+ type = key_type(&ssh->cfg.keyfile);
if (type != SSH_KEYTYPE_SSH1) {
sprintf(msgbuf, "Key is of wrong type (%s)",
key_type_to_str(type));
s->tried_publickey = 1;
continue;
}
- if (!rsakey_encrypted(cfg.keyfile, &comment)) {
+ if (!rsakey_encrypted(&ssh->cfg.keyfile, &comment)) {
if (flags & FLAG_VERBOSE)
c_write_str(ssh, "No passphrase required.\r\n");
goto tryauth;
PKT_END);
logevent("Unable to authenticate");
connection_fatal(ssh->frontend, "Unable to authenticate");
- ssh->state = SSH_STATE_CLOSED;
+ ssh_closing((Plug)ssh, NULL, 0, 0);
crReturn(1);
}
} else {
s->tried_publickey = 1;
{
- int ret = loadrsakey(cfg.keyfile, &s->key, s->password);
+ int ret = loadrsakey(&ssh->cfg.keyfile, &s->key, s->password);
if (ret == 0) {
c_write_str(ssh, "Couldn't load private key from ");
- c_write_str(ssh, cfg.keyfile);
+ c_write_str(ssh, filename_to_str(&ssh->cfg.keyfile));
c_write_str(ssh, ".\r\n");
continue; /* go and try password */
}
continue; /* go and try password */
}
if (ssh->pktin.type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
- bombout((ssh,"Bizarre response to offer of public key"));
+ bombout(("Bizarre response to offer of public key"));
crReturn(0);
}
" our public key.\r\n");
continue; /* go and try password */
} else if (ssh->pktin.type != SSH1_SMSG_SUCCESS) {
- bombout((ssh,"Bizarre response to RSA authentication response"));
+ bombout(("Bizarre response to RSA authentication response"));
crReturn(0);
}
assert(pwlen >= bottom && pwlen <= top);
- randomstr = smalloc(top + 1);
+ randomstr = snewn(top + 1, char);
for (i = bottom; i <= top; i++) {
if (i == pwlen)
c_write_str(ssh, "Access denied\r\n");
logevent("Authentication refused");
} else if (ssh->pktin.type != SSH1_SMSG_SUCCESS) {
- bombout((ssh,"Strange packet received, type %d", ssh->pktin.type));
+ bombout(("Strange packet received, type %d", ssh->pktin.type));
crReturn(0);
}
}
if (ssh->state == SSH_STATE_CLOSED)
crReturnV;
- if (cfg.agentfwd && agent_exists()) {
+ if (ssh->cfg.agentfwd && agent_exists()) {
logevent("Requesting agent forwarding");
send_packet(ssh, SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
do {
} while (!ispkt);
if (ssh->pktin.type != SSH1_SMSG_SUCCESS
&& ssh->pktin.type != SSH1_SMSG_FAILURE) {
- bombout((ssh,"Protocol confusion"));
+ bombout(("Protocol confusion"));
crReturnV;
} else if (ssh->pktin.type == SSH1_SMSG_FAILURE) {
logevent("Agent forwarding refused");
}
}
- if (cfg.x11_forward) {
+ if (ssh->cfg.x11_forward) {
char proto[20], data[64];
logevent("Requesting X11 forwarding");
ssh->x11auth = x11_invent_auth(proto, sizeof(proto),
- data, sizeof(data));
- x11_get_real_auth(ssh->x11auth, cfg.x11_display);
+ data, sizeof(data), ssh->cfg.x11_auth);
+ x11_get_real_auth(ssh->x11auth, ssh->cfg.x11_display);
if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
PKT_STR, proto, PKT_STR, data,
- PKT_INT, x11_get_screen_number(cfg.x11_display),
+ PKT_INT, x11_get_screen_number(ssh->cfg.x11_display),
PKT_END);
} else {
send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
} while (!ispkt);
if (ssh->pktin.type != SSH1_SMSG_SUCCESS
&& ssh->pktin.type != SSH1_SMSG_FAILURE) {
- bombout((ssh,"Protocol confusion"));
+ bombout(("Protocol confusion"));
crReturnV;
} else if (ssh->pktin.type == SSH1_SMSG_FAILURE) {
logevent("X11 forwarding refused");
ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
/* Add port forwardings. */
- ssh->portfwd_strptr = cfg.portfwd;
+ ssh->portfwd_strptr = ssh->cfg.portfwd;
while (*ssh->portfwd_strptr) {
type = *ssh->portfwd_strptr++;
saddr[0] = '\0';
if (n < 255) sports[n++] = *ssh->portfwd_strptr++;
}
sports[n] = 0;
- if (*ssh->portfwd_strptr == '\t')
- ssh->portfwd_strptr++;
- n = 0;
- while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != ':') {
- if (n < 255) host[n++] = *ssh->portfwd_strptr++;
- }
- host[n] = 0;
- if (*ssh->portfwd_strptr == ':')
+ if (type != 'D') {
+ if (*ssh->portfwd_strptr == '\t')
+ ssh->portfwd_strptr++;
+ n = 0;
+ while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != ':') {
+ if (n < 255) host[n++] = *ssh->portfwd_strptr++;
+ }
+ host[n] = 0;
+ if (*ssh->portfwd_strptr == ':')
+ ssh->portfwd_strptr++;
+ n = 0;
+ while (*ssh->portfwd_strptr) {
+ if (n < 255) dports[n++] = *ssh->portfwd_strptr++;
+ }
+ dports[n] = 0;
ssh->portfwd_strptr++;
- n = 0;
- while (*ssh->portfwd_strptr) {
- if (n < 255) dports[n++] = *ssh->portfwd_strptr++;
- }
- dports[n] = 0;
- ssh->portfwd_strptr++;
- dport = atoi(dports);
- dserv = 0;
- if (dport == 0) {
- dserv = 1;
- dport = net_service_lookup(dports);
- if (!dport) {
- logeventf(ssh, "Service lookup failed for"
- " destination port \"%s\"", dports);
+ dport = atoi(dports);
+ dserv = 0;
+ if (dport == 0) {
+ dserv = 1;
+ dport = net_service_lookup(dports);
+ if (!dport) {
+ logeventf(ssh, "Service lookup failed for"
+ " destination port \"%s\"", dports);
+ }
}
+ } else {
+ while (*ssh->portfwd_strptr) ssh->portfwd_strptr++;
}
sport = atoi(sports);
sserv = 0;
if (sport && dport) {
if (type == 'L') {
pfd_addforward(host, dport, *saddr ? saddr : NULL,
- sport, ssh);
+ sport, ssh, &ssh->cfg);
logeventf(ssh, "Local port %.*s%.*s%.*s%.*s%d%.*s"
" forwarding to %s:%.*s%.*s%d%.*s",
(int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
+ } else if (type == 'D') {
+ pfd_addforward(NULL, -1, *saddr ? saddr : NULL,
+ sport, ssh, &ssh->cfg);
+ logeventf(ssh, "Local port %.*s%.*s%.*s%.*s%d%.*s"
+ " doing SOCKS dynamic forwarding",
+ (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
+ (int)(*saddr?1:0), ":",
+ (int)(sserv ? strlen(sports) : 0), sports,
+ sserv, "(", sport, sserv, ")");
} else {
struct ssh_rportfwd *pf;
- pf = smalloc(sizeof(*pf));
+ pf = snew(struct ssh_rportfwd);
strcpy(pf->dhost, host);
pf->dport = dport;
if (saddr) {
} while (!ispkt);
if (ssh->pktin.type != SSH1_SMSG_SUCCESS
&& ssh->pktin.type != SSH1_SMSG_FAILURE) {
- bombout((ssh,"Protocol confusion"));
+ bombout(("Protocol confusion"));
crReturnV;
} else if (ssh->pktin.type == SSH1_SMSG_FAILURE) {
c_write_str(ssh, "Server refused port"
}
}
- if (!cfg.nopty) {
+ if (!ssh->cfg.nopty) {
send_packet(ssh, SSH1_CMSG_REQUEST_PTY,
- PKT_STR, cfg.termtype,
+ PKT_STR, ssh->cfg.termtype,
PKT_INT, ssh->term_height,
PKT_INT, ssh->term_width,
PKT_INT, 0, PKT_INT, 0, PKT_CHAR, 0, PKT_END);
} while (!ispkt);
if (ssh->pktin.type != SSH1_SMSG_SUCCESS
&& ssh->pktin.type != SSH1_SMSG_FAILURE) {
- bombout((ssh,"Protocol confusion"));
+ bombout(("Protocol confusion"));
crReturnV;
} else if (ssh->pktin.type == SSH1_SMSG_FAILURE) {
c_write_str(ssh, "Server refused to allocate pty\r\n");
ssh->editing = ssh->echoing = 1;
}
- if (cfg.compression) {
+ if (ssh->cfg.compression) {
send_packet(ssh, SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
do {
crReturnV;
} while (!ispkt);
if (ssh->pktin.type != SSH1_SMSG_SUCCESS
&& ssh->pktin.type != SSH1_SMSG_FAILURE) {
- bombout((ssh,"Protocol confusion"));
+ bombout(("Protocol confusion"));
crReturnV;
} else if (ssh->pktin.type == SSH1_SMSG_FAILURE) {
c_write_str(ssh, "Server refused to compress\r\n");
* exists, we fall straight back to that.
*/
{
- char *cmd = cfg.remote_cmd_ptr;
+ char *cmd = ssh->cfg.remote_cmd_ptr;
- if (cfg.ssh_subsys && cfg.remote_cmd_ptr2) {
- cmd = cfg.remote_cmd_ptr2;
+ if (ssh->cfg.ssh_subsys && ssh->cfg.remote_cmd_ptr2) {
+ cmd = ssh->cfg.remote_cmd_ptr2;
ssh->fallback_cmd = TRUE;
}
if (*cmd)
ssh1_throttle(ssh, +1);
}
} else if (ssh->pktin.type == SSH1_MSG_DISCONNECT) {
- ssh->state = SSH_STATE_CLOSED;
+ ssh_closing((Plug)ssh, NULL, 0, 0);
logevent("Received disconnect request");
crReturnV;
} else if (ssh->pktin.type == SSH1_SMSG_X11_OPEN) {
PKT_INT, GET_32BIT(ssh->pktin.body), PKT_END);
logevent("Rejected X11 connect request");
} else {
- c = smalloc(sizeof(struct ssh_channel));
+ c = snew(struct ssh_channel);
c->ssh = ssh;
- if (x11_init(&c->u.x11.s, cfg.x11_display, c,
- ssh->x11auth) != NULL) {
+ if (x11_init(&c->u.x11.s, ssh->cfg.x11_display, c,
+ ssh->x11auth, NULL, -1, &ssh->cfg) != NULL) {
logevent("opening X11 forward connection failed");
sfree(c);
send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
PKT_INT, GET_32BIT(ssh->pktin.body), PKT_END);
} else {
- c = smalloc(sizeof(struct ssh_channel));
+ c = snew(struct ssh_channel);
c->ssh = ssh;
c->remoteid = GET_32BIT(ssh->pktin.body);
c->localid = alloc_channel_id(ssh);
int hostsize, port;
char host[256], buf[1024];
char *p, *h, *e;
- c = smalloc(sizeof(struct ssh_channel));
+ c = snew(struct ssh_channel);
c->ssh = ssh;
hostsize = GET_32BIT(ssh->pktin.body+4);
sprintf(buf, "Received remote port open request for %s:%d",
host, port);
logevent(buf);
- e = pfd_newconnect(&c->u.pfd.s, host, port, c);
+ e = pfd_newconnect(&c->u.pfd.s, host, port, c, &ssh->cfg);
if (e != NULL) {
char buf[256];
sprintf(buf, "Port open failed: %s", e);
sfree(c);
}
} else {
- bombout((ssh,"Received CHANNEL_CLOSE%s for %s channel %d\n",
+ bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
ssh->pktin.type == SSH1_MSG_CHANNEL_CLOSE ? "" :
"_CONFIRMATION", c ? "half-open" : "nonexistent",
i));
if (c->u.a.lensofar == 4) {
c->u.a.totallen =
4 + GET_32BIT(c->u.a.msglen);
- c->u.a.message = smalloc(c->u.a.totallen);
+ c->u.a.message = snewn(c->u.a.totallen,
+ unsigned char);
memcpy(c->u.a.message, c->u.a.msglen, 4);
}
if (c->u.a.lensofar >= 4 && len > 0) {
* encrypted packet, we close the session once
* we've sent EXIT_CONFIRMATION.
*/
- ssh->state = SSH_STATE_CLOSED;
+ ssh_closing((Plug)ssh, NULL, 0, 0);
crReturnV;
} else {
- bombout((ssh,"Strange packet received: type %d", ssh->pktin.type));
+ bombout(("Strange packet received: type %d", ssh->pktin.type));
crReturnV;
}
} else {
*/
s->n_preferred_ciphers = 0;
for (i = 0; i < CIPHER_MAX; i++) {
- switch (cfg.ssh_cipherlist[i]) {
+ switch (ssh->cfg.ssh_cipherlist[i]) {
case CIPHER_BLOWFISH:
s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_blowfish;
break;
case CIPHER_DES:
- if (cfg.ssh2_des_cbc) {
+ if (ssh->cfg.ssh2_des_cbc) {
s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_des;
}
break;
/*
* Set up preferred compression.
*/
- if (cfg.compression)
+ if (ssh->cfg.compression)
s->preferred_comp = &ssh_zlib;
else
s->preferred_comp = &ssh_comp_none;
int i, j, len;
if (ssh->pktin.type != SSH2_MSG_KEXINIT) {
- bombout((ssh,"expected key exchange packet from server"));
+ bombout(("expected key exchange packet from server"));
crReturn(0);
}
ssh->kex = NULL;
}
}
if (!s->cscipher_tobe) {
- bombout((ssh,"Couldn't agree a client-to-server cipher (available: %s)",
+ bombout(("Couldn't agree a client-to-server cipher (available: %s)",
str ? str : "(null)"));
crReturn(0);
}
}
}
if (!s->sccipher_tobe) {
- bombout((ssh,"Couldn't agree a server-to-client cipher (available: %s)",
+ bombout(("Couldn't agree a server-to-client cipher (available: %s)",
str ? str : "(null)"));
crReturn(0);
}
crWaitUntil(ispkt);
if (ssh->pktin.type != SSH2_MSG_KEX_DH_GEX_GROUP) {
- bombout((ssh,"expected key exchange group packet from server"));
+ bombout(("expected key exchange group packet from server"));
crReturn(0);
}
s->p = ssh2_pkt_getmp(ssh);
crWaitUntil(ispkt);
if (ssh->pktin.type != s->kex_reply_value) {
- bombout((ssh,"expected key exchange reply packet from server"));
+ bombout(("expected key exchange reply packet from server"));
crReturn(0);
}
ssh2_pkt_getstring(ssh, &s->hostkeydata, &s->hostkeylen);
SHA_Final(&ssh->exhash, s->exchange_hash);
dh_cleanup(ssh->kex_ctx);
+ ssh->kex_ctx = NULL;
#if 0
debug(("Exchange hash is:\n"));
if (!s->hkey ||
!ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
(char *)s->exchange_hash, 20)) {
- bombout((ssh,"Server's host key did not match the signature supplied"));
+ bombout(("Server's host key did not match the signature supplied"));
crReturn(0);
}
*/
crWaitUntil(ispkt);
if (ssh->pktin.type != SSH2_MSG_NEWKEYS) {
- bombout((ssh,"expected new-keys packet from server"));
+ bombout(("expected new-keys packet from server"));
crReturn(0);
}
ssh2_pkt_send(ssh);
crWaitUntilV(ispkt);
if (ssh->pktin.type != SSH2_MSG_SERVICE_ACCEPT) {
- bombout((ssh,"Server refused user authentication protocol"));
+ bombout(("Server refused user authentication protocol"));
crReturnV;
}
/*
* Get a username.
*/
- if (s->got_username && !cfg.change_username) {
+ if (s->got_username && !ssh->cfg.change_username) {
/*
* We got a username last time round this loop, and
* with change_username turned off we don't try to get
* it again.
*/
- } else if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
+ } else if ((flags & FLAG_INTERACTIVE) && !*ssh->cfg.username) {
if (ssh_get_line && !ssh_getline_pw_only) {
if (!ssh_get_line("login as: ",
s->username, sizeof(s->username), FALSE)) {
* Terminate.
*/
logevent("No username provided. Abandoning session.");
- ssh->state = SSH_STATE_CLOSED;
+ ssh_closing((Plug)ssh, NULL, 0, 0);
crReturnV;
}
} else {
s->username[strcspn(s->username, "\n\r")] = '\0';
} else {
char *stuff;
- strncpy(s->username, cfg.username, sizeof(s->username));
+ strncpy(s->username, ssh->cfg.username, sizeof(s->username));
s->username[sizeof(s->username)-1] = '\0';
if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
stuff = dupprintf("Using username \"%s\".\r\n", s->username);
s->tried_agent = FALSE;
s->tried_keyb_inter = FALSE;
s->kbd_inter_running = FALSE;
- /* Load the pub half of cfg.keyfile so we notice if it's in Pageant */
- if (*cfg.keyfile) {
+ /* Load the pub half of ssh->cfg.keyfile so we notice if it's in Pageant */
+ if (!filename_is_null(ssh->cfg.keyfile)) {
int keytype;
- logeventf(ssh, "Reading private key file \"%.150s\"", cfg.keyfile);
- keytype = key_type(cfg.keyfile);
+ logeventf(ssh, "Reading private key file \"%.150s\"",
+ filename_to_str(&ssh->cfg.keyfile));
+ keytype = key_type(&ssh->cfg.keyfile);
if (keytype == SSH_KEYTYPE_SSH2) {
s->publickey_blob =
- ssh2_userkey_loadpub(cfg.keyfile, NULL,
+ ssh2_userkey_loadpub(&ssh->cfg.keyfile, NULL,
&s->publickey_bloblen);
} else {
char *msgbuf;
logeventf(ssh, "Unable to use this key file (%s)",
key_type_to_str(keytype));
msgbuf = dupprintf("Unable to use key file \"%.150s\""
- " (%s)\r\n", cfg.keyfile,
+ " (%s)\r\n",
+ filename_to_str(&ssh->cfg.keyfile),
key_type_to_str(keytype));
c_write_str(ssh, msgbuf);
sfree(msgbuf);
if (!s->gotit)
s->curr_prompt = 0;
} else if (ssh->pktin.type != SSH2_MSG_USERAUTH_FAILURE) {
- bombout((ssh,"Strange packet received during authentication: type %d",
+ bombout(("Strange packet received during authentication: type %d",
ssh->pktin.type));
crReturnV;
}
in_commasep_string("publickey", methods, methlen);
s->can_passwd =
in_commasep_string("password", methods, methlen);
- s->can_keyb_inter = cfg.try_ki_auth &&
+ s->can_keyb_inter = ssh->cfg.try_ki_auth &&
in_commasep_string("keyboard-interactive", methods, methlen);
}
ssh2_pkt_addstring_data(ssh, s->pkblob, s->pklen);
s->siglen = ssh->pktout.length - 5 + 4 + 20;
+ if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
+ s->siglen -= 4;
s->len = 1; /* message type */
s->len += 4 + s->pklen; /* key blob */
s->len += 4 + s->siglen; /* data to sign */
s->len += 4; /* flags */
- s->agentreq = smalloc(4 + s->len);
+ s->agentreq = snewn(4 + s->len, char);
PUT_32BIT(s->agentreq, s->len);
s->q = s->agentreq + 4;
*s->q++ = SSH2_AGENTC_SIGN_REQUEST;
PUT_32BIT(s->q, s->siglen);
s->q += 4;
/* Now the data to be signed... */
- PUT_32BIT(s->q, 20);
- s->q += 4;
+ if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
+ PUT_32BIT(s->q, 20);
+ s->q += 4;
+ }
memcpy(s->q, ssh->v2_session_id, 20);
s->q += 20;
memcpy(s->q, ssh->pktout.data + 5,
* willing to accept it.
*/
pub_blob =
- (unsigned char *)ssh2_userkey_loadpub(cfg.keyfile,
+ (unsigned char *)ssh2_userkey_loadpub(&ssh->cfg.keyfile,
&algorithm,
&pub_blob_len);
if (pub_blob) {
* Actually attempt a serious authentication using
* the key.
*/
- if (ssh2_userkey_encrypted(cfg.keyfile, &comment)) {
+ if (ssh2_userkey_encrypted(&ssh->cfg.keyfile, &comment)) {
sprintf(s->pwprompt,
"Passphrase for key \"%.100s\": ",
comment);
logevent("Unable to authenticate");
connection_fatal(ssh->frontend,
"Unable to authenticate");
- ssh->state = SSH_STATE_CLOSED;
+ ssh_closing((Plug)ssh, NULL, 0, 0);
crReturnV;
}
} else {
*/
struct ssh2_userkey *key;
- key = ssh2_load_userkey(cfg.keyfile, s->password);
+ key = ssh2_load_userkey(&ssh->cfg.keyfile, s->password);
if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
if (key == SSH2_WRONG_PASSPHRASE) {
c_write_str(ssh, "Wrong passphrase\r\n");
} else {
unsigned char *pkblob, *sigblob, *sigdata;
int pkblob_len, sigblob_len, sigdata_len;
+ int p;
/*
* We have loaded the private key and the server
* outgoing packet.
*/
sigdata_len = ssh->pktout.length - 5 + 4 + 20;
- sigdata = smalloc(sigdata_len);
- PUT_32BIT(sigdata, 20);
- memcpy(sigdata + 4, ssh->v2_session_id, 20);
- memcpy(sigdata + 24, ssh->pktout.data + 5,
+ if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
+ sigdata_len -= 4;
+ sigdata = snewn(sigdata_len, unsigned char);
+ p = 0;
+ if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
+ PUT_32BIT(sigdata+p, 20);
+ p += 4;
+ }
+ memcpy(sigdata+p, ssh->v2_session_id, 20); p += 20;
+ memcpy(sigdata+p, ssh->pktout.data + 5,
ssh->pktout.length - 5);
+ p += ssh->pktout.length - 5;
+ assert(p == sigdata_len);
sigblob = key->alg->sign(key->data, (char *)sigdata,
sigdata_len, &sigblob_len);
ssh2_add_sigblob(ssh, pkblob, pkblob_len,
" methods available");
ssh2_pkt_addstring(ssh, "en"); /* language tag */
ssh2_pkt_send(ssh);
- ssh->state = SSH_STATE_CLOSED;
+ ssh_closing((Plug)ssh, NULL, 0, 0);
crReturnV;
}
}
* So now create a channel with a session in it.
*/
ssh->channels = newtree234(ssh_channelcmp);
- ssh->mainchan = smalloc(sizeof(struct ssh_channel));
+ ssh->mainchan = snew(struct ssh_channel);
ssh->mainchan->ssh = ssh;
ssh->mainchan->localid = alloc_channel_id(ssh);
ssh2_pkt_init(ssh, SSH2_MSG_CHANNEL_OPEN);
ssh2_pkt_send(ssh);
crWaitUntilV(ispkt);
if (ssh->pktin.type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
- bombout((ssh,"Server refused to open a session"));
+ bombout(("Server refused to open a session"));
crReturnV;
/* FIXME: error data comes back in FAILURE packet */
}
if (ssh2_pkt_getuint32(ssh) != ssh->mainchan->localid) {
- bombout((ssh,"Server's channel confirmation cited wrong channel"));
+ bombout(("Server's channel confirmation cited wrong channel"));
crReturnV;
}
ssh->mainchan->remoteid = ssh2_pkt_getuint32(ssh);
/*
* Potentially enable X11 forwarding.
*/
- if (cfg.x11_forward) {
+ if (ssh->cfg.x11_forward) {
char proto[20], data[64];
logevent("Requesting X11 forwarding");
ssh->x11auth = x11_invent_auth(proto, sizeof(proto),
- data, sizeof(data));
- x11_get_real_auth(ssh->x11auth, cfg.x11_display);
+ data, sizeof(data), ssh->cfg.x11_auth);
+ x11_get_real_auth(ssh->x11auth, ssh->cfg.x11_display);
ssh2_pkt_init(ssh, SSH2_MSG_CHANNEL_REQUEST);
ssh2_pkt_adduint32(ssh, ssh->mainchan->remoteid);
ssh2_pkt_addstring(ssh, "x11-req");
ssh2_pkt_addbool(ssh, 0); /* many connections */
ssh2_pkt_addstring(ssh, proto);
ssh2_pkt_addstring(ssh, data);
- ssh2_pkt_adduint32(ssh, x11_get_screen_number(cfg.x11_display));
+ ssh2_pkt_adduint32(ssh, x11_get_screen_number(ssh->cfg.x11_display));
ssh2_pkt_send(ssh);
do {
if (ssh->pktin.type != SSH2_MSG_CHANNEL_SUCCESS) {
if (ssh->pktin.type != SSH2_MSG_CHANNEL_FAILURE) {
- bombout((ssh,"Unexpected response to X11 forwarding request:"
+ bombout(("Unexpected response to X11 forwarding request:"
" packet type %d", ssh->pktin.type));
crReturnV;
}
ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
/* Add port forwardings. */
- ssh->portfwd_strptr = cfg.portfwd;
+ ssh->portfwd_strptr = ssh->cfg.portfwd;
while (*ssh->portfwd_strptr) {
type = *ssh->portfwd_strptr++;
saddr[0] = '\0';
if (n < 255) sports[n++] = *ssh->portfwd_strptr++;
}
sports[n] = 0;
- if (*ssh->portfwd_strptr == '\t')
- ssh->portfwd_strptr++;
- n = 0;
- while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != ':') {
- if (n < 255) host[n++] = *ssh->portfwd_strptr++;
- }
- host[n] = 0;
- if (*ssh->portfwd_strptr == ':')
+ if (type != 'D') {
+ if (*ssh->portfwd_strptr == '\t')
+ ssh->portfwd_strptr++;
+ n = 0;
+ while (*ssh->portfwd_strptr && *ssh->portfwd_strptr != ':') {
+ if (n < 255) host[n++] = *ssh->portfwd_strptr++;
+ }
+ host[n] = 0;
+ if (*ssh->portfwd_strptr == ':')
+ ssh->portfwd_strptr++;
+ n = 0;
+ while (*ssh->portfwd_strptr) {
+ if (n < 255) dports[n++] = *ssh->portfwd_strptr++;
+ }
+ dports[n] = 0;
ssh->portfwd_strptr++;
- n = 0;
- while (*ssh->portfwd_strptr) {
- if (n < 255) dports[n++] = *ssh->portfwd_strptr++;
- }
- dports[n] = 0;
- ssh->portfwd_strptr++;
- dport = atoi(dports);
- dserv = 0;
- if (dport == 0) {
- dserv = 1;
- dport = net_service_lookup(dports);
- if (!dport) {
- logeventf(ssh, "Service lookup failed for destination"
- " port \"%s\"", dports);
+ dport = atoi(dports);
+ dserv = 0;
+ if (dport == 0) {
+ dserv = 1;
+ dport = net_service_lookup(dports);
+ if (!dport) {
+ logeventf(ssh, "Service lookup failed for destination"
+ " port \"%s\"", dports);
+ }
}
+ } else {
+ while (*ssh->portfwd_strptr) ssh->portfwd_strptr++;
}
sport = atoi(sports);
sserv = 0;
if (sport && dport) {
if (type == 'L') {
pfd_addforward(host, dport, *saddr ? saddr : NULL,
- sport, ssh);
+ sport, ssh, &ssh->cfg);
logeventf(ssh, "Local port %.*s%.*s%.*s%.*s%d%.*s"
" forwarding to %s:%.*s%.*s%d%.*s",
(int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
+ } else if (type == 'D') {
+ pfd_addforward(NULL, -1, *saddr ? saddr : NULL,
+ sport, ssh, &ssh->cfg);
+ logeventf(ssh, "Local port %.*s%.*s%.*s%.*s%d%.*s"
+ " doing SOCKS dynamic forwarding",
+ (int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
+ (int)(*saddr?1:0), ":",
+ (int)(sserv ? strlen(sports) : 0), sports,
+ sserv, "(", sport, sserv, ")");
} else {
struct ssh_rportfwd *pf;
- pf = smalloc(sizeof(*pf));
+ pf = snew(struct ssh_rportfwd);
strcpy(pf->dhost, host);
pf->dport = dport;
pf->sport = sport;
ssh2_pkt_addbool(ssh, 1);/* want reply */
if (*saddr)
ssh2_pkt_addstring(ssh, saddr);
- if (cfg.rport_acceptall)
+ if (ssh->cfg.rport_acceptall)
ssh2_pkt_addstring(ssh, "0.0.0.0");
else
ssh2_pkt_addstring(ssh, "127.0.0.1");
if (ssh->pktin.type != SSH2_MSG_REQUEST_SUCCESS) {
if (ssh->pktin.type != SSH2_MSG_REQUEST_FAILURE) {
- bombout((ssh,"Unexpected response to port "
+ bombout(("Unexpected response to port "
"forwarding request: packet type %d",
ssh->pktin.type));
crReturnV;
/*
* Potentially enable agent forwarding.
*/
- if (cfg.agentfwd && agent_exists()) {
+ if (ssh->cfg.agentfwd && agent_exists()) {
logevent("Requesting OpenSSH-style agent forwarding");
ssh2_pkt_init(ssh, SSH2_MSG_CHANNEL_REQUEST);
ssh2_pkt_adduint32(ssh, ssh->mainchan->remoteid);
if (ssh->pktin.type != SSH2_MSG_CHANNEL_SUCCESS) {
if (ssh->pktin.type != SSH2_MSG_CHANNEL_FAILURE) {
- bombout((ssh,"Unexpected response to agent forwarding request:"
+ bombout(("Unexpected response to agent forwarding request:"
" packet type %d", ssh->pktin.type));
crReturnV;
}
/*
* Now allocate a pty for the session.
*/
- if (!cfg.nopty) {
+ if (!ssh->cfg.nopty) {
ssh2_pkt_init(ssh, SSH2_MSG_CHANNEL_REQUEST);
ssh2_pkt_adduint32(ssh, ssh->mainchan->remoteid); /* recipient channel */
ssh2_pkt_addstring(ssh, "pty-req");
ssh2_pkt_addbool(ssh, 1); /* want reply */
- ssh2_pkt_addstring(ssh, cfg.termtype);
+ ssh2_pkt_addstring(ssh, ssh->cfg.termtype);
ssh2_pkt_adduint32(ssh, ssh->term_width);
ssh2_pkt_adduint32(ssh, ssh->term_height);
ssh2_pkt_adduint32(ssh, 0); /* pixel width */
if (ssh->pktin.type != SSH2_MSG_CHANNEL_SUCCESS) {
if (ssh->pktin.type != SSH2_MSG_CHANNEL_FAILURE) {
- bombout((ssh,"Unexpected response to pty request:"
+ bombout(("Unexpected response to pty request:"
" packet type %d", ssh->pktin.type));
crReturnV;
}
char *cmd;
if (ssh->fallback_cmd) {
- subsys = cfg.ssh_subsys2;
- cmd = cfg.remote_cmd_ptr2;
+ subsys = ssh->cfg.ssh_subsys2;
+ cmd = ssh->cfg.remote_cmd_ptr2;
} else {
- subsys = cfg.ssh_subsys;
- cmd = cfg.remote_cmd_ptr;
+ subsys = ssh->cfg.ssh_subsys;
+ cmd = ssh->cfg.remote_cmd_ptr;
}
ssh2_pkt_init(ssh, SSH2_MSG_CHANNEL_REQUEST);
} while (ssh->pktin.type == SSH2_MSG_CHANNEL_WINDOW_ADJUST);
if (ssh->pktin.type != SSH2_MSG_CHANNEL_SUCCESS) {
if (ssh->pktin.type != SSH2_MSG_CHANNEL_FAILURE) {
- bombout((ssh,"Unexpected response to shell/command request:"
+ bombout(("Unexpected response to shell/command request:"
" packet type %d", ssh->pktin.type));
crReturnV;
}
* not, and if the fallback command exists, try falling
* back to it before complaining.
*/
- if (!ssh->fallback_cmd && cfg.remote_cmd_ptr2 != NULL) {
+ if (!ssh->fallback_cmd && ssh->cfg.remote_cmd_ptr2 != NULL) {
logevent("Primary command failed; attempting fallback");
ssh->fallback_cmd = TRUE;
continue;
}
- bombout((ssh,"Server refused to start a shell/command"));
+ bombout(("Server refused to start a shell/command"));
crReturnV;
} else {
logevent("Started a shell/command");
if (c->u.a.lensofar == 4) {
c->u.a.totallen =
4 + GET_32BIT(c->u.a.msglen);
- c->u.a.message = smalloc(c->u.a.totallen);
+ c->u.a.message = snewn(c->u.a.totallen,
+ unsigned char);
memcpy(c->u.a.message, c->u.a.msglen, 4);
}
if (c->u.a.lensofar >= 4 && length > 0) {
c = find234(ssh->channels, &i, ssh_channelfind);
if (!c || ((int)c->remoteid) == -1) {
- bombout((ssh,"Received CHANNEL_CLOSE for %s channel %d\n",
+ bombout(("Received CHANNEL_CLOSE for %s channel %d\n",
c ? "half-open" : "nonexistent", i));
}
/* Do pre-close processing on the channel. */
* See if that was the last channel left open.
*/
if (count234(ssh->channels) == 0) {
+ logevent("All channels closed. Disconnecting");
#if 0
/*
* We used to send SSH_MSG_DISCONNECT here,
* this is more polite than sending a
* DISCONNECT. So now we don't.
*/
- logevent("All channels closed. Disconnecting");
ssh2_pkt_init(ssh, SSH2_MSG_DISCONNECT);
ssh2_pkt_adduint32(ssh, SSH2_DISCONNECT_BY_APPLICATION);
ssh2_pkt_addstring(ssh, "All open channels closed");
ssh2_pkt_addstring(ssh, "en"); /* language tag */
ssh2_pkt_send(ssh);
#endif
- ssh->state = SSH_STATE_CLOSED;
+ ssh_closing((Plug)ssh, NULL, 0, 0);
crReturnV;
}
continue; /* remote sends close; ignore (FIXME) */
ssh2_pkt_addstring(ssh, buf);
ssh2_pkt_addstring(ssh, "en"); /* language tag */
ssh2_pkt_send(ssh);
- connection_fatal("%s", buf);
- ssh->state = SSH_STATE_CLOSED;
+ connection_fatal(ssh->frontend, "%s", buf);
+ ssh_closing((Plug)ssh, NULL, 0, 0);
crReturnV;
}
} else if (ssh->pktin.type == SSH2_MSG_CHANNEL_OPEN) {
char *type;
int typelen;
+ char *peeraddr;
+ int peeraddrlen;
+ int peerport;
char *error = NULL;
struct ssh_channel *c;
unsigned remid, winsize, pktsize;
ssh2_pkt_getstring(ssh, &type, &typelen);
- c = smalloc(sizeof(struct ssh_channel));
+ c = snew(struct ssh_channel);
c->ssh = ssh;
remid = ssh2_pkt_getuint32(ssh);
pktsize = ssh2_pkt_getuint32(ssh);
if (typelen == 3 && !memcmp(type, "x11", 3)) {
+ char *addrstr;
+
+ ssh2_pkt_getstring(ssh, &peeraddr, &peeraddrlen);
+ addrstr = snewn(peeraddrlen+1, char);
+ memcpy(addrstr, peeraddr, peeraddrlen);
+ peeraddr[peeraddrlen] = '\0';
+ peerport = ssh2_pkt_getuint32(ssh);
+
if (!ssh->X11_fwd_enabled)
error = "X11 forwarding is not enabled";
- else if (x11_init(&c->u.x11.s, cfg.x11_display, c,
- ssh->x11auth) != NULL) {
+ else if (x11_init(&c->u.x11.s, ssh->cfg.x11_display, c,
+ ssh->x11auth, addrstr, peerport,
+ &ssh->cfg) != NULL) {
error = "Unable to open an X11 connection";
} else {
c->type = CHAN_X11;
}
+
+ sfree(addrstr);
} else if (typelen == 15 &&
!memcmp(type, "forwarded-tcpip", 15)) {
struct ssh_rportfwd pf, *realpf;
int dummylen;
ssh2_pkt_getstring(ssh, &dummy, &dummylen);/* skip address */
pf.sport = ssh2_pkt_getuint32(ssh);
+ ssh2_pkt_getstring(ssh, &peeraddr, &peeraddrlen);
+ peerport = ssh2_pkt_getuint32(ssh);
realpf = find234(ssh->rportfwds, &pf, NULL);
if (realpf == NULL) {
error = "Remote port is not recognised";
} else {
char *e = pfd_newconnect(&c->u.pfd.s, realpf->dhost,
- realpf->dport, c);
+ realpf->dport, c, &ssh->cfg);
logeventf(ssh, "Received remote port open request"
" for %s:%d", realpf->dhost, realpf->dport);
if (e != NULL) {
ssh2_pkt_send(ssh);
}
} else {
- bombout((ssh,"Strange packet received: type %d", ssh->pktin.type));
+ bombout(("Strange packet received: type %d", ssh->pktin.type));
crReturnV;
}
} else {
* Returns an error message, or NULL on success.
*/
static char *ssh_init(void *frontend_handle, void **backend_handle,
+ Config *cfg,
char *host, int port, char **realhost, int nodelay)
{
char *p;
Ssh ssh;
- ssh = smalloc(sizeof(*ssh));
+ ssh = snew(struct ssh_tag);
+ ssh->cfg = *cfg; /* STRUCTURE COPY */
+ ssh->version = 0; /* when not ready yet */
ssh->s = NULL;
ssh->cipher = NULL;
ssh->v1_cipher_ctx = NULL;
ssh->sccomp = NULL;
ssh->sc_comp_ctx = NULL;
ssh->kex = NULL;
+ ssh->kex_ctx = NULL;
ssh->hostkey = NULL;
ssh->exitcode = -1;
ssh->state = SSH_STATE_PREPACKET;
#endif
ssh->frontend = frontend_handle;
- ssh->term_width = cfg.width;
- ssh->term_height = cfg.height;
+ ssh->term_width = ssh->cfg.width;
+ ssh->term_height = ssh->cfg.height;
+
+ ssh->channels = NULL;
+ ssh->rportfwds = NULL;
ssh->send_ok = 0;
ssh->editing = 0;
return NULL;
}
+static void ssh_free(void *handle)
+{
+ Ssh ssh = (Ssh) handle;
+ struct ssh_channel *c;
+ struct ssh_rportfwd *pf;
+
+ if (ssh->v1_cipher_ctx)
+ ssh->cipher->free_context(ssh->v1_cipher_ctx);
+ if (ssh->cs_cipher_ctx)
+ ssh->cscipher->free_context(ssh->cs_cipher_ctx);
+ if (ssh->sc_cipher_ctx)
+ ssh->sccipher->free_context(ssh->sc_cipher_ctx);
+ if (ssh->cs_mac_ctx)
+ ssh->csmac->free_context(ssh->cs_mac_ctx);
+ if (ssh->sc_mac_ctx)
+ ssh->scmac->free_context(ssh->sc_mac_ctx);
+ if (ssh->cs_comp_ctx)
+ ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
+ if (ssh->sc_comp_ctx)
+ ssh->sccomp->compress_cleanup(ssh->sc_comp_ctx);
+ if (ssh->kex_ctx)
+ dh_cleanup(ssh->kex_ctx);
+ sfree(ssh->savedhost);
+
+ if (ssh->channels) {
+ while ((c = delpos234(ssh->channels, 0)) != NULL) {
+ switch (c->type) {
+ case CHAN_X11:
+ if (c->u.x11.s != NULL)
+ x11_close(c->u.x11.s);
+ break;
+ case CHAN_SOCKDATA:
+ if (c->u.pfd.s != NULL)
+ pfd_close(c->u.pfd.s);
+ break;
+ }
+ sfree(c);
+ }
+ freetree234(ssh->channels);
+ }
+
+ if (ssh->rportfwds) {
+ while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
+ sfree(pf);
+ freetree234(ssh->rportfwds);
+ }
+ sfree(ssh->deferred_send_data);
+ if (ssh->x11auth)
+ x11_free_auth(ssh->x11auth);
+ sfree(ssh->do_ssh_init_state);
+ sfree(ssh->do_ssh1_login_state);
+ sfree(ssh->do_ssh2_transport_state);
+ sfree(ssh->do_ssh2_authconn_state);
+
+ if (ssh->s)
+ sk_close(ssh->s);
+ sfree(ssh);
+}
+
+/*
+ * Reconfigure the SSH backend.
+ *
+ * Currently, this function does nothing very useful. In future,
+ * however, we could do some handy things with it. For example, we
+ * could make the port forwarding configurer active in the Change
+ * Settings box, and this routine could close down existing
+ * forwardings and open up new ones in response to changes.
+ */
+static void ssh_reconfig(void *handle, Config *cfg)
+{
+ Ssh ssh = (Ssh) handle;
+ ssh->cfg = *cfg; /* STRUCTURE COPY */
+}
+
/*
* Called to send data down the Telnet connection.
*/
ssh->size_needed = TRUE; /* buffer for later */
break;
case SSH_STATE_SESSION:
- if (!cfg.nopty) {
+ if (!ssh->cfg.nopty) {
if (ssh->version == 1) {
send_packet(ssh, SSH1_CMSG_WINDOW_SIZE,
PKT_INT, ssh->term_height,
}
/*
+ * Return a list of the special codes that make sense in this
+ * protocol.
+ */
+static const struct telnet_special *ssh_get_specials(void *handle)
+{
+ Ssh ssh = (Ssh) handle;
+
+ if (ssh->version == 1) {
+ static const struct telnet_special ssh1_specials[] = {
+ {"IGNORE message", TS_NOP},
+ {NULL, 0}
+ };
+ return ssh1_specials;
+ } else if (ssh->version == 2) {
+ static const struct telnet_special ssh2_specials[] = {
+ {"Break", TS_BRK},
+ {"IGNORE message", TS_NOP},
+ {NULL, 0}
+ };
+ return ssh2_specials;
+ } else
+ return NULL;
+}
+
+/*
* Send Telnet special codes. TS_EOF is useful for `plink', so you
* can send an EOF and collect resulting output (e.g. `plink
* hostname sort').
ssh2_pkt_send(ssh);
}
logevent("Sent EOF message");
- } else if (code == TS_PING) {
+ } else if (code == TS_PING || code == TS_NOP) {
if (ssh->state == SSH_STATE_CLOSED
|| ssh->state == SSH_STATE_PREPACKET) return;
if (ssh->version == 1) {
ssh2_pkt_addstring_start(ssh);
ssh2_pkt_send(ssh);
}
+ } else if (code == TS_BRK) {
+ if (ssh->state == SSH_STATE_CLOSED
+ || ssh->state == SSH_STATE_PREPACKET) return;
+ if (ssh->version == 1) {
+ logevent("Unable to send BREAK signal in SSH1");
+ } else {
+ ssh2_pkt_init(ssh, SSH2_MSG_CHANNEL_REQUEST);
+ ssh2_pkt_adduint32(ssh, ssh->mainchan->remoteid);
+ ssh2_pkt_addstring(ssh, "break");
+ ssh2_pkt_addbool(ssh, 0);
+ ssh2_pkt_adduint32(ssh, 0); /* default break length */
+ ssh2_pkt_send(ssh);
+ }
} else {
/* do nothing */
}
{
Ssh ssh = (Ssh) handle;
struct ssh_channel *c;
- c = smalloc(sizeof(struct ssh_channel));
+ c = snew(struct ssh_channel);
c->ssh = ssh;
if (c) {
static int ssh_return_exitcode(void *handle)
{
Ssh ssh = (Ssh) handle;
- return ssh->exitcode;
+ if (ssh->s != NULL)
+ return -1;
+ else
+ return (ssh->exitcode >= 0 ? ssh->exitcode : 0);
}
/*
Backend ssh_backend = {
ssh_init,
+ ssh_free,
+ ssh_reconfig,
ssh_send,
ssh_sendbuffer,
ssh_size,
ssh_special,
+ ssh_get_specials,
ssh_socket,
ssh_return_exitcode,
ssh_sendok,