+ fflush(stdout);
+ {
+ static int pos = 0;
+ static char c;
+ if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
+ if (ssh_get_line) {
+ if (!ssh_get_line("login as: ",
+ username, sizeof(username), FALSE)) {
+ /*
+ * get_line failed to get a username.
+ * Terminate.
+ */
+ logevent("No username provided. Abandoning session.");
+ ssh_state = SSH_STATE_CLOSED;
+ crReturn(1);
+ }
+ } else {
+ c_write_str("login as: ");
+ ssh_send_ok = 1;
+ while (pos >= 0) {
+ crWaitUntil(!ispkt);
+ while (inlen--)
+ switch (c = *in++) {
+ case 10:
+ case 13:
+ username[pos] = 0;
+ pos = -1;
+ break;
+ case 8:
+ case 127:
+ if (pos > 0) {
+ c_write_str("\b \b");
+ pos--;
+ }
+ break;
+ case 21:
+ case 27:
+ while (pos > 0) {
+ c_write_str("\b \b");
+ pos--;
+ }
+ break;
+ case 3:
+ case 4:
+ random_save_seed();
+ exit(0);
+ break;
+ default:
+ if (((c >= ' ' && c <= '~') ||
+ ((unsigned char) c >= 160))
+ && pos < sizeof(username)-1) {
+ username[pos++] = c;
+ c_write(&c, 1);
+ }
+ break;
+ }
+ }
+ c_write_str("\r\n");
+ username[strcspn(username, "\n\r")] = '\0';
+ }
+ } else {
+ strncpy(username, cfg.username, 99);
+ username[99] = '\0';
+ }
+
+ send_packet(SSH1_CMSG_USER, PKT_STR, username, PKT_END);
+ {
+ char userlog[22 + sizeof(username)];
+ sprintf(userlog, "Sent username \"%s\"", username);
+ logevent(userlog);
+ if (flags & FLAG_INTERACTIVE &&
+ (!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
+ strcat(userlog, "\r\n");
+ c_write_str(userlog);
+ }
+ }
+ }
+
+ crWaitUntil(ispkt);
+
+ tried_publickey = 0;
+ tis_auth_refused = ccard_auth_refused = 0;
+
+ while (pktin.type == SSH1_SMSG_FAILURE) {
+ static char password[100];
+ static char prompt[200];
+ static int pos;
+ static char c;
+ static int pwpkt_type;
+ pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
+
+ if (agent_exists()) {
+ /*
+ * Attempt RSA authentication using Pageant.
+ */
+ static unsigned char request[5], *response, *p;
+ static int responselen;
+ static int i, nkeys;
+ static int authed = FALSE;
+ void *r;
+
+ logevent("Pageant is running. Requesting keys.");
+
+ /* Request the keys held by the agent. */
+ PUT_32BIT(request, 1);
+ request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
+ agent_query(request, 5, &r, &responselen);
+ response = (unsigned char *) r;
+ if (response && responselen >= 5 &&
+ response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
+ p = response + 5;
+ nkeys = GET_32BIT(p);
+ p += 4;
+ {
+ char buf[64];
+ sprintf(buf, "Pageant has %d SSH1 keys", nkeys);
+ logevent(buf);
+ }
+ for (i = 0; i < nkeys; i++) {
+ static struct RSAKey key;
+ static Bignum challenge;
+ static char *commentp;
+ static int commentlen;
+
+ {
+ char buf[64];
+ sprintf(buf, "Trying Pageant key #%d", i);
+ logevent(buf);
+ }
+ p += 4;
+ p += ssh1_read_bignum(p, &key.exponent);
+ p += ssh1_read_bignum(p, &key.modulus);
+ commentlen = GET_32BIT(p);
+ p += 4;
+ commentp = p;
+ p += commentlen;
+ send_packet(SSH1_CMSG_AUTH_RSA,
+ PKT_BIGNUM, key.modulus, PKT_END);
+ crWaitUntil(ispkt);
+ if (pktin.type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
+ logevent("Key refused");
+ continue;
+ }
+ logevent("Received RSA challenge");
+ ssh1_read_bignum(pktin.body, &challenge);
+ {
+ char *agentreq, *q, *ret;
+ void *vret;
+ int len, retlen;
+ len = 1 + 4; /* message type, bit count */
+ len += ssh1_bignum_length(key.exponent);
+ len += ssh1_bignum_length(key.modulus);
+ len += ssh1_bignum_length(challenge);
+ len += 16; /* session id */
+ len += 4; /* response format */
+ agentreq = smalloc(4 + len);
+ PUT_32BIT(agentreq, len);
+ q = agentreq + 4;
+ *q++ = SSH1_AGENTC_RSA_CHALLENGE;
+ PUT_32BIT(q, bignum_bitcount(key.modulus));
+ q += 4;
+ q += ssh1_write_bignum(q, key.exponent);
+ q += ssh1_write_bignum(q, key.modulus);
+ q += ssh1_write_bignum(q, challenge);
+ memcpy(q, session_id, 16);
+ q += 16;
+ PUT_32BIT(q, 1); /* response format */
+ agent_query(agentreq, len + 4, &vret, &retlen);
+ ret = vret;
+ sfree(agentreq);
+ if (ret) {
+ if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
+ logevent("Sending Pageant's response");
+ send_packet(SSH1_CMSG_AUTH_RSA_RESPONSE,
+ PKT_DATA, ret + 5, 16,
+ PKT_END);
+ sfree(ret);
+ crWaitUntil(ispkt);
+ if (pktin.type == SSH1_SMSG_SUCCESS) {
+ logevent
+ ("Pageant's response accepted");
+ if (flags & FLAG_VERBOSE) {
+ c_write_str
+ ("Authenticated using RSA key \"");
+ c_write(commentp, commentlen);
+ c_write_str("\" from agent\r\n");
+ }
+ authed = TRUE;
+ } else
+ logevent
+ ("Pageant's response not accepted");
+ } else {
+ logevent
+ ("Pageant failed to answer challenge");
+ sfree(ret);
+ }
+ } else {
+ logevent("No reply received from Pageant");
+ }
+ }
+ freebn(key.exponent);
+ freebn(key.modulus);
+ freebn(challenge);
+ if (authed)
+ break;
+ }
+ }
+ if (authed)
+ break;
+ }
+ if (*cfg.keyfile && !tried_publickey)
+ pwpkt_type = SSH1_CMSG_AUTH_RSA;
+
+ if (cfg.try_tis_auth &&
+ (supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
+ !tis_auth_refused) {
+ pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
+ logevent("Requested TIS authentication");
+ send_packet(SSH1_CMSG_AUTH_TIS, PKT_END);
+ crWaitUntil(ispkt);
+ if (pktin.type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
+ logevent("TIS authentication declined");
+ if (flags & FLAG_INTERACTIVE)
+ c_write_str("TIS authentication refused.\r\n");
+ tis_auth_refused = 1;
+ continue;
+ } else {
+ int challengelen = ((pktin.body[0] << 24) |
+ (pktin.body[1] << 16) |
+ (pktin.body[2] << 8) |
+ (pktin.body[3]));
+ logevent("Received TIS challenge");
+ if (challengelen > sizeof(prompt) - 1)
+ challengelen = sizeof(prompt) - 1; /* prevent overrun */
+ memcpy(prompt, pktin.body + 4, challengelen);
+ /* Prompt heuristic comes from OpenSSH */
+ strncpy(prompt + challengelen,
+ memchr(prompt, '\n', challengelen) ?
+ "": "\r\nResponse: ",
+ (sizeof prompt) - challengelen);
+ prompt[(sizeof prompt) - 1] = '\0';
+ }
+ }
+ if (cfg.try_tis_auth &&
+ (supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
+ !ccard_auth_refused) {
+ pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
+ logevent("Requested CryptoCard authentication");
+ send_packet(SSH1_CMSG_AUTH_CCARD, PKT_END);
+ crWaitUntil(ispkt);
+ if (pktin.type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
+ logevent("CryptoCard authentication declined");
+ c_write_str("CryptoCard authentication refused.\r\n");
+ ccard_auth_refused = 1;
+ continue;
+ } else {
+ int challengelen = ((pktin.body[0] << 24) |
+ (pktin.body[1] << 16) |
+ (pktin.body[2] << 8) |
+ (pktin.body[3]));
+ logevent("Received CryptoCard challenge");
+ if (challengelen > sizeof(prompt) - 1)
+ challengelen = sizeof(prompt) - 1; /* prevent overrun */
+ memcpy(prompt, pktin.body + 4, challengelen);
+ strncpy(prompt + challengelen,
+ memchr(prompt, '\n', challengelen) ?
+ "" : "\r\nResponse: ",
+ sizeof(prompt) - challengelen);
+ prompt[sizeof(prompt) - 1] = '\0';
+ }
+ }
+ if (pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
+ sprintf(prompt, "%.90s@%.90s's password: ",
+ username, savedhost);
+ }
+ if (pwpkt_type == SSH1_CMSG_AUTH_RSA) {
+ char *comment = NULL;
+ if (flags & FLAG_VERBOSE)
+ c_write_str("Trying public key authentication.\r\n");
+ if (!rsakey_encrypted(cfg.keyfile, &comment)) {
+ if (flags & FLAG_VERBOSE)
+ c_write_str("No passphrase required.\r\n");
+ goto tryauth;
+ }
+ sprintf(prompt, "Passphrase for key \"%.100s\": ", comment);
+ sfree(comment);
+ }
+
+ /*
+ * Show password prompt, having first obtained it via a TIS
+ * or CryptoCard exchange if we're doing TIS or CryptoCard
+ * authentication.
+ */
+ if (ssh_get_line) {
+ if (!ssh_get_line(prompt, password, sizeof(password), TRUE)) {
+ /*
+ * get_line failed to get a password (for example
+ * because one was supplied on the command line
+ * which has already failed to work). Terminate.
+ */
+ send_packet(SSH1_MSG_DISCONNECT,
+ PKT_STR, "No more passwords available to try",
+ PKT_END);
+ connection_fatal("Unable to authenticate");
+ ssh_state = SSH_STATE_CLOSED;
+ crReturn(1);
+ }
+ } else {
+ /* Prompt may have come from server. We've munged it a bit, so
+ * we know it to be zero-terminated at least once. */
+ c_write_untrusted(prompt, strlen(prompt));
+ pos = 0;
+ ssh_send_ok = 1;
+ while (pos >= 0) {
+ crWaitUntil(!ispkt);
+ while (inlen--)
+ switch (c = *in++) {
+ case 10:
+ case 13:
+ password[pos] = 0;
+ pos = -1;
+ break;
+ case 8:
+ case 127:
+ if (pos > 0)
+ pos--;
+ break;
+ case 21:
+ case 27:
+ pos = 0;
+ break;
+ case 3:
+ case 4:
+ random_save_seed();
+ exit(0);
+ break;
+ default:
+ if (pos < sizeof(password)-1)
+ password[pos++] = c;
+ break;
+ }
+ }
+ c_write_str("\r\n");
+ }
+
+ tryauth:
+ if (pwpkt_type == SSH1_CMSG_AUTH_RSA) {
+ /*
+ * Try public key authentication with the specified
+ * key file.
+ */
+ static struct RSAKey pubkey;
+ static Bignum challenge, response;
+ static int i;
+ static unsigned char buffer[32];
+
+ tried_publickey = 1;
+ i = loadrsakey(cfg.keyfile, &pubkey, password);
+ if (i == 0) {
+ c_write_str("Couldn't load private key from ");
+ c_write_str(cfg.keyfile);
+ c_write_str(".\r\n");
+ continue; /* go and try password */
+ }
+ if (i == -1) {
+ c_write_str("Wrong passphrase.\r\n");
+ tried_publickey = 0;
+ continue; /* try again */
+ }
+
+ /*
+ * Send a public key attempt.
+ */
+ send_packet(SSH1_CMSG_AUTH_RSA,
+ PKT_BIGNUM, pubkey.modulus, PKT_END);
+
+ crWaitUntil(ispkt);
+ if (pktin.type == SSH1_SMSG_FAILURE) {
+ c_write_str("Server refused our public key.\r\n");
+ continue; /* go and try password */
+ }
+ if (pktin.type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
+ bombout(("Bizarre response to offer of public key"));
+ crReturn(0);
+ }
+ ssh1_read_bignum(pktin.body, &challenge);
+ response = rsadecrypt(challenge, &pubkey);
+ freebn(pubkey.private_exponent); /* burn the evidence */
+
+ for (i = 0; i < 32; i++) {
+ buffer[i] = bignum_byte(response, 31 - i);
+ }
+
+ MD5Init(&md5c);
+ MD5Update(&md5c, buffer, 32);
+ MD5Update(&md5c, session_id, 16);
+ MD5Final(buffer, &md5c);
+
+ send_packet(SSH1_CMSG_AUTH_RSA_RESPONSE,
+ PKT_DATA, buffer, 16, PKT_END);
+
+ crWaitUntil(ispkt);
+ if (pktin.type == SSH1_SMSG_FAILURE) {
+ if (flags & FLAG_VERBOSE)
+ c_write_str
+ ("Failed to authenticate with our public key.\r\n");
+ continue; /* go and try password */
+ } else if (pktin.type != SSH1_SMSG_SUCCESS) {
+ bombout(
+ ("Bizarre response to RSA authentication response"));
+ crReturn(0);
+ }
+
+ break; /* we're through! */
+ } else {
+ if (pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
+ /*
+ * Defence against traffic analysis: we send a
+ * whole bunch of packets containing strings of
+ * different lengths. One of these strings is the
+ * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
+ * The others are all random data in
+ * SSH1_MSG_IGNORE packets. This way a passive
+ * listener can't tell which is the password, and
+ * hence can't deduce the password length.
+ *
+ * Anybody with a password length greater than 16
+ * bytes is going to have enough entropy in their
+ * password that a listener won't find it _that_
+ * much help to know how long it is. So what we'll
+ * do is:
+ *
+ * - if password length < 16, we send 15 packets
+ * containing string lengths 1 through 15
+ *
+ * - otherwise, we let N be the nearest multiple
+ * of 8 below the password length, and send 8
+ * packets containing string lengths N through
+ * N+7. This won't obscure the order of
+ * magnitude of the password length, but it will
+ * introduce a bit of extra uncertainty.
+ *
+ * A few servers (the old 1.2.18 through 1.2.22)
+ * can't deal with SSH1_MSG_IGNORE. For these
+ * servers, we need an alternative defence. We make
+ * use of the fact that the password is interpreted
+ * as a C string: so we can append a NUL, then some
+ * random data.
+ *
+ * One server (a Cisco one) can deal with neither
+ * SSH1_MSG_IGNORE _nor_ a padded password string.
+ * For this server we are left with no defences
+ * against password length sniffing.
+ */
+ if (!(ssh_remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE)) {
+ /*
+ * The server can deal with SSH1_MSG_IGNORE, so
+ * we can use the primary defence.
+ */
+ int bottom, top, pwlen, i;
+ char *randomstr;
+
+ pwlen = strlen(password);
+ if (pwlen < 16) {
+ bottom = 0; /* zero length passwords are OK! :-) */
+ top = 15;
+ } else {
+ bottom = pwlen & ~7;
+ top = bottom + 7;
+ }
+
+ assert(pwlen >= bottom && pwlen <= top);
+
+ randomstr = smalloc(top + 1);
+
+ for (i = bottom; i <= top; i++) {
+ if (i == pwlen)
+ defer_packet(pwpkt_type, PKT_STR, password,
+ PKT_END);
+ else {
+ for (j = 0; j < i; j++) {
+ do {
+ randomstr[j] = random_byte();
+ } while (randomstr[j] == '\0');
+ }
+ randomstr[i] = '\0';
+ defer_packet(SSH1_MSG_IGNORE,
+ PKT_STR, randomstr, PKT_END);
+ }
+ }
+ logevent("Sending password with camouflage packets");
+ ssh_pkt_defersend();
+ }
+ else if (!(ssh_remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
+ /*
+ * The server can't deal with SSH1_MSG_IGNORE
+ * but can deal with padded passwords, so we
+ * can use the secondary defence.
+ */
+ char string[64];
+ char *s;
+ int len;
+
+ len = strlen(password);
+ if (len < sizeof(string)) {
+ s = string;
+ strcpy(string, password);
+ len++; /* cover the zero byte */
+ while (len < sizeof(string)) {
+ string[len++] = (char) random_byte();
+ }
+ } else {
+ s = password;
+ }
+ logevent("Sending length-padded password");
+ send_packet(pwpkt_type, PKT_INT, len,
+ PKT_DATA, s, len, PKT_END);
+ } else {
+ /*
+ * The server has _both_
+ * BUG_CHOKES_ON_SSH1_IGNORE and
+ * BUG_NEEDS_SSH1_PLAIN_PASSWORD. There is
+ * therefore nothing we can do.
+ */
+ int len;
+ len = strlen(password);
+ logevent("Sending unpadded password");
+ send_packet(pwpkt_type, PKT_INT, len,
+ PKT_DATA, password, len, PKT_END);
+ }
+ } else {
+ send_packet(pwpkt_type, PKT_STR, password, PKT_END);
+ }
+ }
+ logevent("Sent password");
+ memset(password, 0, strlen(password));
+ crWaitUntil(ispkt);
+ if (pktin.type == SSH1_SMSG_FAILURE) {
+ if (flags & FLAG_VERBOSE)
+ c_write_str("Access denied\r\n");
+ logevent("Authentication refused");
+ } else if (pktin.type == SSH1_MSG_DISCONNECT) {
+ logevent("Received disconnect request");
+ ssh_state = SSH_STATE_CLOSED;
+ crReturn(1);
+ } else if (pktin.type != SSH1_SMSG_SUCCESS) {
+ bombout(("Strange packet received, type %d", pktin.type));
+ crReturn(0);
+ }
+ }
+
+ logevent("Authentication successful");
+
+ crFinish(1);
+}
+
+void sshfwd_close(struct ssh_channel *c)
+{
+ if (c && !c->closes) {
+ /*
+ * If the channel's remoteid is -1, we have sent
+ * CHANNEL_OPEN for this channel, but it hasn't even been
+ * acknowledged by the server. So we must set a close flag
+ * on it now, and then when the server acks the channel
+ * open, we can close it then.
+ */
+ if (c->remoteid != -1) {
+ if (ssh_version == 1) {
+ send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
+ PKT_END);
+ } else {
+ ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
+ ssh2_pkt_adduint32(c->remoteid);
+ ssh2_pkt_send();
+ }
+ }
+ c->closes = 1;
+ if (c->type == CHAN_X11) {
+ c->u.x11.s = NULL;
+ logevent("Forwarded X11 connection terminated");
+ } else if (c->type == CHAN_SOCKDATA ||
+ c->type == CHAN_SOCKDATA_DORMANT) {
+ c->u.pfd.s = NULL;
+ logevent("Forwarded port closed");
+ }
+ }
+}
+
+int sshfwd_write(struct ssh_channel *c, char *buf, int len)
+{
+ if (ssh_version == 1) {
+ send_packet(SSH1_MSG_CHANNEL_DATA,
+ PKT_INT, c->remoteid,
+ PKT_INT, len, PKT_DATA, buf, len, PKT_END);
+ /*
+ * In SSH1 we can return 0 here - implying that forwarded
+ * connections are never individually throttled - because
+ * the only circumstance that can cause throttling will be
+ * the whole SSH connection backing up, in which case
+ * _everything_ will be throttled as a whole.
+ */
+ return 0;
+ } else {
+ ssh2_add_channel_data(c, buf, len);
+ return ssh2_try_send(c);
+ }
+}
+
+void sshfwd_unthrottle(struct ssh_channel *c, int bufsize)
+{
+ if (ssh_version == 1) {
+ if (c->v.v1.throttling && bufsize < SSH1_BUFFER_LIMIT) {
+ c->v.v1.throttling = 0;
+ ssh1_throttle(-1);
+ }
+ } else {
+ ssh2_set_window(c, OUR_V2_WINSIZE - bufsize);
+ }
+}
+
+static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
+{
+ crBegin;
+
+ random_init();
+
+ while (!do_ssh1_login(in, inlen, ispkt)) {
+ crReturnV;
+ }
+ if (ssh_state == SSH_STATE_CLOSED)
+ crReturnV;
+
+ if (cfg.agentfwd && agent_exists()) {
+ logevent("Requesting agent forwarding");
+ send_packet(SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
+ do {
+ crReturnV;
+ } while (!ispkt);
+ if (pktin.type != SSH1_SMSG_SUCCESS
+ && pktin.type != SSH1_SMSG_FAILURE) {
+ bombout(("Protocol confusion"));
+ crReturnV;
+ } else if (pktin.type == SSH1_SMSG_FAILURE) {
+ logevent("Agent forwarding refused");
+ } else {
+ logevent("Agent forwarding enabled");
+ ssh_agentfwd_enabled = TRUE;
+ }
+ }
+
+ if (cfg.x11_forward) {
+ char proto[20], data[64];
+ logevent("Requesting X11 forwarding");
+ x11_invent_auth(proto, sizeof(proto), data, sizeof(data));
+ if (ssh1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
+ send_packet(SSH1_CMSG_X11_REQUEST_FORWARDING,
+ PKT_STR, proto, PKT_STR, data,
+ PKT_INT, 0, PKT_END);
+ } else {
+ send_packet(SSH1_CMSG_X11_REQUEST_FORWARDING,
+ PKT_STR, proto, PKT_STR, data, PKT_END);
+ }
+ do {
+ crReturnV;
+ } while (!ispkt);
+ if (pktin.type != SSH1_SMSG_SUCCESS
+ && pktin.type != SSH1_SMSG_FAILURE) {
+ bombout(("Protocol confusion"));
+ crReturnV;
+ } else if (pktin.type == SSH1_SMSG_FAILURE) {
+ logevent("X11 forwarding refused");
+ } else {
+ logevent("X11 forwarding enabled");
+ ssh_X11_fwd_enabled = TRUE;
+ }
+ }
+
+ {
+ char type, *e;
+ int n;
+ int sport,dport;
+ char sports[256], dports[256], host[256];
+ char buf[1024];
+
+ ssh_rportfwds = newtree234(ssh_rportcmp_ssh1);
+ /* Add port forwardings. */
+ e = cfg.portfwd;
+ while (*e) {
+ type = *e++;
+ n = 0;
+ while (*e && *e != '\t')
+ sports[n++] = *e++;
+ sports[n] = 0;
+ if (*e == '\t')
+ e++;
+ n = 0;
+ while (*e && *e != ':')
+ host[n++] = *e++;
+ host[n] = 0;
+ if (*e == ':')
+ e++;
+ n = 0;
+ while (*e)
+ dports[n++] = *e++;
+ dports[n] = 0;
+ e++;
+ dport = atoi(dports);
+ sport = atoi(sports);
+ if (sport && dport) {
+ if (type == 'L') {
+ pfd_addforward(host, dport, sport);
+ sprintf(buf, "Local port %d forwarding to %s:%d",
+ sport, host, dport);
+ logevent(buf);
+ } else {
+ struct ssh_rportfwd *pf;
+ pf = smalloc(sizeof(*pf));
+ strcpy(pf->dhost, host);
+ pf->dport = dport;
+ if (add234(ssh_rportfwds, pf) != pf) {
+ sprintf(buf,
+ "Duplicate remote port forwarding to %s:%d",
+ host, dport);
+ logevent(buf);
+ sfree(pf);
+ } else {
+ sprintf(buf, "Requesting remote port %d forward to %s:%d",
+ sport, host, dport);
+ logevent(buf);
+ send_packet(SSH1_CMSG_PORT_FORWARD_REQUEST,
+ PKT_INT, sport,
+ PKT_STR, host,
+ PKT_INT, dport,
+ PKT_END);
+ }
+ }
+ }
+ }
+ }
+
+ if (!cfg.nopty) {
+ send_packet(SSH1_CMSG_REQUEST_PTY,
+ PKT_STR, cfg.termtype,
+ PKT_INT, rows, PKT_INT, cols,
+ PKT_INT, 0, PKT_INT, 0, PKT_CHAR, 0, PKT_END);
+ ssh_state = SSH_STATE_INTERMED;
+ do {
+ crReturnV;
+ } while (!ispkt);
+ if (pktin.type != SSH1_SMSG_SUCCESS
+ && pktin.type != SSH1_SMSG_FAILURE) {
+ bombout(("Protocol confusion"));
+ crReturnV;
+ } else if (pktin.type == SSH1_SMSG_FAILURE) {
+ c_write_str("Server refused to allocate pty\r\n");
+ ssh_editing = ssh_echoing = 1;
+ }
+ logevent("Allocated pty");
+ } else {
+ ssh_editing = ssh_echoing = 1;
+ }
+
+ if (cfg.compression) {
+ send_packet(SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
+ do {
+ crReturnV;
+ } while (!ispkt);
+ if (pktin.type != SSH1_SMSG_SUCCESS
+ && pktin.type != SSH1_SMSG_FAILURE) {
+ bombout(("Protocol confusion"));
+ crReturnV;
+ } else if (pktin.type == SSH1_SMSG_FAILURE) {
+ c_write_str("Server refused to compress\r\n");
+ }
+ logevent("Started compression");
+ ssh1_compressing = TRUE;
+ zlib_compress_init();
+ zlib_decompress_init();
+ }
+
+ /*
+ * Start the shell or command.
+ *
+ * Special case: if the first-choice command is an SSH2
+ * subsystem (hence not usable here) and the second choice
+ * exists, we fall straight back to that.
+ */
+ {
+ char *cmd = cfg.remote_cmd_ptr;
+
+ if (cfg.ssh_subsys && cfg.remote_cmd_ptr2) {
+ cmd = cfg.remote_cmd_ptr2;
+ ssh_fallback_cmd = TRUE;
+ }
+ if (*cmd)
+ send_packet(SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END);
+ else
+ send_packet(SSH1_CMSG_EXEC_SHELL, PKT_END);
+ logevent("Started session");
+ }
+
+ ssh_state = SSH_STATE_SESSION;
+ if (size_needed)
+ ssh_size();
+ if (eof_needed)
+ ssh_special(TS_EOF);
+
+ ldisc_send(NULL, 0, 0); /* cause ldisc to notice changes */
+ ssh_send_ok = 1;
+ ssh_channels = newtree234(ssh_channelcmp);
+ while (1) {
+ crReturnV;
+ if (ispkt) {
+ if (pktin.type == SSH1_SMSG_STDOUT_DATA ||
+ pktin.type == SSH1_SMSG_STDERR_DATA) {
+ long len = GET_32BIT(pktin.body);
+ int bufsize =
+ from_backend(pktin.type == SSH1_SMSG_STDERR_DATA,
+ pktin.body + 4, len);
+ if (!ssh1_stdout_throttling && bufsize > SSH1_BUFFER_LIMIT) {
+ ssh1_stdout_throttling = 1;
+ ssh1_throttle(+1);
+ }
+ } else if (pktin.type == SSH1_MSG_DISCONNECT) {
+ ssh_state = SSH_STATE_CLOSED;
+ logevent("Received disconnect request");
+ crReturnV;
+ } else if (pktin.type == SSH1_SMSG_X11_OPEN) {
+ /* Remote side is trying to open a channel to talk to our
+ * X-Server. Give them back a local channel number. */
+ struct ssh_channel *c;
+
+ logevent("Received X11 connect request");
+ /* Refuse if X11 forwarding is disabled. */
+ if (!ssh_X11_fwd_enabled) {
+ send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE,
+ PKT_INT, GET_32BIT(pktin.body), PKT_END);
+ logevent("Rejected X11 connect request");
+ } else {
+ c = smalloc(sizeof(struct ssh_channel));
+
+ if (x11_init(&c->u.x11.s, cfg.x11_display, c) != NULL) {
+ logevent("opening X11 forward connection failed");
+ sfree(c);
+ send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE,
+ PKT_INT, GET_32BIT(pktin.body),
+ PKT_END);
+ } else {
+ logevent
+ ("opening X11 forward connection succeeded");
+ c->remoteid = GET_32BIT(pktin.body);
+ c->localid = alloc_channel_id();
+ c->closes = 0;
+ c->v.v1.throttling = 0;
+ c->type = CHAN_X11; /* identify channel type */
+ add234(ssh_channels, c);
+ send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
+ PKT_INT, c->remoteid, PKT_INT,
+ c->localid, PKT_END);
+ logevent("Opened X11 forward channel");
+ }
+ }
+ } else if (pktin.type == SSH1_SMSG_AGENT_OPEN) {
+ /* Remote side is trying to open a channel to talk to our
+ * agent. Give them back a local channel number. */
+ struct ssh_channel *c;
+
+ /* Refuse if agent forwarding is disabled. */
+ if (!ssh_agentfwd_enabled) {
+ send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE,
+ PKT_INT, GET_32BIT(pktin.body), PKT_END);
+ } else {
+ c = smalloc(sizeof(struct ssh_channel));
+ c->remoteid = GET_32BIT(pktin.body);
+ c->localid = alloc_channel_id();
+ c->closes = 0;
+ c->v.v1.throttling = 0;
+ c->type = CHAN_AGENT; /* identify channel type */
+ c->u.a.lensofar = 0;
+ add234(ssh_channels, c);
+ send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
+ PKT_INT, c->remoteid, PKT_INT, c->localid,
+ PKT_END);
+ }
+ } else if (pktin.type == SSH1_MSG_PORT_OPEN) {
+ /* Remote side is trying to open a channel to talk to a
+ * forwarded port. Give them back a local channel number. */
+ struct ssh_channel *c;
+ struct ssh_rportfwd pf;
+ int hostsize, port;
+ char host[256], buf[1024];
+ char *p, *h, *e;
+ c = smalloc(sizeof(struct ssh_channel));
+
+ hostsize = GET_32BIT(pktin.body+4);
+ for(h = host, p = pktin.body+8; hostsize != 0; hostsize--) {
+ if (h+1 < host+sizeof(host))
+ *h++ = *p;
+ p++;
+ }
+ *h = 0;
+ port = GET_32BIT(p);
+
+ strcpy(pf.dhost, host);
+ pf.dport = port;
+
+ if (find234(ssh_rportfwds, &pf, NULL) == NULL) {
+ sprintf(buf, "Rejected remote port open request for %s:%d",
+ host, port);
+ logevent(buf);
+ send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE,
+ PKT_INT, GET_32BIT(pktin.body), PKT_END);
+ } else {
+ sprintf(buf, "Received remote port open request for %s:%d",
+ host, port);
+ logevent(buf);
+ e = pfd_newconnect(&c->u.pfd.s, host, port, c);
+ if (e != NULL) {
+ char buf[256];
+ sprintf(buf, "Port open failed: %s", e);
+ logevent(buf);
+ sfree(c);
+ send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE,
+ PKT_INT, GET_32BIT(pktin.body),
+ PKT_END);
+ } else {
+ c->remoteid = GET_32BIT(pktin.body);
+ c->localid = alloc_channel_id();
+ c->closes = 0;
+ c->v.v1.throttling = 0;
+ c->type = CHAN_SOCKDATA; /* identify channel type */
+ add234(ssh_channels, c);
+ send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
+ PKT_INT, c->remoteid, PKT_INT,
+ c->localid, PKT_END);
+ logevent("Forwarded port opened successfully");
+ }
+ }
+
+ } else if (pktin.type == SSH1_MSG_CHANNEL_OPEN_CONFIRMATION) {
+ unsigned int remoteid = GET_32BIT(pktin.body);
+ unsigned int localid = GET_32BIT(pktin.body+4);
+ struct ssh_channel *c;
+
+ c = find234(ssh_channels, &remoteid, ssh_channelfind);
+ if (c && c->type == CHAN_SOCKDATA_DORMANT) {
+ c->remoteid = localid;
+ c->type = CHAN_SOCKDATA;
+ c->v.v1.throttling = 0;
+ pfd_confirm(c->u.pfd.s);
+ }
+
+ if (c && c->closes) {
+ /*
+ * We have a pending close on this channel,
+ * which we decided on before the server acked
+ * the channel open. So now we know the
+ * remoteid, we can close it again.
+ */
+ send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
+ PKT_END);
+ }
+
+ } else if (pktin.type == SSH1_MSG_CHANNEL_OPEN_FAILURE) {
+ unsigned int remoteid = GET_32BIT(pktin.body);
+ unsigned int localid = GET_32BIT(pktin.body+4);
+ struct ssh_channel *c;
+
+ c = find234(ssh_channels, &remoteid, ssh_channelfind);
+ if (c && c->type == CHAN_SOCKDATA_DORMANT) {
+ logevent("Forwarded connection refused by server");
+ pfd_close(c->u.pfd.s);
+ del234(ssh_channels, c);
+ sfree(c);
+ }
+
+ } else if (pktin.type == SSH1_MSG_CHANNEL_CLOSE ||
+ pktin.type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION) {
+ /* Remote side closes a channel. */
+ unsigned i = GET_32BIT(pktin.body);
+ struct ssh_channel *c;
+ c = find234(ssh_channels, &i, ssh_channelfind);
+ if (c) {
+ int closetype;
+ closetype =
+ (pktin.type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2);
+ if (!(c->closes & closetype))
+ send_packet(pktin.type, PKT_INT, c->remoteid,
+ PKT_END);
+ if ((c->closes == 0) && (c->type == CHAN_X11)) {
+ logevent("Forwarded X11 connection terminated");
+ assert(c->u.x11.s != NULL);
+ x11_close(c->u.x11.s);
+ c->u.x11.s = NULL;
+ }
+ if ((c->closes == 0) && (c->type == CHAN_SOCKDATA)) {
+ logevent("Forwarded port closed");
+ assert(c->u.pfd.s != NULL);
+ pfd_close(c->u.pfd.s);
+ c->u.pfd.s = NULL;
+ }
+ c->closes |= closetype;
+ if (c->closes == 3) {
+ del234(ssh_channels, c);
+ sfree(c);
+ }
+ }
+ } else if (pktin.type == SSH1_MSG_CHANNEL_DATA) {
+ /* Data sent down one of our channels. */
+ int i = GET_32BIT(pktin.body);
+ int len = GET_32BIT(pktin.body + 4);
+ unsigned char *p = pktin.body + 8;
+ struct ssh_channel *c;
+ c = find234(ssh_channels, &i, ssh_channelfind);
+ if (c) {
+ int bufsize;
+ switch (c->type) {
+ case CHAN_X11:
+ bufsize = x11_send(c->u.x11.s, p, len);
+ break;
+ case CHAN_SOCKDATA:
+ bufsize = pfd_send(c->u.pfd.s, p, len);
+ break;
+ case CHAN_AGENT:
+ /* Data for an agent message. Buffer it. */
+ while (len > 0) {
+ if (c->u.a.lensofar < 4) {
+ int l = min(4 - c->u.a.lensofar, len);
+ memcpy(c->u.a.msglen + c->u.a.lensofar, p,
+ l);
+ p += l;
+ len -= l;
+ c->u.a.lensofar += l;
+ }
+ if (c->u.a.lensofar == 4) {
+ c->u.a.totallen =
+ 4 + GET_32BIT(c->u.a.msglen);
+ c->u.a.message = smalloc(c->u.a.totallen);
+ memcpy(c->u.a.message, c->u.a.msglen, 4);
+ }
+ if (c->u.a.lensofar >= 4 && len > 0) {
+ int l =
+ min(c->u.a.totallen - c->u.a.lensofar,
+ len);
+ memcpy(c->u.a.message + c->u.a.lensofar, p,
+ l);
+ p += l;
+ len -= l;
+ c->u.a.lensofar += l;
+ }
+ if (c->u.a.lensofar == c->u.a.totallen) {
+ void *reply, *sentreply;
+ int replylen;
+ agent_query(c->u.a.message,
+ c->u.a.totallen, &reply,
+ &replylen);
+ if (reply)
+ sentreply = reply;
+ else {
+ /* Fake SSH_AGENT_FAILURE. */
+ sentreply = "\0\0\0\1\5";
+ replylen = 5;
+ }
+ send_packet(SSH1_MSG_CHANNEL_DATA,
+ PKT_INT, c->remoteid,
+ PKT_INT, replylen,
+ PKT_DATA, sentreply, replylen,
+ PKT_END);
+ if (reply)
+ sfree(reply);
+ sfree(c->u.a.message);
+ c->u.a.lensofar = 0;
+ }
+ }
+ bufsize = 0; /* agent channels never back up */
+ break;
+ }
+ if (!c->v.v1.throttling && bufsize > SSH1_BUFFER_LIMIT) {
+ c->v.v1.throttling = 1;
+ ssh1_throttle(+1);
+ }
+ }
+ } else if (pktin.type == SSH1_SMSG_SUCCESS) {
+ /* may be from EXEC_SHELL on some servers */
+ } else if (pktin.type == SSH1_SMSG_FAILURE) {
+ /* may be from EXEC_SHELL on some servers
+ * if no pty is available or in other odd cases. Ignore */
+ } else if (pktin.type == SSH1_SMSG_EXIT_STATUS) {
+ send_packet(SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
+ /*
+ * In case `helpful' firewalls or proxies tack
+ * extra human-readable text on the end of the
+ * session which we might mistake for another
+ * encrypted packet, we close the session once
+ * we've sent EXIT_CONFIRMATION.
+ */
+ ssh_state = SSH_STATE_CLOSED;
+ crReturnV;
+ } else {
+ bombout(("Strange packet received: type %d", pktin.type));
+ crReturnV;
+ }
+ } else {
+ while (inlen > 0) {
+ int len = min(inlen, 512);
+ send_packet(SSH1_CMSG_STDIN_DATA,
+ PKT_INT, len, PKT_DATA, in, len, PKT_END);
+ in += len;
+ inlen -= len;
+ }
+ }
+ }
+
+ crFinishV;
+}
+
+/*
+ * Utility routine for decoding comma-separated strings in KEXINIT.
+ */
+static int in_commasep_string(char *needle, char *haystack, int haylen)
+{
+ int needlen = strlen(needle);
+ while (1) {
+ /*
+ * Is it at the start of the string?
+ */
+ if (haylen >= needlen && /* haystack is long enough */
+ !memcmp(needle, haystack, needlen) && /* initial match */
+ (haylen == needlen || haystack[needlen] == ',')
+ /* either , or EOS follows */
+ )
+ return 1;
+ /*
+ * If not, search for the next comma and resume after that.
+ * If no comma found, terminate.
+ */
+ while (haylen > 0 && *haystack != ',')
+ haylen--, haystack++;
+ if (haylen == 0)
+ return 0;
+ haylen--, haystack++; /* skip over comma itself */
+ }
+}
+
+/*
+ * SSH2 key creation method.
+ */
+static void ssh2_mkkey(Bignum K, char *H, char *sessid, char chr,
+ char *keyspace)
+{
+ SHA_State s;
+ /* First 20 bytes. */
+ SHA_Init(&s);
+ sha_mpint(&s, K);
+ SHA_Bytes(&s, H, 20);
+ SHA_Bytes(&s, &chr, 1);
+ SHA_Bytes(&s, sessid, 20);
+ SHA_Final(&s, keyspace);
+ /* Next 20 bytes. */
+ SHA_Init(&s);
+ sha_mpint(&s, K);
+ SHA_Bytes(&s, H, 20);
+ SHA_Bytes(&s, keyspace, 20);
+ SHA_Final(&s, keyspace + 20);
+}
+
+/*
+ * Handle the SSH2 transport layer.
+ */
+static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
+{
+ static int i, j, len, nbits, pbits, warn;
+ static char *str;
+ static Bignum p, g, e, f, K;
+ static int kex_init_value, kex_reply_value;
+ static const struct ssh_mac **maclist;
+ static int nmacs;
+ static const struct ssh2_cipher *cscipher_tobe = NULL;
+ static const struct ssh2_cipher *sccipher_tobe = NULL;
+ static const struct ssh_mac *csmac_tobe = NULL;
+ static const struct ssh_mac *scmac_tobe = NULL;
+ static const struct ssh_compress *cscomp_tobe = NULL;
+ static const struct ssh_compress *sccomp_tobe = NULL;
+ static char *hostkeydata, *sigdata, *keystr, *fingerprint;
+ static int hostkeylen, siglen;
+ static void *hkey; /* actual host key */
+ static unsigned char exchange_hash[20];
+ static unsigned char keyspace[40];
+ static int n_preferred_ciphers;
+ static const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
+ static const struct ssh_compress *preferred_comp;
+ static int first_kex;
+
+ crBegin;
+ random_init();
+ first_kex = 1;
+
+ /*
+ * Set up the preferred ciphers. (NULL => warn below here)
+ */
+ n_preferred_ciphers = 0;
+ for (i = 0; i < CIPHER_MAX; i++) {
+ switch (cfg.ssh_cipherlist[i]) {
+ case CIPHER_BLOWFISH:
+ preferred_ciphers[n_preferred_ciphers] = &ssh2_blowfish;
+ n_preferred_ciphers++;
+ break;
+ case CIPHER_DES:
+ preferred_ciphers[n_preferred_ciphers] = &ssh2_des;
+ n_preferred_ciphers++;
+ break;
+ case CIPHER_3DES:
+ preferred_ciphers[n_preferred_ciphers] = &ssh2_3des;
+ n_preferred_ciphers++;
+ break;
+ case CIPHER_AES:
+ preferred_ciphers[n_preferred_ciphers] = &ssh2_aes;
+ n_preferred_ciphers++;
+ break;
+ case CIPHER_WARN:
+ /* Flag for later. Don't bother if it's the last in
+ * the list. */
+ if (i < CIPHER_MAX - 1) {
+ preferred_ciphers[n_preferred_ciphers] = NULL;
+ n_preferred_ciphers++;
+ }
+ break;
+ }
+ }
+
+ /*
+ * Set up preferred compression.
+ */
+ if (cfg.compression)
+ preferred_comp = &ssh_zlib;
+ else
+ preferred_comp = &ssh_comp_none;
+
+ /*
+ * Be prepared to work around the buggy MAC problem.
+ */
+ if (cfg.buggymac || (ssh_remote_bugs & BUG_SSH2_HMAC))
+ maclist = buggymacs, nmacs = lenof(buggymacs);
+ else
+ maclist = macs, nmacs = lenof(macs);
+
+ begin_key_exchange:
+ /*
+ * Construct and send our key exchange packet.
+ */
+ ssh2_pkt_init(SSH2_MSG_KEXINIT);
+ for (i = 0; i < 16; i++)
+ ssh2_pkt_addbyte((unsigned char) random_byte());
+ /* List key exchange algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(kex_algs); i++) {
+ ssh2_pkt_addstring_str(kex_algs[i]->name);
+ if (i < lenof(kex_algs) - 1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List server host key algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(hostkey_algs); i++) {
+ ssh2_pkt_addstring_str(hostkey_algs[i]->name);
+ if (i < lenof(hostkey_algs) - 1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List client->server encryption algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < n_preferred_ciphers; i++) {
+ const struct ssh2_ciphers *c = preferred_ciphers[i];
+ if (!c) continue; /* warning flag */
+ for (j = 0; j < c->nciphers; j++) {
+ ssh2_pkt_addstring_str(c->list[j]->name);
+ if (i < n_preferred_ciphers || j < c->nciphers - 1)
+ ssh2_pkt_addstring_str(",");
+ }
+ }
+ /* List server->client encryption algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < n_preferred_ciphers; i++) {
+ const struct ssh2_ciphers *c = preferred_ciphers[i];
+ if (!c) continue; /* warning flag */
+ for (j = 0; j < c->nciphers; j++) {
+ ssh2_pkt_addstring_str(c->list[j]->name);
+ if (i < n_preferred_ciphers || j < c->nciphers - 1)
+ ssh2_pkt_addstring_str(",");
+ }
+ }
+ /* List client->server MAC algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < nmacs; i++) {
+ ssh2_pkt_addstring_str(maclist[i]->name);
+ if (i < nmacs - 1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List server->client MAC algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < nmacs; i++) {
+ ssh2_pkt_addstring_str(maclist[i]->name);
+ if (i < nmacs - 1)
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List client->server compression algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(compressions) + 1; i++) {
+ const struct ssh_compress *c =
+ i == 0 ? preferred_comp : compressions[i - 1];
+ ssh2_pkt_addstring_str(c->name);
+ if (i < lenof(compressions))
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List server->client compression algorithms. */
+ ssh2_pkt_addstring_start();
+ for (i = 0; i < lenof(compressions) + 1; i++) {
+ const struct ssh_compress *c =
+ i == 0 ? preferred_comp : compressions[i - 1];
+ ssh2_pkt_addstring_str(c->name);
+ if (i < lenof(compressions))
+ ssh2_pkt_addstring_str(",");
+ }
+ /* List client->server languages. Empty list. */
+ ssh2_pkt_addstring_start();
+ /* List server->client languages. Empty list. */
+ ssh2_pkt_addstring_start();
+ /* First KEX packet does _not_ follow, because we're not that brave. */
+ ssh2_pkt_addbool(FALSE);
+ /* Reserved. */
+ ssh2_pkt_adduint32(0);
+
+ exhash = exhashbase;
+ sha_string(&exhash, pktout.data + 5, pktout.length - 5);
+
+ ssh2_pkt_send();
+
+ if (!ispkt)
+ crWaitUntil(ispkt);
+ sha_string(&exhash, pktin.data + 5, pktin.length - 5);
+
+ /*
+ * Now examine the other side's KEXINIT to see what we're up
+ * to.
+ */
+ if (pktin.type != SSH2_MSG_KEXINIT) {
+ bombout(("expected key exchange packet from server"));
+ crReturn(0);
+ }
+ kex = NULL;
+ hostkey = NULL;
+ cscipher_tobe = NULL;
+ sccipher_tobe = NULL;
+ csmac_tobe = NULL;
+ scmac_tobe = NULL;
+ cscomp_tobe = NULL;
+ sccomp_tobe = NULL;
+ pktin.savedpos += 16; /* skip garbage cookie */
+ ssh2_pkt_getstring(&str, &len); /* key exchange algorithms */
+ for (i = 0; i < lenof(kex_algs); i++) {
+ if (in_commasep_string(kex_algs[i]->name, str, len)) {
+ kex = kex_algs[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* host key algorithms */
+ for (i = 0; i < lenof(hostkey_algs); i++) {
+ if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
+ hostkey = hostkey_algs[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* client->server cipher */
+ warn = 0;
+ for (i = 0; i < n_preferred_ciphers; i++) {
+ const struct ssh2_ciphers *c = preferred_ciphers[i];
+ if (!c) {
+ warn = 1;
+ } else {
+ for (j = 0; j < c->nciphers; j++) {
+ if (in_commasep_string(c->list[j]->name, str, len)) {
+ cscipher_tobe = c->list[j];
+ break;
+ }
+ }
+ }
+ if (cscipher_tobe) {
+ if (warn)
+ askcipher(cscipher_tobe->name, 1);
+ break;
+ }
+ }
+ if (!cscipher_tobe) {
+ bombout(("Couldn't agree a client-to-server cipher (available: %s)", str));
+ crReturn(0);
+ }
+
+ ssh2_pkt_getstring(&str, &len); /* server->client cipher */
+ warn = 0;
+ for (i = 0; i < n_preferred_ciphers; i++) {
+ const struct ssh2_ciphers *c = preferred_ciphers[i];
+ if (!c) {
+ warn = 1;
+ } else {
+ for (j = 0; j < c->nciphers; j++) {
+ if (in_commasep_string(c->list[j]->name, str, len)) {
+ sccipher_tobe = c->list[j];
+ break;
+ }
+ }
+ }
+ if (sccipher_tobe) {
+ if (warn)
+ askcipher(sccipher_tobe->name, 2);
+ break;
+ }
+ }
+ if (!sccipher_tobe) {
+ bombout(("Couldn't agree a server-to-client cipher (available: %s)", str));
+ crReturn(0);
+ }
+
+ ssh2_pkt_getstring(&str, &len); /* client->server mac */
+ for (i = 0; i < nmacs; i++) {
+ if (in_commasep_string(maclist[i]->name, str, len)) {
+ csmac_tobe = maclist[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* server->client mac */
+ for (i = 0; i < nmacs; i++) {
+ if (in_commasep_string(maclist[i]->name, str, len)) {
+ scmac_tobe = maclist[i];
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* client->server compression */
+ for (i = 0; i < lenof(compressions) + 1; i++) {
+ const struct ssh_compress *c =
+ i == 0 ? preferred_comp : compressions[i - 1];
+ if (in_commasep_string(c->name, str, len)) {
+ cscomp_tobe = c;
+ break;
+ }
+ }
+ ssh2_pkt_getstring(&str, &len); /* server->client compression */
+ for (i = 0; i < lenof(compressions) + 1; i++) {
+ const struct ssh_compress *c =
+ i == 0 ? preferred_comp : compressions[i - 1];
+ if (in_commasep_string(c->name, str, len)) {
+ sccomp_tobe = c;
+ break;
+ }
+ }
+
+ /*
+ * Work out the number of bits of key we will need from the key
+ * exchange. We start with the maximum key length of either
+ * cipher...
+ */
+ {
+ int csbits, scbits;
+
+ csbits = cscipher_tobe->keylen;
+ scbits = sccipher_tobe->keylen;
+ nbits = (csbits > scbits ? csbits : scbits);
+ }
+ /* The keys only have 160-bit entropy, since they're based on
+ * a SHA-1 hash. So cap the key size at 160 bits. */
+ if (nbits > 160)
+ nbits = 160;
+
+ /*
+ * If we're doing Diffie-Hellman group exchange, start by
+ * requesting a group.
+ */
+ if (kex == &ssh_diffiehellman_gex) {
+ logevent("Doing Diffie-Hellman group exchange");
+ /*
+ * Work out how big a DH group we will need to allow that
+ * much data.
+ */
+ pbits = 512 << ((nbits - 1) / 64);
+ ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST);
+ ssh2_pkt_adduint32(pbits);
+ ssh2_pkt_send();
+
+ crWaitUntil(ispkt);
+ if (pktin.type != SSH2_MSG_KEX_DH_GEX_GROUP) {
+ bombout(("expected key exchange group packet from server"));
+ crReturn(0);
+ }
+ p = ssh2_pkt_getmp();
+ g = ssh2_pkt_getmp();
+ dh_setup_group(p, g);
+ kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
+ kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
+ } else {
+ dh_setup_group1();
+ kex_init_value = SSH2_MSG_KEXDH_INIT;
+ kex_reply_value = SSH2_MSG_KEXDH_REPLY;
+ }
+
+ logevent("Doing Diffie-Hellman key exchange");
+ /*
+ * Now generate and send e for Diffie-Hellman.
+ */
+ e = dh_create_e(nbits * 2);
+ ssh2_pkt_init(kex_init_value);
+ ssh2_pkt_addmp(e);
+ ssh2_pkt_send();
+
+ crWaitUntil(ispkt);
+ if (pktin.type != kex_reply_value) {
+ bombout(("expected key exchange reply packet from server"));
+ crReturn(0);
+ }
+ ssh2_pkt_getstring(&hostkeydata, &hostkeylen);
+ f = ssh2_pkt_getmp();
+ ssh2_pkt_getstring(&sigdata, &siglen);
+
+ K = dh_find_K(f);
+
+ sha_string(&exhash, hostkeydata, hostkeylen);
+ if (kex == &ssh_diffiehellman_gex) {
+ sha_uint32(&exhash, pbits);
+ sha_mpint(&exhash, p);
+ sha_mpint(&exhash, g);
+ }
+ sha_mpint(&exhash, e);
+ sha_mpint(&exhash, f);
+ sha_mpint(&exhash, K);
+ SHA_Final(&exhash, exchange_hash);
+
+ dh_cleanup();
+
+#if 0
+ debug(("Exchange hash is:\n"));
+ dmemdump(exchange_hash, 20);
+#endif
+
+ hkey = hostkey->newkey(hostkeydata, hostkeylen);
+ if (!hkey ||
+ !hostkey->verifysig(hkey, sigdata, siglen, exchange_hash, 20)) {
+ bombout(("Server's host key did not match the signature supplied"));
+ crReturn(0);
+ }
+
+ /*
+ * Authenticate remote host: verify host key. (We've already
+ * checked the signature of the exchange hash.)
+ */
+ keystr = hostkey->fmtkey(hkey);
+ fingerprint = hostkey->fingerprint(hkey);
+ verify_ssh_host_key(savedhost, savedport, hostkey->keytype,
+ keystr, fingerprint);
+ if (first_kex) { /* don't bother logging this in rekeys */
+ logevent("Host key fingerprint is:");
+ logevent(fingerprint);
+ }
+ sfree(fingerprint);
+ sfree(keystr);
+ hostkey->freekey(hkey);
+
+ /*
+ * Send SSH2_MSG_NEWKEYS.
+ */
+ ssh2_pkt_init(SSH2_MSG_NEWKEYS);
+ ssh2_pkt_send();
+
+ /*
+ * Expect SSH2_MSG_NEWKEYS from server.
+ */
+ crWaitUntil(ispkt);
+ if (pktin.type != SSH2_MSG_NEWKEYS) {
+ bombout(("expected new-keys packet from server"));
+ crReturn(0);
+ }
+
+ /*
+ * Create and initialise session keys.
+ */
+ cscipher = cscipher_tobe;
+ sccipher = sccipher_tobe;
+ csmac = csmac_tobe;
+ scmac = scmac_tobe;
+ cscomp = cscomp_tobe;
+ sccomp = sccomp_tobe;
+ cscomp->compress_init();
+ sccomp->decompress_init();
+ /*
+ * Set IVs after keys. Here we use the exchange hash from the
+ * _first_ key exchange.
+ */
+ if (first_kex)
+ memcpy(ssh2_session_id, exchange_hash, sizeof(exchange_hash));
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'C', keyspace);
+ cscipher->setcskey(keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'D', keyspace);
+ sccipher->setsckey(keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'A', keyspace);
+ cscipher->setcsiv(keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'B', keyspace);
+ sccipher->setsciv(keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'E', keyspace);
+ csmac->setcskey(keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'F', keyspace);
+ scmac->setsckey(keyspace);
+
+ /*
+ * If this is the first key exchange phase, we must pass the
+ * SSH2_MSG_NEWKEYS packet to the next layer, not because it
+ * wants to see it but because it will need time to initialise
+ * itself before it sees an actual packet. In subsequent key
+ * exchange phases, we don't pass SSH2_MSG_NEWKEYS on, because
+ * it would only confuse the layer above.
+ */
+ if (!first_kex) {
+ crReturn(0);
+ }
+ first_kex = 0;
+
+ /*
+ * Now we're encrypting. Begin returning 1 to the protocol main
+ * function so that other things can run on top of the
+ * transport. If we ever see a KEXINIT, we must go back to the
+ * start.
+ */
+ while (!(ispkt && pktin.type == SSH2_MSG_KEXINIT)) {
+ crReturn(1);
+ }
+ logevent("Server initiated key re-exchange");
+ goto begin_key_exchange;
+
+ crFinish(1);
+}
+
+/*
+ * Add data to an SSH2 channel output buffer.
+ */
+static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
+ int len)
+{
+ bufchain_add(&c->v.v2.outbuffer, buf, len);
+}
+
+/*
+ * Attempt to send data on an SSH2 channel.
+ */
+static int ssh2_try_send(struct ssh_channel *c)
+{
+ while (c->v.v2.remwindow > 0 && bufchain_size(&c->v.v2.outbuffer) > 0) {
+ int len;
+ void *data;
+ bufchain_prefix(&c->v.v2.outbuffer, &data, &len);
+ if ((unsigned)len > c->v.v2.remwindow)
+ len = c->v.v2.remwindow;
+ if ((unsigned)len > c->v.v2.remmaxpkt)
+ len = c->v.v2.remmaxpkt;
+ ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA);
+ ssh2_pkt_adduint32(c->remoteid);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(data, len);
+ ssh2_pkt_send();
+ bufchain_consume(&c->v.v2.outbuffer, len);
+ c->v.v2.remwindow -= len;
+ }
+
+ /*
+ * After having sent as much data as we can, return the amount
+ * still buffered.
+ */
+ return bufchain_size(&c->v.v2.outbuffer);
+}
+
+/*
+ * Potentially enlarge the window on an SSH2 channel.
+ */
+static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
+{
+ if (newwin > c->v.v2.locwindow) {
+ ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
+ ssh2_pkt_adduint32(c->remoteid);
+ ssh2_pkt_adduint32(newwin - c->v.v2.locwindow);
+ ssh2_pkt_send();
+ c->v.v2.locwindow = newwin;
+ }
+}
+
+/*
+ * Handle the SSH2 userauth and connection layers.
+ */
+static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
+{
+ static enum {
+ AUTH_INVALID, AUTH_PUBLICKEY_AGENT, AUTH_PUBLICKEY_FILE,
+ AUTH_PASSWORD,
+ AUTH_KEYBOARD_INTERACTIVE
+ } method;
+ static enum {
+ AUTH_TYPE_NONE,
+ AUTH_TYPE_PUBLICKEY,
+ AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
+ AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
+ AUTH_TYPE_PASSWORD,
+ AUTH_TYPE_KEYBOARD_INTERACTIVE,
+ AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
+ } type;
+ static int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
+ static int tried_pubkey_config, tried_agent, tried_keyb_inter;
+ static int kbd_inter_running;
+ static int we_are_in;
+ static int num_prompts, echo;
+ static char username[100];
+ static char pwprompt[200];
+ static char password[100];
+
+ crBegin;
+
+ /*
+ * Request userauth protocol, and await a response to it.
+ */
+ ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
+ ssh2_pkt_addstring("ssh-userauth");
+ ssh2_pkt_send();
+ crWaitUntilV(ispkt);
+ if (pktin.type != SSH2_MSG_SERVICE_ACCEPT) {
+ bombout(("Server refused user authentication protocol"));
+ crReturnV;
+ }
+
+ /*
+ * We repeat this whole loop, including the username prompt,
+ * until we manage a successful authentication. If the user
+ * types the wrong _password_, they are sent back to the
+ * beginning to try another username. (If they specify a
+ * username in the config, they are never asked, even if they
+ * do give a wrong password.)
+ *
+ * I think this best serves the needs of
+ *
+ * - the people who have no configuration, no keys, and just
+ * want to try repeated (username,password) pairs until they
+ * type both correctly
+ *
+ * - people who have keys and configuration but occasionally
+ * need to fall back to passwords
+ *
+ * - people with a key held in Pageant, who might not have
+ * logged in to a particular machine before; so they want to
+ * type a username, and then _either_ their key will be
+ * accepted, _or_ they will type a password. If they mistype
+ * the username they will want to be able to get back and
+ * retype it!
+ */
+ do {
+ static int pos;
+ static char c;
+
+ /*
+ * Get a username.
+ */
+ pos = 0;
+ if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
+ if (ssh_get_line) {
+ if (!ssh_get_line("login as: ",
+ username, sizeof(username), FALSE)) {
+ /*
+ * get_line failed to get a username.
+ * Terminate.
+ */
+ logevent("No username provided. Abandoning session.");
+ ssh_state = SSH_STATE_CLOSED;
+ crReturnV;
+ }
+ } else {
+ c_write_str("login as: ");
+ ssh_send_ok = 1;
+ while (pos >= 0) {
+ crWaitUntilV(!ispkt);
+ while (inlen--)
+ switch (c = *in++) {
+ case 10:
+ case 13:
+ username[pos] = 0;
+ pos = -1;
+ break;
+ case 8:
+ case 127:
+ if (pos > 0) {
+ c_write_str("\b \b");
+ pos--;
+ }
+ break;
+ case 21:
+ case 27:
+ while (pos > 0) {
+ c_write_str("\b \b");
+ pos--;
+ }
+ break;
+ case 3:
+ case 4:
+ random_save_seed();
+ exit(0);
+ break;
+ default:
+ if (((c >= ' ' && c <= '~') ||
+ ((unsigned char) c >= 160))
+ && pos < sizeof(username)-1) {
+ username[pos++] = c;
+ c_write(&c, 1);
+ }
+ break;
+ }
+ }
+ }
+ c_write_str("\r\n");
+ username[strcspn(username, "\n\r")] = '\0';
+ } else {
+ char stuff[200];
+ strncpy(username, cfg.username, 99);
+ username[99] = '\0';
+ if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
+ sprintf(stuff, "Using username \"%s\".\r\n", username);
+ c_write_str(stuff);
+ }
+ }
+
+ /*
+ * Send an authentication request using method "none": (a)
+ * just in case it succeeds, and (b) so that we know what
+ * authentication methods we can usefully try next.
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("none"); /* method */
+ ssh2_pkt_send();
+ type = AUTH_TYPE_NONE;
+ gotit = FALSE;
+ we_are_in = FALSE;
+
+ tried_pubkey_config = FALSE;
+ tried_agent = FALSE;
+ tried_keyb_inter = FALSE;
+ kbd_inter_running = FALSE;
+
+ while (1) {
+ /*
+ * Wait for the result of the last authentication request.
+ */
+ if (!gotit)
+ crWaitUntilV(ispkt);
+ while (pktin.type == SSH2_MSG_USERAUTH_BANNER) {
+ char *banner;
+ int size;
+ /*
+ * Don't show the banner if we're operating in
+ * non-verbose non-interactive mode. (It's probably
+ * a script, which means nobody will read the
+ * banner _anyway_, and moreover the printing of
+ * the banner will screw up processing on the
+ * output of (say) plink.)
+ */
+ if (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE)) {
+ ssh2_pkt_getstring(&banner, &size);
+ if (banner)
+ c_write_untrusted(banner, size);
+ }
+ crWaitUntilV(ispkt);
+ }
+ if (pktin.type == SSH2_MSG_USERAUTH_SUCCESS) {
+ logevent("Access granted");
+ we_are_in = TRUE;
+ break;
+ }
+
+ if (kbd_inter_running &&
+ pktin.type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
+ /*
+ * This is a further prompt in keyboard-interactive
+ * authentication. Do nothing.
+ */
+ } else if (pktin.type != SSH2_MSG_USERAUTH_FAILURE) {
+ bombout(("Strange packet received during authentication: type %d",
+ pktin.type));
+ crReturnV;
+ }
+
+ gotit = FALSE;
+
+ /*
+ * OK, we're now sitting on a USERAUTH_FAILURE message, so
+ * we can look at the string in it and know what we can
+ * helpfully try next.
+ */
+ if (pktin.type == SSH2_MSG_USERAUTH_FAILURE) {
+ char *methods;
+ int methlen;
+ ssh2_pkt_getstring(&methods, &methlen);
+ kbd_inter_running = FALSE;
+ if (!ssh2_pkt_getbool()) {
+ /*
+ * We have received an unequivocal Access
+ * Denied. This can translate to a variety of
+ * messages:
+ *
+ * - if we'd just tried "none" authentication,
+ * it's not worth printing anything at all
+ *
+ * - if we'd just tried a public key _offer_,
+ * the message should be "Server refused our
+ * key" (or no message at all if the key
+ * came from Pageant)
+ *
+ * - if we'd just tried anything else, the
+ * message really should be "Access denied".
+ *
+ * Additionally, if we'd just tried password
+ * authentication, we should break out of this
+ * whole loop so as to go back to the username
+ * prompt.
+ */
+ if (type == AUTH_TYPE_NONE) {
+ /* do nothing */
+ } else if (type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
+ type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
+ if (type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
+ c_write_str("Server refused our key\r\n");
+ logevent("Server refused public key");
+ } else if (type == AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
+ /* server declined keyboard-interactive; ignore */
+ } else {
+ c_write_str("Access denied\r\n");
+ logevent("Access denied");
+ if (type == AUTH_TYPE_PASSWORD) {
+ we_are_in = FALSE;
+ break;
+ }
+ }
+ } else {
+ c_write_str("Further authentication required\r\n");
+ logevent("Further authentication required");
+ }
+
+ can_pubkey =
+ in_commasep_string("publickey", methods, methlen);
+ can_passwd =
+ in_commasep_string("password", methods, methlen);
+ can_keyb_inter =
+ in_commasep_string("keyboard-interactive", methods, methlen);
+ }
+
+ method = 0;
+
+ if (!method && can_pubkey && agent_exists() && !tried_agent) {
+ /*
+ * Attempt public-key authentication using Pageant.
+ */
+ static unsigned char request[5], *response, *p;
+ static int responselen;
+ static int i, nkeys;
+ static int authed = FALSE;
+ void *r;
+
+ tried_agent = TRUE;
+
+ logevent("Pageant is running. Requesting keys.");
+
+ /* Request the keys held by the agent. */
+ PUT_32BIT(request, 1);
+ request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
+ agent_query(request, 5, &r, &responselen);
+ response = (unsigned char *) r;
+ if (response && responselen >= 5 &&
+ response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
+ p = response + 5;
+ nkeys = GET_32BIT(p);
+ p += 4;
+ {
+ char buf[64];
+ sprintf(buf, "Pageant has %d SSH2 keys", nkeys);
+ logevent(buf);
+ }
+ for (i = 0; i < nkeys; i++) {
+ static char *pkblob, *alg, *commentp;
+ static int pklen, alglen, commentlen;
+ static int siglen, retlen, len;
+ static char *q, *agentreq, *ret;
+ void *vret;
+
+ {
+ char buf[64];
+ sprintf(buf, "Trying Pageant key #%d", i);
+ logevent(buf);
+ }
+ pklen = GET_32BIT(p);
+ p += 4;
+ pkblob = p;
+ p += pklen;
+ alglen = GET_32BIT(pkblob);
+ alg = pkblob + 4;
+ commentlen = GET_32BIT(p);
+ p += 4;
+ commentp = p;
+ p += commentlen;
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey"); /* method */
+ ssh2_pkt_addbool(FALSE); /* no signature included */
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(alg, alglen);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pkblob, pklen);
+ ssh2_pkt_send();
+
+ crWaitUntilV(ispkt);
+ if (pktin.type != SSH2_MSG_USERAUTH_PK_OK) {
+ logevent("Key refused");
+ continue;
+ }
+
+ if (flags & FLAG_VERBOSE) {
+ c_write_str
+ ("Authenticating with public key \"");
+ c_write(commentp, commentlen);
+ c_write_str("\" from agent\r\n");
+ }
+
+ /*
+ * Server is willing to accept the key.
+ * Construct a SIGN_REQUEST.
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey"); /* method */
+ ssh2_pkt_addbool(TRUE);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(alg, alglen);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pkblob, pklen);
+
+ siglen = pktout.length - 5 + 4 + 20;
+ len = 1; /* message type */
+ len += 4 + pklen; /* key blob */
+ len += 4 + siglen; /* data to sign */
+ len += 4; /* flags */
+ agentreq = smalloc(4 + len);
+ PUT_32BIT(agentreq, len);
+ q = agentreq + 4;
+ *q++ = SSH2_AGENTC_SIGN_REQUEST;
+ PUT_32BIT(q, pklen);
+ q += 4;
+ memcpy(q, pkblob, pklen);
+ q += pklen;
+ PUT_32BIT(q, siglen);
+ q += 4;
+ /* Now the data to be signed... */
+ PUT_32BIT(q, 20);
+ q += 4;
+ memcpy(q, ssh2_session_id, 20);
+ q += 20;
+ memcpy(q, pktout.data + 5, pktout.length - 5);
+ q += pktout.length - 5;
+ /* And finally the (zero) flags word. */
+ PUT_32BIT(q, 0);
+ agent_query(agentreq, len + 4, &vret, &retlen);
+ ret = vret;
+ sfree(agentreq);
+ if (ret) {
+ if (ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
+ logevent("Sending Pageant's response");
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(ret + 9,
+ GET_32BIT(ret +
+ 5));
+ ssh2_pkt_send();
+ authed = TRUE;
+ break;
+ } else {
+ logevent
+ ("Pageant failed to answer challenge");
+ sfree(ret);
+ }
+ }
+ }
+ if (authed)
+ continue;
+ }
+ }
+
+ if (!method && can_pubkey && *cfg.keyfile
+ && !tried_pubkey_config) {
+ unsigned char *pub_blob;
+ char *algorithm, *comment;
+ int pub_blob_len;
+
+ tried_pubkey_config = TRUE;
+
+ /*
+ * Try the public key supplied in the configuration.
+ *
+ * First, offer the public blob to see if the server is
+ * willing to accept it.
+ */
+ pub_blob = ssh2_userkey_loadpub(cfg.keyfile, &algorithm,
+ &pub_blob_len);
+ if (pub_blob) {
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey"); /* method */
+ ssh2_pkt_addbool(FALSE); /* no signature included */
+ ssh2_pkt_addstring(algorithm);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pub_blob, pub_blob_len);
+ ssh2_pkt_send();
+ logevent("Offered public key"); /* FIXME */
+
+ crWaitUntilV(ispkt);
+ if (pktin.type != SSH2_MSG_USERAUTH_PK_OK) {
+ gotit = TRUE;
+ type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
+ continue; /* key refused; give up on it */
+ }
+
+ logevent("Offer of public key accepted");
+ /*
+ * Actually attempt a serious authentication using
+ * the key.
+ */
+ if (ssh2_userkey_encrypted(cfg.keyfile, &comment)) {
+ sprintf(pwprompt,
+ "Passphrase for key \"%.100s\": ",
+ comment);
+ need_pw = TRUE;
+ } else {
+ need_pw = FALSE;
+ }
+ c_write_str("Authenticating with public key \"");
+ c_write_str(comment);
+ c_write_str("\"\r\n");
+ method = AUTH_PUBLICKEY_FILE;
+ }
+ }
+
+ if (!method && can_keyb_inter && !tried_keyb_inter) {
+ method = AUTH_KEYBOARD_INTERACTIVE;
+ type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
+ tried_keyb_inter = TRUE;
+
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("keyboard-interactive"); /* method */
+ ssh2_pkt_addstring(""); /* lang */
+ ssh2_pkt_addstring("");
+ ssh2_pkt_send();
+
+ crWaitUntilV(ispkt);
+ if (pktin.type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
+ if (pktin.type == SSH2_MSG_USERAUTH_FAILURE)
+ gotit = TRUE;
+ logevent("Keyboard-interactive authentication refused");
+ type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
+ continue;
+ }
+
+ kbd_inter_running = TRUE;
+ }
+
+ if (kbd_inter_running) {
+ method = AUTH_KEYBOARD_INTERACTIVE;
+ type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
+ tried_keyb_inter = TRUE;
+
+ /* We've got packet with that "interactive" info
+ dump banners, and set its prompt as ours */
+ {
+ char *name, *inst, *lang, *prompt;
+ int name_len, inst_len, lang_len, prompt_len;
+ ssh2_pkt_getstring(&name, &name_len);
+ ssh2_pkt_getstring(&inst, &inst_len);
+ ssh2_pkt_getstring(&lang, &lang_len);
+ if (name_len > 0)
+ c_write_untrusted(name, name_len);
+ if (inst_len > 0)
+ c_write_untrusted(inst, inst_len);
+ num_prompts = ssh2_pkt_getuint32();
+
+ ssh2_pkt_getstring(&prompt, &prompt_len);
+ strncpy(pwprompt, prompt, sizeof(pwprompt));
+ pwprompt[prompt_len < sizeof(pwprompt) ?
+ prompt_len : sizeof(pwprompt)-1] = '\0';
+ need_pw = TRUE;
+
+ echo = ssh2_pkt_getbool();
+ }
+ }
+
+ if (!method && can_passwd) {
+ method = AUTH_PASSWORD;
+ sprintf(pwprompt, "%.90s@%.90s's password: ", username,
+ savedhost);
+ need_pw = TRUE;
+ }
+
+ if (need_pw) {
+ if (ssh_get_line) {
+ if (!ssh_get_line(pwprompt, password,
+ sizeof(password), TRUE)) {
+ /*
+ * get_line failed to get a password (for
+ * example because one was supplied on the
+ * command line which has already failed to
+ * work). Terminate.
+ */
+ ssh2_pkt_init(SSH2_MSG_DISCONNECT);
+ ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
+ ssh2_pkt_addstring
+ ("No more passwords available to try");
+ ssh2_pkt_addstring("en"); /* language tag */
+ ssh2_pkt_send();
+ connection_fatal("Unable to authenticate");
+ ssh_state = SSH_STATE_CLOSED;
+ crReturnV;
+ }
+ } else {
+ static int pos = 0;
+ static char c;
+
+ c_write_untrusted(pwprompt, strlen(pwprompt));
+ ssh_send_ok = 1;
+
+ pos = 0;
+ while (pos >= 0) {
+ crWaitUntilV(!ispkt);
+ while (inlen--)
+ switch (c = *in++) {
+ case 10:
+ case 13:
+ password[pos] = 0;
+ pos = -1;
+ break;
+ case 8:
+ case 127:
+ if (pos > 0)
+ pos--;
+ break;
+ case 21:
+ case 27:
+ pos = 0;
+ break;
+ case 3:
+ case 4:
+ random_save_seed();
+ exit(0);
+ break;
+ default:
+ if (pos < sizeof(password)-1)
+ password[pos++] = c;
+ break;
+ }