27 #define SSH1_MSG_DISCONNECT 1 /* 0x1 */
28 #define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */
29 #define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */
30 #define SSH1_CMSG_USER 4 /* 0x4 */
31 #define SSH1_CMSG_AUTH_RSA 6 /* 0x6 */
32 #define SSH1_SMSG_AUTH_RSA_CHALLENGE 7 /* 0x7 */
33 #define SSH1_CMSG_AUTH_RSA_RESPONSE 8 /* 0x8 */
34 #define SSH1_CMSG_AUTH_PASSWORD 9 /* 0x9 */
35 #define SSH1_CMSG_REQUEST_PTY 10 /* 0xa */
36 #define SSH1_CMSG_WINDOW_SIZE 11 /* 0xb */
37 #define SSH1_CMSG_EXEC_SHELL 12 /* 0xc */
38 #define SSH1_CMSG_EXEC_CMD 13 /* 0xd */
39 #define SSH1_SMSG_SUCCESS 14 /* 0xe */
40 #define SSH1_SMSG_FAILURE 15 /* 0xf */
41 #define SSH1_CMSG_STDIN_DATA 16 /* 0x10 */
42 #define SSH1_SMSG_STDOUT_DATA 17 /* 0x11 */
43 #define SSH1_SMSG_STDERR_DATA 18 /* 0x12 */
44 #define SSH1_CMSG_EOF 19 /* 0x13 */
45 #define SSH1_SMSG_EXIT_STATUS 20 /* 0x14 */
46 #define SSH1_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* 0x15 */
47 #define SSH1_MSG_CHANNEL_OPEN_FAILURE 22 /* 0x16 */
48 #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */
49 #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */
50 #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */
51 #define SSH1_SMSG_X11_OPEN 27 /* 0x1b */
52 #define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */
53 #define SSH1_MSG_PORT_OPEN 29 /* 0x1d */
54 #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */
55 #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */
56 #define SSH1_MSG_IGNORE 32 /* 0x20 */
57 #define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */
58 #define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */
59 #define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */
60 #define SSH1_MSG_DEBUG 36 /* 0x24 */
61 #define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */
62 #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */
63 #define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */
64 #define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */
65 #define SSH1_CMSG_AUTH_CCARD 70 /* 0x46 */
66 #define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71 /* 0x47 */
67 #define SSH1_CMSG_AUTH_CCARD_RESPONSE 72 /* 0x48 */
69 #define SSH1_AUTH_RHOSTS 1 /* 0x1 */
70 #define SSH1_AUTH_RSA 2 /* 0x2 */
71 #define SSH1_AUTH_PASSWORD 3 /* 0x3 */
72 #define SSH1_AUTH_RHOSTS_RSA 4 /* 0x4 */
73 #define SSH1_AUTH_TIS 5 /* 0x5 */
74 #define SSH1_AUTH_CCARD 16 /* 0x10 */
76 #define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
77 /* Mask for protoflags we will echo back to server if seen */
78 #define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
80 #define SSH2_MSG_DISCONNECT 1 /* 0x1 */
81 #define SSH2_MSG_IGNORE 2 /* 0x2 */
82 #define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
83 #define SSH2_MSG_DEBUG 4 /* 0x4 */
84 #define SSH2_MSG_SERVICE_REQUEST 5 /* 0x5 */
85 #define SSH2_MSG_SERVICE_ACCEPT 6 /* 0x6 */
86 #define SSH2_MSG_KEXINIT 20 /* 0x14 */
87 #define SSH2_MSG_NEWKEYS 21 /* 0x15 */
88 #define SSH2_MSG_KEXDH_INIT 30 /* 0x1e */
89 #define SSH2_MSG_KEXDH_REPLY 31 /* 0x1f */
90 #define SSH2_MSG_KEX_DH_GEX_REQUEST 30 /* 0x1e */
91 #define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
92 #define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
93 #define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
94 #define SSH2_MSG_KEXRSA_PUBKEY 30 /* 0x1e */
95 #define SSH2_MSG_KEXRSA_SECRET 31 /* 0x1f */
96 #define SSH2_MSG_KEXRSA_DONE 32 /* 0x20 */
97 #define SSH2_MSG_USERAUTH_REQUEST 50 /* 0x32 */
98 #define SSH2_MSG_USERAUTH_FAILURE 51 /* 0x33 */
99 #define SSH2_MSG_USERAUTH_SUCCESS 52 /* 0x34 */
100 #define SSH2_MSG_USERAUTH_BANNER 53 /* 0x35 */
101 #define SSH2_MSG_USERAUTH_PK_OK 60 /* 0x3c */
102 #define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 /* 0x3c */
103 #define SSH2_MSG_USERAUTH_INFO_REQUEST 60 /* 0x3c */
104 #define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 /* 0x3d */
105 #define SSH2_MSG_GLOBAL_REQUEST 80 /* 0x50 */
106 #define SSH2_MSG_REQUEST_SUCCESS 81 /* 0x51 */
107 #define SSH2_MSG_REQUEST_FAILURE 82 /* 0x52 */
108 #define SSH2_MSG_CHANNEL_OPEN 90 /* 0x5a */
109 #define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 /* 0x5b */
110 #define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 /* 0x5c */
111 #define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 /* 0x5d */
112 #define SSH2_MSG_CHANNEL_DATA 94 /* 0x5e */
113 #define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 /* 0x5f */
114 #define SSH2_MSG_CHANNEL_EOF 96 /* 0x60 */
115 #define SSH2_MSG_CHANNEL_CLOSE 97 /* 0x61 */
116 #define SSH2_MSG_CHANNEL_REQUEST 98 /* 0x62 */
117 #define SSH2_MSG_CHANNEL_SUCCESS 99 /* 0x63 */
118 #define SSH2_MSG_CHANNEL_FAILURE 100 /* 0x64 */
119 #define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
120 #define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
121 #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
122 #define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
123 #define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
124 #define SSH2_MSG_USERAUTH_GSSAPI_MIC 66
127 * Packet type contexts, so that ssh2_pkt_type can correctly decode
128 * the ambiguous type numbers back into the correct type strings.
138 SSH2_PKTCTX_PUBLICKEY,
139 SSH2_PKTCTX_PASSWORD,
144 #define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
145 #define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
146 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
147 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
148 #define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
149 #define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
150 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
151 #define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
152 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
153 #define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
154 #define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
155 #define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
156 #define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
157 #define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
158 #define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
160 static const char *const ssh2_disconnect_reasons[] = {
162 "host not allowed to connect",
164 "key exchange failed",
165 "host authentication failed",
168 "service not available",
169 "protocol version not supported",
170 "host key not verifiable",
173 "too many connections",
174 "auth cancelled by user",
175 "no more auth methods available",
179 #define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
180 #define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
181 #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
182 #define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
184 #define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
187 * Various remote-bug flags.
189 #define BUG_CHOKES_ON_SSH1_IGNORE 1
190 #define BUG_SSH2_HMAC 2
191 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
192 #define BUG_CHOKES_ON_RSA 8
193 #define BUG_SSH2_RSA_PADDING 16
194 #define BUG_SSH2_DERIVEKEY 32
195 #define BUG_SSH2_REKEY 64
196 #define BUG_SSH2_PK_SESSIONID 128
197 #define BUG_SSH2_MAXPKT 256
198 #define BUG_CHOKES_ON_SSH2_IGNORE 512
201 * Codes for terminal modes.
202 * Most of these are the same in SSH-1 and SSH-2.
203 * This list is derived from RFC 4254 and
206 static const struct {
207 const char* const mode;
209 enum { TTY_OP_CHAR, TTY_OP_BOOL } type;
211 /* "V" prefix discarded for special characters relative to SSH specs */
212 { "INTR", 1, TTY_OP_CHAR },
213 { "QUIT", 2, TTY_OP_CHAR },
214 { "ERASE", 3, TTY_OP_CHAR },
215 { "KILL", 4, TTY_OP_CHAR },
216 { "EOF", 5, TTY_OP_CHAR },
217 { "EOL", 6, TTY_OP_CHAR },
218 { "EOL2", 7, TTY_OP_CHAR },
219 { "START", 8, TTY_OP_CHAR },
220 { "STOP", 9, TTY_OP_CHAR },
221 { "SUSP", 10, TTY_OP_CHAR },
222 { "DSUSP", 11, TTY_OP_CHAR },
223 { "REPRINT", 12, TTY_OP_CHAR },
224 { "WERASE", 13, TTY_OP_CHAR },
225 { "LNEXT", 14, TTY_OP_CHAR },
226 { "FLUSH", 15, TTY_OP_CHAR },
227 { "SWTCH", 16, TTY_OP_CHAR },
228 { "STATUS", 17, TTY_OP_CHAR },
229 { "DISCARD", 18, TTY_OP_CHAR },
230 { "IGNPAR", 30, TTY_OP_BOOL },
231 { "PARMRK", 31, TTY_OP_BOOL },
232 { "INPCK", 32, TTY_OP_BOOL },
233 { "ISTRIP", 33, TTY_OP_BOOL },
234 { "INLCR", 34, TTY_OP_BOOL },
235 { "IGNCR", 35, TTY_OP_BOOL },
236 { "ICRNL", 36, TTY_OP_BOOL },
237 { "IUCLC", 37, TTY_OP_BOOL },
238 { "IXON", 38, TTY_OP_BOOL },
239 { "IXANY", 39, TTY_OP_BOOL },
240 { "IXOFF", 40, TTY_OP_BOOL },
241 { "IMAXBEL", 41, TTY_OP_BOOL },
242 { "ISIG", 50, TTY_OP_BOOL },
243 { "ICANON", 51, TTY_OP_BOOL },
244 { "XCASE", 52, TTY_OP_BOOL },
245 { "ECHO", 53, TTY_OP_BOOL },
246 { "ECHOE", 54, TTY_OP_BOOL },
247 { "ECHOK", 55, TTY_OP_BOOL },
248 { "ECHONL", 56, TTY_OP_BOOL },
249 { "NOFLSH", 57, TTY_OP_BOOL },
250 { "TOSTOP", 58, TTY_OP_BOOL },
251 { "IEXTEN", 59, TTY_OP_BOOL },
252 { "ECHOCTL", 60, TTY_OP_BOOL },
253 { "ECHOKE", 61, TTY_OP_BOOL },
254 { "PENDIN", 62, TTY_OP_BOOL }, /* XXX is this a real mode? */
255 { "OPOST", 70, TTY_OP_BOOL },
256 { "OLCUC", 71, TTY_OP_BOOL },
257 { "ONLCR", 72, TTY_OP_BOOL },
258 { "OCRNL", 73, TTY_OP_BOOL },
259 { "ONOCR", 74, TTY_OP_BOOL },
260 { "ONLRET", 75, TTY_OP_BOOL },
261 { "CS7", 90, TTY_OP_BOOL },
262 { "CS8", 91, TTY_OP_BOOL },
263 { "PARENB", 92, TTY_OP_BOOL },
264 { "PARODD", 93, TTY_OP_BOOL }
267 /* Miscellaneous other tty-related constants. */
268 #define SSH_TTY_OP_END 0
269 /* The opcodes for ISPEED/OSPEED differ between SSH-1 and SSH-2. */
270 #define SSH1_TTY_OP_ISPEED 192
271 #define SSH1_TTY_OP_OSPEED 193
272 #define SSH2_TTY_OP_ISPEED 128
273 #define SSH2_TTY_OP_OSPEED 129
275 /* Helper functions for parsing tty-related config. */
276 static unsigned int ssh_tty_parse_specchar(char *s)
281 ret = ctrlparse(s, &next);
282 if (!next) ret = s[0];
284 ret = 255; /* special value meaning "don't set" */
288 static unsigned int ssh_tty_parse_boolean(char *s)
290 if (stricmp(s, "yes") == 0 ||
291 stricmp(s, "on") == 0 ||
292 stricmp(s, "true") == 0 ||
293 stricmp(s, "+") == 0)
295 else if (stricmp(s, "no") == 0 ||
296 stricmp(s, "off") == 0 ||
297 stricmp(s, "false") == 0 ||
298 stricmp(s, "-") == 0)
299 return 0; /* false */
301 return (atoi(s) != 0);
304 #define translate(x) if (type == x) return #x
305 #define translatek(x,ctx) if (type == x && (pkt_kctx == ctx)) return #x
306 #define translatea(x,ctx) if (type == x && (pkt_actx == ctx)) return #x
307 static char *ssh1_pkt_type(int type)
309 translate(SSH1_MSG_DISCONNECT);
310 translate(SSH1_SMSG_PUBLIC_KEY);
311 translate(SSH1_CMSG_SESSION_KEY);
312 translate(SSH1_CMSG_USER);
313 translate(SSH1_CMSG_AUTH_RSA);
314 translate(SSH1_SMSG_AUTH_RSA_CHALLENGE);
315 translate(SSH1_CMSG_AUTH_RSA_RESPONSE);
316 translate(SSH1_CMSG_AUTH_PASSWORD);
317 translate(SSH1_CMSG_REQUEST_PTY);
318 translate(SSH1_CMSG_WINDOW_SIZE);
319 translate(SSH1_CMSG_EXEC_SHELL);
320 translate(SSH1_CMSG_EXEC_CMD);
321 translate(SSH1_SMSG_SUCCESS);
322 translate(SSH1_SMSG_FAILURE);
323 translate(SSH1_CMSG_STDIN_DATA);
324 translate(SSH1_SMSG_STDOUT_DATA);
325 translate(SSH1_SMSG_STDERR_DATA);
326 translate(SSH1_CMSG_EOF);
327 translate(SSH1_SMSG_EXIT_STATUS);
328 translate(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION);
329 translate(SSH1_MSG_CHANNEL_OPEN_FAILURE);
330 translate(SSH1_MSG_CHANNEL_DATA);
331 translate(SSH1_MSG_CHANNEL_CLOSE);
332 translate(SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION);
333 translate(SSH1_SMSG_X11_OPEN);
334 translate(SSH1_CMSG_PORT_FORWARD_REQUEST);
335 translate(SSH1_MSG_PORT_OPEN);
336 translate(SSH1_CMSG_AGENT_REQUEST_FORWARDING);
337 translate(SSH1_SMSG_AGENT_OPEN);
338 translate(SSH1_MSG_IGNORE);
339 translate(SSH1_CMSG_EXIT_CONFIRMATION);
340 translate(SSH1_CMSG_X11_REQUEST_FORWARDING);
341 translate(SSH1_CMSG_AUTH_RHOSTS_RSA);
342 translate(SSH1_MSG_DEBUG);
343 translate(SSH1_CMSG_REQUEST_COMPRESSION);
344 translate(SSH1_CMSG_AUTH_TIS);
345 translate(SSH1_SMSG_AUTH_TIS_CHALLENGE);
346 translate(SSH1_CMSG_AUTH_TIS_RESPONSE);
347 translate(SSH1_CMSG_AUTH_CCARD);
348 translate(SSH1_SMSG_AUTH_CCARD_CHALLENGE);
349 translate(SSH1_CMSG_AUTH_CCARD_RESPONSE);
352 static char *ssh2_pkt_type(Pkt_KCtx pkt_kctx, Pkt_ACtx pkt_actx, int type)
354 translatea(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE,SSH2_PKTCTX_GSSAPI);
355 translatea(SSH2_MSG_USERAUTH_GSSAPI_TOKEN,SSH2_PKTCTX_GSSAPI);
356 translatea(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,SSH2_PKTCTX_GSSAPI);
357 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERROR,SSH2_PKTCTX_GSSAPI);
358 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK,SSH2_PKTCTX_GSSAPI);
359 translatea(SSH2_MSG_USERAUTH_GSSAPI_MIC, SSH2_PKTCTX_GSSAPI);
360 translate(SSH2_MSG_DISCONNECT);
361 translate(SSH2_MSG_IGNORE);
362 translate(SSH2_MSG_UNIMPLEMENTED);
363 translate(SSH2_MSG_DEBUG);
364 translate(SSH2_MSG_SERVICE_REQUEST);
365 translate(SSH2_MSG_SERVICE_ACCEPT);
366 translate(SSH2_MSG_KEXINIT);
367 translate(SSH2_MSG_NEWKEYS);
368 translatek(SSH2_MSG_KEXDH_INIT, SSH2_PKTCTX_DHGROUP);
369 translatek(SSH2_MSG_KEXDH_REPLY, SSH2_PKTCTX_DHGROUP);
370 translatek(SSH2_MSG_KEX_DH_GEX_REQUEST, SSH2_PKTCTX_DHGEX);
371 translatek(SSH2_MSG_KEX_DH_GEX_GROUP, SSH2_PKTCTX_DHGEX);
372 translatek(SSH2_MSG_KEX_DH_GEX_INIT, SSH2_PKTCTX_DHGEX);
373 translatek(SSH2_MSG_KEX_DH_GEX_REPLY, SSH2_PKTCTX_DHGEX);
374 translatek(SSH2_MSG_KEXRSA_PUBKEY, SSH2_PKTCTX_RSAKEX);
375 translatek(SSH2_MSG_KEXRSA_SECRET, SSH2_PKTCTX_RSAKEX);
376 translatek(SSH2_MSG_KEXRSA_DONE, SSH2_PKTCTX_RSAKEX);
377 translate(SSH2_MSG_USERAUTH_REQUEST);
378 translate(SSH2_MSG_USERAUTH_FAILURE);
379 translate(SSH2_MSG_USERAUTH_SUCCESS);
380 translate(SSH2_MSG_USERAUTH_BANNER);
381 translatea(SSH2_MSG_USERAUTH_PK_OK, SSH2_PKTCTX_PUBLICKEY);
382 translatea(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, SSH2_PKTCTX_PASSWORD);
383 translatea(SSH2_MSG_USERAUTH_INFO_REQUEST, SSH2_PKTCTX_KBDINTER);
384 translatea(SSH2_MSG_USERAUTH_INFO_RESPONSE, SSH2_PKTCTX_KBDINTER);
385 translate(SSH2_MSG_GLOBAL_REQUEST);
386 translate(SSH2_MSG_REQUEST_SUCCESS);
387 translate(SSH2_MSG_REQUEST_FAILURE);
388 translate(SSH2_MSG_CHANNEL_OPEN);
389 translate(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
390 translate(SSH2_MSG_CHANNEL_OPEN_FAILURE);
391 translate(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
392 translate(SSH2_MSG_CHANNEL_DATA);
393 translate(SSH2_MSG_CHANNEL_EXTENDED_DATA);
394 translate(SSH2_MSG_CHANNEL_EOF);
395 translate(SSH2_MSG_CHANNEL_CLOSE);
396 translate(SSH2_MSG_CHANNEL_REQUEST);
397 translate(SSH2_MSG_CHANNEL_SUCCESS);
398 translate(SSH2_MSG_CHANNEL_FAILURE);
404 /* Enumeration values for fields in SSH-1 packets */
406 PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM,
407 /* These values are for communicating relevant semantics of
408 * fields to the packet logging code. */
409 PKTT_OTHER, PKTT_PASSWORD, PKTT_DATA
413 * Coroutine mechanics for the sillier bits of the code. If these
414 * macros look impenetrable to you, you might find it helpful to
417 * http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
419 * which explains the theory behind these macros.
421 * In particular, if you are getting `case expression not constant'
422 * errors when building with MS Visual Studio, this is because MS's
423 * Edit and Continue debugging feature causes their compiler to
424 * violate ANSI C. To disable Edit and Continue debugging:
426 * - right-click ssh.c in the FileView
428 * - select the C/C++ tab and the General category
429 * - under `Debug info:', select anything _other_ than `Program
430 * Database for Edit and Continue'.
432 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
435 if (!ssh->t) ssh->t = snew(struct t); \
437 #define crFinish(z) } *crLine = 0; return (z); }
438 #define crFinishV } *crLine = 0; return; }
439 #define crReturn(z) \
441 *crLine =__LINE__; return (z); case __LINE__:;\
445 *crLine=__LINE__; return; case __LINE__:;\
447 #define crStop(z) do{ *crLine = 0; return (z); }while(0)
448 #define crStopV do{ *crLine = 0; return; }while(0)
449 #define crWaitUntil(c) do { crReturn(0); } while (!(c))
450 #define crWaitUntilV(c) do { crReturnV; } while (!(c))
452 typedef struct ssh_tag *Ssh;
455 static struct Packet *ssh1_pkt_init(int pkt_type);
456 static struct Packet *ssh2_pkt_init(int pkt_type);
457 static void ssh_pkt_ensure(struct Packet *, int length);
458 static void ssh_pkt_adddata(struct Packet *, void *data, int len);
459 static void ssh_pkt_addbyte(struct Packet *, unsigned char value);
460 static void ssh2_pkt_addbool(struct Packet *, unsigned char value);
461 static void ssh_pkt_adduint32(struct Packet *, unsigned long value);
462 static void ssh_pkt_addstring_start(struct Packet *);
463 static void ssh_pkt_addstring_str(struct Packet *, char *data);
464 static void ssh_pkt_addstring_data(struct Packet *, char *data, int len);
465 static void ssh_pkt_addstring(struct Packet *, char *data);
466 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len);
467 static void ssh1_pkt_addmp(struct Packet *, Bignum b);
468 static void ssh2_pkt_addmp(struct Packet *, Bignum b);
469 static int ssh2_pkt_construct(Ssh, struct Packet *);
470 static void ssh2_pkt_send(Ssh, struct Packet *);
471 static void ssh2_pkt_send_noqueue(Ssh, struct Packet *);
472 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
473 struct Packet *pktin);
474 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
475 struct Packet *pktin);
476 static void ssh_channel_destroy(struct ssh_channel *c);
479 * Buffer management constants. There are several of these for
480 * various different purposes:
482 * - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
483 * on a local data stream before we throttle the whole SSH
484 * connection (in SSH-1 only). Throttling the whole connection is
485 * pretty drastic so we set this high in the hope it won't
488 * - SSH_MAX_BACKLOG is the amount of backlog that must build up
489 * on the SSH connection itself before we defensively throttle
490 * _all_ local data streams. This is pretty drastic too (though
491 * thankfully unlikely in SSH-2 since the window mechanism should
492 * ensure that the server never has any need to throttle its end
493 * of the connection), so we set this high as well.
495 * - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
498 * - OUR_V2_BIGWIN is the window size we advertise for the only
499 * channel in a simple connection. It must be <= INT_MAX.
501 * - OUR_V2_MAXPKT is the official "maximum packet size" we send
502 * to the remote side. This actually has nothing to do with the
503 * size of the _packet_, but is instead a limit on the amount
504 * of data we're willing to receive in a single SSH2 channel
507 * - OUR_V2_PACKETLIMIT is actually the maximum size of SSH
508 * _packet_ we're prepared to cope with. It must be a multiple
509 * of the cipher block size, and must be at least 35000.
512 #define SSH1_BUFFER_LIMIT 32768
513 #define SSH_MAX_BACKLOG 32768
514 #define OUR_V2_WINSIZE 16384
515 #define OUR_V2_BIGWIN 0x7fffffff
516 #define OUR_V2_MAXPKT 0x4000UL
517 #define OUR_V2_PACKETLIMIT 0x9000UL
519 /* Maximum length of passwords/passphrases (arbitrary) */
520 #define SSH_MAX_PASSWORD_LEN 100
522 const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
524 const static struct ssh_mac *macs[] = {
525 &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
527 const static struct ssh_mac *buggymacs[] = {
528 &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5
531 static void *ssh_comp_none_init(void)
535 static void ssh_comp_none_cleanup(void *handle)
538 static int ssh_comp_none_block(void *handle, unsigned char *block, int len,
539 unsigned char **outblock, int *outlen)
543 static int ssh_comp_none_disable(void *handle)
547 const static struct ssh_compress ssh_comp_none = {
549 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
550 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
551 ssh_comp_none_disable, NULL
553 extern const struct ssh_compress ssh_zlib;
554 const static struct ssh_compress *compressions[] = {
555 &ssh_zlib, &ssh_comp_none
558 enum { /* channel types */
563 CHAN_SOCKDATA_DORMANT /* one the remote hasn't confirmed */
567 * little structure to keep track of outstanding WINDOW_ADJUSTs
575 * 2-3-4 tree storing channels.
578 Ssh ssh; /* pointer back to main context */
579 unsigned remoteid, localid;
581 /* True if we opened this channel but server hasn't confirmed. */
584 * In SSH-1, this value contains four bits:
586 * 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
587 * 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
588 * 4 We have received SSH1_MSG_CHANNEL_CLOSE.
589 * 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
591 * A channel is completely finished with when all four bits are set.
593 * In SSH-2, the four bits mean:
595 * 1 We have sent SSH2_MSG_CHANNEL_EOF.
596 * 2 We have sent SSH2_MSG_CHANNEL_CLOSE.
597 * 4 We have received SSH2_MSG_CHANNEL_EOF.
598 * 8 We have received SSH2_MSG_CHANNEL_CLOSE.
600 * A channel is completely finished with when we have both sent
601 * and received CLOSE.
603 * The symbolic constants below use the SSH-2 terminology, which
604 * is a bit confusing in SSH-1, but we have to use _something_.
606 #define CLOSES_SENT_EOF 1
607 #define CLOSES_SENT_CLOSE 2
608 #define CLOSES_RCVD_EOF 4
609 #define CLOSES_RCVD_CLOSE 8
613 * This flag indicates that an EOF is pending on the outgoing side
614 * of the channel: that is, wherever we're getting the data for
615 * this channel has sent us some data followed by EOF. We can't
616 * actually send the EOF until we've finished sending the data, so
617 * we set this flag instead to remind us to do so once our buffer
623 * True if this channel is causing the underlying connection to be
628 struct ssh2_data_channel {
630 unsigned remwindow, remmaxpkt;
631 /* locwindow is signed so we can cope with excess data. */
632 int locwindow, locmaxwin;
634 * remlocwin is the amount of local window that we think
635 * the remote end had available to it after it sent the
636 * last data packet or window adjust ack.
640 * These store the list of window adjusts that haven't
643 struct winadj *winadj_head, *winadj_tail;
644 enum { THROTTLED, UNTHROTTLING, UNTHROTTLED } throttle_state;
648 struct ssh_agent_channel {
649 unsigned char *message;
650 unsigned char msglen[4];
651 unsigned lensofar, totallen;
653 struct ssh_x11_channel {
656 struct ssh_pfd_channel {
663 * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
664 * use this structure in different ways, reflecting SSH-2's
665 * altogether saner approach to port forwarding.
667 * In SSH-1, you arrange a remote forwarding by sending the server
668 * the remote port number, and the local destination host:port.
669 * When a connection comes in, the server sends you back that
670 * host:port pair, and you connect to it. This is a ready-made
671 * security hole if you're not on the ball: a malicious server
672 * could send you back _any_ host:port pair, so if you trustingly
673 * connect to the address it gives you then you've just opened the
674 * entire inside of your corporate network just by connecting
675 * through it to a dodgy SSH server. Hence, we must store a list of
676 * host:port pairs we _are_ trying to forward to, and reject a
677 * connection request from the server if it's not in the list.
679 * In SSH-2, each side of the connection minds its own business and
680 * doesn't send unnecessary information to the other. You arrange a
681 * remote forwarding by sending the server just the remote port
682 * number. When a connection comes in, the server tells you which
683 * of its ports was connected to; and _you_ have to remember what
684 * local host:port pair went with that port number.
686 * Hence, in SSH-1 this structure is indexed by destination
687 * host:port pair, whereas in SSH-2 it is indexed by source port.
689 struct ssh_portfwd; /* forward declaration */
691 struct ssh_rportfwd {
692 unsigned sport, dport;
695 struct ssh_portfwd *pfrec;
697 #define free_rportfwd(pf) ( \
698 ((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) )
701 * Separately to the rportfwd tree (which is for looking up port
702 * open requests from the server), a tree of _these_ structures is
703 * used to keep track of all the currently open port forwardings,
704 * so that we can reconfigure in mid-session if the user requests
708 enum { DESTROY, KEEP, CREATE } status;
710 unsigned sport, dport;
713 struct ssh_rportfwd *remote;
717 #define free_portfwd(pf) ( \
718 ((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr), \
719 sfree((pf)->sserv), sfree((pf)->dserv)) : (void)0 ), sfree(pf) )
722 long length; /* length of `data' actually used */
723 long forcepad; /* SSH-2: force padding to at least this length */
724 int type; /* only used for incoming packets */
725 unsigned long sequence; /* SSH-2 incoming sequence number */
726 unsigned char *data; /* allocated storage */
727 unsigned char *body; /* offset of payload within `data' */
728 long savedpos; /* temporary index into `data' (for strings) */
729 long maxlen; /* amount of storage allocated for `data' */
730 long encrypted_len; /* for SSH-2 total-size counting */
733 * State associated with packet logging
737 struct logblank_t *blanks;
740 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
741 struct Packet *pktin);
742 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
743 struct Packet *pktin);
744 static void ssh1_protocol_setup(Ssh ssh);
745 static void ssh2_protocol_setup(Ssh ssh);
746 static void ssh_size(void *handle, int width, int height);
747 static void ssh_special(void *handle, Telnet_Special);
748 static int ssh2_try_send(struct ssh_channel *c);
749 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len);
750 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize);
751 static void ssh2_set_window(struct ssh_channel *c, int newwin);
752 static int ssh_sendbuffer(void *handle);
753 static int ssh_do_close(Ssh ssh, int notify_exit);
754 static unsigned long ssh_pkt_getuint32(struct Packet *pkt);
755 static int ssh2_pkt_getbool(struct Packet *pkt);
756 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length);
757 static void ssh2_timer(void *ctx, long now);
758 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
759 struct Packet *pktin);
761 struct rdpkt1_state_tag {
762 long len, pad, biglen, to_read;
763 unsigned long realcrc, gotcrc;
767 struct Packet *pktin;
770 struct rdpkt2_state_tag {
771 long len, pad, payload, packetlen, maclen;
774 unsigned long incoming_sequence;
775 struct Packet *pktin;
778 typedef void (*handler_fn_t)(Ssh ssh, struct Packet *pktin);
779 typedef void (*chandler_fn_t)(Ssh ssh, struct Packet *pktin, void *ctx);
781 struct queued_handler;
782 struct queued_handler {
784 chandler_fn_t handler;
786 struct queued_handler *next;
790 const struct plug_function_table *fn;
791 /* the above field _must_ be first in the structure */
801 unsigned char session_key[32];
803 int v1_remote_protoflags;
804 int v1_local_protoflags;
805 int agentfwd_enabled;
808 const struct ssh_cipher *cipher;
811 const struct ssh2_cipher *cscipher, *sccipher;
812 void *cs_cipher_ctx, *sc_cipher_ctx;
813 const struct ssh_mac *csmac, *scmac;
814 void *cs_mac_ctx, *sc_mac_ctx;
815 const struct ssh_compress *cscomp, *sccomp;
816 void *cs_comp_ctx, *sc_comp_ctx;
817 const struct ssh_kex *kex;
818 const struct ssh_signkey *hostkey;
819 unsigned char v2_session_id[SSH2_KEX_MAX_HASH_LEN];
820 int v2_session_id_len;
826 int echoing, editing;
830 int ospeed, ispeed; /* temporaries */
831 int term_width, term_height;
833 tree234 *channels; /* indexed by local id */
834 struct ssh_channel *mainchan; /* primary session channel */
835 int ncmode; /* is primary channel direct-tcpip? */
840 tree234 *rportfwds, *portfwds;
844 SSH_STATE_BEFORE_SIZE,
850 int size_needed, eof_needed;
851 int sent_console_eof;
853 struct Packet **queue;
854 int queuelen, queuesize;
856 unsigned char *deferred_send_data;
857 int deferred_len, deferred_size;
860 * Gross hack: pscp will try to start SFTP but fall back to
861 * scp1 if that fails. This variable is the means by which
862 * scp.c can reach into the SSH code and find out which one it
867 bufchain banner; /* accumulates banners during do_ssh2_authconn */
872 struct X11Display *x11disp;
875 int conn_throttle_count;
878 int v1_stdout_throttling;
879 unsigned long v2_outgoing_sequence;
881 int ssh1_rdpkt_crstate;
882 int ssh2_rdpkt_crstate;
883 int do_ssh_init_crstate;
884 int ssh_gotdata_crstate;
885 int do_ssh1_login_crstate;
886 int do_ssh1_connection_crstate;
887 int do_ssh2_transport_crstate;
888 int do_ssh2_authconn_crstate;
890 void *do_ssh_init_state;
891 void *do_ssh1_login_state;
892 void *do_ssh2_transport_state;
893 void *do_ssh2_authconn_state;
895 struct rdpkt1_state_tag rdpkt1_state;
896 struct rdpkt2_state_tag rdpkt2_state;
898 /* SSH-1 and SSH-2 use this for different things, but both use it */
899 int protocol_initial_phase_done;
901 void (*protocol) (Ssh ssh, void *vin, int inlen,
903 struct Packet *(*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
906 * We maintain our own copy of a Conf structure here. That way,
907 * when we're passed a new one for reconfiguration, we can check
908 * the differences and potentially reconfigure port forwardings
909 * etc in mid-session.
914 * Values cached out of conf so as to avoid the tree234 lookup
915 * cost every time they're used.
920 * Dynamically allocated username string created during SSH
921 * login. Stored in here rather than in the coroutine state so
922 * that it'll be reliably freed if we shut down the SSH session
923 * at some unexpected moment.
928 * Used to transfer data back from async callbacks.
930 void *agent_response;
931 int agent_response_len;
935 * The SSH connection can be set as `frozen', meaning we are
936 * not currently accepting incoming data from the network. This
937 * is slightly more serious than setting the _socket_ as
938 * frozen, because we may already have had data passed to us
939 * from the network which we need to delay processing until
940 * after the freeze is lifted, so we also need a bufchain to
944 bufchain queued_incoming_data;
947 * Dispatch table for packet types that we may have to deal
950 handler_fn_t packet_dispatch[256];
953 * Queues of one-off handler functions for success/failure
954 * indications from a request.
956 struct queued_handler *qhead, *qtail;
959 * This module deals with sending keepalives.
964 * Track incoming and outgoing data sizes and time, for
967 unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
968 unsigned long max_data_size;
970 long next_rekey, last_rekey;
971 char *deferred_rekey_reason; /* points to STATIC string; don't free */
974 * Fully qualified host name, which we need if doing GSSAPI.
980 * GSSAPI libraries for this session.
982 struct ssh_gss_liblist *gsslibs;
986 #define logevent(s) logevent(ssh->frontend, s)
988 /* logevent, only printf-formatted. */
989 static void logeventf(Ssh ssh, const char *fmt, ...)
995 buf = dupvprintf(fmt, ap);
1001 #define bombout(msg) \
1003 char *text = dupprintf msg; \
1004 ssh_do_close(ssh, FALSE); \
1006 connection_fatal(ssh->frontend, "%s", text); \
1010 /* Functions to leave bits out of the SSH packet log file. */
1012 static void dont_log_password(Ssh ssh, struct Packet *pkt, int blanktype)
1014 if (conf_get_int(ssh->conf, CONF_logomitpass))
1015 pkt->logmode = blanktype;
1018 static void dont_log_data(Ssh ssh, struct Packet *pkt, int blanktype)
1020 if (ssh->logomitdata)
1021 pkt->logmode = blanktype;
1024 static void end_log_omission(Ssh ssh, struct Packet *pkt)
1026 pkt->logmode = PKTLOG_EMIT;
1029 /* Helper function for common bits of parsing ttymodes. */
1030 static void parse_ttymodes(Ssh ssh,
1031 void (*do_mode)(void *data, char *mode, char *val),
1036 for (val = conf_get_str_strs(ssh->conf, CONF_ttymodes, NULL, &key);
1038 val = conf_get_str_strs(ssh->conf, CONF_ttymodes, key, &key)) {
1040 * val[0] is either 'V', indicating that an explicit value
1041 * follows it, or 'A' indicating that we should pass the
1042 * value through from the local environment via get_ttymode.
1045 val = get_ttymode(ssh->frontend, key);
1047 val++; /* skip the 'V' */
1049 do_mode(data, key, val);
1053 static int ssh_channelcmp(void *av, void *bv)
1055 struct ssh_channel *a = (struct ssh_channel *) av;
1056 struct ssh_channel *b = (struct ssh_channel *) bv;
1057 if (a->localid < b->localid)
1059 if (a->localid > b->localid)
1063 static int ssh_channelfind(void *av, void *bv)
1065 unsigned *a = (unsigned *) av;
1066 struct ssh_channel *b = (struct ssh_channel *) bv;
1067 if (*a < b->localid)
1069 if (*a > b->localid)
1074 static int ssh_rportcmp_ssh1(void *av, void *bv)
1076 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1077 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1079 if ( (i = strcmp(a->dhost, b->dhost)) != 0)
1080 return i < 0 ? -1 : +1;
1081 if (a->dport > b->dport)
1083 if (a->dport < b->dport)
1088 static int ssh_rportcmp_ssh2(void *av, void *bv)
1090 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1091 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1093 if (a->sport > b->sport)
1095 if (a->sport < b->sport)
1101 * Special form of strcmp which can cope with NULL inputs. NULL is
1102 * defined to sort before even the empty string.
1104 static int nullstrcmp(const char *a, const char *b)
1106 if (a == NULL && b == NULL)
1112 return strcmp(a, b);
1115 static int ssh_portcmp(void *av, void *bv)
1117 struct ssh_portfwd *a = (struct ssh_portfwd *) av;
1118 struct ssh_portfwd *b = (struct ssh_portfwd *) bv;
1120 if (a->type > b->type)
1122 if (a->type < b->type)
1124 if (a->addressfamily > b->addressfamily)
1126 if (a->addressfamily < b->addressfamily)
1128 if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0)
1129 return i < 0 ? -1 : +1;
1130 if (a->sport > b->sport)
1132 if (a->sport < b->sport)
1134 if (a->type != 'D') {
1135 if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0)
1136 return i < 0 ? -1 : +1;
1137 if (a->dport > b->dport)
1139 if (a->dport < b->dport)
1145 static int alloc_channel_id(Ssh ssh)
1147 const unsigned CHANNEL_NUMBER_OFFSET = 256;
1148 unsigned low, high, mid;
1150 struct ssh_channel *c;
1153 * First-fit allocation of channel numbers: always pick the
1154 * lowest unused one. To do this, binary-search using the
1155 * counted B-tree to find the largest channel ID which is in a
1156 * contiguous sequence from the beginning. (Precisely
1157 * everything in that sequence must have ID equal to its tree
1158 * index plus CHANNEL_NUMBER_OFFSET.)
1160 tsize = count234(ssh->channels);
1164 while (high - low > 1) {
1165 mid = (high + low) / 2;
1166 c = index234(ssh->channels, mid);
1167 if (c->localid == mid + CHANNEL_NUMBER_OFFSET)
1168 low = mid; /* this one is fine */
1170 high = mid; /* this one is past it */
1173 * Now low points to either -1, or the tree index of the
1174 * largest ID in the initial sequence.
1177 unsigned i = low + 1 + CHANNEL_NUMBER_OFFSET;
1178 assert(NULL == find234(ssh->channels, &i, ssh_channelfind));
1180 return low + 1 + CHANNEL_NUMBER_OFFSET;
1183 static void c_write_stderr(int trusted, const char *buf, int len)
1186 for (i = 0; i < len; i++)
1187 if (buf[i] != '\r' && (trusted || buf[i] == '\n' || (buf[i] & 0x60)))
1188 fputc(buf[i], stderr);
1191 static void c_write(Ssh ssh, const char *buf, int len)
1193 if (flags & FLAG_STDERR)
1194 c_write_stderr(1, buf, len);
1196 from_backend(ssh->frontend, 1, buf, len);
1199 static void c_write_untrusted(Ssh ssh, const char *buf, int len)
1201 if (flags & FLAG_STDERR)
1202 c_write_stderr(0, buf, len);
1204 from_backend_untrusted(ssh->frontend, buf, len);
1207 static void c_write_str(Ssh ssh, const char *buf)
1209 c_write(ssh, buf, strlen(buf));
1212 static void ssh_free_packet(struct Packet *pkt)
1217 static struct Packet *ssh_new_packet(void)
1219 struct Packet *pkt = snew(struct Packet);
1221 pkt->body = pkt->data = NULL;
1223 pkt->logmode = PKTLOG_EMIT;
1231 * Collect incoming data in the incoming packet buffer.
1232 * Decipher and verify the packet when it is completely read.
1233 * Drop SSH1_MSG_DEBUG and SSH1_MSG_IGNORE packets.
1234 * Update the *data and *datalen variables.
1235 * Return a Packet structure when a packet is completed.
1237 static struct Packet *ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1239 struct rdpkt1_state_tag *st = &ssh->rdpkt1_state;
1241 crBegin(ssh->ssh1_rdpkt_crstate);
1243 st->pktin = ssh_new_packet();
1245 st->pktin->type = 0;
1246 st->pktin->length = 0;
1248 for (st->i = st->len = 0; st->i < 4; st->i++) {
1249 while ((*datalen) == 0)
1251 st->len = (st->len << 8) + **data;
1252 (*data)++, (*datalen)--;
1255 st->pad = 8 - (st->len % 8);
1256 st->biglen = st->len + st->pad;
1257 st->pktin->length = st->len - 5;
1259 if (st->biglen < 0) {
1260 bombout(("Extremely large packet length from server suggests"
1261 " data stream corruption"));
1262 ssh_free_packet(st->pktin);
1266 st->pktin->maxlen = st->biglen;
1267 st->pktin->data = snewn(st->biglen + APIEXTRA, unsigned char);
1269 st->to_read = st->biglen;
1270 st->p = st->pktin->data;
1271 while (st->to_read > 0) {
1272 st->chunk = st->to_read;
1273 while ((*datalen) == 0)
1275 if (st->chunk > (*datalen))
1276 st->chunk = (*datalen);
1277 memcpy(st->p, *data, st->chunk);
1279 *datalen -= st->chunk;
1281 st->to_read -= st->chunk;
1284 if (ssh->cipher && detect_attack(ssh->crcda_ctx, st->pktin->data,
1285 st->biglen, NULL)) {
1286 bombout(("Network attack (CRC compensation) detected!"));
1287 ssh_free_packet(st->pktin);
1292 ssh->cipher->decrypt(ssh->v1_cipher_ctx, st->pktin->data, st->biglen);
1294 st->realcrc = crc32_compute(st->pktin->data, st->biglen - 4);
1295 st->gotcrc = GET_32BIT(st->pktin->data + st->biglen - 4);
1296 if (st->gotcrc != st->realcrc) {
1297 bombout(("Incorrect CRC received on packet"));
1298 ssh_free_packet(st->pktin);
1302 st->pktin->body = st->pktin->data + st->pad + 1;
1303 st->pktin->savedpos = 0;
1305 if (ssh->v1_compressing) {
1306 unsigned char *decompblk;
1308 if (!zlib_decompress_block(ssh->sc_comp_ctx,
1309 st->pktin->body - 1, st->pktin->length + 1,
1310 &decompblk, &decomplen)) {
1311 bombout(("Zlib decompression encountered invalid data"));
1312 ssh_free_packet(st->pktin);
1316 if (st->pktin->maxlen < st->pad + decomplen) {
1317 st->pktin->maxlen = st->pad + decomplen;
1318 st->pktin->data = sresize(st->pktin->data,
1319 st->pktin->maxlen + APIEXTRA,
1321 st->pktin->body = st->pktin->data + st->pad + 1;
1324 memcpy(st->pktin->body - 1, decompblk, decomplen);
1326 st->pktin->length = decomplen - 1;
1329 st->pktin->type = st->pktin->body[-1];
1332 * Log incoming packet, possibly omitting sensitive fields.
1336 struct logblank_t blank;
1337 if (ssh->logomitdata) {
1338 int do_blank = FALSE, blank_prefix = 0;
1339 /* "Session data" packets - omit the data field */
1340 if ((st->pktin->type == SSH1_SMSG_STDOUT_DATA) ||
1341 (st->pktin->type == SSH1_SMSG_STDERR_DATA)) {
1342 do_blank = TRUE; blank_prefix = 4;
1343 } else if (st->pktin->type == SSH1_MSG_CHANNEL_DATA) {
1344 do_blank = TRUE; blank_prefix = 8;
1347 blank.offset = blank_prefix;
1348 blank.len = st->pktin->length;
1349 blank.type = PKTLOG_OMIT;
1353 log_packet(ssh->logctx,
1354 PKT_INCOMING, st->pktin->type,
1355 ssh1_pkt_type(st->pktin->type),
1356 st->pktin->body, st->pktin->length,
1357 nblanks, &blank, NULL);
1360 crFinish(st->pktin);
1363 static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1365 struct rdpkt2_state_tag *st = &ssh->rdpkt2_state;
1367 crBegin(ssh->ssh2_rdpkt_crstate);
1369 st->pktin = ssh_new_packet();
1371 st->pktin->type = 0;
1372 st->pktin->length = 0;
1374 st->cipherblk = ssh->sccipher->blksize;
1377 if (st->cipherblk < 8)
1379 st->maclen = ssh->scmac ? ssh->scmac->len : 0;
1381 if (ssh->sccipher && (ssh->sccipher->flags & SSH_CIPHER_IS_CBC) &&
1384 * When dealing with a CBC-mode cipher, we want to avoid the
1385 * possibility of an attacker's tweaking the ciphertext stream
1386 * so as to cause us to feed the same block to the block
1387 * cipher more than once and thus leak information
1388 * (VU#958563). The way we do this is not to take any
1389 * decisions on the basis of anything we've decrypted until
1390 * we've verified it with a MAC. That includes the packet
1391 * length, so we just read data and check the MAC repeatedly,
1392 * and when the MAC passes, see if the length we've got is
1396 /* May as well allocate the whole lot now. */
1397 st->pktin->data = snewn(OUR_V2_PACKETLIMIT + st->maclen + APIEXTRA,
1400 /* Read an amount corresponding to the MAC. */
1401 for (st->i = 0; st->i < st->maclen; st->i++) {
1402 while ((*datalen) == 0)
1404 st->pktin->data[st->i] = *(*data)++;
1410 unsigned char seq[4];
1411 ssh->scmac->start(ssh->sc_mac_ctx);
1412 PUT_32BIT(seq, st->incoming_sequence);
1413 ssh->scmac->bytes(ssh->sc_mac_ctx, seq, 4);
1416 for (;;) { /* Once around this loop per cipher block. */
1417 /* Read another cipher-block's worth, and tack it onto the end. */
1418 for (st->i = 0; st->i < st->cipherblk; st->i++) {
1419 while ((*datalen) == 0)
1421 st->pktin->data[st->packetlen+st->maclen+st->i] = *(*data)++;
1424 /* Decrypt one more block (a little further back in the stream). */
1425 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1426 st->pktin->data + st->packetlen,
1428 /* Feed that block to the MAC. */
1429 ssh->scmac->bytes(ssh->sc_mac_ctx,
1430 st->pktin->data + st->packetlen, st->cipherblk);
1431 st->packetlen += st->cipherblk;
1432 /* See if that gives us a valid packet. */
1433 if (ssh->scmac->verresult(ssh->sc_mac_ctx,
1434 st->pktin->data + st->packetlen) &&
1435 (st->len = GET_32BIT(st->pktin->data)) + 4 == st->packetlen)
1437 if (st->packetlen >= OUR_V2_PACKETLIMIT) {
1438 bombout(("No valid incoming packet found"));
1439 ssh_free_packet(st->pktin);
1443 st->pktin->maxlen = st->packetlen + st->maclen;
1444 st->pktin->data = sresize(st->pktin->data,
1445 st->pktin->maxlen + APIEXTRA,
1448 st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char);
1451 * Acquire and decrypt the first block of the packet. This will
1452 * contain the length and padding details.
1454 for (st->i = st->len = 0; st->i < st->cipherblk; st->i++) {
1455 while ((*datalen) == 0)
1457 st->pktin->data[st->i] = *(*data)++;
1462 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1463 st->pktin->data, st->cipherblk);
1466 * Now get the length figure.
1468 st->len = GET_32BIT(st->pktin->data);
1471 * _Completely_ silly lengths should be stomped on before they
1472 * do us any more damage.
1474 if (st->len < 0 || st->len > OUR_V2_PACKETLIMIT ||
1475 (st->len + 4) % st->cipherblk != 0) {
1476 bombout(("Incoming packet was garbled on decryption"));
1477 ssh_free_packet(st->pktin);
1482 * So now we can work out the total packet length.
1484 st->packetlen = st->len + 4;
1487 * Allocate memory for the rest of the packet.
1489 st->pktin->maxlen = st->packetlen + st->maclen;
1490 st->pktin->data = sresize(st->pktin->data,
1491 st->pktin->maxlen + APIEXTRA,
1495 * Read and decrypt the remainder of the packet.
1497 for (st->i = st->cipherblk; st->i < st->packetlen + st->maclen;
1499 while ((*datalen) == 0)
1501 st->pktin->data[st->i] = *(*data)++;
1504 /* Decrypt everything _except_ the MAC. */
1506 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1507 st->pktin->data + st->cipherblk,
1508 st->packetlen - st->cipherblk);
1514 && !ssh->scmac->verify(ssh->sc_mac_ctx, st->pktin->data,
1515 st->len + 4, st->incoming_sequence)) {
1516 bombout(("Incorrect MAC received on packet"));
1517 ssh_free_packet(st->pktin);
1521 /* Get and sanity-check the amount of random padding. */
1522 st->pad = st->pktin->data[4];
1523 if (st->pad < 4 || st->len - st->pad < 1) {
1524 bombout(("Invalid padding length on received packet"));
1525 ssh_free_packet(st->pktin);
1529 * This enables us to deduce the payload length.
1531 st->payload = st->len - st->pad - 1;
1533 st->pktin->length = st->payload + 5;
1534 st->pktin->encrypted_len = st->packetlen;
1536 st->pktin->sequence = st->incoming_sequence++;
1539 * Decompress packet payload.
1542 unsigned char *newpayload;
1545 ssh->sccomp->decompress(ssh->sc_comp_ctx,
1546 st->pktin->data + 5, st->pktin->length - 5,
1547 &newpayload, &newlen)) {
1548 if (st->pktin->maxlen < newlen + 5) {
1549 st->pktin->maxlen = newlen + 5;
1550 st->pktin->data = sresize(st->pktin->data,
1551 st->pktin->maxlen + APIEXTRA,
1554 st->pktin->length = 5 + newlen;
1555 memcpy(st->pktin->data + 5, newpayload, newlen);
1560 st->pktin->savedpos = 6;
1561 st->pktin->body = st->pktin->data;
1562 st->pktin->type = st->pktin->data[5];
1565 * Log incoming packet, possibly omitting sensitive fields.
1569 struct logblank_t blank;
1570 if (ssh->logomitdata) {
1571 int do_blank = FALSE, blank_prefix = 0;
1572 /* "Session data" packets - omit the data field */
1573 if (st->pktin->type == SSH2_MSG_CHANNEL_DATA) {
1574 do_blank = TRUE; blank_prefix = 8;
1575 } else if (st->pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA) {
1576 do_blank = TRUE; blank_prefix = 12;
1579 blank.offset = blank_prefix;
1580 blank.len = (st->pktin->length-6) - blank_prefix;
1581 blank.type = PKTLOG_OMIT;
1585 log_packet(ssh->logctx, PKT_INCOMING, st->pktin->type,
1586 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
1588 st->pktin->data+6, st->pktin->length-6,
1589 nblanks, &blank, &st->pktin->sequence);
1592 crFinish(st->pktin);
1595 static int s_wrpkt_prepare(Ssh ssh, struct Packet *pkt, int *offset_p)
1597 int pad, biglen, i, pktoffs;
1601 * XXX various versions of SC (including 8.8.4) screw up the
1602 * register allocation in this function and use the same register
1603 * (D6) for len and as a temporary, with predictable results. The
1604 * following sledgehammer prevents this.
1611 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[12],
1612 ssh1_pkt_type(pkt->data[12]),
1613 pkt->body, pkt->length - (pkt->body - pkt->data),
1614 pkt->nblanks, pkt->blanks, NULL);
1615 sfree(pkt->blanks); pkt->blanks = NULL;
1618 if (ssh->v1_compressing) {
1619 unsigned char *compblk;
1621 zlib_compress_block(ssh->cs_comp_ctx,
1622 pkt->data + 12, pkt->length - 12,
1623 &compblk, &complen);
1624 ssh_pkt_ensure(pkt, complen + 2); /* just in case it's got bigger */
1625 memcpy(pkt->data + 12, compblk, complen);
1627 pkt->length = complen + 12;
1630 ssh_pkt_ensure(pkt, pkt->length + 4); /* space for CRC */
1632 len = pkt->length - 4 - 8; /* len(type+data+CRC) */
1633 pad = 8 - (len % 8);
1635 biglen = len + pad; /* len(padding+type+data+CRC) */
1637 for (i = pktoffs; i < 4+8; i++)
1638 pkt->data[i] = random_byte();
1639 crc = crc32_compute(pkt->data + pktoffs + 4, biglen - 4); /* all ex len */
1640 PUT_32BIT(pkt->data + pktoffs + 4 + biglen - 4, crc);
1641 PUT_32BIT(pkt->data + pktoffs, len);
1644 ssh->cipher->encrypt(ssh->v1_cipher_ctx,
1645 pkt->data + pktoffs + 4, biglen);
1647 if (offset_p) *offset_p = pktoffs;
1648 return biglen + 4; /* len(length+padding+type+data+CRC) */
1651 static int s_write(Ssh ssh, void *data, int len)
1654 log_packet(ssh->logctx, PKT_OUTGOING, -1, NULL, data, len,
1656 return sk_write(ssh->s, (char *)data, len);
1659 static void s_wrpkt(Ssh ssh, struct Packet *pkt)
1661 int len, backlog, offset;
1662 len = s_wrpkt_prepare(ssh, pkt, &offset);
1663 backlog = s_write(ssh, pkt->data + offset, len);
1664 if (backlog > SSH_MAX_BACKLOG)
1665 ssh_throttle_all(ssh, 1, backlog);
1666 ssh_free_packet(pkt);
1669 static void s_wrpkt_defer(Ssh ssh, struct Packet *pkt)
1672 len = s_wrpkt_prepare(ssh, pkt, &offset);
1673 if (ssh->deferred_len + len > ssh->deferred_size) {
1674 ssh->deferred_size = ssh->deferred_len + len + 128;
1675 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
1679 memcpy(ssh->deferred_send_data + ssh->deferred_len,
1680 pkt->data + offset, len);
1681 ssh->deferred_len += len;
1682 ssh_free_packet(pkt);
1686 * Construct a SSH-1 packet with the specified contents.
1687 * (This all-at-once interface used to be the only one, but now SSH-1
1688 * packets can also be constructed incrementally.)
1690 static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
1696 pkt = ssh1_pkt_init(pkttype);
1698 while ((argtype = va_arg(ap, int)) != PKT_END) {
1699 unsigned char *argp, argchar;
1701 unsigned long argint;
1704 /* Actual fields in the packet */
1706 argint = va_arg(ap, int);
1707 ssh_pkt_adduint32(pkt, argint);
1710 argchar = (unsigned char) va_arg(ap, int);
1711 ssh_pkt_addbyte(pkt, argchar);
1714 argp = va_arg(ap, unsigned char *);
1715 arglen = va_arg(ap, int);
1716 ssh_pkt_adddata(pkt, argp, arglen);
1719 sargp = va_arg(ap, char *);
1720 ssh_pkt_addstring(pkt, sargp);
1723 bn = va_arg(ap, Bignum);
1724 ssh1_pkt_addmp(pkt, bn);
1726 /* Tokens for modifications to packet logging */
1728 dont_log_password(ssh, pkt, PKTLOG_BLANK);
1731 dont_log_data(ssh, pkt, PKTLOG_OMIT);
1734 end_log_omission(ssh, pkt);
1742 static void send_packet(Ssh ssh, int pkttype, ...)
1746 va_start(ap, pkttype);
1747 pkt = construct_packet(ssh, pkttype, ap);
1752 static void defer_packet(Ssh ssh, int pkttype, ...)
1756 va_start(ap, pkttype);
1757 pkt = construct_packet(ssh, pkttype, ap);
1759 s_wrpkt_defer(ssh, pkt);
1762 static int ssh_versioncmp(char *a, char *b)
1765 unsigned long av, bv;
1767 av = strtoul(a, &ae, 10);
1768 bv = strtoul(b, &be, 10);
1770 return (av < bv ? -1 : +1);
1775 av = strtoul(ae, &ae, 10);
1776 bv = strtoul(be, &be, 10);
1778 return (av < bv ? -1 : +1);
1783 * Utility routines for putting an SSH-protocol `string' and
1784 * `uint32' into a hash state.
1786 static void hash_string(const struct ssh_hash *h, void *s, void *str, int len)
1788 unsigned char lenblk[4];
1789 PUT_32BIT(lenblk, len);
1790 h->bytes(s, lenblk, 4);
1791 h->bytes(s, str, len);
1794 static void hash_uint32(const struct ssh_hash *h, void *s, unsigned i)
1796 unsigned char intblk[4];
1797 PUT_32BIT(intblk, i);
1798 h->bytes(s, intblk, 4);
1802 * Packet construction functions. Mostly shared between SSH-1 and SSH-2.
1804 static void ssh_pkt_ensure(struct Packet *pkt, int length)
1806 if (pkt->maxlen < length) {
1807 unsigned char *body = pkt->body;
1808 int offset = body ? body - pkt->data : 0;
1809 pkt->maxlen = length + 256;
1810 pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char);
1811 if (body) pkt->body = pkt->data + offset;
1814 static void ssh_pkt_adddata(struct Packet *pkt, void *data, int len)
1816 if (pkt->logmode != PKTLOG_EMIT) {
1818 pkt->blanks = sresize(pkt->blanks, pkt->nblanks, struct logblank_t);
1820 pkt->blanks[pkt->nblanks-1].offset = pkt->length -
1821 (pkt->body - pkt->data);
1822 pkt->blanks[pkt->nblanks-1].len = len;
1823 pkt->blanks[pkt->nblanks-1].type = pkt->logmode;
1826 ssh_pkt_ensure(pkt, pkt->length);
1827 memcpy(pkt->data + pkt->length - len, data, len);
1829 static void ssh_pkt_addbyte(struct Packet *pkt, unsigned char byte)
1831 ssh_pkt_adddata(pkt, &byte, 1);
1833 static void ssh2_pkt_addbool(struct Packet *pkt, unsigned char value)
1835 ssh_pkt_adddata(pkt, &value, 1);
1837 static void ssh_pkt_adduint32(struct Packet *pkt, unsigned long value)
1840 PUT_32BIT(x, value);
1841 ssh_pkt_adddata(pkt, x, 4);
1843 static void ssh_pkt_addstring_start(struct Packet *pkt)
1845 ssh_pkt_adduint32(pkt, 0);
1846 pkt->savedpos = pkt->length;
1848 static void ssh_pkt_addstring_str(struct Packet *pkt, char *data)
1850 ssh_pkt_adddata(pkt, data, strlen(data));
1851 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1853 static void ssh_pkt_addstring_data(struct Packet *pkt, char *data, int len)
1855 ssh_pkt_adddata(pkt, data, len);
1856 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1858 static void ssh_pkt_addstring(struct Packet *pkt, char *data)
1860 ssh_pkt_addstring_start(pkt);
1861 ssh_pkt_addstring_str(pkt, data);
1863 static void ssh1_pkt_addmp(struct Packet *pkt, Bignum b)
1865 int len = ssh1_bignum_length(b);
1866 unsigned char *data = snewn(len, unsigned char);
1867 (void) ssh1_write_bignum(data, b);
1868 ssh_pkt_adddata(pkt, data, len);
1871 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len)
1874 int i, n = (bignum_bitcount(b) + 7) / 8;
1875 p = snewn(n + 1, unsigned char);
1877 for (i = 1; i <= n; i++)
1878 p[i] = bignum_byte(b, n - i);
1880 while (i <= n && p[i] == 0 && (p[i + 1] & 0x80) == 0)
1882 memmove(p, p + i, n + 1 - i);
1886 static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
1890 p = ssh2_mpint_fmt(b, &len);
1891 ssh_pkt_addstring_start(pkt);
1892 ssh_pkt_addstring_data(pkt, (char *)p, len);
1896 static struct Packet *ssh1_pkt_init(int pkt_type)
1898 struct Packet *pkt = ssh_new_packet();
1899 pkt->length = 4 + 8; /* space for length + max padding */
1900 ssh_pkt_addbyte(pkt, pkt_type);
1901 pkt->body = pkt->data + pkt->length;
1905 /* For legacy code (SSH-1 and -2 packet construction used to be separate) */
1906 #define ssh2_pkt_ensure(pkt, length) ssh_pkt_ensure(pkt, length)
1907 #define ssh2_pkt_adddata(pkt, data, len) ssh_pkt_adddata(pkt, data, len)
1908 #define ssh2_pkt_addbyte(pkt, byte) ssh_pkt_addbyte(pkt, byte)
1909 #define ssh2_pkt_adduint32(pkt, value) ssh_pkt_adduint32(pkt, value)
1910 #define ssh2_pkt_addstring_start(pkt) ssh_pkt_addstring_start(pkt)
1911 #define ssh2_pkt_addstring_str(pkt, data) ssh_pkt_addstring_str(pkt, data)
1912 #define ssh2_pkt_addstring_data(pkt, data, len) ssh_pkt_addstring_data(pkt, data, len)
1913 #define ssh2_pkt_addstring(pkt, data) ssh_pkt_addstring(pkt, data)
1915 static struct Packet *ssh2_pkt_init(int pkt_type)
1917 struct Packet *pkt = ssh_new_packet();
1918 pkt->length = 5; /* space for packet length + padding length */
1920 ssh_pkt_addbyte(pkt, (unsigned char) pkt_type);
1921 pkt->body = pkt->data + pkt->length; /* after packet type */
1926 * Construct an SSH-2 final-form packet: compress it, encrypt it,
1927 * put the MAC on it. Final packet, ready to be sent, is stored in
1928 * pkt->data. Total length is returned.
1930 static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
1932 int cipherblk, maclen, padding, i;
1935 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[5],
1936 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx, pkt->data[5]),
1937 pkt->body, pkt->length - (pkt->body - pkt->data),
1938 pkt->nblanks, pkt->blanks, &ssh->v2_outgoing_sequence);
1939 sfree(pkt->blanks); pkt->blanks = NULL;
1943 * Compress packet payload.
1946 unsigned char *newpayload;
1949 ssh->cscomp->compress(ssh->cs_comp_ctx, pkt->data + 5,
1951 &newpayload, &newlen)) {
1953 ssh2_pkt_adddata(pkt, newpayload, newlen);
1959 * Add padding. At least four bytes, and must also bring total
1960 * length (minus MAC) up to a multiple of the block size.
1961 * If pkt->forcepad is set, make sure the packet is at least that size
1964 cipherblk = ssh->cscipher ? ssh->cscipher->blksize : 8; /* block size */
1965 cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */
1967 if (pkt->length + padding < pkt->forcepad)
1968 padding = pkt->forcepad - pkt->length;
1970 (cipherblk - (pkt->length + padding) % cipherblk) % cipherblk;
1971 assert(padding <= 255);
1972 maclen = ssh->csmac ? ssh->csmac->len : 0;
1973 ssh2_pkt_ensure(pkt, pkt->length + padding + maclen);
1974 pkt->data[4] = padding;
1975 for (i = 0; i < padding; i++)
1976 pkt->data[pkt->length + i] = random_byte();
1977 PUT_32BIT(pkt->data, pkt->length + padding - 4);
1979 ssh->csmac->generate(ssh->cs_mac_ctx, pkt->data,
1980 pkt->length + padding,
1981 ssh->v2_outgoing_sequence);
1982 ssh->v2_outgoing_sequence++; /* whether or not we MACed */
1985 ssh->cscipher->encrypt(ssh->cs_cipher_ctx,
1986 pkt->data, pkt->length + padding);
1988 pkt->encrypted_len = pkt->length + padding;
1990 /* Ready-to-send packet starts at pkt->data. We return length. */
1991 return pkt->length + padding + maclen;
1995 * Routines called from the main SSH code to send packets. There
1996 * are quite a few of these, because we have two separate
1997 * mechanisms for delaying the sending of packets:
1999 * - In order to send an IGNORE message and a password message in
2000 * a single fixed-length blob, we require the ability to
2001 * concatenate the encrypted forms of those two packets _into_ a
2002 * single blob and then pass it to our <network.h> transport
2003 * layer in one go. Hence, there's a deferment mechanism which
2004 * works after packet encryption.
2006 * - In order to avoid sending any connection-layer messages
2007 * during repeat key exchange, we have to queue up any such
2008 * outgoing messages _before_ they are encrypted (and in
2009 * particular before they're allocated sequence numbers), and
2010 * then send them once we've finished.
2012 * I call these mechanisms `defer' and `queue' respectively, so as
2013 * to distinguish them reasonably easily.
2015 * The functions send_noqueue() and defer_noqueue() free the packet
2016 * structure they are passed. Every outgoing packet goes through
2017 * precisely one of these functions in its life; packets passed to
2018 * ssh2_pkt_send() or ssh2_pkt_defer() either go straight to one of
2019 * these or get queued, and then when the queue is later emptied
2020 * the packets are all passed to defer_noqueue().
2022 * When using a CBC-mode cipher, it's necessary to ensure that an
2023 * attacker can't provide data to be encrypted using an IV that they
2024 * know. We ensure this by prefixing each packet that might contain
2025 * user data with an SSH_MSG_IGNORE. This is done using the deferral
2026 * mechanism, so in this case send_noqueue() ends up redirecting to
2027 * defer_noqueue(). If you don't like this inefficiency, don't use
2031 static void ssh2_pkt_defer_noqueue(Ssh, struct Packet *, int);
2032 static void ssh_pkt_defersend(Ssh);
2035 * Send an SSH-2 packet immediately, without queuing or deferring.
2037 static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
2041 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC)) {
2042 /* We need to send two packets, so use the deferral mechanism. */
2043 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
2044 ssh_pkt_defersend(ssh);
2047 len = ssh2_pkt_construct(ssh, pkt);
2048 backlog = s_write(ssh, pkt->data, len);
2049 if (backlog > SSH_MAX_BACKLOG)
2050 ssh_throttle_all(ssh, 1, backlog);
2052 ssh->outgoing_data_size += pkt->encrypted_len;
2053 if (!ssh->kex_in_progress &&
2054 ssh->max_data_size != 0 &&
2055 ssh->outgoing_data_size > ssh->max_data_size)
2056 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
2058 ssh_free_packet(pkt);
2062 * Defer an SSH-2 packet.
2064 static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)
2067 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC) &&
2068 ssh->deferred_len == 0 && !noignore &&
2069 !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
2071 * Interpose an SSH_MSG_IGNORE to ensure that user data don't
2072 * get encrypted with a known IV.
2074 struct Packet *ipkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2075 ssh2_pkt_addstring_start(ipkt);
2076 ssh2_pkt_defer_noqueue(ssh, ipkt, TRUE);
2078 len = ssh2_pkt_construct(ssh, pkt);
2079 if (ssh->deferred_len + len > ssh->deferred_size) {
2080 ssh->deferred_size = ssh->deferred_len + len + 128;
2081 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
2085 memcpy(ssh->deferred_send_data + ssh->deferred_len, pkt->data, len);
2086 ssh->deferred_len += len;
2087 ssh->deferred_data_size += pkt->encrypted_len;
2088 ssh_free_packet(pkt);
2092 * Queue an SSH-2 packet.
2094 static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
2096 assert(ssh->queueing);
2098 if (ssh->queuelen >= ssh->queuesize) {
2099 ssh->queuesize = ssh->queuelen + 32;
2100 ssh->queue = sresize(ssh->queue, ssh->queuesize, struct Packet *);
2103 ssh->queue[ssh->queuelen++] = pkt;
2107 * Either queue or send a packet, depending on whether queueing is
2110 static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt)
2113 ssh2_pkt_queue(ssh, pkt);
2115 ssh2_pkt_send_noqueue(ssh, pkt);
2119 * Either queue or defer a packet, depending on whether queueing is
2122 static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
2125 ssh2_pkt_queue(ssh, pkt);
2127 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
2131 * Send the whole deferred data block constructed by
2132 * ssh2_pkt_defer() or SSH-1's defer_packet().
2134 * The expected use of the defer mechanism is that you call
2135 * ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
2136 * not currently queueing, this simply sets up deferred_send_data
2137 * and then sends it. If we _are_ currently queueing, the calls to
2138 * ssh2_pkt_defer() put the deferred packets on to the queue
2139 * instead, and therefore ssh_pkt_defersend() has no deferred data
2140 * to send. Hence, there's no need to make it conditional on
2143 static void ssh_pkt_defersend(Ssh ssh)
2146 backlog = s_write(ssh, ssh->deferred_send_data, ssh->deferred_len);
2147 ssh->deferred_len = ssh->deferred_size = 0;
2148 sfree(ssh->deferred_send_data);
2149 ssh->deferred_send_data = NULL;
2150 if (backlog > SSH_MAX_BACKLOG)
2151 ssh_throttle_all(ssh, 1, backlog);
2153 ssh->outgoing_data_size += ssh->deferred_data_size;
2154 if (!ssh->kex_in_progress &&
2155 ssh->max_data_size != 0 &&
2156 ssh->outgoing_data_size > ssh->max_data_size)
2157 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
2158 ssh->deferred_data_size = 0;
2162 * Send a packet whose length needs to be disguised (typically
2163 * passwords or keyboard-interactive responses).
2165 static void ssh2_pkt_send_with_padding(Ssh ssh, struct Packet *pkt,
2171 * The simplest way to do this is to adjust the
2172 * variable-length padding field in the outgoing packet.
2174 * Currently compiled out, because some Cisco SSH servers
2175 * don't like excessively padded packets (bah, why's it
2178 pkt->forcepad = padsize;
2179 ssh2_pkt_send(ssh, pkt);
2184 * If we can't do that, however, an alternative approach is
2185 * to use the pkt_defer mechanism to bundle the packet
2186 * tightly together with an SSH_MSG_IGNORE such that their
2187 * combined length is a constant. So first we construct the
2188 * final form of this packet and defer its sending.
2190 ssh2_pkt_defer(ssh, pkt);
2193 * Now construct an SSH_MSG_IGNORE which includes a string
2194 * that's an exact multiple of the cipher block size. (If
2195 * the cipher is NULL so that the block size is
2196 * unavailable, we don't do this trick at all, because we
2197 * gain nothing by it.)
2199 if (ssh->cscipher &&
2200 !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
2203 stringlen = (256 - ssh->deferred_len);
2204 stringlen += ssh->cscipher->blksize - 1;
2205 stringlen -= (stringlen % ssh->cscipher->blksize);
2208 * Temporarily disable actual compression, so we
2209 * can guarantee to get this string exactly the
2210 * length we want it. The compression-disabling
2211 * routine should return an integer indicating how
2212 * many bytes we should adjust our string length
2216 ssh->cscomp->disable_compression(ssh->cs_comp_ctx);
2218 pkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2219 ssh2_pkt_addstring_start(pkt);
2220 for (i = 0; i < stringlen; i++) {
2221 char c = (char) random_byte();
2222 ssh2_pkt_addstring_data(pkt, &c, 1);
2224 ssh2_pkt_defer(ssh, pkt);
2226 ssh_pkt_defersend(ssh);
2231 * Send all queued SSH-2 packets. We send them by means of
2232 * ssh2_pkt_defer_noqueue(), in case they included a pair of
2233 * packets that needed to be lumped together.
2235 static void ssh2_pkt_queuesend(Ssh ssh)
2239 assert(!ssh->queueing);
2241 for (i = 0; i < ssh->queuelen; i++)
2242 ssh2_pkt_defer_noqueue(ssh, ssh->queue[i], FALSE);
2245 ssh_pkt_defersend(ssh);
2249 void bndebug(char *string, Bignum b)
2253 p = ssh2_mpint_fmt(b, &len);
2254 debug(("%s", string));
2255 for (i = 0; i < len; i++)
2256 debug((" %02x", p[i]));
2262 static void hash_mpint(const struct ssh_hash *h, void *s, Bignum b)
2266 p = ssh2_mpint_fmt(b, &len);
2267 hash_string(h, s, p, len);
2272 * Packet decode functions for both SSH-1 and SSH-2.
2274 static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
2276 unsigned long value;
2277 if (pkt->length - pkt->savedpos < 4)
2278 return 0; /* arrgh, no way to decline (FIXME?) */
2279 value = GET_32BIT(pkt->body + pkt->savedpos);
2283 static int ssh2_pkt_getbool(struct Packet *pkt)
2285 unsigned long value;
2286 if (pkt->length - pkt->savedpos < 1)
2287 return 0; /* arrgh, no way to decline (FIXME?) */
2288 value = pkt->body[pkt->savedpos] != 0;
2292 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length)
2297 if (pkt->length - pkt->savedpos < 4)
2299 len = GET_32BIT(pkt->body + pkt->savedpos);
2304 if (pkt->length - pkt->savedpos < *length)
2306 *p = (char *)(pkt->body + pkt->savedpos);
2307 pkt->savedpos += *length;
2309 static void *ssh_pkt_getdata(struct Packet *pkt, int length)
2311 if (pkt->length - pkt->savedpos < length)
2313 pkt->savedpos += length;
2314 return pkt->body + (pkt->savedpos - length);
2316 static int ssh1_pkt_getrsakey(struct Packet *pkt, struct RSAKey *key,
2317 unsigned char **keystr)
2321 j = makekey(pkt->body + pkt->savedpos,
2322 pkt->length - pkt->savedpos,
2329 assert(pkt->savedpos < pkt->length);
2333 static Bignum ssh1_pkt_getmp(struct Packet *pkt)
2338 j = ssh1_read_bignum(pkt->body + pkt->savedpos,
2339 pkt->length - pkt->savedpos, &b);
2347 static Bignum ssh2_pkt_getmp(struct Packet *pkt)
2353 ssh_pkt_getstring(pkt, &p, &length);
2358 b = bignum_from_bytes((unsigned char *)p, length);
2363 * Helper function to add an SSH-2 signature blob to a packet.
2364 * Expects to be shown the public key blob as well as the signature
2365 * blob. Normally works just like ssh2_pkt_addstring, but will
2366 * fiddle with the signature packet if necessary for
2367 * BUG_SSH2_RSA_PADDING.
2369 static void ssh2_add_sigblob(Ssh ssh, struct Packet *pkt,
2370 void *pkblob_v, int pkblob_len,
2371 void *sigblob_v, int sigblob_len)
2373 unsigned char *pkblob = (unsigned char *)pkblob_v;
2374 unsigned char *sigblob = (unsigned char *)sigblob_v;
2376 /* dmemdump(pkblob, pkblob_len); */
2377 /* dmemdump(sigblob, sigblob_len); */
2380 * See if this is in fact an ssh-rsa signature and a buggy
2381 * server; otherwise we can just do this the easy way.
2383 if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) &&
2384 (GET_32BIT(pkblob) == 7 && !memcmp(pkblob+4, "ssh-rsa", 7))) {
2385 int pos, len, siglen;
2388 * Find the byte length of the modulus.
2391 pos = 4+7; /* skip over "ssh-rsa" */
2392 pos += 4 + GET_32BIT(pkblob+pos); /* skip over exponent */
2393 len = GET_32BIT(pkblob+pos); /* find length of modulus */
2394 pos += 4; /* find modulus itself */
2395 while (len > 0 && pkblob[pos] == 0)
2397 /* debug(("modulus length is %d\n", len)); */
2400 * Now find the signature integer.
2402 pos = 4+7; /* skip over "ssh-rsa" */
2403 siglen = GET_32BIT(sigblob+pos);
2404 /* debug(("signature length is %d\n", siglen)); */
2406 if (len != siglen) {
2407 unsigned char newlen[4];
2408 ssh2_pkt_addstring_start(pkt);
2409 ssh2_pkt_addstring_data(pkt, (char *)sigblob, pos);
2410 /* dmemdump(sigblob, pos); */
2411 pos += 4; /* point to start of actual sig */
2412 PUT_32BIT(newlen, len);
2413 ssh2_pkt_addstring_data(pkt, (char *)newlen, 4);
2414 /* dmemdump(newlen, 4); */
2416 while (len-- > siglen) {
2417 ssh2_pkt_addstring_data(pkt, (char *)newlen, 1);
2418 /* dmemdump(newlen, 1); */
2420 ssh2_pkt_addstring_data(pkt, (char *)(sigblob+pos), siglen);
2421 /* dmemdump(sigblob+pos, siglen); */
2425 /* Otherwise fall through and do it the easy way. */
2428 ssh2_pkt_addstring_start(pkt);
2429 ssh2_pkt_addstring_data(pkt, (char *)sigblob, sigblob_len);
2433 * Examine the remote side's version string and compare it against
2434 * a list of known buggy implementations.
2436 static void ssh_detect_bugs(Ssh ssh, char *vstring)
2438 char *imp; /* pointer to implementation part */
2440 imp += strcspn(imp, "-");
2442 imp += strcspn(imp, "-");
2445 ssh->remote_bugs = 0;
2448 * General notes on server version strings:
2449 * - Not all servers reporting "Cisco-1.25" have all the bugs listed
2450 * here -- in particular, we've heard of one that's perfectly happy
2451 * with SSH1_MSG_IGNOREs -- but this string never seems to change,
2452 * so we can't distinguish them.
2454 if (conf_get_int(ssh->conf, CONF_sshbug_ignore1) == FORCE_ON ||
2455 (conf_get_int(ssh->conf, CONF_sshbug_ignore1) == AUTO &&
2456 (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
2457 !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
2458 !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
2459 !strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
2461 * These versions don't support SSH1_MSG_IGNORE, so we have
2462 * to use a different defence against password length
2465 ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
2466 logevent("We believe remote version has SSH-1 ignore bug");
2469 if (conf_get_int(ssh->conf, CONF_sshbug_plainpw1) == FORCE_ON ||
2470 (conf_get_int(ssh->conf, CONF_sshbug_plainpw1) == AUTO &&
2471 (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
2473 * These versions need a plain password sent; they can't
2474 * handle having a null and a random length of data after
2477 ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
2478 logevent("We believe remote version needs a plain SSH-1 password");
2481 if (conf_get_int(ssh->conf, CONF_sshbug_rsa1) == FORCE_ON ||
2482 (conf_get_int(ssh->conf, CONF_sshbug_rsa1) == AUTO &&
2483 (!strcmp(imp, "Cisco-1.25")))) {
2485 * These versions apparently have no clue whatever about
2486 * RSA authentication and will panic and die if they see
2487 * an AUTH_RSA message.
2489 ssh->remote_bugs |= BUG_CHOKES_ON_RSA;
2490 logevent("We believe remote version can't handle SSH-1 RSA authentication");
2493 if (conf_get_int(ssh->conf, CONF_sshbug_hmac2) == FORCE_ON ||
2494 (conf_get_int(ssh->conf, CONF_sshbug_hmac2) == AUTO &&
2495 !wc_match("* VShell", imp) &&
2496 (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
2497 wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
2498 wc_match("2.1 *", imp)))) {
2500 * These versions have the HMAC bug.
2502 ssh->remote_bugs |= BUG_SSH2_HMAC;
2503 logevent("We believe remote version has SSH-2 HMAC bug");
2506 if (conf_get_int(ssh->conf, CONF_sshbug_derivekey2) == FORCE_ON ||
2507 (conf_get_int(ssh->conf, CONF_sshbug_derivekey2) == AUTO &&
2508 !wc_match("* VShell", imp) &&
2509 (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
2511 * These versions have the key-derivation bug (failing to
2512 * include the literal shared secret in the hashes that
2513 * generate the keys).
2515 ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
2516 logevent("We believe remote version has SSH-2 key-derivation bug");
2519 if (conf_get_int(ssh->conf, CONF_sshbug_rsapad2) == FORCE_ON ||
2520 (conf_get_int(ssh->conf, CONF_sshbug_rsapad2) == AUTO &&
2521 (wc_match("OpenSSH_2.[5-9]*", imp) ||
2522 wc_match("OpenSSH_3.[0-2]*", imp)))) {
2524 * These versions have the SSH-2 RSA padding bug.
2526 ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
2527 logevent("We believe remote version has SSH-2 RSA padding bug");
2530 if (conf_get_int(ssh->conf, CONF_sshbug_pksessid2) == FORCE_ON ||
2531 (conf_get_int(ssh->conf, CONF_sshbug_pksessid2) == AUTO &&
2532 wc_match("OpenSSH_2.[0-2]*", imp))) {
2534 * These versions have the SSH-2 session-ID bug in
2535 * public-key authentication.
2537 ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
2538 logevent("We believe remote version has SSH-2 public-key-session-ID bug");
2541 if (conf_get_int(ssh->conf, CONF_sshbug_rekey2) == FORCE_ON ||
2542 (conf_get_int(ssh->conf, CONF_sshbug_rekey2) == AUTO &&
2543 (wc_match("DigiSSH_2.0", imp) ||
2544 wc_match("OpenSSH_2.[0-4]*", imp) ||
2545 wc_match("OpenSSH_2.5.[0-3]*", imp) ||
2546 wc_match("Sun_SSH_1.0", imp) ||
2547 wc_match("Sun_SSH_1.0.1", imp) ||
2548 /* All versions <= 1.2.6 (they changed their format in 1.2.7) */
2549 wc_match("WeOnlyDo-*", imp)))) {
2551 * These versions have the SSH-2 rekey bug.
2553 ssh->remote_bugs |= BUG_SSH2_REKEY;
2554 logevent("We believe remote version has SSH-2 rekey bug");
2557 if (conf_get_int(ssh->conf, CONF_sshbug_maxpkt2) == FORCE_ON ||
2558 (conf_get_int(ssh->conf, CONF_sshbug_maxpkt2) == AUTO &&
2559 (wc_match("1.36_sshlib GlobalSCAPE", imp) ||
2560 wc_match("1.36 sshlib: GlobalScape", imp)))) {
2562 * This version ignores our makpkt and needs to be throttled.
2564 ssh->remote_bugs |= BUG_SSH2_MAXPKT;
2565 logevent("We believe remote version ignores SSH-2 maximum packet size");
2568 if (conf_get_int(ssh->conf, CONF_sshbug_ignore2) == FORCE_ON) {
2570 * Servers that don't support SSH2_MSG_IGNORE. Currently,
2571 * none detected automatically.
2573 ssh->remote_bugs |= BUG_CHOKES_ON_SSH2_IGNORE;
2574 logevent("We believe remote version has SSH-2 ignore bug");
2579 * The `software version' part of an SSH version string is required
2580 * to contain no spaces or minus signs.
2582 static void ssh_fix_verstring(char *str)
2584 /* Eat "SSH-<protoversion>-". */
2585 assert(*str == 'S'); str++;
2586 assert(*str == 'S'); str++;
2587 assert(*str == 'H'); str++;
2588 assert(*str == '-'); str++;
2589 while (*str && *str != '-') str++;
2590 assert(*str == '-'); str++;
2592 /* Convert minus signs and spaces in the remaining string into
2595 if (*str == '-' || *str == ' ')
2602 * Send an appropriate SSH version string.
2604 static void ssh_send_verstring(Ssh ssh, char *svers)
2608 if (ssh->version == 2) {
2610 * Construct a v2 version string.
2612 verstring = dupprintf("SSH-2.0-%s\015\012", sshver);
2615 * Construct a v1 version string.
2617 verstring = dupprintf("SSH-%s-%s\012",
2618 (ssh_versioncmp(svers, "1.5") <= 0 ?
2623 ssh_fix_verstring(verstring);
2625 if (ssh->version == 2) {
2628 * Record our version string.
2630 len = strcspn(verstring, "\015\012");
2631 ssh->v_c = snewn(len + 1, char);
2632 memcpy(ssh->v_c, verstring, len);
2636 logeventf(ssh, "We claim version: %.*s",
2637 strcspn(verstring, "\015\012"), verstring);
2638 s_write(ssh, verstring, strlen(verstring));
2642 static int do_ssh_init(Ssh ssh, unsigned char c)
2644 struct do_ssh_init_state {
2652 crState(do_ssh_init_state);
2654 crBegin(ssh->do_ssh_init_crstate);
2656 /* Search for a line beginning with the string "SSH-" in the input. */
2658 if (c != 'S') goto no;
2660 if (c != 'S') goto no;
2662 if (c != 'H') goto no;
2664 if (c != '-') goto no;
2673 s->vstring = snewn(s->vstrsize, char);
2674 strcpy(s->vstring, "SSH-");
2678 crReturn(1); /* get another char */
2679 if (s->vslen >= s->vstrsize - 1) {
2681 s->vstring = sresize(s->vstring, s->vstrsize, char);
2683 s->vstring[s->vslen++] = c;
2686 s->version[s->i] = '\0';
2688 } else if (s->i < sizeof(s->version) - 1)
2689 s->version[s->i++] = c;
2690 } else if (c == '\012')
2694 ssh->agentfwd_enabled = FALSE;
2695 ssh->rdpkt2_state.incoming_sequence = 0;
2697 s->vstring[s->vslen] = 0;
2698 s->vstring[strcspn(s->vstring, "\015\012")] = '\0';/* remove EOL chars */
2699 logeventf(ssh, "Server version: %s", s->vstring);
2700 ssh_detect_bugs(ssh, s->vstring);
2703 * Decide which SSH protocol version to support.
2706 /* Anything strictly below "2.0" means protocol 1 is supported. */
2707 s->proto1 = ssh_versioncmp(s->version, "2.0") < 0;
2708 /* Anything greater or equal to "1.99" means protocol 2 is supported. */
2709 s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
2711 if (conf_get_int(ssh->conf, CONF_sshprot) == 0 && !s->proto1) {
2712 bombout(("SSH protocol version 1 required by user but not provided by server"));
2715 if (conf_get_int(ssh->conf, CONF_sshprot) == 3 && !s->proto2) {
2716 bombout(("SSH protocol version 2 required by user but not provided by server"));
2720 if (s->proto2 && (conf_get_int(ssh->conf, CONF_sshprot) >= 2 || !s->proto1))
2725 logeventf(ssh, "Using SSH protocol version %d", ssh->version);
2727 /* Send the version string, if we haven't already */
2728 if (conf_get_int(ssh->conf, CONF_sshprot) != 3)
2729 ssh_send_verstring(ssh, s->version);
2731 if (ssh->version == 2) {
2734 * Record their version string.
2736 len = strcspn(s->vstring, "\015\012");
2737 ssh->v_s = snewn(len + 1, char);
2738 memcpy(ssh->v_s, s->vstring, len);
2742 * Initialise SSH-2 protocol.
2744 ssh->protocol = ssh2_protocol;
2745 ssh2_protocol_setup(ssh);
2746 ssh->s_rdpkt = ssh2_rdpkt;
2749 * Initialise SSH-1 protocol.
2751 ssh->protocol = ssh1_protocol;
2752 ssh1_protocol_setup(ssh);
2753 ssh->s_rdpkt = ssh1_rdpkt;
2755 if (ssh->version == 2)
2756 do_ssh2_transport(ssh, NULL, -1, NULL);
2758 update_specials_menu(ssh->frontend);
2759 ssh->state = SSH_STATE_BEFORE_SIZE;
2760 ssh->pinger = pinger_new(ssh->conf, &ssh_backend, ssh);
2767 static void ssh_process_incoming_data(Ssh ssh,
2768 unsigned char **data, int *datalen)
2770 struct Packet *pktin;
2772 pktin = ssh->s_rdpkt(ssh, data, datalen);
2774 ssh->protocol(ssh, NULL, 0, pktin);
2775 ssh_free_packet(pktin);
2779 static void ssh_queue_incoming_data(Ssh ssh,
2780 unsigned char **data, int *datalen)
2782 bufchain_add(&ssh->queued_incoming_data, *data, *datalen);
2787 static void ssh_process_queued_incoming_data(Ssh ssh)
2790 unsigned char *data;
2793 while (!ssh->frozen && bufchain_size(&ssh->queued_incoming_data)) {
2794 bufchain_prefix(&ssh->queued_incoming_data, &vdata, &len);
2798 while (!ssh->frozen && len > 0)
2799 ssh_process_incoming_data(ssh, &data, &len);
2802 bufchain_consume(&ssh->queued_incoming_data, origlen - len);
2806 static void ssh_set_frozen(Ssh ssh, int frozen)
2809 sk_set_frozen(ssh->s, frozen);
2810 ssh->frozen = frozen;
2813 static void ssh_gotdata(Ssh ssh, unsigned char *data, int datalen)
2815 /* Log raw data, if we're in that mode. */
2817 log_packet(ssh->logctx, PKT_INCOMING, -1, NULL, data, datalen,
2820 crBegin(ssh->ssh_gotdata_crstate);
2823 * To begin with, feed the characters one by one to the
2824 * protocol initialisation / selection function do_ssh_init().
2825 * When that returns 0, we're done with the initial greeting
2826 * exchange and can move on to packet discipline.
2829 int ret; /* need not be kept across crReturn */
2831 crReturnV; /* more data please */
2832 ret = do_ssh_init(ssh, *data);
2840 * We emerge from that loop when the initial negotiation is
2841 * over and we have selected an s_rdpkt function. Now pass
2842 * everything to s_rdpkt, and then pass the resulting packets
2843 * to the proper protocol handler.
2847 while (bufchain_size(&ssh->queued_incoming_data) > 0 || datalen > 0) {
2849 ssh_queue_incoming_data(ssh, &data, &datalen);
2850 /* This uses up all data and cannot cause anything interesting
2851 * to happen; indeed, for anything to happen at all, we must
2852 * return, so break out. */
2854 } else if (bufchain_size(&ssh->queued_incoming_data) > 0) {
2855 /* This uses up some or all data, and may freeze the
2857 ssh_process_queued_incoming_data(ssh);
2859 /* This uses up some or all data, and may freeze the
2861 ssh_process_incoming_data(ssh, &data, &datalen);
2863 /* FIXME this is probably EBW. */
2864 if (ssh->state == SSH_STATE_CLOSED)
2867 /* We're out of data. Go and get some more. */
2873 static int ssh_do_close(Ssh ssh, int notify_exit)
2876 struct ssh_channel *c;
2878 ssh->state = SSH_STATE_CLOSED;
2879 expire_timer_context(ssh);
2884 notify_remote_exit(ssh->frontend);
2889 * Now we must shut down any port- and X-forwarded channels going
2890 * through this connection.
2892 if (ssh->channels) {
2893 while (NULL != (c = index234(ssh->channels, 0))) {
2896 x11_close(c->u.x11.s);
2899 case CHAN_SOCKDATA_DORMANT:
2900 pfd_close(c->u.pfd.s);
2903 del234(ssh->channels, c); /* moving next one to index 0 */
2904 if (ssh->version == 2)
2905 bufchain_clear(&c->v.v2.outbuffer);
2910 * Go through port-forwardings, and close any associated
2911 * listening sockets.
2913 if (ssh->portfwds) {
2914 struct ssh_portfwd *pf;
2915 while (NULL != (pf = index234(ssh->portfwds, 0))) {
2916 /* Dispose of any listening socket. */
2918 pfd_terminate(pf->local);
2919 del234(ssh->portfwds, pf); /* moving next one to index 0 */
2922 freetree234(ssh->portfwds);
2923 ssh->portfwds = NULL;
2929 static void ssh_log(Plug plug, int type, SockAddr addr, int port,
2930 const char *error_msg, int error_code)
2932 Ssh ssh = (Ssh) plug;
2933 char addrbuf[256], *msg;
2935 sk_getaddr(addr, addrbuf, lenof(addrbuf));
2938 msg = dupprintf("Connecting to %s port %d", addrbuf, port);
2940 msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg);
2946 static int ssh_closing(Plug plug, const char *error_msg, int error_code,
2949 Ssh ssh = (Ssh) plug;
2950 int need_notify = ssh_do_close(ssh, FALSE);
2953 if (!ssh->close_expected)
2954 error_msg = "Server unexpectedly closed network connection";
2956 error_msg = "Server closed network connection";
2959 if (ssh->close_expected && ssh->clean_exit && ssh->exitcode < 0)
2963 notify_remote_exit(ssh->frontend);
2966 logevent(error_msg);
2967 if (!ssh->close_expected || !ssh->clean_exit)
2968 connection_fatal(ssh->frontend, "%s", error_msg);
2972 static int ssh_receive(Plug plug, int urgent, char *data, int len)
2974 Ssh ssh = (Ssh) plug;
2975 ssh_gotdata(ssh, (unsigned char *)data, len);
2976 if (ssh->state == SSH_STATE_CLOSED) {
2977 ssh_do_close(ssh, TRUE);
2983 static void ssh_sent(Plug plug, int bufsize)
2985 Ssh ssh = (Ssh) plug;
2987 * If the send backlog on the SSH socket itself clears, we
2988 * should unthrottle the whole world if it was throttled.
2990 if (bufsize < SSH_MAX_BACKLOG)
2991 ssh_throttle_all(ssh, 0, bufsize);
2995 * Connect to specified host and port.
2996 * Returns an error message, or NULL on success.
2997 * Also places the canonical host name into `realhost'. It must be
2998 * freed by the caller.
3000 static const char *connect_to_host(Ssh ssh, char *host, int port,
3001 char **realhost, int nodelay, int keepalive)
3003 static const struct plug_function_table fn_table = {
3014 int addressfamily, sshprot;
3016 loghost = conf_get_str(ssh->conf, CONF_loghost);
3020 ssh->savedhost = dupstr(loghost);
3021 ssh->savedport = 22; /* default ssh port */
3024 * A colon suffix on savedhost also lets us affect
3027 * (FIXME: do something about IPv6 address literals here.)
3029 colon = strrchr(ssh->savedhost, ':');
3033 ssh->savedport = atoi(colon);
3036 ssh->savedhost = dupstr(host);
3038 port = 22; /* default ssh port */
3039 ssh->savedport = port;
3045 addressfamily = conf_get_int(ssh->conf, CONF_addressfamily);
3046 logeventf(ssh, "Looking up host \"%s\"%s", host,
3047 (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
3048 (addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
3049 addr = name_lookup(host, port, realhost, ssh->conf, addressfamily);
3050 if ((err = sk_addr_error(addr)) != NULL) {
3054 ssh->fullhostname = dupstr(*realhost); /* save in case of GSSAPI */
3059 ssh->fn = &fn_table;
3060 ssh->s = new_connection(addr, *realhost, port,
3061 0, 1, nodelay, keepalive, (Plug) ssh, ssh->conf);
3062 if ((err = sk_socket_error(ssh->s)) != NULL) {
3064 notify_remote_exit(ssh->frontend);
3069 * If the SSH version number's fixed, set it now, and if it's SSH-2,
3070 * send the version string too.
3072 sshprot = conf_get_int(ssh->conf, CONF_sshprot);
3077 ssh_send_verstring(ssh, NULL);
3081 * loghost, if configured, overrides realhost.
3085 *realhost = dupstr(loghost);
3092 * Throttle or unthrottle the SSH connection.
3094 static void ssh_throttle_conn(Ssh ssh, int adjust)
3096 int old_count = ssh->conn_throttle_count;
3097 ssh->conn_throttle_count += adjust;
3098 assert(ssh->conn_throttle_count >= 0);
3099 if (ssh->conn_throttle_count && !old_count) {
3100 ssh_set_frozen(ssh, 1);
3101 } else if (!ssh->conn_throttle_count && old_count) {
3102 ssh_set_frozen(ssh, 0);
3107 * Throttle or unthrottle _all_ local data streams (for when sends
3108 * on the SSH connection itself back up).
3110 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
3113 struct ssh_channel *c;
3115 if (enable == ssh->throttled_all)
3117 ssh->throttled_all = enable;
3118 ssh->overall_bufsize = bufsize;
3121 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
3123 case CHAN_MAINSESSION:
3125 * This is treated separately, outside the switch.
3129 x11_override_throttle(c->u.x11.s, enable);
3132 /* Agent channels require no buffer management. */
3135 pfd_override_throttle(c->u.pfd.s, enable);
3141 static void ssh_agent_callback(void *sshv, void *reply, int replylen)
3143 Ssh ssh = (Ssh) sshv;
3145 ssh->agent_response = reply;
3146 ssh->agent_response_len = replylen;
3148 if (ssh->version == 1)
3149 do_ssh1_login(ssh, NULL, -1, NULL);
3151 do_ssh2_authconn(ssh, NULL, -1, NULL);
3154 static void ssh_dialog_callback(void *sshv, int ret)
3156 Ssh ssh = (Ssh) sshv;
3158 ssh->user_response = ret;
3160 if (ssh->version == 1)
3161 do_ssh1_login(ssh, NULL, -1, NULL);
3163 do_ssh2_transport(ssh, NULL, -1, NULL);
3166 * This may have unfrozen the SSH connection, so do a
3169 ssh_process_queued_incoming_data(ssh);
3172 static void ssh_agentf_callback(void *cv, void *reply, int replylen)
3174 struct ssh_channel *c = (struct ssh_channel *)cv;
3176 void *sentreply = reply;
3179 /* Fake SSH_AGENT_FAILURE. */
3180 sentreply = "\0\0\0\1\5";
3183 if (ssh->version == 2) {
3184 ssh2_add_channel_data(c, sentreply, replylen);
3187 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
3188 PKT_INT, c->remoteid,
3191 PKT_DATA, sentreply, replylen,
3200 * Client-initiated disconnection. Send a DISCONNECT if `wire_reason'
3201 * non-NULL, otherwise just close the connection. `client_reason' == NULL
3202 * => log `wire_reason'.
3204 static void ssh_disconnect(Ssh ssh, char *client_reason, char *wire_reason,
3205 int code, int clean_exit)
3209 client_reason = wire_reason;
3211 error = dupprintf("Disconnected: %s", client_reason);
3213 error = dupstr("Disconnected");
3215 if (ssh->version == 1) {
3216 send_packet(ssh, SSH1_MSG_DISCONNECT, PKT_STR, wire_reason,
3218 } else if (ssh->version == 2) {
3219 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
3220 ssh2_pkt_adduint32(pktout, code);
3221 ssh2_pkt_addstring(pktout, wire_reason);
3222 ssh2_pkt_addstring(pktout, "en"); /* language tag */
3223 ssh2_pkt_send_noqueue(ssh, pktout);
3226 ssh->close_expected = TRUE;
3227 ssh->clean_exit = clean_exit;
3228 ssh_closing((Plug)ssh, error, 0, 0);
3233 * Handle the key exchange and user authentication phases.
3235 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
3236 struct Packet *pktin)
3239 unsigned char cookie[8], *ptr;
3240 struct RSAKey servkey, hostkey;
3241 struct MD5Context md5c;
3242 struct do_ssh1_login_state {
3244 unsigned char *rsabuf, *keystr1, *keystr2;
3245 unsigned long supported_ciphers_mask, supported_auths_mask;
3246 int tried_publickey, tried_agent;
3247 int tis_auth_refused, ccard_auth_refused;
3248 unsigned char session_id[16];
3250 void *publickey_blob;
3251 int publickey_bloblen;
3252 char *publickey_comment;
3253 int publickey_encrypted;
3254 prompts_t *cur_prompt;
3257 unsigned char request[5], *response, *p;
3268 crState(do_ssh1_login_state);
3270 crBegin(ssh->do_ssh1_login_crstate);
3275 if (pktin->type != SSH1_SMSG_PUBLIC_KEY) {
3276 bombout(("Public key packet not received"));
3280 logevent("Received public keys");
3282 ptr = ssh_pkt_getdata(pktin, 8);
3284 bombout(("SSH-1 public key packet stopped before random cookie"));
3287 memcpy(cookie, ptr, 8);
3289 if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
3290 !ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
3291 bombout(("Failed to read SSH-1 public keys from public key packet"));
3296 * Log the host key fingerprint.
3300 logevent("Host key fingerprint is:");
3301 strcpy(logmsg, " ");
3302 hostkey.comment = NULL;
3303 rsa_fingerprint(logmsg + strlen(logmsg),
3304 sizeof(logmsg) - strlen(logmsg), &hostkey);
3308 ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
3309 s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
3310 s->supported_auths_mask = ssh_pkt_getuint32(pktin);
3311 if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA))
3312 s->supported_auths_mask &= ~(1 << SSH1_AUTH_RSA);
3314 ssh->v1_local_protoflags =
3315 ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
3316 ssh->v1_local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
3319 MD5Update(&md5c, s->keystr2, hostkey.bytes);
3320 MD5Update(&md5c, s->keystr1, servkey.bytes);
3321 MD5Update(&md5c, cookie, 8);
3322 MD5Final(s->session_id, &md5c);
3324 for (i = 0; i < 32; i++)
3325 ssh->session_key[i] = random_byte();
3328 * Verify that the `bits' and `bytes' parameters match.
3330 if (hostkey.bits > hostkey.bytes * 8 ||
3331 servkey.bits > servkey.bytes * 8) {
3332 bombout(("SSH-1 public keys were badly formatted"));
3336 s->len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
3338 s->rsabuf = snewn(s->len, unsigned char);
3341 * Verify the host key.
3345 * First format the key into a string.
3347 int len = rsastr_len(&hostkey);
3348 char fingerprint[100];
3349 char *keystr = snewn(len, char);
3350 rsastr_fmt(keystr, &hostkey);
3351 rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey);
3353 ssh_set_frozen(ssh, 1);
3354 s->dlgret = verify_ssh_host_key(ssh->frontend,
3355 ssh->savedhost, ssh->savedport,
3356 "rsa", keystr, fingerprint,
3357 ssh_dialog_callback, ssh);
3359 if (s->dlgret < 0) {
3363 bombout(("Unexpected data from server while waiting"
3364 " for user host key response"));
3367 } while (pktin || inlen > 0);
3368 s->dlgret = ssh->user_response;
3370 ssh_set_frozen(ssh, 0);
3372 if (s->dlgret == 0) {
3373 ssh_disconnect(ssh, "User aborted at host key verification",
3379 for (i = 0; i < 32; i++) {
3380 s->rsabuf[i] = ssh->session_key[i];
3382 s->rsabuf[i] ^= s->session_id[i];
3385 if (hostkey.bytes > servkey.bytes) {
3386 ret = rsaencrypt(s->rsabuf, 32, &servkey);
3388 ret = rsaencrypt(s->rsabuf, servkey.bytes, &hostkey);
3390 ret = rsaencrypt(s->rsabuf, 32, &hostkey);
3392 ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
3395 bombout(("SSH-1 public key encryptions failed due to bad formatting"));
3399 logevent("Encrypted session key");
3402 int cipher_chosen = 0, warn = 0;
3403 char *cipher_string = NULL;
3405 for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
3406 int next_cipher = conf_get_int_int(ssh->conf,
3407 CONF_ssh_cipherlist, i);
3408 if (next_cipher == CIPHER_WARN) {
3409 /* If/when we choose a cipher, warn about it */
3411 } else if (next_cipher == CIPHER_AES) {
3412 /* XXX Probably don't need to mention this. */
3413 logevent("AES not supported in SSH-1, skipping");
3415 switch (next_cipher) {
3416 case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
3417 cipher_string = "3DES"; break;
3418 case CIPHER_BLOWFISH: s->cipher_type = SSH_CIPHER_BLOWFISH;
3419 cipher_string = "Blowfish"; break;
3420 case CIPHER_DES: s->cipher_type = SSH_CIPHER_DES;
3421 cipher_string = "single-DES"; break;
3423 if (s->supported_ciphers_mask & (1 << s->cipher_type))
3427 if (!cipher_chosen) {
3428 if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
3429 bombout(("Server violates SSH-1 protocol by not "
3430 "supporting 3DES encryption"));
3432 /* shouldn't happen */
3433 bombout(("No supported ciphers found"));
3437 /* Warn about chosen cipher if necessary. */
3439 ssh_set_frozen(ssh, 1);
3440 s->dlgret = askalg(ssh->frontend, "cipher", cipher_string,
3441 ssh_dialog_callback, ssh);
3442 if (s->dlgret < 0) {
3446 bombout(("Unexpected data from server while waiting"
3447 " for user response"));
3450 } while (pktin || inlen > 0);
3451 s->dlgret = ssh->user_response;
3453 ssh_set_frozen(ssh, 0);
3454 if (s->dlgret == 0) {
3455 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
3462 switch (s->cipher_type) {
3463 case SSH_CIPHER_3DES:
3464 logevent("Using 3DES encryption");
3466 case SSH_CIPHER_DES:
3467 logevent("Using single-DES encryption");
3469 case SSH_CIPHER_BLOWFISH:
3470 logevent("Using Blowfish encryption");
3474 send_packet(ssh, SSH1_CMSG_SESSION_KEY,
3475 PKT_CHAR, s->cipher_type,
3476 PKT_DATA, cookie, 8,
3477 PKT_CHAR, (s->len * 8) >> 8, PKT_CHAR, (s->len * 8) & 0xFF,
3478 PKT_DATA, s->rsabuf, s->len,
3479 PKT_INT, ssh->v1_local_protoflags, PKT_END);
3481 logevent("Trying to enable encryption...");
3485 ssh->cipher = (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 :
3486 s->cipher_type == SSH_CIPHER_DES ? &ssh_des :
3488 ssh->v1_cipher_ctx = ssh->cipher->make_context();
3489 ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key);
3490 logeventf(ssh, "Initialised %s encryption", ssh->cipher->text_name);
3492 ssh->crcda_ctx = crcda_make_context();
3493 logevent("Installing CRC compensation attack detector");
3495 if (servkey.modulus) {
3496 sfree(servkey.modulus);
3497 servkey.modulus = NULL;
3499 if (servkey.exponent) {
3500 sfree(servkey.exponent);
3501 servkey.exponent = NULL;
3503 if (hostkey.modulus) {
3504 sfree(hostkey.modulus);
3505 hostkey.modulus = NULL;
3507 if (hostkey.exponent) {
3508 sfree(hostkey.exponent);
3509 hostkey.exponent = NULL;
3513 if (pktin->type != SSH1_SMSG_SUCCESS) {
3514 bombout(("Encryption not successfully enabled"));
3518 logevent("Successfully started encryption");
3520 fflush(stdout); /* FIXME eh? */
3522 if ((ssh->username = get_remote_username(ssh->conf)) == NULL) {
3523 int ret; /* need not be kept over crReturn */
3524 s->cur_prompt = new_prompts(ssh->frontend);
3525 s->cur_prompt->to_server = TRUE;
3526 s->cur_prompt->name = dupstr("SSH login name");
3527 /* 512 is an arbitrary upper limit on username size */
3528 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE, 512);
3529 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3532 crWaitUntil(!pktin);
3533 ret = get_userpass_input(s->cur_prompt, in, inlen);
3538 * Failed to get a username. Terminate.
3540 free_prompts(s->cur_prompt);
3541 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
3544 ssh->username = dupstr(s->cur_prompt->prompts[0]->result);
3545 free_prompts(s->cur_prompt);
3548 send_packet(ssh, SSH1_CMSG_USER, PKT_STR, ssh->username, PKT_END);
3550 char *userlog = dupprintf("Sent username \"%s\"", ssh->username);
3552 if (flags & FLAG_INTERACTIVE &&
3553 (!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
3554 c_write_str(ssh, userlog);
3555 c_write_str(ssh, "\r\n");
3563 if ((s->supported_auths_mask & (1 << SSH1_AUTH_RSA)) == 0) {
3564 /* We must not attempt PK auth. Pretend we've already tried it. */
3565 s->tried_publickey = s->tried_agent = 1;
3567 s->tried_publickey = s->tried_agent = 0;
3569 s->tis_auth_refused = s->ccard_auth_refused = 0;
3571 * Load the public half of any configured keyfile for later use.
3573 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3574 if (!filename_is_null(*s->keyfile)) {
3576 logeventf(ssh, "Reading private key file \"%.150s\"",
3577 filename_to_str(s->keyfile));
3578 keytype = key_type(s->keyfile);
3579 if (keytype == SSH_KEYTYPE_SSH1) {
3581 if (rsakey_pubblob(s->keyfile,
3582 &s->publickey_blob, &s->publickey_bloblen,
3583 &s->publickey_comment, &error)) {
3584 s->publickey_encrypted = rsakey_encrypted(s->keyfile,
3588 logeventf(ssh, "Unable to load private key (%s)", error);
3589 msgbuf = dupprintf("Unable to load private key file "
3590 "\"%.150s\" (%s)\r\n",
3591 filename_to_str(s->keyfile),
3593 c_write_str(ssh, msgbuf);
3595 s->publickey_blob = NULL;
3599 logeventf(ssh, "Unable to use this key file (%s)",
3600 key_type_to_str(keytype));
3601 msgbuf = dupprintf("Unable to use key file \"%.150s\""
3603 filename_to_str(s->keyfile),
3604 key_type_to_str(keytype));
3605 c_write_str(ssh, msgbuf);
3607 s->publickey_blob = NULL;
3610 s->publickey_blob = NULL;
3612 while (pktin->type == SSH1_SMSG_FAILURE) {
3613 s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
3615 if (conf_get_int(ssh->conf, CONF_tryagent) && agent_exists() && !s->tried_agent) {
3617 * Attempt RSA authentication using Pageant.
3623 logevent("Pageant is running. Requesting keys.");
3625 /* Request the keys held by the agent. */
3626 PUT_32BIT(s->request, 1);
3627 s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
3628 if (!agent_query(s->request, 5, &r, &s->responselen,
3629 ssh_agent_callback, ssh)) {
3633 bombout(("Unexpected data from server while waiting"
3634 " for agent response"));
3637 } while (pktin || inlen > 0);
3638 r = ssh->agent_response;
3639 s->responselen = ssh->agent_response_len;
3641 s->response = (unsigned char *) r;
3642 if (s->response && s->responselen >= 5 &&
3643 s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
3644 s->p = s->response + 5;
3645 s->nkeys = GET_32BIT(s->p);
3647 logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
3648 for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
3649 unsigned char *pkblob = s->p;
3653 do { /* do while (0) to make breaking easy */
3654 n = ssh1_read_bignum
3655 (s->p, s->responselen-(s->p-s->response),
3660 n = ssh1_read_bignum
3661 (s->p, s->responselen-(s->p-s->response),
3666 if (s->responselen - (s->p-s->response) < 4)
3668 s->commentlen = GET_32BIT(s->p);
3670 if (s->responselen - (s->p-s->response) <
3673 s->commentp = (char *)s->p;
3674 s->p += s->commentlen;
3678 logevent("Pageant key list packet was truncated");
3682 if (s->publickey_blob) {
3683 if (!memcmp(pkblob, s->publickey_blob,
3684 s->publickey_bloblen)) {
3685 logeventf(ssh, "Pageant key #%d matches "
3686 "configured key file", s->keyi);
3687 s->tried_publickey = 1;
3689 /* Skip non-configured key */
3692 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
3693 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3694 PKT_BIGNUM, s->key.modulus, PKT_END);
3696 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3697 logevent("Key refused");
3700 logevent("Received RSA challenge");
3701 if ((s->challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3702 bombout(("Server's RSA challenge was badly formatted"));
3707 char *agentreq, *q, *ret;
3710 len = 1 + 4; /* message type, bit count */
3711 len += ssh1_bignum_length(s->key.exponent);
3712 len += ssh1_bignum_length(s->key.modulus);
3713 len += ssh1_bignum_length(s->challenge);
3714 len += 16; /* session id */
3715 len += 4; /* response format */
3716 agentreq = snewn(4 + len, char);
3717 PUT_32BIT(agentreq, len);
3719 *q++ = SSH1_AGENTC_RSA_CHALLENGE;
3720 PUT_32BIT(q, bignum_bitcount(s->key.modulus));
3722 q += ssh1_write_bignum(q, s->key.exponent);
3723 q += ssh1_write_bignum(q, s->key.modulus);
3724 q += ssh1_write_bignum(q, s->challenge);
3725 memcpy(q, s->session_id, 16);
3727 PUT_32BIT(q, 1); /* response format */
3728 if (!agent_query(agentreq, len + 4, &vret, &retlen,
3729 ssh_agent_callback, ssh)) {
3734 bombout(("Unexpected data from server"
3735 " while waiting for agent"
3739 } while (pktin || inlen > 0);
3740 vret = ssh->agent_response;
3741 retlen = ssh->agent_response_len;
3746 if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
3747 logevent("Sending Pageant's response");
3748 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3749 PKT_DATA, ret + 5, 16,
3753 if (pktin->type == SSH1_SMSG_SUCCESS) {
3755 ("Pageant's response accepted");
3756 if (flags & FLAG_VERBOSE) {
3757 c_write_str(ssh, "Authenticated using"
3759 c_write(ssh, s->commentp,
3761 c_write_str(ssh, "\" from agent\r\n");
3766 ("Pageant's response not accepted");
3769 ("Pageant failed to answer challenge");
3773 logevent("No reply received from Pageant");
3776 freebn(s->key.exponent);
3777 freebn(s->key.modulus);
3778 freebn(s->challenge);
3783 if (s->publickey_blob && !s->tried_publickey)
3784 logevent("Configured key file not in Pageant");
3786 logevent("Failed to get reply from Pageant");
3791 if (s->publickey_blob && !s->tried_publickey) {
3793 * Try public key authentication with the specified
3796 int got_passphrase; /* need not be kept over crReturn */
3797 if (flags & FLAG_VERBOSE)
3798 c_write_str(ssh, "Trying public key authentication.\r\n");
3799 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3800 logeventf(ssh, "Trying public key \"%s\"",
3801 filename_to_str(s->keyfile));
3802 s->tried_publickey = 1;
3803 got_passphrase = FALSE;
3804 while (!got_passphrase) {
3806 * Get a passphrase, if necessary.
3808 char *passphrase = NULL; /* only written after crReturn */
3810 if (!s->publickey_encrypted) {
3811 if (flags & FLAG_VERBOSE)
3812 c_write_str(ssh, "No passphrase required.\r\n");
3815 int ret; /* need not be kept over crReturn */
3816 s->cur_prompt = new_prompts(ssh->frontend);
3817 s->cur_prompt->to_server = FALSE;
3818 s->cur_prompt->name = dupstr("SSH key passphrase");
3819 add_prompt(s->cur_prompt,
3820 dupprintf("Passphrase for key \"%.100s\": ",
3821 s->publickey_comment),
3822 FALSE, SSH_MAX_PASSWORD_LEN);
3823 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3826 crWaitUntil(!pktin);
3827 ret = get_userpass_input(s->cur_prompt, in, inlen);
3831 /* Failed to get a passphrase. Terminate. */
3832 free_prompts(s->cur_prompt);
3833 ssh_disconnect(ssh, NULL, "Unable to authenticate",
3837 passphrase = dupstr(s->cur_prompt->prompts[0]->result);
3838 free_prompts(s->cur_prompt);
3841 * Try decrypting key with passphrase.
3843 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3844 ret = loadrsakey(s->keyfile, &s->key, passphrase,
3847 memset(passphrase, 0, strlen(passphrase));
3851 /* Correct passphrase. */
3852 got_passphrase = TRUE;
3853 } else if (ret == 0) {
3854 c_write_str(ssh, "Couldn't load private key from ");
3855 c_write_str(ssh, filename_to_str(s->keyfile));
3856 c_write_str(ssh, " (");
3857 c_write_str(ssh, error);
3858 c_write_str(ssh, ").\r\n");
3859 got_passphrase = FALSE;
3860 break; /* go and try something else */
3861 } else if (ret == -1) {
3862 c_write_str(ssh, "Wrong passphrase.\r\n"); /* FIXME */
3863 got_passphrase = FALSE;
3866 assert(0 && "unexpected return from loadrsakey()");
3867 got_passphrase = FALSE; /* placate optimisers */
3871 if (got_passphrase) {
3874 * Send a public key attempt.
3876 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3877 PKT_BIGNUM, s->key.modulus, PKT_END);
3880 if (pktin->type == SSH1_SMSG_FAILURE) {
3881 c_write_str(ssh, "Server refused our public key.\r\n");
3882 continue; /* go and try something else */
3884 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3885 bombout(("Bizarre response to offer of public key"));
3891 unsigned char buffer[32];
3892 Bignum challenge, response;
3894 if ((challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3895 bombout(("Server's RSA challenge was badly formatted"));
3898 response = rsadecrypt(challenge, &s->key);
3899 freebn(s->key.private_exponent);/* burn the evidence */
3901 for (i = 0; i < 32; i++) {
3902 buffer[i] = bignum_byte(response, 31 - i);
3906 MD5Update(&md5c, buffer, 32);
3907 MD5Update(&md5c, s->session_id, 16);
3908 MD5Final(buffer, &md5c);
3910 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3911 PKT_DATA, buffer, 16, PKT_END);
3918 if (pktin->type == SSH1_SMSG_FAILURE) {
3919 if (flags & FLAG_VERBOSE)
3920 c_write_str(ssh, "Failed to authenticate with"
3921 " our public key.\r\n");
3922 continue; /* go and try something else */
3923 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
3924 bombout(("Bizarre response to RSA authentication response"));
3928 break; /* we're through! */
3934 * Otherwise, try various forms of password-like authentication.
3936 s->cur_prompt = new_prompts(ssh->frontend);
3938 if (conf_get_int(ssh->conf, CONF_try_tis_auth) &&
3939 (s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
3940 !s->tis_auth_refused) {
3941 s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
3942 logevent("Requested TIS authentication");
3943 send_packet(ssh, SSH1_CMSG_AUTH_TIS, PKT_END);
3945 if (pktin->type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
3946 logevent("TIS authentication declined");
3947 if (flags & FLAG_INTERACTIVE)
3948 c_write_str(ssh, "TIS authentication refused.\r\n");
3949 s->tis_auth_refused = 1;
3954 char *instr_suf, *prompt;
3956 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3958 bombout(("TIS challenge packet was badly formed"));
3961 logevent("Received TIS challenge");
3962 s->cur_prompt->to_server = TRUE;
3963 s->cur_prompt->name = dupstr("SSH TIS authentication");
3964 /* Prompt heuristic comes from OpenSSH */
3965 if (memchr(challenge, '\n', challengelen)) {
3966 instr_suf = dupstr("");
3967 prompt = dupprintf("%.*s", challengelen, challenge);
3969 instr_suf = dupprintf("%.*s", challengelen, challenge);
3970 prompt = dupstr("Response: ");
3972 s->cur_prompt->instruction =
3973 dupprintf("Using TIS authentication.%s%s",
3974 (*instr_suf) ? "\n" : "",
3976 s->cur_prompt->instr_reqd = TRUE;
3977 add_prompt(s->cur_prompt, prompt, FALSE, SSH_MAX_PASSWORD_LEN);
3981 if (conf_get_int(ssh->conf, CONF_try_tis_auth) &&
3982 (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
3983 !s->ccard_auth_refused) {
3984 s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
3985 logevent("Requested CryptoCard authentication");
3986 send_packet(ssh, SSH1_CMSG_AUTH_CCARD, PKT_END);
3988 if (pktin->type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
3989 logevent("CryptoCard authentication declined");
3990 c_write_str(ssh, "CryptoCard authentication refused.\r\n");
3991 s->ccard_auth_refused = 1;
3996 char *instr_suf, *prompt;
3998 ssh_pkt_getstring(pktin, &challenge, &challengelen);
4000 bombout(("CryptoCard challenge packet was badly formed"));
4003 logevent("Received CryptoCard challenge");
4004 s->cur_prompt->to_server = TRUE;
4005 s->cur_prompt->name = dupstr("SSH CryptoCard authentication");
4006 s->cur_prompt->name_reqd = FALSE;
4007 /* Prompt heuristic comes from OpenSSH */
4008 if (memchr(challenge, '\n', challengelen)) {
4009 instr_suf = dupstr("");
4010 prompt = dupprintf("%.*s", challengelen, challenge);
4012 instr_suf = dupprintf("%.*s", challengelen, challenge);
4013 prompt = dupstr("Response: ");
4015 s->cur_prompt->instruction =
4016 dupprintf("Using CryptoCard authentication.%s%s",
4017 (*instr_suf) ? "\n" : "",
4019 s->cur_prompt->instr_reqd = TRUE;
4020 add_prompt(s->cur_prompt, prompt, FALSE, SSH_MAX_PASSWORD_LEN);
4024 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
4025 if ((s->supported_auths_mask & (1 << SSH1_AUTH_PASSWORD)) == 0) {
4026 bombout(("No supported authentication methods available"));
4029 s->cur_prompt->to_server = TRUE;
4030 s->cur_prompt->name = dupstr("SSH password");
4031 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
4032 ssh->username, ssh->savedhost),
4033 FALSE, SSH_MAX_PASSWORD_LEN);
4037 * Show password prompt, having first obtained it via a TIS
4038 * or CryptoCard exchange if we're doing TIS or CryptoCard
4042 int ret; /* need not be kept over crReturn */
4043 ret = get_userpass_input(s->cur_prompt, NULL, 0);
4046 crWaitUntil(!pktin);
4047 ret = get_userpass_input(s->cur_prompt, in, inlen);
4052 * Failed to get a password (for example
4053 * because one was supplied on the command line
4054 * which has already failed to work). Terminate.
4056 free_prompts(s->cur_prompt);
4057 ssh_disconnect(ssh, NULL, "Unable to authenticate", 0, TRUE);
4062 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
4064 * Defence against traffic analysis: we send a
4065 * whole bunch of packets containing strings of
4066 * different lengths. One of these strings is the
4067 * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
4068 * The others are all random data in
4069 * SSH1_MSG_IGNORE packets. This way a passive
4070 * listener can't tell which is the password, and
4071 * hence can't deduce the password length.
4073 * Anybody with a password length greater than 16
4074 * bytes is going to have enough entropy in their
4075 * password that a listener won't find it _that_
4076 * much help to know how long it is. So what we'll
4079 * - if password length < 16, we send 15 packets
4080 * containing string lengths 1 through 15
4082 * - otherwise, we let N be the nearest multiple
4083 * of 8 below the password length, and send 8
4084 * packets containing string lengths N through
4085 * N+7. This won't obscure the order of
4086 * magnitude of the password length, but it will
4087 * introduce a bit of extra uncertainty.
4089 * A few servers can't deal with SSH1_MSG_IGNORE, at
4090 * least in this context. For these servers, we need
4091 * an alternative defence. We make use of the fact
4092 * that the password is interpreted as a C string:
4093 * so we can append a NUL, then some random data.
4095 * A few servers can deal with neither SSH1_MSG_IGNORE
4096 * here _nor_ a padded password string.
4097 * For these servers we are left with no defences
4098 * against password length sniffing.
4100 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE) &&
4101 !(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4103 * The server can deal with SSH1_MSG_IGNORE, so
4104 * we can use the primary defence.
4106 int bottom, top, pwlen, i;
4109 pwlen = strlen(s->cur_prompt->prompts[0]->result);
4111 bottom = 0; /* zero length passwords are OK! :-) */
4114 bottom = pwlen & ~7;
4118 assert(pwlen >= bottom && pwlen <= top);
4120 randomstr = snewn(top + 1, char);
4122 for (i = bottom; i <= top; i++) {
4124 defer_packet(ssh, s->pwpkt_type,
4125 PKTT_PASSWORD, PKT_STR,
4126 s->cur_prompt->prompts[0]->result,
4127 PKTT_OTHER, PKT_END);
4129 for (j = 0; j < i; j++) {
4131 randomstr[j] = random_byte();
4132 } while (randomstr[j] == '\0');
4134 randomstr[i] = '\0';
4135 defer_packet(ssh, SSH1_MSG_IGNORE,
4136 PKT_STR, randomstr, PKT_END);
4139 logevent("Sending password with camouflage packets");
4140 ssh_pkt_defersend(ssh);
4143 else if (!(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4145 * The server can't deal with SSH1_MSG_IGNORE
4146 * but can deal with padded passwords, so we
4147 * can use the secondary defence.
4153 len = strlen(s->cur_prompt->prompts[0]->result);
4154 if (len < sizeof(string)) {
4156 strcpy(string, s->cur_prompt->prompts[0]->result);
4157 len++; /* cover the zero byte */
4158 while (len < sizeof(string)) {
4159 string[len++] = (char) random_byte();
4162 ss = s->cur_prompt->prompts[0]->result;
4164 logevent("Sending length-padded password");
4165 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4166 PKT_INT, len, PKT_DATA, ss, len,
4167 PKTT_OTHER, PKT_END);
4170 * The server is believed unable to cope with
4171 * any of our password camouflage methods.
4174 len = strlen(s->cur_prompt->prompts[0]->result);
4175 logevent("Sending unpadded password");
4176 send_packet(ssh, s->pwpkt_type,
4177 PKTT_PASSWORD, PKT_INT, len,
4178 PKT_DATA, s->cur_prompt->prompts[0]->result, len,
4179 PKTT_OTHER, PKT_END);
4182 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4183 PKT_STR, s->cur_prompt->prompts[0]->result,
4184 PKTT_OTHER, PKT_END);
4186 logevent("Sent password");
4187 free_prompts(s->cur_prompt);
4189 if (pktin->type == SSH1_SMSG_FAILURE) {
4190 if (flags & FLAG_VERBOSE)
4191 c_write_str(ssh, "Access denied\r\n");
4192 logevent("Authentication refused");
4193 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
4194 bombout(("Strange packet received, type %d", pktin->type));
4200 if (s->publickey_blob) {
4201 sfree(s->publickey_blob);
4202 sfree(s->publickey_comment);
4205 logevent("Authentication successful");
4210 static void ssh_channel_try_eof(struct ssh_channel *c)
4213 assert(c->pending_eof); /* precondition for calling us */
4215 return; /* can't close: not even opened yet */
4216 if (ssh->version == 2 && bufchain_size(&c->v.v2.outbuffer) > 0)
4217 return; /* can't send EOF: pending outgoing data */
4219 if (ssh->version == 1) {
4220 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4222 c->closes |= CLOSES_SENT_EOF;
4224 struct Packet *pktout;
4225 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_EOF);
4226 ssh2_pkt_adduint32(pktout, c->remoteid);
4227 ssh2_pkt_send(ssh, pktout);
4228 c->closes |= CLOSES_SENT_EOF;
4229 if (!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes)) {
4231 * Also send MSG_CLOSE.
4233 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
4234 ssh2_pkt_adduint32(pktout, c->remoteid);
4235 ssh2_pkt_send(ssh, pktout);
4236 c->closes |= CLOSES_SENT_CLOSE;
4239 c->pending_eof = FALSE; /* we've sent it now */
4242 void sshfwd_write_eof(struct ssh_channel *c)
4246 if (ssh->state == SSH_STATE_CLOSED)
4249 if (c->closes & CLOSES_SENT_EOF)
4252 c->pending_eof = TRUE;
4253 ssh_channel_try_eof(c);
4256 int sshfwd_write(struct ssh_channel *c, char *buf, int len)
4260 if (ssh->state == SSH_STATE_CLOSED)
4263 if (ssh->version == 1) {
4264 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
4265 PKT_INT, c->remoteid,
4266 PKT_INT, len, PKTT_DATA, PKT_DATA, buf, len,
4267 PKTT_OTHER, PKT_END);
4269 * In SSH-1 we can return 0 here - implying that forwarded
4270 * connections are never individually throttled - because
4271 * the only circumstance that can cause throttling will be
4272 * the whole SSH connection backing up, in which case
4273 * _everything_ will be throttled as a whole.
4277 ssh2_add_channel_data(c, buf, len);
4278 return ssh2_try_send(c);
4282 void sshfwd_unthrottle(struct ssh_channel *c, int bufsize)
4287 if (ssh->state == SSH_STATE_CLOSED)
4290 if (ssh->version == 1) {
4291 buflimit = SSH1_BUFFER_LIMIT;
4293 buflimit = c->v.v2.locmaxwin;
4294 ssh2_set_window(c, bufsize < buflimit ? buflimit - bufsize : 0);
4296 if (c->throttling_conn && bufsize <= buflimit) {
4297 c->throttling_conn = 0;
4298 ssh_throttle_conn(ssh, -1);
4302 static void ssh_queueing_handler(Ssh ssh, struct Packet *pktin)
4304 struct queued_handler *qh = ssh->qhead;
4308 assert(pktin->type == qh->msg1 || pktin->type == qh->msg2);
4311 assert(ssh->packet_dispatch[qh->msg1] == ssh_queueing_handler);
4312 ssh->packet_dispatch[qh->msg1] = NULL;
4315 assert(ssh->packet_dispatch[qh->msg2] == ssh_queueing_handler);
4316 ssh->packet_dispatch[qh->msg2] = NULL;
4320 ssh->qhead = qh->next;
4322 if (ssh->qhead->msg1 > 0) {
4323 assert(ssh->packet_dispatch[ssh->qhead->msg1] == NULL);
4324 ssh->packet_dispatch[ssh->qhead->msg1] = ssh_queueing_handler;
4326 if (ssh->qhead->msg2 > 0) {
4327 assert(ssh->packet_dispatch[ssh->qhead->msg2] == NULL);
4328 ssh->packet_dispatch[ssh->qhead->msg2] = ssh_queueing_handler;
4331 ssh->qhead = ssh->qtail = NULL;
4332 ssh->packet_dispatch[pktin->type] = NULL;
4335 qh->handler(ssh, pktin, qh->ctx);
4340 static void ssh_queue_handler(Ssh ssh, int msg1, int msg2,
4341 chandler_fn_t handler, void *ctx)
4343 struct queued_handler *qh;
4345 qh = snew(struct queued_handler);
4348 qh->handler = handler;
4352 if (ssh->qtail == NULL) {
4356 assert(ssh->packet_dispatch[qh->msg1] == NULL);
4357 ssh->packet_dispatch[qh->msg1] = ssh_queueing_handler;
4360 assert(ssh->packet_dispatch[qh->msg2] == NULL);
4361 ssh->packet_dispatch[qh->msg2] = ssh_queueing_handler;
4364 ssh->qtail->next = qh;
4369 static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)
4371 struct ssh_rportfwd *rpf, *pf = (struct ssh_rportfwd *)ctx;
4373 if (pktin->type == (ssh->version == 1 ? SSH1_SMSG_SUCCESS :
4374 SSH2_MSG_REQUEST_SUCCESS)) {
4375 logeventf(ssh, "Remote port forwarding from %s enabled",
4378 logeventf(ssh, "Remote port forwarding from %s refused",
4381 rpf = del234(ssh->rportfwds, pf);
4383 pf->pfrec->remote = NULL;
4388 static void ssh_setup_portfwd(Ssh ssh, Conf *conf)
4390 struct ssh_portfwd *epf;
4394 if (!ssh->portfwds) {
4395 ssh->portfwds = newtree234(ssh_portcmp);
4398 * Go through the existing port forwardings and tag them
4399 * with status==DESTROY. Any that we want to keep will be
4400 * re-enabled (status==KEEP) as we go through the
4401 * configuration and find out which bits are the same as
4404 struct ssh_portfwd *epf;
4406 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4407 epf->status = DESTROY;
4410 for (val = conf_get_str_strs(conf, CONF_portfwd, NULL, &key);
4412 val = conf_get_str_strs(conf, CONF_portfwd, key, &key)) {
4413 char *kp, *kp2, *vp, *vp2;
4414 char address_family, type;
4415 int sport,dport,sserv,dserv;
4416 char *sports, *dports, *saddr, *host;
4420 address_family = 'A';
4422 if (*kp == 'A' || *kp == '4' || *kp == '6')
4423 address_family = *kp++;
4424 if (*kp == 'L' || *kp == 'R')
4427 if ((kp2 = strchr(kp, ':')) != NULL) {
4429 * There's a colon in the middle of the source port
4430 * string, which means that the part before it is
4431 * actually a source address.
4433 saddr = dupprintf("%.*s", (int)(kp2 - kp), kp);
4439 sport = atoi(sports);
4443 sport = net_service_lookup(sports);
4445 logeventf(ssh, "Service lookup failed for source"
4446 " port \"%s\"", sports);
4450 if (type == 'L' && !strcmp(val, "D")) {
4451 /* dynamic forwarding */
4458 /* ordinary forwarding */
4460 vp2 = vp + strcspn(vp, ":");
4461 host = dupprintf("%.*s", (int)(vp2 - vp), vp);
4465 dport = atoi(dports);
4469 dport = net_service_lookup(dports);
4471 logeventf(ssh, "Service lookup failed for destination"
4472 " port \"%s\"", dports);
4477 if (sport && dport) {
4478 /* Set up a description of the source port. */
4479 struct ssh_portfwd *pfrec, *epfrec;
4481 pfrec = snew(struct ssh_portfwd);
4483 pfrec->saddr = saddr;
4484 pfrec->sserv = sserv ? dupstr(sports) : NULL;
4485 pfrec->sport = sport;
4486 pfrec->daddr = host;
4487 pfrec->dserv = dserv ? dupstr(dports) : NULL;
4488 pfrec->dport = dport;
4489 pfrec->local = NULL;
4490 pfrec->remote = NULL;
4491 pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
4492 address_family == '6' ? ADDRTYPE_IPV6 :
4495 epfrec = add234(ssh->portfwds, pfrec);
4496 if (epfrec != pfrec) {
4497 if (epfrec->status == DESTROY) {
4499 * We already have a port forwarding up and running
4500 * with precisely these parameters. Hence, no need
4501 * to do anything; simply re-tag the existing one
4504 epfrec->status = KEEP;
4507 * Anything else indicates that there was a duplicate
4508 * in our input, which we'll silently ignore.
4510 free_portfwd(pfrec);
4512 pfrec->status = CREATE;
4521 * Now go through and destroy any port forwardings which were
4524 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4525 if (epf->status == DESTROY) {
4528 message = dupprintf("%s port forwarding from %s%s%d",
4529 epf->type == 'L' ? "local" :
4530 epf->type == 'R' ? "remote" : "dynamic",
4531 epf->saddr ? epf->saddr : "",
4532 epf->saddr ? ":" : "",
4535 if (epf->type != 'D') {
4536 char *msg2 = dupprintf("%s to %s:%d", message,
4537 epf->daddr, epf->dport);
4542 logeventf(ssh, "Cancelling %s", message);
4545 /* epf->remote or epf->local may be NULL if setting up a
4546 * forwarding failed. */
4548 struct ssh_rportfwd *rpf = epf->remote;
4549 struct Packet *pktout;
4552 * Cancel the port forwarding at the server
4555 if (ssh->version == 1) {
4557 * We cannot cancel listening ports on the
4558 * server side in SSH-1! There's no message
4559 * to support it. Instead, we simply remove
4560 * the rportfwd record from the local end
4561 * so that any connections the server tries
4562 * to make on it are rejected.
4565 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4566 ssh2_pkt_addstring(pktout, "cancel-tcpip-forward");
4567 ssh2_pkt_addbool(pktout, 0);/* _don't_ want reply */
4569 ssh2_pkt_addstring(pktout, epf->saddr);
4570 } else if (conf_get_int(conf, CONF_rport_acceptall)) {
4571 /* XXX: rport_acceptall may not represent
4572 * what was used to open the original connection,
4573 * since it's reconfigurable. */
4574 ssh2_pkt_addstring(pktout, "0.0.0.0");
4576 ssh2_pkt_addstring(pktout, "127.0.0.1");
4578 ssh2_pkt_adduint32(pktout, epf->sport);
4579 ssh2_pkt_send(ssh, pktout);
4582 del234(ssh->rportfwds, rpf);
4584 } else if (epf->local) {
4585 pfd_terminate(epf->local);
4588 delpos234(ssh->portfwds, i);
4590 i--; /* so we don't skip one in the list */
4594 * And finally, set up any new port forwardings (status==CREATE).
4596 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4597 if (epf->status == CREATE) {
4598 char *sportdesc, *dportdesc;
4599 sportdesc = dupprintf("%s%s%s%s%d%s",
4600 epf->saddr ? epf->saddr : "",
4601 epf->saddr ? ":" : "",
4602 epf->sserv ? epf->sserv : "",
4603 epf->sserv ? "(" : "",
4605 epf->sserv ? ")" : "");
4606 if (epf->type == 'D') {
4609 dportdesc = dupprintf("%s:%s%s%d%s",
4611 epf->dserv ? epf->dserv : "",
4612 epf->dserv ? "(" : "",
4614 epf->dserv ? ")" : "");
4617 if (epf->type == 'L') {
4618 const char *err = pfd_addforward(epf->daddr, epf->dport,
4619 epf->saddr, epf->sport,
4622 epf->addressfamily);
4624 logeventf(ssh, "Local %sport %s forwarding to %s%s%s",
4625 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4626 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4627 sportdesc, dportdesc,
4628 err ? " failed: " : "", err ? err : "");
4629 } else if (epf->type == 'D') {
4630 const char *err = pfd_addforward(NULL, -1,
4631 epf->saddr, epf->sport,
4634 epf->addressfamily);
4636 logeventf(ssh, "Local %sport %s SOCKS dynamic forwarding%s%s",
4637 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4638 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4640 err ? " failed: " : "", err ? err : "");
4642 struct ssh_rportfwd *pf;
4645 * Ensure the remote port forwardings tree exists.
4647 if (!ssh->rportfwds) {
4648 if (ssh->version == 1)
4649 ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
4651 ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
4654 pf = snew(struct ssh_rportfwd);
4655 strncpy(pf->dhost, epf->daddr, lenof(pf->dhost)-1);
4656 pf->dhost[lenof(pf->dhost)-1] = '\0';
4657 pf->dport = epf->dport;
4658 pf->sport = epf->sport;
4659 if (add234(ssh->rportfwds, pf) != pf) {
4660 logeventf(ssh, "Duplicate remote port forwarding to %s:%d",
4661 epf->daddr, epf->dport);
4664 logeventf(ssh, "Requesting remote port %s"
4665 " forward to %s", sportdesc, dportdesc);
4667 pf->sportdesc = sportdesc;
4672 if (ssh->version == 1) {
4673 send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST,
4674 PKT_INT, epf->sport,
4675 PKT_STR, epf->daddr,
4676 PKT_INT, epf->dport,
4678 ssh_queue_handler(ssh, SSH1_SMSG_SUCCESS,
4680 ssh_rportfwd_succfail, pf);
4682 struct Packet *pktout;
4683 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4684 ssh2_pkt_addstring(pktout, "tcpip-forward");
4685 ssh2_pkt_addbool(pktout, 1);/* want reply */
4687 ssh2_pkt_addstring(pktout, epf->saddr);
4688 } else if (conf_get_int(conf, CONF_rport_acceptall)) {
4689 ssh2_pkt_addstring(pktout, "0.0.0.0");
4691 ssh2_pkt_addstring(pktout, "127.0.0.1");
4693 ssh2_pkt_adduint32(pktout, epf->sport);
4694 ssh2_pkt_send(ssh, pktout);
4696 ssh_queue_handler(ssh, SSH2_MSG_REQUEST_SUCCESS,
4697 SSH2_MSG_REQUEST_FAILURE,
4698 ssh_rportfwd_succfail, pf);
4707 static void ssh1_smsg_stdout_stderr_data(Ssh ssh, struct Packet *pktin)
4710 int stringlen, bufsize;
4712 ssh_pkt_getstring(pktin, &string, &stringlen);
4713 if (string == NULL) {
4714 bombout(("Incoming terminal data packet was badly formed"));
4718 bufsize = from_backend(ssh->frontend, pktin->type == SSH1_SMSG_STDERR_DATA,
4720 if (!ssh->v1_stdout_throttling && bufsize > SSH1_BUFFER_LIMIT) {
4721 ssh->v1_stdout_throttling = 1;
4722 ssh_throttle_conn(ssh, +1);
4726 static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)
4728 /* Remote side is trying to open a channel to talk to our
4729 * X-Server. Give them back a local channel number. */
4730 struct ssh_channel *c;
4731 int remoteid = ssh_pkt_getuint32(pktin);
4733 logevent("Received X11 connect request");
4734 /* Refuse if X11 forwarding is disabled. */
4735 if (!ssh->X11_fwd_enabled) {
4736 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4737 PKT_INT, remoteid, PKT_END);
4738 logevent("Rejected X11 connect request");
4740 c = snew(struct ssh_channel);
4743 if (x11_init(&c->u.x11.s, ssh->x11disp, c,
4744 NULL, -1, ssh->conf) != NULL) {
4745 logevent("Opening X11 forward connection failed");
4747 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4748 PKT_INT, remoteid, PKT_END);
4751 ("Opening X11 forward connection succeeded");
4752 c->remoteid = remoteid;
4753 c->halfopen = FALSE;
4754 c->localid = alloc_channel_id(ssh);
4756 c->pending_eof = FALSE;
4757 c->throttling_conn = 0;
4758 c->type = CHAN_X11; /* identify channel type */
4759 add234(ssh->channels, c);
4760 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4761 PKT_INT, c->remoteid, PKT_INT,
4762 c->localid, PKT_END);
4763 logevent("Opened X11 forward channel");
4768 static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
4770 /* Remote side is trying to open a channel to talk to our
4771 * agent. Give them back a local channel number. */
4772 struct ssh_channel *c;
4773 int remoteid = ssh_pkt_getuint32(pktin);
4775 /* Refuse if agent forwarding is disabled. */
4776 if (!ssh->agentfwd_enabled) {
4777 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4778 PKT_INT, remoteid, PKT_END);
4780 c = snew(struct ssh_channel);
4782 c->remoteid = remoteid;
4783 c->halfopen = FALSE;
4784 c->localid = alloc_channel_id(ssh);
4786 c->pending_eof = FALSE;
4787 c->throttling_conn = 0;
4788 c->type = CHAN_AGENT; /* identify channel type */
4789 c->u.a.lensofar = 0;
4790 c->u.a.message = NULL;
4791 add234(ssh->channels, c);
4792 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4793 PKT_INT, c->remoteid, PKT_INT, c->localid,
4798 static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
4800 /* Remote side is trying to open a channel to talk to a
4801 * forwarded port. Give them back a local channel number. */
4802 struct ssh_channel *c;
4803 struct ssh_rportfwd pf, *pfp;
4808 c = snew(struct ssh_channel);
4811 remoteid = ssh_pkt_getuint32(pktin);
4812 ssh_pkt_getstring(pktin, &host, &hostsize);
4813 port = ssh_pkt_getuint32(pktin);
4815 if (hostsize >= lenof(pf.dhost))
4816 hostsize = lenof(pf.dhost)-1;
4817 memcpy(pf.dhost, host, hostsize);
4818 pf.dhost[hostsize] = '\0';
4820 pfp = find234(ssh->rportfwds, &pf, NULL);
4823 logeventf(ssh, "Rejected remote port open request for %s:%d",
4825 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4826 PKT_INT, remoteid, PKT_END);
4828 logeventf(ssh, "Received remote port open request for %s:%d",
4830 e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port,
4831 c, ssh->conf, pfp->pfrec->addressfamily);
4833 logeventf(ssh, "Port open failed: %s", e);
4835 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4836 PKT_INT, remoteid, PKT_END);
4838 c->remoteid = remoteid;
4839 c->halfopen = FALSE;
4840 c->localid = alloc_channel_id(ssh);
4842 c->pending_eof = FALSE;
4843 c->throttling_conn = 0;
4844 c->type = CHAN_SOCKDATA; /* identify channel type */
4845 add234(ssh->channels, c);
4846 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4847 PKT_INT, c->remoteid, PKT_INT,
4848 c->localid, PKT_END);
4849 logevent("Forwarded port opened successfully");
4854 static void ssh1_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
4856 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4857 unsigned int localid = ssh_pkt_getuint32(pktin);
4858 struct ssh_channel *c;
4860 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4861 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4862 c->remoteid = localid;
4863 c->halfopen = FALSE;
4864 c->type = CHAN_SOCKDATA;
4865 c->throttling_conn = 0;
4866 pfd_confirm(c->u.pfd.s);
4869 if (c && c->pending_eof) {
4871 * We have a pending close on this channel,
4872 * which we decided on before the server acked
4873 * the channel open. So now we know the
4874 * remoteid, we can close it again.
4876 ssh_channel_try_eof(c);
4880 static void ssh1_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
4882 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4883 struct ssh_channel *c;
4885 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4886 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4887 logevent("Forwarded connection refused by server");
4888 pfd_close(c->u.pfd.s);
4889 del234(ssh->channels, c);
4894 static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin)
4896 /* Remote side closes a channel. */
4897 unsigned i = ssh_pkt_getuint32(pktin);
4898 struct ssh_channel *c;
4899 c = find234(ssh->channels, &i, ssh_channelfind);
4900 if (c && !c->halfopen) {
4902 if (pktin->type == SSH1_MSG_CHANNEL_CLOSE &&
4903 !(c->closes & CLOSES_RCVD_EOF)) {
4905 * Received CHANNEL_CLOSE, which we translate into
4908 int send_close = FALSE;
4910 c->closes |= CLOSES_RCVD_EOF;
4915 x11_send_eof(c->u.x11.s);
4920 x11_send_eof(c->u.pfd.s);
4927 if (send_close && !(c->closes & CLOSES_SENT_EOF)) {
4928 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4930 c->closes |= CLOSES_SENT_EOF;
4934 if (pktin->type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION &&
4935 !(c->closes & CLOSES_RCVD_CLOSE)) {
4937 if (!(c->closes & CLOSES_SENT_EOF)) {
4938 bombout(("Received CHANNEL_CLOSE_CONFIRMATION for channel %d"
4939 " for which we never sent CHANNEL_CLOSE\n", i));
4942 c->closes |= CLOSES_RCVD_CLOSE;
4945 if (!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes) &&
4946 !(c->closes & CLOSES_SENT_CLOSE)) {
4947 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION,
4948 PKT_INT, c->remoteid, PKT_END);
4949 c->closes |= CLOSES_SENT_CLOSE;
4952 if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes))
4953 ssh_channel_destroy(c);
4955 bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
4956 pktin->type == SSH1_MSG_CHANNEL_CLOSE ? "" :
4957 "_CONFIRMATION", c ? "half-open" : "nonexistent",
4962 static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
4964 /* Data sent down one of our channels. */
4965 int i = ssh_pkt_getuint32(pktin);
4968 struct ssh_channel *c;
4970 ssh_pkt_getstring(pktin, &p, &len);
4972 c = find234(ssh->channels, &i, ssh_channelfind);
4977 bufsize = x11_send(c->u.x11.s, p, len);
4980 bufsize = pfd_send(c->u.pfd.s, p, len);
4983 /* Data for an agent message. Buffer it. */
4985 if (c->u.a.lensofar < 4) {
4986 unsigned int l = min(4 - c->u.a.lensofar, (unsigned)len);
4987 memcpy(c->u.a.msglen + c->u.a.lensofar, p,
4991 c->u.a.lensofar += l;
4993 if (c->u.a.lensofar == 4) {
4995 4 + GET_32BIT(c->u.a.msglen);
4996 c->u.a.message = snewn(c->u.a.totallen,
4998 memcpy(c->u.a.message, c->u.a.msglen, 4);
5000 if (c->u.a.lensofar >= 4 && len > 0) {
5002 min(c->u.a.totallen - c->u.a.lensofar,
5004 memcpy(c->u.a.message + c->u.a.lensofar, p,
5008 c->u.a.lensofar += l;
5010 if (c->u.a.lensofar == c->u.a.totallen) {
5013 if (agent_query(c->u.a.message,
5016 ssh_agentf_callback, c))
5017 ssh_agentf_callback(c, reply, replylen);
5018 sfree(c->u.a.message);
5019 c->u.a.lensofar = 0;
5022 bufsize = 0; /* agent channels never back up */
5025 if (!c->throttling_conn && bufsize > SSH1_BUFFER_LIMIT) {
5026 c->throttling_conn = 1;
5027 ssh_throttle_conn(ssh, +1);
5032 static void ssh1_smsg_exit_status(Ssh ssh, struct Packet *pktin)
5034 ssh->exitcode = ssh_pkt_getuint32(pktin);
5035 logeventf(ssh, "Server sent command exit status %d", ssh->exitcode);
5036 send_packet(ssh, SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
5038 * In case `helpful' firewalls or proxies tack
5039 * extra human-readable text on the end of the
5040 * session which we might mistake for another
5041 * encrypted packet, we close the session once
5042 * we've sent EXIT_CONFIRMATION.
5044 ssh_disconnect(ssh, NULL, NULL, 0, TRUE);
5047 /* Helper function to deal with sending tty modes for REQUEST_PTY */
5048 static void ssh1_send_ttymode(void *data, char *mode, char *val)
5050 struct Packet *pktout = (struct Packet *)data;
5052 unsigned int arg = 0;
5053 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
5054 if (i == lenof(ssh_ttymodes)) return;
5055 switch (ssh_ttymodes[i].type) {
5057 arg = ssh_tty_parse_specchar(val);
5060 arg = ssh_tty_parse_boolean(val);
5063 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
5064 ssh2_pkt_addbyte(pktout, arg);
5068 static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
5069 struct Packet *pktin)
5071 crBegin(ssh->do_ssh1_connection_crstate);
5073 ssh->packet_dispatch[SSH1_SMSG_STDOUT_DATA] =
5074 ssh->packet_dispatch[SSH1_SMSG_STDERR_DATA] =
5075 ssh1_smsg_stdout_stderr_data;
5077 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_CONFIRMATION] =
5078 ssh1_msg_channel_open_confirmation;
5079 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_FAILURE] =
5080 ssh1_msg_channel_open_failure;
5081 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE] =
5082 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION] =
5083 ssh1_msg_channel_close;
5084 ssh->packet_dispatch[SSH1_MSG_CHANNEL_DATA] = ssh1_msg_channel_data;
5085 ssh->packet_dispatch[SSH1_SMSG_EXIT_STATUS] = ssh1_smsg_exit_status;
5087 if (conf_get_int(ssh->conf, CONF_agentfwd) && agent_exists()) {
5088 logevent("Requesting agent forwarding");
5089 send_packet(ssh, SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
5093 if (pktin->type != SSH1_SMSG_SUCCESS
5094 && pktin->type != SSH1_SMSG_FAILURE) {
5095 bombout(("Protocol confusion"));
5097 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5098 logevent("Agent forwarding refused");
5100 logevent("Agent forwarding enabled");
5101 ssh->agentfwd_enabled = TRUE;
5102 ssh->packet_dispatch[SSH1_SMSG_AGENT_OPEN] = ssh1_smsg_agent_open;
5106 if (conf_get_int(ssh->conf, CONF_x11_forward) &&
5107 (ssh->x11disp = x11_setup_display(conf_get_str(ssh->conf, CONF_x11_display),
5108 conf_get_int(ssh->conf, CONF_x11_auth), ssh->conf))) {
5109 logevent("Requesting X11 forwarding");
5111 * Note that while we blank the X authentication data here, we don't
5112 * take any special action to blank the start of an X11 channel,
5113 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
5114 * without having session blanking enabled is likely to leak your
5115 * cookie into the log.
5117 if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
5118 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
5119 PKT_STR, ssh->x11disp->remoteauthprotoname,
5121 PKT_STR, ssh->x11disp->remoteauthdatastring,
5123 PKT_INT, ssh->x11disp->screennum,
5126 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
5127 PKT_STR, ssh->x11disp->remoteauthprotoname,
5129 PKT_STR, ssh->x11disp->remoteauthdatastring,
5136 if (pktin->type != SSH1_SMSG_SUCCESS
5137 && pktin->type != SSH1_SMSG_FAILURE) {
5138 bombout(("Protocol confusion"));
5140 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5141 logevent("X11 forwarding refused");
5143 logevent("X11 forwarding enabled");
5144 ssh->X11_fwd_enabled = TRUE;
5145 ssh->packet_dispatch[SSH1_SMSG_X11_OPEN] = ssh1_smsg_x11_open;
5149 ssh_setup_portfwd(ssh, ssh->conf);
5150 ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = ssh1_msg_port_open;
5152 if (!conf_get_int(ssh->conf, CONF_nopty)) {
5154 /* Unpick the terminal-speed string. */
5155 /* XXX perhaps we should allow no speeds to be sent. */
5156 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
5157 sscanf(conf_get_str(ssh->conf, CONF_termspeed), "%d,%d", &ssh->ospeed, &ssh->ispeed);
5158 /* Send the pty request. */
5159 pkt = ssh1_pkt_init(SSH1_CMSG_REQUEST_PTY);
5160 ssh_pkt_addstring(pkt, conf_get_str(ssh->conf, CONF_termtype));
5161 ssh_pkt_adduint32(pkt, ssh->term_height);
5162 ssh_pkt_adduint32(pkt, ssh->term_width);
5163 ssh_pkt_adduint32(pkt, 0); /* width in pixels */
5164 ssh_pkt_adduint32(pkt, 0); /* height in pixels */
5165 parse_ttymodes(ssh, ssh1_send_ttymode, (void *)pkt);
5166 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_ISPEED);
5167 ssh_pkt_adduint32(pkt, ssh->ispeed);
5168 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_OSPEED);
5169 ssh_pkt_adduint32(pkt, ssh->ospeed);
5170 ssh_pkt_addbyte(pkt, SSH_TTY_OP_END);
5172 ssh->state = SSH_STATE_INTERMED;
5176 if (pktin->type != SSH1_SMSG_SUCCESS
5177 && pktin->type != SSH1_SMSG_FAILURE) {
5178 bombout(("Protocol confusion"));
5180 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5181 c_write_str(ssh, "Server refused to allocate pty\r\n");
5182 ssh->editing = ssh->echoing = 1;
5184 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
5185 ssh->ospeed, ssh->ispeed);
5187 ssh->editing = ssh->echoing = 1;
5190 if (conf_get_int(ssh->conf, CONF_compression)) {
5191 send_packet(ssh, SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
5195 if (pktin->type != SSH1_SMSG_SUCCESS
5196 && pktin->type != SSH1_SMSG_FAILURE) {
5197 bombout(("Protocol confusion"));
5199 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5200 c_write_str(ssh, "Server refused to compress\r\n");
5202 logevent("Started compression");
5203 ssh->v1_compressing = TRUE;
5204 ssh->cs_comp_ctx = zlib_compress_init();
5205 logevent("Initialised zlib (RFC1950) compression");
5206 ssh->sc_comp_ctx = zlib_decompress_init();
5207 logevent("Initialised zlib (RFC1950) decompression");
5211 * Start the shell or command.
5213 * Special case: if the first-choice command is an SSH-2
5214 * subsystem (hence not usable here) and the second choice
5215 * exists, we fall straight back to that.
5218 char *cmd = conf_get_str(ssh->conf, CONF_remote_cmd);
5220 if (conf_get_int(ssh->conf, CONF_ssh_subsys) &&
5221 conf_get_str(ssh->conf, CONF_remote_cmd2)) {
5222 cmd = conf_get_str(ssh->conf, CONF_remote_cmd2);
5223 ssh->fallback_cmd = TRUE;
5226 send_packet(ssh, SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END);
5228 send_packet(ssh, SSH1_CMSG_EXEC_SHELL, PKT_END);
5229 logevent("Started session");
5232 ssh->state = SSH_STATE_SESSION;
5233 if (ssh->size_needed)
5234 ssh_size(ssh, ssh->term_width, ssh->term_height);
5235 if (ssh->eof_needed)
5236 ssh_special(ssh, TS_EOF);
5239 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
5241 ssh->channels = newtree234(ssh_channelcmp);
5245 * By this point, most incoming packets are already being
5246 * handled by the dispatch table, and we need only pay
5247 * attention to the unusual ones.
5252 if (pktin->type == SSH1_SMSG_SUCCESS) {
5253 /* may be from EXEC_SHELL on some servers */
5254 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5255 /* may be from EXEC_SHELL on some servers
5256 * if no pty is available or in other odd cases. Ignore */
5258 bombout(("Strange packet received: type %d", pktin->type));
5263 int len = min(inlen, 512);
5264 send_packet(ssh, SSH1_CMSG_STDIN_DATA,
5265 PKT_INT, len, PKTT_DATA, PKT_DATA, in, len,
5266 PKTT_OTHER, PKT_END);
5277 * Handle the top-level SSH-2 protocol.
5279 static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
5284 ssh_pkt_getstring(pktin, &msg, &msglen);
5285 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
5288 static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
5290 /* log reason code in disconnect message */
5294 ssh_pkt_getstring(pktin, &msg, &msglen);
5295 bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg));
5298 static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin)
5300 /* Do nothing, because we're ignoring it! Duhh. */
5303 static void ssh1_protocol_setup(Ssh ssh)
5308 * Most messages are handled by the coroutines.
5310 for (i = 0; i < 256; i++)
5311 ssh->packet_dispatch[i] = NULL;
5314 * These special message types we install handlers for.
5316 ssh->packet_dispatch[SSH1_MSG_DISCONNECT] = ssh1_msg_disconnect;
5317 ssh->packet_dispatch[SSH1_MSG_IGNORE] = ssh_msg_ignore;
5318 ssh->packet_dispatch[SSH1_MSG_DEBUG] = ssh1_msg_debug;
5321 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
5322 struct Packet *pktin)
5324 unsigned char *in=(unsigned char*)vin;
5325 if (ssh->state == SSH_STATE_CLOSED)
5328 if (pktin && ssh->packet_dispatch[pktin->type]) {
5329 ssh->packet_dispatch[pktin->type](ssh, pktin);
5333 if (!ssh->protocol_initial_phase_done) {
5334 if (do_ssh1_login(ssh, in, inlen, pktin))
5335 ssh->protocol_initial_phase_done = TRUE;
5340 do_ssh1_connection(ssh, in, inlen, pktin);
5344 * Utility routine for decoding comma-separated strings in KEXINIT.
5346 static int in_commasep_string(char *needle, char *haystack, int haylen)
5349 if (!needle || !haystack) /* protect against null pointers */
5351 needlen = strlen(needle);
5354 * Is it at the start of the string?
5356 if (haylen >= needlen && /* haystack is long enough */
5357 !memcmp(needle, haystack, needlen) && /* initial match */
5358 (haylen == needlen || haystack[needlen] == ',')
5359 /* either , or EOS follows */
5363 * If not, search for the next comma and resume after that.
5364 * If no comma found, terminate.
5366 while (haylen > 0 && *haystack != ',')
5367 haylen--, haystack++;
5370 haylen--, haystack++; /* skip over comma itself */
5375 * Similar routine for checking whether we have the first string in a list.
5377 static int first_in_commasep_string(char *needle, char *haystack, int haylen)
5380 if (!needle || !haystack) /* protect against null pointers */
5382 needlen = strlen(needle);
5384 * Is it at the start of the string?
5386 if (haylen >= needlen && /* haystack is long enough */
5387 !memcmp(needle, haystack, needlen) && /* initial match */
5388 (haylen == needlen || haystack[needlen] == ',')
5389 /* either , or EOS follows */
5397 * SSH-2 key creation method.
5398 * (Currently assumes 2 lots of any hash are sufficient to generate
5399 * keys/IVs for any cipher/MAC. SSH2_MKKEY_ITERS documents this assumption.)
5401 #define SSH2_MKKEY_ITERS (2)
5402 static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr,
5403 unsigned char *keyspace)
5405 const struct ssh_hash *h = ssh->kex->hash;
5407 /* First hlen bytes. */
5409 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
5410 hash_mpint(h, s, K);
5411 h->bytes(s, H, h->hlen);
5412 h->bytes(s, &chr, 1);
5413 h->bytes(s, ssh->v2_session_id, ssh->v2_session_id_len);
5414 h->final(s, keyspace);
5415 /* Next hlen bytes. */
5417 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
5418 hash_mpint(h, s, K);
5419 h->bytes(s, H, h->hlen);
5420 h->bytes(s, keyspace, h->hlen);
5421 h->final(s, keyspace + h->hlen);
5425 * Handle the SSH-2 transport layer.
5427 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
5428 struct Packet *pktin)
5430 unsigned char *in = (unsigned char *)vin;
5431 struct do_ssh2_transport_state {
5432 int nbits, pbits, warn_kex, warn_cscipher, warn_sccipher;
5433 Bignum p, g, e, f, K;
5436 int kex_init_value, kex_reply_value;
5437 const struct ssh_mac **maclist;
5439 const struct ssh2_cipher *cscipher_tobe;
5440 const struct ssh2_cipher *sccipher_tobe;
5441 const struct ssh_mac *csmac_tobe;
5442 const struct ssh_mac *scmac_tobe;
5443 const struct ssh_compress *cscomp_tobe;
5444 const struct ssh_compress *sccomp_tobe;
5445 char *hostkeydata, *sigdata, *rsakeydata, *keystr, *fingerprint;
5446 int hostkeylen, siglen, rsakeylen;
5447 void *hkey; /* actual host key */
5448 void *rsakey; /* for RSA kex */
5449 unsigned char exchange_hash[SSH2_KEX_MAX_HASH_LEN];
5450 int n_preferred_kex;
5451 const struct ssh_kexes *preferred_kex[KEX_MAX];
5452 int n_preferred_ciphers;
5453 const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
5454 const struct ssh_compress *preferred_comp;
5455 int userauth_succeeded; /* for delayed compression */
5456 int pending_compression;
5457 int got_session_id, activated_authconn;
5458 struct Packet *pktout;
5463 crState(do_ssh2_transport_state);
5465 crBegin(ssh->do_ssh2_transport_crstate);
5467 s->cscipher_tobe = s->sccipher_tobe = NULL;
5468 s->csmac_tobe = s->scmac_tobe = NULL;
5469 s->cscomp_tobe = s->sccomp_tobe = NULL;
5471 s->got_session_id = s->activated_authconn = FALSE;
5472 s->userauth_succeeded = FALSE;
5473 s->pending_compression = FALSE;
5476 * Be prepared to work around the buggy MAC problem.
5478 if (ssh->remote_bugs & BUG_SSH2_HMAC)
5479 s->maclist = buggymacs, s->nmacs = lenof(buggymacs);
5481 s->maclist = macs, s->nmacs = lenof(macs);
5484 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
5486 int i, j, commalist_started;
5489 * Set up the preferred key exchange. (NULL => warn below here)
5491 s->n_preferred_kex = 0;
5492 for (i = 0; i < KEX_MAX; i++) {
5493 switch (conf_get_int_int(ssh->conf, CONF_ssh_kexlist, i)) {
5495 s->preferred_kex[s->n_preferred_kex++] =
5496 &ssh_diffiehellman_gex;
5499 s->preferred_kex[s->n_preferred_kex++] =
5500 &ssh_diffiehellman_group14;
5503 s->preferred_kex[s->n_preferred_kex++] =
5504 &ssh_diffiehellman_group1;
5507 s->preferred_kex[s->n_preferred_kex++] =
5511 /* Flag for later. Don't bother if it's the last in
5513 if (i < KEX_MAX - 1) {
5514 s->preferred_kex[s->n_preferred_kex++] = NULL;
5521 * Set up the preferred ciphers. (NULL => warn below here)
5523 s->n_preferred_ciphers = 0;
5524 for (i = 0; i < CIPHER_MAX; i++) {
5525 switch (conf_get_int_int(ssh->conf, CONF_ssh_cipherlist, i)) {
5526 case CIPHER_BLOWFISH:
5527 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_blowfish;
5530 if (conf_get_int(ssh->conf, CONF_ssh2_des_cbc)) {
5531 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_des;
5535 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_3des;
5538 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_aes;
5540 case CIPHER_ARCFOUR:
5541 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_arcfour;
5544 /* Flag for later. Don't bother if it's the last in
5546 if (i < CIPHER_MAX - 1) {
5547 s->preferred_ciphers[s->n_preferred_ciphers++] = NULL;
5554 * Set up preferred compression.
5556 if (conf_get_int(ssh->conf, CONF_compression))
5557 s->preferred_comp = &ssh_zlib;
5559 s->preferred_comp = &ssh_comp_none;
5562 * Enable queueing of outgoing auth- or connection-layer
5563 * packets while we are in the middle of a key exchange.
5565 ssh->queueing = TRUE;
5568 * Flag that KEX is in progress.
5570 ssh->kex_in_progress = TRUE;
5573 * Construct and send our key exchange packet.
5575 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXINIT);
5576 for (i = 0; i < 16; i++)
5577 ssh2_pkt_addbyte(s->pktout, (unsigned char) random_byte());
5578 /* List key exchange algorithms. */
5579 ssh2_pkt_addstring_start(s->pktout);
5580 commalist_started = 0;
5581 for (i = 0; i < s->n_preferred_kex; i++) {
5582 const struct ssh_kexes *k = s->preferred_kex[i];
5583 if (!k) continue; /* warning flag */
5584 for (j = 0; j < k->nkexes; j++) {
5585 if (commalist_started)
5586 ssh2_pkt_addstring_str(s->pktout, ",");
5587 ssh2_pkt_addstring_str(s->pktout, k->list[j]->name);
5588 commalist_started = 1;
5591 /* List server host key algorithms. */
5592 ssh2_pkt_addstring_start(s->pktout);
5593 for (i = 0; i < lenof(hostkey_algs); i++) {
5594 ssh2_pkt_addstring_str(s->pktout, hostkey_algs[i]->name);
5595 if (i < lenof(hostkey_algs) - 1)
5596 ssh2_pkt_addstring_str(s->pktout, ",");
5598 /* List client->server encryption algorithms. */
5599 ssh2_pkt_addstring_start(s->pktout);
5600 commalist_started = 0;
5601 for (i = 0; i < s->n_preferred_ciphers; i++) {
5602 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5603 if (!c) continue; /* warning flag */
5604 for (j = 0; j < c->nciphers; j++) {
5605 if (commalist_started)
5606 ssh2_pkt_addstring_str(s->pktout, ",");
5607 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5608 commalist_started = 1;
5611 /* List server->client encryption algorithms. */
5612 ssh2_pkt_addstring_start(s->pktout);
5613 commalist_started = 0;
5614 for (i = 0; i < s->n_preferred_ciphers; i++) {
5615 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5616 if (!c) continue; /* warning flag */
5617 for (j = 0; j < c->nciphers; j++) {
5618 if (commalist_started)
5619 ssh2_pkt_addstring_str(s->pktout, ",");
5620 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5621 commalist_started = 1;
5624 /* List client->server MAC algorithms. */
5625 ssh2_pkt_addstring_start(s->pktout);
5626 for (i = 0; i < s->nmacs; i++) {
5627 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5628 if (i < s->nmacs - 1)
5629 ssh2_pkt_addstring_str(s->pktout, ",");
5631 /* List server->client MAC algorithms. */
5632 ssh2_pkt_addstring_start(s->pktout);
5633 for (i = 0; i < s->nmacs; i++) {
5634 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5635 if (i < s->nmacs - 1)
5636 ssh2_pkt_addstring_str(s->pktout, ",");
5638 /* List client->server compression algorithms,
5639 * then server->client compression algorithms. (We use the
5640 * same set twice.) */
5641 for (j = 0; j < 2; j++) {
5642 ssh2_pkt_addstring_start(s->pktout);
5643 assert(lenof(compressions) > 1);
5644 /* Prefer non-delayed versions */
5645 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5646 /* We don't even list delayed versions of algorithms until
5647 * they're allowed to be used, to avoid a race. See the end of
5649 if (s->userauth_succeeded && s->preferred_comp->delayed_name) {
5650 ssh2_pkt_addstring_str(s->pktout, ",");
5651 ssh2_pkt_addstring_str(s->pktout,
5652 s->preferred_comp->delayed_name);
5654 for (i = 0; i < lenof(compressions); i++) {
5655 const struct ssh_compress *c = compressions[i];
5656 if (c != s->preferred_comp) {
5657 ssh2_pkt_addstring_str(s->pktout, ",");
5658 ssh2_pkt_addstring_str(s->pktout, c->name);
5659 if (s->userauth_succeeded && c->delayed_name) {
5660 ssh2_pkt_addstring_str(s->pktout, ",");
5661 ssh2_pkt_addstring_str(s->pktout, c->delayed_name);
5666 /* List client->server languages. Empty list. */
5667 ssh2_pkt_addstring_start(s->pktout);
5668 /* List server->client languages. Empty list. */
5669 ssh2_pkt_addstring_start(s->pktout);
5670 /* First KEX packet does _not_ follow, because we're not that brave. */
5671 ssh2_pkt_addbool(s->pktout, FALSE);
5673 ssh2_pkt_adduint32(s->pktout, 0);
5676 s->our_kexinitlen = s->pktout->length - 5;
5677 s->our_kexinit = snewn(s->our_kexinitlen, unsigned char);
5678 memcpy(s->our_kexinit, s->pktout->data + 5, s->our_kexinitlen);
5680 ssh2_pkt_send_noqueue(ssh, s->pktout);
5686 * Now examine the other side's KEXINIT to see what we're up
5690 char *str, *preferred;
5693 if (pktin->type != SSH2_MSG_KEXINIT) {
5694 bombout(("expected key exchange packet from server"));
5698 ssh->hostkey = NULL;
5699 s->cscipher_tobe = NULL;
5700 s->sccipher_tobe = NULL;
5701 s->csmac_tobe = NULL;
5702 s->scmac_tobe = NULL;
5703 s->cscomp_tobe = NULL;
5704 s->sccomp_tobe = NULL;
5705 s->warn_kex = s->warn_cscipher = s->warn_sccipher = FALSE;
5707 pktin->savedpos += 16; /* skip garbage cookie */
5708 ssh_pkt_getstring(pktin, &str, &len); /* key exchange algorithms */
5711 for (i = 0; i < s->n_preferred_kex; i++) {
5712 const struct ssh_kexes *k = s->preferred_kex[i];
5716 for (j = 0; j < k->nkexes; j++) {
5717 if (!preferred) preferred = k->list[j]->name;
5718 if (in_commasep_string(k->list[j]->name, str, len)) {
5719 ssh->kex = k->list[j];
5728 bombout(("Couldn't agree a key exchange algorithm (available: %s)",
5729 str ? str : "(null)"));
5733 * Note that the server's guess is considered wrong if it doesn't match
5734 * the first algorithm in our list, even if it's still the algorithm
5737 s->guessok = first_in_commasep_string(preferred, str, len);
5738 ssh_pkt_getstring(pktin, &str, &len); /* host key algorithms */
5739 for (i = 0; i < lenof(hostkey_algs); i++) {
5740 if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
5741 ssh->hostkey = hostkey_algs[i];
5745 s->guessok = s->guessok &&
5746 first_in_commasep_string(hostkey_algs[0]->name, str, len);
5747 ssh_pkt_getstring(pktin, &str, &len); /* client->server cipher */
5748 for (i = 0; i < s->n_preferred_ciphers; i++) {
5749 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5751 s->warn_cscipher = TRUE;
5753 for (j = 0; j < c->nciphers; j++) {
5754 if (in_commasep_string(c->list[j]->name, str, len)) {
5755 s->cscipher_tobe = c->list[j];
5760 if (s->cscipher_tobe)
5763 if (!s->cscipher_tobe) {
5764 bombout(("Couldn't agree a client-to-server cipher (available: %s)",
5765 str ? str : "(null)"));
5769 ssh_pkt_getstring(pktin, &str, &len); /* server->client cipher */
5770 for (i = 0; i < s->n_preferred_ciphers; i++) {
5771 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5773 s->warn_sccipher = TRUE;
5775 for (j = 0; j < c->nciphers; j++) {
5776 if (in_commasep_string(c->list[j]->name, str, len)) {
5777 s->sccipher_tobe = c->list[j];
5782 if (s->sccipher_tobe)
5785 if (!s->sccipher_tobe) {
5786 bombout(("Couldn't agree a server-to-client cipher (available: %s)",
5787 str ? str : "(null)"));
5791 ssh_pkt_getstring(pktin, &str, &len); /* client->server mac */
5792 for (i = 0; i < s->nmacs; i++) {
5793 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5794 s->csmac_tobe = s->maclist[i];
5798 ssh_pkt_getstring(pktin, &str, &len); /* server->client mac */
5799 for (i = 0; i < s->nmacs; i++) {
5800 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5801 s->scmac_tobe = s->maclist[i];
5805 ssh_pkt_getstring(pktin, &str, &len); /* client->server compression */
5806 for (i = 0; i < lenof(compressions) + 1; i++) {
5807 const struct ssh_compress *c =
5808 i == 0 ? s->preferred_comp : compressions[i - 1];
5809 if (in_commasep_string(c->name, str, len)) {
5812 } else if (in_commasep_string(c->delayed_name, str, len)) {
5813 if (s->userauth_succeeded) {
5817 s->pending_compression = TRUE; /* try this later */
5821 ssh_pkt_getstring(pktin, &str, &len); /* server->client compression */
5822 for (i = 0; i < lenof(compressions) + 1; i++) {
5823 const struct ssh_compress *c =
5824 i == 0 ? s->preferred_comp : compressions[i - 1];
5825 if (in_commasep_string(c->name, str, len)) {
5828 } else if (in_commasep_string(c->delayed_name, str, len)) {
5829 if (s->userauth_succeeded) {
5833 s->pending_compression = TRUE; /* try this later */
5837 if (s->pending_compression) {
5838 logevent("Server supports delayed compression; "
5839 "will try this later");
5841 ssh_pkt_getstring(pktin, &str, &len); /* client->server language */
5842 ssh_pkt_getstring(pktin, &str, &len); /* server->client language */
5843 s->ignorepkt = ssh2_pkt_getbool(pktin) && !s->guessok;
5846 ssh_set_frozen(ssh, 1);
5847 s->dlgret = askalg(ssh->frontend, "key-exchange algorithm",
5849 ssh_dialog_callback, ssh);
5850 if (s->dlgret < 0) {
5854 bombout(("Unexpected data from server while"
5855 " waiting for user response"));
5858 } while (pktin || inlen > 0);
5859 s->dlgret = ssh->user_response;
5861 ssh_set_frozen(ssh, 0);
5862 if (s->dlgret == 0) {
5863 ssh_disconnect(ssh, "User aborted at kex warning", NULL,
5869 if (s->warn_cscipher) {
5870 ssh_set_frozen(ssh, 1);
5871 s->dlgret = askalg(ssh->frontend,
5872 "client-to-server cipher",
5873 s->cscipher_tobe->name,
5874 ssh_dialog_callback, ssh);
5875 if (s->dlgret < 0) {
5879 bombout(("Unexpected data from server while"
5880 " waiting for user response"));
5883 } while (pktin || inlen > 0);
5884 s->dlgret = ssh->user_response;
5886 ssh_set_frozen(ssh, 0);
5887 if (s->dlgret == 0) {
5888 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5894 if (s->warn_sccipher) {
5895 ssh_set_frozen(ssh, 1);
5896 s->dlgret = askalg(ssh->frontend,
5897 "server-to-client cipher",
5898 s->sccipher_tobe->name,
5899 ssh_dialog_callback, ssh);
5900 if (s->dlgret < 0) {
5904 bombout(("Unexpected data from server while"
5905 " waiting for user response"));
5908 } while (pktin || inlen > 0);
5909 s->dlgret = ssh->user_response;
5911 ssh_set_frozen(ssh, 0);
5912 if (s->dlgret == 0) {
5913 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5919 ssh->exhash = ssh->kex->hash->init();
5920 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c));
5921 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s));
5922 hash_string(ssh->kex->hash, ssh->exhash,
5923 s->our_kexinit, s->our_kexinitlen);
5924 sfree(s->our_kexinit);
5925 if (pktin->length > 5)
5926 hash_string(ssh->kex->hash, ssh->exhash,
5927 pktin->data + 5, pktin->length - 5);
5929 if (s->ignorepkt) /* first_kex_packet_follows */
5930 crWaitUntil(pktin); /* Ignore packet */
5933 if (ssh->kex->main_type == KEXTYPE_DH) {
5935 * Work out the number of bits of key we will need from the
5936 * key exchange. We start with the maximum key length of
5942 csbits = s->cscipher_tobe->keylen;
5943 scbits = s->sccipher_tobe->keylen;
5944 s->nbits = (csbits > scbits ? csbits : scbits);
5946 /* The keys only have hlen-bit entropy, since they're based on
5947 * a hash. So cap the key size at hlen bits. */
5948 if (s->nbits > ssh->kex->hash->hlen * 8)
5949 s->nbits = ssh->kex->hash->hlen * 8;
5952 * If we're doing Diffie-Hellman group exchange, start by
5953 * requesting a group.
5955 if (!ssh->kex->pdata) {
5956 logevent("Doing Diffie-Hellman group exchange");
5957 ssh->pkt_kctx = SSH2_PKTCTX_DHGEX;
5959 * Work out how big a DH group we will need to allow that
5962 s->pbits = 512 << ((s->nbits - 1) / 64);
5963 s->pktout = ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST);
5964 ssh2_pkt_adduint32(s->pktout, s->pbits);
5965 ssh2_pkt_send_noqueue(ssh, s->pktout);
5968 if (pktin->type != SSH2_MSG_KEX_DH_GEX_GROUP) {
5969 bombout(("expected key exchange group packet from server"));
5972 s->p = ssh2_pkt_getmp(pktin);
5973 s->g = ssh2_pkt_getmp(pktin);
5974 if (!s->p || !s->g) {
5975 bombout(("unable to read mp-ints from incoming group packet"));
5978 ssh->kex_ctx = dh_setup_gex(s->p, s->g);
5979 s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
5980 s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
5982 ssh->pkt_kctx = SSH2_PKTCTX_DHGROUP;
5983 ssh->kex_ctx = dh_setup_group(ssh->kex);
5984 s->kex_init_value = SSH2_MSG_KEXDH_INIT;
5985 s->kex_reply_value = SSH2_MSG_KEXDH_REPLY;
5986 logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"",
5987 ssh->kex->groupname);
5990 logeventf(ssh, "Doing Diffie-Hellman key exchange with hash %s",
5991 ssh->kex->hash->text_name);
5993 * Now generate and send e for Diffie-Hellman.
5995 set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */
5996 s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2);
5997 s->pktout = ssh2_pkt_init(s->kex_init_value);
5998 ssh2_pkt_addmp(s->pktout, s->e);
5999 ssh2_pkt_send_noqueue(ssh, s->pktout);
6001 set_busy_status(ssh->frontend, BUSY_WAITING); /* wait for server */
6003 if (pktin->type != s->kex_reply_value) {
6004 bombout(("expected key exchange reply packet from server"));
6007 set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
6008 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
6009 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
6010 s->f = ssh2_pkt_getmp(pktin);
6012 bombout(("unable to parse key exchange reply packet"));
6015 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
6017 s->K = dh_find_K(ssh->kex_ctx, s->f);
6019 /* We assume everything from now on will be quick, and it might
6020 * involve user interaction. */
6021 set_busy_status(ssh->frontend, BUSY_NOT);
6023 hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
6024 if (!ssh->kex->pdata) {
6025 hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
6026 hash_mpint(ssh->kex->hash, ssh->exhash, s->p);
6027 hash_mpint(ssh->kex->hash, ssh->exhash, s->g);
6029 hash_mpint(ssh->kex->hash, ssh->exhash, s->e);
6030 hash_mpint(ssh->kex->hash, ssh->exhash, s->f);
6032 dh_cleanup(ssh->kex_ctx);
6034 if (!ssh->kex->pdata) {
6039 logeventf(ssh, "Doing RSA key exchange with hash %s",
6040 ssh->kex->hash->text_name);
6041 ssh->pkt_kctx = SSH2_PKTCTX_RSAKEX;
6043 * RSA key exchange. First expect a KEXRSA_PUBKEY packet
6047 if (pktin->type != SSH2_MSG_KEXRSA_PUBKEY) {
6048 bombout(("expected RSA public key packet from server"));
6052 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
6053 hash_string(ssh->kex->hash, ssh->exhash,
6054 s->hostkeydata, s->hostkeylen);
6055 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
6059 ssh_pkt_getstring(pktin, &keydata, &s->rsakeylen);
6060 s->rsakeydata = snewn(s->rsakeylen, char);
6061 memcpy(s->rsakeydata, keydata, s->rsakeylen);
6064 s->rsakey = ssh_rsakex_newkey(s->rsakeydata, s->rsakeylen);
6066 sfree(s->rsakeydata);
6067 bombout(("unable to parse RSA public key from server"));
6071 hash_string(ssh->kex->hash, ssh->exhash, s->rsakeydata, s->rsakeylen);
6074 * Next, set up a shared secret K, of precisely KLEN -
6075 * 2*HLEN - 49 bits, where KLEN is the bit length of the
6076 * RSA key modulus and HLEN is the bit length of the hash
6080 int klen = ssh_rsakex_klen(s->rsakey);
6081 int nbits = klen - (2*ssh->kex->hash->hlen*8 + 49);
6083 unsigned char *kstr1, *kstr2, *outstr;
6084 int kstr1len, kstr2len, outstrlen;
6086 s->K = bn_power_2(nbits - 1);
6088 for (i = 0; i < nbits; i++) {
6090 byte = random_byte();
6092 bignum_set_bit(s->K, i, (byte >> (i & 7)) & 1);
6096 * Encode this as an mpint.
6098 kstr1 = ssh2_mpint_fmt(s->K, &kstr1len);
6099 kstr2 = snewn(kstr2len = 4 + kstr1len, unsigned char);
6100 PUT_32BIT(kstr2, kstr1len);
6101 memcpy(kstr2 + 4, kstr1, kstr1len);
6104 * Encrypt it with the given RSA key.
6106 outstrlen = (klen + 7) / 8;
6107 outstr = snewn(outstrlen, unsigned char);
6108 ssh_rsakex_encrypt(ssh->kex->hash, kstr2, kstr2len,
6109 outstr, outstrlen, s->rsakey);
6112 * And send it off in a return packet.
6114 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXRSA_SECRET);
6115 ssh2_pkt_addstring_start(s->pktout);
6116 ssh2_pkt_addstring_data(s->pktout, (char *)outstr, outstrlen);
6117 ssh2_pkt_send_noqueue(ssh, s->pktout);
6119 hash_string(ssh->kex->hash, ssh->exhash, outstr, outstrlen);
6126 ssh_rsakex_freekey(s->rsakey);
6129 if (pktin->type != SSH2_MSG_KEXRSA_DONE) {
6130 sfree(s->rsakeydata);
6131 bombout(("expected signature packet from server"));
6135 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
6137 sfree(s->rsakeydata);
6140 hash_mpint(ssh->kex->hash, ssh->exhash, s->K);
6141 assert(ssh->kex->hash->hlen <= sizeof(s->exchange_hash));
6142 ssh->kex->hash->final(ssh->exhash, s->exchange_hash);
6144 ssh->kex_ctx = NULL;
6147 debug(("Exchange hash is:\n"));
6148 dmemdump(s->exchange_hash, ssh->kex->hash->hlen);
6152 !ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
6153 (char *)s->exchange_hash,
6154 ssh->kex->hash->hlen)) {
6155 bombout(("Server's host key did not match the signature supplied"));
6160 * Authenticate remote host: verify host key. (We've already
6161 * checked the signature of the exchange hash.)
6163 s->keystr = ssh->hostkey->fmtkey(s->hkey);
6164 s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
6165 ssh_set_frozen(ssh, 1);
6166 s->dlgret = verify_ssh_host_key(ssh->frontend,
6167 ssh->savedhost, ssh->savedport,
6168 ssh->hostkey->keytype, s->keystr,
6170 ssh_dialog_callback, ssh);
6171 if (s->dlgret < 0) {
6175 bombout(("Unexpected data from server while waiting"
6176 " for user host key response"));
6179 } while (pktin || inlen > 0);
6180 s->dlgret = ssh->user_response;
6182 ssh_set_frozen(ssh, 0);
6183 if (s->dlgret == 0) {
6184 ssh_disconnect(ssh, "User aborted at host key verification", NULL,
6188 if (!s->got_session_id) { /* don't bother logging this in rekeys */
6189 logevent("Host key fingerprint is:");
6190 logevent(s->fingerprint);
6192 sfree(s->fingerprint);
6194 ssh->hostkey->freekey(s->hkey);
6197 * The exchange hash from the very first key exchange is also
6198 * the session id, used in session key construction and
6201 if (!s->got_session_id) {
6202 assert(sizeof(s->exchange_hash) <= sizeof(ssh->v2_session_id));
6203 memcpy(ssh->v2_session_id, s->exchange_hash,
6204 sizeof(s->exchange_hash));
6205 ssh->v2_session_id_len = ssh->kex->hash->hlen;
6206 assert(ssh->v2_session_id_len <= sizeof(ssh->v2_session_id));
6207 s->got_session_id = TRUE;
6211 * Send SSH2_MSG_NEWKEYS.
6213 s->pktout = ssh2_pkt_init(SSH2_MSG_NEWKEYS);
6214 ssh2_pkt_send_noqueue(ssh, s->pktout);
6215 ssh->outgoing_data_size = 0; /* start counting from here */
6218 * We've sent client NEWKEYS, so create and initialise
6219 * client-to-server session keys.
6221 if (ssh->cs_cipher_ctx)
6222 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
6223 ssh->cscipher = s->cscipher_tobe;
6224 ssh->cs_cipher_ctx = ssh->cscipher->make_context();
6226 if (ssh->cs_mac_ctx)
6227 ssh->csmac->free_context(ssh->cs_mac_ctx);
6228 ssh->csmac = s->csmac_tobe;
6229 ssh->cs_mac_ctx = ssh->csmac->make_context();
6231 if (ssh->cs_comp_ctx)
6232 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
6233 ssh->cscomp = s->cscomp_tobe;
6234 ssh->cs_comp_ctx = ssh->cscomp->compress_init();
6237 * Set IVs on client-to-server keys. Here we use the exchange
6238 * hash from the _first_ key exchange.
6241 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6242 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6243 ssh2_mkkey(ssh,s->K,s->exchange_hash,'C',keyspace);
6244 assert((ssh->cscipher->keylen+7) / 8 <=
6245 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6246 ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace);
6247 ssh2_mkkey(ssh,s->K,s->exchange_hash,'A',keyspace);
6248 assert(ssh->cscipher->blksize <=
6249 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6250 ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace);
6251 ssh2_mkkey(ssh,s->K,s->exchange_hash,'E',keyspace);
6252 assert(ssh->csmac->len <=
6253 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6254 ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace);
6255 memset(keyspace, 0, sizeof(keyspace));
6258 logeventf(ssh, "Initialised %.200s client->server encryption",
6259 ssh->cscipher->text_name);
6260 logeventf(ssh, "Initialised %.200s client->server MAC algorithm",
6261 ssh->csmac->text_name);
6262 if (ssh->cscomp->text_name)
6263 logeventf(ssh, "Initialised %s compression",
6264 ssh->cscomp->text_name);
6267 * Now our end of the key exchange is complete, we can send all
6268 * our queued higher-layer packets.
6270 ssh->queueing = FALSE;
6271 ssh2_pkt_queuesend(ssh);
6274 * Expect SSH2_MSG_NEWKEYS from server.
6277 if (pktin->type != SSH2_MSG_NEWKEYS) {
6278 bombout(("expected new-keys packet from server"));
6281 ssh->incoming_data_size = 0; /* start counting from here */
6284 * We've seen server NEWKEYS, so create and initialise
6285 * server-to-client session keys.
6287 if (ssh->sc_cipher_ctx)
6288 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
6289 ssh->sccipher = s->sccipher_tobe;
6290 ssh->sc_cipher_ctx = ssh->sccipher->make_context();
6292 if (ssh->sc_mac_ctx)
6293 ssh->scmac->free_context(ssh->sc_mac_ctx);
6294 ssh->scmac = s->scmac_tobe;
6295 ssh->sc_mac_ctx = ssh->scmac->make_context();
6297 if (ssh->sc_comp_ctx)
6298 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
6299 ssh->sccomp = s->sccomp_tobe;
6300 ssh->sc_comp_ctx = ssh->sccomp->decompress_init();
6303 * Set IVs on server-to-client keys. Here we use the exchange
6304 * hash from the _first_ key exchange.
6307 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6308 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6309 ssh2_mkkey(ssh,s->K,s->exchange_hash,'D',keyspace);
6310 assert((ssh->sccipher->keylen+7) / 8 <=
6311 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6312 ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace);
6313 ssh2_mkkey(ssh,s->K,s->exchange_hash,'B',keyspace);
6314 assert(ssh->sccipher->blksize <=
6315 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6316 ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace);
6317 ssh2_mkkey(ssh,s->K,s->exchange_hash,'F',keyspace);
6318 assert(ssh->scmac->len <=
6319 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6320 ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
6321 memset(keyspace, 0, sizeof(keyspace));
6323 logeventf(ssh, "Initialised %.200s server->client encryption",
6324 ssh->sccipher->text_name);
6325 logeventf(ssh, "Initialised %.200s server->client MAC algorithm",
6326 ssh->scmac->text_name);
6327 if (ssh->sccomp->text_name)
6328 logeventf(ssh, "Initialised %s decompression",
6329 ssh->sccomp->text_name);
6332 * Free shared secret.
6337 * Key exchange is over. Loop straight back round if we have a
6338 * deferred rekey reason.
6340 if (ssh->deferred_rekey_reason) {
6341 logevent(ssh->deferred_rekey_reason);
6343 ssh->deferred_rekey_reason = NULL;
6344 goto begin_key_exchange;
6348 * Otherwise, schedule a timer for our next rekey.
6350 ssh->kex_in_progress = FALSE;
6351 ssh->last_rekey = GETTICKCOUNT();
6352 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0)
6353 ssh->next_rekey = schedule_timer(conf_get_int(ssh->conf, CONF_ssh_rekey_time)*60*TICKSPERSEC,
6357 * If this is the first key exchange phase, we must pass the
6358 * SSH2_MSG_NEWKEYS packet to the next layer, not because it
6359 * wants to see it but because it will need time to initialise
6360 * itself before it sees an actual packet. In subsequent key
6361 * exchange phases, we don't pass SSH2_MSG_NEWKEYS on, because
6362 * it would only confuse the layer above.
6364 if (s->activated_authconn) {
6367 s->activated_authconn = TRUE;
6370 * Now we're encrypting. Begin returning 1 to the protocol main
6371 * function so that other things can run on top of the
6372 * transport. If we ever see a KEXINIT, we must go back to the
6375 * We _also_ go back to the start if we see pktin==NULL and
6376 * inlen negative, because this is a special signal meaning
6377 * `initiate client-driven rekey', and `in' contains a message
6378 * giving the reason for the rekey.
6380 * inlen==-1 means always initiate a rekey;
6381 * inlen==-2 means that userauth has completed successfully and
6382 * we should consider rekeying (for delayed compression).
6384 while (!((pktin && pktin->type == SSH2_MSG_KEXINIT) ||
6385 (!pktin && inlen < 0))) {
6390 logevent("Server initiated key re-exchange");
6394 * authconn has seen a USERAUTH_SUCCEEDED. Time to enable
6395 * delayed compression, if it's available.
6397 * draft-miller-secsh-compression-delayed-00 says that you
6398 * negotiate delayed compression in the first key exchange, and
6399 * both sides start compressing when the server has sent
6400 * USERAUTH_SUCCESS. This has a race condition -- the server
6401 * can't know when the client has seen it, and thus which incoming
6402 * packets it should treat as compressed.
6404 * Instead, we do the initial key exchange without offering the
6405 * delayed methods, but note if the server offers them; when we
6406 * get here, if a delayed method was available that was higher
6407 * on our list than what we got, we initiate a rekey in which we
6408 * _do_ list the delayed methods (and hopefully get it as a
6409 * result). Subsequent rekeys will do the same.
6411 assert(!s->userauth_succeeded); /* should only happen once */
6412 s->userauth_succeeded = TRUE;
6413 if (!s->pending_compression)
6414 /* Can't see any point rekeying. */
6415 goto wait_for_rekey; /* this is utterly horrid */
6416 /* else fall through to rekey... */
6417 s->pending_compression = FALSE;
6420 * Now we've decided to rekey.
6422 * Special case: if the server bug is set that doesn't
6423 * allow rekeying, we give a different log message and
6424 * continue waiting. (If such a server _initiates_ a rekey,
6425 * we process it anyway!)
6427 if ((ssh->remote_bugs & BUG_SSH2_REKEY)) {
6428 logeventf(ssh, "Server bug prevents key re-exchange (%s)",
6430 /* Reset the counters, so that at least this message doesn't
6431 * hit the event log _too_ often. */
6432 ssh->outgoing_data_size = 0;
6433 ssh->incoming_data_size = 0;
6434 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0) {
6436 schedule_timer(conf_get_int(ssh->conf, CONF_ssh_rekey_time)*60*TICKSPERSEC,
6439 goto wait_for_rekey; /* this is still utterly horrid */
6441 logeventf(ssh, "Initiating key re-exchange (%s)", (char *)in);
6444 goto begin_key_exchange;
6450 * Add data to an SSH-2 channel output buffer.
6452 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
6455 bufchain_add(&c->v.v2.outbuffer, buf, len);
6459 * Attempt to send data on an SSH-2 channel.
6461 static int ssh2_try_send(struct ssh_channel *c)
6464 struct Packet *pktout;
6467 while (c->v.v2.remwindow > 0 && bufchain_size(&c->v.v2.outbuffer) > 0) {
6470 bufchain_prefix(&c->v.v2.outbuffer, &data, &len);
6471 if ((unsigned)len > c->v.v2.remwindow)
6472 len = c->v.v2.remwindow;
6473 if ((unsigned)len > c->v.v2.remmaxpkt)
6474 len = c->v.v2.remmaxpkt;
6475 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA);
6476 ssh2_pkt_adduint32(pktout, c->remoteid);
6477 ssh2_pkt_addstring_start(pktout);
6478 dont_log_data(ssh, pktout, PKTLOG_OMIT);
6479 ssh2_pkt_addstring_data(pktout, data, len);
6480 end_log_omission(ssh, pktout);
6481 ssh2_pkt_send(ssh, pktout);
6482 bufchain_consume(&c->v.v2.outbuffer, len);
6483 c->v.v2.remwindow -= len;
6487 * After having sent as much data as we can, return the amount
6490 ret = bufchain_size(&c->v.v2.outbuffer);
6493 * And if there's no data pending but we need to send an EOF, send
6496 if (!ret && c->pending_eof)
6497 ssh_channel_try_eof(c);
6502 static void ssh2_try_send_and_unthrottle(Ssh ssh, struct ssh_channel *c)
6505 if (c->closes & CLOSES_SENT_EOF)
6506 return; /* don't send on channels we've EOFed */
6507 bufsize = ssh2_try_send(c);
6510 case CHAN_MAINSESSION:
6511 /* stdin need not receive an unthrottle
6512 * notification since it will be polled */
6515 x11_unthrottle(c->u.x11.s);
6518 /* agent sockets are request/response and need no
6519 * buffer management */
6522 pfd_unthrottle(c->u.pfd.s);
6529 * Set up most of a new ssh_channel for SSH-2.
6531 static void ssh2_channel_init(struct ssh_channel *c)
6534 c->localid = alloc_channel_id(ssh);
6536 c->pending_eof = FALSE;
6537 c->throttling_conn = FALSE;
6538 c->v.v2.locwindow = c->v.v2.locmaxwin = c->v.v2.remlocwin =
6539 conf_get_int(ssh->conf, CONF_ssh_simple) ? OUR_V2_BIGWIN : OUR_V2_WINSIZE;
6540 c->v.v2.winadj_head = c->v.v2.winadj_tail = NULL;
6541 c->v.v2.throttle_state = UNTHROTTLED;
6542 bufchain_init(&c->v.v2.outbuffer);
6546 * Potentially enlarge the window on an SSH-2 channel.
6548 static void ssh2_set_window(struct ssh_channel *c, int newwin)
6553 * Never send WINDOW_ADJUST for a channel that the remote side has
6554 * already sent EOF on; there's no point, since it won't be
6555 * sending any more data anyway.
6557 if (c->closes & CLOSES_RCVD_EOF)
6561 * If the remote end has a habit of ignoring maxpkt, limit the
6562 * window so that it has no choice (assuming it doesn't ignore the
6565 if ((ssh->remote_bugs & BUG_SSH2_MAXPKT) && newwin > OUR_V2_MAXPKT)
6566 newwin = OUR_V2_MAXPKT;
6570 * Only send a WINDOW_ADJUST if there's significantly more window
6571 * available than the other end thinks there is. This saves us
6572 * sending a WINDOW_ADJUST for every character in a shell session.
6574 * "Significant" is arbitrarily defined as half the window size.
6576 if (newwin / 2 >= c->v.v2.locwindow) {
6577 struct Packet *pktout;
6581 * In order to keep track of how much window the client
6582 * actually has available, we'd like it to acknowledge each
6583 * WINDOW_ADJUST. We can't do that directly, so we accompany
6584 * it with a CHANNEL_REQUEST that has to be acknowledged.
6586 * This is only necessary if we're opening the window wide.
6587 * If we're not, then throughput is being constrained by
6588 * something other than the maximum window size anyway.
6590 * We also only send this if the main channel has finished its
6591 * initial CHANNEL_REQUESTs and installed the default
6592 * CHANNEL_FAILURE handler, so as not to risk giving it
6593 * unexpected CHANNEL_FAILUREs.
6595 if (newwin == c->v.v2.locmaxwin &&
6596 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE]) {
6597 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
6598 ssh2_pkt_adduint32(pktout, c->remoteid);
6599 ssh2_pkt_addstring(pktout, "winadj@putty.projects.tartarus.org");
6600 ssh2_pkt_addbool(pktout, TRUE);
6601 ssh2_pkt_send(ssh, pktout);
6604 * CHANNEL_FAILURE doesn't come with any indication of
6605 * what message caused it, so we have to keep track of the
6606 * outstanding CHANNEL_REQUESTs ourselves.
6608 wa = snew(struct winadj);
6609 wa->size = newwin - c->v.v2.locwindow;
6611 if (!c->v.v2.winadj_head)
6612 c->v.v2.winadj_head = wa;
6614 c->v.v2.winadj_tail->next = wa;
6615 c->v.v2.winadj_tail = wa;
6616 if (c->v.v2.throttle_state != UNTHROTTLED)
6617 c->v.v2.throttle_state = UNTHROTTLING;
6619 /* Pretend the WINDOW_ADJUST was acked immediately. */
6620 c->v.v2.remlocwin = newwin;
6621 c->v.v2.throttle_state = THROTTLED;
6623 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
6624 ssh2_pkt_adduint32(pktout, c->remoteid);
6625 ssh2_pkt_adduint32(pktout, newwin - c->v.v2.locwindow);
6626 ssh2_pkt_send(ssh, pktout);
6627 c->v.v2.locwindow = newwin;
6632 * Find the channel associated with a message. If there's no channel,
6633 * or it's not properly open, make a noise about it and return NULL.
6635 static struct ssh_channel *ssh2_channel_msg(Ssh ssh, struct Packet *pktin)
6637 unsigned localid = ssh_pkt_getuint32(pktin);
6638 struct ssh_channel *c;
6640 c = find234(ssh->channels, &localid, ssh_channelfind);
6642 (c->halfopen && pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION &&
6643 pktin->type != SSH2_MSG_CHANNEL_OPEN_FAILURE)) {
6644 char *buf = dupprintf("Received %s for %s channel %u",
6645 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
6647 c ? "half-open" : "nonexistent", localid);
6648 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6655 static int ssh2_handle_winadj_response(struct ssh_channel *c)
6657 struct winadj *wa = c->v.v2.winadj_head;
6660 c->v.v2.winadj_head = wa->next;
6661 c->v.v2.remlocwin += wa->size;
6664 * winadj messages are only sent when the window is fully open, so
6665 * if we get an ack of one, we know any pending unthrottle is
6668 if (c->v.v2.throttle_state == UNTHROTTLING)
6669 c->v.v2.throttle_state = UNTHROTTLED;
6673 static void ssh2_msg_channel_success(Ssh ssh, struct Packet *pktin)
6676 * This should never get called. All channel requests are either
6677 * sent with want_reply false, are sent before this handler gets
6678 * installed, or are "winadj@putty" requests, which servers should
6679 * never respond to with success.
6681 * However, at least one server ("boks_sshd") is known to return
6682 * SUCCESS for channel requests it's never heard of, such as
6683 * "winadj@putty". Raised with foxt.com as bug 090916-090424, but
6684 * for the sake of a quiet life, we handle it just the same as the
6687 struct ssh_channel *c;
6689 c = ssh2_channel_msg(ssh, pktin);
6692 if (!ssh2_handle_winadj_response(c))
6693 ssh_disconnect(ssh, NULL,
6694 "Received unsolicited SSH_MSG_CHANNEL_SUCCESS",
6695 SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6698 static void ssh2_msg_channel_failure(Ssh ssh, struct Packet *pktin)
6701 * The only time this should get called is for "winadj@putty"
6702 * messages sent above. All other channel requests are either
6703 * sent with want_reply false or are sent before this handler gets
6706 struct ssh_channel *c;
6708 c = ssh2_channel_msg(ssh, pktin);
6711 if (!ssh2_handle_winadj_response(c))
6712 ssh_disconnect(ssh, NULL,
6713 "Received unsolicited SSH_MSG_CHANNEL_FAILURE",
6714 SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6717 static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)
6719 struct ssh_channel *c;
6720 c = ssh2_channel_msg(ssh, pktin);
6723 if (!(c->closes & CLOSES_SENT_EOF)) {
6724 c->v.v2.remwindow += ssh_pkt_getuint32(pktin);
6725 ssh2_try_send_and_unthrottle(ssh, c);
6729 static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
6733 struct ssh_channel *c;
6734 c = ssh2_channel_msg(ssh, pktin);
6737 if (pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA &&
6738 ssh_pkt_getuint32(pktin) != SSH2_EXTENDED_DATA_STDERR)
6739 return; /* extended but not stderr */
6740 ssh_pkt_getstring(pktin, &data, &length);
6743 c->v.v2.locwindow -= length;
6744 c->v.v2.remlocwin -= length;
6746 case CHAN_MAINSESSION:
6748 from_backend(ssh->frontend, pktin->type ==
6749 SSH2_MSG_CHANNEL_EXTENDED_DATA,
6753 bufsize = x11_send(c->u.x11.s, data, length);
6756 bufsize = pfd_send(c->u.pfd.s, data, length);
6759 while (length > 0) {
6760 if (c->u.a.lensofar < 4) {
6761 unsigned int l = min(4 - c->u.a.lensofar,
6763 memcpy(c->u.a.msglen + c->u.a.lensofar,
6767 c->u.a.lensofar += l;
6769 if (c->u.a.lensofar == 4) {
6771 4 + GET_32BIT(c->u.a.msglen);
6772 c->u.a.message = snewn(c->u.a.totallen,
6774 memcpy(c->u.a.message, c->u.a.msglen, 4);
6776 if (c->u.a.lensofar >= 4 && length > 0) {
6778 min(c->u.a.totallen - c->u.a.lensofar,
6780 memcpy(c->u.a.message + c->u.a.lensofar,
6784 c->u.a.lensofar += l;
6786 if (c->u.a.lensofar == c->u.a.totallen) {
6789 if (agent_query(c->u.a.message,
6792 ssh_agentf_callback, c))
6793 ssh_agentf_callback(c, reply, replylen);
6794 sfree(c->u.a.message);
6795 c->u.a.message = NULL;
6796 c->u.a.lensofar = 0;
6803 * If it looks like the remote end hit the end of its window,
6804 * and we didn't want it to do that, think about using a
6807 if (c->v.v2.remlocwin <= 0 && c->v.v2.throttle_state == UNTHROTTLED &&
6808 c->v.v2.locmaxwin < 0x40000000)
6809 c->v.v2.locmaxwin += OUR_V2_WINSIZE;
6811 * If we are not buffering too much data,
6812 * enlarge the window again at the remote side.
6813 * If we are buffering too much, we may still
6814 * need to adjust the window if the server's
6817 ssh2_set_window(c, bufsize < c->v.v2.locmaxwin ?
6818 c->v.v2.locmaxwin - bufsize : 0);
6820 * If we're either buffering way too much data, or if we're
6821 * buffering anything at all and we're in "simple" mode,
6822 * throttle the whole channel.
6824 if ((bufsize > c->v.v2.locmaxwin ||
6825 (conf_get_int(ssh->conf, CONF_ssh_simple) && bufsize > 0)) &&
6826 !c->throttling_conn) {
6827 c->throttling_conn = 1;
6828 ssh_throttle_conn(ssh, +1);
6833 static void ssh_channel_destroy(struct ssh_channel *c)
6838 case CHAN_MAINSESSION:
6839 ssh->mainchan = NULL;
6840 update_specials_menu(ssh->frontend);
6843 if (c->u.x11.s != NULL)
6844 x11_close(c->u.x11.s);
6845 logevent("Forwarded X11 connection terminated");
6848 sfree(c->u.a.message);
6851 if (c->u.pfd.s != NULL)
6852 pfd_close(c->u.pfd.s);
6853 logevent("Forwarded port closed");
6857 del234(ssh->channels, c);
6858 if (ssh->version == 2)
6859 bufchain_clear(&c->v.v2.outbuffer);
6863 * See if that was the last channel left open.
6864 * (This is only our termination condition if we're
6865 * not running in -N mode.)
6867 if (ssh->version == 2 &&
6868 !conf_get_int(ssh->conf, CONF_ssh_no_shell) &&
6869 count234(ssh->channels) == 0) {
6871 * We used to send SSH_MSG_DISCONNECT here,
6872 * because I'd believed that _every_ conforming
6873 * SSH-2 connection had to end with a disconnect
6874 * being sent by at least one side; apparently
6875 * I was wrong and it's perfectly OK to
6876 * unceremoniously slam the connection shut
6877 * when you're done, and indeed OpenSSH feels
6878 * this is more polite than sending a
6879 * DISCONNECT. So now we don't.
6881 ssh_disconnect(ssh, "All channels closed", NULL, 0, TRUE);
6885 static void ssh2_channel_check_close(struct ssh_channel *c)
6888 struct Packet *pktout;
6890 if ((c->closes & (CLOSES_SENT_EOF | CLOSES_RCVD_EOF | CLOSES_SENT_CLOSE))
6891 == (CLOSES_SENT_EOF | CLOSES_RCVD_EOF)) {
6893 * We have both sent and received EOF, which means the channel
6894 * is in final wind-up. But we haven't sent CLOSE, so let's.
6896 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6897 ssh2_pkt_adduint32(pktout, c->remoteid);
6898 ssh2_pkt_send(ssh, pktout);
6899 c->closes |= CLOSES_SENT_CLOSE;
6902 if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes)) {
6904 * We have both sent and received CLOSE, which means we're
6905 * completely done with the channel.
6907 ssh_channel_destroy(c);
6911 static void ssh2_channel_got_eof(struct ssh_channel *c)
6913 if (c->closes & CLOSES_RCVD_EOF)
6914 return; /* already seen EOF */
6915 c->closes |= CLOSES_RCVD_EOF;
6917 if (c->type == CHAN_X11) {
6918 x11_send_eof(c->u.x11.s);
6919 } else if (c->type == CHAN_AGENT) {
6920 /* Manufacture an outgoing EOF in response to the incoming one. */
6921 sshfwd_write_eof(c);
6922 } else if (c->type == CHAN_SOCKDATA) {
6923 pfd_send_eof(c->u.pfd.s);
6924 } else if (c->type == CHAN_MAINSESSION) {
6927 if (!ssh->sent_console_eof && from_backend_eof(ssh->frontend)) {
6929 * The front end wants us to close the outgoing side of the
6930 * connection as soon as we see EOF from the far end.
6932 sshfwd_write_eof(c);
6934 ssh->sent_console_eof = TRUE;
6937 ssh2_channel_check_close(c);
6940 static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)
6942 struct ssh_channel *c;
6944 c = ssh2_channel_msg(ssh, pktin);
6947 ssh2_channel_got_eof(c);
6950 static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
6952 struct ssh_channel *c;
6954 c = ssh2_channel_msg(ssh, pktin);
6959 * When we receive CLOSE on a channel, we assume it comes with an
6960 * implied EOF if we haven't seen EOF yet.
6962 ssh2_channel_got_eof(c);
6965 * Now process the actual close.
6967 if (!(c->closes & CLOSES_RCVD_CLOSE)) {
6968 c->closes |= CLOSES_RCVD_CLOSE;
6969 ssh2_channel_check_close(c);
6973 static void ssh2_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
6975 struct ssh_channel *c;
6977 c = ssh2_channel_msg(ssh, pktin);
6980 if (c->type != CHAN_SOCKDATA_DORMANT)
6981 return; /* dunno why they're confirming this */
6982 c->remoteid = ssh_pkt_getuint32(pktin);
6983 c->halfopen = FALSE;
6984 c->type = CHAN_SOCKDATA;
6985 c->v.v2.remwindow = ssh_pkt_getuint32(pktin);
6986 c->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
6988 pfd_confirm(c->u.pfd.s);
6990 ssh_channel_try_eof(c);
6993 static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
6995 static const char *const reasons[] = {
6996 "<unknown reason code>",
6997 "Administratively prohibited",
6999 "Unknown channel type",
7000 "Resource shortage",
7002 unsigned reason_code;
7003 char *reason_string;
7005 struct ssh_channel *c;
7006 c = ssh2_channel_msg(ssh, pktin);
7009 if (c->type != CHAN_SOCKDATA_DORMANT)
7010 return; /* dunno why they're failing this */
7012 reason_code = ssh_pkt_getuint32(pktin);
7013 if (reason_code >= lenof(reasons))
7014 reason_code = 0; /* ensure reasons[reason_code] in range */
7015 ssh_pkt_getstring(pktin, &reason_string, &reason_length);
7016 logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]",
7017 reasons[reason_code], reason_length, reason_string);
7019 pfd_close(c->u.pfd.s);
7021 del234(ssh->channels, c);
7025 static void ssh2_msg_channel_request(Ssh ssh, struct Packet *pktin)
7028 int typelen, want_reply;
7029 int reply = SSH2_MSG_CHANNEL_FAILURE; /* default */
7030 struct ssh_channel *c;
7031 struct Packet *pktout;
7033 c = ssh2_channel_msg(ssh, pktin);
7036 ssh_pkt_getstring(pktin, &type, &typelen);
7037 want_reply = ssh2_pkt_getbool(pktin);
7040 * Having got the channel number, we now look at
7041 * the request type string to see if it's something
7044 if (c == ssh->mainchan) {
7046 * We recognise "exit-status" and "exit-signal" on
7047 * the primary channel.
7049 if (typelen == 11 &&
7050 !memcmp(type, "exit-status", 11)) {
7052 ssh->exitcode = ssh_pkt_getuint32(pktin);
7053 logeventf(ssh, "Server sent command exit status %d",
7055 reply = SSH2_MSG_CHANNEL_SUCCESS;
7057 } else if (typelen == 11 &&
7058 !memcmp(type, "exit-signal", 11)) {
7060 int is_plausible = TRUE, is_int = FALSE;
7061 char *fmt_sig = "", *fmt_msg = "";
7063 int msglen = 0, core = FALSE;
7064 /* ICK: older versions of OpenSSH (e.g. 3.4p1)
7065 * provide an `int' for the signal, despite its
7066 * having been a `string' in the drafts of RFC 4254 since at
7067 * least 2001. (Fixed in session.c 1.147.) Try to
7068 * infer which we can safely parse it as. */
7070 unsigned char *p = pktin->body +
7072 long len = pktin->length - pktin->savedpos;
7073 unsigned long num = GET_32BIT(p); /* what is it? */
7074 /* If it's 0, it hardly matters; assume string */
7078 int maybe_int = FALSE, maybe_str = FALSE;
7079 #define CHECK_HYPOTHESIS(offset, result) \
7082 if (q >= 0 && q+4 <= len) { \
7083 q = q + 4 + GET_32BIT(p+q); \
7084 if (q >= 0 && q+4 <= len && \
7085 ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \
7089 CHECK_HYPOTHESIS(4+1, maybe_int);
7090 CHECK_HYPOTHESIS(4+num+1, maybe_str);
7091 #undef CHECK_HYPOTHESIS
7092 if (maybe_int && !maybe_str)
7094 else if (!maybe_int && maybe_str)
7097 /* Crikey. Either or neither. Panic. */
7098 is_plausible = FALSE;
7101 ssh->exitcode = 128; /* means `unknown signal' */
7104 /* Old non-standard OpenSSH. */
7105 int signum = ssh_pkt_getuint32(pktin);
7106 fmt_sig = dupprintf(" %d", signum);
7107 ssh->exitcode = 128 + signum;
7109 /* As per RFC 4254. */
7112 ssh_pkt_getstring(pktin, &sig, &siglen);
7113 /* Signal name isn't supposed to be blank, but
7114 * let's cope gracefully if it is. */
7116 fmt_sig = dupprintf(" \"%.*s\"",
7121 * Really hideous method of translating the
7122 * signal description back into a locally
7123 * meaningful number.
7128 #define TRANSLATE_SIGNAL(s) \
7129 else if (siglen == lenof(#s)-1 && !memcmp(sig, #s, siglen)) \
7130 ssh->exitcode = 128 + SIG ## s
7132 TRANSLATE_SIGNAL(ABRT);
7135 TRANSLATE_SIGNAL(ALRM);
7138 TRANSLATE_SIGNAL(FPE);
7141 TRANSLATE_SIGNAL(HUP);
7144 TRANSLATE_SIGNAL(ILL);
7147 TRANSLATE_SIGNAL(INT);
7150 TRANSLATE_SIGNAL(KILL);
7153 TRANSLATE_SIGNAL(PIPE);
7156 TRANSLATE_SIGNAL(QUIT);
7159 TRANSLATE_SIGNAL(SEGV);
7162 TRANSLATE_SIGNAL(TERM);
7165 TRANSLATE_SIGNAL(USR1);
7168 TRANSLATE_SIGNAL(USR2);
7170 #undef TRANSLATE_SIGNAL
7172 ssh->exitcode = 128;
7174 core = ssh2_pkt_getbool(pktin);
7175 ssh_pkt_getstring(pktin, &msg, &msglen);
7177 fmt_msg = dupprintf(" (\"%.*s\")", msglen, msg);
7179 /* ignore lang tag */
7180 } /* else don't attempt to parse */
7181 logeventf(ssh, "Server exited on signal%s%s%s",
7182 fmt_sig, core ? " (core dumped)" : "",
7184 if (*fmt_sig) sfree(fmt_sig);
7185 if (*fmt_msg) sfree(fmt_msg);
7186 reply = SSH2_MSG_CHANNEL_SUCCESS;
7191 * This is a channel request we don't know
7192 * about, so we now either ignore the request
7193 * or respond with CHANNEL_FAILURE, depending
7196 reply = SSH2_MSG_CHANNEL_FAILURE;
7199 pktout = ssh2_pkt_init(reply);
7200 ssh2_pkt_adduint32(pktout, c->remoteid);
7201 ssh2_pkt_send(ssh, pktout);
7205 static void ssh2_msg_global_request(Ssh ssh, struct Packet *pktin)
7208 int typelen, want_reply;
7209 struct Packet *pktout;
7211 ssh_pkt_getstring(pktin, &type, &typelen);
7212 want_reply = ssh2_pkt_getbool(pktin);
7215 * We currently don't support any global requests
7216 * at all, so we either ignore the request or
7217 * respond with REQUEST_FAILURE, depending on
7221 pktout = ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
7222 ssh2_pkt_send(ssh, pktout);
7226 static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
7234 struct ssh_channel *c;
7235 unsigned remid, winsize, pktsize;
7236 struct Packet *pktout;
7238 ssh_pkt_getstring(pktin, &type, &typelen);
7239 c = snew(struct ssh_channel);
7242 remid = ssh_pkt_getuint32(pktin);
7243 winsize = ssh_pkt_getuint32(pktin);
7244 pktsize = ssh_pkt_getuint32(pktin);
7246 if (typelen == 3 && !memcmp(type, "x11", 3)) {
7250 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7251 addrstr = snewn(peeraddrlen+1, char);
7252 memcpy(addrstr, peeraddr, peeraddrlen);
7253 addrstr[peeraddrlen] = '\0';
7254 peerport = ssh_pkt_getuint32(pktin);
7256 logeventf(ssh, "Received X11 connect request from %s:%d",
7259 if (!ssh->X11_fwd_enabled)
7260 error = "X11 forwarding is not enabled";
7261 else if ((x11err = x11_init(&c->u.x11.s, ssh->x11disp, c,
7262 addrstr, peerport, ssh->conf)) != NULL) {
7263 logeventf(ssh, "Local X11 connection failed: %s", x11err);
7264 error = "Unable to open an X11 connection";
7266 logevent("Opening X11 forward connection succeeded");
7271 } else if (typelen == 15 &&
7272 !memcmp(type, "forwarded-tcpip", 15)) {
7273 struct ssh_rportfwd pf, *realpf;
7276 ssh_pkt_getstring(pktin, &dummy, &dummylen);/* skip address */
7277 pf.sport = ssh_pkt_getuint32(pktin);
7278 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7279 peerport = ssh_pkt_getuint32(pktin);
7280 realpf = find234(ssh->rportfwds, &pf, NULL);
7281 logeventf(ssh, "Received remote port %d open request "
7282 "from %s:%d", pf.sport, peeraddr, peerport);
7283 if (realpf == NULL) {
7284 error = "Remote port is not recognised";
7286 const char *e = pfd_newconnect(&c->u.pfd.s,
7290 realpf->pfrec->addressfamily);
7291 logeventf(ssh, "Attempting to forward remote port to "
7292 "%s:%d", realpf->dhost, realpf->dport);
7294 logeventf(ssh, "Port open failed: %s", e);
7295 error = "Port open failed";
7297 logevent("Forwarded port opened successfully");
7298 c->type = CHAN_SOCKDATA;
7301 } else if (typelen == 22 &&
7302 !memcmp(type, "auth-agent@openssh.com", 22)) {
7303 if (!ssh->agentfwd_enabled)
7304 error = "Agent forwarding is not enabled";
7306 c->type = CHAN_AGENT; /* identify channel type */
7307 c->u.a.lensofar = 0;
7310 error = "Unsupported channel type requested";
7313 c->remoteid = remid;
7314 c->halfopen = FALSE;
7316 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE);
7317 ssh2_pkt_adduint32(pktout, c->remoteid);
7318 ssh2_pkt_adduint32(pktout, SSH2_OPEN_CONNECT_FAILED);
7319 ssh2_pkt_addstring(pktout, error);
7320 ssh2_pkt_addstring(pktout, "en"); /* language tag */
7321 ssh2_pkt_send(ssh, pktout);
7322 logeventf(ssh, "Rejected channel open: %s", error);
7325 ssh2_channel_init(c);
7326 c->v.v2.remwindow = winsize;
7327 c->v.v2.remmaxpkt = pktsize;
7328 add234(ssh->channels, c);
7329 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
7330 ssh2_pkt_adduint32(pktout, c->remoteid);
7331 ssh2_pkt_adduint32(pktout, c->localid);
7332 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);
7333 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
7334 ssh2_pkt_send(ssh, pktout);
7339 * Buffer banner messages for later display at some convenient point,
7340 * if we're going to display them.
7342 static void ssh2_msg_userauth_banner(Ssh ssh, struct Packet *pktin)
7344 /* Arbitrary limit to prevent unbounded inflation of buffer */
7345 if (conf_get_int(ssh->conf, CONF_ssh_show_banner) &&
7346 bufchain_size(&ssh->banner) <= 131072) {
7347 char *banner = NULL;
7349 ssh_pkt_getstring(pktin, &banner, &size);
7351 bufchain_add(&ssh->banner, banner, size);
7355 /* Helper function to deal with sending tty modes for "pty-req" */
7356 static void ssh2_send_ttymode(void *data, char *mode, char *val)
7358 struct Packet *pktout = (struct Packet *)data;
7360 unsigned int arg = 0;
7361 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
7362 if (i == lenof(ssh_ttymodes)) return;
7363 switch (ssh_ttymodes[i].type) {
7365 arg = ssh_tty_parse_specchar(val);
7368 arg = ssh_tty_parse_boolean(val);
7371 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
7372 ssh2_pkt_adduint32(pktout, arg);
7376 * Handle the SSH-2 userauth and connection layers.
7378 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
7379 struct Packet *pktin)
7381 struct do_ssh2_authconn_state {
7384 AUTH_TYPE_PUBLICKEY,
7385 AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
7386 AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
7388 AUTH_TYPE_GSSAPI, /* always QUIET */
7389 AUTH_TYPE_KEYBOARD_INTERACTIVE,
7390 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
7392 int done_service_req;
7393 int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
7394 int tried_pubkey_config, done_agent;
7399 int kbd_inter_refused;
7400 int we_are_in, userauth_success;
7401 prompts_t *cur_prompt;
7406 void *publickey_blob;
7407 int publickey_bloblen;
7408 int publickey_encrypted;
7409 char *publickey_algorithm;
7410 char *publickey_comment;
7411 unsigned char agent_request[5], *agent_response, *agentp;
7412 int agent_responselen;
7413 unsigned char *pkblob_in_agent;
7415 char *pkblob, *alg, *commentp;
7416 int pklen, alglen, commentlen;
7417 int siglen, retlen, len;
7418 char *q, *agentreq, *ret;
7420 int num_env, env_left, env_ok;
7421 struct Packet *pktout;
7424 struct ssh_gss_library *gsslib;
7425 Ssh_gss_ctx gss_ctx;
7426 Ssh_gss_buf gss_buf;
7427 Ssh_gss_buf gss_rcvtok, gss_sndtok;
7428 Ssh_gss_name gss_srv_name;
7429 Ssh_gss_stat gss_stat;
7432 crState(do_ssh2_authconn_state);
7434 crBegin(ssh->do_ssh2_authconn_crstate);
7436 s->done_service_req = FALSE;
7437 s->we_are_in = s->userauth_success = FALSE;
7439 s->tried_gssapi = FALSE;
7442 if (!conf_get_int(ssh->conf, CONF_ssh_no_userauth)) {
7444 * Request userauth protocol, and await a response to it.
7446 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7447 ssh2_pkt_addstring(s->pktout, "ssh-userauth");
7448 ssh2_pkt_send(ssh, s->pktout);
7449 crWaitUntilV(pktin);
7450 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT)
7451 s->done_service_req = TRUE;
7453 if (!s->done_service_req) {
7455 * Request connection protocol directly, without authentication.
7457 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7458 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7459 ssh2_pkt_send(ssh, s->pktout);
7460 crWaitUntilV(pktin);
7461 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT) {
7462 s->we_are_in = TRUE; /* no auth required */
7464 bombout(("Server refused service request"));
7469 /* Arrange to be able to deal with any BANNERs that come in.
7470 * (We do this now as packets may come in during the next bit.) */
7471 bufchain_init(&ssh->banner);
7472 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] =
7473 ssh2_msg_userauth_banner;
7476 * Misc one-time setup for authentication.
7478 s->publickey_blob = NULL;
7479 if (!s->we_are_in) {
7482 * Load the public half of any configured public key file
7485 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
7486 if (!filename_is_null(*s->keyfile)) {
7488 logeventf(ssh, "Reading private key file \"%.150s\"",
7489 filename_to_str(s->keyfile));
7490 keytype = key_type(s->keyfile);
7491 if (keytype == SSH_KEYTYPE_SSH2) {
7494 ssh2_userkey_loadpub(s->keyfile,
7495 &s->publickey_algorithm,
7496 &s->publickey_bloblen,
7497 &s->publickey_comment, &error);
7498 if (s->publickey_blob) {
7499 s->publickey_encrypted =
7500 ssh2_userkey_encrypted(s->keyfile, NULL);
7503 logeventf(ssh, "Unable to load private key (%s)",
7505 msgbuf = dupprintf("Unable to load private key file "
7506 "\"%.150s\" (%s)\r\n",
7507 filename_to_str(s->keyfile),
7509 c_write_str(ssh, msgbuf);
7514 logeventf(ssh, "Unable to use this key file (%s)",
7515 key_type_to_str(keytype));
7516 msgbuf = dupprintf("Unable to use key file \"%.150s\""
7518 filename_to_str(s->keyfile),
7519 key_type_to_str(keytype));
7520 c_write_str(ssh, msgbuf);
7522 s->publickey_blob = NULL;
7527 * Find out about any keys Pageant has (but if there's a
7528 * public key configured, filter out all others).
7531 s->agent_response = NULL;
7532 s->pkblob_in_agent = NULL;
7533 if (conf_get_int(ssh->conf, CONF_tryagent) && agent_exists()) {
7537 logevent("Pageant is running. Requesting keys.");
7539 /* Request the keys held by the agent. */
7540 PUT_32BIT(s->agent_request, 1);
7541 s->agent_request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
7542 if (!agent_query(s->agent_request, 5, &r, &s->agent_responselen,
7543 ssh_agent_callback, ssh)) {
7547 bombout(("Unexpected data from server while"
7548 " waiting for agent response"));
7551 } while (pktin || inlen > 0);
7552 r = ssh->agent_response;
7553 s->agent_responselen = ssh->agent_response_len;
7555 s->agent_response = (unsigned char *) r;
7556 if (s->agent_response && s->agent_responselen >= 5 &&
7557 s->agent_response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
7560 p = s->agent_response + 5;
7561 s->nkeys = GET_32BIT(p);
7563 logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
7564 if (s->publickey_blob) {
7565 /* See if configured key is in agent. */
7566 for (keyi = 0; keyi < s->nkeys; keyi++) {
7567 s->pklen = GET_32BIT(p);
7568 if (s->pklen == s->publickey_bloblen &&
7569 !memcmp(p+4, s->publickey_blob,
7570 s->publickey_bloblen)) {
7571 logeventf(ssh, "Pageant key #%d matches "
7572 "configured key file", keyi);
7574 s->pkblob_in_agent = p;
7578 p += GET_32BIT(p) + 4; /* comment */
7580 if (!s->pkblob_in_agent) {
7581 logevent("Configured key file not in Pageant");
7586 logevent("Failed to get reply from Pageant");
7593 * We repeat this whole loop, including the username prompt,
7594 * until we manage a successful authentication. If the user
7595 * types the wrong _password_, they can be sent back to the
7596 * beginning to try another username, if this is configured on.
7597 * (If they specify a username in the config, they are never
7598 * asked, even if they do give a wrong password.)
7600 * I think this best serves the needs of
7602 * - the people who have no configuration, no keys, and just
7603 * want to try repeated (username,password) pairs until they
7604 * type both correctly
7606 * - people who have keys and configuration but occasionally
7607 * need to fall back to passwords
7609 * - people with a key held in Pageant, who might not have
7610 * logged in to a particular machine before; so they want to
7611 * type a username, and then _either_ their key will be
7612 * accepted, _or_ they will type a password. If they mistype
7613 * the username they will want to be able to get back and
7616 s->got_username = FALSE;
7617 while (!s->we_are_in) {
7621 if (s->got_username && !conf_get_int(ssh->conf, CONF_change_username)) {
7623 * We got a username last time round this loop, and
7624 * with change_username turned off we don't try to get
7627 } else if ((ssh->username = get_remote_username(ssh->conf)) == NULL) {
7628 int ret; /* need not be kept over crReturn */
7629 s->cur_prompt = new_prompts(ssh->frontend);
7630 s->cur_prompt->to_server = TRUE;
7631 s->cur_prompt->name = dupstr("SSH login name");
7632 /* 512 is an arbitrary limit :-( */
7633 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE, 512);
7634 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7637 crWaitUntilV(!pktin);
7638 ret = get_userpass_input(s->cur_prompt, in, inlen);
7643 * get_userpass_input() failed to get a username.
7646 free_prompts(s->cur_prompt);
7647 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
7650 ssh->username = dupstr(s->cur_prompt->prompts[0]->result);
7651 free_prompts(s->cur_prompt);
7654 if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
7655 stuff = dupprintf("Using username \"%s\".\r\n", ssh->username);
7656 c_write_str(ssh, stuff);
7660 s->got_username = TRUE;
7663 * Send an authentication request using method "none": (a)
7664 * just in case it succeeds, and (b) so that we know what
7665 * authentication methods we can usefully try next.
7667 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
7669 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7670 ssh2_pkt_addstring(s->pktout, ssh->username);
7671 ssh2_pkt_addstring(s->pktout, "ssh-connection");/* service requested */
7672 ssh2_pkt_addstring(s->pktout, "none"); /* method */
7673 ssh2_pkt_send(ssh, s->pktout);
7674 s->type = AUTH_TYPE_NONE;
7676 s->we_are_in = FALSE;
7678 s->tried_pubkey_config = FALSE;
7679 s->kbd_inter_refused = FALSE;
7681 /* Reset agent request state. */
7682 s->done_agent = FALSE;
7683 if (s->agent_response) {
7684 if (s->pkblob_in_agent) {
7685 s->agentp = s->pkblob_in_agent;
7687 s->agentp = s->agent_response + 5 + 4;
7693 char *methods = NULL;
7697 * Wait for the result of the last authentication request.
7700 crWaitUntilV(pktin);
7702 * Now is a convenient point to spew any banner material
7703 * that we've accumulated. (This should ensure that when
7704 * we exit the auth loop, we haven't any left to deal
7708 int size = bufchain_size(&ssh->banner);
7710 * Don't show the banner if we're operating in
7711 * non-verbose non-interactive mode. (It's probably
7712 * a script, which means nobody will read the
7713 * banner _anyway_, and moreover the printing of
7714 * the banner will screw up processing on the
7715 * output of (say) plink.)
7717 if (size && (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE))) {
7718 char *banner = snewn(size, char);
7719 bufchain_fetch(&ssh->banner, banner, size);
7720 c_write_untrusted(ssh, banner, size);
7723 bufchain_clear(&ssh->banner);
7725 if (pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
7726 logevent("Access granted");
7727 s->we_are_in = s->userauth_success = TRUE;
7731 if (pktin->type != SSH2_MSG_USERAUTH_FAILURE && s->type != AUTH_TYPE_GSSAPI) {
7732 bombout(("Strange packet received during authentication: "
7733 "type %d", pktin->type));
7740 * OK, we're now sitting on a USERAUTH_FAILURE message, so
7741 * we can look at the string in it and know what we can
7742 * helpfully try next.
7744 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
7745 ssh_pkt_getstring(pktin, &methods, &methlen);
7746 if (!ssh2_pkt_getbool(pktin)) {
7748 * We have received an unequivocal Access
7749 * Denied. This can translate to a variety of
7750 * messages, or no message at all.
7752 * For forms of authentication which are attempted
7753 * implicitly, by which I mean without printing
7754 * anything in the window indicating that we're
7755 * trying them, we should never print 'Access
7758 * If we do print a message saying that we're
7759 * attempting some kind of authentication, it's OK
7760 * to print a followup message saying it failed -
7761 * but the message may sometimes be more specific
7762 * than simply 'Access denied'.
7764 * Additionally, if we'd just tried password
7765 * authentication, we should break out of this
7766 * whole loop so as to go back to the username
7767 * prompt (iff we're configured to allow
7768 * username change attempts).
7770 if (s->type == AUTH_TYPE_NONE) {
7772 } else if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
7773 s->type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
7774 if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
7775 c_write_str(ssh, "Server refused our key\r\n");
7776 logevent("Server refused our key");
7777 } else if (s->type == AUTH_TYPE_PUBLICKEY) {
7778 /* This _shouldn't_ happen except by a
7779 * protocol bug causing client and server to
7780 * disagree on what is a correct signature. */
7781 c_write_str(ssh, "Server refused public-key signature"
7782 " despite accepting key!\r\n");
7783 logevent("Server refused public-key signature"
7784 " despite accepting key!");
7785 } else if (s->type==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
7786 /* quiet, so no c_write */
7787 logevent("Server refused keyboard-interactive authentication");
7788 } else if (s->type==AUTH_TYPE_GSSAPI) {
7789 /* always quiet, so no c_write */
7790 /* also, the code down in the GSSAPI block has
7791 * already logged this in the Event Log */
7792 } else if (s->type == AUTH_TYPE_KEYBOARD_INTERACTIVE) {
7793 logevent("Keyboard-interactive authentication failed");
7794 c_write_str(ssh, "Access denied\r\n");
7796 assert(s->type == AUTH_TYPE_PASSWORD);
7797 logevent("Password authentication failed");
7798 c_write_str(ssh, "Access denied\r\n");
7800 if (conf_get_int(ssh->conf, CONF_change_username)) {
7801 /* XXX perhaps we should allow
7802 * keyboard-interactive to do this too? */
7803 s->we_are_in = FALSE;
7808 c_write_str(ssh, "Further authentication required\r\n");
7809 logevent("Further authentication required");
7813 in_commasep_string("publickey", methods, methlen);
7815 in_commasep_string("password", methods, methlen);
7816 s->can_keyb_inter = conf_get_int(ssh->conf, CONF_try_ki_auth) &&
7817 in_commasep_string("keyboard-interactive", methods, methlen);
7820 ssh->gsslibs = ssh_gss_setup(ssh->conf);
7821 s->can_gssapi = conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
7822 in_commasep_string("gssapi-with-mic", methods, methlen) &&
7823 ssh->gsslibs->nlibraries > 0;
7827 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
7829 if (s->can_pubkey && !s->done_agent && s->nkeys) {
7832 * Attempt public-key authentication using a key from Pageant.
7835 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
7837 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
7839 /* Unpack key from agent response */
7840 s->pklen = GET_32BIT(s->agentp);
7842 s->pkblob = (char *)s->agentp;
7843 s->agentp += s->pklen;
7844 s->alglen = GET_32BIT(s->pkblob);
7845 s->alg = s->pkblob + 4;
7846 s->commentlen = GET_32BIT(s->agentp);
7848 s->commentp = (char *)s->agentp;
7849 s->agentp += s->commentlen;
7850 /* s->agentp now points at next key, if any */
7852 /* See if server will accept it */
7853 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7854 ssh2_pkt_addstring(s->pktout, ssh->username);
7855 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7856 /* service requested */
7857 ssh2_pkt_addstring(s->pktout, "publickey");
7859 ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
7860 ssh2_pkt_addstring_start(s->pktout);
7861 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
7862 ssh2_pkt_addstring_start(s->pktout);
7863 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
7864 ssh2_pkt_send(ssh, s->pktout);
7865 s->type = AUTH_TYPE_PUBLICKEY_OFFER_QUIET;
7867 crWaitUntilV(pktin);
7868 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
7870 /* Offer of key refused. */
7877 if (flags & FLAG_VERBOSE) {
7878 c_write_str(ssh, "Authenticating with "
7880 c_write(ssh, s->commentp, s->commentlen);
7881 c_write_str(ssh, "\" from agent\r\n");
7885 * Server is willing to accept the key.
7886 * Construct a SIGN_REQUEST.
7888 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7889 ssh2_pkt_addstring(s->pktout, ssh->username);
7890 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7891 /* service requested */
7892 ssh2_pkt_addstring(s->pktout, "publickey");
7894 ssh2_pkt_addbool(s->pktout, TRUE); /* signature included */
7895 ssh2_pkt_addstring_start(s->pktout);
7896 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
7897 ssh2_pkt_addstring_start(s->pktout);
7898 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
7900 /* Ask agent for signature. */
7901 s->siglen = s->pktout->length - 5 + 4 +
7902 ssh->v2_session_id_len;
7903 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
7905 s->len = 1; /* message type */
7906 s->len += 4 + s->pklen; /* key blob */
7907 s->len += 4 + s->siglen; /* data to sign */
7908 s->len += 4; /* flags */
7909 s->agentreq = snewn(4 + s->len, char);
7910 PUT_32BIT(s->agentreq, s->len);
7911 s->q = s->agentreq + 4;
7912 *s->q++ = SSH2_AGENTC_SIGN_REQUEST;
7913 PUT_32BIT(s->q, s->pklen);
7915 memcpy(s->q, s->pkblob, s->pklen);
7917 PUT_32BIT(s->q, s->siglen);
7919 /* Now the data to be signed... */
7920 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
7921 PUT_32BIT(s->q, ssh->v2_session_id_len);
7924 memcpy(s->q, ssh->v2_session_id,
7925 ssh->v2_session_id_len);
7926 s->q += ssh->v2_session_id_len;
7927 memcpy(s->q, s->pktout->data + 5,
7928 s->pktout->length - 5);
7929 s->q += s->pktout->length - 5;
7930 /* And finally the (zero) flags word. */
7932 if (!agent_query(s->agentreq, s->len + 4,
7934 ssh_agent_callback, ssh)) {
7938 bombout(("Unexpected data from server"
7939 " while waiting for agent"
7943 } while (pktin || inlen > 0);
7944 vret = ssh->agent_response;
7945 s->retlen = ssh->agent_response_len;
7950 if (s->ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
7951 logevent("Sending Pageant's response");
7952 ssh2_add_sigblob(ssh, s->pktout,
7953 s->pkblob, s->pklen,
7955 GET_32BIT(s->ret + 5));
7956 ssh2_pkt_send(ssh, s->pktout);
7957 s->type = AUTH_TYPE_PUBLICKEY;
7959 /* FIXME: less drastic response */
7960 bombout(("Pageant failed to answer challenge"));
7966 /* Do we have any keys left to try? */
7967 if (s->pkblob_in_agent) {
7968 s->done_agent = TRUE;
7969 s->tried_pubkey_config = TRUE;
7972 if (s->keyi >= s->nkeys)
7973 s->done_agent = TRUE;
7976 } else if (s->can_pubkey && s->publickey_blob &&
7977 !s->tried_pubkey_config) {
7979 struct ssh2_userkey *key; /* not live over crReturn */
7980 char *passphrase; /* not live over crReturn */
7982 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
7984 s->tried_pubkey_config = TRUE;
7987 * Try the public key supplied in the configuration.
7989 * First, offer the public blob to see if the server is
7990 * willing to accept it.
7992 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7993 ssh2_pkt_addstring(s->pktout, ssh->username);
7994 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7995 /* service requested */
7996 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
7997 ssh2_pkt_addbool(s->pktout, FALSE);
7998 /* no signature included */
7999 ssh2_pkt_addstring(s->pktout, s->publickey_algorithm);
8000 ssh2_pkt_addstring_start(s->pktout);
8001 ssh2_pkt_addstring_data(s->pktout,
8002 (char *)s->publickey_blob,
8003 s->publickey_bloblen);
8004 ssh2_pkt_send(ssh, s->pktout);
8005 logevent("Offered public key");
8007 crWaitUntilV(pktin);
8008 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
8009 /* Key refused. Give up. */
8010 s->gotit = TRUE; /* reconsider message next loop */
8011 s->type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
8012 continue; /* process this new message */
8014 logevent("Offer of public key accepted");
8017 * Actually attempt a serious authentication using
8020 if (flags & FLAG_VERBOSE) {
8021 c_write_str(ssh, "Authenticating with public key \"");
8022 c_write_str(ssh, s->publickey_comment);
8023 c_write_str(ssh, "\"\r\n");
8027 const char *error; /* not live over crReturn */
8028 if (s->publickey_encrypted) {
8030 * Get a passphrase from the user.
8032 int ret; /* need not be kept over crReturn */
8033 s->cur_prompt = new_prompts(ssh->frontend);
8034 s->cur_prompt->to_server = FALSE;
8035 s->cur_prompt->name = dupstr("SSH key passphrase");
8036 add_prompt(s->cur_prompt,
8037 dupprintf("Passphrase for key \"%.100s\": ",
8038 s->publickey_comment),
8039 FALSE, SSH_MAX_PASSWORD_LEN);
8040 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8043 crWaitUntilV(!pktin);
8044 ret = get_userpass_input(s->cur_prompt,
8049 /* Failed to get a passphrase. Terminate. */
8050 free_prompts(s->cur_prompt);
8051 ssh_disconnect(ssh, NULL,
8052 "Unable to authenticate",
8053 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8058 dupstr(s->cur_prompt->prompts[0]->result);
8059 free_prompts(s->cur_prompt);
8061 passphrase = NULL; /* no passphrase needed */
8065 * Try decrypting the key.
8067 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
8068 key = ssh2_load_userkey(s->keyfile, passphrase, &error);
8070 /* burn the evidence */
8071 memset(passphrase, 0, strlen(passphrase));
8074 if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
8076 (key == SSH2_WRONG_PASSPHRASE)) {
8077 c_write_str(ssh, "Wrong passphrase\r\n");
8079 /* and loop again */
8081 c_write_str(ssh, "Unable to load private key (");
8082 c_write_str(ssh, error);
8083 c_write_str(ssh, ")\r\n");
8085 break; /* try something else */
8091 unsigned char *pkblob, *sigblob, *sigdata;
8092 int pkblob_len, sigblob_len, sigdata_len;
8096 * We have loaded the private key and the server
8097 * has announced that it's willing to accept it.
8098 * Hallelujah. Generate a signature and send it.
8100 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8101 ssh2_pkt_addstring(s->pktout, ssh->username);
8102 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8103 /* service requested */
8104 ssh2_pkt_addstring(s->pktout, "publickey");
8106 ssh2_pkt_addbool(s->pktout, TRUE);
8107 /* signature follows */
8108 ssh2_pkt_addstring(s->pktout, key->alg->name);
8109 pkblob = key->alg->public_blob(key->data,
8111 ssh2_pkt_addstring_start(s->pktout);
8112 ssh2_pkt_addstring_data(s->pktout, (char *)pkblob,
8116 * The data to be signed is:
8120 * followed by everything so far placed in the
8123 sigdata_len = s->pktout->length - 5 + 4 +
8124 ssh->v2_session_id_len;
8125 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
8127 sigdata = snewn(sigdata_len, unsigned char);
8129 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
8130 PUT_32BIT(sigdata+p, ssh->v2_session_id_len);
8133 memcpy(sigdata+p, ssh->v2_session_id,
8134 ssh->v2_session_id_len);
8135 p += ssh->v2_session_id_len;
8136 memcpy(sigdata+p, s->pktout->data + 5,
8137 s->pktout->length - 5);
8138 p += s->pktout->length - 5;
8139 assert(p == sigdata_len);
8140 sigblob = key->alg->sign(key->data, (char *)sigdata,
8141 sigdata_len, &sigblob_len);
8142 ssh2_add_sigblob(ssh, s->pktout, pkblob, pkblob_len,
8143 sigblob, sigblob_len);
8148 ssh2_pkt_send(ssh, s->pktout);
8149 logevent("Sent public key signature");
8150 s->type = AUTH_TYPE_PUBLICKEY;
8151 key->alg->freekey(key->data);
8155 } else if (s->can_gssapi && !s->tried_gssapi) {
8157 /* GSSAPI Authentication */
8162 s->type = AUTH_TYPE_GSSAPI;
8163 s->tried_gssapi = TRUE;
8165 ssh->pkt_actx = SSH2_PKTCTX_GSSAPI;
8168 * Pick the highest GSS library on the preference
8174 for (i = 0; i < ngsslibs; i++) {
8175 int want_id = conf_get_int_int(ssh->conf,
8176 CONF_ssh_gsslist, i);
8177 for (j = 0; j < ssh->gsslibs->nlibraries; j++)
8178 if (ssh->gsslibs->libraries[j].id == want_id) {
8179 s->gsslib = &ssh->gsslibs->libraries[j];
8180 goto got_gsslib; /* double break */
8185 * We always expect to have found something in
8186 * the above loop: we only came here if there
8187 * was at least one viable GSS library, and the
8188 * preference list should always mention
8189 * everything and only change the order.
8194 if (s->gsslib->gsslogmsg)
8195 logevent(s->gsslib->gsslogmsg);
8197 /* Sending USERAUTH_REQUEST with "gssapi-with-mic" method */
8198 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8199 ssh2_pkt_addstring(s->pktout, ssh->username);
8200 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8201 ssh2_pkt_addstring(s->pktout, "gssapi-with-mic");
8202 logevent("Attempting GSSAPI authentication");
8204 /* add mechanism info */
8205 s->gsslib->indicate_mech(s->gsslib, &s->gss_buf);
8207 /* number of GSSAPI mechanisms */
8208 ssh2_pkt_adduint32(s->pktout,1);
8210 /* length of OID + 2 */
8211 ssh2_pkt_adduint32(s->pktout, s->gss_buf.length + 2);
8212 ssh2_pkt_addbyte(s->pktout, SSH2_GSS_OIDTYPE);
8215 ssh2_pkt_addbyte(s->pktout, (unsigned char) s->gss_buf.length);
8217 ssh_pkt_adddata(s->pktout, s->gss_buf.value,
8219 ssh2_pkt_send(ssh, s->pktout);
8220 crWaitUntilV(pktin);
8221 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_RESPONSE) {
8222 logevent("GSSAPI authentication request refused");
8226 /* check returned packet ... */
8228 ssh_pkt_getstring(pktin, &data, &len);
8229 s->gss_rcvtok.value = data;
8230 s->gss_rcvtok.length = len;
8231 if (s->gss_rcvtok.length != s->gss_buf.length + 2 ||
8232 ((char *)s->gss_rcvtok.value)[0] != SSH2_GSS_OIDTYPE ||
8233 ((char *)s->gss_rcvtok.value)[1] != s->gss_buf.length ||
8234 memcmp((char *)s->gss_rcvtok.value + 2,
8235 s->gss_buf.value,s->gss_buf.length) ) {
8236 logevent("GSSAPI authentication - wrong response from server");
8240 /* now start running */
8241 s->gss_stat = s->gsslib->import_name(s->gsslib,
8244 if (s->gss_stat != SSH_GSS_OK) {
8245 if (s->gss_stat == SSH_GSS_BAD_HOST_NAME)
8246 logevent("GSSAPI import name failed - Bad service name");
8248 logevent("GSSAPI import name failed");
8252 /* fetch TGT into GSS engine */
8253 s->gss_stat = s->gsslib->acquire_cred(s->gsslib, &s->gss_ctx);
8255 if (s->gss_stat != SSH_GSS_OK) {
8256 logevent("GSSAPI authentication failed to get credentials");
8257 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8261 /* initial tokens are empty */
8262 SSH_GSS_CLEAR_BUF(&s->gss_rcvtok);
8263 SSH_GSS_CLEAR_BUF(&s->gss_sndtok);
8265 /* now enter the loop */
8267 s->gss_stat = s->gsslib->init_sec_context
8271 conf_get_int(ssh->conf, CONF_gssapifwd),
8275 if (s->gss_stat!=SSH_GSS_S_COMPLETE &&
8276 s->gss_stat!=SSH_GSS_S_CONTINUE_NEEDED) {
8277 logevent("GSSAPI authentication initialisation failed");
8279 if (s->gsslib->display_status(s->gsslib, s->gss_ctx,
8280 &s->gss_buf) == SSH_GSS_OK) {
8281 logevent(s->gss_buf.value);
8282 sfree(s->gss_buf.value);
8287 logevent("GSSAPI authentication initialised");
8289 /* Client and server now exchange tokens until GSSAPI
8290 * no longer says CONTINUE_NEEDED */
8292 if (s->gss_sndtok.length != 0) {
8293 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
8294 ssh_pkt_addstring_start(s->pktout);
8295 ssh_pkt_addstring_data(s->pktout,s->gss_sndtok.value,s->gss_sndtok.length);
8296 ssh2_pkt_send(ssh, s->pktout);
8297 s->gsslib->free_tok(s->gsslib, &s->gss_sndtok);
8300 if (s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED) {
8301 crWaitUntilV(pktin);
8302 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_TOKEN) {
8303 logevent("GSSAPI authentication - bad server response");
8304 s->gss_stat = SSH_GSS_FAILURE;
8307 ssh_pkt_getstring(pktin, &data, &len);
8308 s->gss_rcvtok.value = data;
8309 s->gss_rcvtok.length = len;
8311 } while (s-> gss_stat == SSH_GSS_S_CONTINUE_NEEDED);
8313 if (s->gss_stat != SSH_GSS_OK) {
8314 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8315 s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
8318 logevent("GSSAPI authentication loop finished OK");
8320 /* Now send the MIC */
8322 s->pktout = ssh2_pkt_init(0);
8323 micoffset = s->pktout->length;
8324 ssh_pkt_addstring_start(s->pktout);
8325 ssh_pkt_addstring_data(s->pktout, (char *)ssh->v2_session_id, ssh->v2_session_id_len);
8326 ssh_pkt_addbyte(s->pktout, SSH2_MSG_USERAUTH_REQUEST);
8327 ssh_pkt_addstring(s->pktout, ssh->username);
8328 ssh_pkt_addstring(s->pktout, "ssh-connection");
8329 ssh_pkt_addstring(s->pktout, "gssapi-with-mic");
8331 s->gss_buf.value = (char *)s->pktout->data + micoffset;
8332 s->gss_buf.length = s->pktout->length - micoffset;
8334 s->gsslib->get_mic(s->gsslib, s->gss_ctx, &s->gss_buf, &mic);
8335 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_MIC);
8336 ssh_pkt_addstring_start(s->pktout);
8337 ssh_pkt_addstring_data(s->pktout, mic.value, mic.length);
8338 ssh2_pkt_send(ssh, s->pktout);
8339 s->gsslib->free_mic(s->gsslib, &mic);
8343 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8344 s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
8347 } else if (s->can_keyb_inter && !s->kbd_inter_refused) {
8350 * Keyboard-interactive authentication.
8353 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
8355 ssh->pkt_actx = SSH2_PKTCTX_KBDINTER;
8357 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8358 ssh2_pkt_addstring(s->pktout, ssh->username);
8359 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8360 /* service requested */
8361 ssh2_pkt_addstring(s->pktout, "keyboard-interactive");
8363 ssh2_pkt_addstring(s->pktout, ""); /* lang */
8364 ssh2_pkt_addstring(s->pktout, ""); /* submethods */
8365 ssh2_pkt_send(ssh, s->pktout);
8367 logevent("Attempting keyboard-interactive authentication");
8369 crWaitUntilV(pktin);
8370 if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
8371 /* Server is not willing to do keyboard-interactive
8372 * at all (or, bizarrely but legally, accepts the
8373 * user without actually issuing any prompts).
8374 * Give up on it entirely. */
8376 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
8377 s->kbd_inter_refused = TRUE; /* don't try it again */
8382 * Loop while the server continues to send INFO_REQUESTs.
8384 while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
8386 char *name, *inst, *lang;
8387 int name_len, inst_len, lang_len;
8391 * We've got a fresh USERAUTH_INFO_REQUEST.
8392 * Get the preamble and start building a prompt.
8394 ssh_pkt_getstring(pktin, &name, &name_len);
8395 ssh_pkt_getstring(pktin, &inst, &inst_len);
8396 ssh_pkt_getstring(pktin, &lang, &lang_len);
8397 s->cur_prompt = new_prompts(ssh->frontend);
8398 s->cur_prompt->to_server = TRUE;
8401 * Get any prompt(s) from the packet.
8403 s->num_prompts = ssh_pkt_getuint32(pktin);
8404 for (i = 0; i < s->num_prompts; i++) {
8408 static char noprompt[] =
8409 "<server failed to send prompt>: ";
8411 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8412 echo = ssh2_pkt_getbool(pktin);
8415 prompt_len = lenof(noprompt)-1;
8417 add_prompt(s->cur_prompt,
8418 dupprintf("%.*s", prompt_len, prompt),
8419 echo, SSH_MAX_PASSWORD_LEN);
8423 /* FIXME: better prefix to distinguish from
8425 s->cur_prompt->name =
8426 dupprintf("SSH server: %.*s", name_len, name);
8427 s->cur_prompt->name_reqd = TRUE;
8429 s->cur_prompt->name =
8430 dupstr("SSH server authentication");
8431 s->cur_prompt->name_reqd = FALSE;
8433 /* We add a prefix to try to make it clear that a prompt
8434 * has come from the server.
8435 * FIXME: ugly to print "Using..." in prompt _every_
8436 * time round. Can this be done more subtly? */
8437 /* Special case: for reasons best known to themselves,
8438 * some servers send k-i requests with no prompts and
8439 * nothing to display. Keep quiet in this case. */
8440 if (s->num_prompts || name_len || inst_len) {
8441 s->cur_prompt->instruction =
8442 dupprintf("Using keyboard-interactive authentication.%s%.*s",
8443 inst_len ? "\n" : "", inst_len, inst);
8444 s->cur_prompt->instr_reqd = TRUE;
8446 s->cur_prompt->instr_reqd = FALSE;
8450 * Display any instructions, and get the user's
8454 int ret; /* not live over crReturn */
8455 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8458 crWaitUntilV(!pktin);
8459 ret = get_userpass_input(s->cur_prompt, in, inlen);
8464 * Failed to get responses. Terminate.
8466 free_prompts(s->cur_prompt);
8467 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8468 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8475 * Send the response(s) to the server.
8477 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
8478 ssh2_pkt_adduint32(s->pktout, s->num_prompts);
8479 for (i=0; i < s->num_prompts; i++) {
8480 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8481 ssh2_pkt_addstring(s->pktout,
8482 s->cur_prompt->prompts[i]->result);
8483 end_log_omission(ssh, s->pktout);
8485 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8488 * Get the next packet in case it's another
8491 crWaitUntilV(pktin);
8496 * We should have SUCCESS or FAILURE now.
8500 } else if (s->can_passwd) {
8503 * Plain old password authentication.
8505 int ret; /* not live over crReturn */
8506 int changereq_first_time; /* not live over crReturn */
8508 ssh->pkt_actx = SSH2_PKTCTX_PASSWORD;
8510 s->cur_prompt = new_prompts(ssh->frontend);
8511 s->cur_prompt->to_server = TRUE;
8512 s->cur_prompt->name = dupstr("SSH password");
8513 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
8516 FALSE, SSH_MAX_PASSWORD_LEN);
8518 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8521 crWaitUntilV(!pktin);
8522 ret = get_userpass_input(s->cur_prompt, in, inlen);
8527 * Failed to get responses. Terminate.
8529 free_prompts(s->cur_prompt);
8530 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8531 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8536 * Squirrel away the password. (We may need it later if
8537 * asked to change it.)
8539 s->password = dupstr(s->cur_prompt->prompts[0]->result);
8540 free_prompts(s->cur_prompt);
8543 * Send the password packet.
8545 * We pad out the password packet to 256 bytes to make
8546 * it harder for an attacker to find the length of the
8549 * Anyone using a password longer than 256 bytes
8550 * probably doesn't have much to worry about from
8551 * people who find out how long their password is!
8553 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8554 ssh2_pkt_addstring(s->pktout, ssh->username);
8555 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8556 /* service requested */
8557 ssh2_pkt_addstring(s->pktout, "password");
8558 ssh2_pkt_addbool(s->pktout, FALSE);
8559 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8560 ssh2_pkt_addstring(s->pktout, s->password);
8561 end_log_omission(ssh, s->pktout);
8562 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8563 logevent("Sent password");
8564 s->type = AUTH_TYPE_PASSWORD;
8567 * Wait for next packet, in case it's a password change
8570 crWaitUntilV(pktin);
8571 changereq_first_time = TRUE;
8573 while (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
8576 * We're being asked for a new password
8577 * (perhaps not for the first time).
8578 * Loop until the server accepts it.
8581 int got_new = FALSE; /* not live over crReturn */
8582 char *prompt; /* not live over crReturn */
8583 int prompt_len; /* not live over crReturn */
8587 if (changereq_first_time)
8588 msg = "Server requested password change";
8590 msg = "Server rejected new password";
8592 c_write_str(ssh, msg);
8593 c_write_str(ssh, "\r\n");
8596 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8598 s->cur_prompt = new_prompts(ssh->frontend);
8599 s->cur_prompt->to_server = TRUE;
8600 s->cur_prompt->name = dupstr("New SSH password");
8601 s->cur_prompt->instruction =
8602 dupprintf("%.*s", prompt_len, prompt);
8603 s->cur_prompt->instr_reqd = TRUE;
8605 * There's no explicit requirement in the protocol
8606 * for the "old" passwords in the original and
8607 * password-change messages to be the same, and
8608 * apparently some Cisco kit supports password change
8609 * by the user entering a blank password originally
8610 * and the real password subsequently, so,
8611 * reluctantly, we prompt for the old password again.
8613 * (On the other hand, some servers don't even bother
8614 * to check this field.)
8616 add_prompt(s->cur_prompt,
8617 dupstr("Current password (blank for previously entered password): "),
8618 FALSE, SSH_MAX_PASSWORD_LEN);
8619 add_prompt(s->cur_prompt, dupstr("Enter new password: "),
8620 FALSE, SSH_MAX_PASSWORD_LEN);
8621 add_prompt(s->cur_prompt, dupstr("Confirm new password: "),
8622 FALSE, SSH_MAX_PASSWORD_LEN);
8625 * Loop until the user manages to enter the same
8630 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8633 crWaitUntilV(!pktin);
8634 ret = get_userpass_input(s->cur_prompt, in, inlen);
8639 * Failed to get responses. Terminate.
8641 /* burn the evidence */
8642 free_prompts(s->cur_prompt);
8643 memset(s->password, 0, strlen(s->password));
8645 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8646 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8652 * If the user specified a new original password
8653 * (IYSWIM), overwrite any previously specified
8655 * (A side effect is that the user doesn't have to
8656 * re-enter it if they louse up the new password.)
8658 if (s->cur_prompt->prompts[0]->result[0]) {
8659 memset(s->password, 0, strlen(s->password));
8660 /* burn the evidence */
8663 dupstr(s->cur_prompt->prompts[0]->result);
8667 * Check the two new passwords match.
8669 got_new = (strcmp(s->cur_prompt->prompts[1]->result,
8670 s->cur_prompt->prompts[2]->result)
8673 /* They don't. Silly user. */
8674 c_write_str(ssh, "Passwords do not match\r\n");
8679 * Send the new password (along with the old one).
8680 * (see above for padding rationale)
8682 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8683 ssh2_pkt_addstring(s->pktout, ssh->username);
8684 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8685 /* service requested */
8686 ssh2_pkt_addstring(s->pktout, "password");
8687 ssh2_pkt_addbool(s->pktout, TRUE);
8688 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8689 ssh2_pkt_addstring(s->pktout, s->password);
8690 ssh2_pkt_addstring(s->pktout,
8691 s->cur_prompt->prompts[1]->result);
8692 free_prompts(s->cur_prompt);
8693 end_log_omission(ssh, s->pktout);
8694 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8695 logevent("Sent new password");
8698 * Now see what the server has to say about it.
8699 * (If it's CHANGEREQ again, it's not happy with the
8702 crWaitUntilV(pktin);
8703 changereq_first_time = FALSE;
8708 * We need to reexamine the current pktin at the top
8709 * of the loop. Either:
8710 * - we weren't asked to change password at all, in
8711 * which case it's a SUCCESS or FAILURE with the
8713 * - we sent a new password, and the server was
8714 * either OK with it (SUCCESS or FAILURE w/partial
8715 * success) or unhappy with the _old_ password
8716 * (FAILURE w/o partial success)
8717 * In any of these cases, we go back to the top of
8718 * the loop and start again.
8723 * We don't need the old password any more, in any
8724 * case. Burn the evidence.
8726 memset(s->password, 0, strlen(s->password));
8730 char *str = dupprintf("No supported authentication methods available"
8731 " (server sent: %.*s)",
8734 ssh_disconnect(ssh, str,
8735 "No supported authentication methods available",
8736 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,
8746 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
8748 /* Clear up various bits and pieces from authentication. */
8749 if (s->publickey_blob) {
8750 sfree(s->publickey_blob);
8751 sfree(s->publickey_comment);
8753 if (s->agent_response)
8754 sfree(s->agent_response);
8756 if (s->userauth_success) {
8758 * We've just received USERAUTH_SUCCESS, and we haven't sent any
8759 * packets since. Signal the transport layer to consider enacting
8760 * delayed compression.
8762 * (Relying on we_are_in is not sufficient, as
8763 * draft-miller-secsh-compression-delayed is quite clear that it
8764 * triggers on USERAUTH_SUCCESS specifically, and we_are_in can
8765 * become set for other reasons.)
8767 do_ssh2_transport(ssh, "enabling delayed compression", -2, NULL);
8771 * Now the connection protocol has started, one way or another.
8774 ssh->channels = newtree234(ssh_channelcmp);
8777 * Set up handlers for some connection protocol messages, so we
8778 * don't have to handle them repeatedly in this coroutine.
8780 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] =
8781 ssh2_msg_channel_window_adjust;
8782 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] =
8783 ssh2_msg_global_request;
8786 * Create the main session channel.
8788 if (conf_get_int(ssh->conf, CONF_ssh_no_shell)) {
8789 ssh->mainchan = NULL;
8790 } else if (*conf_get_str(ssh->conf, CONF_ssh_nc_host)) {
8792 * Just start a direct-tcpip channel and use it as the main
8795 ssh->mainchan = snew(struct ssh_channel);
8796 ssh->mainchan->ssh = ssh;
8797 ssh2_channel_init(ssh->mainchan);
8799 "Opening direct-tcpip channel to %s:%d in place of session",
8800 conf_get_str(ssh->conf, CONF_ssh_nc_host),
8801 conf_get_int(ssh->conf, CONF_ssh_nc_port));
8802 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
8803 ssh2_pkt_addstring(s->pktout, "direct-tcpip");
8804 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
8805 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
8806 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
8807 ssh2_pkt_addstring(s->pktout, conf_get_str(ssh->conf, CONF_ssh_nc_host));
8808 ssh2_pkt_adduint32(s->pktout, conf_get_int(ssh->conf, CONF_ssh_nc_port));
8810 * There's nothing meaningful to put in the originator
8811 * fields, but some servers insist on syntactically correct
8814 ssh2_pkt_addstring(s->pktout, "0.0.0.0");
8815 ssh2_pkt_adduint32(s->pktout, 0);
8816 ssh2_pkt_send(ssh, s->pktout);
8818 crWaitUntilV(pktin);
8819 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
8820 bombout(("Server refused to open a direct-tcpip channel"));
8822 /* FIXME: error data comes back in FAILURE packet */
8824 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
8825 bombout(("Server's channel confirmation cited wrong channel"));
8828 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
8829 ssh->mainchan->halfopen = FALSE;
8830 ssh->mainchan->type = CHAN_MAINSESSION;
8831 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
8832 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
8833 add234(ssh->channels, ssh->mainchan);
8834 update_specials_menu(ssh->frontend);
8835 logevent("Opened direct-tcpip channel");
8838 ssh->mainchan = snew(struct ssh_channel);
8839 ssh->mainchan->ssh = ssh;
8840 ssh2_channel_init(ssh->mainchan);
8841 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
8842 ssh2_pkt_addstring(s->pktout, "session");
8843 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
8844 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
8845 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
8846 ssh2_pkt_send(ssh, s->pktout);
8847 crWaitUntilV(pktin);
8848 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
8849 bombout(("Server refused to open a session"));
8851 /* FIXME: error data comes back in FAILURE packet */
8853 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
8854 bombout(("Server's channel confirmation cited wrong channel"));
8857 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
8858 ssh->mainchan->halfopen = FALSE;
8859 ssh->mainchan->type = CHAN_MAINSESSION;
8860 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
8861 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
8862 add234(ssh->channels, ssh->mainchan);
8863 update_specials_menu(ssh->frontend);
8864 logevent("Opened channel for session");
8865 ssh->ncmode = FALSE;
8869 * Now we have a channel, make dispatch table entries for
8870 * general channel-based messages.
8872 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] =
8873 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] =
8874 ssh2_msg_channel_data;
8875 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_channel_eof;
8876 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_channel_close;
8877 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] =
8878 ssh2_msg_channel_open_confirmation;
8879 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] =
8880 ssh2_msg_channel_open_failure;
8881 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] =
8882 ssh2_msg_channel_request;
8883 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] =
8884 ssh2_msg_channel_open;
8886 if (ssh->mainchan && conf_get_int(ssh->conf, CONF_ssh_simple)) {
8888 * This message indicates to the server that we promise
8889 * not to try to run any other channel in parallel with
8890 * this one, so it's safe for it to advertise a very large
8891 * window and leave the flow control to TCP.
8893 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8894 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
8895 ssh2_pkt_addstring(s->pktout, "simple@putty.projects.tartarus.org");
8896 ssh2_pkt_addbool(s->pktout, 0); /* no reply */
8897 ssh2_pkt_send(ssh, s->pktout);
8901 * Potentially enable X11 forwarding.
8903 if (ssh->mainchan && !ssh->ncmode && conf_get_int(ssh->conf, CONF_x11_forward) &&
8904 (ssh->x11disp = x11_setup_display(conf_get_str(ssh->conf, CONF_x11_display),
8905 conf_get_int(ssh->conf, CONF_x11_auth), ssh->conf))) {
8906 logevent("Requesting X11 forwarding");
8907 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8908 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
8909 ssh2_pkt_addstring(s->pktout, "x11-req");
8910 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8911 ssh2_pkt_addbool(s->pktout, 0); /* many connections */
8912 ssh2_pkt_addstring(s->pktout, ssh->x11disp->remoteauthprotoname);
8914 * Note that while we blank the X authentication data here, we don't
8915 * take any special action to blank the start of an X11 channel,
8916 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
8917 * without having session blanking enabled is likely to leak your
8918 * cookie into the log.
8920 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8921 ssh2_pkt_addstring(s->pktout, ssh->x11disp->remoteauthdatastring);
8922 end_log_omission(ssh, s->pktout);
8923 ssh2_pkt_adduint32(s->pktout, ssh->x11disp->screennum);
8924 ssh2_pkt_send(ssh, s->pktout);
8926 crWaitUntilV(pktin);
8928 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
8929 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
8930 bombout(("Unexpected response to X11 forwarding request:"
8931 " packet type %d", pktin->type));
8934 logevent("X11 forwarding refused");
8936 logevent("X11 forwarding enabled");
8937 ssh->X11_fwd_enabled = TRUE;
8942 * Enable port forwardings.
8944 ssh_setup_portfwd(ssh, ssh->conf);
8947 * Potentially enable agent forwarding.
8949 if (ssh->mainchan && !ssh->ncmode && conf_get_int(ssh->conf, CONF_agentfwd) && agent_exists()) {
8950 logevent("Requesting OpenSSH-style agent forwarding");
8951 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8952 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
8953 ssh2_pkt_addstring(s->pktout, "auth-agent-req@openssh.com");
8954 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8955 ssh2_pkt_send(ssh, s->pktout);
8957 crWaitUntilV(pktin);
8959 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
8960 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
8961 bombout(("Unexpected response to agent forwarding request:"
8962 " packet type %d", pktin->type));
8965 logevent("Agent forwarding refused");
8967 logevent("Agent forwarding enabled");
8968 ssh->agentfwd_enabled = TRUE;
8973 * Now allocate a pty for the session.
8975 if (ssh->mainchan && !ssh->ncmode && !conf_get_int(ssh->conf, CONF_nopty)) {
8976 /* Unpick the terminal-speed string. */
8977 /* XXX perhaps we should allow no speeds to be sent. */
8978 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
8979 sscanf(conf_get_str(ssh->conf, CONF_termspeed), "%d,%d", &ssh->ospeed, &ssh->ispeed);
8980 /* Build the pty request. */
8981 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8982 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
8983 ssh2_pkt_addstring(s->pktout, "pty-req");
8984 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8985 ssh2_pkt_addstring(s->pktout, conf_get_str(ssh->conf, CONF_termtype));
8986 ssh2_pkt_adduint32(s->pktout, ssh->term_width);
8987 ssh2_pkt_adduint32(s->pktout, ssh->term_height);
8988 ssh2_pkt_adduint32(s->pktout, 0); /* pixel width */
8989 ssh2_pkt_adduint32(s->pktout, 0); /* pixel height */
8990 ssh2_pkt_addstring_start(s->pktout);
8991 parse_ttymodes(ssh, ssh2_send_ttymode, (void *)s->pktout);
8992 ssh2_pkt_addbyte(s->pktout, SSH2_TTY_OP_ISPEED);
8993 ssh2_pkt_adduint32(s->pktout, ssh->ispeed);
8994 ssh2_pkt_addbyte(s->pktout, SSH2_TTY_OP_OSPEED);
8995 ssh2_pkt_adduint32(s->pktout, ssh->ospeed);
8996 ssh2_pkt_addstring_data(s->pktout, "\0", 1); /* TTY_OP_END */
8997 ssh2_pkt_send(ssh, s->pktout);
8998 ssh->state = SSH_STATE_INTERMED;
9000 crWaitUntilV(pktin);
9002 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
9003 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
9004 bombout(("Unexpected response to pty request:"
9005 " packet type %d", pktin->type));
9008 c_write_str(ssh, "Server refused to allocate pty\r\n");
9009 ssh->editing = ssh->echoing = 1;
9011 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
9012 ssh->ospeed, ssh->ispeed);
9015 ssh->editing = ssh->echoing = 1;
9019 * Send environment variables.
9021 * Simplest thing here is to send all the requests at once, and
9022 * then wait for a whole bunch of successes or failures.
9024 if (ssh->mainchan && !ssh->ncmode) {
9029 for (val = conf_get_str_strs(ssh->conf, CONF_environmt, NULL, &key);
9031 val = conf_get_str_strs(ssh->conf, CONF_environmt, key, &key)) {
9032 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9033 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
9034 ssh2_pkt_addstring(s->pktout, "env");
9035 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
9036 ssh2_pkt_addstring(s->pktout, key);
9037 ssh2_pkt_addstring(s->pktout, val);
9038 ssh2_pkt_send(ssh, s->pktout);
9044 logeventf(ssh, "Sent %d environment variables", s->num_env);
9047 s->env_left = s->num_env;
9049 while (s->env_left > 0) {
9050 crWaitUntilV(pktin);
9052 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
9053 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
9054 bombout(("Unexpected response to environment request:"
9055 " packet type %d", pktin->type));
9065 if (s->env_ok == s->num_env) {
9066 logevent("All environment variables successfully set");
9067 } else if (s->env_ok == 0) {
9068 logevent("All environment variables refused");
9069 c_write_str(ssh, "Server refused to set environment variables\r\n");
9071 logeventf(ssh, "%d environment variables refused",
9072 s->num_env - s->env_ok);
9073 c_write_str(ssh, "Server refused to set all environment variables\r\n");
9079 * Start a shell or a remote command. We may have to attempt
9080 * this twice if the config data has provided a second choice
9083 if (ssh->mainchan && !ssh->ncmode) while (1) {
9087 if (ssh->fallback_cmd) {
9088 subsys = conf_get_int(ssh->conf, CONF_ssh_subsys2);
9089 cmd = conf_get_str(ssh->conf, CONF_remote_cmd2);
9091 subsys = conf_get_int(ssh->conf, CONF_ssh_subsys);
9092 cmd = conf_get_str(ssh->conf, CONF_remote_cmd);
9095 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9096 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
9098 ssh2_pkt_addstring(s->pktout, "subsystem");
9099 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
9100 ssh2_pkt_addstring(s->pktout, cmd);
9102 ssh2_pkt_addstring(s->pktout, "exec");
9103 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
9104 ssh2_pkt_addstring(s->pktout, cmd);
9106 ssh2_pkt_addstring(s->pktout, "shell");
9107 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
9109 ssh2_pkt_send(ssh, s->pktout);
9111 crWaitUntilV(pktin);
9113 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
9114 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
9115 bombout(("Unexpected response to shell/command request:"
9116 " packet type %d", pktin->type));
9120 * We failed to start the command. If this is the
9121 * fallback command, we really are finished; if it's
9122 * not, and if the fallback command exists, try falling
9123 * back to it before complaining.
9125 if (!ssh->fallback_cmd &&
9126 *conf_get_str(ssh->conf, CONF_remote_cmd2)) {
9127 logevent("Primary command failed; attempting fallback");
9128 ssh->fallback_cmd = TRUE;
9131 bombout(("Server refused to start a shell/command"));
9134 logevent("Started a shell/command");
9139 ssh->state = SSH_STATE_SESSION;
9140 if (ssh->size_needed)
9141 ssh_size(ssh, ssh->term_width, ssh->term_height);
9142 if (ssh->eof_needed)
9143 ssh_special(ssh, TS_EOF);
9146 * All the initial channel requests are done, so install the default
9149 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = ssh2_msg_channel_success;
9150 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = ssh2_msg_channel_failure;
9156 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
9161 s->try_send = FALSE;
9165 * _All_ the connection-layer packets we expect to
9166 * receive are now handled by the dispatch table.
9167 * Anything that reaches here must be bogus.
9170 bombout(("Strange packet received: type %d", pktin->type));
9172 } else if (ssh->mainchan) {
9174 * We have spare data. Add it to the channel buffer.
9176 ssh2_add_channel_data(ssh->mainchan, (char *)in, inlen);
9181 struct ssh_channel *c;
9183 * Try to send data on all channels if we can.
9185 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
9186 ssh2_try_send_and_unthrottle(ssh, c);
9194 * Handlers for SSH-2 messages that might arrive at any moment.
9196 static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
9198 /* log reason code in disconnect message */
9202 reason = ssh_pkt_getuint32(pktin);
9203 ssh_pkt_getstring(pktin, &msg, &msglen);
9205 if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
9206 buf = dupprintf("Received disconnect message (%s)",
9207 ssh2_disconnect_reasons[reason]);
9209 buf = dupprintf("Received disconnect message (unknown"
9210 " type %d)", reason);
9214 buf = dupprintf("Disconnection message text: %.*s",
9217 bombout(("Server sent disconnect message\ntype %d (%s):\n\"%.*s\"",
9219 (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
9220 ssh2_disconnect_reasons[reason] : "unknown",
9225 static void ssh2_msg_debug(Ssh ssh, struct Packet *pktin)
9227 /* log the debug message */
9231 /* XXX maybe we should actually take notice of the return value */
9232 ssh2_pkt_getbool(pktin);
9233 ssh_pkt_getstring(pktin, &msg, &msglen);
9235 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
9238 static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
9240 struct Packet *pktout;
9241 pktout = ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED);
9242 ssh2_pkt_adduint32(pktout, pktin->sequence);
9244 * UNIMPLEMENTED messages MUST appear in the same order as the
9245 * messages they respond to. Hence, never queue them.
9247 ssh2_pkt_send_noqueue(ssh, pktout);
9251 * Handle the top-level SSH-2 protocol.
9253 static void ssh2_protocol_setup(Ssh ssh)
9258 * Most messages cause SSH2_MSG_UNIMPLEMENTED.
9260 for (i = 0; i < 256; i++)
9261 ssh->packet_dispatch[i] = ssh2_msg_something_unimplemented;
9264 * Any message we actually understand, we set to NULL so that
9265 * the coroutines will get it.
9267 ssh->packet_dispatch[SSH2_MSG_UNIMPLEMENTED] = NULL;
9268 ssh->packet_dispatch[SSH2_MSG_SERVICE_REQUEST] = NULL;
9269 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = NULL;
9270 ssh->packet_dispatch[SSH2_MSG_KEXINIT] = NULL;
9271 ssh->packet_dispatch[SSH2_MSG_NEWKEYS] = NULL;
9272 ssh->packet_dispatch[SSH2_MSG_KEXDH_INIT] = NULL;
9273 ssh->packet_dispatch[SSH2_MSG_KEXDH_REPLY] = NULL;
9274 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REQUEST] = NULL; duplicate case value */
9275 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_GROUP] = NULL; duplicate case value */
9276 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_INIT] = NULL;
9277 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REPLY] = NULL;
9278 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = NULL;
9279 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = NULL;
9280 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = NULL;
9281 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
9282 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = NULL;
9283 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = NULL; duplicate case value */
9284 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = NULL; duplicate case value */
9285 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = NULL;
9286 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = NULL;
9287 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = NULL;
9288 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = NULL;
9289 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = NULL;
9290 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = NULL;
9291 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = NULL;
9292 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = NULL;
9293 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = NULL;
9294 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = NULL;
9295 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = NULL;
9296 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = NULL;
9297 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] = NULL;
9298 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = NULL;
9299 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = NULL;
9302 * These special message types we install handlers for.
9304 ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
9305 ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
9306 ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
9309 static void ssh2_timer(void *ctx, long now)
9313 if (ssh->state == SSH_STATE_CLOSED)
9316 if (!ssh->kex_in_progress && conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0 &&
9317 now - ssh->next_rekey >= 0) {
9318 do_ssh2_transport(ssh, "timeout", -1, NULL);
9322 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
9323 struct Packet *pktin)
9325 unsigned char *in = (unsigned char *)vin;
9326 if (ssh->state == SSH_STATE_CLOSED)
9330 ssh->incoming_data_size += pktin->encrypted_len;
9331 if (!ssh->kex_in_progress &&
9332 ssh->max_data_size != 0 &&
9333 ssh->incoming_data_size > ssh->max_data_size)
9334 do_ssh2_transport(ssh, "too much data received", -1, NULL);
9337 if (pktin && ssh->packet_dispatch[pktin->type]) {
9338 ssh->packet_dispatch[pktin->type](ssh, pktin);
9342 if (!ssh->protocol_initial_phase_done ||
9343 (pktin && pktin->type >= 20 && pktin->type < 50)) {
9344 if (do_ssh2_transport(ssh, in, inlen, pktin) &&
9345 !ssh->protocol_initial_phase_done) {
9346 ssh->protocol_initial_phase_done = TRUE;
9348 * Allow authconn to initialise itself.
9350 do_ssh2_authconn(ssh, NULL, 0, NULL);
9353 do_ssh2_authconn(ssh, in, inlen, pktin);
9357 static void ssh_cache_conf_values(Ssh ssh)
9359 ssh->logomitdata = conf_get_int(ssh->conf, CONF_logomitdata);
9363 * Called to set up the connection.
9365 * Returns an error message, or NULL on success.
9367 static const char *ssh_init(void *frontend_handle, void **backend_handle,
9368 Conf *conf, char *host, int port, char **realhost,
9369 int nodelay, int keepalive)
9374 ssh = snew(struct ssh_tag);
9375 ssh->conf = conf_copy(conf);
9376 ssh_cache_conf_values(ssh);
9377 ssh->version = 0; /* when not ready yet */
9380 ssh->v1_cipher_ctx = NULL;
9381 ssh->crcda_ctx = NULL;
9382 ssh->cscipher = NULL;
9383 ssh->cs_cipher_ctx = NULL;
9384 ssh->sccipher = NULL;
9385 ssh->sc_cipher_ctx = NULL;
9387 ssh->cs_mac_ctx = NULL;
9389 ssh->sc_mac_ctx = NULL;
9391 ssh->cs_comp_ctx = NULL;
9393 ssh->sc_comp_ctx = NULL;
9395 ssh->kex_ctx = NULL;
9396 ssh->hostkey = NULL;
9398 ssh->close_expected = FALSE;
9399 ssh->clean_exit = FALSE;
9400 ssh->state = SSH_STATE_PREPACKET;
9401 ssh->size_needed = FALSE;
9402 ssh->eof_needed = FALSE;
9405 ssh->deferred_send_data = NULL;
9406 ssh->deferred_len = 0;
9407 ssh->deferred_size = 0;
9408 ssh->fallback_cmd = 0;
9409 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
9410 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
9411 ssh->x11disp = NULL;
9412 ssh->v1_compressing = FALSE;
9413 ssh->v2_outgoing_sequence = 0;
9414 ssh->ssh1_rdpkt_crstate = 0;
9415 ssh->ssh2_rdpkt_crstate = 0;
9416 ssh->do_ssh_init_crstate = 0;
9417 ssh->ssh_gotdata_crstate = 0;
9418 ssh->do_ssh1_connection_crstate = 0;
9419 ssh->do_ssh1_login_crstate = 0;
9420 ssh->do_ssh2_transport_crstate = 0;
9421 ssh->do_ssh2_authconn_crstate = 0;
9422 ssh->do_ssh_init_state = NULL;
9423 ssh->do_ssh1_login_state = NULL;
9424 ssh->do_ssh2_transport_state = NULL;
9425 ssh->do_ssh2_authconn_state = NULL;
9428 ssh->mainchan = NULL;
9429 ssh->throttled_all = 0;
9430 ssh->v1_stdout_throttling = 0;
9432 ssh->queuelen = ssh->queuesize = 0;
9433 ssh->queueing = FALSE;
9434 ssh->qhead = ssh->qtail = NULL;
9435 ssh->deferred_rekey_reason = NULL;
9436 bufchain_init(&ssh->queued_incoming_data);
9437 ssh->frozen = FALSE;
9438 ssh->username = NULL;
9439 ssh->sent_console_eof = FALSE;
9441 *backend_handle = ssh;
9444 if (crypto_startup() == 0)
9445 return "Microsoft high encryption pack not installed!";
9448 ssh->frontend = frontend_handle;
9449 ssh->term_width = conf_get_int(ssh->conf, CONF_width);
9450 ssh->term_height = conf_get_int(ssh->conf, CONF_height);
9452 ssh->channels = NULL;
9453 ssh->rportfwds = NULL;
9454 ssh->portfwds = NULL;
9459 ssh->conn_throttle_count = 0;
9460 ssh->overall_bufsize = 0;
9461 ssh->fallback_cmd = 0;
9463 ssh->protocol = NULL;
9465 ssh->protocol_initial_phase_done = FALSE;
9469 ssh->incoming_data_size = ssh->outgoing_data_size =
9470 ssh->deferred_data_size = 0L;
9471 ssh->max_data_size = parse_blocksize(conf_get_str(ssh->conf,
9472 CONF_ssh_rekey_data));
9473 ssh->kex_in_progress = FALSE;
9476 ssh->gsslibs = NULL;
9479 p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
9488 static void ssh_free(void *handle)
9490 Ssh ssh = (Ssh) handle;
9491 struct ssh_channel *c;
9492 struct ssh_rportfwd *pf;
9494 if (ssh->v1_cipher_ctx)
9495 ssh->cipher->free_context(ssh->v1_cipher_ctx);
9496 if (ssh->cs_cipher_ctx)
9497 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
9498 if (ssh->sc_cipher_ctx)
9499 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
9500 if (ssh->cs_mac_ctx)
9501 ssh->csmac->free_context(ssh->cs_mac_ctx);
9502 if (ssh->sc_mac_ctx)
9503 ssh->scmac->free_context(ssh->sc_mac_ctx);
9504 if (ssh->cs_comp_ctx) {
9506 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
9508 zlib_compress_cleanup(ssh->cs_comp_ctx);
9510 if (ssh->sc_comp_ctx) {
9512 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
9514 zlib_decompress_cleanup(ssh->sc_comp_ctx);
9517 dh_cleanup(ssh->kex_ctx);
9518 sfree(ssh->savedhost);
9520 while (ssh->queuelen-- > 0)
9521 ssh_free_packet(ssh->queue[ssh->queuelen]);
9524 while (ssh->qhead) {
9525 struct queued_handler *qh = ssh->qhead;
9526 ssh->qhead = qh->next;
9529 ssh->qhead = ssh->qtail = NULL;
9531 if (ssh->channels) {
9532 while ((c = delpos234(ssh->channels, 0)) != NULL) {
9535 if (c->u.x11.s != NULL)
9536 x11_close(c->u.x11.s);
9539 case CHAN_SOCKDATA_DORMANT:
9540 if (c->u.pfd.s != NULL)
9541 pfd_close(c->u.pfd.s);
9546 freetree234(ssh->channels);
9547 ssh->channels = NULL;
9550 if (ssh->rportfwds) {
9551 while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
9553 freetree234(ssh->rportfwds);
9554 ssh->rportfwds = NULL;
9556 sfree(ssh->deferred_send_data);
9558 x11_free_display(ssh->x11disp);
9559 sfree(ssh->do_ssh_init_state);
9560 sfree(ssh->do_ssh1_login_state);
9561 sfree(ssh->do_ssh2_transport_state);
9562 sfree(ssh->do_ssh2_authconn_state);
9565 sfree(ssh->fullhostname);
9566 if (ssh->crcda_ctx) {
9567 crcda_free_context(ssh->crcda_ctx);
9568 ssh->crcda_ctx = NULL;
9571 ssh_do_close(ssh, TRUE);
9572 expire_timer_context(ssh);
9574 pinger_free(ssh->pinger);
9575 bufchain_clear(&ssh->queued_incoming_data);
9576 sfree(ssh->username);
9577 conf_free(ssh->conf);
9580 ssh_gss_cleanup(ssh->gsslibs);
9588 * Reconfigure the SSH backend.
9590 static void ssh_reconfig(void *handle, Conf *conf)
9592 Ssh ssh = (Ssh) handle;
9593 char *rekeying = NULL, rekey_mandatory = FALSE;
9594 unsigned long old_max_data_size;
9597 pinger_reconfig(ssh->pinger, ssh->conf, conf);
9599 ssh_setup_portfwd(ssh, conf);
9601 rekey_time = conf_get_int(conf, CONF_ssh_rekey_time);
9602 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != rekey_time &&
9604 long new_next = ssh->last_rekey + rekey_time*60*TICKSPERSEC;
9605 long now = GETTICKCOUNT();
9607 if (new_next - now < 0) {
9608 rekeying = "timeout shortened";
9610 ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
9614 old_max_data_size = ssh->max_data_size;
9615 ssh->max_data_size = parse_blocksize(conf_get_str(ssh->conf,
9616 CONF_ssh_rekey_data));
9617 if (old_max_data_size != ssh->max_data_size &&
9618 ssh->max_data_size != 0) {
9619 if (ssh->outgoing_data_size > ssh->max_data_size ||
9620 ssh->incoming_data_size > ssh->max_data_size)
9621 rekeying = "data limit lowered";
9624 if (conf_get_int(ssh->conf, CONF_compression) !=
9625 conf_get_int(conf, CONF_compression)) {
9626 rekeying = "compression setting changed";
9627 rekey_mandatory = TRUE;
9630 for (i = 0; i < CIPHER_MAX; i++)
9631 if (conf_get_int_int(ssh->conf, CONF_ssh_cipherlist, i) !=
9632 conf_get_int_int(conf, CONF_ssh_cipherlist, i)) {
9633 rekeying = "cipher settings changed";
9634 rekey_mandatory = TRUE;
9636 if (conf_get_int(ssh->conf, CONF_ssh2_des_cbc) !=
9637 conf_get_int(conf, CONF_ssh2_des_cbc)) {
9638 rekeying = "cipher settings changed";
9639 rekey_mandatory = TRUE;
9642 conf_free(ssh->conf);
9643 ssh->conf = conf_copy(conf);
9644 ssh_cache_conf_values(ssh);
9647 if (!ssh->kex_in_progress) {
9648 do_ssh2_transport(ssh, rekeying, -1, NULL);
9649 } else if (rekey_mandatory) {
9650 ssh->deferred_rekey_reason = rekeying;
9656 * Called to send data down the SSH connection.
9658 static int ssh_send(void *handle, char *buf, int len)
9660 Ssh ssh = (Ssh) handle;
9662 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
9665 ssh->protocol(ssh, (unsigned char *)buf, len, 0);
9667 return ssh_sendbuffer(ssh);
9671 * Called to query the current amount of buffered stdin data.
9673 static int ssh_sendbuffer(void *handle)
9675 Ssh ssh = (Ssh) handle;
9678 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
9682 * If the SSH socket itself has backed up, add the total backup
9683 * size on that to any individual buffer on the stdin channel.
9686 if (ssh->throttled_all)
9687 override_value = ssh->overall_bufsize;
9689 if (ssh->version == 1) {
9690 return override_value;
9691 } else if (ssh->version == 2) {
9693 return override_value;
9695 return (override_value +
9696 bufchain_size(&ssh->mainchan->v.v2.outbuffer));
9703 * Called to set the size of the window from SSH's POV.
9705 static void ssh_size(void *handle, int width, int height)
9707 Ssh ssh = (Ssh) handle;
9708 struct Packet *pktout;
9710 ssh->term_width = width;
9711 ssh->term_height = height;
9713 switch (ssh->state) {
9714 case SSH_STATE_BEFORE_SIZE:
9715 case SSH_STATE_PREPACKET:
9716 case SSH_STATE_CLOSED:
9717 break; /* do nothing */
9718 case SSH_STATE_INTERMED:
9719 ssh->size_needed = TRUE; /* buffer for later */
9721 case SSH_STATE_SESSION:
9722 if (!conf_get_int(ssh->conf, CONF_nopty)) {
9723 if (ssh->version == 1) {
9724 send_packet(ssh, SSH1_CMSG_WINDOW_SIZE,
9725 PKT_INT, ssh->term_height,
9726 PKT_INT, ssh->term_width,
9727 PKT_INT, 0, PKT_INT, 0, PKT_END);
9728 } else if (ssh->mainchan) {
9729 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9730 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
9731 ssh2_pkt_addstring(pktout, "window-change");
9732 ssh2_pkt_addbool(pktout, 0);
9733 ssh2_pkt_adduint32(pktout, ssh->term_width);
9734 ssh2_pkt_adduint32(pktout, ssh->term_height);
9735 ssh2_pkt_adduint32(pktout, 0);
9736 ssh2_pkt_adduint32(pktout, 0);
9737 ssh2_pkt_send(ssh, pktout);
9745 * Return a list of the special codes that make sense in this
9748 static const struct telnet_special *ssh_get_specials(void *handle)
9750 static const struct telnet_special ssh1_ignore_special[] = {
9751 {"IGNORE message", TS_NOP}
9753 static const struct telnet_special ssh2_ignore_special[] = {
9754 {"IGNORE message", TS_NOP},
9756 static const struct telnet_special ssh2_rekey_special[] = {
9757 {"Repeat key exchange", TS_REKEY},
9759 static const struct telnet_special ssh2_session_specials[] = {
9762 /* These are the signal names defined by RFC 4254.
9763 * They include all the ISO C signals, but are a subset of the POSIX
9764 * required signals. */
9765 {"SIGINT (Interrupt)", TS_SIGINT},
9766 {"SIGTERM (Terminate)", TS_SIGTERM},
9767 {"SIGKILL (Kill)", TS_SIGKILL},
9768 {"SIGQUIT (Quit)", TS_SIGQUIT},
9769 {"SIGHUP (Hangup)", TS_SIGHUP},
9770 {"More signals", TS_SUBMENU},
9771 {"SIGABRT", TS_SIGABRT}, {"SIGALRM", TS_SIGALRM},
9772 {"SIGFPE", TS_SIGFPE}, {"SIGILL", TS_SIGILL},
9773 {"SIGPIPE", TS_SIGPIPE}, {"SIGSEGV", TS_SIGSEGV},
9774 {"SIGUSR1", TS_SIGUSR1}, {"SIGUSR2", TS_SIGUSR2},
9777 static const struct telnet_special specials_end[] = {
9780 /* XXX review this length for any changes: */
9781 static struct telnet_special ssh_specials[lenof(ssh2_ignore_special) +
9782 lenof(ssh2_rekey_special) +
9783 lenof(ssh2_session_specials) +
9784 lenof(specials_end)];
9785 Ssh ssh = (Ssh) handle;
9787 #define ADD_SPECIALS(name) \
9789 assert((i + lenof(name)) <= lenof(ssh_specials)); \
9790 memcpy(&ssh_specials[i], name, sizeof name); \
9794 if (ssh->version == 1) {
9795 /* Don't bother offering IGNORE if we've decided the remote
9796 * won't cope with it, since we wouldn't bother sending it if
9798 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
9799 ADD_SPECIALS(ssh1_ignore_special);
9800 } else if (ssh->version == 2) {
9801 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE))
9802 ADD_SPECIALS(ssh2_ignore_special);
9803 if (!(ssh->remote_bugs & BUG_SSH2_REKEY))
9804 ADD_SPECIALS(ssh2_rekey_special);
9806 ADD_SPECIALS(ssh2_session_specials);
9807 } /* else we're not ready yet */
9810 ADD_SPECIALS(specials_end);
9811 return ssh_specials;
9819 * Send special codes. TS_EOF is useful for `plink', so you
9820 * can send an EOF and collect resulting output (e.g. `plink
9823 static void ssh_special(void *handle, Telnet_Special code)
9825 Ssh ssh = (Ssh) handle;
9826 struct Packet *pktout;
9828 if (code == TS_EOF) {
9829 if (ssh->state != SSH_STATE_SESSION) {
9831 * Buffer the EOF in case we are pre-SESSION, so we can
9832 * send it as soon as we reach SESSION.
9835 ssh->eof_needed = TRUE;
9838 if (ssh->version == 1) {
9839 send_packet(ssh, SSH1_CMSG_EOF, PKT_END);
9840 } else if (ssh->mainchan) {
9841 sshfwd_write_eof(ssh->mainchan);
9842 ssh->send_ok = 0; /* now stop trying to read from stdin */
9844 logevent("Sent EOF message");
9845 } else if (code == TS_PING || code == TS_NOP) {
9846 if (ssh->state == SSH_STATE_CLOSED
9847 || ssh->state == SSH_STATE_PREPACKET) return;
9848 if (ssh->version == 1) {
9849 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
9850 send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
9852 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
9853 pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
9854 ssh2_pkt_addstring_start(pktout);
9855 ssh2_pkt_send_noqueue(ssh, pktout);
9858 } else if (code == TS_REKEY) {
9859 if (!ssh->kex_in_progress && ssh->version == 2) {
9860 do_ssh2_transport(ssh, "at user request", -1, NULL);
9862 } else if (code == TS_BRK) {
9863 if (ssh->state == SSH_STATE_CLOSED
9864 || ssh->state == SSH_STATE_PREPACKET) return;
9865 if (ssh->version == 1) {
9866 logevent("Unable to send BREAK signal in SSH-1");
9867 } else if (ssh->mainchan) {
9868 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9869 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
9870 ssh2_pkt_addstring(pktout, "break");
9871 ssh2_pkt_addbool(pktout, 0);
9872 ssh2_pkt_adduint32(pktout, 0); /* default break length */
9873 ssh2_pkt_send(ssh, pktout);
9876 /* Is is a POSIX signal? */
9877 char *signame = NULL;
9878 if (code == TS_SIGABRT) signame = "ABRT";
9879 if (code == TS_SIGALRM) signame = "ALRM";
9880 if (code == TS_SIGFPE) signame = "FPE";
9881 if (code == TS_SIGHUP) signame = "HUP";
9882 if (code == TS_SIGILL) signame = "ILL";
9883 if (code == TS_SIGINT) signame = "INT";
9884 if (code == TS_SIGKILL) signame = "KILL";
9885 if (code == TS_SIGPIPE) signame = "PIPE";
9886 if (code == TS_SIGQUIT) signame = "QUIT";
9887 if (code == TS_SIGSEGV) signame = "SEGV";
9888 if (code == TS_SIGTERM) signame = "TERM";
9889 if (code == TS_SIGUSR1) signame = "USR1";
9890 if (code == TS_SIGUSR2) signame = "USR2";
9891 /* The SSH-2 protocol does in principle support arbitrary named
9892 * signals, including signame@domain, but we don't support those. */
9894 /* It's a signal. */
9895 if (ssh->version == 2 && ssh->mainchan) {
9896 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9897 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
9898 ssh2_pkt_addstring(pktout, "signal");
9899 ssh2_pkt_addbool(pktout, 0);
9900 ssh2_pkt_addstring(pktout, signame);
9901 ssh2_pkt_send(ssh, pktout);
9902 logeventf(ssh, "Sent signal SIG%s", signame);
9905 /* Never heard of it. Do nothing */
9910 void *new_sock_channel(void *handle, Socket s)
9912 Ssh ssh = (Ssh) handle;
9913 struct ssh_channel *c;
9914 c = snew(struct ssh_channel);
9917 ssh2_channel_init(c);
9919 c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */
9921 add234(ssh->channels, c);
9926 * This is called when stdout/stderr (the entity to which
9927 * from_backend sends data) manages to clear some backlog.
9929 static void ssh_unthrottle(void *handle, int bufsize)
9931 Ssh ssh = (Ssh) handle;
9934 if (ssh->version == 1) {
9935 if (ssh->v1_stdout_throttling && bufsize < SSH1_BUFFER_LIMIT) {
9936 ssh->v1_stdout_throttling = 0;
9937 ssh_throttle_conn(ssh, -1);
9940 if (ssh->mainchan) {
9941 ssh2_set_window(ssh->mainchan,
9942 bufsize < ssh->mainchan->v.v2.locmaxwin ?
9943 ssh->mainchan->v.v2.locmaxwin - bufsize : 0);
9944 if (conf_get_int(ssh->conf, CONF_ssh_simple))
9947 buflimit = ssh->mainchan->v.v2.locmaxwin;
9948 if (ssh->mainchan->throttling_conn && bufsize <= buflimit) {
9949 ssh->mainchan->throttling_conn = 0;
9950 ssh_throttle_conn(ssh, -1);
9956 void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
9958 struct ssh_channel *c = (struct ssh_channel *)channel;
9960 struct Packet *pktout;
9962 logeventf(ssh, "Opening forwarded connection to %s:%d", hostname, port);
9964 if (ssh->version == 1) {
9965 send_packet(ssh, SSH1_MSG_PORT_OPEN,
9966 PKT_INT, c->localid,
9969 /* PKT_STR, <org:orgport>, */
9972 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
9973 ssh2_pkt_addstring(pktout, "direct-tcpip");
9974 ssh2_pkt_adduint32(pktout, c->localid);
9975 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);/* our window size */
9976 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
9977 ssh2_pkt_addstring(pktout, hostname);
9978 ssh2_pkt_adduint32(pktout, port);
9980 * We make up values for the originator data; partly it's
9981 * too much hassle to keep track, and partly I'm not
9982 * convinced the server should be told details like that
9983 * about my local network configuration.
9984 * The "originator IP address" is syntactically a numeric
9985 * IP address, and some servers (e.g., Tectia) get upset
9986 * if it doesn't match this syntax.
9988 ssh2_pkt_addstring(pktout, "0.0.0.0");
9989 ssh2_pkt_adduint32(pktout, 0);
9990 ssh2_pkt_send(ssh, pktout);
9994 static int ssh_connected(void *handle)
9996 Ssh ssh = (Ssh) handle;
9997 return ssh->s != NULL;
10000 static int ssh_sendok(void *handle)
10002 Ssh ssh = (Ssh) handle;
10003 return ssh->send_ok;
10006 static int ssh_ldisc(void *handle, int option)
10008 Ssh ssh = (Ssh) handle;
10009 if (option == LD_ECHO)
10010 return ssh->echoing;
10011 if (option == LD_EDIT)
10012 return ssh->editing;
10016 static void ssh_provide_ldisc(void *handle, void *ldisc)
10018 Ssh ssh = (Ssh) handle;
10019 ssh->ldisc = ldisc;
10022 static void ssh_provide_logctx(void *handle, void *logctx)
10024 Ssh ssh = (Ssh) handle;
10025 ssh->logctx = logctx;
10028 static int ssh_return_exitcode(void *handle)
10030 Ssh ssh = (Ssh) handle;
10031 if (ssh->s != NULL)
10034 return (ssh->exitcode >= 0 ? ssh->exitcode : INT_MAX);
10038 * cfg_info for SSH is the currently running version of the
10039 * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
10041 static int ssh_cfg_info(void *handle)
10043 Ssh ssh = (Ssh) handle;
10044 return ssh->version;
10048 * Gross hack: pscp will try to start SFTP but fall back to scp1 if
10049 * that fails. This variable is the means by which scp.c can reach
10050 * into the SSH code and find out which one it got.
10052 extern int ssh_fallback_cmd(void *handle)
10054 Ssh ssh = (Ssh) handle;
10055 return ssh->fallback_cmd;
10058 Backend ssh_backend = {
10068 ssh_return_exitcode,
10072 ssh_provide_logctx,
projects / PuTTY.git / blob