27 #define SSH1_MSG_DISCONNECT 1 /* 0x1 */
28 #define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */
29 #define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */
30 #define SSH1_CMSG_USER 4 /* 0x4 */
31 #define SSH1_CMSG_AUTH_RSA 6 /* 0x6 */
32 #define SSH1_SMSG_AUTH_RSA_CHALLENGE 7 /* 0x7 */
33 #define SSH1_CMSG_AUTH_RSA_RESPONSE 8 /* 0x8 */
34 #define SSH1_CMSG_AUTH_PASSWORD 9 /* 0x9 */
35 #define SSH1_CMSG_REQUEST_PTY 10 /* 0xa */
36 #define SSH1_CMSG_WINDOW_SIZE 11 /* 0xb */
37 #define SSH1_CMSG_EXEC_SHELL 12 /* 0xc */
38 #define SSH1_CMSG_EXEC_CMD 13 /* 0xd */
39 #define SSH1_SMSG_SUCCESS 14 /* 0xe */
40 #define SSH1_SMSG_FAILURE 15 /* 0xf */
41 #define SSH1_CMSG_STDIN_DATA 16 /* 0x10 */
42 #define SSH1_SMSG_STDOUT_DATA 17 /* 0x11 */
43 #define SSH1_SMSG_STDERR_DATA 18 /* 0x12 */
44 #define SSH1_CMSG_EOF 19 /* 0x13 */
45 #define SSH1_SMSG_EXIT_STATUS 20 /* 0x14 */
46 #define SSH1_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* 0x15 */
47 #define SSH1_MSG_CHANNEL_OPEN_FAILURE 22 /* 0x16 */
48 #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */
49 #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */
50 #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */
51 #define SSH1_SMSG_X11_OPEN 27 /* 0x1b */
52 #define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */
53 #define SSH1_MSG_PORT_OPEN 29 /* 0x1d */
54 #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */
55 #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */
56 #define SSH1_MSG_IGNORE 32 /* 0x20 */
57 #define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */
58 #define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */
59 #define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */
60 #define SSH1_MSG_DEBUG 36 /* 0x24 */
61 #define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */
62 #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */
63 #define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */
64 #define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */
65 #define SSH1_CMSG_AUTH_CCARD 70 /* 0x46 */
66 #define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71 /* 0x47 */
67 #define SSH1_CMSG_AUTH_CCARD_RESPONSE 72 /* 0x48 */
69 #define SSH1_AUTH_RHOSTS 1 /* 0x1 */
70 #define SSH1_AUTH_RSA 2 /* 0x2 */
71 #define SSH1_AUTH_PASSWORD 3 /* 0x3 */
72 #define SSH1_AUTH_RHOSTS_RSA 4 /* 0x4 */
73 #define SSH1_AUTH_TIS 5 /* 0x5 */
74 #define SSH1_AUTH_CCARD 16 /* 0x10 */
76 #define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
77 /* Mask for protoflags we will echo back to server if seen */
78 #define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
80 #define SSH2_MSG_DISCONNECT 1 /* 0x1 */
81 #define SSH2_MSG_IGNORE 2 /* 0x2 */
82 #define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
83 #define SSH2_MSG_DEBUG 4 /* 0x4 */
84 #define SSH2_MSG_SERVICE_REQUEST 5 /* 0x5 */
85 #define SSH2_MSG_SERVICE_ACCEPT 6 /* 0x6 */
86 #define SSH2_MSG_KEXINIT 20 /* 0x14 */
87 #define SSH2_MSG_NEWKEYS 21 /* 0x15 */
88 #define SSH2_MSG_KEXDH_INIT 30 /* 0x1e */
89 #define SSH2_MSG_KEXDH_REPLY 31 /* 0x1f */
90 #define SSH2_MSG_KEX_DH_GEX_REQUEST 30 /* 0x1e */
91 #define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
92 #define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
93 #define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
94 #define SSH2_MSG_KEXRSA_PUBKEY 30 /* 0x1e */
95 #define SSH2_MSG_KEXRSA_SECRET 31 /* 0x1f */
96 #define SSH2_MSG_KEXRSA_DONE 32 /* 0x20 */
97 #define SSH2_MSG_USERAUTH_REQUEST 50 /* 0x32 */
98 #define SSH2_MSG_USERAUTH_FAILURE 51 /* 0x33 */
99 #define SSH2_MSG_USERAUTH_SUCCESS 52 /* 0x34 */
100 #define SSH2_MSG_USERAUTH_BANNER 53 /* 0x35 */
101 #define SSH2_MSG_USERAUTH_PK_OK 60 /* 0x3c */
102 #define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 /* 0x3c */
103 #define SSH2_MSG_USERAUTH_INFO_REQUEST 60 /* 0x3c */
104 #define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 /* 0x3d */
105 #define SSH2_MSG_GLOBAL_REQUEST 80 /* 0x50 */
106 #define SSH2_MSG_REQUEST_SUCCESS 81 /* 0x51 */
107 #define SSH2_MSG_REQUEST_FAILURE 82 /* 0x52 */
108 #define SSH2_MSG_CHANNEL_OPEN 90 /* 0x5a */
109 #define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 /* 0x5b */
110 #define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 /* 0x5c */
111 #define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 /* 0x5d */
112 #define SSH2_MSG_CHANNEL_DATA 94 /* 0x5e */
113 #define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 /* 0x5f */
114 #define SSH2_MSG_CHANNEL_EOF 96 /* 0x60 */
115 #define SSH2_MSG_CHANNEL_CLOSE 97 /* 0x61 */
116 #define SSH2_MSG_CHANNEL_REQUEST 98 /* 0x62 */
117 #define SSH2_MSG_CHANNEL_SUCCESS 99 /* 0x63 */
118 #define SSH2_MSG_CHANNEL_FAILURE 100 /* 0x64 */
119 #define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
120 #define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
121 #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
122 #define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
123 #define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
124 #define SSH2_MSG_USERAUTH_GSSAPI_MIC 66
127 * Packet type contexts, so that ssh2_pkt_type can correctly decode
128 * the ambiguous type numbers back into the correct type strings.
138 SSH2_PKTCTX_PUBLICKEY,
139 SSH2_PKTCTX_PASSWORD,
144 #define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
145 #define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
146 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
147 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
148 #define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
149 #define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
150 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
151 #define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
152 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
153 #define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
154 #define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
155 #define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
156 #define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
157 #define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
158 #define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
160 static const char *const ssh2_disconnect_reasons[] = {
162 "host not allowed to connect",
164 "key exchange failed",
165 "host authentication failed",
168 "service not available",
169 "protocol version not supported",
170 "host key not verifiable",
173 "too many connections",
174 "auth cancelled by user",
175 "no more auth methods available",
179 #define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
180 #define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
181 #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
182 #define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
184 #define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
187 * Various remote-bug flags.
189 #define BUG_CHOKES_ON_SSH1_IGNORE 1
190 #define BUG_SSH2_HMAC 2
191 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
192 #define BUG_CHOKES_ON_RSA 8
193 #define BUG_SSH2_RSA_PADDING 16
194 #define BUG_SSH2_DERIVEKEY 32
195 #define BUG_SSH2_REKEY 64
196 #define BUG_SSH2_PK_SESSIONID 128
197 #define BUG_SSH2_MAXPKT 256
198 #define BUG_CHOKES_ON_SSH2_IGNORE 512
199 #define BUG_CHOKES_ON_WINADJ 1024
202 * Codes for terminal modes.
203 * Most of these are the same in SSH-1 and SSH-2.
204 * This list is derived from RFC 4254 and
207 static const struct {
208 const char* const mode;
210 enum { TTY_OP_CHAR, TTY_OP_BOOL } type;
212 /* "V" prefix discarded for special characters relative to SSH specs */
213 { "INTR", 1, TTY_OP_CHAR },
214 { "QUIT", 2, TTY_OP_CHAR },
215 { "ERASE", 3, TTY_OP_CHAR },
216 { "KILL", 4, TTY_OP_CHAR },
217 { "EOF", 5, TTY_OP_CHAR },
218 { "EOL", 6, TTY_OP_CHAR },
219 { "EOL2", 7, TTY_OP_CHAR },
220 { "START", 8, TTY_OP_CHAR },
221 { "STOP", 9, TTY_OP_CHAR },
222 { "SUSP", 10, TTY_OP_CHAR },
223 { "DSUSP", 11, TTY_OP_CHAR },
224 { "REPRINT", 12, TTY_OP_CHAR },
225 { "WERASE", 13, TTY_OP_CHAR },
226 { "LNEXT", 14, TTY_OP_CHAR },
227 { "FLUSH", 15, TTY_OP_CHAR },
228 { "SWTCH", 16, TTY_OP_CHAR },
229 { "STATUS", 17, TTY_OP_CHAR },
230 { "DISCARD", 18, TTY_OP_CHAR },
231 { "IGNPAR", 30, TTY_OP_BOOL },
232 { "PARMRK", 31, TTY_OP_BOOL },
233 { "INPCK", 32, TTY_OP_BOOL },
234 { "ISTRIP", 33, TTY_OP_BOOL },
235 { "INLCR", 34, TTY_OP_BOOL },
236 { "IGNCR", 35, TTY_OP_BOOL },
237 { "ICRNL", 36, TTY_OP_BOOL },
238 { "IUCLC", 37, TTY_OP_BOOL },
239 { "IXON", 38, TTY_OP_BOOL },
240 { "IXANY", 39, TTY_OP_BOOL },
241 { "IXOFF", 40, TTY_OP_BOOL },
242 { "IMAXBEL", 41, TTY_OP_BOOL },
243 { "ISIG", 50, TTY_OP_BOOL },
244 { "ICANON", 51, TTY_OP_BOOL },
245 { "XCASE", 52, TTY_OP_BOOL },
246 { "ECHO", 53, TTY_OP_BOOL },
247 { "ECHOE", 54, TTY_OP_BOOL },
248 { "ECHOK", 55, TTY_OP_BOOL },
249 { "ECHONL", 56, TTY_OP_BOOL },
250 { "NOFLSH", 57, TTY_OP_BOOL },
251 { "TOSTOP", 58, TTY_OP_BOOL },
252 { "IEXTEN", 59, TTY_OP_BOOL },
253 { "ECHOCTL", 60, TTY_OP_BOOL },
254 { "ECHOKE", 61, TTY_OP_BOOL },
255 { "PENDIN", 62, TTY_OP_BOOL }, /* XXX is this a real mode? */
256 { "OPOST", 70, TTY_OP_BOOL },
257 { "OLCUC", 71, TTY_OP_BOOL },
258 { "ONLCR", 72, TTY_OP_BOOL },
259 { "OCRNL", 73, TTY_OP_BOOL },
260 { "ONOCR", 74, TTY_OP_BOOL },
261 { "ONLRET", 75, TTY_OP_BOOL },
262 { "CS7", 90, TTY_OP_BOOL },
263 { "CS8", 91, TTY_OP_BOOL },
264 { "PARENB", 92, TTY_OP_BOOL },
265 { "PARODD", 93, TTY_OP_BOOL }
268 /* Miscellaneous other tty-related constants. */
269 #define SSH_TTY_OP_END 0
270 /* The opcodes for ISPEED/OSPEED differ between SSH-1 and SSH-2. */
271 #define SSH1_TTY_OP_ISPEED 192
272 #define SSH1_TTY_OP_OSPEED 193
273 #define SSH2_TTY_OP_ISPEED 128
274 #define SSH2_TTY_OP_OSPEED 129
276 /* Helper functions for parsing tty-related config. */
277 static unsigned int ssh_tty_parse_specchar(char *s)
282 ret = ctrlparse(s, &next);
283 if (!next) ret = s[0];
285 ret = 255; /* special value meaning "don't set" */
289 static unsigned int ssh_tty_parse_boolean(char *s)
291 if (stricmp(s, "yes") == 0 ||
292 stricmp(s, "on") == 0 ||
293 stricmp(s, "true") == 0 ||
294 stricmp(s, "+") == 0)
296 else if (stricmp(s, "no") == 0 ||
297 stricmp(s, "off") == 0 ||
298 stricmp(s, "false") == 0 ||
299 stricmp(s, "-") == 0)
300 return 0; /* false */
302 return (atoi(s) != 0);
305 #define translate(x) if (type == x) return #x
306 #define translatek(x,ctx) if (type == x && (pkt_kctx == ctx)) return #x
307 #define translatea(x,ctx) if (type == x && (pkt_actx == ctx)) return #x
308 static char *ssh1_pkt_type(int type)
310 translate(SSH1_MSG_DISCONNECT);
311 translate(SSH1_SMSG_PUBLIC_KEY);
312 translate(SSH1_CMSG_SESSION_KEY);
313 translate(SSH1_CMSG_USER);
314 translate(SSH1_CMSG_AUTH_RSA);
315 translate(SSH1_SMSG_AUTH_RSA_CHALLENGE);
316 translate(SSH1_CMSG_AUTH_RSA_RESPONSE);
317 translate(SSH1_CMSG_AUTH_PASSWORD);
318 translate(SSH1_CMSG_REQUEST_PTY);
319 translate(SSH1_CMSG_WINDOW_SIZE);
320 translate(SSH1_CMSG_EXEC_SHELL);
321 translate(SSH1_CMSG_EXEC_CMD);
322 translate(SSH1_SMSG_SUCCESS);
323 translate(SSH1_SMSG_FAILURE);
324 translate(SSH1_CMSG_STDIN_DATA);
325 translate(SSH1_SMSG_STDOUT_DATA);
326 translate(SSH1_SMSG_STDERR_DATA);
327 translate(SSH1_CMSG_EOF);
328 translate(SSH1_SMSG_EXIT_STATUS);
329 translate(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION);
330 translate(SSH1_MSG_CHANNEL_OPEN_FAILURE);
331 translate(SSH1_MSG_CHANNEL_DATA);
332 translate(SSH1_MSG_CHANNEL_CLOSE);
333 translate(SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION);
334 translate(SSH1_SMSG_X11_OPEN);
335 translate(SSH1_CMSG_PORT_FORWARD_REQUEST);
336 translate(SSH1_MSG_PORT_OPEN);
337 translate(SSH1_CMSG_AGENT_REQUEST_FORWARDING);
338 translate(SSH1_SMSG_AGENT_OPEN);
339 translate(SSH1_MSG_IGNORE);
340 translate(SSH1_CMSG_EXIT_CONFIRMATION);
341 translate(SSH1_CMSG_X11_REQUEST_FORWARDING);
342 translate(SSH1_CMSG_AUTH_RHOSTS_RSA);
343 translate(SSH1_MSG_DEBUG);
344 translate(SSH1_CMSG_REQUEST_COMPRESSION);
345 translate(SSH1_CMSG_AUTH_TIS);
346 translate(SSH1_SMSG_AUTH_TIS_CHALLENGE);
347 translate(SSH1_CMSG_AUTH_TIS_RESPONSE);
348 translate(SSH1_CMSG_AUTH_CCARD);
349 translate(SSH1_SMSG_AUTH_CCARD_CHALLENGE);
350 translate(SSH1_CMSG_AUTH_CCARD_RESPONSE);
353 static char *ssh2_pkt_type(Pkt_KCtx pkt_kctx, Pkt_ACtx pkt_actx, int type)
355 translatea(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE,SSH2_PKTCTX_GSSAPI);
356 translatea(SSH2_MSG_USERAUTH_GSSAPI_TOKEN,SSH2_PKTCTX_GSSAPI);
357 translatea(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,SSH2_PKTCTX_GSSAPI);
358 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERROR,SSH2_PKTCTX_GSSAPI);
359 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK,SSH2_PKTCTX_GSSAPI);
360 translatea(SSH2_MSG_USERAUTH_GSSAPI_MIC, SSH2_PKTCTX_GSSAPI);
361 translate(SSH2_MSG_DISCONNECT);
362 translate(SSH2_MSG_IGNORE);
363 translate(SSH2_MSG_UNIMPLEMENTED);
364 translate(SSH2_MSG_DEBUG);
365 translate(SSH2_MSG_SERVICE_REQUEST);
366 translate(SSH2_MSG_SERVICE_ACCEPT);
367 translate(SSH2_MSG_KEXINIT);
368 translate(SSH2_MSG_NEWKEYS);
369 translatek(SSH2_MSG_KEXDH_INIT, SSH2_PKTCTX_DHGROUP);
370 translatek(SSH2_MSG_KEXDH_REPLY, SSH2_PKTCTX_DHGROUP);
371 translatek(SSH2_MSG_KEX_DH_GEX_REQUEST, SSH2_PKTCTX_DHGEX);
372 translatek(SSH2_MSG_KEX_DH_GEX_GROUP, SSH2_PKTCTX_DHGEX);
373 translatek(SSH2_MSG_KEX_DH_GEX_INIT, SSH2_PKTCTX_DHGEX);
374 translatek(SSH2_MSG_KEX_DH_GEX_REPLY, SSH2_PKTCTX_DHGEX);
375 translatek(SSH2_MSG_KEXRSA_PUBKEY, SSH2_PKTCTX_RSAKEX);
376 translatek(SSH2_MSG_KEXRSA_SECRET, SSH2_PKTCTX_RSAKEX);
377 translatek(SSH2_MSG_KEXRSA_DONE, SSH2_PKTCTX_RSAKEX);
378 translate(SSH2_MSG_USERAUTH_REQUEST);
379 translate(SSH2_MSG_USERAUTH_FAILURE);
380 translate(SSH2_MSG_USERAUTH_SUCCESS);
381 translate(SSH2_MSG_USERAUTH_BANNER);
382 translatea(SSH2_MSG_USERAUTH_PK_OK, SSH2_PKTCTX_PUBLICKEY);
383 translatea(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, SSH2_PKTCTX_PASSWORD);
384 translatea(SSH2_MSG_USERAUTH_INFO_REQUEST, SSH2_PKTCTX_KBDINTER);
385 translatea(SSH2_MSG_USERAUTH_INFO_RESPONSE, SSH2_PKTCTX_KBDINTER);
386 translate(SSH2_MSG_GLOBAL_REQUEST);
387 translate(SSH2_MSG_REQUEST_SUCCESS);
388 translate(SSH2_MSG_REQUEST_FAILURE);
389 translate(SSH2_MSG_CHANNEL_OPEN);
390 translate(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
391 translate(SSH2_MSG_CHANNEL_OPEN_FAILURE);
392 translate(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
393 translate(SSH2_MSG_CHANNEL_DATA);
394 translate(SSH2_MSG_CHANNEL_EXTENDED_DATA);
395 translate(SSH2_MSG_CHANNEL_EOF);
396 translate(SSH2_MSG_CHANNEL_CLOSE);
397 translate(SSH2_MSG_CHANNEL_REQUEST);
398 translate(SSH2_MSG_CHANNEL_SUCCESS);
399 translate(SSH2_MSG_CHANNEL_FAILURE);
405 /* Enumeration values for fields in SSH-1 packets */
407 PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM,
408 /* These values are for communicating relevant semantics of
409 * fields to the packet logging code. */
410 PKTT_OTHER, PKTT_PASSWORD, PKTT_DATA
414 * Coroutine mechanics for the sillier bits of the code. If these
415 * macros look impenetrable to you, you might find it helpful to
418 * http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
420 * which explains the theory behind these macros.
422 * In particular, if you are getting `case expression not constant'
423 * errors when building with MS Visual Studio, this is because MS's
424 * Edit and Continue debugging feature causes their compiler to
425 * violate ANSI C. To disable Edit and Continue debugging:
427 * - right-click ssh.c in the FileView
429 * - select the C/C++ tab and the General category
430 * - under `Debug info:', select anything _other_ than `Program
431 * Database for Edit and Continue'.
433 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
434 #define crBeginState crBegin(s->crLine)
435 #define crStateP(t, v) \
437 if (!(v)) { s = (v) = snew(struct t); s->crLine = 0; } \
439 #define crState(t) crStateP(t, ssh->t)
440 #define crFinish(z) } *crLine = 0; return (z); }
441 #define crFinishV } *crLine = 0; return; }
442 #define crFinishFree(z) } sfree(s); return (z); }
443 #define crFinishFreeV } sfree(s); return; }
444 #define crReturn(z) \
446 *crLine =__LINE__; return (z); case __LINE__:;\
450 *crLine=__LINE__; return; case __LINE__:;\
452 #define crStop(z) do{ *crLine = 0; return (z); }while(0)
453 #define crStopV do{ *crLine = 0; return; }while(0)
454 #define crWaitUntil(c) do { crReturn(0); } while (!(c))
455 #define crWaitUntilV(c) do { crReturnV; } while (!(c))
457 typedef struct ssh_tag *Ssh;
460 static struct Packet *ssh1_pkt_init(int pkt_type);
461 static struct Packet *ssh2_pkt_init(int pkt_type);
462 static void ssh_pkt_ensure(struct Packet *, int length);
463 static void ssh_pkt_adddata(struct Packet *, void *data, int len);
464 static void ssh_pkt_addbyte(struct Packet *, unsigned char value);
465 static void ssh2_pkt_addbool(struct Packet *, unsigned char value);
466 static void ssh_pkt_adduint32(struct Packet *, unsigned long value);
467 static void ssh_pkt_addstring_start(struct Packet *);
468 static void ssh_pkt_addstring_str(struct Packet *, char *data);
469 static void ssh_pkt_addstring_data(struct Packet *, char *data, int len);
470 static void ssh_pkt_addstring(struct Packet *, char *data);
471 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len);
472 static void ssh1_pkt_addmp(struct Packet *, Bignum b);
473 static void ssh2_pkt_addmp(struct Packet *, Bignum b);
474 static int ssh2_pkt_construct(Ssh, struct Packet *);
475 static void ssh2_pkt_send(Ssh, struct Packet *);
476 static void ssh2_pkt_send_noqueue(Ssh, struct Packet *);
477 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
478 struct Packet *pktin);
479 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
480 struct Packet *pktin);
481 static void ssh2_channel_check_close(struct ssh_channel *c);
482 static void ssh_channel_destroy(struct ssh_channel *c);
485 * Buffer management constants. There are several of these for
486 * various different purposes:
488 * - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
489 * on a local data stream before we throttle the whole SSH
490 * connection (in SSH-1 only). Throttling the whole connection is
491 * pretty drastic so we set this high in the hope it won't
494 * - SSH_MAX_BACKLOG is the amount of backlog that must build up
495 * on the SSH connection itself before we defensively throttle
496 * _all_ local data streams. This is pretty drastic too (though
497 * thankfully unlikely in SSH-2 since the window mechanism should
498 * ensure that the server never has any need to throttle its end
499 * of the connection), so we set this high as well.
501 * - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
504 * - OUR_V2_BIGWIN is the window size we advertise for the only
505 * channel in a simple connection. It must be <= INT_MAX.
507 * - OUR_V2_MAXPKT is the official "maximum packet size" we send
508 * to the remote side. This actually has nothing to do with the
509 * size of the _packet_, but is instead a limit on the amount
510 * of data we're willing to receive in a single SSH2 channel
513 * - OUR_V2_PACKETLIMIT is actually the maximum size of SSH
514 * _packet_ we're prepared to cope with. It must be a multiple
515 * of the cipher block size, and must be at least 35000.
518 #define SSH1_BUFFER_LIMIT 32768
519 #define SSH_MAX_BACKLOG 32768
520 #define OUR_V2_WINSIZE 16384
521 #define OUR_V2_BIGWIN 0x7fffffff
522 #define OUR_V2_MAXPKT 0x4000UL
523 #define OUR_V2_PACKETLIMIT 0x9000UL
525 const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
527 const static struct ssh_mac *macs[] = {
528 &ssh_hmac_sha256, &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
530 const static struct ssh_mac *buggymacs[] = {
531 &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5
534 static void *ssh_comp_none_init(void)
538 static void ssh_comp_none_cleanup(void *handle)
541 static int ssh_comp_none_block(void *handle, unsigned char *block, int len,
542 unsigned char **outblock, int *outlen)
546 static int ssh_comp_none_disable(void *handle)
550 const static struct ssh_compress ssh_comp_none = {
552 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
553 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
554 ssh_comp_none_disable, NULL
556 extern const struct ssh_compress ssh_zlib;
557 const static struct ssh_compress *compressions[] = {
558 &ssh_zlib, &ssh_comp_none
561 enum { /* channel types */
566 CHAN_SOCKDATA_DORMANT, /* one the remote hasn't confirmed */
568 * CHAN_ZOMBIE is used to indicate a channel for which we've
569 * already destroyed the local data source: for instance, if a
570 * forwarded port experiences a socket error on the local side, we
571 * immediately destroy its local socket and turn the SSH channel
577 typedef void (*handler_fn_t)(Ssh ssh, struct Packet *pktin);
578 typedef void (*chandler_fn_t)(Ssh ssh, struct Packet *pktin, void *ctx);
579 typedef void (*cchandler_fn_t)(struct ssh_channel *, struct Packet *, void *);
582 * Each channel has a queue of outstanding CHANNEL_REQUESTS and their
585 struct outstanding_channel_request {
586 cchandler_fn_t handler;
588 struct outstanding_channel_request *next;
592 * 2-3-4 tree storing channels.
595 Ssh ssh; /* pointer back to main context */
596 unsigned remoteid, localid;
598 /* True if we opened this channel but server hasn't confirmed. */
601 * In SSH-1, this value contains four bits:
603 * 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
604 * 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
605 * 4 We have received SSH1_MSG_CHANNEL_CLOSE.
606 * 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
608 * A channel is completely finished with when all four bits are set.
610 * In SSH-2, the four bits mean:
612 * 1 We have sent SSH2_MSG_CHANNEL_EOF.
613 * 2 We have sent SSH2_MSG_CHANNEL_CLOSE.
614 * 4 We have received SSH2_MSG_CHANNEL_EOF.
615 * 8 We have received SSH2_MSG_CHANNEL_CLOSE.
617 * A channel is completely finished with when we have both sent
618 * and received CLOSE.
620 * The symbolic constants below use the SSH-2 terminology, which
621 * is a bit confusing in SSH-1, but we have to use _something_.
623 #define CLOSES_SENT_EOF 1
624 #define CLOSES_SENT_CLOSE 2
625 #define CLOSES_RCVD_EOF 4
626 #define CLOSES_RCVD_CLOSE 8
630 * This flag indicates that an EOF is pending on the outgoing side
631 * of the channel: that is, wherever we're getting the data for
632 * this channel has sent us some data followed by EOF. We can't
633 * actually send the EOF until we've finished sending the data, so
634 * we set this flag instead to remind us to do so once our buffer
640 * True if this channel is causing the underlying connection to be
645 struct ssh2_data_channel {
647 unsigned remwindow, remmaxpkt;
648 /* locwindow is signed so we can cope with excess data. */
649 int locwindow, locmaxwin;
651 * remlocwin is the amount of local window that we think
652 * the remote end had available to it after it sent the
653 * last data packet or window adjust ack.
657 * These store the list of channel requests that haven't
660 struct outstanding_channel_request *chanreq_head, *chanreq_tail;
661 enum { THROTTLED, UNTHROTTLING, UNTHROTTLED } throttle_state;
665 struct ssh_agent_channel {
666 unsigned char *message;
667 unsigned char msglen[4];
668 unsigned lensofar, totallen;
669 int outstanding_requests;
671 struct ssh_x11_channel {
674 struct ssh_pfd_channel {
681 * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
682 * use this structure in different ways, reflecting SSH-2's
683 * altogether saner approach to port forwarding.
685 * In SSH-1, you arrange a remote forwarding by sending the server
686 * the remote port number, and the local destination host:port.
687 * When a connection comes in, the server sends you back that
688 * host:port pair, and you connect to it. This is a ready-made
689 * security hole if you're not on the ball: a malicious server
690 * could send you back _any_ host:port pair, so if you trustingly
691 * connect to the address it gives you then you've just opened the
692 * entire inside of your corporate network just by connecting
693 * through it to a dodgy SSH server. Hence, we must store a list of
694 * host:port pairs we _are_ trying to forward to, and reject a
695 * connection request from the server if it's not in the list.
697 * In SSH-2, each side of the connection minds its own business and
698 * doesn't send unnecessary information to the other. You arrange a
699 * remote forwarding by sending the server just the remote port
700 * number. When a connection comes in, the server tells you which
701 * of its ports was connected to; and _you_ have to remember what
702 * local host:port pair went with that port number.
704 * Hence, in SSH-1 this structure is indexed by destination
705 * host:port pair, whereas in SSH-2 it is indexed by source port.
707 struct ssh_portfwd; /* forward declaration */
709 struct ssh_rportfwd {
710 unsigned sport, dport;
713 struct ssh_portfwd *pfrec;
715 #define free_rportfwd(pf) ( \
716 ((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) )
719 * Separately to the rportfwd tree (which is for looking up port
720 * open requests from the server), a tree of _these_ structures is
721 * used to keep track of all the currently open port forwardings,
722 * so that we can reconfigure in mid-session if the user requests
726 enum { DESTROY, KEEP, CREATE } status;
728 unsigned sport, dport;
731 struct ssh_rportfwd *remote;
735 #define free_portfwd(pf) ( \
736 ((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr), \
737 sfree((pf)->sserv), sfree((pf)->dserv)) : (void)0 ), sfree(pf) )
740 long length; /* length of `data' actually used */
741 long forcepad; /* SSH-2: force padding to at least this length */
742 int type; /* only used for incoming packets */
743 unsigned long sequence; /* SSH-2 incoming sequence number */
744 unsigned char *data; /* allocated storage */
745 unsigned char *body; /* offset of payload within `data' */
746 long savedpos; /* temporary index into `data' (for strings) */
747 long maxlen; /* amount of storage allocated for `data' */
748 long encrypted_len; /* for SSH-2 total-size counting */
751 * State associated with packet logging
755 struct logblank_t *blanks;
758 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
759 struct Packet *pktin);
760 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
761 struct Packet *pktin);
762 static void ssh1_protocol_setup(Ssh ssh);
763 static void ssh2_protocol_setup(Ssh ssh);
764 static void ssh_size(void *handle, int width, int height);
765 static void ssh_special(void *handle, Telnet_Special);
766 static int ssh2_try_send(struct ssh_channel *c);
767 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len);
768 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize);
769 static void ssh2_set_window(struct ssh_channel *c, int newwin);
770 static int ssh_sendbuffer(void *handle);
771 static int ssh_do_close(Ssh ssh, int notify_exit);
772 static unsigned long ssh_pkt_getuint32(struct Packet *pkt);
773 static int ssh2_pkt_getbool(struct Packet *pkt);
774 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length);
775 static void ssh2_timer(void *ctx, unsigned long now);
776 static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
777 struct Packet *pktin);
778 static void ssh2_msg_unexpected(Ssh ssh, struct Packet *pktin);
780 struct rdpkt1_state_tag {
781 long len, pad, biglen, to_read;
782 unsigned long realcrc, gotcrc;
786 struct Packet *pktin;
789 struct rdpkt2_state_tag {
790 long len, pad, payload, packetlen, maclen;
793 unsigned long incoming_sequence;
794 struct Packet *pktin;
797 struct queued_handler;
798 struct queued_handler {
800 chandler_fn_t handler;
802 struct queued_handler *next;
806 const struct plug_function_table *fn;
807 /* the above field _must_ be first in the structure */
817 unsigned char session_key[32];
819 int v1_remote_protoflags;
820 int v1_local_protoflags;
821 int agentfwd_enabled;
824 const struct ssh_cipher *cipher;
827 const struct ssh2_cipher *cscipher, *sccipher;
828 void *cs_cipher_ctx, *sc_cipher_ctx;
829 const struct ssh_mac *csmac, *scmac;
830 void *cs_mac_ctx, *sc_mac_ctx;
831 const struct ssh_compress *cscomp, *sccomp;
832 void *cs_comp_ctx, *sc_comp_ctx;
833 const struct ssh_kex *kex;
834 const struct ssh_signkey *hostkey;
835 unsigned char v2_session_id[SSH2_KEX_MAX_HASH_LEN];
836 int v2_session_id_len;
842 int echoing, editing;
846 int ospeed, ispeed; /* temporaries */
847 int term_width, term_height;
849 tree234 *channels; /* indexed by local id */
850 struct ssh_channel *mainchan; /* primary session channel */
851 int ncmode; /* is primary channel direct-tcpip? */
856 tree234 *rportfwds, *portfwds;
860 SSH_STATE_BEFORE_SIZE,
866 int size_needed, eof_needed;
867 int sent_console_eof;
868 int got_pty; /* affects EOF behaviour on main channel */
870 struct Packet **queue;
871 int queuelen, queuesize;
873 unsigned char *deferred_send_data;
874 int deferred_len, deferred_size;
877 * Gross hack: pscp will try to start SFTP but fall back to
878 * scp1 if that fails. This variable is the means by which
879 * scp.c can reach into the SSH code and find out which one it
884 bufchain banner; /* accumulates banners during do_ssh2_authconn */
889 struct X11Display *x11disp;
892 int conn_throttle_count;
895 int v1_stdout_throttling;
896 unsigned long v2_outgoing_sequence;
898 int ssh1_rdpkt_crstate;
899 int ssh2_rdpkt_crstate;
900 int ssh_gotdata_crstate;
901 int do_ssh1_connection_crstate;
903 void *do_ssh_init_state;
904 void *do_ssh1_login_state;
905 void *do_ssh2_transport_state;
906 void *do_ssh2_authconn_state;
908 struct rdpkt1_state_tag rdpkt1_state;
909 struct rdpkt2_state_tag rdpkt2_state;
911 /* SSH-1 and SSH-2 use this for different things, but both use it */
912 int protocol_initial_phase_done;
914 void (*protocol) (Ssh ssh, void *vin, int inlen,
916 struct Packet *(*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
919 * We maintain our own copy of a Conf structure here. That way,
920 * when we're passed a new one for reconfiguration, we can check
921 * the differences and potentially reconfigure port forwardings
922 * etc in mid-session.
927 * Values cached out of conf so as to avoid the tree234 lookup
928 * cost every time they're used.
933 * Dynamically allocated username string created during SSH
934 * login. Stored in here rather than in the coroutine state so
935 * that it'll be reliably freed if we shut down the SSH session
936 * at some unexpected moment.
941 * Used to transfer data back from async callbacks.
943 void *agent_response;
944 int agent_response_len;
948 * The SSH connection can be set as `frozen', meaning we are
949 * not currently accepting incoming data from the network. This
950 * is slightly more serious than setting the _socket_ as
951 * frozen, because we may already have had data passed to us
952 * from the network which we need to delay processing until
953 * after the freeze is lifted, so we also need a bufchain to
957 bufchain queued_incoming_data;
960 * Dispatch table for packet types that we may have to deal
963 handler_fn_t packet_dispatch[256];
966 * Queues of one-off handler functions for success/failure
967 * indications from a request.
969 struct queued_handler *qhead, *qtail;
970 handler_fn_t q_saved_handler1, q_saved_handler2;
973 * This module deals with sending keepalives.
978 * Track incoming and outgoing data sizes and time, for
981 unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
982 unsigned long max_data_size;
984 unsigned long next_rekey, last_rekey;
985 char *deferred_rekey_reason; /* points to STATIC string; don't free */
988 * Fully qualified host name, which we need if doing GSSAPI.
994 * GSSAPI libraries for this session.
996 struct ssh_gss_liblist *gsslibs;
1000 #define logevent(s) logevent(ssh->frontend, s)
1002 /* logevent, only printf-formatted. */
1003 static void logeventf(Ssh ssh, const char *fmt, ...)
1009 buf = dupvprintf(fmt, ap);
1015 static void bomb_out(Ssh ssh, char *text)
1017 ssh_do_close(ssh, FALSE);
1019 connection_fatal(ssh->frontend, "%s", text);
1023 #define bombout(msg) bomb_out(ssh, dupprintf msg)
1025 /* Functions to leave bits out of the SSH packet log file. */
1027 static void dont_log_password(Ssh ssh, struct Packet *pkt, int blanktype)
1029 if (conf_get_int(ssh->conf, CONF_logomitpass))
1030 pkt->logmode = blanktype;
1033 static void dont_log_data(Ssh ssh, struct Packet *pkt, int blanktype)
1035 if (ssh->logomitdata)
1036 pkt->logmode = blanktype;
1039 static void end_log_omission(Ssh ssh, struct Packet *pkt)
1041 pkt->logmode = PKTLOG_EMIT;
1044 /* Helper function for common bits of parsing ttymodes. */
1045 static void parse_ttymodes(Ssh ssh,
1046 void (*do_mode)(void *data, char *mode, char *val),
1051 for (val = conf_get_str_strs(ssh->conf, CONF_ttymodes, NULL, &key);
1053 val = conf_get_str_strs(ssh->conf, CONF_ttymodes, key, &key)) {
1055 * val[0] is either 'V', indicating that an explicit value
1056 * follows it, or 'A' indicating that we should pass the
1057 * value through from the local environment via get_ttymode.
1059 if (val[0] == 'A') {
1060 val = get_ttymode(ssh->frontend, key);
1062 do_mode(data, key, val);
1066 do_mode(data, key, val + 1); /* skip the 'V' */
1070 static int ssh_channelcmp(void *av, void *bv)
1072 struct ssh_channel *a = (struct ssh_channel *) av;
1073 struct ssh_channel *b = (struct ssh_channel *) bv;
1074 if (a->localid < b->localid)
1076 if (a->localid > b->localid)
1080 static int ssh_channelfind(void *av, void *bv)
1082 unsigned *a = (unsigned *) av;
1083 struct ssh_channel *b = (struct ssh_channel *) bv;
1084 if (*a < b->localid)
1086 if (*a > b->localid)
1091 static int ssh_rportcmp_ssh1(void *av, void *bv)
1093 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1094 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1096 if ( (i = strcmp(a->dhost, b->dhost)) != 0)
1097 return i < 0 ? -1 : +1;
1098 if (a->dport > b->dport)
1100 if (a->dport < b->dport)
1105 static int ssh_rportcmp_ssh2(void *av, void *bv)
1107 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1108 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1110 if (a->sport > b->sport)
1112 if (a->sport < b->sport)
1118 * Special form of strcmp which can cope with NULL inputs. NULL is
1119 * defined to sort before even the empty string.
1121 static int nullstrcmp(const char *a, const char *b)
1123 if (a == NULL && b == NULL)
1129 return strcmp(a, b);
1132 static int ssh_portcmp(void *av, void *bv)
1134 struct ssh_portfwd *a = (struct ssh_portfwd *) av;
1135 struct ssh_portfwd *b = (struct ssh_portfwd *) bv;
1137 if (a->type > b->type)
1139 if (a->type < b->type)
1141 if (a->addressfamily > b->addressfamily)
1143 if (a->addressfamily < b->addressfamily)
1145 if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0)
1146 return i < 0 ? -1 : +1;
1147 if (a->sport > b->sport)
1149 if (a->sport < b->sport)
1151 if (a->type != 'D') {
1152 if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0)
1153 return i < 0 ? -1 : +1;
1154 if (a->dport > b->dport)
1156 if (a->dport < b->dport)
1162 static int alloc_channel_id(Ssh ssh)
1164 const unsigned CHANNEL_NUMBER_OFFSET = 256;
1165 unsigned low, high, mid;
1167 struct ssh_channel *c;
1170 * First-fit allocation of channel numbers: always pick the
1171 * lowest unused one. To do this, binary-search using the
1172 * counted B-tree to find the largest channel ID which is in a
1173 * contiguous sequence from the beginning. (Precisely
1174 * everything in that sequence must have ID equal to its tree
1175 * index plus CHANNEL_NUMBER_OFFSET.)
1177 tsize = count234(ssh->channels);
1181 while (high - low > 1) {
1182 mid = (high + low) / 2;
1183 c = index234(ssh->channels, mid);
1184 if (c->localid == mid + CHANNEL_NUMBER_OFFSET)
1185 low = mid; /* this one is fine */
1187 high = mid; /* this one is past it */
1190 * Now low points to either -1, or the tree index of the
1191 * largest ID in the initial sequence.
1194 unsigned i = low + 1 + CHANNEL_NUMBER_OFFSET;
1195 assert(NULL == find234(ssh->channels, &i, ssh_channelfind));
1197 return low + 1 + CHANNEL_NUMBER_OFFSET;
1200 static void c_write_stderr(int trusted, const char *buf, int len)
1203 for (i = 0; i < len; i++)
1204 if (buf[i] != '\r' && (trusted || buf[i] == '\n' || (buf[i] & 0x60)))
1205 fputc(buf[i], stderr);
1208 static void c_write(Ssh ssh, const char *buf, int len)
1210 if (flags & FLAG_STDERR)
1211 c_write_stderr(1, buf, len);
1213 from_backend(ssh->frontend, 1, buf, len);
1216 static void c_write_untrusted(Ssh ssh, const char *buf, int len)
1218 if (flags & FLAG_STDERR)
1219 c_write_stderr(0, buf, len);
1221 from_backend_untrusted(ssh->frontend, buf, len);
1224 static void c_write_str(Ssh ssh, const char *buf)
1226 c_write(ssh, buf, strlen(buf));
1229 static void ssh_free_packet(struct Packet *pkt)
1234 static struct Packet *ssh_new_packet(void)
1236 struct Packet *pkt = snew(struct Packet);
1238 pkt->body = pkt->data = NULL;
1240 pkt->logmode = PKTLOG_EMIT;
1248 * Collect incoming data in the incoming packet buffer.
1249 * Decipher and verify the packet when it is completely read.
1250 * Drop SSH1_MSG_DEBUG and SSH1_MSG_IGNORE packets.
1251 * Update the *data and *datalen variables.
1252 * Return a Packet structure when a packet is completed.
1254 static struct Packet *ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1256 struct rdpkt1_state_tag *st = &ssh->rdpkt1_state;
1258 crBegin(ssh->ssh1_rdpkt_crstate);
1260 st->pktin = ssh_new_packet();
1262 st->pktin->type = 0;
1263 st->pktin->length = 0;
1265 for (st->i = st->len = 0; st->i < 4; st->i++) {
1266 while ((*datalen) == 0)
1268 st->len = (st->len << 8) + **data;
1269 (*data)++, (*datalen)--;
1272 st->pad = 8 - (st->len % 8);
1273 st->biglen = st->len + st->pad;
1274 st->pktin->length = st->len - 5;
1276 if (st->biglen < 0) {
1277 bombout(("Extremely large packet length from server suggests"
1278 " data stream corruption"));
1279 ssh_free_packet(st->pktin);
1283 st->pktin->maxlen = st->biglen;
1284 st->pktin->data = snewn(st->biglen + APIEXTRA, unsigned char);
1286 st->to_read = st->biglen;
1287 st->p = st->pktin->data;
1288 while (st->to_read > 0) {
1289 st->chunk = st->to_read;
1290 while ((*datalen) == 0)
1292 if (st->chunk > (*datalen))
1293 st->chunk = (*datalen);
1294 memcpy(st->p, *data, st->chunk);
1296 *datalen -= st->chunk;
1298 st->to_read -= st->chunk;
1301 if (ssh->cipher && detect_attack(ssh->crcda_ctx, st->pktin->data,
1302 st->biglen, NULL)) {
1303 bombout(("Network attack (CRC compensation) detected!"));
1304 ssh_free_packet(st->pktin);
1309 ssh->cipher->decrypt(ssh->v1_cipher_ctx, st->pktin->data, st->biglen);
1311 st->realcrc = crc32_compute(st->pktin->data, st->biglen - 4);
1312 st->gotcrc = GET_32BIT(st->pktin->data + st->biglen - 4);
1313 if (st->gotcrc != st->realcrc) {
1314 bombout(("Incorrect CRC received on packet"));
1315 ssh_free_packet(st->pktin);
1319 st->pktin->body = st->pktin->data + st->pad + 1;
1320 st->pktin->savedpos = 0;
1322 if (ssh->v1_compressing) {
1323 unsigned char *decompblk;
1325 if (!zlib_decompress_block(ssh->sc_comp_ctx,
1326 st->pktin->body - 1, st->pktin->length + 1,
1327 &decompblk, &decomplen)) {
1328 bombout(("Zlib decompression encountered invalid data"));
1329 ssh_free_packet(st->pktin);
1333 if (st->pktin->maxlen < st->pad + decomplen) {
1334 st->pktin->maxlen = st->pad + decomplen;
1335 st->pktin->data = sresize(st->pktin->data,
1336 st->pktin->maxlen + APIEXTRA,
1338 st->pktin->body = st->pktin->data + st->pad + 1;
1341 memcpy(st->pktin->body - 1, decompblk, decomplen);
1343 st->pktin->length = decomplen - 1;
1346 st->pktin->type = st->pktin->body[-1];
1349 * Log incoming packet, possibly omitting sensitive fields.
1353 struct logblank_t blank;
1354 if (ssh->logomitdata) {
1355 int do_blank = FALSE, blank_prefix = 0;
1356 /* "Session data" packets - omit the data field */
1357 if ((st->pktin->type == SSH1_SMSG_STDOUT_DATA) ||
1358 (st->pktin->type == SSH1_SMSG_STDERR_DATA)) {
1359 do_blank = TRUE; blank_prefix = 4;
1360 } else if (st->pktin->type == SSH1_MSG_CHANNEL_DATA) {
1361 do_blank = TRUE; blank_prefix = 8;
1364 blank.offset = blank_prefix;
1365 blank.len = st->pktin->length;
1366 blank.type = PKTLOG_OMIT;
1370 log_packet(ssh->logctx,
1371 PKT_INCOMING, st->pktin->type,
1372 ssh1_pkt_type(st->pktin->type),
1373 st->pktin->body, st->pktin->length,
1374 nblanks, &blank, NULL);
1377 crFinish(st->pktin);
1380 static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1382 struct rdpkt2_state_tag *st = &ssh->rdpkt2_state;
1384 crBegin(ssh->ssh2_rdpkt_crstate);
1386 st->pktin = ssh_new_packet();
1388 st->pktin->type = 0;
1389 st->pktin->length = 0;
1391 st->cipherblk = ssh->sccipher->blksize;
1394 if (st->cipherblk < 8)
1396 st->maclen = ssh->scmac ? ssh->scmac->len : 0;
1398 if (ssh->sccipher && (ssh->sccipher->flags & SSH_CIPHER_IS_CBC) &&
1401 * When dealing with a CBC-mode cipher, we want to avoid the
1402 * possibility of an attacker's tweaking the ciphertext stream
1403 * so as to cause us to feed the same block to the block
1404 * cipher more than once and thus leak information
1405 * (VU#958563). The way we do this is not to take any
1406 * decisions on the basis of anything we've decrypted until
1407 * we've verified it with a MAC. That includes the packet
1408 * length, so we just read data and check the MAC repeatedly,
1409 * and when the MAC passes, see if the length we've got is
1413 /* May as well allocate the whole lot now. */
1414 st->pktin->data = snewn(OUR_V2_PACKETLIMIT + st->maclen + APIEXTRA,
1417 /* Read an amount corresponding to the MAC. */
1418 for (st->i = 0; st->i < st->maclen; st->i++) {
1419 while ((*datalen) == 0)
1421 st->pktin->data[st->i] = *(*data)++;
1427 unsigned char seq[4];
1428 ssh->scmac->start(ssh->sc_mac_ctx);
1429 PUT_32BIT(seq, st->incoming_sequence);
1430 ssh->scmac->bytes(ssh->sc_mac_ctx, seq, 4);
1433 for (;;) { /* Once around this loop per cipher block. */
1434 /* Read another cipher-block's worth, and tack it onto the end. */
1435 for (st->i = 0; st->i < st->cipherblk; st->i++) {
1436 while ((*datalen) == 0)
1438 st->pktin->data[st->packetlen+st->maclen+st->i] = *(*data)++;
1441 /* Decrypt one more block (a little further back in the stream). */
1442 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1443 st->pktin->data + st->packetlen,
1445 /* Feed that block to the MAC. */
1446 ssh->scmac->bytes(ssh->sc_mac_ctx,
1447 st->pktin->data + st->packetlen, st->cipherblk);
1448 st->packetlen += st->cipherblk;
1449 /* See if that gives us a valid packet. */
1450 if (ssh->scmac->verresult(ssh->sc_mac_ctx,
1451 st->pktin->data + st->packetlen) &&
1452 (st->len = GET_32BIT(st->pktin->data)) + 4 == st->packetlen)
1454 if (st->packetlen >= OUR_V2_PACKETLIMIT) {
1455 bombout(("No valid incoming packet found"));
1456 ssh_free_packet(st->pktin);
1460 st->pktin->maxlen = st->packetlen + st->maclen;
1461 st->pktin->data = sresize(st->pktin->data,
1462 st->pktin->maxlen + APIEXTRA,
1465 st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char);
1468 * Acquire and decrypt the first block of the packet. This will
1469 * contain the length and padding details.
1471 for (st->i = st->len = 0; st->i < st->cipherblk; st->i++) {
1472 while ((*datalen) == 0)
1474 st->pktin->data[st->i] = *(*data)++;
1479 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1480 st->pktin->data, st->cipherblk);
1483 * Now get the length figure.
1485 st->len = GET_32BIT(st->pktin->data);
1488 * _Completely_ silly lengths should be stomped on before they
1489 * do us any more damage.
1491 if (st->len < 0 || st->len > OUR_V2_PACKETLIMIT ||
1492 (st->len + 4) % st->cipherblk != 0) {
1493 bombout(("Incoming packet was garbled on decryption"));
1494 ssh_free_packet(st->pktin);
1499 * So now we can work out the total packet length.
1501 st->packetlen = st->len + 4;
1504 * Allocate memory for the rest of the packet.
1506 st->pktin->maxlen = st->packetlen + st->maclen;
1507 st->pktin->data = sresize(st->pktin->data,
1508 st->pktin->maxlen + APIEXTRA,
1512 * Read and decrypt the remainder of the packet.
1514 for (st->i = st->cipherblk; st->i < st->packetlen + st->maclen;
1516 while ((*datalen) == 0)
1518 st->pktin->data[st->i] = *(*data)++;
1521 /* Decrypt everything _except_ the MAC. */
1523 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1524 st->pktin->data + st->cipherblk,
1525 st->packetlen - st->cipherblk);
1531 && !ssh->scmac->verify(ssh->sc_mac_ctx, st->pktin->data,
1532 st->len + 4, st->incoming_sequence)) {
1533 bombout(("Incorrect MAC received on packet"));
1534 ssh_free_packet(st->pktin);
1538 /* Get and sanity-check the amount of random padding. */
1539 st->pad = st->pktin->data[4];
1540 if (st->pad < 4 || st->len - st->pad < 1) {
1541 bombout(("Invalid padding length on received packet"));
1542 ssh_free_packet(st->pktin);
1546 * This enables us to deduce the payload length.
1548 st->payload = st->len - st->pad - 1;
1550 st->pktin->length = st->payload + 5;
1551 st->pktin->encrypted_len = st->packetlen;
1553 st->pktin->sequence = st->incoming_sequence++;
1556 * Decompress packet payload.
1559 unsigned char *newpayload;
1562 ssh->sccomp->decompress(ssh->sc_comp_ctx,
1563 st->pktin->data + 5, st->pktin->length - 5,
1564 &newpayload, &newlen)) {
1565 if (st->pktin->maxlen < newlen + 5) {
1566 st->pktin->maxlen = newlen + 5;
1567 st->pktin->data = sresize(st->pktin->data,
1568 st->pktin->maxlen + APIEXTRA,
1571 st->pktin->length = 5 + newlen;
1572 memcpy(st->pktin->data + 5, newpayload, newlen);
1577 st->pktin->savedpos = 6;
1578 st->pktin->body = st->pktin->data;
1579 st->pktin->type = st->pktin->data[5];
1582 * Log incoming packet, possibly omitting sensitive fields.
1586 struct logblank_t blank;
1587 if (ssh->logomitdata) {
1588 int do_blank = FALSE, blank_prefix = 0;
1589 /* "Session data" packets - omit the data field */
1590 if (st->pktin->type == SSH2_MSG_CHANNEL_DATA) {
1591 do_blank = TRUE; blank_prefix = 8;
1592 } else if (st->pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA) {
1593 do_blank = TRUE; blank_prefix = 12;
1596 blank.offset = blank_prefix;
1597 blank.len = (st->pktin->length-6) - blank_prefix;
1598 blank.type = PKTLOG_OMIT;
1602 log_packet(ssh->logctx, PKT_INCOMING, st->pktin->type,
1603 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
1605 st->pktin->data+6, st->pktin->length-6,
1606 nblanks, &blank, &st->pktin->sequence);
1609 crFinish(st->pktin);
1612 static int s_wrpkt_prepare(Ssh ssh, struct Packet *pkt, int *offset_p)
1614 int pad, biglen, i, pktoffs;
1618 * XXX various versions of SC (including 8.8.4) screw up the
1619 * register allocation in this function and use the same register
1620 * (D6) for len and as a temporary, with predictable results. The
1621 * following sledgehammer prevents this.
1628 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[12],
1629 ssh1_pkt_type(pkt->data[12]),
1630 pkt->body, pkt->length - (pkt->body - pkt->data),
1631 pkt->nblanks, pkt->blanks, NULL);
1632 sfree(pkt->blanks); pkt->blanks = NULL;
1635 if (ssh->v1_compressing) {
1636 unsigned char *compblk;
1638 zlib_compress_block(ssh->cs_comp_ctx,
1639 pkt->data + 12, pkt->length - 12,
1640 &compblk, &complen);
1641 ssh_pkt_ensure(pkt, complen + 2); /* just in case it's got bigger */
1642 memcpy(pkt->data + 12, compblk, complen);
1644 pkt->length = complen + 12;
1647 ssh_pkt_ensure(pkt, pkt->length + 4); /* space for CRC */
1649 len = pkt->length - 4 - 8; /* len(type+data+CRC) */
1650 pad = 8 - (len % 8);
1652 biglen = len + pad; /* len(padding+type+data+CRC) */
1654 for (i = pktoffs; i < 4+8; i++)
1655 pkt->data[i] = random_byte();
1656 crc = crc32_compute(pkt->data + pktoffs + 4, biglen - 4); /* all ex len */
1657 PUT_32BIT(pkt->data + pktoffs + 4 + biglen - 4, crc);
1658 PUT_32BIT(pkt->data + pktoffs, len);
1661 ssh->cipher->encrypt(ssh->v1_cipher_ctx,
1662 pkt->data + pktoffs + 4, biglen);
1664 if (offset_p) *offset_p = pktoffs;
1665 return biglen + 4; /* len(length+padding+type+data+CRC) */
1668 static int s_write(Ssh ssh, void *data, int len)
1671 log_packet(ssh->logctx, PKT_OUTGOING, -1, NULL, data, len,
1673 return sk_write(ssh->s, (char *)data, len);
1676 static void s_wrpkt(Ssh ssh, struct Packet *pkt)
1678 int len, backlog, offset;
1679 len = s_wrpkt_prepare(ssh, pkt, &offset);
1680 backlog = s_write(ssh, pkt->data + offset, len);
1681 if (backlog > SSH_MAX_BACKLOG)
1682 ssh_throttle_all(ssh, 1, backlog);
1683 ssh_free_packet(pkt);
1686 static void s_wrpkt_defer(Ssh ssh, struct Packet *pkt)
1689 len = s_wrpkt_prepare(ssh, pkt, &offset);
1690 if (ssh->deferred_len + len > ssh->deferred_size) {
1691 ssh->deferred_size = ssh->deferred_len + len + 128;
1692 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
1696 memcpy(ssh->deferred_send_data + ssh->deferred_len,
1697 pkt->data + offset, len);
1698 ssh->deferred_len += len;
1699 ssh_free_packet(pkt);
1703 * Construct a SSH-1 packet with the specified contents.
1704 * (This all-at-once interface used to be the only one, but now SSH-1
1705 * packets can also be constructed incrementally.)
1707 static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
1713 pkt = ssh1_pkt_init(pkttype);
1715 while ((argtype = va_arg(ap, int)) != PKT_END) {
1716 unsigned char *argp, argchar;
1718 unsigned long argint;
1721 /* Actual fields in the packet */
1723 argint = va_arg(ap, int);
1724 ssh_pkt_adduint32(pkt, argint);
1727 argchar = (unsigned char) va_arg(ap, int);
1728 ssh_pkt_addbyte(pkt, argchar);
1731 argp = va_arg(ap, unsigned char *);
1732 arglen = va_arg(ap, int);
1733 ssh_pkt_adddata(pkt, argp, arglen);
1736 sargp = va_arg(ap, char *);
1737 ssh_pkt_addstring(pkt, sargp);
1740 bn = va_arg(ap, Bignum);
1741 ssh1_pkt_addmp(pkt, bn);
1743 /* Tokens for modifications to packet logging */
1745 dont_log_password(ssh, pkt, PKTLOG_BLANK);
1748 dont_log_data(ssh, pkt, PKTLOG_OMIT);
1751 end_log_omission(ssh, pkt);
1759 static void send_packet(Ssh ssh, int pkttype, ...)
1763 va_start(ap, pkttype);
1764 pkt = construct_packet(ssh, pkttype, ap);
1769 static void defer_packet(Ssh ssh, int pkttype, ...)
1773 va_start(ap, pkttype);
1774 pkt = construct_packet(ssh, pkttype, ap);
1776 s_wrpkt_defer(ssh, pkt);
1779 static int ssh_versioncmp(char *a, char *b)
1782 unsigned long av, bv;
1784 av = strtoul(a, &ae, 10);
1785 bv = strtoul(b, &be, 10);
1787 return (av < bv ? -1 : +1);
1792 av = strtoul(ae, &ae, 10);
1793 bv = strtoul(be, &be, 10);
1795 return (av < bv ? -1 : +1);
1800 * Utility routines for putting an SSH-protocol `string' and
1801 * `uint32' into a hash state.
1803 static void hash_string(const struct ssh_hash *h, void *s, void *str, int len)
1805 unsigned char lenblk[4];
1806 PUT_32BIT(lenblk, len);
1807 h->bytes(s, lenblk, 4);
1808 h->bytes(s, str, len);
1811 static void hash_uint32(const struct ssh_hash *h, void *s, unsigned i)
1813 unsigned char intblk[4];
1814 PUT_32BIT(intblk, i);
1815 h->bytes(s, intblk, 4);
1819 * Packet construction functions. Mostly shared between SSH-1 and SSH-2.
1821 static void ssh_pkt_ensure(struct Packet *pkt, int length)
1823 if (pkt->maxlen < length) {
1824 unsigned char *body = pkt->body;
1825 int offset = body ? body - pkt->data : 0;
1826 pkt->maxlen = length + 256;
1827 pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char);
1828 if (body) pkt->body = pkt->data + offset;
1831 static void ssh_pkt_adddata(struct Packet *pkt, void *data, int len)
1833 if (pkt->logmode != PKTLOG_EMIT) {
1835 pkt->blanks = sresize(pkt->blanks, pkt->nblanks, struct logblank_t);
1837 pkt->blanks[pkt->nblanks-1].offset = pkt->length -
1838 (pkt->body - pkt->data);
1839 pkt->blanks[pkt->nblanks-1].len = len;
1840 pkt->blanks[pkt->nblanks-1].type = pkt->logmode;
1843 ssh_pkt_ensure(pkt, pkt->length);
1844 memcpy(pkt->data + pkt->length - len, data, len);
1846 static void ssh_pkt_addbyte(struct Packet *pkt, unsigned char byte)
1848 ssh_pkt_adddata(pkt, &byte, 1);
1850 static void ssh2_pkt_addbool(struct Packet *pkt, unsigned char value)
1852 ssh_pkt_adddata(pkt, &value, 1);
1854 static void ssh_pkt_adduint32(struct Packet *pkt, unsigned long value)
1857 PUT_32BIT(x, value);
1858 ssh_pkt_adddata(pkt, x, 4);
1860 static void ssh_pkt_addstring_start(struct Packet *pkt)
1862 ssh_pkt_adduint32(pkt, 0);
1863 pkt->savedpos = pkt->length;
1865 static void ssh_pkt_addstring_str(struct Packet *pkt, char *data)
1867 ssh_pkt_adddata(pkt, data, strlen(data));
1868 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1870 static void ssh_pkt_addstring_data(struct Packet *pkt, char *data, int len)
1872 ssh_pkt_adddata(pkt, data, len);
1873 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1875 static void ssh_pkt_addstring(struct Packet *pkt, char *data)
1877 ssh_pkt_addstring_start(pkt);
1878 ssh_pkt_addstring_str(pkt, data);
1880 static void ssh1_pkt_addmp(struct Packet *pkt, Bignum b)
1882 int len = ssh1_bignum_length(b);
1883 unsigned char *data = snewn(len, unsigned char);
1884 (void) ssh1_write_bignum(data, b);
1885 ssh_pkt_adddata(pkt, data, len);
1888 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len)
1891 int i, n = (bignum_bitcount(b) + 7) / 8;
1892 p = snewn(n + 1, unsigned char);
1894 for (i = 1; i <= n; i++)
1895 p[i] = bignum_byte(b, n - i);
1897 while (i <= n && p[i] == 0 && (p[i + 1] & 0x80) == 0)
1899 memmove(p, p + i, n + 1 - i);
1903 static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
1907 p = ssh2_mpint_fmt(b, &len);
1908 ssh_pkt_addstring_start(pkt);
1909 ssh_pkt_addstring_data(pkt, (char *)p, len);
1913 static struct Packet *ssh1_pkt_init(int pkt_type)
1915 struct Packet *pkt = ssh_new_packet();
1916 pkt->length = 4 + 8; /* space for length + max padding */
1917 ssh_pkt_addbyte(pkt, pkt_type);
1918 pkt->body = pkt->data + pkt->length;
1922 /* For legacy code (SSH-1 and -2 packet construction used to be separate) */
1923 #define ssh2_pkt_ensure(pkt, length) ssh_pkt_ensure(pkt, length)
1924 #define ssh2_pkt_adddata(pkt, data, len) ssh_pkt_adddata(pkt, data, len)
1925 #define ssh2_pkt_addbyte(pkt, byte) ssh_pkt_addbyte(pkt, byte)
1926 #define ssh2_pkt_adduint32(pkt, value) ssh_pkt_adduint32(pkt, value)
1927 #define ssh2_pkt_addstring_start(pkt) ssh_pkt_addstring_start(pkt)
1928 #define ssh2_pkt_addstring_str(pkt, data) ssh_pkt_addstring_str(pkt, data)
1929 #define ssh2_pkt_addstring_data(pkt, data, len) ssh_pkt_addstring_data(pkt, data, len)
1930 #define ssh2_pkt_addstring(pkt, data) ssh_pkt_addstring(pkt, data)
1932 static struct Packet *ssh2_pkt_init(int pkt_type)
1934 struct Packet *pkt = ssh_new_packet();
1935 pkt->length = 5; /* space for packet length + padding length */
1937 ssh_pkt_addbyte(pkt, (unsigned char) pkt_type);
1938 pkt->body = pkt->data + pkt->length; /* after packet type */
1943 * Construct an SSH-2 final-form packet: compress it, encrypt it,
1944 * put the MAC on it. Final packet, ready to be sent, is stored in
1945 * pkt->data. Total length is returned.
1947 static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
1949 int cipherblk, maclen, padding, i;
1952 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[5],
1953 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx, pkt->data[5]),
1954 pkt->body, pkt->length - (pkt->body - pkt->data),
1955 pkt->nblanks, pkt->blanks, &ssh->v2_outgoing_sequence);
1956 sfree(pkt->blanks); pkt->blanks = NULL;
1960 * Compress packet payload.
1963 unsigned char *newpayload;
1966 ssh->cscomp->compress(ssh->cs_comp_ctx, pkt->data + 5,
1968 &newpayload, &newlen)) {
1970 ssh2_pkt_adddata(pkt, newpayload, newlen);
1976 * Add padding. At least four bytes, and must also bring total
1977 * length (minus MAC) up to a multiple of the block size.
1978 * If pkt->forcepad is set, make sure the packet is at least that size
1981 cipherblk = ssh->cscipher ? ssh->cscipher->blksize : 8; /* block size */
1982 cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */
1984 if (pkt->length + padding < pkt->forcepad)
1985 padding = pkt->forcepad - pkt->length;
1987 (cipherblk - (pkt->length + padding) % cipherblk) % cipherblk;
1988 assert(padding <= 255);
1989 maclen = ssh->csmac ? ssh->csmac->len : 0;
1990 ssh2_pkt_ensure(pkt, pkt->length + padding + maclen);
1991 pkt->data[4] = padding;
1992 for (i = 0; i < padding; i++)
1993 pkt->data[pkt->length + i] = random_byte();
1994 PUT_32BIT(pkt->data, pkt->length + padding - 4);
1996 ssh->csmac->generate(ssh->cs_mac_ctx, pkt->data,
1997 pkt->length + padding,
1998 ssh->v2_outgoing_sequence);
1999 ssh->v2_outgoing_sequence++; /* whether or not we MACed */
2002 ssh->cscipher->encrypt(ssh->cs_cipher_ctx,
2003 pkt->data, pkt->length + padding);
2005 pkt->encrypted_len = pkt->length + padding;
2007 /* Ready-to-send packet starts at pkt->data. We return length. */
2008 return pkt->length + padding + maclen;
2012 * Routines called from the main SSH code to send packets. There
2013 * are quite a few of these, because we have two separate
2014 * mechanisms for delaying the sending of packets:
2016 * - In order to send an IGNORE message and a password message in
2017 * a single fixed-length blob, we require the ability to
2018 * concatenate the encrypted forms of those two packets _into_ a
2019 * single blob and then pass it to our <network.h> transport
2020 * layer in one go. Hence, there's a deferment mechanism which
2021 * works after packet encryption.
2023 * - In order to avoid sending any connection-layer messages
2024 * during repeat key exchange, we have to queue up any such
2025 * outgoing messages _before_ they are encrypted (and in
2026 * particular before they're allocated sequence numbers), and
2027 * then send them once we've finished.
2029 * I call these mechanisms `defer' and `queue' respectively, so as
2030 * to distinguish them reasonably easily.
2032 * The functions send_noqueue() and defer_noqueue() free the packet
2033 * structure they are passed. Every outgoing packet goes through
2034 * precisely one of these functions in its life; packets passed to
2035 * ssh2_pkt_send() or ssh2_pkt_defer() either go straight to one of
2036 * these or get queued, and then when the queue is later emptied
2037 * the packets are all passed to defer_noqueue().
2039 * When using a CBC-mode cipher, it's necessary to ensure that an
2040 * attacker can't provide data to be encrypted using an IV that they
2041 * know. We ensure this by prefixing each packet that might contain
2042 * user data with an SSH_MSG_IGNORE. This is done using the deferral
2043 * mechanism, so in this case send_noqueue() ends up redirecting to
2044 * defer_noqueue(). If you don't like this inefficiency, don't use
2048 static void ssh2_pkt_defer_noqueue(Ssh, struct Packet *, int);
2049 static void ssh_pkt_defersend(Ssh);
2052 * Send an SSH-2 packet immediately, without queuing or deferring.
2054 static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
2058 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC)) {
2059 /* We need to send two packets, so use the deferral mechanism. */
2060 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
2061 ssh_pkt_defersend(ssh);
2064 len = ssh2_pkt_construct(ssh, pkt);
2065 backlog = s_write(ssh, pkt->data, len);
2066 if (backlog > SSH_MAX_BACKLOG)
2067 ssh_throttle_all(ssh, 1, backlog);
2069 ssh->outgoing_data_size += pkt->encrypted_len;
2070 if (!ssh->kex_in_progress &&
2071 ssh->max_data_size != 0 &&
2072 ssh->outgoing_data_size > ssh->max_data_size)
2073 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
2075 ssh_free_packet(pkt);
2079 * Defer an SSH-2 packet.
2081 static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)
2084 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC) &&
2085 ssh->deferred_len == 0 && !noignore &&
2086 !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
2088 * Interpose an SSH_MSG_IGNORE to ensure that user data don't
2089 * get encrypted with a known IV.
2091 struct Packet *ipkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2092 ssh2_pkt_addstring_start(ipkt);
2093 ssh2_pkt_defer_noqueue(ssh, ipkt, TRUE);
2095 len = ssh2_pkt_construct(ssh, pkt);
2096 if (ssh->deferred_len + len > ssh->deferred_size) {
2097 ssh->deferred_size = ssh->deferred_len + len + 128;
2098 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
2102 memcpy(ssh->deferred_send_data + ssh->deferred_len, pkt->data, len);
2103 ssh->deferred_len += len;
2104 ssh->deferred_data_size += pkt->encrypted_len;
2105 ssh_free_packet(pkt);
2109 * Queue an SSH-2 packet.
2111 static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
2113 assert(ssh->queueing);
2115 if (ssh->queuelen >= ssh->queuesize) {
2116 ssh->queuesize = ssh->queuelen + 32;
2117 ssh->queue = sresize(ssh->queue, ssh->queuesize, struct Packet *);
2120 ssh->queue[ssh->queuelen++] = pkt;
2124 * Either queue or send a packet, depending on whether queueing is
2127 static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt)
2130 ssh2_pkt_queue(ssh, pkt);
2132 ssh2_pkt_send_noqueue(ssh, pkt);
2136 * Either queue or defer a packet, depending on whether queueing is
2139 static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
2142 ssh2_pkt_queue(ssh, pkt);
2144 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
2148 * Send the whole deferred data block constructed by
2149 * ssh2_pkt_defer() or SSH-1's defer_packet().
2151 * The expected use of the defer mechanism is that you call
2152 * ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
2153 * not currently queueing, this simply sets up deferred_send_data
2154 * and then sends it. If we _are_ currently queueing, the calls to
2155 * ssh2_pkt_defer() put the deferred packets on to the queue
2156 * instead, and therefore ssh_pkt_defersend() has no deferred data
2157 * to send. Hence, there's no need to make it conditional on
2160 static void ssh_pkt_defersend(Ssh ssh)
2163 backlog = s_write(ssh, ssh->deferred_send_data, ssh->deferred_len);
2164 ssh->deferred_len = ssh->deferred_size = 0;
2165 sfree(ssh->deferred_send_data);
2166 ssh->deferred_send_data = NULL;
2167 if (backlog > SSH_MAX_BACKLOG)
2168 ssh_throttle_all(ssh, 1, backlog);
2170 ssh->outgoing_data_size += ssh->deferred_data_size;
2171 if (!ssh->kex_in_progress &&
2172 ssh->max_data_size != 0 &&
2173 ssh->outgoing_data_size > ssh->max_data_size)
2174 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
2175 ssh->deferred_data_size = 0;
2179 * Send a packet whose length needs to be disguised (typically
2180 * passwords or keyboard-interactive responses).
2182 static void ssh2_pkt_send_with_padding(Ssh ssh, struct Packet *pkt,
2188 * The simplest way to do this is to adjust the
2189 * variable-length padding field in the outgoing packet.
2191 * Currently compiled out, because some Cisco SSH servers
2192 * don't like excessively padded packets (bah, why's it
2195 pkt->forcepad = padsize;
2196 ssh2_pkt_send(ssh, pkt);
2201 * If we can't do that, however, an alternative approach is
2202 * to use the pkt_defer mechanism to bundle the packet
2203 * tightly together with an SSH_MSG_IGNORE such that their
2204 * combined length is a constant. So first we construct the
2205 * final form of this packet and defer its sending.
2207 ssh2_pkt_defer(ssh, pkt);
2210 * Now construct an SSH_MSG_IGNORE which includes a string
2211 * that's an exact multiple of the cipher block size. (If
2212 * the cipher is NULL so that the block size is
2213 * unavailable, we don't do this trick at all, because we
2214 * gain nothing by it.)
2216 if (ssh->cscipher &&
2217 !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
2220 stringlen = (256 - ssh->deferred_len);
2221 stringlen += ssh->cscipher->blksize - 1;
2222 stringlen -= (stringlen % ssh->cscipher->blksize);
2225 * Temporarily disable actual compression, so we
2226 * can guarantee to get this string exactly the
2227 * length we want it. The compression-disabling
2228 * routine should return an integer indicating how
2229 * many bytes we should adjust our string length
2233 ssh->cscomp->disable_compression(ssh->cs_comp_ctx);
2235 pkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2236 ssh2_pkt_addstring_start(pkt);
2237 for (i = 0; i < stringlen; i++) {
2238 char c = (char) random_byte();
2239 ssh2_pkt_addstring_data(pkt, &c, 1);
2241 ssh2_pkt_defer(ssh, pkt);
2243 ssh_pkt_defersend(ssh);
2248 * Send all queued SSH-2 packets. We send them by means of
2249 * ssh2_pkt_defer_noqueue(), in case they included a pair of
2250 * packets that needed to be lumped together.
2252 static void ssh2_pkt_queuesend(Ssh ssh)
2256 assert(!ssh->queueing);
2258 for (i = 0; i < ssh->queuelen; i++)
2259 ssh2_pkt_defer_noqueue(ssh, ssh->queue[i], FALSE);
2262 ssh_pkt_defersend(ssh);
2266 void bndebug(char *string, Bignum b)
2270 p = ssh2_mpint_fmt(b, &len);
2271 debug(("%s", string));
2272 for (i = 0; i < len; i++)
2273 debug((" %02x", p[i]));
2279 static void hash_mpint(const struct ssh_hash *h, void *s, Bignum b)
2283 p = ssh2_mpint_fmt(b, &len);
2284 hash_string(h, s, p, len);
2289 * Packet decode functions for both SSH-1 and SSH-2.
2291 static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
2293 unsigned long value;
2294 if (pkt->length - pkt->savedpos < 4)
2295 return 0; /* arrgh, no way to decline (FIXME?) */
2296 value = GET_32BIT(pkt->body + pkt->savedpos);
2300 static int ssh2_pkt_getbool(struct Packet *pkt)
2302 unsigned long value;
2303 if (pkt->length - pkt->savedpos < 1)
2304 return 0; /* arrgh, no way to decline (FIXME?) */
2305 value = pkt->body[pkt->savedpos] != 0;
2309 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length)
2314 if (pkt->length - pkt->savedpos < 4)
2316 len = GET_32BIT(pkt->body + pkt->savedpos);
2321 if (pkt->length - pkt->savedpos < *length)
2323 *p = (char *)(pkt->body + pkt->savedpos);
2324 pkt->savedpos += *length;
2326 static void *ssh_pkt_getdata(struct Packet *pkt, int length)
2328 if (pkt->length - pkt->savedpos < length)
2330 pkt->savedpos += length;
2331 return pkt->body + (pkt->savedpos - length);
2333 static int ssh1_pkt_getrsakey(struct Packet *pkt, struct RSAKey *key,
2334 unsigned char **keystr)
2338 j = makekey(pkt->body + pkt->savedpos,
2339 pkt->length - pkt->savedpos,
2346 assert(pkt->savedpos < pkt->length);
2350 static Bignum ssh1_pkt_getmp(struct Packet *pkt)
2355 j = ssh1_read_bignum(pkt->body + pkt->savedpos,
2356 pkt->length - pkt->savedpos, &b);
2364 static Bignum ssh2_pkt_getmp(struct Packet *pkt)
2370 ssh_pkt_getstring(pkt, &p, &length);
2375 b = bignum_from_bytes((unsigned char *)p, length);
2380 * Helper function to add an SSH-2 signature blob to a packet.
2381 * Expects to be shown the public key blob as well as the signature
2382 * blob. Normally works just like ssh2_pkt_addstring, but will
2383 * fiddle with the signature packet if necessary for
2384 * BUG_SSH2_RSA_PADDING.
2386 static void ssh2_add_sigblob(Ssh ssh, struct Packet *pkt,
2387 void *pkblob_v, int pkblob_len,
2388 void *sigblob_v, int sigblob_len)
2390 unsigned char *pkblob = (unsigned char *)pkblob_v;
2391 unsigned char *sigblob = (unsigned char *)sigblob_v;
2393 /* dmemdump(pkblob, pkblob_len); */
2394 /* dmemdump(sigblob, sigblob_len); */
2397 * See if this is in fact an ssh-rsa signature and a buggy
2398 * server; otherwise we can just do this the easy way.
2400 if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) &&
2401 (GET_32BIT(pkblob) == 7 && !memcmp(pkblob+4, "ssh-rsa", 7))) {
2402 int pos, len, siglen;
2405 * Find the byte length of the modulus.
2408 pos = 4+7; /* skip over "ssh-rsa" */
2409 pos += 4 + GET_32BIT(pkblob+pos); /* skip over exponent */
2410 len = GET_32BIT(pkblob+pos); /* find length of modulus */
2411 pos += 4; /* find modulus itself */
2412 while (len > 0 && pkblob[pos] == 0)
2414 /* debug(("modulus length is %d\n", len)); */
2417 * Now find the signature integer.
2419 pos = 4+7; /* skip over "ssh-rsa" */
2420 siglen = GET_32BIT(sigblob+pos);
2421 /* debug(("signature length is %d\n", siglen)); */
2423 if (len != siglen) {
2424 unsigned char newlen[4];
2425 ssh2_pkt_addstring_start(pkt);
2426 ssh2_pkt_addstring_data(pkt, (char *)sigblob, pos);
2427 /* dmemdump(sigblob, pos); */
2428 pos += 4; /* point to start of actual sig */
2429 PUT_32BIT(newlen, len);
2430 ssh2_pkt_addstring_data(pkt, (char *)newlen, 4);
2431 /* dmemdump(newlen, 4); */
2433 while (len-- > siglen) {
2434 ssh2_pkt_addstring_data(pkt, (char *)newlen, 1);
2435 /* dmemdump(newlen, 1); */
2437 ssh2_pkt_addstring_data(pkt, (char *)(sigblob+pos), siglen);
2438 /* dmemdump(sigblob+pos, siglen); */
2442 /* Otherwise fall through and do it the easy way. */
2445 ssh2_pkt_addstring_start(pkt);
2446 ssh2_pkt_addstring_data(pkt, (char *)sigblob, sigblob_len);
2450 * Examine the remote side's version string and compare it against
2451 * a list of known buggy implementations.
2453 static void ssh_detect_bugs(Ssh ssh, char *vstring)
2455 char *imp; /* pointer to implementation part */
2457 imp += strcspn(imp, "-");
2459 imp += strcspn(imp, "-");
2462 ssh->remote_bugs = 0;
2465 * General notes on server version strings:
2466 * - Not all servers reporting "Cisco-1.25" have all the bugs listed
2467 * here -- in particular, we've heard of one that's perfectly happy
2468 * with SSH1_MSG_IGNOREs -- but this string never seems to change,
2469 * so we can't distinguish them.
2471 if (conf_get_int(ssh->conf, CONF_sshbug_ignore1) == FORCE_ON ||
2472 (conf_get_int(ssh->conf, CONF_sshbug_ignore1) == AUTO &&
2473 (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
2474 !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
2475 !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
2476 !strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
2478 * These versions don't support SSH1_MSG_IGNORE, so we have
2479 * to use a different defence against password length
2482 ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
2483 logevent("We believe remote version has SSH-1 ignore bug");
2486 if (conf_get_int(ssh->conf, CONF_sshbug_plainpw1) == FORCE_ON ||
2487 (conf_get_int(ssh->conf, CONF_sshbug_plainpw1) == AUTO &&
2488 (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
2490 * These versions need a plain password sent; they can't
2491 * handle having a null and a random length of data after
2494 ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
2495 logevent("We believe remote version needs a plain SSH-1 password");
2498 if (conf_get_int(ssh->conf, CONF_sshbug_rsa1) == FORCE_ON ||
2499 (conf_get_int(ssh->conf, CONF_sshbug_rsa1) == AUTO &&
2500 (!strcmp(imp, "Cisco-1.25")))) {
2502 * These versions apparently have no clue whatever about
2503 * RSA authentication and will panic and die if they see
2504 * an AUTH_RSA message.
2506 ssh->remote_bugs |= BUG_CHOKES_ON_RSA;
2507 logevent("We believe remote version can't handle SSH-1 RSA authentication");
2510 if (conf_get_int(ssh->conf, CONF_sshbug_hmac2) == FORCE_ON ||
2511 (conf_get_int(ssh->conf, CONF_sshbug_hmac2) == AUTO &&
2512 !wc_match("* VShell", imp) &&
2513 (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
2514 wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
2515 wc_match("2.1 *", imp)))) {
2517 * These versions have the HMAC bug.
2519 ssh->remote_bugs |= BUG_SSH2_HMAC;
2520 logevent("We believe remote version has SSH-2 HMAC bug");
2523 if (conf_get_int(ssh->conf, CONF_sshbug_derivekey2) == FORCE_ON ||
2524 (conf_get_int(ssh->conf, CONF_sshbug_derivekey2) == AUTO &&
2525 !wc_match("* VShell", imp) &&
2526 (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
2528 * These versions have the key-derivation bug (failing to
2529 * include the literal shared secret in the hashes that
2530 * generate the keys).
2532 ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
2533 logevent("We believe remote version has SSH-2 key-derivation bug");
2536 if (conf_get_int(ssh->conf, CONF_sshbug_rsapad2) == FORCE_ON ||
2537 (conf_get_int(ssh->conf, CONF_sshbug_rsapad2) == AUTO &&
2538 (wc_match("OpenSSH_2.[5-9]*", imp) ||
2539 wc_match("OpenSSH_3.[0-2]*", imp)))) {
2541 * These versions have the SSH-2 RSA padding bug.
2543 ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
2544 logevent("We believe remote version has SSH-2 RSA padding bug");
2547 if (conf_get_int(ssh->conf, CONF_sshbug_pksessid2) == FORCE_ON ||
2548 (conf_get_int(ssh->conf, CONF_sshbug_pksessid2) == AUTO &&
2549 wc_match("OpenSSH_2.[0-2]*", imp))) {
2551 * These versions have the SSH-2 session-ID bug in
2552 * public-key authentication.
2554 ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
2555 logevent("We believe remote version has SSH-2 public-key-session-ID bug");
2558 if (conf_get_int(ssh->conf, CONF_sshbug_rekey2) == FORCE_ON ||
2559 (conf_get_int(ssh->conf, CONF_sshbug_rekey2) == AUTO &&
2560 (wc_match("DigiSSH_2.0", imp) ||
2561 wc_match("OpenSSH_2.[0-4]*", imp) ||
2562 wc_match("OpenSSH_2.5.[0-3]*", imp) ||
2563 wc_match("Sun_SSH_1.0", imp) ||
2564 wc_match("Sun_SSH_1.0.1", imp) ||
2565 /* All versions <= 1.2.6 (they changed their format in 1.2.7) */
2566 wc_match("WeOnlyDo-*", imp)))) {
2568 * These versions have the SSH-2 rekey bug.
2570 ssh->remote_bugs |= BUG_SSH2_REKEY;
2571 logevent("We believe remote version has SSH-2 rekey bug");
2574 if (conf_get_int(ssh->conf, CONF_sshbug_maxpkt2) == FORCE_ON ||
2575 (conf_get_int(ssh->conf, CONF_sshbug_maxpkt2) == AUTO &&
2576 (wc_match("1.36_sshlib GlobalSCAPE", imp) ||
2577 wc_match("1.36 sshlib: GlobalScape", imp)))) {
2579 * This version ignores our makpkt and needs to be throttled.
2581 ssh->remote_bugs |= BUG_SSH2_MAXPKT;
2582 logevent("We believe remote version ignores SSH-2 maximum packet size");
2585 if (conf_get_int(ssh->conf, CONF_sshbug_ignore2) == FORCE_ON) {
2587 * Servers that don't support SSH2_MSG_IGNORE. Currently,
2588 * none detected automatically.
2590 ssh->remote_bugs |= BUG_CHOKES_ON_SSH2_IGNORE;
2591 logevent("We believe remote version has SSH-2 ignore bug");
2594 if (conf_get_int(ssh->conf, CONF_sshbug_winadj) == FORCE_ON) {
2596 * Servers that don't support our winadj request for one
2597 * reason or another. Currently, none detected automatically.
2599 ssh->remote_bugs |= BUG_CHOKES_ON_WINADJ;
2600 logevent("We believe remote version has winadj bug");
2605 * The `software version' part of an SSH version string is required
2606 * to contain no spaces or minus signs.
2608 static void ssh_fix_verstring(char *str)
2610 /* Eat "SSH-<protoversion>-". */
2611 assert(*str == 'S'); str++;
2612 assert(*str == 'S'); str++;
2613 assert(*str == 'H'); str++;
2614 assert(*str == '-'); str++;
2615 while (*str && *str != '-') str++;
2616 assert(*str == '-'); str++;
2618 /* Convert minus signs and spaces in the remaining string into
2621 if (*str == '-' || *str == ' ')
2628 * Send an appropriate SSH version string.
2630 static void ssh_send_verstring(Ssh ssh, char *svers)
2634 if (ssh->version == 2) {
2636 * Construct a v2 version string.
2638 verstring = dupprintf("SSH-2.0-%s\015\012", sshver);
2641 * Construct a v1 version string.
2643 verstring = dupprintf("SSH-%s-%s\012",
2644 (ssh_versioncmp(svers, "1.5") <= 0 ?
2649 ssh_fix_verstring(verstring);
2651 if (ssh->version == 2) {
2654 * Record our version string.
2656 len = strcspn(verstring, "\015\012");
2657 ssh->v_c = snewn(len + 1, char);
2658 memcpy(ssh->v_c, verstring, len);
2662 logeventf(ssh, "We claim version: %.*s",
2663 strcspn(verstring, "\015\012"), verstring);
2664 s_write(ssh, verstring, strlen(verstring));
2668 static int do_ssh_init(Ssh ssh, unsigned char c)
2670 struct do_ssh_init_state {
2679 crState(do_ssh_init_state);
2683 /* Search for a line beginning with the string "SSH-" in the input. */
2685 if (c != 'S') goto no;
2687 if (c != 'S') goto no;
2689 if (c != 'H') goto no;
2691 if (c != '-') goto no;
2700 s->vstring = snewn(s->vstrsize, char);
2701 strcpy(s->vstring, "SSH-");
2705 crReturn(1); /* get another char */
2706 if (s->vslen >= s->vstrsize - 1) {
2708 s->vstring = sresize(s->vstring, s->vstrsize, char);
2710 s->vstring[s->vslen++] = c;
2713 s->version[s->i] = '\0';
2715 } else if (s->i < sizeof(s->version) - 1)
2716 s->version[s->i++] = c;
2717 } else if (c == '\012')
2721 ssh->agentfwd_enabled = FALSE;
2722 ssh->rdpkt2_state.incoming_sequence = 0;
2724 s->vstring[s->vslen] = 0;
2725 s->vstring[strcspn(s->vstring, "\015\012")] = '\0';/* remove EOL chars */
2726 logeventf(ssh, "Server version: %s", s->vstring);
2727 ssh_detect_bugs(ssh, s->vstring);
2730 * Decide which SSH protocol version to support.
2733 /* Anything strictly below "2.0" means protocol 1 is supported. */
2734 s->proto1 = ssh_versioncmp(s->version, "2.0") < 0;
2735 /* Anything greater or equal to "1.99" means protocol 2 is supported. */
2736 s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
2738 if (conf_get_int(ssh->conf, CONF_sshprot) == 0 && !s->proto1) {
2739 bombout(("SSH protocol version 1 required by user but not provided by server"));
2742 if (conf_get_int(ssh->conf, CONF_sshprot) == 3 && !s->proto2) {
2743 bombout(("SSH protocol version 2 required by user but not provided by server"));
2747 if (s->proto2 && (conf_get_int(ssh->conf, CONF_sshprot) >= 2 || !s->proto1))
2752 logeventf(ssh, "Using SSH protocol version %d", ssh->version);
2754 /* Send the version string, if we haven't already */
2755 if (conf_get_int(ssh->conf, CONF_sshprot) != 3)
2756 ssh_send_verstring(ssh, s->version);
2758 if (ssh->version == 2) {
2761 * Record their version string.
2763 len = strcspn(s->vstring, "\015\012");
2764 ssh->v_s = snewn(len + 1, char);
2765 memcpy(ssh->v_s, s->vstring, len);
2769 * Initialise SSH-2 protocol.
2771 ssh->protocol = ssh2_protocol;
2772 ssh2_protocol_setup(ssh);
2773 ssh->s_rdpkt = ssh2_rdpkt;
2776 * Initialise SSH-1 protocol.
2778 ssh->protocol = ssh1_protocol;
2779 ssh1_protocol_setup(ssh);
2780 ssh->s_rdpkt = ssh1_rdpkt;
2782 if (ssh->version == 2)
2783 do_ssh2_transport(ssh, NULL, -1, NULL);
2785 update_specials_menu(ssh->frontend);
2786 ssh->state = SSH_STATE_BEFORE_SIZE;
2787 ssh->pinger = pinger_new(ssh->conf, &ssh_backend, ssh);
2794 static void ssh_process_incoming_data(Ssh ssh,
2795 unsigned char **data, int *datalen)
2797 struct Packet *pktin;
2799 pktin = ssh->s_rdpkt(ssh, data, datalen);
2801 ssh->protocol(ssh, NULL, 0, pktin);
2802 ssh_free_packet(pktin);
2806 static void ssh_queue_incoming_data(Ssh ssh,
2807 unsigned char **data, int *datalen)
2809 bufchain_add(&ssh->queued_incoming_data, *data, *datalen);
2814 static void ssh_process_queued_incoming_data(Ssh ssh)
2817 unsigned char *data;
2820 while (!ssh->frozen && bufchain_size(&ssh->queued_incoming_data)) {
2821 bufchain_prefix(&ssh->queued_incoming_data, &vdata, &len);
2825 while (!ssh->frozen && len > 0)
2826 ssh_process_incoming_data(ssh, &data, &len);
2829 bufchain_consume(&ssh->queued_incoming_data, origlen - len);
2833 static void ssh_set_frozen(Ssh ssh, int frozen)
2836 sk_set_frozen(ssh->s, frozen);
2837 ssh->frozen = frozen;
2840 static void ssh_gotdata(Ssh ssh, unsigned char *data, int datalen)
2842 /* Log raw data, if we're in that mode. */
2844 log_packet(ssh->logctx, PKT_INCOMING, -1, NULL, data, datalen,
2847 crBegin(ssh->ssh_gotdata_crstate);
2850 * To begin with, feed the characters one by one to the
2851 * protocol initialisation / selection function do_ssh_init().
2852 * When that returns 0, we're done with the initial greeting
2853 * exchange and can move on to packet discipline.
2856 int ret; /* need not be kept across crReturn */
2858 crReturnV; /* more data please */
2859 ret = do_ssh_init(ssh, *data);
2867 * We emerge from that loop when the initial negotiation is
2868 * over and we have selected an s_rdpkt function. Now pass
2869 * everything to s_rdpkt, and then pass the resulting packets
2870 * to the proper protocol handler.
2874 while (bufchain_size(&ssh->queued_incoming_data) > 0 || datalen > 0) {
2876 ssh_queue_incoming_data(ssh, &data, &datalen);
2877 /* This uses up all data and cannot cause anything interesting
2878 * to happen; indeed, for anything to happen at all, we must
2879 * return, so break out. */
2881 } else if (bufchain_size(&ssh->queued_incoming_data) > 0) {
2882 /* This uses up some or all data, and may freeze the
2884 ssh_process_queued_incoming_data(ssh);
2886 /* This uses up some or all data, and may freeze the
2888 ssh_process_incoming_data(ssh, &data, &datalen);
2890 /* FIXME this is probably EBW. */
2891 if (ssh->state == SSH_STATE_CLOSED)
2894 /* We're out of data. Go and get some more. */
2900 static int ssh_do_close(Ssh ssh, int notify_exit)
2903 struct ssh_channel *c;
2905 ssh->state = SSH_STATE_CLOSED;
2906 expire_timer_context(ssh);
2911 notify_remote_exit(ssh->frontend);
2916 * Now we must shut down any port- and X-forwarded channels going
2917 * through this connection.
2919 if (ssh->channels) {
2920 while (NULL != (c = index234(ssh->channels, 0))) {
2923 x11_close(c->u.x11.s);
2926 case CHAN_SOCKDATA_DORMANT:
2927 pfd_close(c->u.pfd.s);
2930 del234(ssh->channels, c); /* moving next one to index 0 */
2931 if (ssh->version == 2)
2932 bufchain_clear(&c->v.v2.outbuffer);
2937 * Go through port-forwardings, and close any associated
2938 * listening sockets.
2940 if (ssh->portfwds) {
2941 struct ssh_portfwd *pf;
2942 while (NULL != (pf = index234(ssh->portfwds, 0))) {
2943 /* Dispose of any listening socket. */
2945 pfd_terminate(pf->local);
2946 del234(ssh->portfwds, pf); /* moving next one to index 0 */
2949 freetree234(ssh->portfwds);
2950 ssh->portfwds = NULL;
2956 static void ssh_log(Plug plug, int type, SockAddr addr, int port,
2957 const char *error_msg, int error_code)
2959 Ssh ssh = (Ssh) plug;
2960 char addrbuf[256], *msg;
2962 sk_getaddr(addr, addrbuf, lenof(addrbuf));
2965 msg = dupprintf("Connecting to %s port %d", addrbuf, port);
2967 msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg);
2973 static int ssh_closing(Plug plug, const char *error_msg, int error_code,
2976 Ssh ssh = (Ssh) plug;
2977 int need_notify = ssh_do_close(ssh, FALSE);
2980 if (!ssh->close_expected)
2981 error_msg = "Server unexpectedly closed network connection";
2983 error_msg = "Server closed network connection";
2986 if (ssh->close_expected && ssh->clean_exit && ssh->exitcode < 0)
2990 notify_remote_exit(ssh->frontend);
2993 logevent(error_msg);
2994 if (!ssh->close_expected || !ssh->clean_exit)
2995 connection_fatal(ssh->frontend, "%s", error_msg);
2999 static int ssh_receive(Plug plug, int urgent, char *data, int len)
3001 Ssh ssh = (Ssh) plug;
3002 ssh_gotdata(ssh, (unsigned char *)data, len);
3003 if (ssh->state == SSH_STATE_CLOSED) {
3004 ssh_do_close(ssh, TRUE);
3010 static void ssh_sent(Plug plug, int bufsize)
3012 Ssh ssh = (Ssh) plug;
3014 * If the send backlog on the SSH socket itself clears, we
3015 * should unthrottle the whole world if it was throttled.
3017 if (bufsize < SSH_MAX_BACKLOG)
3018 ssh_throttle_all(ssh, 0, bufsize);
3022 * Connect to specified host and port.
3023 * Returns an error message, or NULL on success.
3024 * Also places the canonical host name into `realhost'. It must be
3025 * freed by the caller.
3027 static const char *connect_to_host(Ssh ssh, char *host, int port,
3028 char **realhost, int nodelay, int keepalive)
3030 static const struct plug_function_table fn_table = {
3041 int addressfamily, sshprot;
3043 loghost = conf_get_str(ssh->conf, CONF_loghost);
3047 ssh->savedhost = dupstr(loghost);
3048 ssh->savedport = 22; /* default ssh port */
3051 * A colon suffix on savedhost also lets us affect
3054 * (FIXME: do something about IPv6 address literals here.)
3056 colon = strrchr(ssh->savedhost, ':');
3060 ssh->savedport = atoi(colon);
3063 ssh->savedhost = dupstr(host);
3065 port = 22; /* default ssh port */
3066 ssh->savedport = port;
3072 addressfamily = conf_get_int(ssh->conf, CONF_addressfamily);
3073 logeventf(ssh, "Looking up host \"%s\"%s", host,
3074 (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
3075 (addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
3076 addr = name_lookup(host, port, realhost, ssh->conf, addressfamily);
3077 if ((err = sk_addr_error(addr)) != NULL) {
3081 ssh->fullhostname = dupstr(*realhost); /* save in case of GSSAPI */
3086 ssh->fn = &fn_table;
3087 ssh->s = new_connection(addr, *realhost, port,
3088 0, 1, nodelay, keepalive, (Plug) ssh, ssh->conf);
3089 if ((err = sk_socket_error(ssh->s)) != NULL) {
3091 notify_remote_exit(ssh->frontend);
3096 * If the SSH version number's fixed, set it now, and if it's SSH-2,
3097 * send the version string too.
3099 sshprot = conf_get_int(ssh->conf, CONF_sshprot);
3104 ssh_send_verstring(ssh, NULL);
3108 * loghost, if configured, overrides realhost.
3112 *realhost = dupstr(loghost);
3119 * Throttle or unthrottle the SSH connection.
3121 static void ssh_throttle_conn(Ssh ssh, int adjust)
3123 int old_count = ssh->conn_throttle_count;
3124 ssh->conn_throttle_count += adjust;
3125 assert(ssh->conn_throttle_count >= 0);
3126 if (ssh->conn_throttle_count && !old_count) {
3127 ssh_set_frozen(ssh, 1);
3128 } else if (!ssh->conn_throttle_count && old_count) {
3129 ssh_set_frozen(ssh, 0);
3134 * Throttle or unthrottle _all_ local data streams (for when sends
3135 * on the SSH connection itself back up).
3137 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
3140 struct ssh_channel *c;
3142 if (enable == ssh->throttled_all)
3144 ssh->throttled_all = enable;
3145 ssh->overall_bufsize = bufsize;
3148 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
3150 case CHAN_MAINSESSION:
3152 * This is treated separately, outside the switch.
3156 x11_override_throttle(c->u.x11.s, enable);
3159 /* Agent channels require no buffer management. */
3162 pfd_override_throttle(c->u.pfd.s, enable);
3168 static void ssh_agent_callback(void *sshv, void *reply, int replylen)
3170 Ssh ssh = (Ssh) sshv;
3172 ssh->agent_response = reply;
3173 ssh->agent_response_len = replylen;
3175 if (ssh->version == 1)
3176 do_ssh1_login(ssh, NULL, -1, NULL);
3178 do_ssh2_authconn(ssh, NULL, -1, NULL);
3181 static void ssh_dialog_callback(void *sshv, int ret)
3183 Ssh ssh = (Ssh) sshv;
3185 ssh->user_response = ret;
3187 if (ssh->version == 1)
3188 do_ssh1_login(ssh, NULL, -1, NULL);
3190 do_ssh2_transport(ssh, NULL, -1, NULL);
3193 * This may have unfrozen the SSH connection, so do a
3196 ssh_process_queued_incoming_data(ssh);
3199 static void ssh_agentf_callback(void *cv, void *reply, int replylen)
3201 struct ssh_channel *c = (struct ssh_channel *)cv;
3203 void *sentreply = reply;
3205 c->u.a.outstanding_requests--;
3207 /* Fake SSH_AGENT_FAILURE. */
3208 sentreply = "\0\0\0\1\5";
3211 if (ssh->version == 2) {
3212 ssh2_add_channel_data(c, sentreply, replylen);
3215 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
3216 PKT_INT, c->remoteid,
3219 PKT_DATA, sentreply, replylen,
3226 * If we've already seen an incoming EOF but haven't sent an
3227 * outgoing one, this may be the moment to send it.
3229 if (c->u.a.outstanding_requests == 0 && (c->closes & CLOSES_RCVD_EOF))
3230 sshfwd_write_eof(c);
3234 * Client-initiated disconnection. Send a DISCONNECT if `wire_reason'
3235 * non-NULL, otherwise just close the connection. `client_reason' == NULL
3236 * => log `wire_reason'.
3238 static void ssh_disconnect(Ssh ssh, char *client_reason, char *wire_reason,
3239 int code, int clean_exit)
3243 client_reason = wire_reason;
3245 error = dupprintf("Disconnected: %s", client_reason);
3247 error = dupstr("Disconnected");
3249 if (ssh->version == 1) {
3250 send_packet(ssh, SSH1_MSG_DISCONNECT, PKT_STR, wire_reason,
3252 } else if (ssh->version == 2) {
3253 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
3254 ssh2_pkt_adduint32(pktout, code);
3255 ssh2_pkt_addstring(pktout, wire_reason);
3256 ssh2_pkt_addstring(pktout, "en"); /* language tag */
3257 ssh2_pkt_send_noqueue(ssh, pktout);
3260 ssh->close_expected = TRUE;
3261 ssh->clean_exit = clean_exit;
3262 ssh_closing((Plug)ssh, error, 0, 0);
3267 * Handle the key exchange and user authentication phases.
3269 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
3270 struct Packet *pktin)
3273 unsigned char cookie[8], *ptr;
3274 struct MD5Context md5c;
3275 struct do_ssh1_login_state {
3278 unsigned char *rsabuf, *keystr1, *keystr2;
3279 unsigned long supported_ciphers_mask, supported_auths_mask;
3280 int tried_publickey, tried_agent;
3281 int tis_auth_refused, ccard_auth_refused;
3282 unsigned char session_id[16];
3284 void *publickey_blob;
3285 int publickey_bloblen;
3286 char *publickey_comment;
3287 int publickey_encrypted;
3288 prompts_t *cur_prompt;
3291 unsigned char request[5], *response, *p;
3301 struct RSAKey servkey, hostkey;
3303 crState(do_ssh1_login_state);
3310 if (pktin->type != SSH1_SMSG_PUBLIC_KEY) {
3311 bombout(("Public key packet not received"));
3315 logevent("Received public keys");
3317 ptr = ssh_pkt_getdata(pktin, 8);
3319 bombout(("SSH-1 public key packet stopped before random cookie"));
3322 memcpy(cookie, ptr, 8);
3324 if (!ssh1_pkt_getrsakey(pktin, &s->servkey, &s->keystr1) ||
3325 !ssh1_pkt_getrsakey(pktin, &s->hostkey, &s->keystr2)) {
3326 bombout(("Failed to read SSH-1 public keys from public key packet"));
3331 * Log the host key fingerprint.
3335 logevent("Host key fingerprint is:");
3336 strcpy(logmsg, " ");
3337 s->hostkey.comment = NULL;
3338 rsa_fingerprint(logmsg + strlen(logmsg),
3339 sizeof(logmsg) - strlen(logmsg), &s->hostkey);
3343 ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
3344 s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
3345 s->supported_auths_mask = ssh_pkt_getuint32(pktin);
3346 if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA))
3347 s->supported_auths_mask &= ~(1 << SSH1_AUTH_RSA);
3349 ssh->v1_local_protoflags =
3350 ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
3351 ssh->v1_local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
3354 MD5Update(&md5c, s->keystr2, s->hostkey.bytes);
3355 MD5Update(&md5c, s->keystr1, s->servkey.bytes);
3356 MD5Update(&md5c, cookie, 8);
3357 MD5Final(s->session_id, &md5c);
3359 for (i = 0; i < 32; i++)
3360 ssh->session_key[i] = random_byte();
3363 * Verify that the `bits' and `bytes' parameters match.
3365 if (s->hostkey.bits > s->hostkey.bytes * 8 ||
3366 s->servkey.bits > s->servkey.bytes * 8) {
3367 bombout(("SSH-1 public keys were badly formatted"));
3371 s->len = (s->hostkey.bytes > s->servkey.bytes ?
3372 s->hostkey.bytes : s->servkey.bytes);
3374 s->rsabuf = snewn(s->len, unsigned char);
3377 * Verify the host key.
3381 * First format the key into a string.
3383 int len = rsastr_len(&s->hostkey);
3384 char fingerprint[100];
3385 char *keystr = snewn(len, char);
3386 rsastr_fmt(keystr, &s->hostkey);
3387 rsa_fingerprint(fingerprint, sizeof(fingerprint), &s->hostkey);
3389 ssh_set_frozen(ssh, 1);
3390 s->dlgret = verify_ssh_host_key(ssh->frontend,
3391 ssh->savedhost, ssh->savedport,
3392 "rsa", keystr, fingerprint,
3393 ssh_dialog_callback, ssh);
3395 if (s->dlgret < 0) {
3399 bombout(("Unexpected data from server while waiting"
3400 " for user host key response"));
3403 } while (pktin || inlen > 0);
3404 s->dlgret = ssh->user_response;
3406 ssh_set_frozen(ssh, 0);
3408 if (s->dlgret == 0) {
3409 ssh_disconnect(ssh, "User aborted at host key verification",
3415 for (i = 0; i < 32; i++) {
3416 s->rsabuf[i] = ssh->session_key[i];
3418 s->rsabuf[i] ^= s->session_id[i];
3421 if (s->hostkey.bytes > s->servkey.bytes) {
3422 ret = rsaencrypt(s->rsabuf, 32, &s->servkey);
3424 ret = rsaencrypt(s->rsabuf, s->servkey.bytes, &s->hostkey);
3426 ret = rsaencrypt(s->rsabuf, 32, &s->hostkey);
3428 ret = rsaencrypt(s->rsabuf, s->hostkey.bytes, &s->servkey);
3431 bombout(("SSH-1 public key encryptions failed due to bad formatting"));
3435 logevent("Encrypted session key");
3438 int cipher_chosen = 0, warn = 0;
3439 char *cipher_string = NULL;
3441 for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
3442 int next_cipher = conf_get_int_int(ssh->conf,
3443 CONF_ssh_cipherlist, i);
3444 if (next_cipher == CIPHER_WARN) {
3445 /* If/when we choose a cipher, warn about it */
3447 } else if (next_cipher == CIPHER_AES) {
3448 /* XXX Probably don't need to mention this. */
3449 logevent("AES not supported in SSH-1, skipping");
3451 switch (next_cipher) {
3452 case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
3453 cipher_string = "3DES"; break;
3454 case CIPHER_BLOWFISH: s->cipher_type = SSH_CIPHER_BLOWFISH;
3455 cipher_string = "Blowfish"; break;
3456 case CIPHER_DES: s->cipher_type = SSH_CIPHER_DES;
3457 cipher_string = "single-DES"; break;
3459 if (s->supported_ciphers_mask & (1 << s->cipher_type))
3463 if (!cipher_chosen) {
3464 if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
3465 bombout(("Server violates SSH-1 protocol by not "
3466 "supporting 3DES encryption"));
3468 /* shouldn't happen */
3469 bombout(("No supported ciphers found"));
3473 /* Warn about chosen cipher if necessary. */
3475 ssh_set_frozen(ssh, 1);
3476 s->dlgret = askalg(ssh->frontend, "cipher", cipher_string,
3477 ssh_dialog_callback, ssh);
3478 if (s->dlgret < 0) {
3482 bombout(("Unexpected data from server while waiting"
3483 " for user response"));
3486 } while (pktin || inlen > 0);
3487 s->dlgret = ssh->user_response;
3489 ssh_set_frozen(ssh, 0);
3490 if (s->dlgret == 0) {
3491 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
3498 switch (s->cipher_type) {
3499 case SSH_CIPHER_3DES:
3500 logevent("Using 3DES encryption");
3502 case SSH_CIPHER_DES:
3503 logevent("Using single-DES encryption");
3505 case SSH_CIPHER_BLOWFISH:
3506 logevent("Using Blowfish encryption");
3510 send_packet(ssh, SSH1_CMSG_SESSION_KEY,
3511 PKT_CHAR, s->cipher_type,
3512 PKT_DATA, cookie, 8,
3513 PKT_CHAR, (s->len * 8) >> 8, PKT_CHAR, (s->len * 8) & 0xFF,
3514 PKT_DATA, s->rsabuf, s->len,
3515 PKT_INT, ssh->v1_local_protoflags, PKT_END);
3517 logevent("Trying to enable encryption...");
3521 ssh->cipher = (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 :
3522 s->cipher_type == SSH_CIPHER_DES ? &ssh_des :
3524 ssh->v1_cipher_ctx = ssh->cipher->make_context();
3525 ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key);
3526 logeventf(ssh, "Initialised %s encryption", ssh->cipher->text_name);
3528 ssh->crcda_ctx = crcda_make_context();
3529 logevent("Installing CRC compensation attack detector");
3531 if (s->servkey.modulus) {
3532 sfree(s->servkey.modulus);
3533 s->servkey.modulus = NULL;
3535 if (s->servkey.exponent) {
3536 sfree(s->servkey.exponent);
3537 s->servkey.exponent = NULL;
3539 if (s->hostkey.modulus) {
3540 sfree(s->hostkey.modulus);
3541 s->hostkey.modulus = NULL;
3543 if (s->hostkey.exponent) {
3544 sfree(s->hostkey.exponent);
3545 s->hostkey.exponent = NULL;
3549 if (pktin->type != SSH1_SMSG_SUCCESS) {
3550 bombout(("Encryption not successfully enabled"));
3554 logevent("Successfully started encryption");
3556 fflush(stdout); /* FIXME eh? */
3558 if ((ssh->username = get_remote_username(ssh->conf)) == NULL) {
3559 int ret; /* need not be kept over crReturn */
3560 s->cur_prompt = new_prompts(ssh->frontend);
3561 s->cur_prompt->to_server = TRUE;
3562 s->cur_prompt->name = dupstr("SSH login name");
3563 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE);
3564 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3567 crWaitUntil(!pktin);
3568 ret = get_userpass_input(s->cur_prompt, in, inlen);
3573 * Failed to get a username. Terminate.
3575 free_prompts(s->cur_prompt);
3576 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
3579 ssh->username = dupstr(s->cur_prompt->prompts[0]->result);
3580 free_prompts(s->cur_prompt);
3583 send_packet(ssh, SSH1_CMSG_USER, PKT_STR, ssh->username, PKT_END);
3585 char *userlog = dupprintf("Sent username \"%s\"", ssh->username);
3587 if (flags & FLAG_INTERACTIVE &&
3588 (!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
3589 c_write_str(ssh, userlog);
3590 c_write_str(ssh, "\r\n");
3598 if ((s->supported_auths_mask & (1 << SSH1_AUTH_RSA)) == 0) {
3599 /* We must not attempt PK auth. Pretend we've already tried it. */
3600 s->tried_publickey = s->tried_agent = 1;
3602 s->tried_publickey = s->tried_agent = 0;
3604 s->tis_auth_refused = s->ccard_auth_refused = 0;
3606 * Load the public half of any configured keyfile for later use.
3608 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3609 if (!filename_is_null(s->keyfile)) {
3611 logeventf(ssh, "Reading private key file \"%.150s\"",
3612 filename_to_str(s->keyfile));
3613 keytype = key_type(s->keyfile);
3614 if (keytype == SSH_KEYTYPE_SSH1) {
3616 if (rsakey_pubblob(s->keyfile,
3617 &s->publickey_blob, &s->publickey_bloblen,
3618 &s->publickey_comment, &error)) {
3619 s->publickey_encrypted = rsakey_encrypted(s->keyfile,
3623 logeventf(ssh, "Unable to load private key (%s)", error);
3624 msgbuf = dupprintf("Unable to load private key file "
3625 "\"%.150s\" (%s)\r\n",
3626 filename_to_str(s->keyfile),
3628 c_write_str(ssh, msgbuf);
3630 s->publickey_blob = NULL;
3634 logeventf(ssh, "Unable to use this key file (%s)",
3635 key_type_to_str(keytype));
3636 msgbuf = dupprintf("Unable to use key file \"%.150s\""
3638 filename_to_str(s->keyfile),
3639 key_type_to_str(keytype));
3640 c_write_str(ssh, msgbuf);
3642 s->publickey_blob = NULL;
3645 s->publickey_blob = NULL;
3647 while (pktin->type == SSH1_SMSG_FAILURE) {
3648 s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
3650 if (conf_get_int(ssh->conf, CONF_tryagent) && agent_exists() && !s->tried_agent) {
3652 * Attempt RSA authentication using Pageant.
3658 logevent("Pageant is running. Requesting keys.");
3660 /* Request the keys held by the agent. */
3661 PUT_32BIT(s->request, 1);
3662 s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
3663 if (!agent_query(s->request, 5, &r, &s->responselen,
3664 ssh_agent_callback, ssh)) {
3668 bombout(("Unexpected data from server while waiting"
3669 " for agent response"));
3672 } while (pktin || inlen > 0);
3673 r = ssh->agent_response;
3674 s->responselen = ssh->agent_response_len;
3676 s->response = (unsigned char *) r;
3677 if (s->response && s->responselen >= 5 &&
3678 s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
3679 s->p = s->response + 5;
3680 s->nkeys = GET_32BIT(s->p);
3682 logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
3683 for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
3684 unsigned char *pkblob = s->p;
3688 do { /* do while (0) to make breaking easy */
3689 n = ssh1_read_bignum
3690 (s->p, s->responselen-(s->p-s->response),
3695 n = ssh1_read_bignum
3696 (s->p, s->responselen-(s->p-s->response),
3701 if (s->responselen - (s->p-s->response) < 4)
3703 s->commentlen = GET_32BIT(s->p);
3705 if (s->responselen - (s->p-s->response) <
3708 s->commentp = (char *)s->p;
3709 s->p += s->commentlen;
3713 logevent("Pageant key list packet was truncated");
3717 if (s->publickey_blob) {
3718 if (!memcmp(pkblob, s->publickey_blob,
3719 s->publickey_bloblen)) {
3720 logeventf(ssh, "Pageant key #%d matches "
3721 "configured key file", s->keyi);
3722 s->tried_publickey = 1;
3724 /* Skip non-configured key */
3727 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
3728 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3729 PKT_BIGNUM, s->key.modulus, PKT_END);
3731 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3732 logevent("Key refused");
3735 logevent("Received RSA challenge");
3736 if ((s->challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3737 bombout(("Server's RSA challenge was badly formatted"));
3742 char *agentreq, *q, *ret;
3745 len = 1 + 4; /* message type, bit count */
3746 len += ssh1_bignum_length(s->key.exponent);
3747 len += ssh1_bignum_length(s->key.modulus);
3748 len += ssh1_bignum_length(s->challenge);
3749 len += 16; /* session id */
3750 len += 4; /* response format */
3751 agentreq = snewn(4 + len, char);
3752 PUT_32BIT(agentreq, len);
3754 *q++ = SSH1_AGENTC_RSA_CHALLENGE;
3755 PUT_32BIT(q, bignum_bitcount(s->key.modulus));
3757 q += ssh1_write_bignum(q, s->key.exponent);
3758 q += ssh1_write_bignum(q, s->key.modulus);
3759 q += ssh1_write_bignum(q, s->challenge);
3760 memcpy(q, s->session_id, 16);
3762 PUT_32BIT(q, 1); /* response format */
3763 if (!agent_query(agentreq, len + 4, &vret, &retlen,
3764 ssh_agent_callback, ssh)) {
3769 bombout(("Unexpected data from server"
3770 " while waiting for agent"
3774 } while (pktin || inlen > 0);
3775 vret = ssh->agent_response;
3776 retlen = ssh->agent_response_len;
3781 if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
3782 logevent("Sending Pageant's response");
3783 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3784 PKT_DATA, ret + 5, 16,
3788 if (pktin->type == SSH1_SMSG_SUCCESS) {
3790 ("Pageant's response accepted");
3791 if (flags & FLAG_VERBOSE) {
3792 c_write_str(ssh, "Authenticated using"
3794 c_write(ssh, s->commentp,
3796 c_write_str(ssh, "\" from agent\r\n");
3801 ("Pageant's response not accepted");
3804 ("Pageant failed to answer challenge");
3808 logevent("No reply received from Pageant");
3811 freebn(s->key.exponent);
3812 freebn(s->key.modulus);
3813 freebn(s->challenge);
3818 if (s->publickey_blob && !s->tried_publickey)
3819 logevent("Configured key file not in Pageant");
3821 logevent("Failed to get reply from Pageant");
3826 if (s->publickey_blob && !s->tried_publickey) {
3828 * Try public key authentication with the specified
3831 int got_passphrase; /* need not be kept over crReturn */
3832 if (flags & FLAG_VERBOSE)
3833 c_write_str(ssh, "Trying public key authentication.\r\n");
3834 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3835 logeventf(ssh, "Trying public key \"%s\"",
3836 filename_to_str(s->keyfile));
3837 s->tried_publickey = 1;
3838 got_passphrase = FALSE;
3839 while (!got_passphrase) {
3841 * Get a passphrase, if necessary.
3843 char *passphrase = NULL; /* only written after crReturn */
3845 if (!s->publickey_encrypted) {
3846 if (flags & FLAG_VERBOSE)
3847 c_write_str(ssh, "No passphrase required.\r\n");
3850 int ret; /* need not be kept over crReturn */
3851 s->cur_prompt = new_prompts(ssh->frontend);
3852 s->cur_prompt->to_server = FALSE;
3853 s->cur_prompt->name = dupstr("SSH key passphrase");
3854 add_prompt(s->cur_prompt,
3855 dupprintf("Passphrase for key \"%.100s\": ",
3856 s->publickey_comment), FALSE);
3857 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3860 crWaitUntil(!pktin);
3861 ret = get_userpass_input(s->cur_prompt, in, inlen);
3865 /* Failed to get a passphrase. Terminate. */
3866 free_prompts(s->cur_prompt);
3867 ssh_disconnect(ssh, NULL, "Unable to authenticate",
3871 passphrase = dupstr(s->cur_prompt->prompts[0]->result);
3872 free_prompts(s->cur_prompt);
3875 * Try decrypting key with passphrase.
3877 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3878 ret = loadrsakey(s->keyfile, &s->key, passphrase,
3881 smemclr(passphrase, strlen(passphrase));
3885 /* Correct passphrase. */
3886 got_passphrase = TRUE;
3887 } else if (ret == 0) {
3888 c_write_str(ssh, "Couldn't load private key from ");
3889 c_write_str(ssh, filename_to_str(s->keyfile));
3890 c_write_str(ssh, " (");
3891 c_write_str(ssh, error);
3892 c_write_str(ssh, ").\r\n");
3893 got_passphrase = FALSE;
3894 break; /* go and try something else */
3895 } else if (ret == -1) {
3896 c_write_str(ssh, "Wrong passphrase.\r\n"); /* FIXME */
3897 got_passphrase = FALSE;
3900 assert(0 && "unexpected return from loadrsakey()");
3901 got_passphrase = FALSE; /* placate optimisers */
3905 if (got_passphrase) {
3908 * Send a public key attempt.
3910 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3911 PKT_BIGNUM, s->key.modulus, PKT_END);
3914 if (pktin->type == SSH1_SMSG_FAILURE) {
3915 c_write_str(ssh, "Server refused our public key.\r\n");
3916 continue; /* go and try something else */
3918 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3919 bombout(("Bizarre response to offer of public key"));
3925 unsigned char buffer[32];
3926 Bignum challenge, response;
3928 if ((challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3929 bombout(("Server's RSA challenge was badly formatted"));
3932 response = rsadecrypt(challenge, &s->key);
3933 freebn(s->key.private_exponent);/* burn the evidence */
3935 for (i = 0; i < 32; i++) {
3936 buffer[i] = bignum_byte(response, 31 - i);
3940 MD5Update(&md5c, buffer, 32);
3941 MD5Update(&md5c, s->session_id, 16);
3942 MD5Final(buffer, &md5c);
3944 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3945 PKT_DATA, buffer, 16, PKT_END);
3952 if (pktin->type == SSH1_SMSG_FAILURE) {
3953 if (flags & FLAG_VERBOSE)
3954 c_write_str(ssh, "Failed to authenticate with"
3955 " our public key.\r\n");
3956 continue; /* go and try something else */
3957 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
3958 bombout(("Bizarre response to RSA authentication response"));
3962 break; /* we're through! */
3968 * Otherwise, try various forms of password-like authentication.
3970 s->cur_prompt = new_prompts(ssh->frontend);
3972 if (conf_get_int(ssh->conf, CONF_try_tis_auth) &&
3973 (s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
3974 !s->tis_auth_refused) {
3975 s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
3976 logevent("Requested TIS authentication");
3977 send_packet(ssh, SSH1_CMSG_AUTH_TIS, PKT_END);
3979 if (pktin->type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
3980 logevent("TIS authentication declined");
3981 if (flags & FLAG_INTERACTIVE)
3982 c_write_str(ssh, "TIS authentication refused.\r\n");
3983 s->tis_auth_refused = 1;
3988 char *instr_suf, *prompt;
3990 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3992 bombout(("TIS challenge packet was badly formed"));
3995 logevent("Received TIS challenge");
3996 s->cur_prompt->to_server = TRUE;
3997 s->cur_prompt->name = dupstr("SSH TIS authentication");
3998 /* Prompt heuristic comes from OpenSSH */
3999 if (memchr(challenge, '\n', challengelen)) {
4000 instr_suf = dupstr("");
4001 prompt = dupprintf("%.*s", challengelen, challenge);
4003 instr_suf = dupprintf("%.*s", challengelen, challenge);
4004 prompt = dupstr("Response: ");
4006 s->cur_prompt->instruction =
4007 dupprintf("Using TIS authentication.%s%s",
4008 (*instr_suf) ? "\n" : "",
4010 s->cur_prompt->instr_reqd = TRUE;
4011 add_prompt(s->cur_prompt, prompt, FALSE);
4015 if (conf_get_int(ssh->conf, CONF_try_tis_auth) &&
4016 (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
4017 !s->ccard_auth_refused) {
4018 s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
4019 logevent("Requested CryptoCard authentication");
4020 send_packet(ssh, SSH1_CMSG_AUTH_CCARD, PKT_END);
4022 if (pktin->type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
4023 logevent("CryptoCard authentication declined");
4024 c_write_str(ssh, "CryptoCard authentication refused.\r\n");
4025 s->ccard_auth_refused = 1;
4030 char *instr_suf, *prompt;
4032 ssh_pkt_getstring(pktin, &challenge, &challengelen);
4034 bombout(("CryptoCard challenge packet was badly formed"));
4037 logevent("Received CryptoCard challenge");
4038 s->cur_prompt->to_server = TRUE;
4039 s->cur_prompt->name = dupstr("SSH CryptoCard authentication");
4040 s->cur_prompt->name_reqd = FALSE;
4041 /* Prompt heuristic comes from OpenSSH */
4042 if (memchr(challenge, '\n', challengelen)) {
4043 instr_suf = dupstr("");
4044 prompt = dupprintf("%.*s", challengelen, challenge);
4046 instr_suf = dupprintf("%.*s", challengelen, challenge);
4047 prompt = dupstr("Response: ");
4049 s->cur_prompt->instruction =
4050 dupprintf("Using CryptoCard authentication.%s%s",
4051 (*instr_suf) ? "\n" : "",
4053 s->cur_prompt->instr_reqd = TRUE;
4054 add_prompt(s->cur_prompt, prompt, FALSE);
4058 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
4059 if ((s->supported_auths_mask & (1 << SSH1_AUTH_PASSWORD)) == 0) {
4060 bombout(("No supported authentication methods available"));
4063 s->cur_prompt->to_server = TRUE;
4064 s->cur_prompt->name = dupstr("SSH password");
4065 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
4066 ssh->username, ssh->savedhost),
4071 * Show password prompt, having first obtained it via a TIS
4072 * or CryptoCard exchange if we're doing TIS or CryptoCard
4076 int ret; /* need not be kept over crReturn */
4077 ret = get_userpass_input(s->cur_prompt, NULL, 0);
4080 crWaitUntil(!pktin);
4081 ret = get_userpass_input(s->cur_prompt, in, inlen);
4086 * Failed to get a password (for example
4087 * because one was supplied on the command line
4088 * which has already failed to work). Terminate.
4090 free_prompts(s->cur_prompt);
4091 ssh_disconnect(ssh, NULL, "Unable to authenticate", 0, TRUE);
4096 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
4098 * Defence against traffic analysis: we send a
4099 * whole bunch of packets containing strings of
4100 * different lengths. One of these strings is the
4101 * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
4102 * The others are all random data in
4103 * SSH1_MSG_IGNORE packets. This way a passive
4104 * listener can't tell which is the password, and
4105 * hence can't deduce the password length.
4107 * Anybody with a password length greater than 16
4108 * bytes is going to have enough entropy in their
4109 * password that a listener won't find it _that_
4110 * much help to know how long it is. So what we'll
4113 * - if password length < 16, we send 15 packets
4114 * containing string lengths 1 through 15
4116 * - otherwise, we let N be the nearest multiple
4117 * of 8 below the password length, and send 8
4118 * packets containing string lengths N through
4119 * N+7. This won't obscure the order of
4120 * magnitude of the password length, but it will
4121 * introduce a bit of extra uncertainty.
4123 * A few servers can't deal with SSH1_MSG_IGNORE, at
4124 * least in this context. For these servers, we need
4125 * an alternative defence. We make use of the fact
4126 * that the password is interpreted as a C string:
4127 * so we can append a NUL, then some random data.
4129 * A few servers can deal with neither SSH1_MSG_IGNORE
4130 * here _nor_ a padded password string.
4131 * For these servers we are left with no defences
4132 * against password length sniffing.
4134 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE) &&
4135 !(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4137 * The server can deal with SSH1_MSG_IGNORE, so
4138 * we can use the primary defence.
4140 int bottom, top, pwlen, i;
4143 pwlen = strlen(s->cur_prompt->prompts[0]->result);
4145 bottom = 0; /* zero length passwords are OK! :-) */
4148 bottom = pwlen & ~7;
4152 assert(pwlen >= bottom && pwlen <= top);
4154 randomstr = snewn(top + 1, char);
4156 for (i = bottom; i <= top; i++) {
4158 defer_packet(ssh, s->pwpkt_type,
4159 PKTT_PASSWORD, PKT_STR,
4160 s->cur_prompt->prompts[0]->result,
4161 PKTT_OTHER, PKT_END);
4163 for (j = 0; j < i; j++) {
4165 randomstr[j] = random_byte();
4166 } while (randomstr[j] == '\0');
4168 randomstr[i] = '\0';
4169 defer_packet(ssh, SSH1_MSG_IGNORE,
4170 PKT_STR, randomstr, PKT_END);
4173 logevent("Sending password with camouflage packets");
4174 ssh_pkt_defersend(ssh);
4177 else if (!(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4179 * The server can't deal with SSH1_MSG_IGNORE
4180 * but can deal with padded passwords, so we
4181 * can use the secondary defence.
4187 len = strlen(s->cur_prompt->prompts[0]->result);
4188 if (len < sizeof(string)) {
4190 strcpy(string, s->cur_prompt->prompts[0]->result);
4191 len++; /* cover the zero byte */
4192 while (len < sizeof(string)) {
4193 string[len++] = (char) random_byte();
4196 ss = s->cur_prompt->prompts[0]->result;
4198 logevent("Sending length-padded password");
4199 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4200 PKT_INT, len, PKT_DATA, ss, len,
4201 PKTT_OTHER, PKT_END);
4204 * The server is believed unable to cope with
4205 * any of our password camouflage methods.
4208 len = strlen(s->cur_prompt->prompts[0]->result);
4209 logevent("Sending unpadded password");
4210 send_packet(ssh, s->pwpkt_type,
4211 PKTT_PASSWORD, PKT_INT, len,
4212 PKT_DATA, s->cur_prompt->prompts[0]->result, len,
4213 PKTT_OTHER, PKT_END);
4216 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4217 PKT_STR, s->cur_prompt->prompts[0]->result,
4218 PKTT_OTHER, PKT_END);
4220 logevent("Sent password");
4221 free_prompts(s->cur_prompt);
4223 if (pktin->type == SSH1_SMSG_FAILURE) {
4224 if (flags & FLAG_VERBOSE)
4225 c_write_str(ssh, "Access denied\r\n");
4226 logevent("Authentication refused");
4227 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
4228 bombout(("Strange packet received, type %d", pktin->type));
4234 if (s->publickey_blob) {
4235 sfree(s->publickey_blob);
4236 sfree(s->publickey_comment);
4239 logevent("Authentication successful");
4244 static void ssh_channel_try_eof(struct ssh_channel *c)
4247 assert(c->pending_eof); /* precondition for calling us */
4249 return; /* can't close: not even opened yet */
4250 if (ssh->version == 2 && bufchain_size(&c->v.v2.outbuffer) > 0)
4251 return; /* can't send EOF: pending outgoing data */
4253 c->pending_eof = FALSE; /* we're about to send it */
4254 if (ssh->version == 1) {
4255 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4257 c->closes |= CLOSES_SENT_EOF;
4259 struct Packet *pktout;
4260 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_EOF);
4261 ssh2_pkt_adduint32(pktout, c->remoteid);
4262 ssh2_pkt_send(ssh, pktout);
4263 c->closes |= CLOSES_SENT_EOF;
4264 ssh2_channel_check_close(c);
4268 void sshfwd_write_eof(struct ssh_channel *c)
4272 if (ssh->state == SSH_STATE_CLOSED)
4275 if (c->closes & CLOSES_SENT_EOF)
4278 c->pending_eof = TRUE;
4279 ssh_channel_try_eof(c);
4282 void sshfwd_unclean_close(struct ssh_channel *c)
4286 if (ssh->state == SSH_STATE_CLOSED)
4291 x11_close(c->u.x11.s);
4292 logevent("Forwarded X11 connection terminated due to local error");
4295 case CHAN_SOCKDATA_DORMANT:
4296 pfd_close(c->u.pfd.s);
4297 logevent("Forwarded port closed due to local error");
4300 c->type = CHAN_ZOMBIE;
4302 ssh2_channel_check_close(c);
4305 int sshfwd_write(struct ssh_channel *c, char *buf, int len)
4309 if (ssh->state == SSH_STATE_CLOSED)
4312 if (ssh->version == 1) {
4313 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
4314 PKT_INT, c->remoteid,
4315 PKT_INT, len, PKTT_DATA, PKT_DATA, buf, len,
4316 PKTT_OTHER, PKT_END);
4318 * In SSH-1 we can return 0 here - implying that forwarded
4319 * connections are never individually throttled - because
4320 * the only circumstance that can cause throttling will be
4321 * the whole SSH connection backing up, in which case
4322 * _everything_ will be throttled as a whole.
4326 ssh2_add_channel_data(c, buf, len);
4327 return ssh2_try_send(c);
4331 void sshfwd_unthrottle(struct ssh_channel *c, int bufsize)
4336 if (ssh->state == SSH_STATE_CLOSED)
4339 if (ssh->version == 1) {
4340 buflimit = SSH1_BUFFER_LIMIT;
4342 buflimit = c->v.v2.locmaxwin;
4343 ssh2_set_window(c, bufsize < buflimit ? buflimit - bufsize : 0);
4345 if (c->throttling_conn && bufsize <= buflimit) {
4346 c->throttling_conn = 0;
4347 ssh_throttle_conn(ssh, -1);
4351 static void ssh_queueing_handler(Ssh ssh, struct Packet *pktin)
4353 struct queued_handler *qh = ssh->qhead;
4357 assert(pktin->type == qh->msg1 || pktin->type == qh->msg2);
4360 assert(ssh->packet_dispatch[qh->msg1] == ssh_queueing_handler);
4361 ssh->packet_dispatch[qh->msg1] = ssh->q_saved_handler1;
4364 assert(ssh->packet_dispatch[qh->msg2] == ssh_queueing_handler);
4365 ssh->packet_dispatch[qh->msg2] = ssh->q_saved_handler2;
4369 ssh->qhead = qh->next;
4371 if (ssh->qhead->msg1 > 0) {
4372 ssh->q_saved_handler1 = ssh->packet_dispatch[ssh->qhead->msg1];
4373 ssh->packet_dispatch[ssh->qhead->msg1] = ssh_queueing_handler;
4375 if (ssh->qhead->msg2 > 0) {
4376 ssh->q_saved_handler2 = ssh->packet_dispatch[ssh->qhead->msg2];
4377 ssh->packet_dispatch[ssh->qhead->msg2] = ssh_queueing_handler;
4380 ssh->qhead = ssh->qtail = NULL;
4383 qh->handler(ssh, pktin, qh->ctx);
4388 static void ssh_queue_handler(Ssh ssh, int msg1, int msg2,
4389 chandler_fn_t handler, void *ctx)
4391 struct queued_handler *qh;
4393 qh = snew(struct queued_handler);
4396 qh->handler = handler;
4400 if (ssh->qtail == NULL) {
4404 ssh->q_saved_handler1 = ssh->packet_dispatch[ssh->qhead->msg1];
4405 ssh->packet_dispatch[qh->msg1] = ssh_queueing_handler;
4408 ssh->q_saved_handler2 = ssh->packet_dispatch[ssh->qhead->msg2];
4409 ssh->packet_dispatch[qh->msg2] = ssh_queueing_handler;
4412 ssh->qtail->next = qh;
4417 static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)
4419 struct ssh_rportfwd *rpf, *pf = (struct ssh_rportfwd *)ctx;
4421 if (pktin->type == (ssh->version == 1 ? SSH1_SMSG_SUCCESS :
4422 SSH2_MSG_REQUEST_SUCCESS)) {
4423 logeventf(ssh, "Remote port forwarding from %s enabled",
4426 logeventf(ssh, "Remote port forwarding from %s refused",
4429 rpf = del234(ssh->rportfwds, pf);
4431 pf->pfrec->remote = NULL;
4436 static void ssh_setup_portfwd(Ssh ssh, Conf *conf)
4438 struct ssh_portfwd *epf;
4442 if (!ssh->portfwds) {
4443 ssh->portfwds = newtree234(ssh_portcmp);
4446 * Go through the existing port forwardings and tag them
4447 * with status==DESTROY. Any that we want to keep will be
4448 * re-enabled (status==KEEP) as we go through the
4449 * configuration and find out which bits are the same as
4452 struct ssh_portfwd *epf;
4454 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4455 epf->status = DESTROY;
4458 for (val = conf_get_str_strs(conf, CONF_portfwd, NULL, &key);
4460 val = conf_get_str_strs(conf, CONF_portfwd, key, &key)) {
4461 char *kp, *kp2, *vp, *vp2;
4462 char address_family, type;
4463 int sport,dport,sserv,dserv;
4464 char *sports, *dports, *saddr, *host;
4468 address_family = 'A';
4470 if (*kp == 'A' || *kp == '4' || *kp == '6')
4471 address_family = *kp++;
4472 if (*kp == 'L' || *kp == 'R')
4475 if ((kp2 = strchr(kp, ':')) != NULL) {
4477 * There's a colon in the middle of the source port
4478 * string, which means that the part before it is
4479 * actually a source address.
4481 saddr = dupprintf("%.*s", (int)(kp2 - kp), kp);
4487 sport = atoi(sports);
4491 sport = net_service_lookup(sports);
4493 logeventf(ssh, "Service lookup failed for source"
4494 " port \"%s\"", sports);
4498 if (type == 'L' && !strcmp(val, "D")) {
4499 /* dynamic forwarding */
4506 /* ordinary forwarding */
4508 vp2 = vp + strcspn(vp, ":");
4509 host = dupprintf("%.*s", (int)(vp2 - vp), vp);
4513 dport = atoi(dports);
4517 dport = net_service_lookup(dports);
4519 logeventf(ssh, "Service lookup failed for destination"
4520 " port \"%s\"", dports);
4525 if (sport && dport) {
4526 /* Set up a description of the source port. */
4527 struct ssh_portfwd *pfrec, *epfrec;
4529 pfrec = snew(struct ssh_portfwd);
4531 pfrec->saddr = saddr;
4532 pfrec->sserv = sserv ? dupstr(sports) : NULL;
4533 pfrec->sport = sport;
4534 pfrec->daddr = host;
4535 pfrec->dserv = dserv ? dupstr(dports) : NULL;
4536 pfrec->dport = dport;
4537 pfrec->local = NULL;
4538 pfrec->remote = NULL;
4539 pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
4540 address_family == '6' ? ADDRTYPE_IPV6 :
4543 epfrec = add234(ssh->portfwds, pfrec);
4544 if (epfrec != pfrec) {
4545 if (epfrec->status == DESTROY) {
4547 * We already have a port forwarding up and running
4548 * with precisely these parameters. Hence, no need
4549 * to do anything; simply re-tag the existing one
4552 epfrec->status = KEEP;
4555 * Anything else indicates that there was a duplicate
4556 * in our input, which we'll silently ignore.
4558 free_portfwd(pfrec);
4560 pfrec->status = CREATE;
4569 * Now go through and destroy any port forwardings which were
4572 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4573 if (epf->status == DESTROY) {
4576 message = dupprintf("%s port forwarding from %s%s%d",
4577 epf->type == 'L' ? "local" :
4578 epf->type == 'R' ? "remote" : "dynamic",
4579 epf->saddr ? epf->saddr : "",
4580 epf->saddr ? ":" : "",
4583 if (epf->type != 'D') {
4584 char *msg2 = dupprintf("%s to %s:%d", message,
4585 epf->daddr, epf->dport);
4590 logeventf(ssh, "Cancelling %s", message);
4593 /* epf->remote or epf->local may be NULL if setting up a
4594 * forwarding failed. */
4596 struct ssh_rportfwd *rpf = epf->remote;
4597 struct Packet *pktout;
4600 * Cancel the port forwarding at the server
4603 if (ssh->version == 1) {
4605 * We cannot cancel listening ports on the
4606 * server side in SSH-1! There's no message
4607 * to support it. Instead, we simply remove
4608 * the rportfwd record from the local end
4609 * so that any connections the server tries
4610 * to make on it are rejected.
4613 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4614 ssh2_pkt_addstring(pktout, "cancel-tcpip-forward");
4615 ssh2_pkt_addbool(pktout, 0);/* _don't_ want reply */
4617 ssh2_pkt_addstring(pktout, epf->saddr);
4618 } else if (conf_get_int(conf, CONF_rport_acceptall)) {
4619 /* XXX: rport_acceptall may not represent
4620 * what was used to open the original connection,
4621 * since it's reconfigurable. */
4622 ssh2_pkt_addstring(pktout, "");
4624 ssh2_pkt_addstring(pktout, "localhost");
4626 ssh2_pkt_adduint32(pktout, epf->sport);
4627 ssh2_pkt_send(ssh, pktout);
4630 del234(ssh->rportfwds, rpf);
4632 } else if (epf->local) {
4633 pfd_terminate(epf->local);
4636 delpos234(ssh->portfwds, i);
4638 i--; /* so we don't skip one in the list */
4642 * And finally, set up any new port forwardings (status==CREATE).
4644 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4645 if (epf->status == CREATE) {
4646 char *sportdesc, *dportdesc;
4647 sportdesc = dupprintf("%s%s%s%s%d%s",
4648 epf->saddr ? epf->saddr : "",
4649 epf->saddr ? ":" : "",
4650 epf->sserv ? epf->sserv : "",
4651 epf->sserv ? "(" : "",
4653 epf->sserv ? ")" : "");
4654 if (epf->type == 'D') {
4657 dportdesc = dupprintf("%s:%s%s%d%s",
4659 epf->dserv ? epf->dserv : "",
4660 epf->dserv ? "(" : "",
4662 epf->dserv ? ")" : "");
4665 if (epf->type == 'L') {
4666 const char *err = pfd_addforward(epf->daddr, epf->dport,
4667 epf->saddr, epf->sport,
4670 epf->addressfamily);
4672 logeventf(ssh, "Local %sport %s forwarding to %s%s%s",
4673 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4674 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4675 sportdesc, dportdesc,
4676 err ? " failed: " : "", err ? err : "");
4677 } else if (epf->type == 'D') {
4678 const char *err = pfd_addforward(NULL, -1,
4679 epf->saddr, epf->sport,
4682 epf->addressfamily);
4684 logeventf(ssh, "Local %sport %s SOCKS dynamic forwarding%s%s",
4685 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4686 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4688 err ? " failed: " : "", err ? err : "");
4690 struct ssh_rportfwd *pf;
4693 * Ensure the remote port forwardings tree exists.
4695 if (!ssh->rportfwds) {
4696 if (ssh->version == 1)
4697 ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
4699 ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
4702 pf = snew(struct ssh_rportfwd);
4703 strncpy(pf->dhost, epf->daddr, lenof(pf->dhost)-1);
4704 pf->dhost[lenof(pf->dhost)-1] = '\0';
4705 pf->dport = epf->dport;
4706 pf->sport = epf->sport;
4707 if (add234(ssh->rportfwds, pf) != pf) {
4708 logeventf(ssh, "Duplicate remote port forwarding to %s:%d",
4709 epf->daddr, epf->dport);
4712 logeventf(ssh, "Requesting remote port %s"
4713 " forward to %s", sportdesc, dportdesc);
4715 pf->sportdesc = sportdesc;
4720 if (ssh->version == 1) {
4721 send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST,
4722 PKT_INT, epf->sport,
4723 PKT_STR, epf->daddr,
4724 PKT_INT, epf->dport,
4726 ssh_queue_handler(ssh, SSH1_SMSG_SUCCESS,
4728 ssh_rportfwd_succfail, pf);
4730 struct Packet *pktout;
4731 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4732 ssh2_pkt_addstring(pktout, "tcpip-forward");
4733 ssh2_pkt_addbool(pktout, 1);/* want reply */
4735 ssh2_pkt_addstring(pktout, epf->saddr);
4736 } else if (conf_get_int(conf, CONF_rport_acceptall)) {
4737 ssh2_pkt_addstring(pktout, "");
4739 ssh2_pkt_addstring(pktout, "localhost");
4741 ssh2_pkt_adduint32(pktout, epf->sport);
4742 ssh2_pkt_send(ssh, pktout);
4744 ssh_queue_handler(ssh, SSH2_MSG_REQUEST_SUCCESS,
4745 SSH2_MSG_REQUEST_FAILURE,
4746 ssh_rportfwd_succfail, pf);
4755 static void ssh1_smsg_stdout_stderr_data(Ssh ssh, struct Packet *pktin)
4758 int stringlen, bufsize;
4760 ssh_pkt_getstring(pktin, &string, &stringlen);
4761 if (string == NULL) {
4762 bombout(("Incoming terminal data packet was badly formed"));
4766 bufsize = from_backend(ssh->frontend, pktin->type == SSH1_SMSG_STDERR_DATA,
4768 if (!ssh->v1_stdout_throttling && bufsize > SSH1_BUFFER_LIMIT) {
4769 ssh->v1_stdout_throttling = 1;
4770 ssh_throttle_conn(ssh, +1);
4774 static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)
4776 /* Remote side is trying to open a channel to talk to our
4777 * X-Server. Give them back a local channel number. */
4778 struct ssh_channel *c;
4779 int remoteid = ssh_pkt_getuint32(pktin);
4781 logevent("Received X11 connect request");
4782 /* Refuse if X11 forwarding is disabled. */
4783 if (!ssh->X11_fwd_enabled) {
4784 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4785 PKT_INT, remoteid, PKT_END);
4786 logevent("Rejected X11 connect request");
4788 c = snew(struct ssh_channel);
4791 if (x11_init(&c->u.x11.s, ssh->x11disp, c,
4792 NULL, -1, ssh->conf) != NULL) {
4793 logevent("Opening X11 forward connection failed");
4795 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4796 PKT_INT, remoteid, PKT_END);
4799 ("Opening X11 forward connection succeeded");
4800 c->remoteid = remoteid;
4801 c->halfopen = FALSE;
4802 c->localid = alloc_channel_id(ssh);
4804 c->pending_eof = FALSE;
4805 c->throttling_conn = 0;
4806 c->type = CHAN_X11; /* identify channel type */
4807 add234(ssh->channels, c);
4808 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4809 PKT_INT, c->remoteid, PKT_INT,
4810 c->localid, PKT_END);
4811 logevent("Opened X11 forward channel");
4816 static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
4818 /* Remote side is trying to open a channel to talk to our
4819 * agent. Give them back a local channel number. */
4820 struct ssh_channel *c;
4821 int remoteid = ssh_pkt_getuint32(pktin);
4823 /* Refuse if agent forwarding is disabled. */
4824 if (!ssh->agentfwd_enabled) {
4825 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4826 PKT_INT, remoteid, PKT_END);
4828 c = snew(struct ssh_channel);
4830 c->remoteid = remoteid;
4831 c->halfopen = FALSE;
4832 c->localid = alloc_channel_id(ssh);
4834 c->pending_eof = FALSE;
4835 c->throttling_conn = 0;
4836 c->type = CHAN_AGENT; /* identify channel type */
4837 c->u.a.lensofar = 0;
4838 c->u.a.message = NULL;
4839 c->u.a.outstanding_requests = 0;
4840 add234(ssh->channels, c);
4841 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4842 PKT_INT, c->remoteid, PKT_INT, c->localid,
4847 static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
4849 /* Remote side is trying to open a channel to talk to a
4850 * forwarded port. Give them back a local channel number. */
4851 struct ssh_channel *c;
4852 struct ssh_rportfwd pf, *pfp;
4857 c = snew(struct ssh_channel);
4860 remoteid = ssh_pkt_getuint32(pktin);
4861 ssh_pkt_getstring(pktin, &host, &hostsize);
4862 port = ssh_pkt_getuint32(pktin);
4864 if (hostsize >= lenof(pf.dhost))
4865 hostsize = lenof(pf.dhost)-1;
4866 memcpy(pf.dhost, host, hostsize);
4867 pf.dhost[hostsize] = '\0';
4869 pfp = find234(ssh->rportfwds, &pf, NULL);
4872 logeventf(ssh, "Rejected remote port open request for %s:%d",
4874 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4875 PKT_INT, remoteid, PKT_END);
4877 logeventf(ssh, "Received remote port open request for %s:%d",
4879 e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port,
4880 c, ssh->conf, pfp->pfrec->addressfamily);
4882 logeventf(ssh, "Port open failed: %s", e);
4884 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4885 PKT_INT, remoteid, PKT_END);
4887 c->remoteid = remoteid;
4888 c->halfopen = FALSE;
4889 c->localid = alloc_channel_id(ssh);
4891 c->pending_eof = FALSE;
4892 c->throttling_conn = 0;
4893 c->type = CHAN_SOCKDATA; /* identify channel type */
4894 add234(ssh->channels, c);
4895 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4896 PKT_INT, c->remoteid, PKT_INT,
4897 c->localid, PKT_END);
4898 logevent("Forwarded port opened successfully");
4903 static void ssh1_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
4905 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4906 unsigned int localid = ssh_pkt_getuint32(pktin);
4907 struct ssh_channel *c;
4909 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4910 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4911 c->remoteid = localid;
4912 c->halfopen = FALSE;
4913 c->type = CHAN_SOCKDATA;
4914 c->throttling_conn = 0;
4915 pfd_confirm(c->u.pfd.s);
4918 if (c && c->pending_eof) {
4920 * We have a pending close on this channel,
4921 * which we decided on before the server acked
4922 * the channel open. So now we know the
4923 * remoteid, we can close it again.
4925 ssh_channel_try_eof(c);
4929 static void ssh1_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
4931 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4932 struct ssh_channel *c;
4934 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4935 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4936 logevent("Forwarded connection refused by server");
4937 pfd_close(c->u.pfd.s);
4938 del234(ssh->channels, c);
4943 static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin)
4945 /* Remote side closes a channel. */
4946 unsigned i = ssh_pkt_getuint32(pktin);
4947 struct ssh_channel *c;
4948 c = find234(ssh->channels, &i, ssh_channelfind);
4949 if (c && !c->halfopen) {
4951 if (pktin->type == SSH1_MSG_CHANNEL_CLOSE &&
4952 !(c->closes & CLOSES_RCVD_EOF)) {
4954 * Received CHANNEL_CLOSE, which we translate into
4957 int send_close = FALSE;
4959 c->closes |= CLOSES_RCVD_EOF;
4964 x11_send_eof(c->u.x11.s);
4970 pfd_send_eof(c->u.pfd.s);
4979 if (send_close && !(c->closes & CLOSES_SENT_EOF)) {
4980 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4982 c->closes |= CLOSES_SENT_EOF;
4986 if (pktin->type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION &&
4987 !(c->closes & CLOSES_RCVD_CLOSE)) {
4989 if (!(c->closes & CLOSES_SENT_EOF)) {
4990 bombout(("Received CHANNEL_CLOSE_CONFIRMATION for channel %d"
4991 " for which we never sent CHANNEL_CLOSE\n", i));
4994 c->closes |= CLOSES_RCVD_CLOSE;
4997 if (!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes) &&
4998 !(c->closes & CLOSES_SENT_CLOSE)) {
4999 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION,
5000 PKT_INT, c->remoteid, PKT_END);
5001 c->closes |= CLOSES_SENT_CLOSE;
5004 if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes))
5005 ssh_channel_destroy(c);
5007 bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
5008 pktin->type == SSH1_MSG_CHANNEL_CLOSE ? "" :
5009 "_CONFIRMATION", c ? "half-open" : "nonexistent",
5014 static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
5016 /* Data sent down one of our channels. */
5017 int i = ssh_pkt_getuint32(pktin);
5020 struct ssh_channel *c;
5022 ssh_pkt_getstring(pktin, &p, &len);
5024 c = find234(ssh->channels, &i, ssh_channelfind);
5029 bufsize = x11_send(c->u.x11.s, p, len);
5032 bufsize = pfd_send(c->u.pfd.s, p, len);
5035 /* Data for an agent message. Buffer it. */
5037 if (c->u.a.lensofar < 4) {
5038 unsigned int l = min(4 - c->u.a.lensofar, (unsigned)len);
5039 memcpy(c->u.a.msglen + c->u.a.lensofar, p,
5043 c->u.a.lensofar += l;
5045 if (c->u.a.lensofar == 4) {
5047 4 + GET_32BIT(c->u.a.msglen);
5048 c->u.a.message = snewn(c->u.a.totallen,
5050 memcpy(c->u.a.message, c->u.a.msglen, 4);
5052 if (c->u.a.lensofar >= 4 && len > 0) {
5054 min(c->u.a.totallen - c->u.a.lensofar,
5056 memcpy(c->u.a.message + c->u.a.lensofar, p,
5060 c->u.a.lensofar += l;
5062 if (c->u.a.lensofar == c->u.a.totallen) {
5065 c->u.a.outstanding_requests++;
5066 if (agent_query(c->u.a.message,
5069 ssh_agentf_callback, c))
5070 ssh_agentf_callback(c, reply, replylen);
5071 sfree(c->u.a.message);
5072 c->u.a.lensofar = 0;
5075 bufsize = 0; /* agent channels never back up */
5078 if (!c->throttling_conn && bufsize > SSH1_BUFFER_LIMIT) {
5079 c->throttling_conn = 1;
5080 ssh_throttle_conn(ssh, +1);
5085 static void ssh1_smsg_exit_status(Ssh ssh, struct Packet *pktin)
5087 ssh->exitcode = ssh_pkt_getuint32(pktin);
5088 logeventf(ssh, "Server sent command exit status %d", ssh->exitcode);
5089 send_packet(ssh, SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
5091 * In case `helpful' firewalls or proxies tack
5092 * extra human-readable text on the end of the
5093 * session which we might mistake for another
5094 * encrypted packet, we close the session once
5095 * we've sent EXIT_CONFIRMATION.
5097 ssh_disconnect(ssh, NULL, NULL, 0, TRUE);
5100 /* Helper function to deal with sending tty modes for REQUEST_PTY */
5101 static void ssh1_send_ttymode(void *data, char *mode, char *val)
5103 struct Packet *pktout = (struct Packet *)data;
5105 unsigned int arg = 0;
5106 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
5107 if (i == lenof(ssh_ttymodes)) return;
5108 switch (ssh_ttymodes[i].type) {
5110 arg = ssh_tty_parse_specchar(val);
5113 arg = ssh_tty_parse_boolean(val);
5116 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
5117 ssh2_pkt_addbyte(pktout, arg);
5121 static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
5122 struct Packet *pktin)
5124 crBegin(ssh->do_ssh1_connection_crstate);
5126 ssh->packet_dispatch[SSH1_SMSG_STDOUT_DATA] =
5127 ssh->packet_dispatch[SSH1_SMSG_STDERR_DATA] =
5128 ssh1_smsg_stdout_stderr_data;
5130 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_CONFIRMATION] =
5131 ssh1_msg_channel_open_confirmation;
5132 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_FAILURE] =
5133 ssh1_msg_channel_open_failure;
5134 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE] =
5135 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION] =
5136 ssh1_msg_channel_close;
5137 ssh->packet_dispatch[SSH1_MSG_CHANNEL_DATA] = ssh1_msg_channel_data;
5138 ssh->packet_dispatch[SSH1_SMSG_EXIT_STATUS] = ssh1_smsg_exit_status;
5140 if (conf_get_int(ssh->conf, CONF_agentfwd) && agent_exists()) {
5141 logevent("Requesting agent forwarding");
5142 send_packet(ssh, SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
5146 if (pktin->type != SSH1_SMSG_SUCCESS
5147 && pktin->type != SSH1_SMSG_FAILURE) {
5148 bombout(("Protocol confusion"));
5150 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5151 logevent("Agent forwarding refused");
5153 logevent("Agent forwarding enabled");
5154 ssh->agentfwd_enabled = TRUE;
5155 ssh->packet_dispatch[SSH1_SMSG_AGENT_OPEN] = ssh1_smsg_agent_open;
5159 if (conf_get_int(ssh->conf, CONF_x11_forward) &&
5160 (ssh->x11disp = x11_setup_display(conf_get_str(ssh->conf, CONF_x11_display),
5161 conf_get_int(ssh->conf, CONF_x11_auth), ssh->conf))) {
5162 logevent("Requesting X11 forwarding");
5164 * Note that while we blank the X authentication data here, we don't
5165 * take any special action to blank the start of an X11 channel,
5166 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
5167 * without having session blanking enabled is likely to leak your
5168 * cookie into the log.
5170 if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
5171 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
5172 PKT_STR, ssh->x11disp->remoteauthprotoname,
5174 PKT_STR, ssh->x11disp->remoteauthdatastring,
5176 PKT_INT, ssh->x11disp->screennum,
5179 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
5180 PKT_STR, ssh->x11disp->remoteauthprotoname,
5182 PKT_STR, ssh->x11disp->remoteauthdatastring,
5189 if (pktin->type != SSH1_SMSG_SUCCESS
5190 && pktin->type != SSH1_SMSG_FAILURE) {
5191 bombout(("Protocol confusion"));
5193 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5194 logevent("X11 forwarding refused");
5196 logevent("X11 forwarding enabled");
5197 ssh->X11_fwd_enabled = TRUE;
5198 ssh->packet_dispatch[SSH1_SMSG_X11_OPEN] = ssh1_smsg_x11_open;
5202 ssh_setup_portfwd(ssh, ssh->conf);
5203 ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = ssh1_msg_port_open;
5205 if (!conf_get_int(ssh->conf, CONF_nopty)) {
5207 /* Unpick the terminal-speed string. */
5208 /* XXX perhaps we should allow no speeds to be sent. */
5209 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
5210 sscanf(conf_get_str(ssh->conf, CONF_termspeed), "%d,%d", &ssh->ospeed, &ssh->ispeed);
5211 /* Send the pty request. */
5212 pkt = ssh1_pkt_init(SSH1_CMSG_REQUEST_PTY);
5213 ssh_pkt_addstring(pkt, conf_get_str(ssh->conf, CONF_termtype));
5214 ssh_pkt_adduint32(pkt, ssh->term_height);
5215 ssh_pkt_adduint32(pkt, ssh->term_width);
5216 ssh_pkt_adduint32(pkt, 0); /* width in pixels */
5217 ssh_pkt_adduint32(pkt, 0); /* height in pixels */
5218 parse_ttymodes(ssh, ssh1_send_ttymode, (void *)pkt);
5219 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_ISPEED);
5220 ssh_pkt_adduint32(pkt, ssh->ispeed);
5221 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_OSPEED);
5222 ssh_pkt_adduint32(pkt, ssh->ospeed);
5223 ssh_pkt_addbyte(pkt, SSH_TTY_OP_END);
5225 ssh->state = SSH_STATE_INTERMED;
5229 if (pktin->type != SSH1_SMSG_SUCCESS
5230 && pktin->type != SSH1_SMSG_FAILURE) {
5231 bombout(("Protocol confusion"));
5233 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5234 c_write_str(ssh, "Server refused to allocate pty\r\n");
5235 ssh->editing = ssh->echoing = 1;
5237 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
5238 ssh->ospeed, ssh->ispeed);
5239 ssh->got_pty = TRUE;
5242 ssh->editing = ssh->echoing = 1;
5245 if (conf_get_int(ssh->conf, CONF_compression)) {
5246 send_packet(ssh, SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
5250 if (pktin->type != SSH1_SMSG_SUCCESS
5251 && pktin->type != SSH1_SMSG_FAILURE) {
5252 bombout(("Protocol confusion"));
5254 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5255 c_write_str(ssh, "Server refused to compress\r\n");
5257 logevent("Started compression");
5258 ssh->v1_compressing = TRUE;
5259 ssh->cs_comp_ctx = zlib_compress_init();
5260 logevent("Initialised zlib (RFC1950) compression");
5261 ssh->sc_comp_ctx = zlib_decompress_init();
5262 logevent("Initialised zlib (RFC1950) decompression");
5266 * Start the shell or command.
5268 * Special case: if the first-choice command is an SSH-2
5269 * subsystem (hence not usable here) and the second choice
5270 * exists, we fall straight back to that.
5273 char *cmd = conf_get_str(ssh->conf, CONF_remote_cmd);
5275 if (conf_get_int(ssh->conf, CONF_ssh_subsys) &&
5276 conf_get_str(ssh->conf, CONF_remote_cmd2)) {
5277 cmd = conf_get_str(ssh->conf, CONF_remote_cmd2);
5278 ssh->fallback_cmd = TRUE;
5281 send_packet(ssh, SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END);
5283 send_packet(ssh, SSH1_CMSG_EXEC_SHELL, PKT_END);
5284 logevent("Started session");
5287 ssh->state = SSH_STATE_SESSION;
5288 if (ssh->size_needed)
5289 ssh_size(ssh, ssh->term_width, ssh->term_height);
5290 if (ssh->eof_needed)
5291 ssh_special(ssh, TS_EOF);
5294 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
5296 ssh->channels = newtree234(ssh_channelcmp);
5300 * By this point, most incoming packets are already being
5301 * handled by the dispatch table, and we need only pay
5302 * attention to the unusual ones.
5307 if (pktin->type == SSH1_SMSG_SUCCESS) {
5308 /* may be from EXEC_SHELL on some servers */
5309 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5310 /* may be from EXEC_SHELL on some servers
5311 * if no pty is available or in other odd cases. Ignore */
5313 bombout(("Strange packet received: type %d", pktin->type));
5318 int len = min(inlen, 512);
5319 send_packet(ssh, SSH1_CMSG_STDIN_DATA,
5320 PKT_INT, len, PKTT_DATA, PKT_DATA, in, len,
5321 PKTT_OTHER, PKT_END);
5332 * Handle the top-level SSH-2 protocol.
5334 static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
5339 ssh_pkt_getstring(pktin, &msg, &msglen);
5340 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
5343 static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
5345 /* log reason code in disconnect message */
5349 ssh_pkt_getstring(pktin, &msg, &msglen);
5350 bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg));
5353 static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin)
5355 /* Do nothing, because we're ignoring it! Duhh. */
5358 static void ssh1_protocol_setup(Ssh ssh)
5363 * Most messages are handled by the coroutines.
5365 for (i = 0; i < 256; i++)
5366 ssh->packet_dispatch[i] = NULL;
5369 * These special message types we install handlers for.
5371 ssh->packet_dispatch[SSH1_MSG_DISCONNECT] = ssh1_msg_disconnect;
5372 ssh->packet_dispatch[SSH1_MSG_IGNORE] = ssh_msg_ignore;
5373 ssh->packet_dispatch[SSH1_MSG_DEBUG] = ssh1_msg_debug;
5376 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
5377 struct Packet *pktin)
5379 unsigned char *in=(unsigned char*)vin;
5380 if (ssh->state == SSH_STATE_CLOSED)
5383 if (pktin && ssh->packet_dispatch[pktin->type]) {
5384 ssh->packet_dispatch[pktin->type](ssh, pktin);
5388 if (!ssh->protocol_initial_phase_done) {
5389 if (do_ssh1_login(ssh, in, inlen, pktin))
5390 ssh->protocol_initial_phase_done = TRUE;
5395 do_ssh1_connection(ssh, in, inlen, pktin);
5399 * Utility routine for decoding comma-separated strings in KEXINIT.
5401 static int in_commasep_string(char *needle, char *haystack, int haylen)
5404 if (!needle || !haystack) /* protect against null pointers */
5406 needlen = strlen(needle);
5409 * Is it at the start of the string?
5411 if (haylen >= needlen && /* haystack is long enough */
5412 !memcmp(needle, haystack, needlen) && /* initial match */
5413 (haylen == needlen || haystack[needlen] == ',')
5414 /* either , or EOS follows */
5418 * If not, search for the next comma and resume after that.
5419 * If no comma found, terminate.
5421 while (haylen > 0 && *haystack != ',')
5422 haylen--, haystack++;
5425 haylen--, haystack++; /* skip over comma itself */
5430 * Similar routine for checking whether we have the first string in a list.
5432 static int first_in_commasep_string(char *needle, char *haystack, int haylen)
5435 if (!needle || !haystack) /* protect against null pointers */
5437 needlen = strlen(needle);
5439 * Is it at the start of the string?
5441 if (haylen >= needlen && /* haystack is long enough */
5442 !memcmp(needle, haystack, needlen) && /* initial match */
5443 (haylen == needlen || haystack[needlen] == ',')
5444 /* either , or EOS follows */
5452 * SSH-2 key creation method.
5453 * (Currently assumes 2 lots of any hash are sufficient to generate
5454 * keys/IVs for any cipher/MAC. SSH2_MKKEY_ITERS documents this assumption.)
5456 #define SSH2_MKKEY_ITERS (2)
5457 static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr,
5458 unsigned char *keyspace)
5460 const struct ssh_hash *h = ssh->kex->hash;
5462 /* First hlen bytes. */
5464 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
5465 hash_mpint(h, s, K);
5466 h->bytes(s, H, h->hlen);
5467 h->bytes(s, &chr, 1);
5468 h->bytes(s, ssh->v2_session_id, ssh->v2_session_id_len);
5469 h->final(s, keyspace);
5470 /* Next hlen bytes. */
5472 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
5473 hash_mpint(h, s, K);
5474 h->bytes(s, H, h->hlen);
5475 h->bytes(s, keyspace, h->hlen);
5476 h->final(s, keyspace + h->hlen);
5480 * Handle the SSH-2 transport layer.
5482 static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
5483 struct Packet *pktin)
5485 unsigned char *in = (unsigned char *)vin;
5486 struct do_ssh2_transport_state {
5488 int nbits, pbits, warn_kex, warn_cscipher, warn_sccipher;
5489 Bignum p, g, e, f, K;
5492 int kex_init_value, kex_reply_value;
5493 const struct ssh_mac **maclist;
5495 const struct ssh2_cipher *cscipher_tobe;
5496 const struct ssh2_cipher *sccipher_tobe;
5497 const struct ssh_mac *csmac_tobe;
5498 const struct ssh_mac *scmac_tobe;
5499 const struct ssh_compress *cscomp_tobe;
5500 const struct ssh_compress *sccomp_tobe;
5501 char *hostkeydata, *sigdata, *rsakeydata, *keystr, *fingerprint;
5502 int hostkeylen, siglen, rsakeylen;
5503 void *hkey; /* actual host key */
5504 void *rsakey; /* for RSA kex */
5505 unsigned char exchange_hash[SSH2_KEX_MAX_HASH_LEN];
5506 int n_preferred_kex;
5507 const struct ssh_kexes *preferred_kex[KEX_MAX];
5508 int n_preferred_ciphers;
5509 const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
5510 const struct ssh_compress *preferred_comp;
5511 int userauth_succeeded; /* for delayed compression */
5512 int pending_compression;
5513 int got_session_id, activated_authconn;
5514 struct Packet *pktout;
5519 crState(do_ssh2_transport_state);
5523 s->cscipher_tobe = s->sccipher_tobe = NULL;
5524 s->csmac_tobe = s->scmac_tobe = NULL;
5525 s->cscomp_tobe = s->sccomp_tobe = NULL;
5527 s->got_session_id = s->activated_authconn = FALSE;
5528 s->userauth_succeeded = FALSE;
5529 s->pending_compression = FALSE;
5532 * Be prepared to work around the buggy MAC problem.
5534 if (ssh->remote_bugs & BUG_SSH2_HMAC)
5535 s->maclist = buggymacs, s->nmacs = lenof(buggymacs);
5537 s->maclist = macs, s->nmacs = lenof(macs);
5540 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
5542 int i, j, k, commalist_started;
5545 * Set up the preferred key exchange. (NULL => warn below here)
5547 s->n_preferred_kex = 0;
5548 for (i = 0; i < KEX_MAX; i++) {
5549 switch (conf_get_int_int(ssh->conf, CONF_ssh_kexlist, i)) {
5551 s->preferred_kex[s->n_preferred_kex++] =
5552 &ssh_diffiehellman_gex;
5555 s->preferred_kex[s->n_preferred_kex++] =
5556 &ssh_diffiehellman_group14;
5559 s->preferred_kex[s->n_preferred_kex++] =
5560 &ssh_diffiehellman_group1;
5563 s->preferred_kex[s->n_preferred_kex++] =
5567 /* Flag for later. Don't bother if it's the last in
5569 if (i < KEX_MAX - 1) {
5570 s->preferred_kex[s->n_preferred_kex++] = NULL;
5577 * Set up the preferred ciphers. (NULL => warn below here)
5579 s->n_preferred_ciphers = 0;
5580 for (i = 0; i < CIPHER_MAX; i++) {
5581 switch (conf_get_int_int(ssh->conf, CONF_ssh_cipherlist, i)) {
5582 case CIPHER_BLOWFISH:
5583 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_blowfish;
5586 if (conf_get_int(ssh->conf, CONF_ssh2_des_cbc)) {
5587 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_des;
5591 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_3des;
5594 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_aes;
5596 case CIPHER_ARCFOUR:
5597 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_arcfour;
5600 /* Flag for later. Don't bother if it's the last in
5602 if (i < CIPHER_MAX - 1) {
5603 s->preferred_ciphers[s->n_preferred_ciphers++] = NULL;
5610 * Set up preferred compression.
5612 if (conf_get_int(ssh->conf, CONF_compression))
5613 s->preferred_comp = &ssh_zlib;
5615 s->preferred_comp = &ssh_comp_none;
5618 * Enable queueing of outgoing auth- or connection-layer
5619 * packets while we are in the middle of a key exchange.
5621 ssh->queueing = TRUE;
5624 * Flag that KEX is in progress.
5626 ssh->kex_in_progress = TRUE;
5629 * Construct and send our key exchange packet.
5631 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXINIT);
5632 for (i = 0; i < 16; i++)
5633 ssh2_pkt_addbyte(s->pktout, (unsigned char) random_byte());
5634 /* List key exchange algorithms. */
5635 ssh2_pkt_addstring_start(s->pktout);
5636 commalist_started = 0;
5637 for (i = 0; i < s->n_preferred_kex; i++) {
5638 const struct ssh_kexes *k = s->preferred_kex[i];
5639 if (!k) continue; /* warning flag */
5640 for (j = 0; j < k->nkexes; j++) {
5641 if (commalist_started)
5642 ssh2_pkt_addstring_str(s->pktout, ",");
5643 ssh2_pkt_addstring_str(s->pktout, k->list[j]->name);
5644 commalist_started = 1;
5647 /* List server host key algorithms. */
5648 ssh2_pkt_addstring_start(s->pktout);
5649 for (i = 0; i < lenof(hostkey_algs); i++) {
5650 ssh2_pkt_addstring_str(s->pktout, hostkey_algs[i]->name);
5651 if (i < lenof(hostkey_algs) - 1)
5652 ssh2_pkt_addstring_str(s->pktout, ",");
5654 /* List encryption algorithms (client->server then server->client). */
5655 for (k = 0; k < 2; k++) {
5656 ssh2_pkt_addstring_start(s->pktout);
5657 commalist_started = 0;
5658 for (i = 0; i < s->n_preferred_ciphers; i++) {
5659 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5660 if (!c) continue; /* warning flag */
5661 for (j = 0; j < c->nciphers; j++) {
5662 if (commalist_started)
5663 ssh2_pkt_addstring_str(s->pktout, ",");
5664 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5665 commalist_started = 1;
5669 /* List MAC algorithms (client->server then server->client). */
5670 for (j = 0; j < 2; j++) {
5671 ssh2_pkt_addstring_start(s->pktout);
5672 for (i = 0; i < s->nmacs; i++) {
5673 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5674 if (i < s->nmacs - 1)
5675 ssh2_pkt_addstring_str(s->pktout, ",");
5678 /* List client->server compression algorithms,
5679 * then server->client compression algorithms. (We use the
5680 * same set twice.) */
5681 for (j = 0; j < 2; j++) {
5682 ssh2_pkt_addstring_start(s->pktout);
5683 assert(lenof(compressions) > 1);
5684 /* Prefer non-delayed versions */
5685 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5686 /* We don't even list delayed versions of algorithms until
5687 * they're allowed to be used, to avoid a race. See the end of
5689 if (s->userauth_succeeded && s->preferred_comp->delayed_name) {
5690 ssh2_pkt_addstring_str(s->pktout, ",");
5691 ssh2_pkt_addstring_str(s->pktout,
5692 s->preferred_comp->delayed_name);
5694 for (i = 0; i < lenof(compressions); i++) {
5695 const struct ssh_compress *c = compressions[i];
5696 if (c != s->preferred_comp) {
5697 ssh2_pkt_addstring_str(s->pktout, ",");
5698 ssh2_pkt_addstring_str(s->pktout, c->name);
5699 if (s->userauth_succeeded && c->delayed_name) {
5700 ssh2_pkt_addstring_str(s->pktout, ",");
5701 ssh2_pkt_addstring_str(s->pktout, c->delayed_name);
5706 /* List client->server languages. Empty list. */
5707 ssh2_pkt_addstring_start(s->pktout);
5708 /* List server->client languages. Empty list. */
5709 ssh2_pkt_addstring_start(s->pktout);
5710 /* First KEX packet does _not_ follow, because we're not that brave. */
5711 ssh2_pkt_addbool(s->pktout, FALSE);
5713 ssh2_pkt_adduint32(s->pktout, 0);
5716 s->our_kexinitlen = s->pktout->length - 5;
5717 s->our_kexinit = snewn(s->our_kexinitlen, unsigned char);
5718 memcpy(s->our_kexinit, s->pktout->data + 5, s->our_kexinitlen);
5720 ssh2_pkt_send_noqueue(ssh, s->pktout);
5723 crWaitUntilV(pktin);
5726 * Now examine the other side's KEXINIT to see what we're up
5730 char *str, *preferred;
5733 if (pktin->type != SSH2_MSG_KEXINIT) {
5734 bombout(("expected key exchange packet from server"));
5738 ssh->hostkey = NULL;
5739 s->cscipher_tobe = NULL;
5740 s->sccipher_tobe = NULL;
5741 s->csmac_tobe = NULL;
5742 s->scmac_tobe = NULL;
5743 s->cscomp_tobe = NULL;
5744 s->sccomp_tobe = NULL;
5745 s->warn_kex = s->warn_cscipher = s->warn_sccipher = FALSE;
5747 pktin->savedpos += 16; /* skip garbage cookie */
5748 ssh_pkt_getstring(pktin, &str, &len); /* key exchange algorithms */
5751 for (i = 0; i < s->n_preferred_kex; i++) {
5752 const struct ssh_kexes *k = s->preferred_kex[i];
5756 for (j = 0; j < k->nkexes; j++) {
5757 if (!preferred) preferred = k->list[j]->name;
5758 if (in_commasep_string(k->list[j]->name, str, len)) {
5759 ssh->kex = k->list[j];
5768 bombout(("Couldn't agree a key exchange algorithm (available: %s)",
5769 str ? str : "(null)"));
5773 * Note that the server's guess is considered wrong if it doesn't match
5774 * the first algorithm in our list, even if it's still the algorithm
5777 s->guessok = first_in_commasep_string(preferred, str, len);
5778 ssh_pkt_getstring(pktin, &str, &len); /* host key algorithms */
5779 for (i = 0; i < lenof(hostkey_algs); i++) {
5780 if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
5781 ssh->hostkey = hostkey_algs[i];
5785 if (!ssh->hostkey) {
5786 bombout(("Couldn't agree a host key algorithm (available: %s)",
5787 str ? str : "(null)"));
5791 s->guessok = s->guessok &&
5792 first_in_commasep_string(hostkey_algs[0]->name, str, len);
5793 ssh_pkt_getstring(pktin, &str, &len); /* client->server cipher */
5794 for (i = 0; i < s->n_preferred_ciphers; i++) {
5795 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5797 s->warn_cscipher = TRUE;
5799 for (j = 0; j < c->nciphers; j++) {
5800 if (in_commasep_string(c->list[j]->name, str, len)) {
5801 s->cscipher_tobe = c->list[j];
5806 if (s->cscipher_tobe)
5809 if (!s->cscipher_tobe) {
5810 bombout(("Couldn't agree a client-to-server cipher (available: %s)",
5811 str ? str : "(null)"));
5815 ssh_pkt_getstring(pktin, &str, &len); /* server->client cipher */
5816 for (i = 0; i < s->n_preferred_ciphers; i++) {
5817 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5819 s->warn_sccipher = TRUE;
5821 for (j = 0; j < c->nciphers; j++) {
5822 if (in_commasep_string(c->list[j]->name, str, len)) {
5823 s->sccipher_tobe = c->list[j];
5828 if (s->sccipher_tobe)
5831 if (!s->sccipher_tobe) {
5832 bombout(("Couldn't agree a server-to-client cipher (available: %s)",
5833 str ? str : "(null)"));
5837 ssh_pkt_getstring(pktin, &str, &len); /* client->server mac */
5838 for (i = 0; i < s->nmacs; i++) {
5839 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5840 s->csmac_tobe = s->maclist[i];
5844 ssh_pkt_getstring(pktin, &str, &len); /* server->client mac */
5845 for (i = 0; i < s->nmacs; i++) {
5846 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5847 s->scmac_tobe = s->maclist[i];
5851 ssh_pkt_getstring(pktin, &str, &len); /* client->server compression */
5852 for (i = 0; i < lenof(compressions) + 1; i++) {
5853 const struct ssh_compress *c =
5854 i == 0 ? s->preferred_comp : compressions[i - 1];
5855 if (in_commasep_string(c->name, str, len)) {
5858 } else if (in_commasep_string(c->delayed_name, str, len)) {
5859 if (s->userauth_succeeded) {
5863 s->pending_compression = TRUE; /* try this later */
5867 ssh_pkt_getstring(pktin, &str, &len); /* server->client compression */
5868 for (i = 0; i < lenof(compressions) + 1; i++) {
5869 const struct ssh_compress *c =
5870 i == 0 ? s->preferred_comp : compressions[i - 1];
5871 if (in_commasep_string(c->name, str, len)) {
5874 } else if (in_commasep_string(c->delayed_name, str, len)) {
5875 if (s->userauth_succeeded) {
5879 s->pending_compression = TRUE; /* try this later */
5883 if (s->pending_compression) {
5884 logevent("Server supports delayed compression; "
5885 "will try this later");
5887 ssh_pkt_getstring(pktin, &str, &len); /* client->server language */
5888 ssh_pkt_getstring(pktin, &str, &len); /* server->client language */
5889 s->ignorepkt = ssh2_pkt_getbool(pktin) && !s->guessok;
5892 ssh_set_frozen(ssh, 1);
5893 s->dlgret = askalg(ssh->frontend, "key-exchange algorithm",
5895 ssh_dialog_callback, ssh);
5896 if (s->dlgret < 0) {
5900 bombout(("Unexpected data from server while"
5901 " waiting for user response"));
5904 } while (pktin || inlen > 0);
5905 s->dlgret = ssh->user_response;
5907 ssh_set_frozen(ssh, 0);
5908 if (s->dlgret == 0) {
5909 ssh_disconnect(ssh, "User aborted at kex warning", NULL,
5915 if (s->warn_cscipher) {
5916 ssh_set_frozen(ssh, 1);
5917 s->dlgret = askalg(ssh->frontend,
5918 "client-to-server cipher",
5919 s->cscipher_tobe->name,
5920 ssh_dialog_callback, ssh);
5921 if (s->dlgret < 0) {
5925 bombout(("Unexpected data from server while"
5926 " waiting for user response"));
5929 } while (pktin || inlen > 0);
5930 s->dlgret = ssh->user_response;
5932 ssh_set_frozen(ssh, 0);
5933 if (s->dlgret == 0) {
5934 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5940 if (s->warn_sccipher) {
5941 ssh_set_frozen(ssh, 1);
5942 s->dlgret = askalg(ssh->frontend,
5943 "server-to-client cipher",
5944 s->sccipher_tobe->name,
5945 ssh_dialog_callback, ssh);
5946 if (s->dlgret < 0) {
5950 bombout(("Unexpected data from server while"
5951 " waiting for user response"));
5954 } while (pktin || inlen > 0);
5955 s->dlgret = ssh->user_response;
5957 ssh_set_frozen(ssh, 0);
5958 if (s->dlgret == 0) {
5959 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5965 ssh->exhash = ssh->kex->hash->init();
5966 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c));
5967 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s));
5968 hash_string(ssh->kex->hash, ssh->exhash,
5969 s->our_kexinit, s->our_kexinitlen);
5970 sfree(s->our_kexinit);
5971 if (pktin->length > 5)
5972 hash_string(ssh->kex->hash, ssh->exhash,
5973 pktin->data + 5, pktin->length - 5);
5975 if (s->ignorepkt) /* first_kex_packet_follows */
5976 crWaitUntilV(pktin); /* Ignore packet */
5979 if (ssh->kex->main_type == KEXTYPE_DH) {
5981 * Work out the number of bits of key we will need from the
5982 * key exchange. We start with the maximum key length of
5988 csbits = s->cscipher_tobe->keylen;
5989 scbits = s->sccipher_tobe->keylen;
5990 s->nbits = (csbits > scbits ? csbits : scbits);
5992 /* The keys only have hlen-bit entropy, since they're based on
5993 * a hash. So cap the key size at hlen bits. */
5994 if (s->nbits > ssh->kex->hash->hlen * 8)
5995 s->nbits = ssh->kex->hash->hlen * 8;
5998 * If we're doing Diffie-Hellman group exchange, start by
5999 * requesting a group.
6001 if (!ssh->kex->pdata) {
6002 logevent("Doing Diffie-Hellman group exchange");
6003 ssh->pkt_kctx = SSH2_PKTCTX_DHGEX;
6005 * Work out how big a DH group we will need to allow that
6008 s->pbits = 512 << ((s->nbits - 1) / 64);
6009 s->pktout = ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST);
6010 ssh2_pkt_adduint32(s->pktout, s->pbits);
6011 ssh2_pkt_send_noqueue(ssh, s->pktout);
6013 crWaitUntilV(pktin);
6014 if (pktin->type != SSH2_MSG_KEX_DH_GEX_GROUP) {
6015 bombout(("expected key exchange group packet from server"));
6018 s->p = ssh2_pkt_getmp(pktin);
6019 s->g = ssh2_pkt_getmp(pktin);
6020 if (!s->p || !s->g) {
6021 bombout(("unable to read mp-ints from incoming group packet"));
6024 ssh->kex_ctx = dh_setup_gex(s->p, s->g);
6025 s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
6026 s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
6028 ssh->pkt_kctx = SSH2_PKTCTX_DHGROUP;
6029 ssh->kex_ctx = dh_setup_group(ssh->kex);
6030 s->kex_init_value = SSH2_MSG_KEXDH_INIT;
6031 s->kex_reply_value = SSH2_MSG_KEXDH_REPLY;
6032 logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"",
6033 ssh->kex->groupname);
6036 logeventf(ssh, "Doing Diffie-Hellman key exchange with hash %s",
6037 ssh->kex->hash->text_name);
6039 * Now generate and send e for Diffie-Hellman.
6041 set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */
6042 s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2);
6043 s->pktout = ssh2_pkt_init(s->kex_init_value);
6044 ssh2_pkt_addmp(s->pktout, s->e);
6045 ssh2_pkt_send_noqueue(ssh, s->pktout);
6047 set_busy_status(ssh->frontend, BUSY_WAITING); /* wait for server */
6048 crWaitUntilV(pktin);
6049 if (pktin->type != s->kex_reply_value) {
6050 bombout(("expected key exchange reply packet from server"));
6053 set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
6054 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
6055 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
6056 s->f = ssh2_pkt_getmp(pktin);
6058 bombout(("unable to parse key exchange reply packet"));
6061 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
6063 s->K = dh_find_K(ssh->kex_ctx, s->f);
6065 /* We assume everything from now on will be quick, and it might
6066 * involve user interaction. */
6067 set_busy_status(ssh->frontend, BUSY_NOT);
6069 hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
6070 if (!ssh->kex->pdata) {
6071 hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
6072 hash_mpint(ssh->kex->hash, ssh->exhash, s->p);
6073 hash_mpint(ssh->kex->hash, ssh->exhash, s->g);
6075 hash_mpint(ssh->kex->hash, ssh->exhash, s->e);
6076 hash_mpint(ssh->kex->hash, ssh->exhash, s->f);
6078 dh_cleanup(ssh->kex_ctx);
6080 if (!ssh->kex->pdata) {
6085 logeventf(ssh, "Doing RSA key exchange with hash %s",
6086 ssh->kex->hash->text_name);
6087 ssh->pkt_kctx = SSH2_PKTCTX_RSAKEX;
6089 * RSA key exchange. First expect a KEXRSA_PUBKEY packet
6092 crWaitUntilV(pktin);
6093 if (pktin->type != SSH2_MSG_KEXRSA_PUBKEY) {
6094 bombout(("expected RSA public key packet from server"));
6098 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
6099 hash_string(ssh->kex->hash, ssh->exhash,
6100 s->hostkeydata, s->hostkeylen);
6101 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
6105 ssh_pkt_getstring(pktin, &keydata, &s->rsakeylen);
6106 s->rsakeydata = snewn(s->rsakeylen, char);
6107 memcpy(s->rsakeydata, keydata, s->rsakeylen);
6110 s->rsakey = ssh_rsakex_newkey(s->rsakeydata, s->rsakeylen);
6112 sfree(s->rsakeydata);
6113 bombout(("unable to parse RSA public key from server"));
6117 hash_string(ssh->kex->hash, ssh->exhash, s->rsakeydata, s->rsakeylen);
6120 * Next, set up a shared secret K, of precisely KLEN -
6121 * 2*HLEN - 49 bits, where KLEN is the bit length of the
6122 * RSA key modulus and HLEN is the bit length of the hash
6126 int klen = ssh_rsakex_klen(s->rsakey);
6127 int nbits = klen - (2*ssh->kex->hash->hlen*8 + 49);
6129 unsigned char *kstr1, *kstr2, *outstr;
6130 int kstr1len, kstr2len, outstrlen;
6132 s->K = bn_power_2(nbits - 1);
6134 for (i = 0; i < nbits; i++) {
6136 byte = random_byte();
6138 bignum_set_bit(s->K, i, (byte >> (i & 7)) & 1);
6142 * Encode this as an mpint.
6144 kstr1 = ssh2_mpint_fmt(s->K, &kstr1len);
6145 kstr2 = snewn(kstr2len = 4 + kstr1len, unsigned char);
6146 PUT_32BIT(kstr2, kstr1len);
6147 memcpy(kstr2 + 4, kstr1, kstr1len);
6150 * Encrypt it with the given RSA key.
6152 outstrlen = (klen + 7) / 8;
6153 outstr = snewn(outstrlen, unsigned char);
6154 ssh_rsakex_encrypt(ssh->kex->hash, kstr2, kstr2len,
6155 outstr, outstrlen, s->rsakey);
6158 * And send it off in a return packet.
6160 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXRSA_SECRET);
6161 ssh2_pkt_addstring_start(s->pktout);
6162 ssh2_pkt_addstring_data(s->pktout, (char *)outstr, outstrlen);
6163 ssh2_pkt_send_noqueue(ssh, s->pktout);
6165 hash_string(ssh->kex->hash, ssh->exhash, outstr, outstrlen);
6172 ssh_rsakex_freekey(s->rsakey);
6174 crWaitUntilV(pktin);
6175 if (pktin->type != SSH2_MSG_KEXRSA_DONE) {
6176 sfree(s->rsakeydata);
6177 bombout(("expected signature packet from server"));
6181 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
6183 sfree(s->rsakeydata);
6186 hash_mpint(ssh->kex->hash, ssh->exhash, s->K);
6187 assert(ssh->kex->hash->hlen <= sizeof(s->exchange_hash));
6188 ssh->kex->hash->final(ssh->exhash, s->exchange_hash);
6190 ssh->kex_ctx = NULL;
6193 debug(("Exchange hash is:\n"));
6194 dmemdump(s->exchange_hash, ssh->kex->hash->hlen);
6198 !ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
6199 (char *)s->exchange_hash,
6200 ssh->kex->hash->hlen)) {
6201 bombout(("Server's host key did not match the signature supplied"));
6206 * Authenticate remote host: verify host key. (We've already
6207 * checked the signature of the exchange hash.)
6209 s->keystr = ssh->hostkey->fmtkey(s->hkey);
6210 s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
6211 ssh_set_frozen(ssh, 1);
6212 s->dlgret = verify_ssh_host_key(ssh->frontend,
6213 ssh->savedhost, ssh->savedport,
6214 ssh->hostkey->keytype, s->keystr,
6216 ssh_dialog_callback, ssh);
6217 if (s->dlgret < 0) {
6221 bombout(("Unexpected data from server while waiting"
6222 " for user host key response"));
6225 } while (pktin || inlen > 0);
6226 s->dlgret = ssh->user_response;
6228 ssh_set_frozen(ssh, 0);
6229 if (s->dlgret == 0) {
6230 ssh_disconnect(ssh, "User aborted at host key verification", NULL,
6234 if (!s->got_session_id) { /* don't bother logging this in rekeys */
6235 logevent("Host key fingerprint is:");
6236 logevent(s->fingerprint);
6238 sfree(s->fingerprint);
6240 ssh->hostkey->freekey(s->hkey);
6243 * The exchange hash from the very first key exchange is also
6244 * the session id, used in session key construction and
6247 if (!s->got_session_id) {
6248 assert(sizeof(s->exchange_hash) <= sizeof(ssh->v2_session_id));
6249 memcpy(ssh->v2_session_id, s->exchange_hash,
6250 sizeof(s->exchange_hash));
6251 ssh->v2_session_id_len = ssh->kex->hash->hlen;
6252 assert(ssh->v2_session_id_len <= sizeof(ssh->v2_session_id));
6253 s->got_session_id = TRUE;
6257 * Send SSH2_MSG_NEWKEYS.
6259 s->pktout = ssh2_pkt_init(SSH2_MSG_NEWKEYS);
6260 ssh2_pkt_send_noqueue(ssh, s->pktout);
6261 ssh->outgoing_data_size = 0; /* start counting from here */
6264 * We've sent client NEWKEYS, so create and initialise
6265 * client-to-server session keys.
6267 if (ssh->cs_cipher_ctx)
6268 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
6269 ssh->cscipher = s->cscipher_tobe;
6270 ssh->cs_cipher_ctx = ssh->cscipher->make_context();
6272 if (ssh->cs_mac_ctx)
6273 ssh->csmac->free_context(ssh->cs_mac_ctx);
6274 ssh->csmac = s->csmac_tobe;
6275 ssh->cs_mac_ctx = ssh->csmac->make_context();
6277 if (ssh->cs_comp_ctx)
6278 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
6279 ssh->cscomp = s->cscomp_tobe;
6280 ssh->cs_comp_ctx = ssh->cscomp->compress_init();
6283 * Set IVs on client-to-server keys. Here we use the exchange
6284 * hash from the _first_ key exchange.
6287 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6288 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6289 ssh2_mkkey(ssh,s->K,s->exchange_hash,'C',keyspace);
6290 assert((ssh->cscipher->keylen+7) / 8 <=
6291 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6292 ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace);
6293 ssh2_mkkey(ssh,s->K,s->exchange_hash,'A',keyspace);
6294 assert(ssh->cscipher->blksize <=
6295 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6296 ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace);
6297 ssh2_mkkey(ssh,s->K,s->exchange_hash,'E',keyspace);
6298 assert(ssh->csmac->len <=
6299 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6300 ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace);
6301 smemclr(keyspace, sizeof(keyspace));
6304 logeventf(ssh, "Initialised %.200s client->server encryption",
6305 ssh->cscipher->text_name);
6306 logeventf(ssh, "Initialised %.200s client->server MAC algorithm",
6307 ssh->csmac->text_name);
6308 if (ssh->cscomp->text_name)
6309 logeventf(ssh, "Initialised %s compression",
6310 ssh->cscomp->text_name);
6313 * Now our end of the key exchange is complete, we can send all
6314 * our queued higher-layer packets.
6316 ssh->queueing = FALSE;
6317 ssh2_pkt_queuesend(ssh);
6320 * Expect SSH2_MSG_NEWKEYS from server.
6322 crWaitUntilV(pktin);
6323 if (pktin->type != SSH2_MSG_NEWKEYS) {
6324 bombout(("expected new-keys packet from server"));
6327 ssh->incoming_data_size = 0; /* start counting from here */
6330 * We've seen server NEWKEYS, so create and initialise
6331 * server-to-client session keys.
6333 if (ssh->sc_cipher_ctx)
6334 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
6335 ssh->sccipher = s->sccipher_tobe;
6336 ssh->sc_cipher_ctx = ssh->sccipher->make_context();
6338 if (ssh->sc_mac_ctx)
6339 ssh->scmac->free_context(ssh->sc_mac_ctx);
6340 ssh->scmac = s->scmac_tobe;
6341 ssh->sc_mac_ctx = ssh->scmac->make_context();
6343 if (ssh->sc_comp_ctx)
6344 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
6345 ssh->sccomp = s->sccomp_tobe;
6346 ssh->sc_comp_ctx = ssh->sccomp->decompress_init();
6349 * Set IVs on server-to-client keys. Here we use the exchange
6350 * hash from the _first_ key exchange.
6353 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6354 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6355 ssh2_mkkey(ssh,s->K,s->exchange_hash,'D',keyspace);
6356 assert((ssh->sccipher->keylen+7) / 8 <=
6357 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6358 ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace);
6359 ssh2_mkkey(ssh,s->K,s->exchange_hash,'B',keyspace);
6360 assert(ssh->sccipher->blksize <=
6361 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6362 ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace);
6363 ssh2_mkkey(ssh,s->K,s->exchange_hash,'F',keyspace);
6364 assert(ssh->scmac->len <=
6365 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6366 ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
6367 smemclr(keyspace, sizeof(keyspace));
6369 logeventf(ssh, "Initialised %.200s server->client encryption",
6370 ssh->sccipher->text_name);
6371 logeventf(ssh, "Initialised %.200s server->client MAC algorithm",
6372 ssh->scmac->text_name);
6373 if (ssh->sccomp->text_name)
6374 logeventf(ssh, "Initialised %s decompression",
6375 ssh->sccomp->text_name);
6378 * Free shared secret.
6383 * Key exchange is over. Loop straight back round if we have a
6384 * deferred rekey reason.
6386 if (ssh->deferred_rekey_reason) {
6387 logevent(ssh->deferred_rekey_reason);
6389 ssh->deferred_rekey_reason = NULL;
6390 goto begin_key_exchange;
6394 * Otherwise, schedule a timer for our next rekey.
6396 ssh->kex_in_progress = FALSE;
6397 ssh->last_rekey = GETTICKCOUNT();
6398 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0)
6399 ssh->next_rekey = schedule_timer(conf_get_int(ssh->conf, CONF_ssh_rekey_time)*60*TICKSPERSEC,
6403 * Now we're encrypting. Begin returning 1 to the protocol main
6404 * function so that other things can run on top of the
6405 * transport. If we ever see a KEXINIT, we must go back to the
6408 * We _also_ go back to the start if we see pktin==NULL and
6409 * inlen negative, because this is a special signal meaning
6410 * `initiate client-driven rekey', and `in' contains a message
6411 * giving the reason for the rekey.
6413 * inlen==-1 means always initiate a rekey;
6414 * inlen==-2 means that userauth has completed successfully and
6415 * we should consider rekeying (for delayed compression).
6417 while (!((pktin && pktin->type == SSH2_MSG_KEXINIT) ||
6418 (!pktin && inlen < 0))) {
6420 if (!ssh->protocol_initial_phase_done) {
6421 ssh->protocol_initial_phase_done = TRUE;
6423 * Allow authconn to initialise itself.
6425 do_ssh2_authconn(ssh, NULL, 0, NULL);
6430 logevent("Server initiated key re-exchange");
6434 * authconn has seen a USERAUTH_SUCCEEDED. Time to enable
6435 * delayed compression, if it's available.
6437 * draft-miller-secsh-compression-delayed-00 says that you
6438 * negotiate delayed compression in the first key exchange, and
6439 * both sides start compressing when the server has sent
6440 * USERAUTH_SUCCESS. This has a race condition -- the server
6441 * can't know when the client has seen it, and thus which incoming
6442 * packets it should treat as compressed.
6444 * Instead, we do the initial key exchange without offering the
6445 * delayed methods, but note if the server offers them; when we
6446 * get here, if a delayed method was available that was higher
6447 * on our list than what we got, we initiate a rekey in which we
6448 * _do_ list the delayed methods (and hopefully get it as a
6449 * result). Subsequent rekeys will do the same.
6451 assert(!s->userauth_succeeded); /* should only happen once */
6452 s->userauth_succeeded = TRUE;
6453 if (!s->pending_compression)
6454 /* Can't see any point rekeying. */
6455 goto wait_for_rekey; /* this is utterly horrid */
6456 /* else fall through to rekey... */
6457 s->pending_compression = FALSE;
6460 * Now we've decided to rekey.
6462 * Special case: if the server bug is set that doesn't
6463 * allow rekeying, we give a different log message and
6464 * continue waiting. (If such a server _initiates_ a rekey,
6465 * we process it anyway!)
6467 if ((ssh->remote_bugs & BUG_SSH2_REKEY)) {
6468 logeventf(ssh, "Server bug prevents key re-exchange (%s)",
6470 /* Reset the counters, so that at least this message doesn't
6471 * hit the event log _too_ often. */
6472 ssh->outgoing_data_size = 0;
6473 ssh->incoming_data_size = 0;
6474 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0) {
6476 schedule_timer(conf_get_int(ssh->conf, CONF_ssh_rekey_time)*60*TICKSPERSEC,
6479 goto wait_for_rekey; /* this is still utterly horrid */
6481 logeventf(ssh, "Initiating key re-exchange (%s)", (char *)in);
6484 goto begin_key_exchange;
6490 * Add data to an SSH-2 channel output buffer.
6492 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
6495 bufchain_add(&c->v.v2.outbuffer, buf, len);
6499 * Attempt to send data on an SSH-2 channel.
6501 static int ssh2_try_send(struct ssh_channel *c)
6504 struct Packet *pktout;
6507 while (c->v.v2.remwindow > 0 && bufchain_size(&c->v.v2.outbuffer) > 0) {
6510 bufchain_prefix(&c->v.v2.outbuffer, &data, &len);
6511 if ((unsigned)len > c->v.v2.remwindow)
6512 len = c->v.v2.remwindow;
6513 if ((unsigned)len > c->v.v2.remmaxpkt)
6514 len = c->v.v2.remmaxpkt;
6515 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA);
6516 ssh2_pkt_adduint32(pktout, c->remoteid);
6517 ssh2_pkt_addstring_start(pktout);
6518 dont_log_data(ssh, pktout, PKTLOG_OMIT);
6519 ssh2_pkt_addstring_data(pktout, data, len);
6520 end_log_omission(ssh, pktout);
6521 ssh2_pkt_send(ssh, pktout);
6522 bufchain_consume(&c->v.v2.outbuffer, len);
6523 c->v.v2.remwindow -= len;
6527 * After having sent as much data as we can, return the amount
6530 ret = bufchain_size(&c->v.v2.outbuffer);
6533 * And if there's no data pending but we need to send an EOF, send
6536 if (!ret && c->pending_eof)
6537 ssh_channel_try_eof(c);
6542 static void ssh2_try_send_and_unthrottle(Ssh ssh, struct ssh_channel *c)
6545 if (c->closes & CLOSES_SENT_EOF)
6546 return; /* don't send on channels we've EOFed */
6547 bufsize = ssh2_try_send(c);
6550 case CHAN_MAINSESSION:
6551 /* stdin need not receive an unthrottle
6552 * notification since it will be polled */
6555 x11_unthrottle(c->u.x11.s);
6558 /* agent sockets are request/response and need no
6559 * buffer management */
6562 pfd_unthrottle(c->u.pfd.s);
6569 * Set up most of a new ssh_channel for SSH-2.
6571 static void ssh2_channel_init(struct ssh_channel *c)
6574 c->localid = alloc_channel_id(ssh);
6576 c->pending_eof = FALSE;
6577 c->throttling_conn = FALSE;
6578 c->v.v2.locwindow = c->v.v2.locmaxwin = c->v.v2.remlocwin =
6579 conf_get_int(ssh->conf, CONF_ssh_simple) ? OUR_V2_BIGWIN : OUR_V2_WINSIZE;
6580 c->v.v2.chanreq_head = NULL;
6581 c->v.v2.throttle_state = UNTHROTTLED;
6582 bufchain_init(&c->v.v2.outbuffer);
6586 * Construct the common parts of a CHANNEL_OPEN.
6588 static struct Packet *ssh2_chanopen_init(struct ssh_channel *c, char *type)
6590 struct Packet *pktout;
6592 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
6593 ssh2_pkt_addstring(pktout, type);
6594 ssh2_pkt_adduint32(pktout, c->localid);
6595 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);/* our window size */
6596 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
6601 * CHANNEL_FAILURE doesn't come with any indication of what message
6602 * caused it, so we have to keep track of the outstanding
6603 * CHANNEL_REQUESTs ourselves.
6605 static void ssh2_queue_chanreq_handler(struct ssh_channel *c,
6606 cchandler_fn_t handler, void *ctx)
6608 struct outstanding_channel_request *ocr =
6609 snew(struct outstanding_channel_request);
6611 assert(!(c->closes & (CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE)));
6612 ocr->handler = handler;
6615 if (!c->v.v2.chanreq_head)
6616 c->v.v2.chanreq_head = ocr;
6618 c->v.v2.chanreq_tail->next = ocr;
6619 c->v.v2.chanreq_tail = ocr;
6623 * Construct the common parts of a CHANNEL_REQUEST. If handler is not
6624 * NULL then a reply will be requested and the handler will be called
6625 * when it arrives. The returned packet is ready to have any
6626 * request-specific data added and be sent. Note that if a handler is
6627 * provided, it's essential that the request actually be sent.
6629 * The handler will usually be passed the response packet in pktin.
6630 * If pktin is NULL, this means that no reply will ever be forthcoming
6631 * (e.g. because the entire connection is being destroyed) and the
6632 * handler should free any storage it's holding.
6634 static struct Packet *ssh2_chanreq_init(struct ssh_channel *c, char *type,
6635 cchandler_fn_t handler, void *ctx)
6637 struct Packet *pktout;
6639 assert(!(c->closes & (CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE)));
6640 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
6641 ssh2_pkt_adduint32(pktout, c->remoteid);
6642 ssh2_pkt_addstring(pktout, type);
6643 ssh2_pkt_addbool(pktout, handler != NULL);
6644 if (handler != NULL)
6645 ssh2_queue_chanreq_handler(c, handler, ctx);
6650 * Potentially enlarge the window on an SSH-2 channel.
6652 static void ssh2_handle_winadj_response(struct ssh_channel *, struct Packet *,
6654 static void ssh2_set_window(struct ssh_channel *c, int newwin)
6659 * Never send WINDOW_ADJUST for a channel that the remote side has
6660 * already sent EOF on; there's no point, since it won't be
6661 * sending any more data anyway. Ditto if _we've_ already sent
6664 if (c->closes & (CLOSES_RCVD_EOF | CLOSES_SENT_CLOSE))
6668 * If the remote end has a habit of ignoring maxpkt, limit the
6669 * window so that it has no choice (assuming it doesn't ignore the
6672 if ((ssh->remote_bugs & BUG_SSH2_MAXPKT) && newwin > OUR_V2_MAXPKT)
6673 newwin = OUR_V2_MAXPKT;
6676 * Only send a WINDOW_ADJUST if there's significantly more window
6677 * available than the other end thinks there is. This saves us
6678 * sending a WINDOW_ADJUST for every character in a shell session.
6680 * "Significant" is arbitrarily defined as half the window size.
6682 if (newwin / 2 >= c->v.v2.locwindow) {
6683 struct Packet *pktout;
6687 * In order to keep track of how much window the client
6688 * actually has available, we'd like it to acknowledge each
6689 * WINDOW_ADJUST. We can't do that directly, so we accompany
6690 * it with a CHANNEL_REQUEST that has to be acknowledged.
6692 * This is only necessary if we're opening the window wide.
6693 * If we're not, then throughput is being constrained by
6694 * something other than the maximum window size anyway.
6696 if (newwin == c->v.v2.locmaxwin &&
6697 !(ssh->remote_bugs & BUG_CHOKES_ON_WINADJ)) {
6698 up = snew(unsigned);
6699 *up = newwin - c->v.v2.locwindow;
6700 pktout = ssh2_chanreq_init(c, "winadj@putty.projects.tartarus.org",
6701 ssh2_handle_winadj_response, up);
6702 ssh2_pkt_send(ssh, pktout);
6704 if (c->v.v2.throttle_state != UNTHROTTLED)
6705 c->v.v2.throttle_state = UNTHROTTLING;
6707 /* Pretend the WINDOW_ADJUST was acked immediately. */
6708 c->v.v2.remlocwin = newwin;
6709 c->v.v2.throttle_state = THROTTLED;
6711 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
6712 ssh2_pkt_adduint32(pktout, c->remoteid);
6713 ssh2_pkt_adduint32(pktout, newwin - c->v.v2.locwindow);
6714 ssh2_pkt_send(ssh, pktout);
6715 c->v.v2.locwindow = newwin;
6720 * Find the channel associated with a message. If there's no channel,
6721 * or it's not properly open, make a noise about it and return NULL.
6723 static struct ssh_channel *ssh2_channel_msg(Ssh ssh, struct Packet *pktin)
6725 unsigned localid = ssh_pkt_getuint32(pktin);
6726 struct ssh_channel *c;
6728 c = find234(ssh->channels, &localid, ssh_channelfind);
6730 (c->halfopen && pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION &&
6731 pktin->type != SSH2_MSG_CHANNEL_OPEN_FAILURE)) {
6732 char *buf = dupprintf("Received %s for %s channel %u",
6733 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
6735 c ? "half-open" : "nonexistent", localid);
6736 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6743 static void ssh2_handle_winadj_response(struct ssh_channel *c,
6744 struct Packet *pktin, void *ctx)
6746 unsigned *sizep = ctx;
6749 * Winadj responses should always be failures. However, at least
6750 * one server ("boks_sshd") is known to return SUCCESS for channel
6751 * requests it's never heard of, such as "winadj@putty". Raised
6752 * with foxt.com as bug 090916-090424, but for the sake of a quiet
6753 * life, we don't worry about what kind of response we got.
6756 c->v.v2.remlocwin += *sizep;
6759 * winadj messages are only sent when the window is fully open, so
6760 * if we get an ack of one, we know any pending unthrottle is
6763 if (c->v.v2.throttle_state == UNTHROTTLING)
6764 c->v.v2.throttle_state = UNTHROTTLED;
6767 static void ssh2_msg_channel_response(Ssh ssh, struct Packet *pktin)
6769 struct ssh_channel *c = ssh2_channel_msg(ssh, pktin);
6770 struct outstanding_channel_request *ocr;
6773 ocr = c->v.v2.chanreq_head;
6775 ssh2_msg_unexpected(ssh, pktin);
6778 ocr->handler(c, pktin, ocr->ctx);
6779 c->v.v2.chanreq_head = ocr->next;
6782 * We may now initiate channel-closing procedures, if that
6783 * CHANNEL_REQUEST was the last thing outstanding before we send
6786 ssh2_channel_check_close(c);
6789 static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)
6791 struct ssh_channel *c;
6792 c = ssh2_channel_msg(ssh, pktin);
6795 if (!(c->closes & CLOSES_SENT_EOF)) {
6796 c->v.v2.remwindow += ssh_pkt_getuint32(pktin);
6797 ssh2_try_send_and_unthrottle(ssh, c);
6801 static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
6805 struct ssh_channel *c;
6806 c = ssh2_channel_msg(ssh, pktin);
6809 if (pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA &&
6810 ssh_pkt_getuint32(pktin) != SSH2_EXTENDED_DATA_STDERR)
6811 return; /* extended but not stderr */
6812 ssh_pkt_getstring(pktin, &data, &length);
6815 c->v.v2.locwindow -= length;
6816 c->v.v2.remlocwin -= length;
6818 case CHAN_MAINSESSION:
6820 from_backend(ssh->frontend, pktin->type ==
6821 SSH2_MSG_CHANNEL_EXTENDED_DATA,
6825 bufsize = x11_send(c->u.x11.s, data, length);
6828 bufsize = pfd_send(c->u.pfd.s, data, length);
6831 while (length > 0) {
6832 if (c->u.a.lensofar < 4) {
6833 unsigned int l = min(4 - c->u.a.lensofar,
6835 memcpy(c->u.a.msglen + c->u.a.lensofar,
6839 c->u.a.lensofar += l;
6841 if (c->u.a.lensofar == 4) {
6843 4 + GET_32BIT(c->u.a.msglen);
6844 c->u.a.message = snewn(c->u.a.totallen,
6846 memcpy(c->u.a.message, c->u.a.msglen, 4);
6848 if (c->u.a.lensofar >= 4 && length > 0) {
6850 min(c->u.a.totallen - c->u.a.lensofar,
6852 memcpy(c->u.a.message + c->u.a.lensofar,
6856 c->u.a.lensofar += l;
6858 if (c->u.a.lensofar == c->u.a.totallen) {
6861 c->u.a.outstanding_requests++;
6862 if (agent_query(c->u.a.message,
6865 ssh_agentf_callback, c))
6866 ssh_agentf_callback(c, reply, replylen);
6867 sfree(c->u.a.message);
6868 c->u.a.message = NULL;
6869 c->u.a.lensofar = 0;
6876 * If it looks like the remote end hit the end of its window,
6877 * and we didn't want it to do that, think about using a
6880 if (c->v.v2.remlocwin <= 0 && c->v.v2.throttle_state == UNTHROTTLED &&
6881 c->v.v2.locmaxwin < 0x40000000)
6882 c->v.v2.locmaxwin += OUR_V2_WINSIZE;
6884 * If we are not buffering too much data,
6885 * enlarge the window again at the remote side.
6886 * If we are buffering too much, we may still
6887 * need to adjust the window if the server's
6890 ssh2_set_window(c, bufsize < c->v.v2.locmaxwin ?
6891 c->v.v2.locmaxwin - bufsize : 0);
6893 * If we're either buffering way too much data, or if we're
6894 * buffering anything at all and we're in "simple" mode,
6895 * throttle the whole channel.
6897 if ((bufsize > c->v.v2.locmaxwin ||
6898 (conf_get_int(ssh->conf, CONF_ssh_simple) && bufsize > 0)) &&
6899 !c->throttling_conn) {
6900 c->throttling_conn = 1;
6901 ssh_throttle_conn(ssh, +1);
6906 static void ssh_channel_destroy(struct ssh_channel *c)
6911 case CHAN_MAINSESSION:
6912 ssh->mainchan = NULL;
6913 update_specials_menu(ssh->frontend);
6916 if (c->u.x11.s != NULL)
6917 x11_close(c->u.x11.s);
6918 logevent("Forwarded X11 connection terminated");
6921 sfree(c->u.a.message);
6924 if (c->u.pfd.s != NULL)
6925 pfd_close(c->u.pfd.s);
6926 logevent("Forwarded port closed");
6930 del234(ssh->channels, c);
6931 if (ssh->version == 2) {
6932 bufchain_clear(&c->v.v2.outbuffer);
6933 assert(c->v.v2.chanreq_head == NULL);
6938 * See if that was the last channel left open.
6939 * (This is only our termination condition if we're
6940 * not running in -N mode.)
6942 if (ssh->version == 2 &&
6943 !conf_get_int(ssh->conf, CONF_ssh_no_shell) &&
6944 count234(ssh->channels) == 0) {
6946 * We used to send SSH_MSG_DISCONNECT here,
6947 * because I'd believed that _every_ conforming
6948 * SSH-2 connection had to end with a disconnect
6949 * being sent by at least one side; apparently
6950 * I was wrong and it's perfectly OK to
6951 * unceremoniously slam the connection shut
6952 * when you're done, and indeed OpenSSH feels
6953 * this is more polite than sending a
6954 * DISCONNECT. So now we don't.
6956 ssh_disconnect(ssh, "All channels closed", NULL, 0, TRUE);
6960 static void ssh2_channel_check_close(struct ssh_channel *c)
6963 struct Packet *pktout;
6965 if ((!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes) ||
6966 c->type == CHAN_ZOMBIE) &&
6967 !c->v.v2.chanreq_head &&
6968 !(c->closes & CLOSES_SENT_CLOSE)) {
6970 * We have both sent and received EOF (or the channel is a
6971 * zombie), and we have no outstanding channel requests, which
6972 * means the channel is in final wind-up. But we haven't sent
6973 * CLOSE, so let's do so now.
6975 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6976 ssh2_pkt_adduint32(pktout, c->remoteid);
6977 ssh2_pkt_send(ssh, pktout);
6978 c->closes |= CLOSES_SENT_EOF | CLOSES_SENT_CLOSE;
6981 if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes)) {
6982 assert(c->v.v2.chanreq_head == NULL);
6984 * We have both sent and received CLOSE, which means we're
6985 * completely done with the channel.
6987 ssh_channel_destroy(c);
6991 static void ssh2_channel_got_eof(struct ssh_channel *c)
6993 if (c->closes & CLOSES_RCVD_EOF)
6994 return; /* already seen EOF */
6995 c->closes |= CLOSES_RCVD_EOF;
6997 if (c->type == CHAN_X11) {
6998 x11_send_eof(c->u.x11.s);
6999 } else if (c->type == CHAN_AGENT) {
7000 if (c->u.a.outstanding_requests == 0) {
7001 /* Manufacture an outgoing EOF in response to the incoming one. */
7002 sshfwd_write_eof(c);
7004 } else if (c->type == CHAN_SOCKDATA) {
7005 pfd_send_eof(c->u.pfd.s);
7006 } else if (c->type == CHAN_MAINSESSION) {
7009 if (!ssh->sent_console_eof &&
7010 (from_backend_eof(ssh->frontend) || ssh->got_pty)) {
7012 * Either from_backend_eof told us that the front end
7013 * wants us to close the outgoing side of the connection
7014 * as soon as we see EOF from the far end, or else we've
7015 * unilaterally decided to do that because we've allocated
7016 * a remote pty and hence EOF isn't a particularly
7017 * meaningful concept.
7019 sshfwd_write_eof(c);
7021 ssh->sent_console_eof = TRUE;
7024 ssh2_channel_check_close(c);
7027 static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)
7029 struct ssh_channel *c;
7031 c = ssh2_channel_msg(ssh, pktin);
7034 ssh2_channel_got_eof(c);
7037 static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
7039 struct ssh_channel *c;
7041 c = ssh2_channel_msg(ssh, pktin);
7046 * When we receive CLOSE on a channel, we assume it comes with an
7047 * implied EOF if we haven't seen EOF yet.
7049 ssh2_channel_got_eof(c);
7052 * And we also send an outgoing EOF, if we haven't already, on the
7053 * assumption that CLOSE is a pretty forceful announcement that
7054 * the remote side is doing away with the entire channel. (If it
7055 * had wanted to send us EOF and continue receiving data from us,
7056 * it would have just sent CHANNEL_EOF.)
7058 if (!(c->closes & CLOSES_SENT_EOF)) {
7060 * Make sure we don't read any more from whatever our local
7061 * data source is for this channel.
7064 case CHAN_MAINSESSION:
7065 ssh->send_ok = 0; /* stop trying to read from stdin */
7068 x11_override_throttle(c->u.x11.s, 1);
7071 pfd_override_throttle(c->u.pfd.s, 1);
7076 * Send outgoing EOF.
7078 sshfwd_write_eof(c);
7082 * Now process the actual close.
7084 if (!(c->closes & CLOSES_RCVD_CLOSE)) {
7085 c->closes |= CLOSES_RCVD_CLOSE;
7086 ssh2_channel_check_close(c);
7090 static void ssh2_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
7092 struct ssh_channel *c;
7094 c = ssh2_channel_msg(ssh, pktin);
7097 if (c->type != CHAN_SOCKDATA_DORMANT)
7098 return; /* dunno why they're confirming this */
7099 c->remoteid = ssh_pkt_getuint32(pktin);
7100 c->halfopen = FALSE;
7101 c->type = CHAN_SOCKDATA;
7102 c->v.v2.remwindow = ssh_pkt_getuint32(pktin);
7103 c->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
7105 pfd_confirm(c->u.pfd.s);
7107 ssh_channel_try_eof(c);
7110 static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
7112 static const char *const reasons[] = {
7113 "<unknown reason code>",
7114 "Administratively prohibited",
7116 "Unknown channel type",
7117 "Resource shortage",
7119 unsigned reason_code;
7120 char *reason_string;
7122 struct ssh_channel *c;
7123 c = ssh2_channel_msg(ssh, pktin);
7126 if (c->type != CHAN_SOCKDATA_DORMANT)
7127 return; /* dunno why they're failing this */
7129 reason_code = ssh_pkt_getuint32(pktin);
7130 if (reason_code >= lenof(reasons))
7131 reason_code = 0; /* ensure reasons[reason_code] in range */
7132 ssh_pkt_getstring(pktin, &reason_string, &reason_length);
7133 logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]",
7134 reasons[reason_code], reason_length, reason_string);
7136 pfd_close(c->u.pfd.s);
7138 del234(ssh->channels, c);
7142 static void ssh2_msg_channel_request(Ssh ssh, struct Packet *pktin)
7145 int typelen, want_reply;
7146 int reply = SSH2_MSG_CHANNEL_FAILURE; /* default */
7147 struct ssh_channel *c;
7148 struct Packet *pktout;
7150 c = ssh2_channel_msg(ssh, pktin);
7153 ssh_pkt_getstring(pktin, &type, &typelen);
7154 want_reply = ssh2_pkt_getbool(pktin);
7157 * Having got the channel number, we now look at
7158 * the request type string to see if it's something
7161 if (c == ssh->mainchan) {
7163 * We recognise "exit-status" and "exit-signal" on
7164 * the primary channel.
7166 if (typelen == 11 &&
7167 !memcmp(type, "exit-status", 11)) {
7169 ssh->exitcode = ssh_pkt_getuint32(pktin);
7170 logeventf(ssh, "Server sent command exit status %d",
7172 reply = SSH2_MSG_CHANNEL_SUCCESS;
7174 } else if (typelen == 11 &&
7175 !memcmp(type, "exit-signal", 11)) {
7177 int is_plausible = TRUE, is_int = FALSE;
7178 char *fmt_sig = "", *fmt_msg = "";
7180 int msglen = 0, core = FALSE;
7181 /* ICK: older versions of OpenSSH (e.g. 3.4p1)
7182 * provide an `int' for the signal, despite its
7183 * having been a `string' in the drafts of RFC 4254 since at
7184 * least 2001. (Fixed in session.c 1.147.) Try to
7185 * infer which we can safely parse it as. */
7187 unsigned char *p = pktin->body +
7189 long len = pktin->length - pktin->savedpos;
7190 unsigned long num = GET_32BIT(p); /* what is it? */
7191 /* If it's 0, it hardly matters; assume string */
7195 int maybe_int = FALSE, maybe_str = FALSE;
7196 #define CHECK_HYPOTHESIS(offset, result) \
7199 if (q >= 0 && q+4 <= len) { \
7200 q = q + 4 + GET_32BIT(p+q); \
7201 if (q >= 0 && q+4 <= len && \
7202 ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \
7206 CHECK_HYPOTHESIS(4+1, maybe_int);
7207 CHECK_HYPOTHESIS(4+num+1, maybe_str);
7208 #undef CHECK_HYPOTHESIS
7209 if (maybe_int && !maybe_str)
7211 else if (!maybe_int && maybe_str)
7214 /* Crikey. Either or neither. Panic. */
7215 is_plausible = FALSE;
7218 ssh->exitcode = 128; /* means `unknown signal' */
7221 /* Old non-standard OpenSSH. */
7222 int signum = ssh_pkt_getuint32(pktin);
7223 fmt_sig = dupprintf(" %d", signum);
7224 ssh->exitcode = 128 + signum;
7226 /* As per RFC 4254. */
7229 ssh_pkt_getstring(pktin, &sig, &siglen);
7230 /* Signal name isn't supposed to be blank, but
7231 * let's cope gracefully if it is. */
7233 fmt_sig = dupprintf(" \"%.*s\"",
7238 * Really hideous method of translating the
7239 * signal description back into a locally
7240 * meaningful number.
7245 #define TRANSLATE_SIGNAL(s) \
7246 else if (siglen == lenof(#s)-1 && !memcmp(sig, #s, siglen)) \
7247 ssh->exitcode = 128 + SIG ## s
7249 TRANSLATE_SIGNAL(ABRT);
7252 TRANSLATE_SIGNAL(ALRM);
7255 TRANSLATE_SIGNAL(FPE);
7258 TRANSLATE_SIGNAL(HUP);
7261 TRANSLATE_SIGNAL(ILL);
7264 TRANSLATE_SIGNAL(INT);
7267 TRANSLATE_SIGNAL(KILL);
7270 TRANSLATE_SIGNAL(PIPE);
7273 TRANSLATE_SIGNAL(QUIT);
7276 TRANSLATE_SIGNAL(SEGV);
7279 TRANSLATE_SIGNAL(TERM);
7282 TRANSLATE_SIGNAL(USR1);
7285 TRANSLATE_SIGNAL(USR2);
7287 #undef TRANSLATE_SIGNAL
7289 ssh->exitcode = 128;
7291 core = ssh2_pkt_getbool(pktin);
7292 ssh_pkt_getstring(pktin, &msg, &msglen);
7294 fmt_msg = dupprintf(" (\"%.*s\")", msglen, msg);
7296 /* ignore lang tag */
7297 } /* else don't attempt to parse */
7298 logeventf(ssh, "Server exited on signal%s%s%s",
7299 fmt_sig, core ? " (core dumped)" : "",
7301 if (*fmt_sig) sfree(fmt_sig);
7302 if (*fmt_msg) sfree(fmt_msg);
7303 reply = SSH2_MSG_CHANNEL_SUCCESS;
7308 * This is a channel request we don't know
7309 * about, so we now either ignore the request
7310 * or respond with CHANNEL_FAILURE, depending
7313 reply = SSH2_MSG_CHANNEL_FAILURE;
7316 pktout = ssh2_pkt_init(reply);
7317 ssh2_pkt_adduint32(pktout, c->remoteid);
7318 ssh2_pkt_send(ssh, pktout);
7322 static void ssh2_msg_global_request(Ssh ssh, struct Packet *pktin)
7325 int typelen, want_reply;
7326 struct Packet *pktout;
7328 ssh_pkt_getstring(pktin, &type, &typelen);
7329 want_reply = ssh2_pkt_getbool(pktin);
7332 * We currently don't support any global requests
7333 * at all, so we either ignore the request or
7334 * respond with REQUEST_FAILURE, depending on
7338 pktout = ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
7339 ssh2_pkt_send(ssh, pktout);
7343 static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
7351 struct ssh_channel *c;
7352 unsigned remid, winsize, pktsize;
7353 struct Packet *pktout;
7355 ssh_pkt_getstring(pktin, &type, &typelen);
7356 c = snew(struct ssh_channel);
7359 remid = ssh_pkt_getuint32(pktin);
7360 winsize = ssh_pkt_getuint32(pktin);
7361 pktsize = ssh_pkt_getuint32(pktin);
7363 if (typelen == 3 && !memcmp(type, "x11", 3)) {
7367 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7368 addrstr = snewn(peeraddrlen+1, char);
7369 memcpy(addrstr, peeraddr, peeraddrlen);
7370 addrstr[peeraddrlen] = '\0';
7371 peerport = ssh_pkt_getuint32(pktin);
7373 logeventf(ssh, "Received X11 connect request from %s:%d",
7376 if (!ssh->X11_fwd_enabled)
7377 error = "X11 forwarding is not enabled";
7378 else if ((x11err = x11_init(&c->u.x11.s, ssh->x11disp, c,
7379 addrstr, peerport, ssh->conf)) != NULL) {
7380 logeventf(ssh, "Local X11 connection failed: %s", x11err);
7381 error = "Unable to open an X11 connection";
7383 logevent("Opening X11 forward connection succeeded");
7388 } else if (typelen == 15 &&
7389 !memcmp(type, "forwarded-tcpip", 15)) {
7390 struct ssh_rportfwd pf, *realpf;
7393 ssh_pkt_getstring(pktin, &dummy, &dummylen);/* skip address */
7394 pf.sport = ssh_pkt_getuint32(pktin);
7395 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7396 peerport = ssh_pkt_getuint32(pktin);
7397 realpf = find234(ssh->rportfwds, &pf, NULL);
7398 logeventf(ssh, "Received remote port %d open request "
7399 "from %s:%d", pf.sport, peeraddr, peerport);
7400 if (realpf == NULL) {
7401 error = "Remote port is not recognised";
7403 const char *e = pfd_newconnect(&c->u.pfd.s,
7407 realpf->pfrec->addressfamily);
7408 logeventf(ssh, "Attempting to forward remote port to "
7409 "%s:%d", realpf->dhost, realpf->dport);
7411 logeventf(ssh, "Port open failed: %s", e);
7412 error = "Port open failed";
7414 logevent("Forwarded port opened successfully");
7415 c->type = CHAN_SOCKDATA;
7418 } else if (typelen == 22 &&
7419 !memcmp(type, "auth-agent@openssh.com", 22)) {
7420 if (!ssh->agentfwd_enabled)
7421 error = "Agent forwarding is not enabled";
7423 c->type = CHAN_AGENT; /* identify channel type */
7424 c->u.a.lensofar = 0;
7425 c->u.a.outstanding_requests = 0;
7428 error = "Unsupported channel type requested";
7431 c->remoteid = remid;
7432 c->halfopen = FALSE;
7434 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE);
7435 ssh2_pkt_adduint32(pktout, c->remoteid);
7436 ssh2_pkt_adduint32(pktout, SSH2_OPEN_CONNECT_FAILED);
7437 ssh2_pkt_addstring(pktout, error);
7438 ssh2_pkt_addstring(pktout, "en"); /* language tag */
7439 ssh2_pkt_send(ssh, pktout);
7440 logeventf(ssh, "Rejected channel open: %s", error);
7443 ssh2_channel_init(c);
7444 c->v.v2.remwindow = winsize;
7445 c->v.v2.remmaxpkt = pktsize;
7446 add234(ssh->channels, c);
7447 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
7448 ssh2_pkt_adduint32(pktout, c->remoteid);
7449 ssh2_pkt_adduint32(pktout, c->localid);
7450 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);
7451 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
7452 ssh2_pkt_send(ssh, pktout);
7457 * Buffer banner messages for later display at some convenient point,
7458 * if we're going to display them.
7460 static void ssh2_msg_userauth_banner(Ssh ssh, struct Packet *pktin)
7462 /* Arbitrary limit to prevent unbounded inflation of buffer */
7463 if (conf_get_int(ssh->conf, CONF_ssh_show_banner) &&
7464 bufchain_size(&ssh->banner) <= 131072) {
7465 char *banner = NULL;
7467 ssh_pkt_getstring(pktin, &banner, &size);
7469 bufchain_add(&ssh->banner, banner, size);
7473 /* Helper function to deal with sending tty modes for "pty-req" */
7474 static void ssh2_send_ttymode(void *data, char *mode, char *val)
7476 struct Packet *pktout = (struct Packet *)data;
7478 unsigned int arg = 0;
7479 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
7480 if (i == lenof(ssh_ttymodes)) return;
7481 switch (ssh_ttymodes[i].type) {
7483 arg = ssh_tty_parse_specchar(val);
7486 arg = ssh_tty_parse_boolean(val);
7489 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
7490 ssh2_pkt_adduint32(pktout, arg);
7493 static void ssh2_setup_x11(struct ssh_channel *c, struct Packet *pktin,
7496 struct ssh2_setup_x11_state {
7500 struct Packet *pktout;
7501 crStateP(ssh2_setup_x11_state, ctx);
7505 logevent("Requesting X11 forwarding");
7506 pktout = ssh2_chanreq_init(ssh->mainchan, "x11-req",
7508 ssh2_pkt_addbool(pktout, 0); /* many connections */
7509 ssh2_pkt_addstring(pktout, ssh->x11disp->remoteauthprotoname);
7511 * Note that while we blank the X authentication data here, we don't
7512 * take any special action to blank the start of an X11 channel,
7513 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
7514 * without having session blanking enabled is likely to leak your
7515 * cookie into the log.
7517 dont_log_password(ssh, pktout, PKTLOG_BLANK);
7518 ssh2_pkt_addstring(pktout, ssh->x11disp->remoteauthdatastring);
7519 end_log_omission(ssh, pktout);
7520 ssh2_pkt_adduint32(pktout, ssh->x11disp->screennum);
7521 ssh2_pkt_send(ssh, pktout);
7523 crWaitUntilV(pktin);
7526 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) {
7527 logevent("X11 forwarding enabled");
7528 ssh->X11_fwd_enabled = TRUE;
7530 logevent("X11 forwarding refused");
7536 static void ssh2_setup_agent(struct ssh_channel *c, struct Packet *pktin,
7539 struct ssh2_setup_agent_state {
7543 struct Packet *pktout;
7544 crStateP(ssh2_setup_agent_state, ctx);
7548 logevent("Requesting OpenSSH-style agent forwarding");
7549 pktout = ssh2_chanreq_init(ssh->mainchan, "auth-agent-req@openssh.com",
7550 ssh2_setup_agent, s);
7551 ssh2_pkt_send(ssh, pktout);
7553 crWaitUntilV(pktin);
7556 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) {
7557 logevent("Agent forwarding enabled");
7558 ssh->agentfwd_enabled = TRUE;
7560 logevent("Agent forwarding refused");
7566 static void ssh2_setup_pty(struct ssh_channel *c, struct Packet *pktin,
7569 struct ssh2_setup_pty_state {
7573 struct Packet *pktout;
7574 crStateP(ssh2_setup_pty_state, ctx);
7578 /* Unpick the terminal-speed string. */
7579 /* XXX perhaps we should allow no speeds to be sent. */
7580 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
7581 sscanf(conf_get_str(ssh->conf, CONF_termspeed), "%d,%d", &ssh->ospeed, &ssh->ispeed);
7582 /* Build the pty request. */
7583 pktout = ssh2_chanreq_init(ssh->mainchan, "pty-req",
7585 ssh2_pkt_addstring(pktout, conf_get_str(ssh->conf, CONF_termtype));
7586 ssh2_pkt_adduint32(pktout, ssh->term_width);
7587 ssh2_pkt_adduint32(pktout, ssh->term_height);
7588 ssh2_pkt_adduint32(pktout, 0); /* pixel width */
7589 ssh2_pkt_adduint32(pktout, 0); /* pixel height */
7590 ssh2_pkt_addstring_start(pktout);
7591 parse_ttymodes(ssh, ssh2_send_ttymode, (void *)pktout);
7592 ssh2_pkt_addbyte(pktout, SSH2_TTY_OP_ISPEED);
7593 ssh2_pkt_adduint32(pktout, ssh->ispeed);
7594 ssh2_pkt_addbyte(pktout, SSH2_TTY_OP_OSPEED);
7595 ssh2_pkt_adduint32(pktout, ssh->ospeed);
7596 ssh2_pkt_addstring_data(pktout, "\0", 1); /* TTY_OP_END */
7597 ssh2_pkt_send(ssh, pktout);
7598 ssh->state = SSH_STATE_INTERMED;
7600 crWaitUntilV(pktin);
7603 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) {
7604 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
7605 ssh->ospeed, ssh->ispeed);
7606 ssh->got_pty = TRUE;
7608 c_write_str(ssh, "Server refused to allocate pty\r\n");
7609 ssh->editing = ssh->echoing = 1;
7616 static void ssh2_setup_env(struct ssh_channel *c, struct Packet *pktin,
7619 struct ssh2_setup_env_state {
7621 int num_env, env_left, env_ok;
7624 struct Packet *pktout;
7625 crStateP(ssh2_setup_env_state, ctx);
7630 * Send environment variables.
7632 * Simplest thing here is to send all the requests at once, and
7633 * then wait for a whole bunch of successes or failures.
7639 for (val = conf_get_str_strs(ssh->conf, CONF_environmt, NULL, &key);
7641 val = conf_get_str_strs(ssh->conf, CONF_environmt, key, &key)) {
7642 pktout = ssh2_chanreq_init(ssh->mainchan, "env", ssh2_setup_env, s);
7643 ssh2_pkt_addstring(pktout, key);
7644 ssh2_pkt_addstring(pktout, val);
7645 ssh2_pkt_send(ssh, pktout);
7650 logeventf(ssh, "Sent %d environment variables", s->num_env);
7655 s->env_left = s->num_env;
7657 while (s->env_left > 0) {
7658 crWaitUntilV(pktin);
7659 if (!pktin) goto out;
7660 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS)
7665 if (s->env_ok == s->num_env) {
7666 logevent("All environment variables successfully set");
7667 } else if (s->env_ok == 0) {
7668 logevent("All environment variables refused");
7669 c_write_str(ssh, "Server refused to set environment variables\r\n");
7671 logeventf(ssh, "%d environment variables refused",
7672 s->num_env - s->env_ok);
7673 c_write_str(ssh, "Server refused to set all environment variables\r\n");
7681 * Handle the SSH-2 userauth and connection layers.
7683 static void ssh2_msg_authconn(Ssh ssh, struct Packet *pktin)
7685 do_ssh2_authconn(ssh, NULL, 0, pktin);
7688 static void ssh2_response_authconn(struct ssh_channel *c, struct Packet *pktin,
7691 do_ssh2_authconn(c->ssh, NULL, 0, pktin);
7694 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
7695 struct Packet *pktin)
7697 struct do_ssh2_authconn_state {
7701 AUTH_TYPE_PUBLICKEY,
7702 AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
7703 AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
7705 AUTH_TYPE_GSSAPI, /* always QUIET */
7706 AUTH_TYPE_KEYBOARD_INTERACTIVE,
7707 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
7709 int done_service_req;
7710 int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
7711 int tried_pubkey_config, done_agent;
7716 int kbd_inter_refused;
7717 int we_are_in, userauth_success;
7718 prompts_t *cur_prompt;
7723 void *publickey_blob;
7724 int publickey_bloblen;
7725 int publickey_encrypted;
7726 char *publickey_algorithm;
7727 char *publickey_comment;
7728 unsigned char agent_request[5], *agent_response, *agentp;
7729 int agent_responselen;
7730 unsigned char *pkblob_in_agent;
7732 char *pkblob, *alg, *commentp;
7733 int pklen, alglen, commentlen;
7734 int siglen, retlen, len;
7735 char *q, *agentreq, *ret;
7737 struct Packet *pktout;
7740 struct ssh_gss_library *gsslib;
7741 Ssh_gss_ctx gss_ctx;
7742 Ssh_gss_buf gss_buf;
7743 Ssh_gss_buf gss_rcvtok, gss_sndtok;
7744 Ssh_gss_name gss_srv_name;
7745 Ssh_gss_stat gss_stat;
7748 crState(do_ssh2_authconn_state);
7752 /* Register as a handler for all the messages this coroutine handles. */
7753 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = ssh2_msg_authconn;
7754 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = ssh2_msg_authconn;
7755 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = ssh2_msg_authconn;
7756 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = ssh2_msg_authconn;
7757 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = ssh2_msg_authconn;
7758 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = ssh2_msg_authconn;
7759 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = ssh2_msg_authconn; duplicate case value */
7760 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = ssh2_msg_authconn; duplicate case value */
7761 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = ssh2_msg_authconn;
7762 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = ssh2_msg_authconn;
7763 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = ssh2_msg_authconn;
7764 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = ssh2_msg_authconn;
7765 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = ssh2_msg_authconn;
7766 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = ssh2_msg_authconn;
7767 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = ssh2_msg_authconn;
7768 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = ssh2_msg_authconn;
7769 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = ssh2_msg_authconn;
7770 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = ssh2_msg_authconn;
7771 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_authconn;
7772 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_authconn;
7774 s->done_service_req = FALSE;
7775 s->we_are_in = s->userauth_success = FALSE;
7777 s->tried_gssapi = FALSE;
7780 if (!conf_get_int(ssh->conf, CONF_ssh_no_userauth)) {
7782 * Request userauth protocol, and await a response to it.
7784 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7785 ssh2_pkt_addstring(s->pktout, "ssh-userauth");
7786 ssh2_pkt_send(ssh, s->pktout);
7787 crWaitUntilV(pktin);
7788 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT)
7789 s->done_service_req = TRUE;
7791 if (!s->done_service_req) {
7793 * Request connection protocol directly, without authentication.
7795 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7796 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7797 ssh2_pkt_send(ssh, s->pktout);
7798 crWaitUntilV(pktin);
7799 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT) {
7800 s->we_are_in = TRUE; /* no auth required */
7802 bombout(("Server refused service request"));
7807 /* Arrange to be able to deal with any BANNERs that come in.
7808 * (We do this now as packets may come in during the next bit.) */
7809 bufchain_init(&ssh->banner);
7810 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] =
7811 ssh2_msg_userauth_banner;
7814 * Misc one-time setup for authentication.
7816 s->publickey_blob = NULL;
7817 if (!s->we_are_in) {
7820 * Load the public half of any configured public key file
7823 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
7824 if (!filename_is_null(s->keyfile)) {
7826 logeventf(ssh, "Reading private key file \"%.150s\"",
7827 filename_to_str(s->keyfile));
7828 keytype = key_type(s->keyfile);
7829 if (keytype == SSH_KEYTYPE_SSH2) {
7832 ssh2_userkey_loadpub(s->keyfile,
7833 &s->publickey_algorithm,
7834 &s->publickey_bloblen,
7835 &s->publickey_comment, &error);
7836 if (s->publickey_blob) {
7837 s->publickey_encrypted =
7838 ssh2_userkey_encrypted(s->keyfile, NULL);
7841 logeventf(ssh, "Unable to load private key (%s)",
7843 msgbuf = dupprintf("Unable to load private key file "
7844 "\"%.150s\" (%s)\r\n",
7845 filename_to_str(s->keyfile),
7847 c_write_str(ssh, msgbuf);
7852 logeventf(ssh, "Unable to use this key file (%s)",
7853 key_type_to_str(keytype));
7854 msgbuf = dupprintf("Unable to use key file \"%.150s\""
7856 filename_to_str(s->keyfile),
7857 key_type_to_str(keytype));
7858 c_write_str(ssh, msgbuf);
7860 s->publickey_blob = NULL;
7865 * Find out about any keys Pageant has (but if there's a
7866 * public key configured, filter out all others).
7869 s->agent_response = NULL;
7870 s->pkblob_in_agent = NULL;
7871 if (conf_get_int(ssh->conf, CONF_tryagent) && agent_exists()) {
7875 logevent("Pageant is running. Requesting keys.");
7877 /* Request the keys held by the agent. */
7878 PUT_32BIT(s->agent_request, 1);
7879 s->agent_request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
7880 if (!agent_query(s->agent_request, 5, &r, &s->agent_responselen,
7881 ssh_agent_callback, ssh)) {
7885 bombout(("Unexpected data from server while"
7886 " waiting for agent response"));
7889 } while (pktin || inlen > 0);
7890 r = ssh->agent_response;
7891 s->agent_responselen = ssh->agent_response_len;
7893 s->agent_response = (unsigned char *) r;
7894 if (s->agent_response && s->agent_responselen >= 5 &&
7895 s->agent_response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
7898 p = s->agent_response + 5;
7899 s->nkeys = GET_32BIT(p);
7901 logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
7902 if (s->publickey_blob) {
7903 /* See if configured key is in agent. */
7904 for (keyi = 0; keyi < s->nkeys; keyi++) {
7905 s->pklen = GET_32BIT(p);
7906 if (s->pklen == s->publickey_bloblen &&
7907 !memcmp(p+4, s->publickey_blob,
7908 s->publickey_bloblen)) {
7909 logeventf(ssh, "Pageant key #%d matches "
7910 "configured key file", keyi);
7912 s->pkblob_in_agent = p;
7916 p += GET_32BIT(p) + 4; /* comment */
7918 if (!s->pkblob_in_agent) {
7919 logevent("Configured key file not in Pageant");
7924 logevent("Failed to get reply from Pageant");
7931 * We repeat this whole loop, including the username prompt,
7932 * until we manage a successful authentication. If the user
7933 * types the wrong _password_, they can be sent back to the
7934 * beginning to try another username, if this is configured on.
7935 * (If they specify a username in the config, they are never
7936 * asked, even if they do give a wrong password.)
7938 * I think this best serves the needs of
7940 * - the people who have no configuration, no keys, and just
7941 * want to try repeated (username,password) pairs until they
7942 * type both correctly
7944 * - people who have keys and configuration but occasionally
7945 * need to fall back to passwords
7947 * - people with a key held in Pageant, who might not have
7948 * logged in to a particular machine before; so they want to
7949 * type a username, and then _either_ their key will be
7950 * accepted, _or_ they will type a password. If they mistype
7951 * the username they will want to be able to get back and
7954 s->got_username = FALSE;
7955 while (!s->we_are_in) {
7959 if (s->got_username && !conf_get_int(ssh->conf, CONF_change_username)) {
7961 * We got a username last time round this loop, and
7962 * with change_username turned off we don't try to get
7965 } else if ((ssh->username = get_remote_username(ssh->conf)) == NULL) {
7966 int ret; /* need not be kept over crReturn */
7967 s->cur_prompt = new_prompts(ssh->frontend);
7968 s->cur_prompt->to_server = TRUE;
7969 s->cur_prompt->name = dupstr("SSH login name");
7970 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE);
7971 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7974 crWaitUntilV(!pktin);
7975 ret = get_userpass_input(s->cur_prompt, in, inlen);
7980 * get_userpass_input() failed to get a username.
7983 free_prompts(s->cur_prompt);
7984 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
7987 ssh->username = dupstr(s->cur_prompt->prompts[0]->result);
7988 free_prompts(s->cur_prompt);
7991 if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
7992 stuff = dupprintf("Using username \"%s\".\r\n", ssh->username);
7993 c_write_str(ssh, stuff);
7997 s->got_username = TRUE;
8000 * Send an authentication request using method "none": (a)
8001 * just in case it succeeds, and (b) so that we know what
8002 * authentication methods we can usefully try next.
8004 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
8006 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8007 ssh2_pkt_addstring(s->pktout, ssh->username);
8008 ssh2_pkt_addstring(s->pktout, "ssh-connection");/* service requested */
8009 ssh2_pkt_addstring(s->pktout, "none"); /* method */
8010 ssh2_pkt_send(ssh, s->pktout);
8011 s->type = AUTH_TYPE_NONE;
8013 s->we_are_in = FALSE;
8015 s->tried_pubkey_config = FALSE;
8016 s->kbd_inter_refused = FALSE;
8018 /* Reset agent request state. */
8019 s->done_agent = FALSE;
8020 if (s->agent_response) {
8021 if (s->pkblob_in_agent) {
8022 s->agentp = s->pkblob_in_agent;
8024 s->agentp = s->agent_response + 5 + 4;
8030 char *methods = NULL;
8034 * Wait for the result of the last authentication request.
8037 crWaitUntilV(pktin);
8039 * Now is a convenient point to spew any banner material
8040 * that we've accumulated. (This should ensure that when
8041 * we exit the auth loop, we haven't any left to deal
8045 int size = bufchain_size(&ssh->banner);
8047 * Don't show the banner if we're operating in
8048 * non-verbose non-interactive mode. (It's probably
8049 * a script, which means nobody will read the
8050 * banner _anyway_, and moreover the printing of
8051 * the banner will screw up processing on the
8052 * output of (say) plink.)
8054 if (size && (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE))) {
8055 char *banner = snewn(size, char);
8056 bufchain_fetch(&ssh->banner, banner, size);
8057 c_write_untrusted(ssh, banner, size);
8060 bufchain_clear(&ssh->banner);
8062 if (pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
8063 logevent("Access granted");
8064 s->we_are_in = s->userauth_success = TRUE;
8068 if (pktin->type != SSH2_MSG_USERAUTH_FAILURE && s->type != AUTH_TYPE_GSSAPI) {
8069 bombout(("Strange packet received during authentication: "
8070 "type %d", pktin->type));
8077 * OK, we're now sitting on a USERAUTH_FAILURE message, so
8078 * we can look at the string in it and know what we can
8079 * helpfully try next.
8081 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
8082 ssh_pkt_getstring(pktin, &methods, &methlen);
8083 if (!ssh2_pkt_getbool(pktin)) {
8085 * We have received an unequivocal Access
8086 * Denied. This can translate to a variety of
8087 * messages, or no message at all.
8089 * For forms of authentication which are attempted
8090 * implicitly, by which I mean without printing
8091 * anything in the window indicating that we're
8092 * trying them, we should never print 'Access
8095 * If we do print a message saying that we're
8096 * attempting some kind of authentication, it's OK
8097 * to print a followup message saying it failed -
8098 * but the message may sometimes be more specific
8099 * than simply 'Access denied'.
8101 * Additionally, if we'd just tried password
8102 * authentication, we should break out of this
8103 * whole loop so as to go back to the username
8104 * prompt (iff we're configured to allow
8105 * username change attempts).
8107 if (s->type == AUTH_TYPE_NONE) {
8109 } else if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
8110 s->type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
8111 if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
8112 c_write_str(ssh, "Server refused our key\r\n");
8113 logevent("Server refused our key");
8114 } else if (s->type == AUTH_TYPE_PUBLICKEY) {
8115 /* This _shouldn't_ happen except by a
8116 * protocol bug causing client and server to
8117 * disagree on what is a correct signature. */
8118 c_write_str(ssh, "Server refused public-key signature"
8119 " despite accepting key!\r\n");
8120 logevent("Server refused public-key signature"
8121 " despite accepting key!");
8122 } else if (s->type==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
8123 /* quiet, so no c_write */
8124 logevent("Server refused keyboard-interactive authentication");
8125 } else if (s->type==AUTH_TYPE_GSSAPI) {
8126 /* always quiet, so no c_write */
8127 /* also, the code down in the GSSAPI block has
8128 * already logged this in the Event Log */
8129 } else if (s->type == AUTH_TYPE_KEYBOARD_INTERACTIVE) {
8130 logevent("Keyboard-interactive authentication failed");
8131 c_write_str(ssh, "Access denied\r\n");
8133 assert(s->type == AUTH_TYPE_PASSWORD);
8134 logevent("Password authentication failed");
8135 c_write_str(ssh, "Access denied\r\n");
8137 if (conf_get_int(ssh->conf, CONF_change_username)) {
8138 /* XXX perhaps we should allow
8139 * keyboard-interactive to do this too? */
8140 s->we_are_in = FALSE;
8145 c_write_str(ssh, "Further authentication required\r\n");
8146 logevent("Further authentication required");
8150 in_commasep_string("publickey", methods, methlen);
8152 in_commasep_string("password", methods, methlen);
8153 s->can_keyb_inter = conf_get_int(ssh->conf, CONF_try_ki_auth) &&
8154 in_commasep_string("keyboard-interactive", methods, methlen);
8157 ssh->gsslibs = ssh_gss_setup(ssh->conf);
8158 s->can_gssapi = conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
8159 in_commasep_string("gssapi-with-mic", methods, methlen) &&
8160 ssh->gsslibs->nlibraries > 0;
8164 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
8166 if (s->can_pubkey && !s->done_agent && s->nkeys) {
8169 * Attempt public-key authentication using a key from Pageant.
8172 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
8174 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
8176 /* Unpack key from agent response */
8177 s->pklen = GET_32BIT(s->agentp);
8179 s->pkblob = (char *)s->agentp;
8180 s->agentp += s->pklen;
8181 s->alglen = GET_32BIT(s->pkblob);
8182 s->alg = s->pkblob + 4;
8183 s->commentlen = GET_32BIT(s->agentp);
8185 s->commentp = (char *)s->agentp;
8186 s->agentp += s->commentlen;
8187 /* s->agentp now points at next key, if any */
8189 /* See if server will accept it */
8190 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8191 ssh2_pkt_addstring(s->pktout, ssh->username);
8192 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8193 /* service requested */
8194 ssh2_pkt_addstring(s->pktout, "publickey");
8196 ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
8197 ssh2_pkt_addstring_start(s->pktout);
8198 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
8199 ssh2_pkt_addstring_start(s->pktout);
8200 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
8201 ssh2_pkt_send(ssh, s->pktout);
8202 s->type = AUTH_TYPE_PUBLICKEY_OFFER_QUIET;
8204 crWaitUntilV(pktin);
8205 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
8207 /* Offer of key refused. */
8214 if (flags & FLAG_VERBOSE) {
8215 c_write_str(ssh, "Authenticating with "
8217 c_write(ssh, s->commentp, s->commentlen);
8218 c_write_str(ssh, "\" from agent\r\n");
8222 * Server is willing to accept the key.
8223 * Construct a SIGN_REQUEST.
8225 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8226 ssh2_pkt_addstring(s->pktout, ssh->username);
8227 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8228 /* service requested */
8229 ssh2_pkt_addstring(s->pktout, "publickey");
8231 ssh2_pkt_addbool(s->pktout, TRUE); /* signature included */
8232 ssh2_pkt_addstring_start(s->pktout);
8233 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
8234 ssh2_pkt_addstring_start(s->pktout);
8235 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
8237 /* Ask agent for signature. */
8238 s->siglen = s->pktout->length - 5 + 4 +
8239 ssh->v2_session_id_len;
8240 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
8242 s->len = 1; /* message type */
8243 s->len += 4 + s->pklen; /* key blob */
8244 s->len += 4 + s->siglen; /* data to sign */
8245 s->len += 4; /* flags */
8246 s->agentreq = snewn(4 + s->len, char);
8247 PUT_32BIT(s->agentreq, s->len);
8248 s->q = s->agentreq + 4;
8249 *s->q++ = SSH2_AGENTC_SIGN_REQUEST;
8250 PUT_32BIT(s->q, s->pklen);
8252 memcpy(s->q, s->pkblob, s->pklen);
8254 PUT_32BIT(s->q, s->siglen);
8256 /* Now the data to be signed... */
8257 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
8258 PUT_32BIT(s->q, ssh->v2_session_id_len);
8261 memcpy(s->q, ssh->v2_session_id,
8262 ssh->v2_session_id_len);
8263 s->q += ssh->v2_session_id_len;
8264 memcpy(s->q, s->pktout->data + 5,
8265 s->pktout->length - 5);
8266 s->q += s->pktout->length - 5;
8267 /* And finally the (zero) flags word. */
8269 if (!agent_query(s->agentreq, s->len + 4,
8271 ssh_agent_callback, ssh)) {
8275 bombout(("Unexpected data from server"
8276 " while waiting for agent"
8280 } while (pktin || inlen > 0);
8281 vret = ssh->agent_response;
8282 s->retlen = ssh->agent_response_len;
8287 if (s->ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
8288 logevent("Sending Pageant's response");
8289 ssh2_add_sigblob(ssh, s->pktout,
8290 s->pkblob, s->pklen,
8292 GET_32BIT(s->ret + 5));
8293 ssh2_pkt_send(ssh, s->pktout);
8294 s->type = AUTH_TYPE_PUBLICKEY;
8296 /* FIXME: less drastic response */
8297 bombout(("Pageant failed to answer challenge"));
8303 /* Do we have any keys left to try? */
8304 if (s->pkblob_in_agent) {
8305 s->done_agent = TRUE;
8306 s->tried_pubkey_config = TRUE;
8309 if (s->keyi >= s->nkeys)
8310 s->done_agent = TRUE;
8313 } else if (s->can_pubkey && s->publickey_blob &&
8314 !s->tried_pubkey_config) {
8316 struct ssh2_userkey *key; /* not live over crReturn */
8317 char *passphrase; /* not live over crReturn */
8319 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
8321 s->tried_pubkey_config = TRUE;
8324 * Try the public key supplied in the configuration.
8326 * First, offer the public blob to see if the server is
8327 * willing to accept it.
8329 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8330 ssh2_pkt_addstring(s->pktout, ssh->username);
8331 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8332 /* service requested */
8333 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
8334 ssh2_pkt_addbool(s->pktout, FALSE);
8335 /* no signature included */
8336 ssh2_pkt_addstring(s->pktout, s->publickey_algorithm);
8337 ssh2_pkt_addstring_start(s->pktout);
8338 ssh2_pkt_addstring_data(s->pktout,
8339 (char *)s->publickey_blob,
8340 s->publickey_bloblen);
8341 ssh2_pkt_send(ssh, s->pktout);
8342 logevent("Offered public key");
8344 crWaitUntilV(pktin);
8345 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
8346 /* Key refused. Give up. */
8347 s->gotit = TRUE; /* reconsider message next loop */
8348 s->type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
8349 continue; /* process this new message */
8351 logevent("Offer of public key accepted");
8354 * Actually attempt a serious authentication using
8357 if (flags & FLAG_VERBOSE) {
8358 c_write_str(ssh, "Authenticating with public key \"");
8359 c_write_str(ssh, s->publickey_comment);
8360 c_write_str(ssh, "\"\r\n");
8364 const char *error; /* not live over crReturn */
8365 if (s->publickey_encrypted) {
8367 * Get a passphrase from the user.
8369 int ret; /* need not be kept over crReturn */
8370 s->cur_prompt = new_prompts(ssh->frontend);
8371 s->cur_prompt->to_server = FALSE;
8372 s->cur_prompt->name = dupstr("SSH key passphrase");
8373 add_prompt(s->cur_prompt,
8374 dupprintf("Passphrase for key \"%.100s\": ",
8375 s->publickey_comment),
8377 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8380 crWaitUntilV(!pktin);
8381 ret = get_userpass_input(s->cur_prompt,
8386 /* Failed to get a passphrase. Terminate. */
8387 free_prompts(s->cur_prompt);
8388 ssh_disconnect(ssh, NULL,
8389 "Unable to authenticate",
8390 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8395 dupstr(s->cur_prompt->prompts[0]->result);
8396 free_prompts(s->cur_prompt);
8398 passphrase = NULL; /* no passphrase needed */
8402 * Try decrypting the key.
8404 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
8405 key = ssh2_load_userkey(s->keyfile, passphrase, &error);
8407 /* burn the evidence */
8408 smemclr(passphrase, strlen(passphrase));
8411 if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
8413 (key == SSH2_WRONG_PASSPHRASE)) {
8414 c_write_str(ssh, "Wrong passphrase\r\n");
8416 /* and loop again */
8418 c_write_str(ssh, "Unable to load private key (");
8419 c_write_str(ssh, error);
8420 c_write_str(ssh, ")\r\n");
8422 break; /* try something else */
8428 unsigned char *pkblob, *sigblob, *sigdata;
8429 int pkblob_len, sigblob_len, sigdata_len;
8433 * We have loaded the private key and the server
8434 * has announced that it's willing to accept it.
8435 * Hallelujah. Generate a signature and send it.
8437 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8438 ssh2_pkt_addstring(s->pktout, ssh->username);
8439 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8440 /* service requested */
8441 ssh2_pkt_addstring(s->pktout, "publickey");
8443 ssh2_pkt_addbool(s->pktout, TRUE);
8444 /* signature follows */
8445 ssh2_pkt_addstring(s->pktout, key->alg->name);
8446 pkblob = key->alg->public_blob(key->data,
8448 ssh2_pkt_addstring_start(s->pktout);
8449 ssh2_pkt_addstring_data(s->pktout, (char *)pkblob,
8453 * The data to be signed is:
8457 * followed by everything so far placed in the
8460 sigdata_len = s->pktout->length - 5 + 4 +
8461 ssh->v2_session_id_len;
8462 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
8464 sigdata = snewn(sigdata_len, unsigned char);
8466 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
8467 PUT_32BIT(sigdata+p, ssh->v2_session_id_len);
8470 memcpy(sigdata+p, ssh->v2_session_id,
8471 ssh->v2_session_id_len);
8472 p += ssh->v2_session_id_len;
8473 memcpy(sigdata+p, s->pktout->data + 5,
8474 s->pktout->length - 5);
8475 p += s->pktout->length - 5;
8476 assert(p == sigdata_len);
8477 sigblob = key->alg->sign(key->data, (char *)sigdata,
8478 sigdata_len, &sigblob_len);
8479 ssh2_add_sigblob(ssh, s->pktout, pkblob, pkblob_len,
8480 sigblob, sigblob_len);
8485 ssh2_pkt_send(ssh, s->pktout);
8486 logevent("Sent public key signature");
8487 s->type = AUTH_TYPE_PUBLICKEY;
8488 key->alg->freekey(key->data);
8492 } else if (s->can_gssapi && !s->tried_gssapi) {
8494 /* GSSAPI Authentication */
8499 s->type = AUTH_TYPE_GSSAPI;
8500 s->tried_gssapi = TRUE;
8502 ssh->pkt_actx = SSH2_PKTCTX_GSSAPI;
8505 * Pick the highest GSS library on the preference
8511 for (i = 0; i < ngsslibs; i++) {
8512 int want_id = conf_get_int_int(ssh->conf,
8513 CONF_ssh_gsslist, i);
8514 for (j = 0; j < ssh->gsslibs->nlibraries; j++)
8515 if (ssh->gsslibs->libraries[j].id == want_id) {
8516 s->gsslib = &ssh->gsslibs->libraries[j];
8517 goto got_gsslib; /* double break */
8522 * We always expect to have found something in
8523 * the above loop: we only came here if there
8524 * was at least one viable GSS library, and the
8525 * preference list should always mention
8526 * everything and only change the order.
8531 if (s->gsslib->gsslogmsg)
8532 logevent(s->gsslib->gsslogmsg);
8534 /* Sending USERAUTH_REQUEST with "gssapi-with-mic" method */
8535 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8536 ssh2_pkt_addstring(s->pktout, ssh->username);
8537 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8538 ssh2_pkt_addstring(s->pktout, "gssapi-with-mic");
8539 logevent("Attempting GSSAPI authentication");
8541 /* add mechanism info */
8542 s->gsslib->indicate_mech(s->gsslib, &s->gss_buf);
8544 /* number of GSSAPI mechanisms */
8545 ssh2_pkt_adduint32(s->pktout,1);
8547 /* length of OID + 2 */
8548 ssh2_pkt_adduint32(s->pktout, s->gss_buf.length + 2);
8549 ssh2_pkt_addbyte(s->pktout, SSH2_GSS_OIDTYPE);
8552 ssh2_pkt_addbyte(s->pktout, (unsigned char) s->gss_buf.length);
8554 ssh_pkt_adddata(s->pktout, s->gss_buf.value,
8556 ssh2_pkt_send(ssh, s->pktout);
8557 crWaitUntilV(pktin);
8558 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_RESPONSE) {
8559 logevent("GSSAPI authentication request refused");
8563 /* check returned packet ... */
8565 ssh_pkt_getstring(pktin, &data, &len);
8566 s->gss_rcvtok.value = data;
8567 s->gss_rcvtok.length = len;
8568 if (s->gss_rcvtok.length != s->gss_buf.length + 2 ||
8569 ((char *)s->gss_rcvtok.value)[0] != SSH2_GSS_OIDTYPE ||
8570 ((char *)s->gss_rcvtok.value)[1] != s->gss_buf.length ||
8571 memcmp((char *)s->gss_rcvtok.value + 2,
8572 s->gss_buf.value,s->gss_buf.length) ) {
8573 logevent("GSSAPI authentication - wrong response from server");
8577 /* now start running */
8578 s->gss_stat = s->gsslib->import_name(s->gsslib,
8581 if (s->gss_stat != SSH_GSS_OK) {
8582 if (s->gss_stat == SSH_GSS_BAD_HOST_NAME)
8583 logevent("GSSAPI import name failed - Bad service name");
8585 logevent("GSSAPI import name failed");
8589 /* fetch TGT into GSS engine */
8590 s->gss_stat = s->gsslib->acquire_cred(s->gsslib, &s->gss_ctx);
8592 if (s->gss_stat != SSH_GSS_OK) {
8593 logevent("GSSAPI authentication failed to get credentials");
8594 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8598 /* initial tokens are empty */
8599 SSH_GSS_CLEAR_BUF(&s->gss_rcvtok);
8600 SSH_GSS_CLEAR_BUF(&s->gss_sndtok);
8602 /* now enter the loop */
8604 s->gss_stat = s->gsslib->init_sec_context
8608 conf_get_int(ssh->conf, CONF_gssapifwd),
8612 if (s->gss_stat!=SSH_GSS_S_COMPLETE &&
8613 s->gss_stat!=SSH_GSS_S_CONTINUE_NEEDED) {
8614 logevent("GSSAPI authentication initialisation failed");
8616 if (s->gsslib->display_status(s->gsslib, s->gss_ctx,
8617 &s->gss_buf) == SSH_GSS_OK) {
8618 logevent(s->gss_buf.value);
8619 sfree(s->gss_buf.value);
8624 logevent("GSSAPI authentication initialised");
8626 /* Client and server now exchange tokens until GSSAPI
8627 * no longer says CONTINUE_NEEDED */
8629 if (s->gss_sndtok.length != 0) {
8630 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
8631 ssh_pkt_addstring_start(s->pktout);
8632 ssh_pkt_addstring_data(s->pktout,s->gss_sndtok.value,s->gss_sndtok.length);
8633 ssh2_pkt_send(ssh, s->pktout);
8634 s->gsslib->free_tok(s->gsslib, &s->gss_sndtok);
8637 if (s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED) {
8638 crWaitUntilV(pktin);
8639 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_TOKEN) {
8640 logevent("GSSAPI authentication - bad server response");
8641 s->gss_stat = SSH_GSS_FAILURE;
8644 ssh_pkt_getstring(pktin, &data, &len);
8645 s->gss_rcvtok.value = data;
8646 s->gss_rcvtok.length = len;
8648 } while (s-> gss_stat == SSH_GSS_S_CONTINUE_NEEDED);
8650 if (s->gss_stat != SSH_GSS_OK) {
8651 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8652 s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
8655 logevent("GSSAPI authentication loop finished OK");
8657 /* Now send the MIC */
8659 s->pktout = ssh2_pkt_init(0);
8660 micoffset = s->pktout->length;
8661 ssh_pkt_addstring_start(s->pktout);
8662 ssh_pkt_addstring_data(s->pktout, (char *)ssh->v2_session_id, ssh->v2_session_id_len);
8663 ssh_pkt_addbyte(s->pktout, SSH2_MSG_USERAUTH_REQUEST);
8664 ssh_pkt_addstring(s->pktout, ssh->username);
8665 ssh_pkt_addstring(s->pktout, "ssh-connection");
8666 ssh_pkt_addstring(s->pktout, "gssapi-with-mic");
8668 s->gss_buf.value = (char *)s->pktout->data + micoffset;
8669 s->gss_buf.length = s->pktout->length - micoffset;
8671 s->gsslib->get_mic(s->gsslib, s->gss_ctx, &s->gss_buf, &mic);
8672 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_MIC);
8673 ssh_pkt_addstring_start(s->pktout);
8674 ssh_pkt_addstring_data(s->pktout, mic.value, mic.length);
8675 ssh2_pkt_send(ssh, s->pktout);
8676 s->gsslib->free_mic(s->gsslib, &mic);
8680 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8681 s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
8684 } else if (s->can_keyb_inter && !s->kbd_inter_refused) {
8687 * Keyboard-interactive authentication.
8690 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
8692 ssh->pkt_actx = SSH2_PKTCTX_KBDINTER;
8694 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8695 ssh2_pkt_addstring(s->pktout, ssh->username);
8696 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8697 /* service requested */
8698 ssh2_pkt_addstring(s->pktout, "keyboard-interactive");
8700 ssh2_pkt_addstring(s->pktout, ""); /* lang */
8701 ssh2_pkt_addstring(s->pktout, ""); /* submethods */
8702 ssh2_pkt_send(ssh, s->pktout);
8704 logevent("Attempting keyboard-interactive authentication");
8706 crWaitUntilV(pktin);
8707 if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
8708 /* Server is not willing to do keyboard-interactive
8709 * at all (or, bizarrely but legally, accepts the
8710 * user without actually issuing any prompts).
8711 * Give up on it entirely. */
8713 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
8714 s->kbd_inter_refused = TRUE; /* don't try it again */
8719 * Loop while the server continues to send INFO_REQUESTs.
8721 while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
8723 char *name, *inst, *lang;
8724 int name_len, inst_len, lang_len;
8728 * We've got a fresh USERAUTH_INFO_REQUEST.
8729 * Get the preamble and start building a prompt.
8731 ssh_pkt_getstring(pktin, &name, &name_len);
8732 ssh_pkt_getstring(pktin, &inst, &inst_len);
8733 ssh_pkt_getstring(pktin, &lang, &lang_len);
8734 s->cur_prompt = new_prompts(ssh->frontend);
8735 s->cur_prompt->to_server = TRUE;
8738 * Get any prompt(s) from the packet.
8740 s->num_prompts = ssh_pkt_getuint32(pktin);
8741 for (i = 0; i < s->num_prompts; i++) {
8745 static char noprompt[] =
8746 "<server failed to send prompt>: ";
8748 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8749 echo = ssh2_pkt_getbool(pktin);
8752 prompt_len = lenof(noprompt)-1;
8754 add_prompt(s->cur_prompt,
8755 dupprintf("%.*s", prompt_len, prompt),
8760 /* FIXME: better prefix to distinguish from
8762 s->cur_prompt->name =
8763 dupprintf("SSH server: %.*s", name_len, name);
8764 s->cur_prompt->name_reqd = TRUE;
8766 s->cur_prompt->name =
8767 dupstr("SSH server authentication");
8768 s->cur_prompt->name_reqd = FALSE;
8770 /* We add a prefix to try to make it clear that a prompt
8771 * has come from the server.
8772 * FIXME: ugly to print "Using..." in prompt _every_
8773 * time round. Can this be done more subtly? */
8774 /* Special case: for reasons best known to themselves,
8775 * some servers send k-i requests with no prompts and
8776 * nothing to display. Keep quiet in this case. */
8777 if (s->num_prompts || name_len || inst_len) {
8778 s->cur_prompt->instruction =
8779 dupprintf("Using keyboard-interactive authentication.%s%.*s",
8780 inst_len ? "\n" : "", inst_len, inst);
8781 s->cur_prompt->instr_reqd = TRUE;
8783 s->cur_prompt->instr_reqd = FALSE;
8787 * Display any instructions, and get the user's
8791 int ret; /* not live over crReturn */
8792 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8795 crWaitUntilV(!pktin);
8796 ret = get_userpass_input(s->cur_prompt, in, inlen);
8801 * Failed to get responses. Terminate.
8803 free_prompts(s->cur_prompt);
8804 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8805 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8812 * Send the response(s) to the server.
8814 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
8815 ssh2_pkt_adduint32(s->pktout, s->num_prompts);
8816 for (i=0; i < s->num_prompts; i++) {
8817 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8818 ssh2_pkt_addstring(s->pktout,
8819 s->cur_prompt->prompts[i]->result);
8820 end_log_omission(ssh, s->pktout);
8822 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8825 * Free the prompts structure from this iteration.
8826 * If there's another, a new one will be allocated
8827 * when we return to the top of this while loop.
8829 free_prompts(s->cur_prompt);
8832 * Get the next packet in case it's another
8835 crWaitUntilV(pktin);
8840 * We should have SUCCESS or FAILURE now.
8844 } else if (s->can_passwd) {
8847 * Plain old password authentication.
8849 int ret; /* not live over crReturn */
8850 int changereq_first_time; /* not live over crReturn */
8852 ssh->pkt_actx = SSH2_PKTCTX_PASSWORD;
8854 s->cur_prompt = new_prompts(ssh->frontend);
8855 s->cur_prompt->to_server = TRUE;
8856 s->cur_prompt->name = dupstr("SSH password");
8857 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
8862 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8865 crWaitUntilV(!pktin);
8866 ret = get_userpass_input(s->cur_prompt, in, inlen);
8871 * Failed to get responses. Terminate.
8873 free_prompts(s->cur_prompt);
8874 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8875 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8880 * Squirrel away the password. (We may need it later if
8881 * asked to change it.)
8883 s->password = dupstr(s->cur_prompt->prompts[0]->result);
8884 free_prompts(s->cur_prompt);
8887 * Send the password packet.
8889 * We pad out the password packet to 256 bytes to make
8890 * it harder for an attacker to find the length of the
8893 * Anyone using a password longer than 256 bytes
8894 * probably doesn't have much to worry about from
8895 * people who find out how long their password is!
8897 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8898 ssh2_pkt_addstring(s->pktout, ssh->username);
8899 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8900 /* service requested */
8901 ssh2_pkt_addstring(s->pktout, "password");
8902 ssh2_pkt_addbool(s->pktout, FALSE);
8903 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8904 ssh2_pkt_addstring(s->pktout, s->password);
8905 end_log_omission(ssh, s->pktout);
8906 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8907 logevent("Sent password");
8908 s->type = AUTH_TYPE_PASSWORD;
8911 * Wait for next packet, in case it's a password change
8914 crWaitUntilV(pktin);
8915 changereq_first_time = TRUE;
8917 while (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
8920 * We're being asked for a new password
8921 * (perhaps not for the first time).
8922 * Loop until the server accepts it.
8925 int got_new = FALSE; /* not live over crReturn */
8926 char *prompt; /* not live over crReturn */
8927 int prompt_len; /* not live over crReturn */
8931 if (changereq_first_time)
8932 msg = "Server requested password change";
8934 msg = "Server rejected new password";
8936 c_write_str(ssh, msg);
8937 c_write_str(ssh, "\r\n");
8940 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8942 s->cur_prompt = new_prompts(ssh->frontend);
8943 s->cur_prompt->to_server = TRUE;
8944 s->cur_prompt->name = dupstr("New SSH password");
8945 s->cur_prompt->instruction =
8946 dupprintf("%.*s", prompt_len, prompt);
8947 s->cur_prompt->instr_reqd = TRUE;
8949 * There's no explicit requirement in the protocol
8950 * for the "old" passwords in the original and
8951 * password-change messages to be the same, and
8952 * apparently some Cisco kit supports password change
8953 * by the user entering a blank password originally
8954 * and the real password subsequently, so,
8955 * reluctantly, we prompt for the old password again.
8957 * (On the other hand, some servers don't even bother
8958 * to check this field.)
8960 add_prompt(s->cur_prompt,
8961 dupstr("Current password (blank for previously entered password): "),
8963 add_prompt(s->cur_prompt, dupstr("Enter new password: "),
8965 add_prompt(s->cur_prompt, dupstr("Confirm new password: "),
8969 * Loop until the user manages to enter the same
8974 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8977 crWaitUntilV(!pktin);
8978 ret = get_userpass_input(s->cur_prompt, in, inlen);
8983 * Failed to get responses. Terminate.
8985 /* burn the evidence */
8986 free_prompts(s->cur_prompt);
8987 smemclr(s->password, strlen(s->password));
8989 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8990 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8996 * If the user specified a new original password
8997 * (IYSWIM), overwrite any previously specified
8999 * (A side effect is that the user doesn't have to
9000 * re-enter it if they louse up the new password.)
9002 if (s->cur_prompt->prompts[0]->result[0]) {
9003 smemclr(s->password, strlen(s->password));
9004 /* burn the evidence */
9007 dupstr(s->cur_prompt->prompts[0]->result);
9011 * Check the two new passwords match.
9013 got_new = (strcmp(s->cur_prompt->prompts[1]->result,
9014 s->cur_prompt->prompts[2]->result)
9017 /* They don't. Silly user. */
9018 c_write_str(ssh, "Passwords do not match\r\n");
9023 * Send the new password (along with the old one).
9024 * (see above for padding rationale)
9026 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
9027 ssh2_pkt_addstring(s->pktout, ssh->username);
9028 ssh2_pkt_addstring(s->pktout, "ssh-connection");
9029 /* service requested */
9030 ssh2_pkt_addstring(s->pktout, "password");
9031 ssh2_pkt_addbool(s->pktout, TRUE);
9032 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
9033 ssh2_pkt_addstring(s->pktout, s->password);
9034 ssh2_pkt_addstring(s->pktout,
9035 s->cur_prompt->prompts[1]->result);
9036 free_prompts(s->cur_prompt);
9037 end_log_omission(ssh, s->pktout);
9038 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
9039 logevent("Sent new password");
9042 * Now see what the server has to say about it.
9043 * (If it's CHANGEREQ again, it's not happy with the
9046 crWaitUntilV(pktin);
9047 changereq_first_time = FALSE;
9052 * We need to reexamine the current pktin at the top
9053 * of the loop. Either:
9054 * - we weren't asked to change password at all, in
9055 * which case it's a SUCCESS or FAILURE with the
9057 * - we sent a new password, and the server was
9058 * either OK with it (SUCCESS or FAILURE w/partial
9059 * success) or unhappy with the _old_ password
9060 * (FAILURE w/o partial success)
9061 * In any of these cases, we go back to the top of
9062 * the loop and start again.
9067 * We don't need the old password any more, in any
9068 * case. Burn the evidence.
9070 smemclr(s->password, strlen(s->password));
9074 char *str = dupprintf("No supported authentication methods available"
9075 " (server sent: %.*s)",
9078 ssh_disconnect(ssh, str,
9079 "No supported authentication methods available",
9080 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,
9090 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
9092 /* Clear up various bits and pieces from authentication. */
9093 if (s->publickey_blob) {
9094 sfree(s->publickey_blob);
9095 sfree(s->publickey_comment);
9097 if (s->agent_response)
9098 sfree(s->agent_response);
9100 if (s->userauth_success) {
9102 * We've just received USERAUTH_SUCCESS, and we haven't sent any
9103 * packets since. Signal the transport layer to consider enacting
9104 * delayed compression.
9106 * (Relying on we_are_in is not sufficient, as
9107 * draft-miller-secsh-compression-delayed is quite clear that it
9108 * triggers on USERAUTH_SUCCESS specifically, and we_are_in can
9109 * become set for other reasons.)
9111 do_ssh2_transport(ssh, "enabling delayed compression", -2, NULL);
9115 * Now the connection protocol has started, one way or another.
9118 ssh->channels = newtree234(ssh_channelcmp);
9121 * Set up handlers for some connection protocol messages, so we
9122 * don't have to handle them repeatedly in this coroutine.
9124 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] =
9125 ssh2_msg_channel_window_adjust;
9126 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] =
9127 ssh2_msg_global_request;
9130 * Create the main session channel.
9132 if (conf_get_int(ssh->conf, CONF_ssh_no_shell)) {
9133 ssh->mainchan = NULL;
9135 ssh->mainchan = snew(struct ssh_channel);
9136 ssh->mainchan->ssh = ssh;
9137 ssh2_channel_init(ssh->mainchan);
9139 if (*conf_get_str(ssh->conf, CONF_ssh_nc_host)) {
9141 * Just start a direct-tcpip channel and use it as the main
9144 ssh_send_port_open(ssh->mainchan,
9145 conf_get_str(ssh->conf, CONF_ssh_nc_host),
9146 conf_get_int(ssh->conf, CONF_ssh_nc_port),
9150 s->pktout = ssh2_chanopen_init(ssh->mainchan, "session");
9151 logevent("Opening session as main channel");
9152 ssh2_pkt_send(ssh, s->pktout);
9153 ssh->ncmode = FALSE;
9155 crWaitUntilV(pktin);
9156 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
9157 bombout(("Server refused to open channel"));
9159 /* FIXME: error data comes back in FAILURE packet */
9161 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
9162 bombout(("Server's channel confirmation cited wrong channel"));
9165 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
9166 ssh->mainchan->halfopen = FALSE;
9167 ssh->mainchan->type = CHAN_MAINSESSION;
9168 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
9169 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
9170 add234(ssh->channels, ssh->mainchan);
9171 update_specials_menu(ssh->frontend);
9172 logevent("Opened main channel");
9176 * Now we have a channel, make dispatch table entries for
9177 * general channel-based messages.
9179 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] =
9180 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] =
9181 ssh2_msg_channel_data;
9182 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_channel_eof;
9183 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_channel_close;
9184 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] =
9185 ssh2_msg_channel_open_confirmation;
9186 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] =
9187 ssh2_msg_channel_open_failure;
9188 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] =
9189 ssh2_msg_channel_request;
9190 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] =
9191 ssh2_msg_channel_open;
9192 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = ssh2_msg_channel_response;
9193 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = ssh2_msg_channel_response;
9196 if (ssh->mainchan && conf_get_int(ssh->conf, CONF_ssh_simple)) {
9198 * This message indicates to the server that we promise
9199 * not to try to run any other channel in parallel with
9200 * this one, so it's safe for it to advertise a very large
9201 * window and leave the flow control to TCP.
9203 s->pktout = ssh2_chanreq_init(ssh->mainchan,
9204 "simple@putty.projects.tartarus.org",
9206 ssh2_pkt_send(ssh, s->pktout);
9210 * Enable port forwardings.
9212 ssh_setup_portfwd(ssh, ssh->conf);
9214 if (ssh->mainchan && !ssh->ncmode) {
9216 * Send the CHANNEL_REQUESTS for the main session channel.
9217 * Each one is handled by its own little asynchronous
9221 /* Potentially enable X11 forwarding. */
9222 if (conf_get_int(ssh->conf, CONF_x11_forward) &&
9224 x11_setup_display(conf_get_str(ssh->conf, CONF_x11_display),
9225 conf_get_int(ssh->conf, CONF_x11_auth),
9227 ssh2_setup_x11(ssh->mainchan, NULL, NULL);
9229 /* Potentially enable agent forwarding. */
9230 if (conf_get_int(ssh->conf, CONF_agentfwd) && agent_exists())
9231 ssh2_setup_agent(ssh->mainchan, NULL, NULL);
9233 /* Now allocate a pty for the session. */
9234 if (!conf_get_int(ssh->conf, CONF_nopty))
9235 ssh2_setup_pty(ssh->mainchan, NULL, NULL);
9237 /* Send environment variables. */
9238 ssh2_setup_env(ssh->mainchan, NULL, NULL);
9241 * Start a shell or a remote command. We may have to attempt
9242 * this twice if the config data has provided a second choice
9249 if (ssh->fallback_cmd) {
9250 subsys = conf_get_int(ssh->conf, CONF_ssh_subsys2);
9251 cmd = conf_get_str(ssh->conf, CONF_remote_cmd2);
9253 subsys = conf_get_int(ssh->conf, CONF_ssh_subsys);
9254 cmd = conf_get_str(ssh->conf, CONF_remote_cmd);
9258 s->pktout = ssh2_chanreq_init(ssh->mainchan, "subsystem",
9259 ssh2_response_authconn, NULL);
9260 ssh2_pkt_addstring(s->pktout, cmd);
9262 s->pktout = ssh2_chanreq_init(ssh->mainchan, "exec",
9263 ssh2_response_authconn, NULL);
9264 ssh2_pkt_addstring(s->pktout, cmd);
9266 s->pktout = ssh2_chanreq_init(ssh->mainchan, "shell",
9267 ssh2_response_authconn, NULL);
9269 ssh2_pkt_send(ssh, s->pktout);
9271 crWaitUntilV(pktin);
9273 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
9274 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
9275 bombout(("Unexpected response to shell/command request:"
9276 " packet type %d", pktin->type));
9280 * We failed to start the command. If this is the
9281 * fallback command, we really are finished; if it's
9282 * not, and if the fallback command exists, try falling
9283 * back to it before complaining.
9285 if (!ssh->fallback_cmd &&
9286 *conf_get_str(ssh->conf, CONF_remote_cmd2)) {
9287 logevent("Primary command failed; attempting fallback");
9288 ssh->fallback_cmd = TRUE;
9291 bombout(("Server refused to start a shell/command"));
9294 logevent("Started a shell/command");
9299 ssh->editing = ssh->echoing = TRUE;
9302 ssh->state = SSH_STATE_SESSION;
9303 if (ssh->size_needed)
9304 ssh_size(ssh, ssh->term_width, ssh->term_height);
9305 if (ssh->eof_needed)
9306 ssh_special(ssh, TS_EOF);
9312 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
9317 s->try_send = FALSE;
9321 * _All_ the connection-layer packets we expect to
9322 * receive are now handled by the dispatch table.
9323 * Anything that reaches here must be bogus.
9326 bombout(("Strange packet received: type %d", pktin->type));
9328 } else if (ssh->mainchan) {
9330 * We have spare data. Add it to the channel buffer.
9332 ssh2_add_channel_data(ssh->mainchan, (char *)in, inlen);
9337 struct ssh_channel *c;
9339 * Try to send data on all channels if we can.
9341 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
9342 ssh2_try_send_and_unthrottle(ssh, c);
9350 * Handlers for SSH-2 messages that might arrive at any moment.
9352 static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
9354 /* log reason code in disconnect message */
9358 reason = ssh_pkt_getuint32(pktin);
9359 ssh_pkt_getstring(pktin, &msg, &msglen);
9361 if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
9362 buf = dupprintf("Received disconnect message (%s)",
9363 ssh2_disconnect_reasons[reason]);
9365 buf = dupprintf("Received disconnect message (unknown"
9366 " type %d)", reason);
9370 buf = dupprintf("Disconnection message text: %.*s",
9373 bombout(("Server sent disconnect message\ntype %d (%s):\n\"%.*s\"",
9375 (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
9376 ssh2_disconnect_reasons[reason] : "unknown",
9381 static void ssh2_msg_debug(Ssh ssh, struct Packet *pktin)
9383 /* log the debug message */
9387 /* XXX maybe we should actually take notice of the return value */
9388 ssh2_pkt_getbool(pktin);
9389 ssh_pkt_getstring(pktin, &msg, &msglen);
9391 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
9394 static void ssh2_msg_transport(Ssh ssh, struct Packet *pktin)
9396 do_ssh2_transport(ssh, NULL, 0, pktin);
9400 * Called if we receive a packet that isn't allowed by the protocol.
9401 * This only applies to packets whose meaning PuTTY understands.
9402 * Entirely unknown packets are handled below.
9404 static void ssh2_msg_unexpected(Ssh ssh, struct Packet *pktin)
9406 char *buf = dupprintf("Server protocol violation: unexpected %s packet",
9407 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
9409 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
9413 static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
9415 struct Packet *pktout;
9416 pktout = ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED);
9417 ssh2_pkt_adduint32(pktout, pktin->sequence);
9419 * UNIMPLEMENTED messages MUST appear in the same order as the
9420 * messages they respond to. Hence, never queue them.
9422 ssh2_pkt_send_noqueue(ssh, pktout);
9426 * Handle the top-level SSH-2 protocol.
9428 static void ssh2_protocol_setup(Ssh ssh)
9433 * Most messages cause SSH2_MSG_UNIMPLEMENTED.
9435 for (i = 0; i < 256; i++)
9436 ssh->packet_dispatch[i] = ssh2_msg_something_unimplemented;
9439 * Initially, we only accept transport messages (and a few generic
9440 * ones). do_ssh2_authconn will add more when it starts.
9441 * Messages that are understood but not currently acceptable go to
9442 * ssh2_msg_unexpected.
9444 ssh->packet_dispatch[SSH2_MSG_UNIMPLEMENTED] = ssh2_msg_unexpected;
9445 ssh->packet_dispatch[SSH2_MSG_SERVICE_REQUEST] = ssh2_msg_unexpected;
9446 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = ssh2_msg_unexpected;
9447 ssh->packet_dispatch[SSH2_MSG_KEXINIT] = ssh2_msg_transport;
9448 ssh->packet_dispatch[SSH2_MSG_NEWKEYS] = ssh2_msg_transport;
9449 ssh->packet_dispatch[SSH2_MSG_KEXDH_INIT] = ssh2_msg_transport;
9450 ssh->packet_dispatch[SSH2_MSG_KEXDH_REPLY] = ssh2_msg_transport;
9451 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REQUEST] = ssh2_msg_transport; duplicate case value */
9452 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_GROUP] = ssh2_msg_transport; duplicate case value */
9453 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_INIT] = ssh2_msg_transport;
9454 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REPLY] = ssh2_msg_transport;
9455 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = ssh2_msg_unexpected;
9456 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = ssh2_msg_unexpected;
9457 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = ssh2_msg_unexpected;
9458 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = ssh2_msg_unexpected;
9459 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = ssh2_msg_unexpected;
9460 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = ssh2_msg_unexpected; duplicate case value */
9461 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = ssh2_msg_unexpected; duplicate case value */
9462 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = ssh2_msg_unexpected;
9463 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = ssh2_msg_unexpected;
9464 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = ssh2_msg_unexpected;
9465 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = ssh2_msg_unexpected;
9466 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = ssh2_msg_unexpected;
9467 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = ssh2_msg_unexpected;
9468 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = ssh2_msg_unexpected;
9469 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = ssh2_msg_unexpected;
9470 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = ssh2_msg_unexpected;
9471 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = ssh2_msg_unexpected;
9472 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_unexpected;
9473 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_unexpected;
9474 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] = ssh2_msg_unexpected;
9475 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = ssh2_msg_unexpected;
9476 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = ssh2_msg_unexpected;
9479 * These messages have a special handler from the start.
9481 ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
9482 ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
9483 ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
9486 static void ssh2_timer(void *ctx, unsigned long now)
9490 if (ssh->state == SSH_STATE_CLOSED)
9493 if (!ssh->kex_in_progress && conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0 &&
9494 now == ssh->next_rekey) {
9495 do_ssh2_transport(ssh, "timeout", -1, NULL);
9499 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
9500 struct Packet *pktin)
9502 unsigned char *in = (unsigned char *)vin;
9503 if (ssh->state == SSH_STATE_CLOSED)
9507 ssh->incoming_data_size += pktin->encrypted_len;
9508 if (!ssh->kex_in_progress &&
9509 ssh->max_data_size != 0 &&
9510 ssh->incoming_data_size > ssh->max_data_size)
9511 do_ssh2_transport(ssh, "too much data received", -1, NULL);
9515 ssh->packet_dispatch[pktin->type](ssh, pktin);
9516 else if (!ssh->protocol_initial_phase_done)
9517 do_ssh2_transport(ssh, in, inlen, pktin);
9519 do_ssh2_authconn(ssh, in, inlen, pktin);
9522 static void ssh_cache_conf_values(Ssh ssh)
9524 ssh->logomitdata = conf_get_int(ssh->conf, CONF_logomitdata);
9528 * Called to set up the connection.
9530 * Returns an error message, or NULL on success.
9532 static const char *ssh_init(void *frontend_handle, void **backend_handle,
9533 Conf *conf, char *host, int port, char **realhost,
9534 int nodelay, int keepalive)
9539 ssh = snew(struct ssh_tag);
9540 ssh->conf = conf_copy(conf);
9541 ssh_cache_conf_values(ssh);
9542 ssh->version = 0; /* when not ready yet */
9545 ssh->v1_cipher_ctx = NULL;
9546 ssh->crcda_ctx = NULL;
9547 ssh->cscipher = NULL;
9548 ssh->cs_cipher_ctx = NULL;
9549 ssh->sccipher = NULL;
9550 ssh->sc_cipher_ctx = NULL;
9552 ssh->cs_mac_ctx = NULL;
9554 ssh->sc_mac_ctx = NULL;
9556 ssh->cs_comp_ctx = NULL;
9558 ssh->sc_comp_ctx = NULL;
9560 ssh->kex_ctx = NULL;
9561 ssh->hostkey = NULL;
9563 ssh->close_expected = FALSE;
9564 ssh->clean_exit = FALSE;
9565 ssh->state = SSH_STATE_PREPACKET;
9566 ssh->size_needed = FALSE;
9567 ssh->eof_needed = FALSE;
9570 ssh->deferred_send_data = NULL;
9571 ssh->deferred_len = 0;
9572 ssh->deferred_size = 0;
9573 ssh->fallback_cmd = 0;
9574 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
9575 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
9576 ssh->x11disp = NULL;
9577 ssh->v1_compressing = FALSE;
9578 ssh->v2_outgoing_sequence = 0;
9579 ssh->ssh1_rdpkt_crstate = 0;
9580 ssh->ssh2_rdpkt_crstate = 0;
9581 ssh->ssh_gotdata_crstate = 0;
9582 ssh->do_ssh1_connection_crstate = 0;
9583 ssh->do_ssh_init_state = NULL;
9584 ssh->do_ssh1_login_state = NULL;
9585 ssh->do_ssh2_transport_state = NULL;
9586 ssh->do_ssh2_authconn_state = NULL;
9589 ssh->mainchan = NULL;
9590 ssh->throttled_all = 0;
9591 ssh->v1_stdout_throttling = 0;
9593 ssh->queuelen = ssh->queuesize = 0;
9594 ssh->queueing = FALSE;
9595 ssh->qhead = ssh->qtail = NULL;
9596 ssh->deferred_rekey_reason = NULL;
9597 bufchain_init(&ssh->queued_incoming_data);
9598 ssh->frozen = FALSE;
9599 ssh->username = NULL;
9600 ssh->sent_console_eof = FALSE;
9601 ssh->got_pty = FALSE;
9603 *backend_handle = ssh;
9606 if (crypto_startup() == 0)
9607 return "Microsoft high encryption pack not installed!";
9610 ssh->frontend = frontend_handle;
9611 ssh->term_width = conf_get_int(ssh->conf, CONF_width);
9612 ssh->term_height = conf_get_int(ssh->conf, CONF_height);
9614 ssh->channels = NULL;
9615 ssh->rportfwds = NULL;
9616 ssh->portfwds = NULL;
9621 ssh->conn_throttle_count = 0;
9622 ssh->overall_bufsize = 0;
9623 ssh->fallback_cmd = 0;
9625 ssh->protocol = NULL;
9627 ssh->protocol_initial_phase_done = FALSE;
9631 ssh->incoming_data_size = ssh->outgoing_data_size =
9632 ssh->deferred_data_size = 0L;
9633 ssh->max_data_size = parse_blocksize(conf_get_str(ssh->conf,
9634 CONF_ssh_rekey_data));
9635 ssh->kex_in_progress = FALSE;
9638 ssh->gsslibs = NULL;
9641 p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
9650 static void ssh_free(void *handle)
9652 Ssh ssh = (Ssh) handle;
9653 struct ssh_channel *c;
9654 struct ssh_rportfwd *pf;
9656 if (ssh->v1_cipher_ctx)
9657 ssh->cipher->free_context(ssh->v1_cipher_ctx);
9658 if (ssh->cs_cipher_ctx)
9659 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
9660 if (ssh->sc_cipher_ctx)
9661 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
9662 if (ssh->cs_mac_ctx)
9663 ssh->csmac->free_context(ssh->cs_mac_ctx);
9664 if (ssh->sc_mac_ctx)
9665 ssh->scmac->free_context(ssh->sc_mac_ctx);
9666 if (ssh->cs_comp_ctx) {
9668 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
9670 zlib_compress_cleanup(ssh->cs_comp_ctx);
9672 if (ssh->sc_comp_ctx) {
9674 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
9676 zlib_decompress_cleanup(ssh->sc_comp_ctx);
9679 dh_cleanup(ssh->kex_ctx);
9680 sfree(ssh->savedhost);
9682 while (ssh->queuelen-- > 0)
9683 ssh_free_packet(ssh->queue[ssh->queuelen]);
9686 while (ssh->qhead) {
9687 struct queued_handler *qh = ssh->qhead;
9688 ssh->qhead = qh->next;
9691 ssh->qhead = ssh->qtail = NULL;
9693 if (ssh->channels) {
9694 while ((c = delpos234(ssh->channels, 0)) != NULL) {
9697 if (c->u.x11.s != NULL)
9698 x11_close(c->u.x11.s);
9701 case CHAN_SOCKDATA_DORMANT:
9702 if (c->u.pfd.s != NULL)
9703 pfd_close(c->u.pfd.s);
9706 if (ssh->version == 2) {
9707 struct outstanding_channel_request *ocr, *nocr;
9708 ocr = c->v.v2.chanreq_head;
9710 ocr->handler(c, NULL, ocr->ctx);
9715 bufchain_clear(&c->v.v2.outbuffer);
9719 freetree234(ssh->channels);
9720 ssh->channels = NULL;
9723 if (ssh->rportfwds) {
9724 while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
9726 freetree234(ssh->rportfwds);
9727 ssh->rportfwds = NULL;
9729 sfree(ssh->deferred_send_data);
9731 x11_free_display(ssh->x11disp);
9732 sfree(ssh->do_ssh_init_state);
9733 sfree(ssh->do_ssh1_login_state);
9734 sfree(ssh->do_ssh2_transport_state);
9735 sfree(ssh->do_ssh2_authconn_state);
9738 sfree(ssh->fullhostname);
9739 if (ssh->crcda_ctx) {
9740 crcda_free_context(ssh->crcda_ctx);
9741 ssh->crcda_ctx = NULL;
9744 ssh_do_close(ssh, TRUE);
9745 expire_timer_context(ssh);
9747 pinger_free(ssh->pinger);
9748 bufchain_clear(&ssh->queued_incoming_data);
9749 sfree(ssh->username);
9750 conf_free(ssh->conf);
9753 ssh_gss_cleanup(ssh->gsslibs);
9761 * Reconfigure the SSH backend.
9763 static void ssh_reconfig(void *handle, Conf *conf)
9765 Ssh ssh = (Ssh) handle;
9766 char *rekeying = NULL, rekey_mandatory = FALSE;
9767 unsigned long old_max_data_size;
9770 pinger_reconfig(ssh->pinger, ssh->conf, conf);
9772 ssh_setup_portfwd(ssh, conf);
9774 rekey_time = conf_get_int(conf, CONF_ssh_rekey_time);
9775 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != rekey_time &&
9777 unsigned long new_next = ssh->last_rekey + rekey_time*60*TICKSPERSEC;
9778 unsigned long now = GETTICKCOUNT();
9780 if (now - ssh->last_rekey > rekey_time*60*TICKSPERSEC) {
9781 rekeying = "timeout shortened";
9783 ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
9787 old_max_data_size = ssh->max_data_size;
9788 ssh->max_data_size = parse_blocksize(conf_get_str(ssh->conf,
9789 CONF_ssh_rekey_data));
9790 if (old_max_data_size != ssh->max_data_size &&
9791 ssh->max_data_size != 0) {
9792 if (ssh->outgoing_data_size > ssh->max_data_size ||
9793 ssh->incoming_data_size > ssh->max_data_size)
9794 rekeying = "data limit lowered";
9797 if (conf_get_int(ssh->conf, CONF_compression) !=
9798 conf_get_int(conf, CONF_compression)) {
9799 rekeying = "compression setting changed";
9800 rekey_mandatory = TRUE;
9803 for (i = 0; i < CIPHER_MAX; i++)
9804 if (conf_get_int_int(ssh->conf, CONF_ssh_cipherlist, i) !=
9805 conf_get_int_int(conf, CONF_ssh_cipherlist, i)) {
9806 rekeying = "cipher settings changed";
9807 rekey_mandatory = TRUE;
9809 if (conf_get_int(ssh->conf, CONF_ssh2_des_cbc) !=
9810 conf_get_int(conf, CONF_ssh2_des_cbc)) {
9811 rekeying = "cipher settings changed";
9812 rekey_mandatory = TRUE;
9815 conf_free(ssh->conf);
9816 ssh->conf = conf_copy(conf);
9817 ssh_cache_conf_values(ssh);
9820 if (!ssh->kex_in_progress) {
9821 do_ssh2_transport(ssh, rekeying, -1, NULL);
9822 } else if (rekey_mandatory) {
9823 ssh->deferred_rekey_reason = rekeying;
9829 * Called to send data down the SSH connection.
9831 static int ssh_send(void *handle, char *buf, int len)
9833 Ssh ssh = (Ssh) handle;
9835 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
9838 ssh->protocol(ssh, (unsigned char *)buf, len, 0);
9840 return ssh_sendbuffer(ssh);
9844 * Called to query the current amount of buffered stdin data.
9846 static int ssh_sendbuffer(void *handle)
9848 Ssh ssh = (Ssh) handle;
9851 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
9855 * If the SSH socket itself has backed up, add the total backup
9856 * size on that to any individual buffer on the stdin channel.
9859 if (ssh->throttled_all)
9860 override_value = ssh->overall_bufsize;
9862 if (ssh->version == 1) {
9863 return override_value;
9864 } else if (ssh->version == 2) {
9866 return override_value;
9868 return (override_value +
9869 bufchain_size(&ssh->mainchan->v.v2.outbuffer));
9876 * Called to set the size of the window from SSH's POV.
9878 static void ssh_size(void *handle, int width, int height)
9880 Ssh ssh = (Ssh) handle;
9881 struct Packet *pktout;
9883 ssh->term_width = width;
9884 ssh->term_height = height;
9886 switch (ssh->state) {
9887 case SSH_STATE_BEFORE_SIZE:
9888 case SSH_STATE_PREPACKET:
9889 case SSH_STATE_CLOSED:
9890 break; /* do nothing */
9891 case SSH_STATE_INTERMED:
9892 ssh->size_needed = TRUE; /* buffer for later */
9894 case SSH_STATE_SESSION:
9895 if (!conf_get_int(ssh->conf, CONF_nopty)) {
9896 if (ssh->version == 1) {
9897 send_packet(ssh, SSH1_CMSG_WINDOW_SIZE,
9898 PKT_INT, ssh->term_height,
9899 PKT_INT, ssh->term_width,
9900 PKT_INT, 0, PKT_INT, 0, PKT_END);
9901 } else if (ssh->mainchan) {
9902 pktout = ssh2_chanreq_init(ssh->mainchan, "window-change",
9904 ssh2_pkt_adduint32(pktout, ssh->term_width);
9905 ssh2_pkt_adduint32(pktout, ssh->term_height);
9906 ssh2_pkt_adduint32(pktout, 0);
9907 ssh2_pkt_adduint32(pktout, 0);
9908 ssh2_pkt_send(ssh, pktout);
9916 * Return a list of the special codes that make sense in this
9919 static const struct telnet_special *ssh_get_specials(void *handle)
9921 static const struct telnet_special ssh1_ignore_special[] = {
9922 {"IGNORE message", TS_NOP}
9924 static const struct telnet_special ssh2_ignore_special[] = {
9925 {"IGNORE message", TS_NOP},
9927 static const struct telnet_special ssh2_rekey_special[] = {
9928 {"Repeat key exchange", TS_REKEY},
9930 static const struct telnet_special ssh2_session_specials[] = {
9933 /* These are the signal names defined by RFC 4254.
9934 * They include all the ISO C signals, but are a subset of the POSIX
9935 * required signals. */
9936 {"SIGINT (Interrupt)", TS_SIGINT},
9937 {"SIGTERM (Terminate)", TS_SIGTERM},
9938 {"SIGKILL (Kill)", TS_SIGKILL},
9939 {"SIGQUIT (Quit)", TS_SIGQUIT},
9940 {"SIGHUP (Hangup)", TS_SIGHUP},
9941 {"More signals", TS_SUBMENU},
9942 {"SIGABRT", TS_SIGABRT}, {"SIGALRM", TS_SIGALRM},
9943 {"SIGFPE", TS_SIGFPE}, {"SIGILL", TS_SIGILL},
9944 {"SIGPIPE", TS_SIGPIPE}, {"SIGSEGV", TS_SIGSEGV},
9945 {"SIGUSR1", TS_SIGUSR1}, {"SIGUSR2", TS_SIGUSR2},
9948 static const struct telnet_special specials_end[] = {
9951 /* XXX review this length for any changes: */
9952 static struct telnet_special ssh_specials[lenof(ssh2_ignore_special) +
9953 lenof(ssh2_rekey_special) +
9954 lenof(ssh2_session_specials) +
9955 lenof(specials_end)];
9956 Ssh ssh = (Ssh) handle;
9958 #define ADD_SPECIALS(name) \
9960 assert((i + lenof(name)) <= lenof(ssh_specials)); \
9961 memcpy(&ssh_specials[i], name, sizeof name); \
9965 if (ssh->version == 1) {
9966 /* Don't bother offering IGNORE if we've decided the remote
9967 * won't cope with it, since we wouldn't bother sending it if
9969 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
9970 ADD_SPECIALS(ssh1_ignore_special);
9971 } else if (ssh->version == 2) {
9972 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE))
9973 ADD_SPECIALS(ssh2_ignore_special);
9974 if (!(ssh->remote_bugs & BUG_SSH2_REKEY))
9975 ADD_SPECIALS(ssh2_rekey_special);
9977 ADD_SPECIALS(ssh2_session_specials);
9978 } /* else we're not ready yet */
9981 ADD_SPECIALS(specials_end);
9982 return ssh_specials;
9990 * Send special codes. TS_EOF is useful for `plink', so you
9991 * can send an EOF and collect resulting output (e.g. `plink
9994 static void ssh_special(void *handle, Telnet_Special code)
9996 Ssh ssh = (Ssh) handle;
9997 struct Packet *pktout;
9999 if (code == TS_EOF) {
10000 if (ssh->state != SSH_STATE_SESSION) {
10002 * Buffer the EOF in case we are pre-SESSION, so we can
10003 * send it as soon as we reach SESSION.
10005 if (code == TS_EOF)
10006 ssh->eof_needed = TRUE;
10009 if (ssh->version == 1) {
10010 send_packet(ssh, SSH1_CMSG_EOF, PKT_END);
10011 } else if (ssh->mainchan) {
10012 sshfwd_write_eof(ssh->mainchan);
10013 ssh->send_ok = 0; /* now stop trying to read from stdin */
10015 logevent("Sent EOF message");
10016 } else if (code == TS_PING || code == TS_NOP) {
10017 if (ssh->state == SSH_STATE_CLOSED
10018 || ssh->state == SSH_STATE_PREPACKET) return;
10019 if (ssh->version == 1) {
10020 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
10021 send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
10023 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
10024 pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
10025 ssh2_pkt_addstring_start(pktout);
10026 ssh2_pkt_send_noqueue(ssh, pktout);
10029 } else if (code == TS_REKEY) {
10030 if (!ssh->kex_in_progress && ssh->version == 2) {
10031 do_ssh2_transport(ssh, "at user request", -1, NULL);
10033 } else if (code == TS_BRK) {
10034 if (ssh->state == SSH_STATE_CLOSED
10035 || ssh->state == SSH_STATE_PREPACKET) return;
10036 if (ssh->version == 1) {
10037 logevent("Unable to send BREAK signal in SSH-1");
10038 } else if (ssh->mainchan) {
10039 pktout = ssh2_chanreq_init(ssh->mainchan, "break", NULL, NULL);
10040 ssh2_pkt_adduint32(pktout, 0); /* default break length */
10041 ssh2_pkt_send(ssh, pktout);
10044 /* Is is a POSIX signal? */
10045 char *signame = NULL;
10046 if (code == TS_SIGABRT) signame = "ABRT";
10047 if (code == TS_SIGALRM) signame = "ALRM";
10048 if (code == TS_SIGFPE) signame = "FPE";
10049 if (code == TS_SIGHUP) signame = "HUP";
10050 if (code == TS_SIGILL) signame = "ILL";
10051 if (code == TS_SIGINT) signame = "INT";
10052 if (code == TS_SIGKILL) signame = "KILL";
10053 if (code == TS_SIGPIPE) signame = "PIPE";
10054 if (code == TS_SIGQUIT) signame = "QUIT";
10055 if (code == TS_SIGSEGV) signame = "SEGV";
10056 if (code == TS_SIGTERM) signame = "TERM";
10057 if (code == TS_SIGUSR1) signame = "USR1";
10058 if (code == TS_SIGUSR2) signame = "USR2";
10059 /* The SSH-2 protocol does in principle support arbitrary named
10060 * signals, including signame@domain, but we don't support those. */
10062 /* It's a signal. */
10063 if (ssh->version == 2 && ssh->mainchan) {
10064 pktout = ssh2_chanreq_init(ssh->mainchan, "signal", NULL, NULL);
10065 ssh2_pkt_addstring(pktout, signame);
10066 ssh2_pkt_send(ssh, pktout);
10067 logeventf(ssh, "Sent signal SIG%s", signame);
10070 /* Never heard of it. Do nothing */
10075 void *new_sock_channel(void *handle, Socket s)
10077 Ssh ssh = (Ssh) handle;
10078 struct ssh_channel *c;
10079 c = snew(struct ssh_channel);
10082 ssh2_channel_init(c);
10083 c->halfopen = TRUE;
10084 c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */
10086 add234(ssh->channels, c);
10091 * This is called when stdout/stderr (the entity to which
10092 * from_backend sends data) manages to clear some backlog.
10094 static void ssh_unthrottle(void *handle, int bufsize)
10096 Ssh ssh = (Ssh) handle;
10099 if (ssh->version == 1) {
10100 if (ssh->v1_stdout_throttling && bufsize < SSH1_BUFFER_LIMIT) {
10101 ssh->v1_stdout_throttling = 0;
10102 ssh_throttle_conn(ssh, -1);
10105 if (ssh->mainchan) {
10106 ssh2_set_window(ssh->mainchan,
10107 bufsize < ssh->mainchan->v.v2.locmaxwin ?
10108 ssh->mainchan->v.v2.locmaxwin - bufsize : 0);
10109 if (conf_get_int(ssh->conf, CONF_ssh_simple))
10112 buflimit = ssh->mainchan->v.v2.locmaxwin;
10113 if (ssh->mainchan->throttling_conn && bufsize <= buflimit) {
10114 ssh->mainchan->throttling_conn = 0;
10115 ssh_throttle_conn(ssh, -1);
10121 * Now process any SSH connection data that was stashed in our
10122 * queue while we were frozen.
10124 ssh_process_queued_incoming_data(ssh);
10127 void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
10129 struct ssh_channel *c = (struct ssh_channel *)channel;
10131 struct Packet *pktout;
10133 logeventf(ssh, "Opening connection to %s:%d for %s", hostname, port, org);
10135 if (ssh->version == 1) {
10136 send_packet(ssh, SSH1_MSG_PORT_OPEN,
10137 PKT_INT, c->localid,
10140 /* PKT_STR, <org:orgport>, */
10143 pktout = ssh2_chanopen_init(c, "direct-tcpip");
10144 ssh2_pkt_addstring(pktout, hostname);
10145 ssh2_pkt_adduint32(pktout, port);
10147 * We make up values for the originator data; partly it's
10148 * too much hassle to keep track, and partly I'm not
10149 * convinced the server should be told details like that
10150 * about my local network configuration.
10151 * The "originator IP address" is syntactically a numeric
10152 * IP address, and some servers (e.g., Tectia) get upset
10153 * if it doesn't match this syntax.
10155 ssh2_pkt_addstring(pktout, "0.0.0.0");
10156 ssh2_pkt_adduint32(pktout, 0);
10157 ssh2_pkt_send(ssh, pktout);
10161 static int ssh_connected(void *handle)
10163 Ssh ssh = (Ssh) handle;
10164 return ssh->s != NULL;
10167 static int ssh_sendok(void *handle)
10169 Ssh ssh = (Ssh) handle;
10170 return ssh->send_ok;
10173 static int ssh_ldisc(void *handle, int option)
10175 Ssh ssh = (Ssh) handle;
10176 if (option == LD_ECHO)
10177 return ssh->echoing;
10178 if (option == LD_EDIT)
10179 return ssh->editing;
10183 static void ssh_provide_ldisc(void *handle, void *ldisc)
10185 Ssh ssh = (Ssh) handle;
10186 ssh->ldisc = ldisc;
10189 static void ssh_provide_logctx(void *handle, void *logctx)
10191 Ssh ssh = (Ssh) handle;
10192 ssh->logctx = logctx;
10195 static int ssh_return_exitcode(void *handle)
10197 Ssh ssh = (Ssh) handle;
10198 if (ssh->s != NULL)
10201 return (ssh->exitcode >= 0 ? ssh->exitcode : INT_MAX);
10205 * cfg_info for SSH is the currently running version of the
10206 * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
10208 static int ssh_cfg_info(void *handle)
10210 Ssh ssh = (Ssh) handle;
10211 return ssh->version;
10215 * Gross hack: pscp will try to start SFTP but fall back to scp1 if
10216 * that fails. This variable is the means by which scp.c can reach
10217 * into the SSH code and find out which one it got.
10219 extern int ssh_fallback_cmd(void *handle)
10221 Ssh ssh = (Ssh) handle;
10222 return ssh->fallback_cmd;
10225 Backend ssh_backend = {
10235 ssh_return_exitcode,
10239 ssh_provide_logctx,