24 #define SSH1_MSG_DISCONNECT 1 /* 0x1 */
25 #define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */
26 #define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */
27 #define SSH1_CMSG_USER 4 /* 0x4 */
28 #define SSH1_CMSG_AUTH_RSA 6 /* 0x6 */
29 #define SSH1_SMSG_AUTH_RSA_CHALLENGE 7 /* 0x7 */
30 #define SSH1_CMSG_AUTH_RSA_RESPONSE 8 /* 0x8 */
31 #define SSH1_CMSG_AUTH_PASSWORD 9 /* 0x9 */
32 #define SSH1_CMSG_REQUEST_PTY 10 /* 0xa */
33 #define SSH1_CMSG_WINDOW_SIZE 11 /* 0xb */
34 #define SSH1_CMSG_EXEC_SHELL 12 /* 0xc */
35 #define SSH1_CMSG_EXEC_CMD 13 /* 0xd */
36 #define SSH1_SMSG_SUCCESS 14 /* 0xe */
37 #define SSH1_SMSG_FAILURE 15 /* 0xf */
38 #define SSH1_CMSG_STDIN_DATA 16 /* 0x10 */
39 #define SSH1_SMSG_STDOUT_DATA 17 /* 0x11 */
40 #define SSH1_SMSG_STDERR_DATA 18 /* 0x12 */
41 #define SSH1_CMSG_EOF 19 /* 0x13 */
42 #define SSH1_SMSG_EXIT_STATUS 20 /* 0x14 */
43 #define SSH1_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* 0x15 */
44 #define SSH1_MSG_CHANNEL_OPEN_FAILURE 22 /* 0x16 */
45 #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */
46 #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */
47 #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */
48 #define SSH1_SMSG_X11_OPEN 27 /* 0x1b */
49 #define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */
50 #define SSH1_MSG_PORT_OPEN 29 /* 0x1d */
51 #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */
52 #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */
53 #define SSH1_MSG_IGNORE 32 /* 0x20 */
54 #define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */
55 #define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */
56 #define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */
57 #define SSH1_MSG_DEBUG 36 /* 0x24 */
58 #define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */
59 #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */
60 #define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */
61 #define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */
62 #define SSH1_CMSG_AUTH_CCARD 70 /* 0x46 */
63 #define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71 /* 0x47 */
64 #define SSH1_CMSG_AUTH_CCARD_RESPONSE 72 /* 0x48 */
66 #define SSH1_AUTH_RHOSTS 1 /* 0x1 */
67 #define SSH1_AUTH_RSA 2 /* 0x2 */
68 #define SSH1_AUTH_PASSWORD 3 /* 0x3 */
69 #define SSH1_AUTH_RHOSTS_RSA 4 /* 0x4 */
70 #define SSH1_AUTH_TIS 5 /* 0x5 */
71 #define SSH1_AUTH_CCARD 16 /* 0x10 */
73 #define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
74 /* Mask for protoflags we will echo back to server if seen */
75 #define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
77 #define SSH2_MSG_DISCONNECT 1 /* 0x1 */
78 #define SSH2_MSG_IGNORE 2 /* 0x2 */
79 #define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
80 #define SSH2_MSG_DEBUG 4 /* 0x4 */
81 #define SSH2_MSG_SERVICE_REQUEST 5 /* 0x5 */
82 #define SSH2_MSG_SERVICE_ACCEPT 6 /* 0x6 */
83 #define SSH2_MSG_KEXINIT 20 /* 0x14 */
84 #define SSH2_MSG_NEWKEYS 21 /* 0x15 */
85 #define SSH2_MSG_KEXDH_INIT 30 /* 0x1e */
86 #define SSH2_MSG_KEXDH_REPLY 31 /* 0x1f */
87 #define SSH2_MSG_KEX_DH_GEX_REQUEST 30 /* 0x1e */
88 #define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
89 #define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
90 #define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
91 #define SSH2_MSG_KEXRSA_PUBKEY 30 /* 0x1e */
92 #define SSH2_MSG_KEXRSA_SECRET 31 /* 0x1f */
93 #define SSH2_MSG_KEXRSA_DONE 32 /* 0x20 */
94 #define SSH2_MSG_USERAUTH_REQUEST 50 /* 0x32 */
95 #define SSH2_MSG_USERAUTH_FAILURE 51 /* 0x33 */
96 #define SSH2_MSG_USERAUTH_SUCCESS 52 /* 0x34 */
97 #define SSH2_MSG_USERAUTH_BANNER 53 /* 0x35 */
98 #define SSH2_MSG_USERAUTH_PK_OK 60 /* 0x3c */
99 #define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 /* 0x3c */
100 #define SSH2_MSG_USERAUTH_INFO_REQUEST 60 /* 0x3c */
101 #define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 /* 0x3d */
102 #define SSH2_MSG_GLOBAL_REQUEST 80 /* 0x50 */
103 #define SSH2_MSG_REQUEST_SUCCESS 81 /* 0x51 */
104 #define SSH2_MSG_REQUEST_FAILURE 82 /* 0x52 */
105 #define SSH2_MSG_CHANNEL_OPEN 90 /* 0x5a */
106 #define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 /* 0x5b */
107 #define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 /* 0x5c */
108 #define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 /* 0x5d */
109 #define SSH2_MSG_CHANNEL_DATA 94 /* 0x5e */
110 #define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 /* 0x5f */
111 #define SSH2_MSG_CHANNEL_EOF 96 /* 0x60 */
112 #define SSH2_MSG_CHANNEL_CLOSE 97 /* 0x61 */
113 #define SSH2_MSG_CHANNEL_REQUEST 98 /* 0x62 */
114 #define SSH2_MSG_CHANNEL_SUCCESS 99 /* 0x63 */
115 #define SSH2_MSG_CHANNEL_FAILURE 100 /* 0x64 */
116 #define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
117 #define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
118 #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
119 #define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
120 #define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
121 #define SSH2_MSG_USERAUTH_GSSAPI_MIC 66
124 * Packet type contexts, so that ssh2_pkt_type can correctly decode
125 * the ambiguous type numbers back into the correct type strings.
135 SSH2_PKTCTX_PUBLICKEY,
136 SSH2_PKTCTX_PASSWORD,
141 #define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
142 #define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
143 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
144 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
145 #define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
146 #define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
147 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
148 #define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
149 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
150 #define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
151 #define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
152 #define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
153 #define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
154 #define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
155 #define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
157 static const char *const ssh2_disconnect_reasons[] = {
159 "host not allowed to connect",
161 "key exchange failed",
162 "host authentication failed",
165 "service not available",
166 "protocol version not supported",
167 "host key not verifiable",
170 "too many connections",
171 "auth cancelled by user",
172 "no more auth methods available",
176 #define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
177 #define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
178 #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
179 #define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
181 #define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
184 * Various remote-bug flags.
186 #define BUG_CHOKES_ON_SSH1_IGNORE 1
187 #define BUG_SSH2_HMAC 2
188 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
189 #define BUG_CHOKES_ON_RSA 8
190 #define BUG_SSH2_RSA_PADDING 16
191 #define BUG_SSH2_DERIVEKEY 32
192 #define BUG_SSH2_REKEY 64
193 #define BUG_SSH2_PK_SESSIONID 128
194 #define BUG_SSH2_MAXPKT 256
197 * Codes for terminal modes.
198 * Most of these are the same in SSH-1 and SSH-2.
199 * This list is derived from RFC 4254 and
202 static const struct {
203 const char* const mode;
205 enum { TTY_OP_CHAR, TTY_OP_BOOL } type;
207 /* "V" prefix discarded for special characters relative to SSH specs */
208 { "INTR", 1, TTY_OP_CHAR },
209 { "QUIT", 2, TTY_OP_CHAR },
210 { "ERASE", 3, TTY_OP_CHAR },
211 { "KILL", 4, TTY_OP_CHAR },
212 { "EOF", 5, TTY_OP_CHAR },
213 { "EOL", 6, TTY_OP_CHAR },
214 { "EOL2", 7, TTY_OP_CHAR },
215 { "START", 8, TTY_OP_CHAR },
216 { "STOP", 9, TTY_OP_CHAR },
217 { "SUSP", 10, TTY_OP_CHAR },
218 { "DSUSP", 11, TTY_OP_CHAR },
219 { "REPRINT", 12, TTY_OP_CHAR },
220 { "WERASE", 13, TTY_OP_CHAR },
221 { "LNEXT", 14, TTY_OP_CHAR },
222 { "FLUSH", 15, TTY_OP_CHAR },
223 { "SWTCH", 16, TTY_OP_CHAR },
224 { "STATUS", 17, TTY_OP_CHAR },
225 { "DISCARD", 18, TTY_OP_CHAR },
226 { "IGNPAR", 30, TTY_OP_BOOL },
227 { "PARMRK", 31, TTY_OP_BOOL },
228 { "INPCK", 32, TTY_OP_BOOL },
229 { "ISTRIP", 33, TTY_OP_BOOL },
230 { "INLCR", 34, TTY_OP_BOOL },
231 { "IGNCR", 35, TTY_OP_BOOL },
232 { "ICRNL", 36, TTY_OP_BOOL },
233 { "IUCLC", 37, TTY_OP_BOOL },
234 { "IXON", 38, TTY_OP_BOOL },
235 { "IXANY", 39, TTY_OP_BOOL },
236 { "IXOFF", 40, TTY_OP_BOOL },
237 { "IMAXBEL", 41, TTY_OP_BOOL },
238 { "ISIG", 50, TTY_OP_BOOL },
239 { "ICANON", 51, TTY_OP_BOOL },
240 { "XCASE", 52, TTY_OP_BOOL },
241 { "ECHO", 53, TTY_OP_BOOL },
242 { "ECHOE", 54, TTY_OP_BOOL },
243 { "ECHOK", 55, TTY_OP_BOOL },
244 { "ECHONL", 56, TTY_OP_BOOL },
245 { "NOFLSH", 57, TTY_OP_BOOL },
246 { "TOSTOP", 58, TTY_OP_BOOL },
247 { "IEXTEN", 59, TTY_OP_BOOL },
248 { "ECHOCTL", 60, TTY_OP_BOOL },
249 { "ECHOKE", 61, TTY_OP_BOOL },
250 { "PENDIN", 62, TTY_OP_BOOL }, /* XXX is this a real mode? */
251 { "OPOST", 70, TTY_OP_BOOL },
252 { "OLCUC", 71, TTY_OP_BOOL },
253 { "ONLCR", 72, TTY_OP_BOOL },
254 { "OCRNL", 73, TTY_OP_BOOL },
255 { "ONOCR", 74, TTY_OP_BOOL },
256 { "ONLRET", 75, TTY_OP_BOOL },
257 { "CS7", 90, TTY_OP_BOOL },
258 { "CS8", 91, TTY_OP_BOOL },
259 { "PARENB", 92, TTY_OP_BOOL },
260 { "PARODD", 93, TTY_OP_BOOL }
263 /* Miscellaneous other tty-related constants. */
264 #define SSH_TTY_OP_END 0
265 /* The opcodes for ISPEED/OSPEED differ between SSH-1 and SSH-2. */
266 #define SSH1_TTY_OP_ISPEED 192
267 #define SSH1_TTY_OP_OSPEED 193
268 #define SSH2_TTY_OP_ISPEED 128
269 #define SSH2_TTY_OP_OSPEED 129
271 /* Helper functions for parsing tty-related config. */
272 static unsigned int ssh_tty_parse_specchar(char *s)
277 ret = ctrlparse(s, &next);
278 if (!next) ret = s[0];
280 ret = 255; /* special value meaning "don't set" */
284 static unsigned int ssh_tty_parse_boolean(char *s)
286 if (stricmp(s, "yes") == 0 ||
287 stricmp(s, "on") == 0 ||
288 stricmp(s, "true") == 0 ||
289 stricmp(s, "+") == 0)
291 else if (stricmp(s, "no") == 0 ||
292 stricmp(s, "off") == 0 ||
293 stricmp(s, "false") == 0 ||
294 stricmp(s, "-") == 0)
295 return 0; /* false */
297 return (atoi(s) != 0);
300 #define translate(x) if (type == x) return #x
301 #define translatek(x,ctx) if (type == x && (pkt_kctx == ctx)) return #x
302 #define translatea(x,ctx) if (type == x && (pkt_actx == ctx)) return #x
303 static char *ssh1_pkt_type(int type)
305 translate(SSH1_MSG_DISCONNECT);
306 translate(SSH1_SMSG_PUBLIC_KEY);
307 translate(SSH1_CMSG_SESSION_KEY);
308 translate(SSH1_CMSG_USER);
309 translate(SSH1_CMSG_AUTH_RSA);
310 translate(SSH1_SMSG_AUTH_RSA_CHALLENGE);
311 translate(SSH1_CMSG_AUTH_RSA_RESPONSE);
312 translate(SSH1_CMSG_AUTH_PASSWORD);
313 translate(SSH1_CMSG_REQUEST_PTY);
314 translate(SSH1_CMSG_WINDOW_SIZE);
315 translate(SSH1_CMSG_EXEC_SHELL);
316 translate(SSH1_CMSG_EXEC_CMD);
317 translate(SSH1_SMSG_SUCCESS);
318 translate(SSH1_SMSG_FAILURE);
319 translate(SSH1_CMSG_STDIN_DATA);
320 translate(SSH1_SMSG_STDOUT_DATA);
321 translate(SSH1_SMSG_STDERR_DATA);
322 translate(SSH1_CMSG_EOF);
323 translate(SSH1_SMSG_EXIT_STATUS);
324 translate(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION);
325 translate(SSH1_MSG_CHANNEL_OPEN_FAILURE);
326 translate(SSH1_MSG_CHANNEL_DATA);
327 translate(SSH1_MSG_CHANNEL_CLOSE);
328 translate(SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION);
329 translate(SSH1_SMSG_X11_OPEN);
330 translate(SSH1_CMSG_PORT_FORWARD_REQUEST);
331 translate(SSH1_MSG_PORT_OPEN);
332 translate(SSH1_CMSG_AGENT_REQUEST_FORWARDING);
333 translate(SSH1_SMSG_AGENT_OPEN);
334 translate(SSH1_MSG_IGNORE);
335 translate(SSH1_CMSG_EXIT_CONFIRMATION);
336 translate(SSH1_CMSG_X11_REQUEST_FORWARDING);
337 translate(SSH1_CMSG_AUTH_RHOSTS_RSA);
338 translate(SSH1_MSG_DEBUG);
339 translate(SSH1_CMSG_REQUEST_COMPRESSION);
340 translate(SSH1_CMSG_AUTH_TIS);
341 translate(SSH1_SMSG_AUTH_TIS_CHALLENGE);
342 translate(SSH1_CMSG_AUTH_TIS_RESPONSE);
343 translate(SSH1_CMSG_AUTH_CCARD);
344 translate(SSH1_SMSG_AUTH_CCARD_CHALLENGE);
345 translate(SSH1_CMSG_AUTH_CCARD_RESPONSE);
348 static char *ssh2_pkt_type(Pkt_KCtx pkt_kctx, Pkt_ACtx pkt_actx, int type)
350 translatea(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE,SSH2_PKTCTX_GSSAPI);
351 translatea(SSH2_MSG_USERAUTH_GSSAPI_TOKEN,SSH2_PKTCTX_GSSAPI);
352 translatea(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,SSH2_PKTCTX_GSSAPI);
353 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERROR,SSH2_PKTCTX_GSSAPI);
354 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK,SSH2_PKTCTX_GSSAPI);
355 translatea(SSH2_MSG_USERAUTH_GSSAPI_MIC, SSH2_PKTCTX_GSSAPI);
356 translate(SSH2_MSG_DISCONNECT);
357 translate(SSH2_MSG_IGNORE);
358 translate(SSH2_MSG_UNIMPLEMENTED);
359 translate(SSH2_MSG_DEBUG);
360 translate(SSH2_MSG_SERVICE_REQUEST);
361 translate(SSH2_MSG_SERVICE_ACCEPT);
362 translate(SSH2_MSG_KEXINIT);
363 translate(SSH2_MSG_NEWKEYS);
364 translatek(SSH2_MSG_KEXDH_INIT, SSH2_PKTCTX_DHGROUP);
365 translatek(SSH2_MSG_KEXDH_REPLY, SSH2_PKTCTX_DHGROUP);
366 translatek(SSH2_MSG_KEX_DH_GEX_REQUEST, SSH2_PKTCTX_DHGEX);
367 translatek(SSH2_MSG_KEX_DH_GEX_GROUP, SSH2_PKTCTX_DHGEX);
368 translatek(SSH2_MSG_KEX_DH_GEX_INIT, SSH2_PKTCTX_DHGEX);
369 translatek(SSH2_MSG_KEX_DH_GEX_REPLY, SSH2_PKTCTX_DHGEX);
370 translatek(SSH2_MSG_KEXRSA_PUBKEY, SSH2_PKTCTX_RSAKEX);
371 translatek(SSH2_MSG_KEXRSA_SECRET, SSH2_PKTCTX_RSAKEX);
372 translatek(SSH2_MSG_KEXRSA_DONE, SSH2_PKTCTX_RSAKEX);
373 translate(SSH2_MSG_USERAUTH_REQUEST);
374 translate(SSH2_MSG_USERAUTH_FAILURE);
375 translate(SSH2_MSG_USERAUTH_SUCCESS);
376 translate(SSH2_MSG_USERAUTH_BANNER);
377 translatea(SSH2_MSG_USERAUTH_PK_OK, SSH2_PKTCTX_PUBLICKEY);
378 translatea(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, SSH2_PKTCTX_PASSWORD);
379 translatea(SSH2_MSG_USERAUTH_INFO_REQUEST, SSH2_PKTCTX_KBDINTER);
380 translatea(SSH2_MSG_USERAUTH_INFO_RESPONSE, SSH2_PKTCTX_KBDINTER);
381 translate(SSH2_MSG_GLOBAL_REQUEST);
382 translate(SSH2_MSG_REQUEST_SUCCESS);
383 translate(SSH2_MSG_REQUEST_FAILURE);
384 translate(SSH2_MSG_CHANNEL_OPEN);
385 translate(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
386 translate(SSH2_MSG_CHANNEL_OPEN_FAILURE);
387 translate(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
388 translate(SSH2_MSG_CHANNEL_DATA);
389 translate(SSH2_MSG_CHANNEL_EXTENDED_DATA);
390 translate(SSH2_MSG_CHANNEL_EOF);
391 translate(SSH2_MSG_CHANNEL_CLOSE);
392 translate(SSH2_MSG_CHANNEL_REQUEST);
393 translate(SSH2_MSG_CHANNEL_SUCCESS);
394 translate(SSH2_MSG_CHANNEL_FAILURE);
400 /* Enumeration values for fields in SSH-1 packets */
402 PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM,
403 /* These values are for communicating relevant semantics of
404 * fields to the packet logging code. */
405 PKTT_OTHER, PKTT_PASSWORD, PKTT_DATA
409 * Coroutine mechanics for the sillier bits of the code. If these
410 * macros look impenetrable to you, you might find it helpful to
413 * http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
415 * which explains the theory behind these macros.
417 * In particular, if you are getting `case expression not constant'
418 * errors when building with MS Visual Studio, this is because MS's
419 * Edit and Continue debugging feature causes their compiler to
420 * violate ANSI C. To disable Edit and Continue debugging:
422 * - right-click ssh.c in the FileView
424 * - select the C/C++ tab and the General category
425 * - under `Debug info:', select anything _other_ than `Program
426 * Database for Edit and Continue'.
428 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
431 if (!ssh->t) ssh->t = snew(struct t); \
433 #define crFinish(z) } *crLine = 0; return (z); }
434 #define crFinishV } *crLine = 0; return; }
435 #define crReturn(z) \
437 *crLine =__LINE__; return (z); case __LINE__:;\
441 *crLine=__LINE__; return; case __LINE__:;\
443 #define crStop(z) do{ *crLine = 0; return (z); }while(0)
444 #define crStopV do{ *crLine = 0; return; }while(0)
445 #define crWaitUntil(c) do { crReturn(0); } while (!(c))
446 #define crWaitUntilV(c) do { crReturnV; } while (!(c))
448 typedef struct ssh_tag *Ssh;
451 static struct Packet *ssh1_pkt_init(int pkt_type);
452 static struct Packet *ssh2_pkt_init(int pkt_type);
453 static void ssh_pkt_ensure(struct Packet *, int length);
454 static void ssh_pkt_adddata(struct Packet *, void *data, int len);
455 static void ssh_pkt_addbyte(struct Packet *, unsigned char value);
456 static void ssh2_pkt_addbool(struct Packet *, unsigned char value);
457 static void ssh_pkt_adduint32(struct Packet *, unsigned long value);
458 static void ssh_pkt_addstring_start(struct Packet *);
459 static void ssh_pkt_addstring_str(struct Packet *, char *data);
460 static void ssh_pkt_addstring_data(struct Packet *, char *data, int len);
461 static void ssh_pkt_addstring(struct Packet *, char *data);
462 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len);
463 static void ssh1_pkt_addmp(struct Packet *, Bignum b);
464 static void ssh2_pkt_addmp(struct Packet *, Bignum b);
465 static int ssh2_pkt_construct(Ssh, struct Packet *);
466 static void ssh2_pkt_send(Ssh, struct Packet *);
467 static void ssh2_pkt_send_noqueue(Ssh, struct Packet *);
468 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
469 struct Packet *pktin);
470 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
471 struct Packet *pktin);
474 * Buffer management constants. There are several of these for
475 * various different purposes:
477 * - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
478 * on a local data stream before we throttle the whole SSH
479 * connection (in SSH-1 only). Throttling the whole connection is
480 * pretty drastic so we set this high in the hope it won't
483 * - SSH_MAX_BACKLOG is the amount of backlog that must build up
484 * on the SSH connection itself before we defensively throttle
485 * _all_ local data streams. This is pretty drastic too (though
486 * thankfully unlikely in SSH-2 since the window mechanism should
487 * ensure that the server never has any need to throttle its end
488 * of the connection), so we set this high as well.
490 * - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
493 * - OUR_V2_BIGWIN is the window size we advertise for the only
494 * channel in a simple connection. It must be <= INT_MAX.
496 * - OUR_V2_MAXPKT is the official "maximum packet size" we send
497 * to the remote side. This actually has nothing to do with the
498 * size of the _packet_, but is instead a limit on the amount
499 * of data we're willing to receive in a single SSH2 channel
502 * - OUR_V2_PACKETLIMIT is actually the maximum size of SSH
503 * _packet_ we're prepared to cope with. It must be a multiple
504 * of the cipher block size, and must be at least 35000.
507 #define SSH1_BUFFER_LIMIT 32768
508 #define SSH_MAX_BACKLOG 32768
509 #define OUR_V2_WINSIZE 16384
510 #define OUR_V2_BIGWIN 0x7fffffff
511 #define OUR_V2_MAXPKT 0x4000UL
512 #define OUR_V2_PACKETLIMIT 0x9000UL
514 /* Maximum length of passwords/passphrases (arbitrary) */
515 #define SSH_MAX_PASSWORD_LEN 100
517 const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
519 const static struct ssh_mac *macs[] = {
520 &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
522 const static struct ssh_mac *buggymacs[] = {
523 &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5
526 static void *ssh_comp_none_init(void)
530 static void ssh_comp_none_cleanup(void *handle)
533 static int ssh_comp_none_block(void *handle, unsigned char *block, int len,
534 unsigned char **outblock, int *outlen)
538 static int ssh_comp_none_disable(void *handle)
542 const static struct ssh_compress ssh_comp_none = {
544 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
545 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
546 ssh_comp_none_disable, NULL
548 extern const struct ssh_compress ssh_zlib;
549 const static struct ssh_compress *compressions[] = {
550 &ssh_zlib, &ssh_comp_none
553 enum { /* channel types */
558 CHAN_SOCKDATA_DORMANT /* one the remote hasn't confirmed */
562 * little structure to keep track of outstanding WINDOW_ADJUSTs
570 * 2-3-4 tree storing channels.
573 Ssh ssh; /* pointer back to main context */
574 unsigned remoteid, localid;
576 /* True if we opened this channel but server hasn't confirmed. */
579 * In SSH-1, this value contains four bits:
581 * 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
582 * 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
583 * 4 We have received SSH1_MSG_CHANNEL_CLOSE.
584 * 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
586 * A channel is completely finished with when all four bits are set.
590 * True if this channel is causing the underlying connection to be
595 struct ssh2_data_channel {
597 unsigned remwindow, remmaxpkt;
598 /* locwindow is signed so we can cope with excess data. */
599 int locwindow, locmaxwin;
601 * remlocwin is the amount of local window that we think
602 * the remote end had available to it after it sent the
603 * last data packet or window adjust ack.
607 * These store the list of window adjusts that haven't
610 struct winadj *winadj_head, *winadj_tail;
611 enum { THROTTLED, UNTHROTTLING, UNTHROTTLED } throttle_state;
615 struct ssh_agent_channel {
616 unsigned char *message;
617 unsigned char msglen[4];
618 unsigned lensofar, totallen;
620 struct ssh_x11_channel {
623 struct ssh_pfd_channel {
630 * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
631 * use this structure in different ways, reflecting SSH-2's
632 * altogether saner approach to port forwarding.
634 * In SSH-1, you arrange a remote forwarding by sending the server
635 * the remote port number, and the local destination host:port.
636 * When a connection comes in, the server sends you back that
637 * host:port pair, and you connect to it. This is a ready-made
638 * security hole if you're not on the ball: a malicious server
639 * could send you back _any_ host:port pair, so if you trustingly
640 * connect to the address it gives you then you've just opened the
641 * entire inside of your corporate network just by connecting
642 * through it to a dodgy SSH server. Hence, we must store a list of
643 * host:port pairs we _are_ trying to forward to, and reject a
644 * connection request from the server if it's not in the list.
646 * In SSH-2, each side of the connection minds its own business and
647 * doesn't send unnecessary information to the other. You arrange a
648 * remote forwarding by sending the server just the remote port
649 * number. When a connection comes in, the server tells you which
650 * of its ports was connected to; and _you_ have to remember what
651 * local host:port pair went with that port number.
653 * Hence, in SSH-1 this structure is indexed by destination
654 * host:port pair, whereas in SSH-2 it is indexed by source port.
656 struct ssh_portfwd; /* forward declaration */
658 struct ssh_rportfwd {
659 unsigned sport, dport;
662 struct ssh_portfwd *pfrec;
664 #define free_rportfwd(pf) ( \
665 ((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) )
668 * Separately to the rportfwd tree (which is for looking up port
669 * open requests from the server), a tree of _these_ structures is
670 * used to keep track of all the currently open port forwardings,
671 * so that we can reconfigure in mid-session if the user requests
675 enum { DESTROY, KEEP, CREATE } status;
677 unsigned sport, dport;
680 struct ssh_rportfwd *remote;
684 #define free_portfwd(pf) ( \
685 ((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr), \
686 sfree((pf)->sserv), sfree((pf)->dserv)) : (void)0 ), sfree(pf) )
689 long length; /* length of `data' actually used */
690 long forcepad; /* SSH-2: force padding to at least this length */
691 int type; /* only used for incoming packets */
692 unsigned long sequence; /* SSH-2 incoming sequence number */
693 unsigned char *data; /* allocated storage */
694 unsigned char *body; /* offset of payload within `data' */
695 long savedpos; /* temporary index into `data' (for strings) */
696 long maxlen; /* amount of storage allocated for `data' */
697 long encrypted_len; /* for SSH-2 total-size counting */
700 * State associated with packet logging
704 struct logblank_t *blanks;
707 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
708 struct Packet *pktin);
709 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
710 struct Packet *pktin);
711 static void ssh1_protocol_setup(Ssh ssh);
712 static void ssh2_protocol_setup(Ssh ssh);
713 static void ssh_size(void *handle, int width, int height);
714 static void ssh_special(void *handle, Telnet_Special);
715 static int ssh2_try_send(struct ssh_channel *c);
716 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len);
717 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize);
718 static void ssh2_set_window(struct ssh_channel *c, int newwin);
719 static int ssh_sendbuffer(void *handle);
720 static int ssh_do_close(Ssh ssh, int notify_exit);
721 static unsigned long ssh_pkt_getuint32(struct Packet *pkt);
722 static int ssh2_pkt_getbool(struct Packet *pkt);
723 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length);
724 static void ssh2_timer(void *ctx, long now);
725 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
726 struct Packet *pktin);
728 struct rdpkt1_state_tag {
729 long len, pad, biglen, to_read;
730 unsigned long realcrc, gotcrc;
734 struct Packet *pktin;
737 struct rdpkt2_state_tag {
738 long len, pad, payload, packetlen, maclen;
741 unsigned long incoming_sequence;
742 struct Packet *pktin;
745 typedef void (*handler_fn_t)(Ssh ssh, struct Packet *pktin);
746 typedef void (*chandler_fn_t)(Ssh ssh, struct Packet *pktin, void *ctx);
748 struct queued_handler;
749 struct queued_handler {
751 chandler_fn_t handler;
753 struct queued_handler *next;
757 const struct plug_function_table *fn;
758 /* the above field _must_ be first in the structure */
768 unsigned char session_key[32];
770 int v1_remote_protoflags;
771 int v1_local_protoflags;
772 int agentfwd_enabled;
775 const struct ssh_cipher *cipher;
778 const struct ssh2_cipher *cscipher, *sccipher;
779 void *cs_cipher_ctx, *sc_cipher_ctx;
780 const struct ssh_mac *csmac, *scmac;
781 void *cs_mac_ctx, *sc_mac_ctx;
782 const struct ssh_compress *cscomp, *sccomp;
783 void *cs_comp_ctx, *sc_comp_ctx;
784 const struct ssh_kex *kex;
785 const struct ssh_signkey *hostkey;
786 unsigned char v2_session_id[SSH2_KEX_MAX_HASH_LEN];
787 int v2_session_id_len;
793 int echoing, editing;
797 int ospeed, ispeed; /* temporaries */
798 int term_width, term_height;
800 tree234 *channels; /* indexed by local id */
801 struct ssh_channel *mainchan; /* primary session channel */
802 int ncmode; /* is primary channel direct-tcpip? */
807 tree234 *rportfwds, *portfwds;
811 SSH_STATE_BEFORE_SIZE,
817 int size_needed, eof_needed;
819 struct Packet **queue;
820 int queuelen, queuesize;
822 unsigned char *deferred_send_data;
823 int deferred_len, deferred_size;
826 * Gross hack: pscp will try to start SFTP but fall back to
827 * scp1 if that fails. This variable is the means by which
828 * scp.c can reach into the SSH code and find out which one it
833 bufchain banner; /* accumulates banners during do_ssh2_authconn */
838 struct X11Display *x11disp;
841 int conn_throttle_count;
844 int v1_stdout_throttling;
845 unsigned long v2_outgoing_sequence;
847 int ssh1_rdpkt_crstate;
848 int ssh2_rdpkt_crstate;
849 int do_ssh_init_crstate;
850 int ssh_gotdata_crstate;
851 int do_ssh1_login_crstate;
852 int do_ssh1_connection_crstate;
853 int do_ssh2_transport_crstate;
854 int do_ssh2_authconn_crstate;
856 void *do_ssh_init_state;
857 void *do_ssh1_login_state;
858 void *do_ssh2_transport_state;
859 void *do_ssh2_authconn_state;
861 struct rdpkt1_state_tag rdpkt1_state;
862 struct rdpkt2_state_tag rdpkt2_state;
864 /* SSH-1 and SSH-2 use this for different things, but both use it */
865 int protocol_initial_phase_done;
867 void (*protocol) (Ssh ssh, void *vin, int inlen,
869 struct Packet *(*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
872 * We maintain a full _copy_ of a Config structure here, not
873 * merely a pointer to it. That way, when we're passed a new
874 * one for reconfiguration, we can check the differences and
875 * potentially reconfigure port forwardings etc in mid-session.
880 * Used to transfer data back from async callbacks.
882 void *agent_response;
883 int agent_response_len;
887 * The SSH connection can be set as `frozen', meaning we are
888 * not currently accepting incoming data from the network. This
889 * is slightly more serious than setting the _socket_ as
890 * frozen, because we may already have had data passed to us
891 * from the network which we need to delay processing until
892 * after the freeze is lifted, so we also need a bufchain to
896 bufchain queued_incoming_data;
899 * Dispatch table for packet types that we may have to deal
902 handler_fn_t packet_dispatch[256];
905 * Queues of one-off handler functions for success/failure
906 * indications from a request.
908 struct queued_handler *qhead, *qtail;
911 * This module deals with sending keepalives.
916 * Track incoming and outgoing data sizes and time, for
919 unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
920 unsigned long max_data_size;
922 long next_rekey, last_rekey;
923 char *deferred_rekey_reason; /* points to STATIC string; don't free */
926 * Fully qualified host name, which we need if doing GSSAPI.
931 #define logevent(s) logevent(ssh->frontend, s)
933 /* logevent, only printf-formatted. */
934 static void logeventf(Ssh ssh, const char *fmt, ...)
940 buf = dupvprintf(fmt, ap);
946 #define bombout(msg) \
948 char *text = dupprintf msg; \
949 ssh_do_close(ssh, FALSE); \
951 connection_fatal(ssh->frontend, "%s", text); \
955 /* Functions to leave bits out of the SSH packet log file. */
957 static void dont_log_password(Ssh ssh, struct Packet *pkt, int blanktype)
959 if (ssh->cfg.logomitpass)
960 pkt->logmode = blanktype;
963 static void dont_log_data(Ssh ssh, struct Packet *pkt, int blanktype)
965 if (ssh->cfg.logomitdata)
966 pkt->logmode = blanktype;
969 static void end_log_omission(Ssh ssh, struct Packet *pkt)
971 pkt->logmode = PKTLOG_EMIT;
974 /* Helper function for common bits of parsing cfg.ttymodes. */
975 static void parse_ttymodes(Ssh ssh, char *modes,
976 void (*do_mode)(void *data, char *mode, char *val),
980 char *t = strchr(modes, '\t');
981 char *m = snewn(t-modes+1, char);
983 strncpy(m, modes, t-modes);
986 val = get_ttymode(ssh->frontend, m);
990 do_mode(data, m, val);
993 modes += strlen(modes) + 1;
997 static int ssh_channelcmp(void *av, void *bv)
999 struct ssh_channel *a = (struct ssh_channel *) av;
1000 struct ssh_channel *b = (struct ssh_channel *) bv;
1001 if (a->localid < b->localid)
1003 if (a->localid > b->localid)
1007 static int ssh_channelfind(void *av, void *bv)
1009 unsigned *a = (unsigned *) av;
1010 struct ssh_channel *b = (struct ssh_channel *) bv;
1011 if (*a < b->localid)
1013 if (*a > b->localid)
1018 static int ssh_rportcmp_ssh1(void *av, void *bv)
1020 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1021 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1023 if ( (i = strcmp(a->dhost, b->dhost)) != 0)
1024 return i < 0 ? -1 : +1;
1025 if (a->dport > b->dport)
1027 if (a->dport < b->dport)
1032 static int ssh_rportcmp_ssh2(void *av, void *bv)
1034 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1035 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1037 if (a->sport > b->sport)
1039 if (a->sport < b->sport)
1045 * Special form of strcmp which can cope with NULL inputs. NULL is
1046 * defined to sort before even the empty string.
1048 static int nullstrcmp(const char *a, const char *b)
1050 if (a == NULL && b == NULL)
1056 return strcmp(a, b);
1059 static int ssh_portcmp(void *av, void *bv)
1061 struct ssh_portfwd *a = (struct ssh_portfwd *) av;
1062 struct ssh_portfwd *b = (struct ssh_portfwd *) bv;
1064 if (a->type > b->type)
1066 if (a->type < b->type)
1068 if (a->addressfamily > b->addressfamily)
1070 if (a->addressfamily < b->addressfamily)
1072 if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0)
1073 return i < 0 ? -1 : +1;
1074 if (a->sport > b->sport)
1076 if (a->sport < b->sport)
1078 if (a->type != 'D') {
1079 if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0)
1080 return i < 0 ? -1 : +1;
1081 if (a->dport > b->dport)
1083 if (a->dport < b->dport)
1089 static int alloc_channel_id(Ssh ssh)
1091 const unsigned CHANNEL_NUMBER_OFFSET = 256;
1092 unsigned low, high, mid;
1094 struct ssh_channel *c;
1097 * First-fit allocation of channel numbers: always pick the
1098 * lowest unused one. To do this, binary-search using the
1099 * counted B-tree to find the largest channel ID which is in a
1100 * contiguous sequence from the beginning. (Precisely
1101 * everything in that sequence must have ID equal to its tree
1102 * index plus CHANNEL_NUMBER_OFFSET.)
1104 tsize = count234(ssh->channels);
1108 while (high - low > 1) {
1109 mid = (high + low) / 2;
1110 c = index234(ssh->channels, mid);
1111 if (c->localid == mid + CHANNEL_NUMBER_OFFSET)
1112 low = mid; /* this one is fine */
1114 high = mid; /* this one is past it */
1117 * Now low points to either -1, or the tree index of the
1118 * largest ID in the initial sequence.
1121 unsigned i = low + 1 + CHANNEL_NUMBER_OFFSET;
1122 assert(NULL == find234(ssh->channels, &i, ssh_channelfind));
1124 return low + 1 + CHANNEL_NUMBER_OFFSET;
1127 static void c_write_stderr(int trusted, const char *buf, int len)
1130 for (i = 0; i < len; i++)
1131 if (buf[i] != '\r' && (trusted || buf[i] == '\n' || (buf[i] & 0x60)))
1132 fputc(buf[i], stderr);
1135 static void c_write(Ssh ssh, const char *buf, int len)
1137 if (flags & FLAG_STDERR)
1138 c_write_stderr(1, buf, len);
1140 from_backend(ssh->frontend, 1, buf, len);
1143 static void c_write_untrusted(Ssh ssh, const char *buf, int len)
1145 if (flags & FLAG_STDERR)
1146 c_write_stderr(0, buf, len);
1148 from_backend_untrusted(ssh->frontend, buf, len);
1151 static void c_write_str(Ssh ssh, const char *buf)
1153 c_write(ssh, buf, strlen(buf));
1156 static void ssh_free_packet(struct Packet *pkt)
1161 static struct Packet *ssh_new_packet(void)
1163 struct Packet *pkt = snew(struct Packet);
1165 pkt->body = pkt->data = NULL;
1167 pkt->logmode = PKTLOG_EMIT;
1175 * Collect incoming data in the incoming packet buffer.
1176 * Decipher and verify the packet when it is completely read.
1177 * Drop SSH1_MSG_DEBUG and SSH1_MSG_IGNORE packets.
1178 * Update the *data and *datalen variables.
1179 * Return a Packet structure when a packet is completed.
1181 static struct Packet *ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1183 struct rdpkt1_state_tag *st = &ssh->rdpkt1_state;
1185 crBegin(ssh->ssh1_rdpkt_crstate);
1187 st->pktin = ssh_new_packet();
1189 st->pktin->type = 0;
1190 st->pktin->length = 0;
1192 for (st->i = st->len = 0; st->i < 4; st->i++) {
1193 while ((*datalen) == 0)
1195 st->len = (st->len << 8) + **data;
1196 (*data)++, (*datalen)--;
1199 st->pad = 8 - (st->len % 8);
1200 st->biglen = st->len + st->pad;
1201 st->pktin->length = st->len - 5;
1203 if (st->biglen < 0) {
1204 bombout(("Extremely large packet length from server suggests"
1205 " data stream corruption"));
1206 ssh_free_packet(st->pktin);
1210 st->pktin->maxlen = st->biglen;
1211 st->pktin->data = snewn(st->biglen + APIEXTRA, unsigned char);
1213 st->to_read = st->biglen;
1214 st->p = st->pktin->data;
1215 while (st->to_read > 0) {
1216 st->chunk = st->to_read;
1217 while ((*datalen) == 0)
1219 if (st->chunk > (*datalen))
1220 st->chunk = (*datalen);
1221 memcpy(st->p, *data, st->chunk);
1223 *datalen -= st->chunk;
1225 st->to_read -= st->chunk;
1228 if (ssh->cipher && detect_attack(ssh->crcda_ctx, st->pktin->data,
1229 st->biglen, NULL)) {
1230 bombout(("Network attack (CRC compensation) detected!"));
1231 ssh_free_packet(st->pktin);
1236 ssh->cipher->decrypt(ssh->v1_cipher_ctx, st->pktin->data, st->biglen);
1238 st->realcrc = crc32_compute(st->pktin->data, st->biglen - 4);
1239 st->gotcrc = GET_32BIT(st->pktin->data + st->biglen - 4);
1240 if (st->gotcrc != st->realcrc) {
1241 bombout(("Incorrect CRC received on packet"));
1242 ssh_free_packet(st->pktin);
1246 st->pktin->body = st->pktin->data + st->pad + 1;
1247 st->pktin->savedpos = 0;
1249 if (ssh->v1_compressing) {
1250 unsigned char *decompblk;
1252 if (!zlib_decompress_block(ssh->sc_comp_ctx,
1253 st->pktin->body - 1, st->pktin->length + 1,
1254 &decompblk, &decomplen)) {
1255 bombout(("Zlib decompression encountered invalid data"));
1256 ssh_free_packet(st->pktin);
1260 if (st->pktin->maxlen < st->pad + decomplen) {
1261 st->pktin->maxlen = st->pad + decomplen;
1262 st->pktin->data = sresize(st->pktin->data,
1263 st->pktin->maxlen + APIEXTRA,
1265 st->pktin->body = st->pktin->data + st->pad + 1;
1268 memcpy(st->pktin->body - 1, decompblk, decomplen);
1270 st->pktin->length = decomplen - 1;
1273 st->pktin->type = st->pktin->body[-1];
1276 * Log incoming packet, possibly omitting sensitive fields.
1280 struct logblank_t blank;
1281 if (ssh->cfg.logomitdata) {
1282 int do_blank = FALSE, blank_prefix = 0;
1283 /* "Session data" packets - omit the data field */
1284 if ((st->pktin->type == SSH1_SMSG_STDOUT_DATA) ||
1285 (st->pktin->type == SSH1_SMSG_STDERR_DATA)) {
1286 do_blank = TRUE; blank_prefix = 4;
1287 } else if (st->pktin->type == SSH1_MSG_CHANNEL_DATA) {
1288 do_blank = TRUE; blank_prefix = 8;
1291 blank.offset = blank_prefix;
1292 blank.len = st->pktin->length;
1293 blank.type = PKTLOG_OMIT;
1297 log_packet(ssh->logctx,
1298 PKT_INCOMING, st->pktin->type,
1299 ssh1_pkt_type(st->pktin->type),
1300 st->pktin->body, st->pktin->length,
1301 nblanks, &blank, NULL);
1304 crFinish(st->pktin);
1307 static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1309 struct rdpkt2_state_tag *st = &ssh->rdpkt2_state;
1311 crBegin(ssh->ssh2_rdpkt_crstate);
1313 st->pktin = ssh_new_packet();
1315 st->pktin->type = 0;
1316 st->pktin->length = 0;
1318 st->cipherblk = ssh->sccipher->blksize;
1321 if (st->cipherblk < 8)
1323 st->maclen = ssh->scmac ? ssh->scmac->len : 0;
1325 if (ssh->sccipher && (ssh->sccipher->flags & SSH_CIPHER_IS_CBC) &&
1328 * When dealing with a CBC-mode cipher, we want to avoid the
1329 * possibility of an attacker's tweaking the ciphertext stream
1330 * so as to cause us to feed the same block to the block
1331 * cipher more than once and thus leak information
1332 * (VU#958563). The way we do this is not to take any
1333 * decisions on the basis of anything we've decrypted until
1334 * we've verified it with a MAC. That includes the packet
1335 * length, so we just read data and check the MAC repeatedly,
1336 * and when the MAC passes, see if the length we've got is
1340 /* May as well allocate the whole lot now. */
1341 st->pktin->data = snewn(OUR_V2_PACKETLIMIT + st->maclen + APIEXTRA,
1344 /* Read an amount corresponding to the MAC. */
1345 for (st->i = 0; st->i < st->maclen; st->i++) {
1346 while ((*datalen) == 0)
1348 st->pktin->data[st->i] = *(*data)++;
1354 unsigned char seq[4];
1355 ssh->scmac->start(ssh->sc_mac_ctx);
1356 PUT_32BIT(seq, st->incoming_sequence);
1357 ssh->scmac->bytes(ssh->sc_mac_ctx, seq, 4);
1360 for (;;) { /* Once around this loop per cipher block. */
1361 /* Read another cipher-block's worth, and tack it onto the end. */
1362 for (st->i = 0; st->i < st->cipherblk; st->i++) {
1363 while ((*datalen) == 0)
1365 st->pktin->data[st->packetlen+st->maclen+st->i] = *(*data)++;
1368 /* Decrypt one more block (a little further back in the stream). */
1369 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1370 st->pktin->data + st->packetlen,
1372 /* Feed that block to the MAC. */
1373 ssh->scmac->bytes(ssh->sc_mac_ctx,
1374 st->pktin->data + st->packetlen, st->cipherblk);
1375 st->packetlen += st->cipherblk;
1376 /* See if that gives us a valid packet. */
1377 if (ssh->scmac->verresult(ssh->sc_mac_ctx,
1378 st->pktin->data + st->packetlen) &&
1379 (st->len = GET_32BIT(st->pktin->data)) + 4 == st->packetlen)
1381 if (st->packetlen >= OUR_V2_PACKETLIMIT) {
1382 bombout(("No valid incoming packet found"));
1383 ssh_free_packet(st->pktin);
1387 st->pktin->maxlen = st->packetlen + st->maclen;
1388 st->pktin->data = sresize(st->pktin->data,
1389 st->pktin->maxlen + APIEXTRA,
1392 st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char);
1395 * Acquire and decrypt the first block of the packet. This will
1396 * contain the length and padding details.
1398 for (st->i = st->len = 0; st->i < st->cipherblk; st->i++) {
1399 while ((*datalen) == 0)
1401 st->pktin->data[st->i] = *(*data)++;
1406 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1407 st->pktin->data, st->cipherblk);
1410 * Now get the length figure.
1412 st->len = GET_32BIT(st->pktin->data);
1415 * _Completely_ silly lengths should be stomped on before they
1416 * do us any more damage.
1418 if (st->len < 0 || st->len > OUR_V2_PACKETLIMIT ||
1419 (st->len + 4) % st->cipherblk != 0) {
1420 bombout(("Incoming packet was garbled on decryption"));
1421 ssh_free_packet(st->pktin);
1426 * So now we can work out the total packet length.
1428 st->packetlen = st->len + 4;
1431 * Allocate memory for the rest of the packet.
1433 st->pktin->maxlen = st->packetlen + st->maclen;
1434 st->pktin->data = sresize(st->pktin->data,
1435 st->pktin->maxlen + APIEXTRA,
1439 * Read and decrypt the remainder of the packet.
1441 for (st->i = st->cipherblk; st->i < st->packetlen + st->maclen;
1443 while ((*datalen) == 0)
1445 st->pktin->data[st->i] = *(*data)++;
1448 /* Decrypt everything _except_ the MAC. */
1450 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1451 st->pktin->data + st->cipherblk,
1452 st->packetlen - st->cipherblk);
1458 && !ssh->scmac->verify(ssh->sc_mac_ctx, st->pktin->data,
1459 st->len + 4, st->incoming_sequence)) {
1460 bombout(("Incorrect MAC received on packet"));
1461 ssh_free_packet(st->pktin);
1465 /* Get and sanity-check the amount of random padding. */
1466 st->pad = st->pktin->data[4];
1467 if (st->pad < 4 || st->len - st->pad < 1) {
1468 bombout(("Invalid padding length on received packet"));
1469 ssh_free_packet(st->pktin);
1473 * This enables us to deduce the payload length.
1475 st->payload = st->len - st->pad - 1;
1477 st->pktin->length = st->payload + 5;
1478 st->pktin->encrypted_len = st->packetlen;
1480 st->pktin->sequence = st->incoming_sequence++;
1483 * Decompress packet payload.
1486 unsigned char *newpayload;
1489 ssh->sccomp->decompress(ssh->sc_comp_ctx,
1490 st->pktin->data + 5, st->pktin->length - 5,
1491 &newpayload, &newlen)) {
1492 if (st->pktin->maxlen < newlen + 5) {
1493 st->pktin->maxlen = newlen + 5;
1494 st->pktin->data = sresize(st->pktin->data,
1495 st->pktin->maxlen + APIEXTRA,
1498 st->pktin->length = 5 + newlen;
1499 memcpy(st->pktin->data + 5, newpayload, newlen);
1504 st->pktin->savedpos = 6;
1505 st->pktin->body = st->pktin->data;
1506 st->pktin->type = st->pktin->data[5];
1509 * Log incoming packet, possibly omitting sensitive fields.
1513 struct logblank_t blank;
1514 if (ssh->cfg.logomitdata) {
1515 int do_blank = FALSE, blank_prefix = 0;
1516 /* "Session data" packets - omit the data field */
1517 if (st->pktin->type == SSH2_MSG_CHANNEL_DATA) {
1518 do_blank = TRUE; blank_prefix = 8;
1519 } else if (st->pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA) {
1520 do_blank = TRUE; blank_prefix = 12;
1523 blank.offset = blank_prefix;
1524 blank.len = (st->pktin->length-6) - blank_prefix;
1525 blank.type = PKTLOG_OMIT;
1529 log_packet(ssh->logctx, PKT_INCOMING, st->pktin->type,
1530 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
1532 st->pktin->data+6, st->pktin->length-6,
1533 nblanks, &blank, &st->pktin->sequence);
1536 crFinish(st->pktin);
1539 static int s_wrpkt_prepare(Ssh ssh, struct Packet *pkt, int *offset_p)
1541 int pad, biglen, i, pktoffs;
1545 * XXX various versions of SC (including 8.8.4) screw up the
1546 * register allocation in this function and use the same register
1547 * (D6) for len and as a temporary, with predictable results. The
1548 * following sledgehammer prevents this.
1555 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[12],
1556 ssh1_pkt_type(pkt->data[12]),
1557 pkt->body, pkt->length - (pkt->body - pkt->data),
1558 pkt->nblanks, pkt->blanks, NULL);
1559 sfree(pkt->blanks); pkt->blanks = NULL;
1562 if (ssh->v1_compressing) {
1563 unsigned char *compblk;
1565 zlib_compress_block(ssh->cs_comp_ctx,
1566 pkt->data + 12, pkt->length - 12,
1567 &compblk, &complen);
1568 ssh_pkt_ensure(pkt, complen + 2); /* just in case it's got bigger */
1569 memcpy(pkt->data + 12, compblk, complen);
1571 pkt->length = complen + 12;
1574 ssh_pkt_ensure(pkt, pkt->length + 4); /* space for CRC */
1576 len = pkt->length - 4 - 8; /* len(type+data+CRC) */
1577 pad = 8 - (len % 8);
1579 biglen = len + pad; /* len(padding+type+data+CRC) */
1581 for (i = pktoffs; i < 4+8; i++)
1582 pkt->data[i] = random_byte();
1583 crc = crc32_compute(pkt->data + pktoffs + 4, biglen - 4); /* all ex len */
1584 PUT_32BIT(pkt->data + pktoffs + 4 + biglen - 4, crc);
1585 PUT_32BIT(pkt->data + pktoffs, len);
1588 ssh->cipher->encrypt(ssh->v1_cipher_ctx,
1589 pkt->data + pktoffs + 4, biglen);
1591 if (offset_p) *offset_p = pktoffs;
1592 return biglen + 4; /* len(length+padding+type+data+CRC) */
1595 static int s_write(Ssh ssh, void *data, int len)
1598 log_packet(ssh->logctx, PKT_OUTGOING, -1, NULL, data, len,
1600 return sk_write(ssh->s, (char *)data, len);
1603 static void s_wrpkt(Ssh ssh, struct Packet *pkt)
1605 int len, backlog, offset;
1606 len = s_wrpkt_prepare(ssh, pkt, &offset);
1607 backlog = s_write(ssh, pkt->data + offset, len);
1608 if (backlog > SSH_MAX_BACKLOG)
1609 ssh_throttle_all(ssh, 1, backlog);
1610 ssh_free_packet(pkt);
1613 static void s_wrpkt_defer(Ssh ssh, struct Packet *pkt)
1616 len = s_wrpkt_prepare(ssh, pkt, &offset);
1617 if (ssh->deferred_len + len > ssh->deferred_size) {
1618 ssh->deferred_size = ssh->deferred_len + len + 128;
1619 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
1623 memcpy(ssh->deferred_send_data + ssh->deferred_len,
1624 pkt->data + offset, len);
1625 ssh->deferred_len += len;
1626 ssh_free_packet(pkt);
1630 * Construct a SSH-1 packet with the specified contents.
1631 * (This all-at-once interface used to be the only one, but now SSH-1
1632 * packets can also be constructed incrementally.)
1634 static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
1640 pkt = ssh1_pkt_init(pkttype);
1642 while ((argtype = va_arg(ap, int)) != PKT_END) {
1643 unsigned char *argp, argchar;
1645 unsigned long argint;
1648 /* Actual fields in the packet */
1650 argint = va_arg(ap, int);
1651 ssh_pkt_adduint32(pkt, argint);
1654 argchar = (unsigned char) va_arg(ap, int);
1655 ssh_pkt_addbyte(pkt, argchar);
1658 argp = va_arg(ap, unsigned char *);
1659 arglen = va_arg(ap, int);
1660 ssh_pkt_adddata(pkt, argp, arglen);
1663 sargp = va_arg(ap, char *);
1664 ssh_pkt_addstring(pkt, sargp);
1667 bn = va_arg(ap, Bignum);
1668 ssh1_pkt_addmp(pkt, bn);
1670 /* Tokens for modifications to packet logging */
1672 dont_log_password(ssh, pkt, PKTLOG_BLANK);
1675 dont_log_data(ssh, pkt, PKTLOG_OMIT);
1678 end_log_omission(ssh, pkt);
1686 static void send_packet(Ssh ssh, int pkttype, ...)
1690 va_start(ap, pkttype);
1691 pkt = construct_packet(ssh, pkttype, ap);
1696 static void defer_packet(Ssh ssh, int pkttype, ...)
1700 va_start(ap, pkttype);
1701 pkt = construct_packet(ssh, pkttype, ap);
1703 s_wrpkt_defer(ssh, pkt);
1706 static int ssh_versioncmp(char *a, char *b)
1709 unsigned long av, bv;
1711 av = strtoul(a, &ae, 10);
1712 bv = strtoul(b, &be, 10);
1714 return (av < bv ? -1 : +1);
1719 av = strtoul(ae, &ae, 10);
1720 bv = strtoul(be, &be, 10);
1722 return (av < bv ? -1 : +1);
1727 * Utility routines for putting an SSH-protocol `string' and
1728 * `uint32' into a hash state.
1730 static void hash_string(const struct ssh_hash *h, void *s, void *str, int len)
1732 unsigned char lenblk[4];
1733 PUT_32BIT(lenblk, len);
1734 h->bytes(s, lenblk, 4);
1735 h->bytes(s, str, len);
1738 static void hash_uint32(const struct ssh_hash *h, void *s, unsigned i)
1740 unsigned char intblk[4];
1741 PUT_32BIT(intblk, i);
1742 h->bytes(s, intblk, 4);
1746 * Packet construction functions. Mostly shared between SSH-1 and SSH-2.
1748 static void ssh_pkt_ensure(struct Packet *pkt, int length)
1750 if (pkt->maxlen < length) {
1751 unsigned char *body = pkt->body;
1752 int offset = body ? body - pkt->data : 0;
1753 pkt->maxlen = length + 256;
1754 pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char);
1755 if (body) pkt->body = pkt->data + offset;
1758 static void ssh_pkt_adddata(struct Packet *pkt, void *data, int len)
1760 if (pkt->logmode != PKTLOG_EMIT) {
1762 pkt->blanks = sresize(pkt->blanks, pkt->nblanks, struct logblank_t);
1764 pkt->blanks[pkt->nblanks-1].offset = pkt->length -
1765 (pkt->body - pkt->data);
1766 pkt->blanks[pkt->nblanks-1].len = len;
1767 pkt->blanks[pkt->nblanks-1].type = pkt->logmode;
1770 ssh_pkt_ensure(pkt, pkt->length);
1771 memcpy(pkt->data + pkt->length - len, data, len);
1773 static void ssh_pkt_addbyte(struct Packet *pkt, unsigned char byte)
1775 ssh_pkt_adddata(pkt, &byte, 1);
1777 static void ssh2_pkt_addbool(struct Packet *pkt, unsigned char value)
1779 ssh_pkt_adddata(pkt, &value, 1);
1781 static void ssh_pkt_adduint32(struct Packet *pkt, unsigned long value)
1784 PUT_32BIT(x, value);
1785 ssh_pkt_adddata(pkt, x, 4);
1787 static void ssh_pkt_addstring_start(struct Packet *pkt)
1789 ssh_pkt_adduint32(pkt, 0);
1790 pkt->savedpos = pkt->length;
1792 static void ssh_pkt_addstring_str(struct Packet *pkt, char *data)
1794 ssh_pkt_adddata(pkt, data, strlen(data));
1795 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1797 static void ssh_pkt_addstring_data(struct Packet *pkt, char *data, int len)
1799 ssh_pkt_adddata(pkt, data, len);
1800 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1802 static void ssh_pkt_addstring(struct Packet *pkt, char *data)
1804 ssh_pkt_addstring_start(pkt);
1805 ssh_pkt_addstring_str(pkt, data);
1807 static void ssh1_pkt_addmp(struct Packet *pkt, Bignum b)
1809 int len = ssh1_bignum_length(b);
1810 unsigned char *data = snewn(len, unsigned char);
1811 (void) ssh1_write_bignum(data, b);
1812 ssh_pkt_adddata(pkt, data, len);
1815 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len)
1818 int i, n = (bignum_bitcount(b) + 7) / 8;
1819 p = snewn(n + 1, unsigned char);
1821 for (i = 1; i <= n; i++)
1822 p[i] = bignum_byte(b, n - i);
1824 while (i <= n && p[i] == 0 && (p[i + 1] & 0x80) == 0)
1826 memmove(p, p + i, n + 1 - i);
1830 static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
1834 p = ssh2_mpint_fmt(b, &len);
1835 ssh_pkt_addstring_start(pkt);
1836 ssh_pkt_addstring_data(pkt, (char *)p, len);
1840 static struct Packet *ssh1_pkt_init(int pkt_type)
1842 struct Packet *pkt = ssh_new_packet();
1843 pkt->length = 4 + 8; /* space for length + max padding */
1844 ssh_pkt_addbyte(pkt, pkt_type);
1845 pkt->body = pkt->data + pkt->length;
1849 /* For legacy code (SSH-1 and -2 packet construction used to be separate) */
1850 #define ssh2_pkt_ensure(pkt, length) ssh_pkt_ensure(pkt, length)
1851 #define ssh2_pkt_adddata(pkt, data, len) ssh_pkt_adddata(pkt, data, len)
1852 #define ssh2_pkt_addbyte(pkt, byte) ssh_pkt_addbyte(pkt, byte)
1853 #define ssh2_pkt_adduint32(pkt, value) ssh_pkt_adduint32(pkt, value)
1854 #define ssh2_pkt_addstring_start(pkt) ssh_pkt_addstring_start(pkt)
1855 #define ssh2_pkt_addstring_str(pkt, data) ssh_pkt_addstring_str(pkt, data)
1856 #define ssh2_pkt_addstring_data(pkt, data, len) ssh_pkt_addstring_data(pkt, data, len)
1857 #define ssh2_pkt_addstring(pkt, data) ssh_pkt_addstring(pkt, data)
1859 static struct Packet *ssh2_pkt_init(int pkt_type)
1861 struct Packet *pkt = ssh_new_packet();
1862 pkt->length = 5; /* space for packet length + padding length */
1864 ssh_pkt_addbyte(pkt, (unsigned char) pkt_type);
1865 pkt->body = pkt->data + pkt->length; /* after packet type */
1870 * Construct an SSH-2 final-form packet: compress it, encrypt it,
1871 * put the MAC on it. Final packet, ready to be sent, is stored in
1872 * pkt->data. Total length is returned.
1874 static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
1876 int cipherblk, maclen, padding, i;
1879 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[5],
1880 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx, pkt->data[5]),
1881 pkt->body, pkt->length - (pkt->body - pkt->data),
1882 pkt->nblanks, pkt->blanks, &ssh->v2_outgoing_sequence);
1883 sfree(pkt->blanks); pkt->blanks = NULL;
1887 * Compress packet payload.
1890 unsigned char *newpayload;
1893 ssh->cscomp->compress(ssh->cs_comp_ctx, pkt->data + 5,
1895 &newpayload, &newlen)) {
1897 ssh2_pkt_adddata(pkt, newpayload, newlen);
1903 * Add padding. At least four bytes, and must also bring total
1904 * length (minus MAC) up to a multiple of the block size.
1905 * If pkt->forcepad is set, make sure the packet is at least that size
1908 cipherblk = ssh->cscipher ? ssh->cscipher->blksize : 8; /* block size */
1909 cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */
1911 if (pkt->length + padding < pkt->forcepad)
1912 padding = pkt->forcepad - pkt->length;
1914 (cipherblk - (pkt->length + padding) % cipherblk) % cipherblk;
1915 assert(padding <= 255);
1916 maclen = ssh->csmac ? ssh->csmac->len : 0;
1917 ssh2_pkt_ensure(pkt, pkt->length + padding + maclen);
1918 pkt->data[4] = padding;
1919 for (i = 0; i < padding; i++)
1920 pkt->data[pkt->length + i] = random_byte();
1921 PUT_32BIT(pkt->data, pkt->length + padding - 4);
1923 ssh->csmac->generate(ssh->cs_mac_ctx, pkt->data,
1924 pkt->length + padding,
1925 ssh->v2_outgoing_sequence);
1926 ssh->v2_outgoing_sequence++; /* whether or not we MACed */
1929 ssh->cscipher->encrypt(ssh->cs_cipher_ctx,
1930 pkt->data, pkt->length + padding);
1932 pkt->encrypted_len = pkt->length + padding;
1934 /* Ready-to-send packet starts at pkt->data. We return length. */
1935 return pkt->length + padding + maclen;
1939 * Routines called from the main SSH code to send packets. There
1940 * are quite a few of these, because we have two separate
1941 * mechanisms for delaying the sending of packets:
1943 * - In order to send an IGNORE message and a password message in
1944 * a single fixed-length blob, we require the ability to
1945 * concatenate the encrypted forms of those two packets _into_ a
1946 * single blob and then pass it to our <network.h> transport
1947 * layer in one go. Hence, there's a deferment mechanism which
1948 * works after packet encryption.
1950 * - In order to avoid sending any connection-layer messages
1951 * during repeat key exchange, we have to queue up any such
1952 * outgoing messages _before_ they are encrypted (and in
1953 * particular before they're allocated sequence numbers), and
1954 * then send them once we've finished.
1956 * I call these mechanisms `defer' and `queue' respectively, so as
1957 * to distinguish them reasonably easily.
1959 * The functions send_noqueue() and defer_noqueue() free the packet
1960 * structure they are passed. Every outgoing packet goes through
1961 * precisely one of these functions in its life; packets passed to
1962 * ssh2_pkt_send() or ssh2_pkt_defer() either go straight to one of
1963 * these or get queued, and then when the queue is later emptied
1964 * the packets are all passed to defer_noqueue().
1966 * When using a CBC-mode cipher, it's necessary to ensure that an
1967 * attacker can't provide data to be encrypted using an IV that they
1968 * know. We ensure this by prefixing each packet that might contain
1969 * user data with an SSH_MSG_IGNORE. This is done using the deferral
1970 * mechanism, so in this case send_noqueue() ends up redirecting to
1971 * defer_noqueue(). If you don't like this inefficiency, don't use
1975 static void ssh2_pkt_defer_noqueue(Ssh, struct Packet *, int);
1976 static void ssh_pkt_defersend(Ssh);
1979 * Send an SSH-2 packet immediately, without queuing or deferring.
1981 static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
1985 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC)) {
1986 /* We need to send two packets, so use the deferral mechanism. */
1987 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
1988 ssh_pkt_defersend(ssh);
1991 len = ssh2_pkt_construct(ssh, pkt);
1992 backlog = s_write(ssh, pkt->data, len);
1993 if (backlog > SSH_MAX_BACKLOG)
1994 ssh_throttle_all(ssh, 1, backlog);
1996 ssh->outgoing_data_size += pkt->encrypted_len;
1997 if (!ssh->kex_in_progress &&
1998 ssh->max_data_size != 0 &&
1999 ssh->outgoing_data_size > ssh->max_data_size)
2000 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
2002 ssh_free_packet(pkt);
2006 * Defer an SSH-2 packet.
2008 static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)
2011 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC) &&
2012 ssh->deferred_len == 0 && !noignore) {
2014 * Interpose an SSH_MSG_IGNORE to ensure that user data don't
2015 * get encrypted with a known IV.
2017 struct Packet *ipkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2018 ssh2_pkt_addstring_start(ipkt);
2019 ssh2_pkt_defer_noqueue(ssh, ipkt, TRUE);
2021 len = ssh2_pkt_construct(ssh, pkt);
2022 if (ssh->deferred_len + len > ssh->deferred_size) {
2023 ssh->deferred_size = ssh->deferred_len + len + 128;
2024 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
2028 memcpy(ssh->deferred_send_data + ssh->deferred_len, pkt->data, len);
2029 ssh->deferred_len += len;
2030 ssh->deferred_data_size += pkt->encrypted_len;
2031 ssh_free_packet(pkt);
2035 * Queue an SSH-2 packet.
2037 static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
2039 assert(ssh->queueing);
2041 if (ssh->queuelen >= ssh->queuesize) {
2042 ssh->queuesize = ssh->queuelen + 32;
2043 ssh->queue = sresize(ssh->queue, ssh->queuesize, struct Packet *);
2046 ssh->queue[ssh->queuelen++] = pkt;
2050 * Either queue or send a packet, depending on whether queueing is
2053 static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt)
2056 ssh2_pkt_queue(ssh, pkt);
2058 ssh2_pkt_send_noqueue(ssh, pkt);
2062 * Either queue or defer a packet, depending on whether queueing is
2065 static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
2068 ssh2_pkt_queue(ssh, pkt);
2070 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
2074 * Send the whole deferred data block constructed by
2075 * ssh2_pkt_defer() or SSH-1's defer_packet().
2077 * The expected use of the defer mechanism is that you call
2078 * ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
2079 * not currently queueing, this simply sets up deferred_send_data
2080 * and then sends it. If we _are_ currently queueing, the calls to
2081 * ssh2_pkt_defer() put the deferred packets on to the queue
2082 * instead, and therefore ssh_pkt_defersend() has no deferred data
2083 * to send. Hence, there's no need to make it conditional on
2086 static void ssh_pkt_defersend(Ssh ssh)
2089 backlog = s_write(ssh, ssh->deferred_send_data, ssh->deferred_len);
2090 ssh->deferred_len = ssh->deferred_size = 0;
2091 sfree(ssh->deferred_send_data);
2092 ssh->deferred_send_data = NULL;
2093 if (backlog > SSH_MAX_BACKLOG)
2094 ssh_throttle_all(ssh, 1, backlog);
2096 ssh->outgoing_data_size += ssh->deferred_data_size;
2097 if (!ssh->kex_in_progress &&
2098 ssh->max_data_size != 0 &&
2099 ssh->outgoing_data_size > ssh->max_data_size)
2100 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
2101 ssh->deferred_data_size = 0;
2105 * Send a packet whose length needs to be disguised (typically
2106 * passwords or keyboard-interactive responses).
2108 static void ssh2_pkt_send_with_padding(Ssh ssh, struct Packet *pkt,
2114 * The simplest way to do this is to adjust the
2115 * variable-length padding field in the outgoing packet.
2117 * Currently compiled out, because some Cisco SSH servers
2118 * don't like excessively padded packets (bah, why's it
2121 pkt->forcepad = padsize;
2122 ssh2_pkt_send(ssh, pkt);
2127 * If we can't do that, however, an alternative approach is
2128 * to use the pkt_defer mechanism to bundle the packet
2129 * tightly together with an SSH_MSG_IGNORE such that their
2130 * combined length is a constant. So first we construct the
2131 * final form of this packet and defer its sending.
2133 ssh2_pkt_defer(ssh, pkt);
2136 * Now construct an SSH_MSG_IGNORE which includes a string
2137 * that's an exact multiple of the cipher block size. (If
2138 * the cipher is NULL so that the block size is
2139 * unavailable, we don't do this trick at all, because we
2140 * gain nothing by it.)
2142 if (ssh->cscipher) {
2145 stringlen = (256 - ssh->deferred_len);
2146 stringlen += ssh->cscipher->blksize - 1;
2147 stringlen -= (stringlen % ssh->cscipher->blksize);
2150 * Temporarily disable actual compression, so we
2151 * can guarantee to get this string exactly the
2152 * length we want it. The compression-disabling
2153 * routine should return an integer indicating how
2154 * many bytes we should adjust our string length
2158 ssh->cscomp->disable_compression(ssh->cs_comp_ctx);
2160 pkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2161 ssh2_pkt_addstring_start(pkt);
2162 for (i = 0; i < stringlen; i++) {
2163 char c = (char) random_byte();
2164 ssh2_pkt_addstring_data(pkt, &c, 1);
2166 ssh2_pkt_defer(ssh, pkt);
2168 ssh_pkt_defersend(ssh);
2173 * Send all queued SSH-2 packets. We send them by means of
2174 * ssh2_pkt_defer_noqueue(), in case they included a pair of
2175 * packets that needed to be lumped together.
2177 static void ssh2_pkt_queuesend(Ssh ssh)
2181 assert(!ssh->queueing);
2183 for (i = 0; i < ssh->queuelen; i++)
2184 ssh2_pkt_defer_noqueue(ssh, ssh->queue[i], FALSE);
2187 ssh_pkt_defersend(ssh);
2191 void bndebug(char *string, Bignum b)
2195 p = ssh2_mpint_fmt(b, &len);
2196 debug(("%s", string));
2197 for (i = 0; i < len; i++)
2198 debug((" %02x", p[i]));
2204 static void hash_mpint(const struct ssh_hash *h, void *s, Bignum b)
2208 p = ssh2_mpint_fmt(b, &len);
2209 hash_string(h, s, p, len);
2214 * Packet decode functions for both SSH-1 and SSH-2.
2216 static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
2218 unsigned long value;
2219 if (pkt->length - pkt->savedpos < 4)
2220 return 0; /* arrgh, no way to decline (FIXME?) */
2221 value = GET_32BIT(pkt->body + pkt->savedpos);
2225 static int ssh2_pkt_getbool(struct Packet *pkt)
2227 unsigned long value;
2228 if (pkt->length - pkt->savedpos < 1)
2229 return 0; /* arrgh, no way to decline (FIXME?) */
2230 value = pkt->body[pkt->savedpos] != 0;
2234 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length)
2239 if (pkt->length - pkt->savedpos < 4)
2241 len = GET_32BIT(pkt->body + pkt->savedpos);
2246 if (pkt->length - pkt->savedpos < *length)
2248 *p = (char *)(pkt->body + pkt->savedpos);
2249 pkt->savedpos += *length;
2251 static void *ssh_pkt_getdata(struct Packet *pkt, int length)
2253 if (pkt->length - pkt->savedpos < length)
2255 pkt->savedpos += length;
2256 return pkt->body + (pkt->savedpos - length);
2258 static int ssh1_pkt_getrsakey(struct Packet *pkt, struct RSAKey *key,
2259 unsigned char **keystr)
2263 j = makekey(pkt->body + pkt->savedpos,
2264 pkt->length - pkt->savedpos,
2271 assert(pkt->savedpos < pkt->length);
2275 static Bignum ssh1_pkt_getmp(struct Packet *pkt)
2280 j = ssh1_read_bignum(pkt->body + pkt->savedpos,
2281 pkt->length - pkt->savedpos, &b);
2289 static Bignum ssh2_pkt_getmp(struct Packet *pkt)
2295 ssh_pkt_getstring(pkt, &p, &length);
2300 b = bignum_from_bytes((unsigned char *)p, length);
2305 * Helper function to add an SSH-2 signature blob to a packet.
2306 * Expects to be shown the public key blob as well as the signature
2307 * blob. Normally works just like ssh2_pkt_addstring, but will
2308 * fiddle with the signature packet if necessary for
2309 * BUG_SSH2_RSA_PADDING.
2311 static void ssh2_add_sigblob(Ssh ssh, struct Packet *pkt,
2312 void *pkblob_v, int pkblob_len,
2313 void *sigblob_v, int sigblob_len)
2315 unsigned char *pkblob = (unsigned char *)pkblob_v;
2316 unsigned char *sigblob = (unsigned char *)sigblob_v;
2318 /* dmemdump(pkblob, pkblob_len); */
2319 /* dmemdump(sigblob, sigblob_len); */
2322 * See if this is in fact an ssh-rsa signature and a buggy
2323 * server; otherwise we can just do this the easy way.
2325 if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) &&
2326 (GET_32BIT(pkblob) == 7 && !memcmp(pkblob+4, "ssh-rsa", 7))) {
2327 int pos, len, siglen;
2330 * Find the byte length of the modulus.
2333 pos = 4+7; /* skip over "ssh-rsa" */
2334 pos += 4 + GET_32BIT(pkblob+pos); /* skip over exponent */
2335 len = GET_32BIT(pkblob+pos); /* find length of modulus */
2336 pos += 4; /* find modulus itself */
2337 while (len > 0 && pkblob[pos] == 0)
2339 /* debug(("modulus length is %d\n", len)); */
2342 * Now find the signature integer.
2344 pos = 4+7; /* skip over "ssh-rsa" */
2345 siglen = GET_32BIT(sigblob+pos);
2346 /* debug(("signature length is %d\n", siglen)); */
2348 if (len != siglen) {
2349 unsigned char newlen[4];
2350 ssh2_pkt_addstring_start(pkt);
2351 ssh2_pkt_addstring_data(pkt, (char *)sigblob, pos);
2352 /* dmemdump(sigblob, pos); */
2353 pos += 4; /* point to start of actual sig */
2354 PUT_32BIT(newlen, len);
2355 ssh2_pkt_addstring_data(pkt, (char *)newlen, 4);
2356 /* dmemdump(newlen, 4); */
2358 while (len-- > siglen) {
2359 ssh2_pkt_addstring_data(pkt, (char *)newlen, 1);
2360 /* dmemdump(newlen, 1); */
2362 ssh2_pkt_addstring_data(pkt, (char *)(sigblob+pos), siglen);
2363 /* dmemdump(sigblob+pos, siglen); */
2367 /* Otherwise fall through and do it the easy way. */
2370 ssh2_pkt_addstring_start(pkt);
2371 ssh2_pkt_addstring_data(pkt, (char *)sigblob, sigblob_len);
2375 * Examine the remote side's version string and compare it against
2376 * a list of known buggy implementations.
2378 static void ssh_detect_bugs(Ssh ssh, char *vstring)
2380 char *imp; /* pointer to implementation part */
2382 imp += strcspn(imp, "-");
2384 imp += strcspn(imp, "-");
2387 ssh->remote_bugs = 0;
2390 * General notes on server version strings:
2391 * - Not all servers reporting "Cisco-1.25" have all the bugs listed
2392 * here -- in particular, we've heard of one that's perfectly happy
2393 * with SSH1_MSG_IGNOREs -- but this string never seems to change,
2394 * so we can't distinguish them.
2396 if (ssh->cfg.sshbug_ignore1 == FORCE_ON ||
2397 (ssh->cfg.sshbug_ignore1 == AUTO &&
2398 (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
2399 !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
2400 !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
2401 !strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
2403 * These versions don't support SSH1_MSG_IGNORE, so we have
2404 * to use a different defence against password length
2407 ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
2408 logevent("We believe remote version has SSH-1 ignore bug");
2411 if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
2412 (ssh->cfg.sshbug_plainpw1 == AUTO &&
2413 (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
2415 * These versions need a plain password sent; they can't
2416 * handle having a null and a random length of data after
2419 ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
2420 logevent("We believe remote version needs a plain SSH-1 password");
2423 if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
2424 (ssh->cfg.sshbug_rsa1 == AUTO &&
2425 (!strcmp(imp, "Cisco-1.25")))) {
2427 * These versions apparently have no clue whatever about
2428 * RSA authentication and will panic and die if they see
2429 * an AUTH_RSA message.
2431 ssh->remote_bugs |= BUG_CHOKES_ON_RSA;
2432 logevent("We believe remote version can't handle SSH-1 RSA authentication");
2435 if (ssh->cfg.sshbug_hmac2 == FORCE_ON ||
2436 (ssh->cfg.sshbug_hmac2 == AUTO &&
2437 !wc_match("* VShell", imp) &&
2438 (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
2439 wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
2440 wc_match("2.1 *", imp)))) {
2442 * These versions have the HMAC bug.
2444 ssh->remote_bugs |= BUG_SSH2_HMAC;
2445 logevent("We believe remote version has SSH-2 HMAC bug");
2448 if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
2449 (ssh->cfg.sshbug_derivekey2 == AUTO &&
2450 !wc_match("* VShell", imp) &&
2451 (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
2453 * These versions have the key-derivation bug (failing to
2454 * include the literal shared secret in the hashes that
2455 * generate the keys).
2457 ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
2458 logevent("We believe remote version has SSH-2 key-derivation bug");
2461 if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
2462 (ssh->cfg.sshbug_rsapad2 == AUTO &&
2463 (wc_match("OpenSSH_2.[5-9]*", imp) ||
2464 wc_match("OpenSSH_3.[0-2]*", imp)))) {
2466 * These versions have the SSH-2 RSA padding bug.
2468 ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
2469 logevent("We believe remote version has SSH-2 RSA padding bug");
2472 if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
2473 (ssh->cfg.sshbug_pksessid2 == AUTO &&
2474 wc_match("OpenSSH_2.[0-2]*", imp))) {
2476 * These versions have the SSH-2 session-ID bug in
2477 * public-key authentication.
2479 ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
2480 logevent("We believe remote version has SSH-2 public-key-session-ID bug");
2483 if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
2484 (ssh->cfg.sshbug_rekey2 == AUTO &&
2485 (wc_match("DigiSSH_2.0", imp) ||
2486 wc_match("OpenSSH_2.[0-4]*", imp) ||
2487 wc_match("OpenSSH_2.5.[0-3]*", imp) ||
2488 wc_match("Sun_SSH_1.0", imp) ||
2489 wc_match("Sun_SSH_1.0.1", imp) ||
2490 /* All versions <= 1.2.6 (they changed their format in 1.2.7) */
2491 wc_match("WeOnlyDo-*", imp)))) {
2493 * These versions have the SSH-2 rekey bug.
2495 ssh->remote_bugs |= BUG_SSH2_REKEY;
2496 logevent("We believe remote version has SSH-2 rekey bug");
2499 if (ssh->cfg.sshbug_maxpkt2 == FORCE_ON ||
2500 (ssh->cfg.sshbug_maxpkt2 == AUTO &&
2501 (wc_match("1.36_sshlib GlobalSCAPE", imp) ||
2502 wc_match("1.36 sshlib: GlobalScape", imp)))) {
2504 * This version ignores our makpkt and needs to be throttled.
2506 ssh->remote_bugs |= BUG_SSH2_MAXPKT;
2507 logevent("We believe remote version ignores SSH-2 maximum packet size");
2512 * The `software version' part of an SSH version string is required
2513 * to contain no spaces or minus signs.
2515 static void ssh_fix_verstring(char *str)
2517 /* Eat "SSH-<protoversion>-". */
2518 assert(*str == 'S'); str++;
2519 assert(*str == 'S'); str++;
2520 assert(*str == 'H'); str++;
2521 assert(*str == '-'); str++;
2522 while (*str && *str != '-') str++;
2523 assert(*str == '-'); str++;
2525 /* Convert minus signs and spaces in the remaining string into
2528 if (*str == '-' || *str == ' ')
2535 * Send an appropriate SSH version string.
2537 static void ssh_send_verstring(Ssh ssh, char *svers)
2541 if (ssh->version == 2) {
2543 * Construct a v2 version string.
2545 verstring = dupprintf("SSH-2.0-%s\015\012", sshver);
2548 * Construct a v1 version string.
2550 verstring = dupprintf("SSH-%s-%s\012",
2551 (ssh_versioncmp(svers, "1.5") <= 0 ?
2556 ssh_fix_verstring(verstring);
2558 if (ssh->version == 2) {
2561 * Record our version string.
2563 len = strcspn(verstring, "\015\012");
2564 ssh->v_c = snewn(len + 1, char);
2565 memcpy(ssh->v_c, verstring, len);
2569 logeventf(ssh, "We claim version: %.*s",
2570 strcspn(verstring, "\015\012"), verstring);
2571 s_write(ssh, verstring, strlen(verstring));
2575 static int do_ssh_init(Ssh ssh, unsigned char c)
2577 struct do_ssh_init_state {
2585 crState(do_ssh_init_state);
2587 crBegin(ssh->do_ssh_init_crstate);
2589 /* Search for a line beginning with the string "SSH-" in the input. */
2591 if (c != 'S') goto no;
2593 if (c != 'S') goto no;
2595 if (c != 'H') goto no;
2597 if (c != '-') goto no;
2606 s->vstring = snewn(s->vstrsize, char);
2607 strcpy(s->vstring, "SSH-");
2611 crReturn(1); /* get another char */
2612 if (s->vslen >= s->vstrsize - 1) {
2614 s->vstring = sresize(s->vstring, s->vstrsize, char);
2616 s->vstring[s->vslen++] = c;
2619 s->version[s->i] = '\0';
2621 } else if (s->i < sizeof(s->version) - 1)
2622 s->version[s->i++] = c;
2623 } else if (c == '\012')
2627 ssh->agentfwd_enabled = FALSE;
2628 ssh->rdpkt2_state.incoming_sequence = 0;
2630 s->vstring[s->vslen] = 0;
2631 s->vstring[strcspn(s->vstring, "\015\012")] = '\0';/* remove EOL chars */
2632 logeventf(ssh, "Server version: %s", s->vstring);
2633 ssh_detect_bugs(ssh, s->vstring);
2636 * Decide which SSH protocol version to support.
2639 /* Anything strictly below "2.0" means protocol 1 is supported. */
2640 s->proto1 = ssh_versioncmp(s->version, "2.0") < 0;
2641 /* Anything greater or equal to "1.99" means protocol 2 is supported. */
2642 s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
2644 if (ssh->cfg.sshprot == 0 && !s->proto1) {
2645 bombout(("SSH protocol version 1 required by user but not provided by server"));
2648 if (ssh->cfg.sshprot == 3 && !s->proto2) {
2649 bombout(("SSH protocol version 2 required by user but not provided by server"));
2653 if (s->proto2 && (ssh->cfg.sshprot >= 2 || !s->proto1))
2658 logeventf(ssh, "Using SSH protocol version %d", ssh->version);
2660 /* Send the version string, if we haven't already */
2661 if (ssh->cfg.sshprot != 3)
2662 ssh_send_verstring(ssh, s->version);
2664 if (ssh->version == 2) {
2667 * Record their version string.
2669 len = strcspn(s->vstring, "\015\012");
2670 ssh->v_s = snewn(len + 1, char);
2671 memcpy(ssh->v_s, s->vstring, len);
2675 * Initialise SSH-2 protocol.
2677 ssh->protocol = ssh2_protocol;
2678 ssh2_protocol_setup(ssh);
2679 ssh->s_rdpkt = ssh2_rdpkt;
2682 * Initialise SSH-1 protocol.
2684 ssh->protocol = ssh1_protocol;
2685 ssh1_protocol_setup(ssh);
2686 ssh->s_rdpkt = ssh1_rdpkt;
2688 if (ssh->version == 2)
2689 do_ssh2_transport(ssh, NULL, -1, NULL);
2691 update_specials_menu(ssh->frontend);
2692 ssh->state = SSH_STATE_BEFORE_SIZE;
2693 ssh->pinger = pinger_new(&ssh->cfg, &ssh_backend, ssh);
2700 static void ssh_process_incoming_data(Ssh ssh,
2701 unsigned char **data, int *datalen)
2703 struct Packet *pktin;
2705 pktin = ssh->s_rdpkt(ssh, data, datalen);
2707 ssh->protocol(ssh, NULL, 0, pktin);
2708 ssh_free_packet(pktin);
2712 static void ssh_queue_incoming_data(Ssh ssh,
2713 unsigned char **data, int *datalen)
2715 bufchain_add(&ssh->queued_incoming_data, *data, *datalen);
2720 static void ssh_process_queued_incoming_data(Ssh ssh)
2723 unsigned char *data;
2726 while (!ssh->frozen && bufchain_size(&ssh->queued_incoming_data)) {
2727 bufchain_prefix(&ssh->queued_incoming_data, &vdata, &len);
2731 while (!ssh->frozen && len > 0)
2732 ssh_process_incoming_data(ssh, &data, &len);
2735 bufchain_consume(&ssh->queued_incoming_data, origlen - len);
2739 static void ssh_set_frozen(Ssh ssh, int frozen)
2742 sk_set_frozen(ssh->s, frozen);
2743 ssh->frozen = frozen;
2746 static void ssh_gotdata(Ssh ssh, unsigned char *data, int datalen)
2748 /* Log raw data, if we're in that mode. */
2750 log_packet(ssh->logctx, PKT_INCOMING, -1, NULL, data, datalen,
2753 crBegin(ssh->ssh_gotdata_crstate);
2756 * To begin with, feed the characters one by one to the
2757 * protocol initialisation / selection function do_ssh_init().
2758 * When that returns 0, we're done with the initial greeting
2759 * exchange and can move on to packet discipline.
2762 int ret; /* need not be kept across crReturn */
2764 crReturnV; /* more data please */
2765 ret = do_ssh_init(ssh, *data);
2773 * We emerge from that loop when the initial negotiation is
2774 * over and we have selected an s_rdpkt function. Now pass
2775 * everything to s_rdpkt, and then pass the resulting packets
2776 * to the proper protocol handler.
2780 while (bufchain_size(&ssh->queued_incoming_data) > 0 || datalen > 0) {
2782 ssh_queue_incoming_data(ssh, &data, &datalen);
2783 /* This uses up all data and cannot cause anything interesting
2784 * to happen; indeed, for anything to happen at all, we must
2785 * return, so break out. */
2787 } else if (bufchain_size(&ssh->queued_incoming_data) > 0) {
2788 /* This uses up some or all data, and may freeze the
2790 ssh_process_queued_incoming_data(ssh);
2792 /* This uses up some or all data, and may freeze the
2794 ssh_process_incoming_data(ssh, &data, &datalen);
2796 /* FIXME this is probably EBW. */
2797 if (ssh->state == SSH_STATE_CLOSED)
2800 /* We're out of data. Go and get some more. */
2806 static int ssh_do_close(Ssh ssh, int notify_exit)
2809 struct ssh_channel *c;
2811 ssh->state = SSH_STATE_CLOSED;
2812 expire_timer_context(ssh);
2817 notify_remote_exit(ssh->frontend);
2822 * Now we must shut down any port- and X-forwarded channels going
2823 * through this connection.
2825 if (ssh->channels) {
2826 while (NULL != (c = index234(ssh->channels, 0))) {
2829 x11_close(c->u.x11.s);
2832 pfd_close(c->u.pfd.s);
2835 del234(ssh->channels, c); /* moving next one to index 0 */
2836 if (ssh->version == 2)
2837 bufchain_clear(&c->v.v2.outbuffer);
2842 * Go through port-forwardings, and close any associated
2843 * listening sockets.
2845 if (ssh->portfwds) {
2846 struct ssh_portfwd *pf;
2847 while (NULL != (pf = index234(ssh->portfwds, 0))) {
2848 /* Dispose of any listening socket. */
2850 pfd_terminate(pf->local);
2851 del234(ssh->portfwds, pf); /* moving next one to index 0 */
2859 static void ssh_log(Plug plug, int type, SockAddr addr, int port,
2860 const char *error_msg, int error_code)
2862 Ssh ssh = (Ssh) plug;
2863 char addrbuf[256], *msg;
2865 sk_getaddr(addr, addrbuf, lenof(addrbuf));
2868 msg = dupprintf("Connecting to %s port %d", addrbuf, port);
2870 msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg);
2876 static int ssh_closing(Plug plug, const char *error_msg, int error_code,
2879 Ssh ssh = (Ssh) plug;
2880 int need_notify = ssh_do_close(ssh, FALSE);
2883 if (!ssh->close_expected)
2884 error_msg = "Server unexpectedly closed network connection";
2886 error_msg = "Server closed network connection";
2889 if (ssh->close_expected && ssh->clean_exit && ssh->exitcode < 0)
2893 notify_remote_exit(ssh->frontend);
2896 logevent(error_msg);
2897 if (!ssh->close_expected || !ssh->clean_exit)
2898 connection_fatal(ssh->frontend, "%s", error_msg);
2902 static int ssh_receive(Plug plug, int urgent, char *data, int len)
2904 Ssh ssh = (Ssh) plug;
2905 ssh_gotdata(ssh, (unsigned char *)data, len);
2906 if (ssh->state == SSH_STATE_CLOSED) {
2907 ssh_do_close(ssh, TRUE);
2913 static void ssh_sent(Plug plug, int bufsize)
2915 Ssh ssh = (Ssh) plug;
2917 * If the send backlog on the SSH socket itself clears, we
2918 * should unthrottle the whole world if it was throttled.
2920 if (bufsize < SSH_MAX_BACKLOG)
2921 ssh_throttle_all(ssh, 0, bufsize);
2925 * Connect to specified host and port.
2926 * Returns an error message, or NULL on success.
2927 * Also places the canonical host name into `realhost'. It must be
2928 * freed by the caller.
2930 static const char *connect_to_host(Ssh ssh, char *host, int port,
2931 char **realhost, int nodelay, int keepalive)
2933 static const struct plug_function_table fn_table = {
2944 if (*ssh->cfg.loghost) {
2947 ssh->savedhost = dupstr(ssh->cfg.loghost);
2948 ssh->savedport = 22; /* default ssh port */
2951 * A colon suffix on savedhost also lets us affect
2954 * (FIXME: do something about IPv6 address literals here.)
2956 colon = strrchr(ssh->savedhost, ':');
2960 ssh->savedport = atoi(colon);
2963 ssh->savedhost = dupstr(host);
2965 port = 22; /* default ssh port */
2966 ssh->savedport = port;
2972 logeventf(ssh, "Looking up host \"%s\"%s", host,
2973 (ssh->cfg.addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
2974 (ssh->cfg.addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
2975 addr = name_lookup(host, port, realhost, &ssh->cfg,
2976 ssh->cfg.addressfamily);
2977 if ((err = sk_addr_error(addr)) != NULL) {
2981 ssh->fullhostname = dupstr(*realhost); /* save in case of GSSAPI */
2986 ssh->fn = &fn_table;
2987 ssh->s = new_connection(addr, *realhost, port,
2988 0, 1, nodelay, keepalive, (Plug) ssh, &ssh->cfg);
2989 if ((err = sk_socket_error(ssh->s)) != NULL) {
2991 notify_remote_exit(ssh->frontend);
2996 * If the SSH version number's fixed, set it now, and if it's SSH-2,
2997 * send the version string too.
2999 if (ssh->cfg.sshprot == 0)
3001 if (ssh->cfg.sshprot == 3) {
3003 ssh_send_verstring(ssh, NULL);
3007 * loghost, if configured, overrides realhost.
3009 if (*ssh->cfg.loghost) {
3011 *realhost = dupstr(ssh->cfg.loghost);
3018 * Throttle or unthrottle the SSH connection.
3020 static void ssh_throttle_conn(Ssh ssh, int adjust)
3022 int old_count = ssh->conn_throttle_count;
3023 ssh->conn_throttle_count += adjust;
3024 assert(ssh->conn_throttle_count >= 0);
3025 if (ssh->conn_throttle_count && !old_count) {
3026 ssh_set_frozen(ssh, 1);
3027 } else if (!ssh->conn_throttle_count && old_count) {
3028 ssh_set_frozen(ssh, 0);
3033 * Throttle or unthrottle _all_ local data streams (for when sends
3034 * on the SSH connection itself back up).
3036 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
3039 struct ssh_channel *c;
3041 if (enable == ssh->throttled_all)
3043 ssh->throttled_all = enable;
3044 ssh->overall_bufsize = bufsize;
3047 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
3049 case CHAN_MAINSESSION:
3051 * This is treated separately, outside the switch.
3055 x11_override_throttle(c->u.x11.s, enable);
3058 /* Agent channels require no buffer management. */
3061 pfd_override_throttle(c->u.pfd.s, enable);
3067 static void ssh_agent_callback(void *sshv, void *reply, int replylen)
3069 Ssh ssh = (Ssh) sshv;
3071 ssh->agent_response = reply;
3072 ssh->agent_response_len = replylen;
3074 if (ssh->version == 1)
3075 do_ssh1_login(ssh, NULL, -1, NULL);
3077 do_ssh2_authconn(ssh, NULL, -1, NULL);
3080 static void ssh_dialog_callback(void *sshv, int ret)
3082 Ssh ssh = (Ssh) sshv;
3084 ssh->user_response = ret;
3086 if (ssh->version == 1)
3087 do_ssh1_login(ssh, NULL, -1, NULL);
3089 do_ssh2_transport(ssh, NULL, -1, NULL);
3092 * This may have unfrozen the SSH connection, so do a
3095 ssh_process_queued_incoming_data(ssh);
3098 static void ssh_agentf_callback(void *cv, void *reply, int replylen)
3100 struct ssh_channel *c = (struct ssh_channel *)cv;
3102 void *sentreply = reply;
3105 /* Fake SSH_AGENT_FAILURE. */
3106 sentreply = "\0\0\0\1\5";
3109 if (ssh->version == 2) {
3110 ssh2_add_channel_data(c, sentreply, replylen);
3113 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
3114 PKT_INT, c->remoteid,
3117 PKT_DATA, sentreply, replylen,
3126 * Client-initiated disconnection. Send a DISCONNECT if `wire_reason'
3127 * non-NULL, otherwise just close the connection. `client_reason' == NULL
3128 * => log `wire_reason'.
3130 static void ssh_disconnect(Ssh ssh, char *client_reason, char *wire_reason,
3131 int code, int clean_exit)
3135 client_reason = wire_reason;
3137 error = dupprintf("Disconnected: %s", client_reason);
3139 error = dupstr("Disconnected");
3141 if (ssh->version == 1) {
3142 send_packet(ssh, SSH1_MSG_DISCONNECT, PKT_STR, wire_reason,
3144 } else if (ssh->version == 2) {
3145 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
3146 ssh2_pkt_adduint32(pktout, code);
3147 ssh2_pkt_addstring(pktout, wire_reason);
3148 ssh2_pkt_addstring(pktout, "en"); /* language tag */
3149 ssh2_pkt_send_noqueue(ssh, pktout);
3152 ssh->close_expected = TRUE;
3153 ssh->clean_exit = clean_exit;
3154 ssh_closing((Plug)ssh, error, 0, 0);
3159 * Handle the key exchange and user authentication phases.
3161 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
3162 struct Packet *pktin)
3165 unsigned char cookie[8], *ptr;
3166 struct RSAKey servkey, hostkey;
3167 struct MD5Context md5c;
3168 struct do_ssh1_login_state {
3170 unsigned char *rsabuf, *keystr1, *keystr2;
3171 unsigned long supported_ciphers_mask, supported_auths_mask;
3172 int tried_publickey, tried_agent;
3173 int tis_auth_refused, ccard_auth_refused;
3174 unsigned char session_id[16];
3177 void *publickey_blob;
3178 int publickey_bloblen;
3179 char *publickey_comment;
3180 int publickey_encrypted;
3181 prompts_t *cur_prompt;
3184 unsigned char request[5], *response, *p;
3194 crState(do_ssh1_login_state);
3196 crBegin(ssh->do_ssh1_login_crstate);
3201 if (pktin->type != SSH1_SMSG_PUBLIC_KEY) {
3202 bombout(("Public key packet not received"));
3206 logevent("Received public keys");
3208 ptr = ssh_pkt_getdata(pktin, 8);
3210 bombout(("SSH-1 public key packet stopped before random cookie"));
3213 memcpy(cookie, ptr, 8);
3215 if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
3216 !ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
3217 bombout(("Failed to read SSH-1 public keys from public key packet"));
3222 * Log the host key fingerprint.
3226 logevent("Host key fingerprint is:");
3227 strcpy(logmsg, " ");
3228 hostkey.comment = NULL;
3229 rsa_fingerprint(logmsg + strlen(logmsg),
3230 sizeof(logmsg) - strlen(logmsg), &hostkey);
3234 ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
3235 s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
3236 s->supported_auths_mask = ssh_pkt_getuint32(pktin);
3237 if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA))
3238 s->supported_auths_mask &= ~(1 << SSH1_AUTH_RSA);
3240 ssh->v1_local_protoflags =
3241 ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
3242 ssh->v1_local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
3245 MD5Update(&md5c, s->keystr2, hostkey.bytes);
3246 MD5Update(&md5c, s->keystr1, servkey.bytes);
3247 MD5Update(&md5c, cookie, 8);
3248 MD5Final(s->session_id, &md5c);
3250 for (i = 0; i < 32; i++)
3251 ssh->session_key[i] = random_byte();
3254 * Verify that the `bits' and `bytes' parameters match.
3256 if (hostkey.bits > hostkey.bytes * 8 ||
3257 servkey.bits > servkey.bytes * 8) {
3258 bombout(("SSH-1 public keys were badly formatted"));
3262 s->len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
3264 s->rsabuf = snewn(s->len, unsigned char);
3267 * Verify the host key.
3271 * First format the key into a string.
3273 int len = rsastr_len(&hostkey);
3274 char fingerprint[100];
3275 char *keystr = snewn(len, char);
3276 rsastr_fmt(keystr, &hostkey);
3277 rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey);
3279 ssh_set_frozen(ssh, 1);
3280 s->dlgret = verify_ssh_host_key(ssh->frontend,
3281 ssh->savedhost, ssh->savedport,
3282 "rsa", keystr, fingerprint,
3283 ssh_dialog_callback, ssh);
3285 if (s->dlgret < 0) {
3289 bombout(("Unexpected data from server while waiting"
3290 " for user host key response"));
3293 } while (pktin || inlen > 0);
3294 s->dlgret = ssh->user_response;
3296 ssh_set_frozen(ssh, 0);
3298 if (s->dlgret == 0) {
3299 ssh_disconnect(ssh, "User aborted at host key verification",
3305 for (i = 0; i < 32; i++) {
3306 s->rsabuf[i] = ssh->session_key[i];
3308 s->rsabuf[i] ^= s->session_id[i];
3311 if (hostkey.bytes > servkey.bytes) {
3312 ret = rsaencrypt(s->rsabuf, 32, &servkey);
3314 ret = rsaencrypt(s->rsabuf, servkey.bytes, &hostkey);
3316 ret = rsaencrypt(s->rsabuf, 32, &hostkey);
3318 ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
3321 bombout(("SSH-1 public key encryptions failed due to bad formatting"));
3325 logevent("Encrypted session key");
3328 int cipher_chosen = 0, warn = 0;
3329 char *cipher_string = NULL;
3331 for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
3332 int next_cipher = ssh->cfg.ssh_cipherlist[i];
3333 if (next_cipher == CIPHER_WARN) {
3334 /* If/when we choose a cipher, warn about it */
3336 } else if (next_cipher == CIPHER_AES) {
3337 /* XXX Probably don't need to mention this. */
3338 logevent("AES not supported in SSH-1, skipping");
3340 switch (next_cipher) {
3341 case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
3342 cipher_string = "3DES"; break;
3343 case CIPHER_BLOWFISH: s->cipher_type = SSH_CIPHER_BLOWFISH;
3344 cipher_string = "Blowfish"; break;
3345 case CIPHER_DES: s->cipher_type = SSH_CIPHER_DES;
3346 cipher_string = "single-DES"; break;
3348 if (s->supported_ciphers_mask & (1 << s->cipher_type))
3352 if (!cipher_chosen) {
3353 if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
3354 bombout(("Server violates SSH-1 protocol by not "
3355 "supporting 3DES encryption"));
3357 /* shouldn't happen */
3358 bombout(("No supported ciphers found"));
3362 /* Warn about chosen cipher if necessary. */
3364 ssh_set_frozen(ssh, 1);
3365 s->dlgret = askalg(ssh->frontend, "cipher", cipher_string,
3366 ssh_dialog_callback, ssh);
3367 if (s->dlgret < 0) {
3371 bombout(("Unexpected data from server while waiting"
3372 " for user response"));
3375 } while (pktin || inlen > 0);
3376 s->dlgret = ssh->user_response;
3378 ssh_set_frozen(ssh, 0);
3379 if (s->dlgret == 0) {
3380 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
3387 switch (s->cipher_type) {
3388 case SSH_CIPHER_3DES:
3389 logevent("Using 3DES encryption");
3391 case SSH_CIPHER_DES:
3392 logevent("Using single-DES encryption");
3394 case SSH_CIPHER_BLOWFISH:
3395 logevent("Using Blowfish encryption");
3399 send_packet(ssh, SSH1_CMSG_SESSION_KEY,
3400 PKT_CHAR, s->cipher_type,
3401 PKT_DATA, cookie, 8,
3402 PKT_CHAR, (s->len * 8) >> 8, PKT_CHAR, (s->len * 8) & 0xFF,
3403 PKT_DATA, s->rsabuf, s->len,
3404 PKT_INT, ssh->v1_local_protoflags, PKT_END);
3406 logevent("Trying to enable encryption...");
3410 ssh->cipher = (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 :
3411 s->cipher_type == SSH_CIPHER_DES ? &ssh_des :
3413 ssh->v1_cipher_ctx = ssh->cipher->make_context();
3414 ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key);
3415 logeventf(ssh, "Initialised %s encryption", ssh->cipher->text_name);
3417 ssh->crcda_ctx = crcda_make_context();
3418 logevent("Installing CRC compensation attack detector");
3420 if (servkey.modulus) {
3421 sfree(servkey.modulus);
3422 servkey.modulus = NULL;
3424 if (servkey.exponent) {
3425 sfree(servkey.exponent);
3426 servkey.exponent = NULL;
3428 if (hostkey.modulus) {
3429 sfree(hostkey.modulus);
3430 hostkey.modulus = NULL;
3432 if (hostkey.exponent) {
3433 sfree(hostkey.exponent);
3434 hostkey.exponent = NULL;
3438 if (pktin->type != SSH1_SMSG_SUCCESS) {
3439 bombout(("Encryption not successfully enabled"));
3443 logevent("Successfully started encryption");
3445 fflush(stdout); /* FIXME eh? */
3447 if (!get_remote_username(&ssh->cfg, s->username,
3448 sizeof(s->username))) {
3449 int ret; /* need not be kept over crReturn */
3450 s->cur_prompt = new_prompts(ssh->frontend);
3451 s->cur_prompt->to_server = TRUE;
3452 s->cur_prompt->name = dupstr("SSH login name");
3453 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE,
3454 lenof(s->username));
3455 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3458 crWaitUntil(!pktin);
3459 ret = get_userpass_input(s->cur_prompt, in, inlen);
3464 * Failed to get a username. Terminate.
3466 free_prompts(s->cur_prompt);
3467 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
3470 memcpy(s->username, s->cur_prompt->prompts[0]->result,
3471 lenof(s->username));
3472 free_prompts(s->cur_prompt);
3475 send_packet(ssh, SSH1_CMSG_USER, PKT_STR, s->username, PKT_END);
3477 char *userlog = dupprintf("Sent username \"%s\"", s->username);
3479 if (flags & FLAG_INTERACTIVE &&
3480 (!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
3481 c_write_str(ssh, userlog);
3482 c_write_str(ssh, "\r\n");
3490 if ((s->supported_auths_mask & (1 << SSH1_AUTH_RSA)) == 0) {
3491 /* We must not attempt PK auth. Pretend we've already tried it. */
3492 s->tried_publickey = s->tried_agent = 1;
3494 s->tried_publickey = s->tried_agent = 0;
3496 s->tis_auth_refused = s->ccard_auth_refused = 0;
3498 * Load the public half of any configured keyfile for later use.
3500 if (!filename_is_null(ssh->cfg.keyfile)) {
3502 logeventf(ssh, "Reading private key file \"%.150s\"",
3503 filename_to_str(&ssh->cfg.keyfile));
3504 keytype = key_type(&ssh->cfg.keyfile);
3505 if (keytype == SSH_KEYTYPE_SSH1) {
3507 if (rsakey_pubblob(&ssh->cfg.keyfile,
3508 &s->publickey_blob, &s->publickey_bloblen,
3509 &s->publickey_comment, &error)) {
3510 s->publickey_encrypted = rsakey_encrypted(&ssh->cfg.keyfile,
3514 logeventf(ssh, "Unable to load private key (%s)", error);
3515 msgbuf = dupprintf("Unable to load private key file "
3516 "\"%.150s\" (%s)\r\n",
3517 filename_to_str(&ssh->cfg.keyfile),
3519 c_write_str(ssh, msgbuf);
3521 s->publickey_blob = NULL;
3525 logeventf(ssh, "Unable to use this key file (%s)",
3526 key_type_to_str(keytype));
3527 msgbuf = dupprintf("Unable to use key file \"%.150s\""
3529 filename_to_str(&ssh->cfg.keyfile),
3530 key_type_to_str(keytype));
3531 c_write_str(ssh, msgbuf);
3533 s->publickey_blob = NULL;
3536 s->publickey_blob = NULL;
3538 while (pktin->type == SSH1_SMSG_FAILURE) {
3539 s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
3541 if (ssh->cfg.tryagent && agent_exists() && !s->tried_agent) {
3543 * Attempt RSA authentication using Pageant.
3549 logevent("Pageant is running. Requesting keys.");
3551 /* Request the keys held by the agent. */
3552 PUT_32BIT(s->request, 1);
3553 s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
3554 if (!agent_query(s->request, 5, &r, &s->responselen,
3555 ssh_agent_callback, ssh)) {
3559 bombout(("Unexpected data from server while waiting"
3560 " for agent response"));
3563 } while (pktin || inlen > 0);
3564 r = ssh->agent_response;
3565 s->responselen = ssh->agent_response_len;
3567 s->response = (unsigned char *) r;
3568 if (s->response && s->responselen >= 5 &&
3569 s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
3570 s->p = s->response + 5;
3571 s->nkeys = GET_32BIT(s->p);
3573 logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
3574 for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
3575 unsigned char *pkblob = s->p;
3579 do { /* do while (0) to make breaking easy */
3580 n = ssh1_read_bignum
3581 (s->p, s->responselen-(s->p-s->response),
3586 n = ssh1_read_bignum
3587 (s->p, s->responselen-(s->p-s->response),
3592 if (s->responselen - (s->p-s->response) < 4)
3594 s->commentlen = GET_32BIT(s->p);
3596 if (s->responselen - (s->p-s->response) <
3599 s->commentp = (char *)s->p;
3600 s->p += s->commentlen;
3604 logevent("Pageant key list packet was truncated");
3608 if (s->publickey_blob) {
3609 if (!memcmp(pkblob, s->publickey_blob,
3610 s->publickey_bloblen)) {
3611 logeventf(ssh, "Pageant key #%d matches "
3612 "configured key file", s->keyi);
3613 s->tried_publickey = 1;
3615 /* Skip non-configured key */
3618 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
3619 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3620 PKT_BIGNUM, s->key.modulus, PKT_END);
3622 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3623 logevent("Key refused");
3626 logevent("Received RSA challenge");
3627 if ((s->challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3628 bombout(("Server's RSA challenge was badly formatted"));
3633 char *agentreq, *q, *ret;
3636 len = 1 + 4; /* message type, bit count */
3637 len += ssh1_bignum_length(s->key.exponent);
3638 len += ssh1_bignum_length(s->key.modulus);
3639 len += ssh1_bignum_length(s->challenge);
3640 len += 16; /* session id */
3641 len += 4; /* response format */
3642 agentreq = snewn(4 + len, char);
3643 PUT_32BIT(agentreq, len);
3645 *q++ = SSH1_AGENTC_RSA_CHALLENGE;
3646 PUT_32BIT(q, bignum_bitcount(s->key.modulus));
3648 q += ssh1_write_bignum(q, s->key.exponent);
3649 q += ssh1_write_bignum(q, s->key.modulus);
3650 q += ssh1_write_bignum(q, s->challenge);
3651 memcpy(q, s->session_id, 16);
3653 PUT_32BIT(q, 1); /* response format */
3654 if (!agent_query(agentreq, len + 4, &vret, &retlen,
3655 ssh_agent_callback, ssh)) {
3660 bombout(("Unexpected data from server"
3661 " while waiting for agent"
3665 } while (pktin || inlen > 0);
3666 vret = ssh->agent_response;
3667 retlen = ssh->agent_response_len;
3672 if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
3673 logevent("Sending Pageant's response");
3674 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3675 PKT_DATA, ret + 5, 16,
3679 if (pktin->type == SSH1_SMSG_SUCCESS) {
3681 ("Pageant's response accepted");
3682 if (flags & FLAG_VERBOSE) {
3683 c_write_str(ssh, "Authenticated using"
3685 c_write(ssh, s->commentp,
3687 c_write_str(ssh, "\" from agent\r\n");
3692 ("Pageant's response not accepted");
3695 ("Pageant failed to answer challenge");
3699 logevent("No reply received from Pageant");
3702 freebn(s->key.exponent);
3703 freebn(s->key.modulus);
3704 freebn(s->challenge);
3709 if (s->publickey_blob && !s->tried_publickey)
3710 logevent("Configured key file not in Pageant");
3715 if (s->publickey_blob && !s->tried_publickey) {
3717 * Try public key authentication with the specified
3720 int got_passphrase; /* need not be kept over crReturn */
3721 if (flags & FLAG_VERBOSE)
3722 c_write_str(ssh, "Trying public key authentication.\r\n");
3723 logeventf(ssh, "Trying public key \"%s\"",
3724 filename_to_str(&ssh->cfg.keyfile));
3725 s->tried_publickey = 1;
3726 got_passphrase = FALSE;
3727 while (!got_passphrase) {
3729 * Get a passphrase, if necessary.
3731 char *passphrase = NULL; /* only written after crReturn */
3733 if (!s->publickey_encrypted) {
3734 if (flags & FLAG_VERBOSE)
3735 c_write_str(ssh, "No passphrase required.\r\n");
3738 int ret; /* need not be kept over crReturn */
3739 s->cur_prompt = new_prompts(ssh->frontend);
3740 s->cur_prompt->to_server = FALSE;
3741 s->cur_prompt->name = dupstr("SSH key passphrase");
3742 add_prompt(s->cur_prompt,
3743 dupprintf("Passphrase for key \"%.100s\": ",
3744 s->publickey_comment),
3745 FALSE, SSH_MAX_PASSWORD_LEN);
3746 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3749 crWaitUntil(!pktin);
3750 ret = get_userpass_input(s->cur_prompt, in, inlen);
3754 /* Failed to get a passphrase. Terminate. */
3755 free_prompts(s->cur_prompt);
3756 ssh_disconnect(ssh, NULL, "Unable to authenticate",
3760 passphrase = dupstr(s->cur_prompt->prompts[0]->result);
3761 free_prompts(s->cur_prompt);
3764 * Try decrypting key with passphrase.
3766 ret = loadrsakey(&ssh->cfg.keyfile, &s->key, passphrase,
3769 memset(passphrase, 0, strlen(passphrase));
3773 /* Correct passphrase. */
3774 got_passphrase = TRUE;
3775 } else if (ret == 0) {
3776 c_write_str(ssh, "Couldn't load private key from ");
3777 c_write_str(ssh, filename_to_str(&ssh->cfg.keyfile));
3778 c_write_str(ssh, " (");
3779 c_write_str(ssh, error);
3780 c_write_str(ssh, ").\r\n");
3781 got_passphrase = FALSE;
3782 break; /* go and try something else */
3783 } else if (ret == -1) {
3784 c_write_str(ssh, "Wrong passphrase.\r\n"); /* FIXME */
3785 got_passphrase = FALSE;
3788 assert(0 && "unexpected return from loadrsakey()");
3789 got_passphrase = FALSE; /* placate optimisers */
3793 if (got_passphrase) {
3796 * Send a public key attempt.
3798 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3799 PKT_BIGNUM, s->key.modulus, PKT_END);
3802 if (pktin->type == SSH1_SMSG_FAILURE) {
3803 c_write_str(ssh, "Server refused our public key.\r\n");
3804 continue; /* go and try something else */
3806 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3807 bombout(("Bizarre response to offer of public key"));
3813 unsigned char buffer[32];
3814 Bignum challenge, response;
3816 if ((challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3817 bombout(("Server's RSA challenge was badly formatted"));
3820 response = rsadecrypt(challenge, &s->key);
3821 freebn(s->key.private_exponent);/* burn the evidence */
3823 for (i = 0; i < 32; i++) {
3824 buffer[i] = bignum_byte(response, 31 - i);
3828 MD5Update(&md5c, buffer, 32);
3829 MD5Update(&md5c, s->session_id, 16);
3830 MD5Final(buffer, &md5c);
3832 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3833 PKT_DATA, buffer, 16, PKT_END);
3840 if (pktin->type == SSH1_SMSG_FAILURE) {
3841 if (flags & FLAG_VERBOSE)
3842 c_write_str(ssh, "Failed to authenticate with"
3843 " our public key.\r\n");
3844 continue; /* go and try something else */
3845 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
3846 bombout(("Bizarre response to RSA authentication response"));
3850 break; /* we're through! */
3856 * Otherwise, try various forms of password-like authentication.
3858 s->cur_prompt = new_prompts(ssh->frontend);
3860 if (ssh->cfg.try_tis_auth &&
3861 (s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
3862 !s->tis_auth_refused) {
3863 s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
3864 logevent("Requested TIS authentication");
3865 send_packet(ssh, SSH1_CMSG_AUTH_TIS, PKT_END);
3867 if (pktin->type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
3868 logevent("TIS authentication declined");
3869 if (flags & FLAG_INTERACTIVE)
3870 c_write_str(ssh, "TIS authentication refused.\r\n");
3871 s->tis_auth_refused = 1;
3876 char *instr_suf, *prompt;
3878 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3880 bombout(("TIS challenge packet was badly formed"));
3883 logevent("Received TIS challenge");
3884 s->cur_prompt->to_server = TRUE;
3885 s->cur_prompt->name = dupstr("SSH TIS authentication");
3886 /* Prompt heuristic comes from OpenSSH */
3887 if (memchr(challenge, '\n', challengelen)) {
3888 instr_suf = dupstr("");
3889 prompt = dupprintf("%.*s", challengelen, challenge);
3891 instr_suf = dupprintf("%.*s", challengelen, challenge);
3892 prompt = dupstr("Response: ");
3894 s->cur_prompt->instruction =
3895 dupprintf("Using TIS authentication.%s%s",
3896 (*instr_suf) ? "\n" : "",
3898 s->cur_prompt->instr_reqd = TRUE;
3899 add_prompt(s->cur_prompt, prompt, FALSE, SSH_MAX_PASSWORD_LEN);
3903 if (ssh->cfg.try_tis_auth &&
3904 (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
3905 !s->ccard_auth_refused) {
3906 s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
3907 logevent("Requested CryptoCard authentication");
3908 send_packet(ssh, SSH1_CMSG_AUTH_CCARD, PKT_END);
3910 if (pktin->type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
3911 logevent("CryptoCard authentication declined");
3912 c_write_str(ssh, "CryptoCard authentication refused.\r\n");
3913 s->ccard_auth_refused = 1;
3918 char *instr_suf, *prompt;
3920 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3922 bombout(("CryptoCard challenge packet was badly formed"));
3925 logevent("Received CryptoCard challenge");
3926 s->cur_prompt->to_server = TRUE;
3927 s->cur_prompt->name = dupstr("SSH CryptoCard authentication");
3928 s->cur_prompt->name_reqd = FALSE;
3929 /* Prompt heuristic comes from OpenSSH */
3930 if (memchr(challenge, '\n', challengelen)) {
3931 instr_suf = dupstr("");
3932 prompt = dupprintf("%.*s", challengelen, challenge);
3934 instr_suf = dupprintf("%.*s", challengelen, challenge);
3935 prompt = dupstr("Response: ");
3937 s->cur_prompt->instruction =
3938 dupprintf("Using CryptoCard authentication.%s%s",
3939 (*instr_suf) ? "\n" : "",
3941 s->cur_prompt->instr_reqd = TRUE;
3942 add_prompt(s->cur_prompt, prompt, FALSE, SSH_MAX_PASSWORD_LEN);
3946 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
3947 if ((s->supported_auths_mask & (1 << SSH1_AUTH_PASSWORD)) == 0) {
3948 bombout(("No supported authentication methods available"));
3951 s->cur_prompt->to_server = TRUE;
3952 s->cur_prompt->name = dupstr("SSH password");
3953 add_prompt(s->cur_prompt, dupprintf("%.90s@%.90s's password: ",
3954 s->username, ssh->savedhost),
3955 FALSE, SSH_MAX_PASSWORD_LEN);
3959 * Show password prompt, having first obtained it via a TIS
3960 * or CryptoCard exchange if we're doing TIS or CryptoCard
3964 int ret; /* need not be kept over crReturn */
3965 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3968 crWaitUntil(!pktin);
3969 ret = get_userpass_input(s->cur_prompt, in, inlen);
3974 * Failed to get a password (for example
3975 * because one was supplied on the command line
3976 * which has already failed to work). Terminate.
3978 free_prompts(s->cur_prompt);
3979 ssh_disconnect(ssh, NULL, "Unable to authenticate", 0, TRUE);
3984 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
3986 * Defence against traffic analysis: we send a
3987 * whole bunch of packets containing strings of
3988 * different lengths. One of these strings is the
3989 * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
3990 * The others are all random data in
3991 * SSH1_MSG_IGNORE packets. This way a passive
3992 * listener can't tell which is the password, and
3993 * hence can't deduce the password length.
3995 * Anybody with a password length greater than 16
3996 * bytes is going to have enough entropy in their
3997 * password that a listener won't find it _that_
3998 * much help to know how long it is. So what we'll
4001 * - if password length < 16, we send 15 packets
4002 * containing string lengths 1 through 15
4004 * - otherwise, we let N be the nearest multiple
4005 * of 8 below the password length, and send 8
4006 * packets containing string lengths N through
4007 * N+7. This won't obscure the order of
4008 * magnitude of the password length, but it will
4009 * introduce a bit of extra uncertainty.
4011 * A few servers can't deal with SSH1_MSG_IGNORE, at
4012 * least in this context. For these servers, we need
4013 * an alternative defence. We make use of the fact
4014 * that the password is interpreted as a C string:
4015 * so we can append a NUL, then some random data.
4017 * A few servers can deal with neither SSH1_MSG_IGNORE
4018 * here _nor_ a padded password string.
4019 * For these servers we are left with no defences
4020 * against password length sniffing.
4022 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE) &&
4023 !(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4025 * The server can deal with SSH1_MSG_IGNORE, so
4026 * we can use the primary defence.
4028 int bottom, top, pwlen, i;
4031 pwlen = strlen(s->cur_prompt->prompts[0]->result);
4033 bottom = 0; /* zero length passwords are OK! :-) */
4036 bottom = pwlen & ~7;
4040 assert(pwlen >= bottom && pwlen <= top);
4042 randomstr = snewn(top + 1, char);
4044 for (i = bottom; i <= top; i++) {
4046 defer_packet(ssh, s->pwpkt_type,
4047 PKTT_PASSWORD, PKT_STR,
4048 s->cur_prompt->prompts[0]->result,
4049 PKTT_OTHER, PKT_END);
4051 for (j = 0; j < i; j++) {
4053 randomstr[j] = random_byte();
4054 } while (randomstr[j] == '\0');
4056 randomstr[i] = '\0';
4057 defer_packet(ssh, SSH1_MSG_IGNORE,
4058 PKT_STR, randomstr, PKT_END);
4061 logevent("Sending password with camouflage packets");
4062 ssh_pkt_defersend(ssh);
4065 else if (!(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4067 * The server can't deal with SSH1_MSG_IGNORE
4068 * but can deal with padded passwords, so we
4069 * can use the secondary defence.
4075 len = strlen(s->cur_prompt->prompts[0]->result);
4076 if (len < sizeof(string)) {
4078 strcpy(string, s->cur_prompt->prompts[0]->result);
4079 len++; /* cover the zero byte */
4080 while (len < sizeof(string)) {
4081 string[len++] = (char) random_byte();
4084 ss = s->cur_prompt->prompts[0]->result;
4086 logevent("Sending length-padded password");
4087 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4088 PKT_INT, len, PKT_DATA, ss, len,
4089 PKTT_OTHER, PKT_END);
4092 * The server is believed unable to cope with
4093 * any of our password camouflage methods.
4096 len = strlen(s->cur_prompt->prompts[0]->result);
4097 logevent("Sending unpadded password");
4098 send_packet(ssh, s->pwpkt_type,
4099 PKTT_PASSWORD, PKT_INT, len,
4100 PKT_DATA, s->cur_prompt->prompts[0]->result, len,
4101 PKTT_OTHER, PKT_END);
4104 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4105 PKT_STR, s->cur_prompt->prompts[0]->result,
4106 PKTT_OTHER, PKT_END);
4108 logevent("Sent password");
4109 free_prompts(s->cur_prompt);
4111 if (pktin->type == SSH1_SMSG_FAILURE) {
4112 if (flags & FLAG_VERBOSE)
4113 c_write_str(ssh, "Access denied\r\n");
4114 logevent("Authentication refused");
4115 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
4116 bombout(("Strange packet received, type %d", pktin->type));
4122 if (s->publickey_blob) {
4123 sfree(s->publickey_blob);
4124 sfree(s->publickey_comment);
4127 logevent("Authentication successful");
4132 void sshfwd_close(struct ssh_channel *c)
4136 if (ssh->state == SSH_STATE_CLOSED)
4139 if (c && !c->closes) {
4141 * If halfopen is true, we have sent
4142 * CHANNEL_OPEN for this channel, but it hasn't even been
4143 * acknowledged by the server. So we must set a close flag
4144 * on it now, and then when the server acks the channel
4145 * open, we can close it then.
4148 if (ssh->version == 1) {
4149 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4152 struct Packet *pktout;
4153 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
4154 ssh2_pkt_adduint32(pktout, c->remoteid);
4155 ssh2_pkt_send(ssh, pktout);
4158 c->closes = 1; /* sent MSG_CLOSE */
4159 if (c->type == CHAN_X11) {
4161 logevent("Forwarded X11 connection terminated");
4162 } else if (c->type == CHAN_SOCKDATA ||
4163 c->type == CHAN_SOCKDATA_DORMANT) {
4165 logevent("Forwarded port closed");
4170 int sshfwd_write(struct ssh_channel *c, char *buf, int len)
4174 if (ssh->state == SSH_STATE_CLOSED)
4177 if (ssh->version == 1) {
4178 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
4179 PKT_INT, c->remoteid,
4180 PKT_INT, len, PKTT_DATA, PKT_DATA, buf, len,
4181 PKTT_OTHER, PKT_END);
4183 * In SSH-1 we can return 0 here - implying that forwarded
4184 * connections are never individually throttled - because
4185 * the only circumstance that can cause throttling will be
4186 * the whole SSH connection backing up, in which case
4187 * _everything_ will be throttled as a whole.
4191 ssh2_add_channel_data(c, buf, len);
4192 return ssh2_try_send(c);
4196 void sshfwd_unthrottle(struct ssh_channel *c, int bufsize)
4201 if (ssh->state == SSH_STATE_CLOSED)
4204 if (ssh->version == 1) {
4205 buflimit = SSH1_BUFFER_LIMIT;
4207 buflimit = c->v.v2.locmaxwin;
4208 ssh2_set_window(c, bufsize < buflimit ? buflimit - bufsize : 0);
4210 if (c->throttling_conn && bufsize <= buflimit) {
4211 c->throttling_conn = 0;
4212 ssh_throttle_conn(ssh, -1);
4216 static void ssh_queueing_handler(Ssh ssh, struct Packet *pktin)
4218 struct queued_handler *qh = ssh->qhead;
4222 assert(pktin->type == qh->msg1 || pktin->type == qh->msg2);
4225 assert(ssh->packet_dispatch[qh->msg1] == ssh_queueing_handler);
4226 ssh->packet_dispatch[qh->msg1] = NULL;
4229 assert(ssh->packet_dispatch[qh->msg2] == ssh_queueing_handler);
4230 ssh->packet_dispatch[qh->msg2] = NULL;
4234 ssh->qhead = qh->next;
4236 if (ssh->qhead->msg1 > 0) {
4237 assert(ssh->packet_dispatch[ssh->qhead->msg1] == NULL);
4238 ssh->packet_dispatch[ssh->qhead->msg1] = ssh_queueing_handler;
4240 if (ssh->qhead->msg2 > 0) {
4241 assert(ssh->packet_dispatch[ssh->qhead->msg2] == NULL);
4242 ssh->packet_dispatch[ssh->qhead->msg2] = ssh_queueing_handler;
4245 ssh->qhead = ssh->qtail = NULL;
4246 ssh->packet_dispatch[pktin->type] = NULL;
4249 qh->handler(ssh, pktin, qh->ctx);
4254 static void ssh_queue_handler(Ssh ssh, int msg1, int msg2,
4255 chandler_fn_t handler, void *ctx)
4257 struct queued_handler *qh;
4259 qh = snew(struct queued_handler);
4262 qh->handler = handler;
4266 if (ssh->qtail == NULL) {
4270 assert(ssh->packet_dispatch[qh->msg1] == NULL);
4271 ssh->packet_dispatch[qh->msg1] = ssh_queueing_handler;
4274 assert(ssh->packet_dispatch[qh->msg2] == NULL);
4275 ssh->packet_dispatch[qh->msg2] = ssh_queueing_handler;
4278 ssh->qtail->next = qh;
4283 static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)
4285 struct ssh_rportfwd *rpf, *pf = (struct ssh_rportfwd *)ctx;
4287 if (pktin->type == (ssh->version == 1 ? SSH1_SMSG_SUCCESS :
4288 SSH2_MSG_REQUEST_SUCCESS)) {
4289 logeventf(ssh, "Remote port forwarding from %s enabled",
4292 logeventf(ssh, "Remote port forwarding from %s refused",
4295 rpf = del234(ssh->rportfwds, pf);
4301 static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
4303 const char *portfwd_strptr = cfg->portfwd;
4304 struct ssh_portfwd *epf;
4307 if (!ssh->portfwds) {
4308 ssh->portfwds = newtree234(ssh_portcmp);
4311 * Go through the existing port forwardings and tag them
4312 * with status==DESTROY. Any that we want to keep will be
4313 * re-enabled (status==KEEP) as we go through the
4314 * configuration and find out which bits are the same as
4317 struct ssh_portfwd *epf;
4319 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4320 epf->status = DESTROY;
4323 while (*portfwd_strptr) {
4324 char address_family, type;
4325 int sport,dport,sserv,dserv;
4326 char sports[256], dports[256], saddr[256], host[256];
4329 address_family = 'A';
4331 if (*portfwd_strptr == 'A' ||
4332 *portfwd_strptr == '4' ||
4333 *portfwd_strptr == '6')
4334 address_family = *portfwd_strptr++;
4335 if (*portfwd_strptr == 'L' ||
4336 *portfwd_strptr == 'R' ||
4337 *portfwd_strptr == 'D')
4338 type = *portfwd_strptr++;
4343 while (*portfwd_strptr && *portfwd_strptr != '\t') {
4344 if (*portfwd_strptr == ':') {
4346 * We've seen a colon in the middle of the
4347 * source port number. This means that
4348 * everything we've seen until now is the
4349 * source _address_, so we'll move it into
4350 * saddr and start sports from the beginning
4355 if (ssh->version == 1 && type == 'R') {
4356 logeventf(ssh, "SSH-1 cannot handle remote source address "
4357 "spec \"%s\"; ignoring", sports);
4359 strcpy(saddr, sports);
4362 if (n < lenof(sports)-1) sports[n++] = *portfwd_strptr++;
4366 if (*portfwd_strptr == '\t')
4369 while (*portfwd_strptr && *portfwd_strptr != ':') {
4370 if (n < lenof(host)-1) host[n++] = *portfwd_strptr++;
4373 if (*portfwd_strptr == ':')
4376 while (*portfwd_strptr) {
4377 if (n < lenof(dports)-1) dports[n++] = *portfwd_strptr++;
4381 dport = atoi(dports);
4385 dport = net_service_lookup(dports);
4387 logeventf(ssh, "Service lookup failed for destination"
4388 " port \"%s\"", dports);
4392 while (*portfwd_strptr) portfwd_strptr++;
4396 portfwd_strptr++; /* eat the NUL and move to next one */
4398 sport = atoi(sports);
4402 sport = net_service_lookup(sports);
4404 logeventf(ssh, "Service lookup failed for source"
4405 " port \"%s\"", sports);
4408 if (sport && dport) {
4409 /* Set up a description of the source port. */
4410 struct ssh_portfwd *pfrec, *epfrec;
4412 pfrec = snew(struct ssh_portfwd);
4414 pfrec->saddr = *saddr ? dupstr(saddr) : NULL;
4415 pfrec->sserv = sserv ? dupstr(sports) : NULL;
4416 pfrec->sport = sport;
4417 pfrec->daddr = *host ? dupstr(host) : NULL;
4418 pfrec->dserv = dserv ? dupstr(dports) : NULL;
4419 pfrec->dport = dport;
4420 pfrec->local = NULL;
4421 pfrec->remote = NULL;
4422 pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
4423 address_family == '6' ? ADDRTYPE_IPV6 :
4426 epfrec = add234(ssh->portfwds, pfrec);
4427 if (epfrec != pfrec) {
4429 * We already have a port forwarding with precisely
4430 * these parameters. Hence, no need to do anything;
4431 * simply tag the existing one as KEEP.
4433 epfrec->status = KEEP;
4434 free_portfwd(pfrec);
4436 pfrec->status = CREATE;
4442 * Now go through and destroy any port forwardings which were
4445 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4446 if (epf->status == DESTROY) {
4449 message = dupprintf("%s port forwarding from %s%s%d",
4450 epf->type == 'L' ? "local" :
4451 epf->type == 'R' ? "remote" : "dynamic",
4452 epf->saddr ? epf->saddr : "",
4453 epf->saddr ? ":" : "",
4456 if (epf->type != 'D') {
4457 char *msg2 = dupprintf("%s to %s:%d", message,
4458 epf->daddr, epf->dport);
4463 logeventf(ssh, "Cancelling %s", message);
4467 struct ssh_rportfwd *rpf = epf->remote;
4468 struct Packet *pktout;
4471 * Cancel the port forwarding at the server
4474 if (ssh->version == 1) {
4476 * We cannot cancel listening ports on the
4477 * server side in SSH-1! There's no message
4478 * to support it. Instead, we simply remove
4479 * the rportfwd record from the local end
4480 * so that any connections the server tries
4481 * to make on it are rejected.
4484 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4485 ssh2_pkt_addstring(pktout, "cancel-tcpip-forward");
4486 ssh2_pkt_addbool(pktout, 0);/* _don't_ want reply */
4488 ssh2_pkt_addstring(pktout, epf->saddr);
4489 } else if (ssh->cfg.rport_acceptall) {
4490 /* XXX: ssh->cfg.rport_acceptall may not represent
4491 * what was used to open the original connection,
4492 * since it's reconfigurable. */
4493 ssh2_pkt_addstring(pktout, "0.0.0.0");
4495 ssh2_pkt_addstring(pktout, "127.0.0.1");
4497 ssh2_pkt_adduint32(pktout, epf->sport);
4498 ssh2_pkt_send(ssh, pktout);
4501 del234(ssh->rportfwds, rpf);
4503 } else if (epf->local) {
4504 pfd_terminate(epf->local);
4507 delpos234(ssh->portfwds, i);
4509 i--; /* so we don't skip one in the list */
4513 * And finally, set up any new port forwardings (status==CREATE).
4515 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4516 if (epf->status == CREATE) {
4517 char *sportdesc, *dportdesc;
4518 sportdesc = dupprintf("%s%s%s%s%d%s",
4519 epf->saddr ? epf->saddr : "",
4520 epf->saddr ? ":" : "",
4521 epf->sserv ? epf->sserv : "",
4522 epf->sserv ? "(" : "",
4524 epf->sserv ? ")" : "");
4525 if (epf->type == 'D') {
4528 dportdesc = dupprintf("%s:%s%s%d%s",
4530 epf->dserv ? epf->dserv : "",
4531 epf->dserv ? "(" : "",
4533 epf->dserv ? ")" : "");
4536 if (epf->type == 'L') {
4537 const char *err = pfd_addforward(epf->daddr, epf->dport,
4538 epf->saddr, epf->sport,
4541 epf->addressfamily);
4543 logeventf(ssh, "Local %sport %s forwarding to %s%s%s",
4544 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4545 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4546 sportdesc, dportdesc,
4547 err ? " failed: " : "", err ? err : "");
4548 } else if (epf->type == 'D') {
4549 const char *err = pfd_addforward(NULL, -1,
4550 epf->saddr, epf->sport,
4553 epf->addressfamily);
4555 logeventf(ssh, "Local %sport %s SOCKS dynamic forwarding%s%s",
4556 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4557 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4559 err ? " failed: " : "", err ? err : "");
4561 struct ssh_rportfwd *pf;
4564 * Ensure the remote port forwardings tree exists.
4566 if (!ssh->rportfwds) {
4567 if (ssh->version == 1)
4568 ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
4570 ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
4573 pf = snew(struct ssh_rportfwd);
4574 strncpy(pf->dhost, epf->daddr, lenof(pf->dhost)-1);
4575 pf->dhost[lenof(pf->dhost)-1] = '\0';
4576 pf->dport = epf->dport;
4577 pf->sport = epf->sport;
4578 if (add234(ssh->rportfwds, pf) != pf) {
4579 logeventf(ssh, "Duplicate remote port forwarding to %s:%d",
4580 epf->daddr, epf->dport);
4583 logeventf(ssh, "Requesting remote port %s"
4584 " forward to %s", sportdesc, dportdesc);
4586 pf->sportdesc = sportdesc;
4591 if (ssh->version == 1) {
4592 send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST,
4593 PKT_INT, epf->sport,
4594 PKT_STR, epf->daddr,
4595 PKT_INT, epf->dport,
4597 ssh_queue_handler(ssh, SSH1_SMSG_SUCCESS,
4599 ssh_rportfwd_succfail, pf);
4601 struct Packet *pktout;
4602 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4603 ssh2_pkt_addstring(pktout, "tcpip-forward");
4604 ssh2_pkt_addbool(pktout, 1);/* want reply */
4606 ssh2_pkt_addstring(pktout, epf->saddr);
4607 } else if (cfg->rport_acceptall) {
4608 ssh2_pkt_addstring(pktout, "0.0.0.0");
4610 ssh2_pkt_addstring(pktout, "127.0.0.1");
4612 ssh2_pkt_adduint32(pktout, epf->sport);
4613 ssh2_pkt_send(ssh, pktout);
4615 ssh_queue_handler(ssh, SSH2_MSG_REQUEST_SUCCESS,
4616 SSH2_MSG_REQUEST_FAILURE,
4617 ssh_rportfwd_succfail, pf);
4626 static void ssh1_smsg_stdout_stderr_data(Ssh ssh, struct Packet *pktin)
4629 int stringlen, bufsize;
4631 ssh_pkt_getstring(pktin, &string, &stringlen);
4632 if (string == NULL) {
4633 bombout(("Incoming terminal data packet was badly formed"));
4637 bufsize = from_backend(ssh->frontend, pktin->type == SSH1_SMSG_STDERR_DATA,
4639 if (!ssh->v1_stdout_throttling && bufsize > SSH1_BUFFER_LIMIT) {
4640 ssh->v1_stdout_throttling = 1;
4641 ssh_throttle_conn(ssh, +1);
4645 static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)
4647 /* Remote side is trying to open a channel to talk to our
4648 * X-Server. Give them back a local channel number. */
4649 struct ssh_channel *c;
4650 int remoteid = ssh_pkt_getuint32(pktin);
4652 logevent("Received X11 connect request");
4653 /* Refuse if X11 forwarding is disabled. */
4654 if (!ssh->X11_fwd_enabled) {
4655 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4656 PKT_INT, remoteid, PKT_END);
4657 logevent("Rejected X11 connect request");
4659 c = snew(struct ssh_channel);
4662 if (x11_init(&c->u.x11.s, ssh->x11disp, c,
4663 NULL, -1, &ssh->cfg) != NULL) {
4664 logevent("Opening X11 forward connection failed");
4666 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4667 PKT_INT, remoteid, PKT_END);
4670 ("Opening X11 forward connection succeeded");
4671 c->remoteid = remoteid;
4672 c->halfopen = FALSE;
4673 c->localid = alloc_channel_id(ssh);
4675 c->throttling_conn = 0;
4676 c->type = CHAN_X11; /* identify channel type */
4677 add234(ssh->channels, c);
4678 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4679 PKT_INT, c->remoteid, PKT_INT,
4680 c->localid, PKT_END);
4681 logevent("Opened X11 forward channel");
4686 static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
4688 /* Remote side is trying to open a channel to talk to our
4689 * agent. Give them back a local channel number. */
4690 struct ssh_channel *c;
4691 int remoteid = ssh_pkt_getuint32(pktin);
4693 /* Refuse if agent forwarding is disabled. */
4694 if (!ssh->agentfwd_enabled) {
4695 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4696 PKT_INT, remoteid, PKT_END);
4698 c = snew(struct ssh_channel);
4700 c->remoteid = remoteid;
4701 c->halfopen = FALSE;
4702 c->localid = alloc_channel_id(ssh);
4704 c->throttling_conn = 0;
4705 c->type = CHAN_AGENT; /* identify channel type */
4706 c->u.a.lensofar = 0;
4707 add234(ssh->channels, c);
4708 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4709 PKT_INT, c->remoteid, PKT_INT, c->localid,
4714 static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
4716 /* Remote side is trying to open a channel to talk to a
4717 * forwarded port. Give them back a local channel number. */
4718 struct ssh_channel *c;
4719 struct ssh_rportfwd pf, *pfp;
4724 c = snew(struct ssh_channel);
4727 remoteid = ssh_pkt_getuint32(pktin);
4728 ssh_pkt_getstring(pktin, &host, &hostsize);
4729 port = ssh_pkt_getuint32(pktin);
4731 if (hostsize >= lenof(pf.dhost))
4732 hostsize = lenof(pf.dhost)-1;
4733 memcpy(pf.dhost, host, hostsize);
4734 pf.dhost[hostsize] = '\0';
4736 pfp = find234(ssh->rportfwds, &pf, NULL);
4739 logeventf(ssh, "Rejected remote port open request for %s:%d",
4741 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4742 PKT_INT, remoteid, PKT_END);
4744 logeventf(ssh, "Received remote port open request for %s:%d",
4746 e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port,
4747 c, &ssh->cfg, pfp->pfrec->addressfamily);
4749 logeventf(ssh, "Port open failed: %s", e);
4751 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4752 PKT_INT, remoteid, PKT_END);
4754 c->remoteid = remoteid;
4755 c->halfopen = FALSE;
4756 c->localid = alloc_channel_id(ssh);
4758 c->throttling_conn = 0;
4759 c->type = CHAN_SOCKDATA; /* identify channel type */
4760 add234(ssh->channels, c);
4761 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4762 PKT_INT, c->remoteid, PKT_INT,
4763 c->localid, PKT_END);
4764 logevent("Forwarded port opened successfully");
4769 static void ssh1_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
4771 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4772 unsigned int localid = ssh_pkt_getuint32(pktin);
4773 struct ssh_channel *c;
4775 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4776 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4777 c->remoteid = localid;
4778 c->halfopen = FALSE;
4779 c->type = CHAN_SOCKDATA;
4780 c->throttling_conn = 0;
4781 pfd_confirm(c->u.pfd.s);
4784 if (c && c->closes) {
4786 * We have a pending close on this channel,
4787 * which we decided on before the server acked
4788 * the channel open. So now we know the
4789 * remoteid, we can close it again.
4791 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE,
4792 PKT_INT, c->remoteid, PKT_END);
4796 static void ssh1_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
4798 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4799 struct ssh_channel *c;
4801 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4802 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4803 logevent("Forwarded connection refused by server");
4804 pfd_close(c->u.pfd.s);
4805 del234(ssh->channels, c);
4810 static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin)
4812 /* Remote side closes a channel. */
4813 unsigned i = ssh_pkt_getuint32(pktin);
4814 struct ssh_channel *c;
4815 c = find234(ssh->channels, &i, ssh_channelfind);
4816 if (c && !c->halfopen) {
4819 (pktin->type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2);
4821 if ((c->closes == 0) && (c->type == CHAN_X11)) {
4822 logevent("Forwarded X11 connection terminated");
4823 assert(c->u.x11.s != NULL);
4824 x11_close(c->u.x11.s);
4827 if ((c->closes == 0) && (c->type == CHAN_SOCKDATA)) {
4828 logevent("Forwarded port closed");
4829 assert(c->u.pfd.s != NULL);
4830 pfd_close(c->u.pfd.s);
4834 c->closes |= (closetype << 2); /* seen this message */
4835 if (!(c->closes & closetype)) {
4836 send_packet(ssh, pktin->type, PKT_INT, c->remoteid,
4838 c->closes |= closetype; /* sent it too */
4841 if (c->closes == 15) {
4842 del234(ssh->channels, c);
4846 bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
4847 pktin->type == SSH1_MSG_CHANNEL_CLOSE ? "" :
4848 "_CONFIRMATION", c ? "half-open" : "nonexistent",
4853 static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
4855 /* Data sent down one of our channels. */
4856 int i = ssh_pkt_getuint32(pktin);
4859 struct ssh_channel *c;
4861 ssh_pkt_getstring(pktin, &p, &len);
4863 c = find234(ssh->channels, &i, ssh_channelfind);
4868 bufsize = x11_send(c->u.x11.s, p, len);
4871 bufsize = pfd_send(c->u.pfd.s, p, len);
4874 /* Data for an agent message. Buffer it. */
4876 if (c->u.a.lensofar < 4) {
4877 unsigned int l = min(4 - c->u.a.lensofar, (unsigned)len);
4878 memcpy(c->u.a.msglen + c->u.a.lensofar, p,
4882 c->u.a.lensofar += l;
4884 if (c->u.a.lensofar == 4) {
4886 4 + GET_32BIT(c->u.a.msglen);
4887 c->u.a.message = snewn(c->u.a.totallen,
4889 memcpy(c->u.a.message, c->u.a.msglen, 4);
4891 if (c->u.a.lensofar >= 4 && len > 0) {
4893 min(c->u.a.totallen - c->u.a.lensofar,
4895 memcpy(c->u.a.message + c->u.a.lensofar, p,
4899 c->u.a.lensofar += l;
4901 if (c->u.a.lensofar == c->u.a.totallen) {
4904 if (agent_query(c->u.a.message,
4907 ssh_agentf_callback, c))
4908 ssh_agentf_callback(c, reply, replylen);
4909 sfree(c->u.a.message);
4910 c->u.a.lensofar = 0;
4913 bufsize = 0; /* agent channels never back up */
4916 if (!c->throttling_conn && bufsize > SSH1_BUFFER_LIMIT) {
4917 c->throttling_conn = 1;
4918 ssh_throttle_conn(ssh, +1);
4923 static void ssh1_smsg_exit_status(Ssh ssh, struct Packet *pktin)
4925 ssh->exitcode = ssh_pkt_getuint32(pktin);
4926 logeventf(ssh, "Server sent command exit status %d", ssh->exitcode);
4927 send_packet(ssh, SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
4929 * In case `helpful' firewalls or proxies tack
4930 * extra human-readable text on the end of the
4931 * session which we might mistake for another
4932 * encrypted packet, we close the session once
4933 * we've sent EXIT_CONFIRMATION.
4935 ssh_disconnect(ssh, NULL, NULL, 0, TRUE);
4938 /* Helper function to deal with sending tty modes for REQUEST_PTY */
4939 static void ssh1_send_ttymode(void *data, char *mode, char *val)
4941 struct Packet *pktout = (struct Packet *)data;
4943 unsigned int arg = 0;
4944 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
4945 if (i == lenof(ssh_ttymodes)) return;
4946 switch (ssh_ttymodes[i].type) {
4948 arg = ssh_tty_parse_specchar(val);
4951 arg = ssh_tty_parse_boolean(val);
4954 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
4955 ssh2_pkt_addbyte(pktout, arg);
4959 static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
4960 struct Packet *pktin)
4962 crBegin(ssh->do_ssh1_connection_crstate);
4964 ssh->packet_dispatch[SSH1_SMSG_STDOUT_DATA] =
4965 ssh->packet_dispatch[SSH1_SMSG_STDERR_DATA] =
4966 ssh1_smsg_stdout_stderr_data;
4968 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_CONFIRMATION] =
4969 ssh1_msg_channel_open_confirmation;
4970 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_FAILURE] =
4971 ssh1_msg_channel_open_failure;
4972 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE] =
4973 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION] =
4974 ssh1_msg_channel_close;
4975 ssh->packet_dispatch[SSH1_MSG_CHANNEL_DATA] = ssh1_msg_channel_data;
4976 ssh->packet_dispatch[SSH1_SMSG_EXIT_STATUS] = ssh1_smsg_exit_status;
4978 if (ssh->cfg.agentfwd && agent_exists()) {
4979 logevent("Requesting agent forwarding");
4980 send_packet(ssh, SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
4984 if (pktin->type != SSH1_SMSG_SUCCESS
4985 && pktin->type != SSH1_SMSG_FAILURE) {
4986 bombout(("Protocol confusion"));
4988 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4989 logevent("Agent forwarding refused");
4991 logevent("Agent forwarding enabled");
4992 ssh->agentfwd_enabled = TRUE;
4993 ssh->packet_dispatch[SSH1_SMSG_AGENT_OPEN] = ssh1_smsg_agent_open;
4997 if (ssh->cfg.x11_forward) {
4998 logevent("Requesting X11 forwarding");
4999 ssh->x11disp = x11_setup_display(ssh->cfg.x11_display,
5000 ssh->cfg.x11_auth, &ssh->cfg);
5002 * Note that while we blank the X authentication data here, we don't
5003 * take any special action to blank the start of an X11 channel,
5004 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
5005 * without having session blanking enabled is likely to leak your
5006 * cookie into the log.
5008 if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
5009 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
5010 PKT_STR, ssh->x11disp->remoteauthprotoname,
5012 PKT_STR, ssh->x11disp->remoteauthdatastring,
5014 PKT_INT, ssh->x11disp->screennum,
5017 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
5018 PKT_STR, ssh->x11disp->remoteauthprotoname,
5020 PKT_STR, ssh->x11disp->remoteauthdatastring,
5027 if (pktin->type != SSH1_SMSG_SUCCESS
5028 && pktin->type != SSH1_SMSG_FAILURE) {
5029 bombout(("Protocol confusion"));
5031 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5032 logevent("X11 forwarding refused");
5034 logevent("X11 forwarding enabled");
5035 ssh->X11_fwd_enabled = TRUE;
5036 ssh->packet_dispatch[SSH1_SMSG_X11_OPEN] = ssh1_smsg_x11_open;
5040 ssh_setup_portfwd(ssh, &ssh->cfg);
5041 ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = ssh1_msg_port_open;
5043 if (!ssh->cfg.nopty) {
5045 /* Unpick the terminal-speed string. */
5046 /* XXX perhaps we should allow no speeds to be sent. */
5047 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
5048 sscanf(ssh->cfg.termspeed, "%d,%d", &ssh->ospeed, &ssh->ispeed);
5049 /* Send the pty request. */
5050 pkt = ssh1_pkt_init(SSH1_CMSG_REQUEST_PTY);
5051 ssh_pkt_addstring(pkt, ssh->cfg.termtype);
5052 ssh_pkt_adduint32(pkt, ssh->term_height);
5053 ssh_pkt_adduint32(pkt, ssh->term_width);
5054 ssh_pkt_adduint32(pkt, 0); /* width in pixels */
5055 ssh_pkt_adduint32(pkt, 0); /* height in pixels */
5056 parse_ttymodes(ssh, ssh->cfg.ttymodes,
5057 ssh1_send_ttymode, (void *)pkt);
5058 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_ISPEED);
5059 ssh_pkt_adduint32(pkt, ssh->ispeed);
5060 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_OSPEED);
5061 ssh_pkt_adduint32(pkt, ssh->ospeed);
5062 ssh_pkt_addbyte(pkt, SSH_TTY_OP_END);
5064 ssh->state = SSH_STATE_INTERMED;
5068 if (pktin->type != SSH1_SMSG_SUCCESS
5069 && pktin->type != SSH1_SMSG_FAILURE) {
5070 bombout(("Protocol confusion"));
5072 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5073 c_write_str(ssh, "Server refused to allocate pty\r\n");
5074 ssh->editing = ssh->echoing = 1;
5076 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
5077 ssh->ospeed, ssh->ispeed);
5079 ssh->editing = ssh->echoing = 1;
5082 if (ssh->cfg.compression) {
5083 send_packet(ssh, SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
5087 if (pktin->type != SSH1_SMSG_SUCCESS
5088 && pktin->type != SSH1_SMSG_FAILURE) {
5089 bombout(("Protocol confusion"));
5091 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5092 c_write_str(ssh, "Server refused to compress\r\n");
5094 logevent("Started compression");
5095 ssh->v1_compressing = TRUE;
5096 ssh->cs_comp_ctx = zlib_compress_init();
5097 logevent("Initialised zlib (RFC1950) compression");
5098 ssh->sc_comp_ctx = zlib_decompress_init();
5099 logevent("Initialised zlib (RFC1950) decompression");
5103 * Start the shell or command.
5105 * Special case: if the first-choice command is an SSH-2
5106 * subsystem (hence not usable here) and the second choice
5107 * exists, we fall straight back to that.
5110 char *cmd = ssh->cfg.remote_cmd_ptr;
5112 if (!cmd) cmd = ssh->cfg.remote_cmd;
5114 if (ssh->cfg.ssh_subsys && ssh->cfg.remote_cmd_ptr2) {
5115 cmd = ssh->cfg.remote_cmd_ptr2;
5116 ssh->fallback_cmd = TRUE;
5119 send_packet(ssh, SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END);
5121 send_packet(ssh, SSH1_CMSG_EXEC_SHELL, PKT_END);
5122 logevent("Started session");
5125 ssh->state = SSH_STATE_SESSION;
5126 if (ssh->size_needed)
5127 ssh_size(ssh, ssh->term_width, ssh->term_height);
5128 if (ssh->eof_needed)
5129 ssh_special(ssh, TS_EOF);
5132 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
5134 ssh->channels = newtree234(ssh_channelcmp);
5138 * By this point, most incoming packets are already being
5139 * handled by the dispatch table, and we need only pay
5140 * attention to the unusual ones.
5145 if (pktin->type == SSH1_SMSG_SUCCESS) {
5146 /* may be from EXEC_SHELL on some servers */
5147 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5148 /* may be from EXEC_SHELL on some servers
5149 * if no pty is available or in other odd cases. Ignore */
5151 bombout(("Strange packet received: type %d", pktin->type));
5156 int len = min(inlen, 512);
5157 send_packet(ssh, SSH1_CMSG_STDIN_DATA,
5158 PKT_INT, len, PKTT_DATA, PKT_DATA, in, len,
5159 PKTT_OTHER, PKT_END);
5170 * Handle the top-level SSH-2 protocol.
5172 static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
5177 ssh_pkt_getstring(pktin, &msg, &msglen);
5178 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
5181 static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
5183 /* log reason code in disconnect message */
5187 ssh_pkt_getstring(pktin, &msg, &msglen);
5188 bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg));
5191 static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin)
5193 /* Do nothing, because we're ignoring it! Duhh. */
5196 static void ssh1_protocol_setup(Ssh ssh)
5201 * Most messages are handled by the coroutines.
5203 for (i = 0; i < 256; i++)
5204 ssh->packet_dispatch[i] = NULL;
5207 * These special message types we install handlers for.
5209 ssh->packet_dispatch[SSH1_MSG_DISCONNECT] = ssh1_msg_disconnect;
5210 ssh->packet_dispatch[SSH1_MSG_IGNORE] = ssh_msg_ignore;
5211 ssh->packet_dispatch[SSH1_MSG_DEBUG] = ssh1_msg_debug;
5214 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
5215 struct Packet *pktin)
5217 unsigned char *in=(unsigned char*)vin;
5218 if (ssh->state == SSH_STATE_CLOSED)
5221 if (pktin && ssh->packet_dispatch[pktin->type]) {
5222 ssh->packet_dispatch[pktin->type](ssh, pktin);
5226 if (!ssh->protocol_initial_phase_done) {
5227 if (do_ssh1_login(ssh, in, inlen, pktin))
5228 ssh->protocol_initial_phase_done = TRUE;
5233 do_ssh1_connection(ssh, in, inlen, pktin);
5237 * Utility routine for decoding comma-separated strings in KEXINIT.
5239 static int in_commasep_string(char *needle, char *haystack, int haylen)
5242 if (!needle || !haystack) /* protect against null pointers */
5244 needlen = strlen(needle);
5247 * Is it at the start of the string?
5249 if (haylen >= needlen && /* haystack is long enough */
5250 !memcmp(needle, haystack, needlen) && /* initial match */
5251 (haylen == needlen || haystack[needlen] == ',')
5252 /* either , or EOS follows */
5256 * If not, search for the next comma and resume after that.
5257 * If no comma found, terminate.
5259 while (haylen > 0 && *haystack != ',')
5260 haylen--, haystack++;
5263 haylen--, haystack++; /* skip over comma itself */
5268 * Similar routine for checking whether we have the first string in a list.
5270 static int first_in_commasep_string(char *needle, char *haystack, int haylen)
5273 if (!needle || !haystack) /* protect against null pointers */
5275 needlen = strlen(needle);
5277 * Is it at the start of the string?
5279 if (haylen >= needlen && /* haystack is long enough */
5280 !memcmp(needle, haystack, needlen) && /* initial match */
5281 (haylen == needlen || haystack[needlen] == ',')
5282 /* either , or EOS follows */
5290 * SSH-2 key creation method.
5291 * (Currently assumes 2 lots of any hash are sufficient to generate
5292 * keys/IVs for any cipher/MAC. SSH2_MKKEY_ITERS documents this assumption.)
5294 #define SSH2_MKKEY_ITERS (2)
5295 static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr,
5296 unsigned char *keyspace)
5298 const struct ssh_hash *h = ssh->kex->hash;
5300 /* First hlen bytes. */
5302 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
5303 hash_mpint(h, s, K);
5304 h->bytes(s, H, h->hlen);
5305 h->bytes(s, &chr, 1);
5306 h->bytes(s, ssh->v2_session_id, ssh->v2_session_id_len);
5307 h->final(s, keyspace);
5308 /* Next hlen bytes. */
5310 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
5311 hash_mpint(h, s, K);
5312 h->bytes(s, H, h->hlen);
5313 h->bytes(s, keyspace, h->hlen);
5314 h->final(s, keyspace + h->hlen);
5318 * Handle the SSH-2 transport layer.
5320 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
5321 struct Packet *pktin)
5323 unsigned char *in = (unsigned char *)vin;
5324 struct do_ssh2_transport_state {
5325 int nbits, pbits, warn_kex, warn_cscipher, warn_sccipher;
5326 Bignum p, g, e, f, K;
5329 int kex_init_value, kex_reply_value;
5330 const struct ssh_mac **maclist;
5332 const struct ssh2_cipher *cscipher_tobe;
5333 const struct ssh2_cipher *sccipher_tobe;
5334 const struct ssh_mac *csmac_tobe;
5335 const struct ssh_mac *scmac_tobe;
5336 const struct ssh_compress *cscomp_tobe;
5337 const struct ssh_compress *sccomp_tobe;
5338 char *hostkeydata, *sigdata, *rsakeydata, *keystr, *fingerprint;
5339 int hostkeylen, siglen, rsakeylen;
5340 void *hkey; /* actual host key */
5341 void *rsakey; /* for RSA kex */
5342 unsigned char exchange_hash[SSH2_KEX_MAX_HASH_LEN];
5343 int n_preferred_kex;
5344 const struct ssh_kexes *preferred_kex[KEX_MAX];
5345 int n_preferred_ciphers;
5346 const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
5347 const struct ssh_compress *preferred_comp;
5348 int got_session_id, activated_authconn;
5349 struct Packet *pktout;
5354 crState(do_ssh2_transport_state);
5356 crBegin(ssh->do_ssh2_transport_crstate);
5358 s->cscipher_tobe = s->sccipher_tobe = NULL;
5359 s->csmac_tobe = s->scmac_tobe = NULL;
5360 s->cscomp_tobe = s->sccomp_tobe = NULL;
5362 s->got_session_id = s->activated_authconn = FALSE;
5365 * Be prepared to work around the buggy MAC problem.
5367 if (ssh->remote_bugs & BUG_SSH2_HMAC)
5368 s->maclist = buggymacs, s->nmacs = lenof(buggymacs);
5370 s->maclist = macs, s->nmacs = lenof(macs);
5373 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
5375 int i, j, commalist_started;
5378 * Set up the preferred key exchange. (NULL => warn below here)
5380 s->n_preferred_kex = 0;
5381 for (i = 0; i < KEX_MAX; i++) {
5382 switch (ssh->cfg.ssh_kexlist[i]) {
5384 s->preferred_kex[s->n_preferred_kex++] =
5385 &ssh_diffiehellman_gex;
5388 s->preferred_kex[s->n_preferred_kex++] =
5389 &ssh_diffiehellman_group14;
5392 s->preferred_kex[s->n_preferred_kex++] =
5393 &ssh_diffiehellman_group1;
5396 s->preferred_kex[s->n_preferred_kex++] =
5400 /* Flag for later. Don't bother if it's the last in
5402 if (i < KEX_MAX - 1) {
5403 s->preferred_kex[s->n_preferred_kex++] = NULL;
5410 * Set up the preferred ciphers. (NULL => warn below here)
5412 s->n_preferred_ciphers = 0;
5413 for (i = 0; i < CIPHER_MAX; i++) {
5414 switch (ssh->cfg.ssh_cipherlist[i]) {
5415 case CIPHER_BLOWFISH:
5416 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_blowfish;
5419 if (ssh->cfg.ssh2_des_cbc) {
5420 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_des;
5424 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_3des;
5427 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_aes;
5429 case CIPHER_ARCFOUR:
5430 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_arcfour;
5433 /* Flag for later. Don't bother if it's the last in
5435 if (i < CIPHER_MAX - 1) {
5436 s->preferred_ciphers[s->n_preferred_ciphers++] = NULL;
5443 * Set up preferred compression.
5445 if (ssh->cfg.compression)
5446 s->preferred_comp = &ssh_zlib;
5448 s->preferred_comp = &ssh_comp_none;
5451 * Enable queueing of outgoing auth- or connection-layer
5452 * packets while we are in the middle of a key exchange.
5454 ssh->queueing = TRUE;
5457 * Flag that KEX is in progress.
5459 ssh->kex_in_progress = TRUE;
5462 * Construct and send our key exchange packet.
5464 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXINIT);
5465 for (i = 0; i < 16; i++)
5466 ssh2_pkt_addbyte(s->pktout, (unsigned char) random_byte());
5467 /* List key exchange algorithms. */
5468 ssh2_pkt_addstring_start(s->pktout);
5469 commalist_started = 0;
5470 for (i = 0; i < s->n_preferred_kex; i++) {
5471 const struct ssh_kexes *k = s->preferred_kex[i];
5472 if (!k) continue; /* warning flag */
5473 for (j = 0; j < k->nkexes; j++) {
5474 if (commalist_started)
5475 ssh2_pkt_addstring_str(s->pktout, ",");
5476 ssh2_pkt_addstring_str(s->pktout, k->list[j]->name);
5477 commalist_started = 1;
5480 /* List server host key algorithms. */
5481 ssh2_pkt_addstring_start(s->pktout);
5482 for (i = 0; i < lenof(hostkey_algs); i++) {
5483 ssh2_pkt_addstring_str(s->pktout, hostkey_algs[i]->name);
5484 if (i < lenof(hostkey_algs) - 1)
5485 ssh2_pkt_addstring_str(s->pktout, ",");
5487 /* List client->server encryption algorithms. */
5488 ssh2_pkt_addstring_start(s->pktout);
5489 commalist_started = 0;
5490 for (i = 0; i < s->n_preferred_ciphers; i++) {
5491 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5492 if (!c) continue; /* warning flag */
5493 for (j = 0; j < c->nciphers; j++) {
5494 if (commalist_started)
5495 ssh2_pkt_addstring_str(s->pktout, ",");
5496 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5497 commalist_started = 1;
5500 /* List server->client encryption algorithms. */
5501 ssh2_pkt_addstring_start(s->pktout);
5502 commalist_started = 0;
5503 for (i = 0; i < s->n_preferred_ciphers; i++) {
5504 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5505 if (!c) continue; /* warning flag */
5506 for (j = 0; j < c->nciphers; j++) {
5507 if (commalist_started)
5508 ssh2_pkt_addstring_str(s->pktout, ",");
5509 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5510 commalist_started = 1;
5513 /* List client->server MAC algorithms. */
5514 ssh2_pkt_addstring_start(s->pktout);
5515 for (i = 0; i < s->nmacs; i++) {
5516 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5517 if (i < s->nmacs - 1)
5518 ssh2_pkt_addstring_str(s->pktout, ",");
5520 /* List server->client MAC algorithms. */
5521 ssh2_pkt_addstring_start(s->pktout);
5522 for (i = 0; i < s->nmacs; i++) {
5523 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5524 if (i < s->nmacs - 1)
5525 ssh2_pkt_addstring_str(s->pktout, ",");
5527 /* List client->server compression algorithms. */
5528 ssh2_pkt_addstring_start(s->pktout);
5529 assert(lenof(compressions) > 1);
5530 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5531 for (i = 0; i < lenof(compressions); i++) {
5532 const struct ssh_compress *c = compressions[i];
5533 if (c != s->preferred_comp) {
5534 ssh2_pkt_addstring_str(s->pktout, ",");
5535 ssh2_pkt_addstring_str(s->pktout, c->name);
5538 /* List server->client compression algorithms. */
5539 ssh2_pkt_addstring_start(s->pktout);
5540 assert(lenof(compressions) > 1);
5541 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5542 for (i = 0; i < lenof(compressions); i++) {
5543 const struct ssh_compress *c = compressions[i];
5544 if (c != s->preferred_comp) {
5545 ssh2_pkt_addstring_str(s->pktout, ",");
5546 ssh2_pkt_addstring_str(s->pktout, c->name);
5549 /* List client->server languages. Empty list. */
5550 ssh2_pkt_addstring_start(s->pktout);
5551 /* List server->client languages. Empty list. */
5552 ssh2_pkt_addstring_start(s->pktout);
5553 /* First KEX packet does _not_ follow, because we're not that brave. */
5554 ssh2_pkt_addbool(s->pktout, FALSE);
5556 ssh2_pkt_adduint32(s->pktout, 0);
5559 s->our_kexinitlen = s->pktout->length - 5;
5560 s->our_kexinit = snewn(s->our_kexinitlen, unsigned char);
5561 memcpy(s->our_kexinit, s->pktout->data + 5, s->our_kexinitlen);
5563 ssh2_pkt_send_noqueue(ssh, s->pktout);
5569 * Now examine the other side's KEXINIT to see what we're up
5573 char *str, *preferred;
5576 if (pktin->type != SSH2_MSG_KEXINIT) {
5577 bombout(("expected key exchange packet from server"));
5581 ssh->hostkey = NULL;
5582 s->cscipher_tobe = NULL;
5583 s->sccipher_tobe = NULL;
5584 s->csmac_tobe = NULL;
5585 s->scmac_tobe = NULL;
5586 s->cscomp_tobe = NULL;
5587 s->sccomp_tobe = NULL;
5588 s->warn_kex = s->warn_cscipher = s->warn_sccipher = FALSE;
5590 pktin->savedpos += 16; /* skip garbage cookie */
5591 ssh_pkt_getstring(pktin, &str, &len); /* key exchange algorithms */
5594 for (i = 0; i < s->n_preferred_kex; i++) {
5595 const struct ssh_kexes *k = s->preferred_kex[i];
5599 for (j = 0; j < k->nkexes; j++) {
5600 if (!preferred) preferred = k->list[j]->name;
5601 if (in_commasep_string(k->list[j]->name, str, len)) {
5602 ssh->kex = k->list[j];
5611 bombout(("Couldn't agree a key exchange algorithm (available: %s)",
5612 str ? str : "(null)"));
5616 * Note that the server's guess is considered wrong if it doesn't match
5617 * the first algorithm in our list, even if it's still the algorithm
5620 s->guessok = first_in_commasep_string(preferred, str, len);
5621 ssh_pkt_getstring(pktin, &str, &len); /* host key algorithms */
5622 for (i = 0; i < lenof(hostkey_algs); i++) {
5623 if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
5624 ssh->hostkey = hostkey_algs[i];
5628 s->guessok = s->guessok &&
5629 first_in_commasep_string(hostkey_algs[0]->name, str, len);
5630 ssh_pkt_getstring(pktin, &str, &len); /* client->server cipher */
5631 for (i = 0; i < s->n_preferred_ciphers; i++) {
5632 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5634 s->warn_cscipher = TRUE;
5636 for (j = 0; j < c->nciphers; j++) {
5637 if (in_commasep_string(c->list[j]->name, str, len)) {
5638 s->cscipher_tobe = c->list[j];
5643 if (s->cscipher_tobe)
5646 if (!s->cscipher_tobe) {
5647 bombout(("Couldn't agree a client-to-server cipher (available: %s)",
5648 str ? str : "(null)"));
5652 ssh_pkt_getstring(pktin, &str, &len); /* server->client cipher */
5653 for (i = 0; i < s->n_preferred_ciphers; i++) {
5654 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5656 s->warn_sccipher = TRUE;
5658 for (j = 0; j < c->nciphers; j++) {
5659 if (in_commasep_string(c->list[j]->name, str, len)) {
5660 s->sccipher_tobe = c->list[j];
5665 if (s->sccipher_tobe)
5668 if (!s->sccipher_tobe) {
5669 bombout(("Couldn't agree a server-to-client cipher (available: %s)",
5670 str ? str : "(null)"));
5674 ssh_pkt_getstring(pktin, &str, &len); /* client->server mac */
5675 for (i = 0; i < s->nmacs; i++) {
5676 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5677 s->csmac_tobe = s->maclist[i];
5681 ssh_pkt_getstring(pktin, &str, &len); /* server->client mac */
5682 for (i = 0; i < s->nmacs; i++) {
5683 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5684 s->scmac_tobe = s->maclist[i];
5688 ssh_pkt_getstring(pktin, &str, &len); /* client->server compression */
5689 for (i = 0; i < lenof(compressions) + 1; i++) {
5690 const struct ssh_compress *c =
5691 i == 0 ? s->preferred_comp : compressions[i - 1];
5692 if (in_commasep_string(c->name, str, len)) {
5697 ssh_pkt_getstring(pktin, &str, &len); /* server->client compression */
5698 for (i = 0; i < lenof(compressions) + 1; i++) {
5699 const struct ssh_compress *c =
5700 i == 0 ? s->preferred_comp : compressions[i - 1];
5701 if (in_commasep_string(c->name, str, len)) {
5706 ssh_pkt_getstring(pktin, &str, &len); /* client->server language */
5707 ssh_pkt_getstring(pktin, &str, &len); /* server->client language */
5708 s->ignorepkt = ssh2_pkt_getbool(pktin) && !s->guessok;
5711 ssh_set_frozen(ssh, 1);
5712 s->dlgret = askalg(ssh->frontend, "key-exchange algorithm",
5714 ssh_dialog_callback, ssh);
5715 if (s->dlgret < 0) {
5719 bombout(("Unexpected data from server while"
5720 " waiting for user response"));
5723 } while (pktin || inlen > 0);
5724 s->dlgret = ssh->user_response;
5726 ssh_set_frozen(ssh, 0);
5727 if (s->dlgret == 0) {
5728 ssh_disconnect(ssh, "User aborted at kex warning", NULL,
5734 if (s->warn_cscipher) {
5735 ssh_set_frozen(ssh, 1);
5736 s->dlgret = askalg(ssh->frontend,
5737 "client-to-server cipher",
5738 s->cscipher_tobe->name,
5739 ssh_dialog_callback, ssh);
5740 if (s->dlgret < 0) {
5744 bombout(("Unexpected data from server while"
5745 " waiting for user response"));
5748 } while (pktin || inlen > 0);
5749 s->dlgret = ssh->user_response;
5751 ssh_set_frozen(ssh, 0);
5752 if (s->dlgret == 0) {
5753 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5759 if (s->warn_sccipher) {
5760 ssh_set_frozen(ssh, 1);
5761 s->dlgret = askalg(ssh->frontend,
5762 "server-to-client cipher",
5763 s->sccipher_tobe->name,
5764 ssh_dialog_callback, ssh);
5765 if (s->dlgret < 0) {
5769 bombout(("Unexpected data from server while"
5770 " waiting for user response"));
5773 } while (pktin || inlen > 0);
5774 s->dlgret = ssh->user_response;
5776 ssh_set_frozen(ssh, 0);
5777 if (s->dlgret == 0) {
5778 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5784 ssh->exhash = ssh->kex->hash->init();
5785 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c));
5786 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s));
5787 hash_string(ssh->kex->hash, ssh->exhash,
5788 s->our_kexinit, s->our_kexinitlen);
5789 sfree(s->our_kexinit);
5790 if (pktin->length > 5)
5791 hash_string(ssh->kex->hash, ssh->exhash,
5792 pktin->data + 5, pktin->length - 5);
5794 if (s->ignorepkt) /* first_kex_packet_follows */
5795 crWaitUntil(pktin); /* Ignore packet */
5798 if (ssh->kex->main_type == KEXTYPE_DH) {
5800 * Work out the number of bits of key we will need from the
5801 * key exchange. We start with the maximum key length of
5807 csbits = s->cscipher_tobe->keylen;
5808 scbits = s->sccipher_tobe->keylen;
5809 s->nbits = (csbits > scbits ? csbits : scbits);
5811 /* The keys only have hlen-bit entropy, since they're based on
5812 * a hash. So cap the key size at hlen bits. */
5813 if (s->nbits > ssh->kex->hash->hlen * 8)
5814 s->nbits = ssh->kex->hash->hlen * 8;
5817 * If we're doing Diffie-Hellman group exchange, start by
5818 * requesting a group.
5820 if (!ssh->kex->pdata) {
5821 logevent("Doing Diffie-Hellman group exchange");
5822 ssh->pkt_kctx = SSH2_PKTCTX_DHGEX;
5824 * Work out how big a DH group we will need to allow that
5827 s->pbits = 512 << ((s->nbits - 1) / 64);
5828 s->pktout = ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST);
5829 ssh2_pkt_adduint32(s->pktout, s->pbits);
5830 ssh2_pkt_send_noqueue(ssh, s->pktout);
5833 if (pktin->type != SSH2_MSG_KEX_DH_GEX_GROUP) {
5834 bombout(("expected key exchange group packet from server"));
5837 s->p = ssh2_pkt_getmp(pktin);
5838 s->g = ssh2_pkt_getmp(pktin);
5839 if (!s->p || !s->g) {
5840 bombout(("unable to read mp-ints from incoming group packet"));
5843 ssh->kex_ctx = dh_setup_gex(s->p, s->g);
5844 s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
5845 s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
5847 ssh->pkt_kctx = SSH2_PKTCTX_DHGROUP;
5848 ssh->kex_ctx = dh_setup_group(ssh->kex);
5849 s->kex_init_value = SSH2_MSG_KEXDH_INIT;
5850 s->kex_reply_value = SSH2_MSG_KEXDH_REPLY;
5851 logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"",
5852 ssh->kex->groupname);
5855 logeventf(ssh, "Doing Diffie-Hellman key exchange with hash %s",
5856 ssh->kex->hash->text_name);
5858 * Now generate and send e for Diffie-Hellman.
5860 set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */
5861 s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2);
5862 s->pktout = ssh2_pkt_init(s->kex_init_value);
5863 ssh2_pkt_addmp(s->pktout, s->e);
5864 ssh2_pkt_send_noqueue(ssh, s->pktout);
5866 set_busy_status(ssh->frontend, BUSY_WAITING); /* wait for server */
5868 if (pktin->type != s->kex_reply_value) {
5869 bombout(("expected key exchange reply packet from server"));
5872 set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
5873 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
5874 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
5875 s->f = ssh2_pkt_getmp(pktin);
5877 bombout(("unable to parse key exchange reply packet"));
5880 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
5882 s->K = dh_find_K(ssh->kex_ctx, s->f);
5884 /* We assume everything from now on will be quick, and it might
5885 * involve user interaction. */
5886 set_busy_status(ssh->frontend, BUSY_NOT);
5888 hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
5889 if (!ssh->kex->pdata) {
5890 hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
5891 hash_mpint(ssh->kex->hash, ssh->exhash, s->p);
5892 hash_mpint(ssh->kex->hash, ssh->exhash, s->g);
5894 hash_mpint(ssh->kex->hash, ssh->exhash, s->e);
5895 hash_mpint(ssh->kex->hash, ssh->exhash, s->f);
5897 dh_cleanup(ssh->kex_ctx);
5899 if (!ssh->kex->pdata) {
5904 logeventf(ssh, "Doing RSA key exchange with hash %s",
5905 ssh->kex->hash->text_name);
5906 ssh->pkt_kctx = SSH2_PKTCTX_RSAKEX;
5908 * RSA key exchange. First expect a KEXRSA_PUBKEY packet
5912 if (pktin->type != SSH2_MSG_KEXRSA_PUBKEY) {
5913 bombout(("expected RSA public key packet from server"));
5917 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
5918 hash_string(ssh->kex->hash, ssh->exhash,
5919 s->hostkeydata, s->hostkeylen);
5920 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
5924 ssh_pkt_getstring(pktin, &keydata, &s->rsakeylen);
5925 s->rsakeydata = snewn(s->rsakeylen, char);
5926 memcpy(s->rsakeydata, keydata, s->rsakeylen);
5929 s->rsakey = ssh_rsakex_newkey(s->rsakeydata, s->rsakeylen);
5931 sfree(s->rsakeydata);
5932 bombout(("unable to parse RSA public key from server"));
5936 hash_string(ssh->kex->hash, ssh->exhash, s->rsakeydata, s->rsakeylen);
5939 * Next, set up a shared secret K, of precisely KLEN -
5940 * 2*HLEN - 49 bits, where KLEN is the bit length of the
5941 * RSA key modulus and HLEN is the bit length of the hash
5945 int klen = ssh_rsakex_klen(s->rsakey);
5946 int nbits = klen - (2*ssh->kex->hash->hlen*8 + 49);
5948 unsigned char *kstr1, *kstr2, *outstr;
5949 int kstr1len, kstr2len, outstrlen;
5951 s->K = bn_power_2(nbits - 1);
5953 for (i = 0; i < nbits; i++) {
5955 byte = random_byte();
5957 bignum_set_bit(s->K, i, (byte >> (i & 7)) & 1);
5961 * Encode this as an mpint.
5963 kstr1 = ssh2_mpint_fmt(s->K, &kstr1len);
5964 kstr2 = snewn(kstr2len = 4 + kstr1len, unsigned char);
5965 PUT_32BIT(kstr2, kstr1len);
5966 memcpy(kstr2 + 4, kstr1, kstr1len);
5969 * Encrypt it with the given RSA key.
5971 outstrlen = (klen + 7) / 8;
5972 outstr = snewn(outstrlen, unsigned char);
5973 ssh_rsakex_encrypt(ssh->kex->hash, kstr2, kstr2len,
5974 outstr, outstrlen, s->rsakey);
5977 * And send it off in a return packet.
5979 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXRSA_SECRET);
5980 ssh2_pkt_addstring_start(s->pktout);
5981 ssh2_pkt_addstring_data(s->pktout, (char *)outstr, outstrlen);
5982 ssh2_pkt_send_noqueue(ssh, s->pktout);
5984 hash_string(ssh->kex->hash, ssh->exhash, outstr, outstrlen);
5991 ssh_rsakex_freekey(s->rsakey);
5994 if (pktin->type != SSH2_MSG_KEXRSA_DONE) {
5995 sfree(s->rsakeydata);
5996 bombout(("expected signature packet from server"));
6000 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
6002 sfree(s->rsakeydata);
6005 hash_mpint(ssh->kex->hash, ssh->exhash, s->K);
6006 assert(ssh->kex->hash->hlen <= sizeof(s->exchange_hash));
6007 ssh->kex->hash->final(ssh->exhash, s->exchange_hash);
6009 ssh->kex_ctx = NULL;
6012 debug(("Exchange hash is:\n"));
6013 dmemdump(s->exchange_hash, ssh->kex->hash->hlen);
6017 !ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
6018 (char *)s->exchange_hash,
6019 ssh->kex->hash->hlen)) {
6020 bombout(("Server's host key did not match the signature supplied"));
6025 * Authenticate remote host: verify host key. (We've already
6026 * checked the signature of the exchange hash.)
6028 s->keystr = ssh->hostkey->fmtkey(s->hkey);
6029 s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
6030 ssh_set_frozen(ssh, 1);
6031 s->dlgret = verify_ssh_host_key(ssh->frontend,
6032 ssh->savedhost, ssh->savedport,
6033 ssh->hostkey->keytype, s->keystr,
6035 ssh_dialog_callback, ssh);
6036 if (s->dlgret < 0) {
6040 bombout(("Unexpected data from server while waiting"
6041 " for user host key response"));
6044 } while (pktin || inlen > 0);
6045 s->dlgret = ssh->user_response;
6047 ssh_set_frozen(ssh, 0);
6048 if (s->dlgret == 0) {
6049 ssh_disconnect(ssh, "User aborted at host key verification", NULL,
6053 if (!s->got_session_id) { /* don't bother logging this in rekeys */
6054 logevent("Host key fingerprint is:");
6055 logevent(s->fingerprint);
6057 sfree(s->fingerprint);
6059 ssh->hostkey->freekey(s->hkey);
6062 * The exchange hash from the very first key exchange is also
6063 * the session id, used in session key construction and
6066 if (!s->got_session_id) {
6067 assert(sizeof(s->exchange_hash) <= sizeof(ssh->v2_session_id));
6068 memcpy(ssh->v2_session_id, s->exchange_hash,
6069 sizeof(s->exchange_hash));
6070 ssh->v2_session_id_len = ssh->kex->hash->hlen;
6071 assert(ssh->v2_session_id_len <= sizeof(ssh->v2_session_id));
6072 s->got_session_id = TRUE;
6076 * Send SSH2_MSG_NEWKEYS.
6078 s->pktout = ssh2_pkt_init(SSH2_MSG_NEWKEYS);
6079 ssh2_pkt_send_noqueue(ssh, s->pktout);
6080 ssh->outgoing_data_size = 0; /* start counting from here */
6083 * We've sent client NEWKEYS, so create and initialise
6084 * client-to-server session keys.
6086 if (ssh->cs_cipher_ctx)
6087 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
6088 ssh->cscipher = s->cscipher_tobe;
6089 ssh->cs_cipher_ctx = ssh->cscipher->make_context();
6091 if (ssh->cs_mac_ctx)
6092 ssh->csmac->free_context(ssh->cs_mac_ctx);
6093 ssh->csmac = s->csmac_tobe;
6094 ssh->cs_mac_ctx = ssh->csmac->make_context();
6096 if (ssh->cs_comp_ctx)
6097 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
6098 ssh->cscomp = s->cscomp_tobe;
6099 ssh->cs_comp_ctx = ssh->cscomp->compress_init();
6102 * Set IVs on client-to-server keys. Here we use the exchange
6103 * hash from the _first_ key exchange.
6106 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6107 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6108 ssh2_mkkey(ssh,s->K,s->exchange_hash,'C',keyspace);
6109 assert((ssh->cscipher->keylen+7) / 8 <=
6110 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6111 ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace);
6112 ssh2_mkkey(ssh,s->K,s->exchange_hash,'A',keyspace);
6113 assert(ssh->cscipher->blksize <=
6114 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6115 ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace);
6116 ssh2_mkkey(ssh,s->K,s->exchange_hash,'E',keyspace);
6117 assert(ssh->csmac->len <=
6118 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6119 ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace);
6120 memset(keyspace, 0, sizeof(keyspace));
6123 logeventf(ssh, "Initialised %.200s client->server encryption",
6124 ssh->cscipher->text_name);
6125 logeventf(ssh, "Initialised %.200s client->server MAC algorithm",
6126 ssh->csmac->text_name);
6127 if (ssh->cscomp->text_name)
6128 logeventf(ssh, "Initialised %s compression",
6129 ssh->cscomp->text_name);
6132 * Now our end of the key exchange is complete, we can send all
6133 * our queued higher-layer packets.
6135 ssh->queueing = FALSE;
6136 ssh2_pkt_queuesend(ssh);
6139 * Expect SSH2_MSG_NEWKEYS from server.
6142 if (pktin->type != SSH2_MSG_NEWKEYS) {
6143 bombout(("expected new-keys packet from server"));
6146 ssh->incoming_data_size = 0; /* start counting from here */
6149 * We've seen server NEWKEYS, so create and initialise
6150 * server-to-client session keys.
6152 if (ssh->sc_cipher_ctx)
6153 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
6154 ssh->sccipher = s->sccipher_tobe;
6155 ssh->sc_cipher_ctx = ssh->sccipher->make_context();
6157 if (ssh->sc_mac_ctx)
6158 ssh->scmac->free_context(ssh->sc_mac_ctx);
6159 ssh->scmac = s->scmac_tobe;
6160 ssh->sc_mac_ctx = ssh->scmac->make_context();
6162 if (ssh->sc_comp_ctx)
6163 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
6164 ssh->sccomp = s->sccomp_tobe;
6165 ssh->sc_comp_ctx = ssh->sccomp->decompress_init();
6168 * Set IVs on server-to-client keys. Here we use the exchange
6169 * hash from the _first_ key exchange.
6172 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6173 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6174 ssh2_mkkey(ssh,s->K,s->exchange_hash,'D',keyspace);
6175 assert((ssh->sccipher->keylen+7) / 8 <=
6176 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6177 ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace);
6178 ssh2_mkkey(ssh,s->K,s->exchange_hash,'B',keyspace);
6179 assert(ssh->sccipher->blksize <=
6180 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6181 ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace);
6182 ssh2_mkkey(ssh,s->K,s->exchange_hash,'F',keyspace);
6183 assert(ssh->scmac->len <=
6184 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6185 ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
6186 memset(keyspace, 0, sizeof(keyspace));
6188 logeventf(ssh, "Initialised %.200s server->client encryption",
6189 ssh->sccipher->text_name);
6190 logeventf(ssh, "Initialised %.200s server->client MAC algorithm",
6191 ssh->scmac->text_name);
6192 if (ssh->sccomp->text_name)
6193 logeventf(ssh, "Initialised %s decompression",
6194 ssh->sccomp->text_name);
6197 * Free shared secret.
6202 * Key exchange is over. Loop straight back round if we have a
6203 * deferred rekey reason.
6205 if (ssh->deferred_rekey_reason) {
6206 logevent(ssh->deferred_rekey_reason);
6208 ssh->deferred_rekey_reason = NULL;
6209 goto begin_key_exchange;
6213 * Otherwise, schedule a timer for our next rekey.
6215 ssh->kex_in_progress = FALSE;
6216 ssh->last_rekey = GETTICKCOUNT();
6217 if (ssh->cfg.ssh_rekey_time != 0)
6218 ssh->next_rekey = schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
6222 * If this is the first key exchange phase, we must pass the
6223 * SSH2_MSG_NEWKEYS packet to the next layer, not because it
6224 * wants to see it but because it will need time to initialise
6225 * itself before it sees an actual packet. In subsequent key
6226 * exchange phases, we don't pass SSH2_MSG_NEWKEYS on, because
6227 * it would only confuse the layer above.
6229 if (s->activated_authconn) {
6232 s->activated_authconn = TRUE;
6235 * Now we're encrypting. Begin returning 1 to the protocol main
6236 * function so that other things can run on top of the
6237 * transport. If we ever see a KEXINIT, we must go back to the
6240 * We _also_ go back to the start if we see pktin==NULL and
6241 * inlen==-1, because this is a special signal meaning
6242 * `initiate client-driven rekey', and `in' contains a message
6243 * giving the reason for the rekey.
6245 while (!((pktin && pktin->type == SSH2_MSG_KEXINIT) ||
6246 (!pktin && inlen == -1))) {
6251 logevent("Server initiated key re-exchange");
6254 * Special case: if the server bug is set that doesn't
6255 * allow rekeying, we give a different log message and
6256 * continue waiting. (If such a server _initiates_ a rekey,
6257 * we process it anyway!)
6259 if ((ssh->remote_bugs & BUG_SSH2_REKEY)) {
6260 logeventf(ssh, "Server bug prevents key re-exchange (%s)",
6262 /* Reset the counters, so that at least this message doesn't
6263 * hit the event log _too_ often. */
6264 ssh->outgoing_data_size = 0;
6265 ssh->incoming_data_size = 0;
6266 if (ssh->cfg.ssh_rekey_time != 0) {
6268 schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
6271 goto wait_for_rekey; /* this is utterly horrid */
6273 logeventf(ssh, "Initiating key re-exchange (%s)", (char *)in);
6276 goto begin_key_exchange;
6282 * Add data to an SSH-2 channel output buffer.
6284 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
6287 bufchain_add(&c->v.v2.outbuffer, buf, len);
6291 * Attempt to send data on an SSH-2 channel.
6293 static int ssh2_try_send(struct ssh_channel *c)
6296 struct Packet *pktout;
6298 while (c->v.v2.remwindow > 0 && bufchain_size(&c->v.v2.outbuffer) > 0) {
6301 bufchain_prefix(&c->v.v2.outbuffer, &data, &len);
6302 if ((unsigned)len > c->v.v2.remwindow)
6303 len = c->v.v2.remwindow;
6304 if ((unsigned)len > c->v.v2.remmaxpkt)
6305 len = c->v.v2.remmaxpkt;
6306 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA);
6307 ssh2_pkt_adduint32(pktout, c->remoteid);
6308 ssh2_pkt_addstring_start(pktout);
6309 dont_log_data(ssh, pktout, PKTLOG_OMIT);
6310 ssh2_pkt_addstring_data(pktout, data, len);
6311 end_log_omission(ssh, pktout);
6312 ssh2_pkt_send(ssh, pktout);
6313 bufchain_consume(&c->v.v2.outbuffer, len);
6314 c->v.v2.remwindow -= len;
6318 * After having sent as much data as we can, return the amount
6321 return bufchain_size(&c->v.v2.outbuffer);
6324 static void ssh2_try_send_and_unthrottle(struct ssh_channel *c)
6328 return; /* don't send on closing channels */
6329 bufsize = ssh2_try_send(c);
6332 case CHAN_MAINSESSION:
6333 /* stdin need not receive an unthrottle
6334 * notification since it will be polled */
6337 x11_unthrottle(c->u.x11.s);
6340 /* agent sockets are request/response and need no
6341 * buffer management */
6344 pfd_unthrottle(c->u.pfd.s);
6351 * Set up most of a new ssh_channel for SSH-2.
6353 static void ssh2_channel_init(struct ssh_channel *c)
6356 c->localid = alloc_channel_id(ssh);
6358 c->throttling_conn = FALSE;
6359 c->v.v2.locwindow = c->v.v2.locmaxwin = c->v.v2.remlocwin =
6360 ssh->cfg.ssh_simple ? OUR_V2_BIGWIN : OUR_V2_WINSIZE;
6361 c->v.v2.winadj_head = c->v.v2.winadj_tail = NULL;
6362 c->v.v2.throttle_state = UNTHROTTLED;
6363 bufchain_init(&c->v.v2.outbuffer);
6367 * Potentially enlarge the window on an SSH-2 channel.
6369 static void ssh2_set_window(struct ssh_channel *c, int newwin)
6374 * Never send WINDOW_ADJUST for a channel that the remote side
6375 * already thinks it's closed; there's no point, since it won't
6376 * be sending any more data anyway.
6382 * If the remote end has a habit of ignoring maxpkt, limit the
6383 * window so that it has no choice (assuming it doesn't ignore the
6386 if ((ssh->remote_bugs & BUG_SSH2_MAXPKT) && newwin > OUR_V2_MAXPKT)
6387 newwin = OUR_V2_MAXPKT;
6391 * Only send a WINDOW_ADJUST if there's significantly more window
6392 * available than the other end thinks there is. This saves us
6393 * sending a WINDOW_ADJUST for every character in a shell session.
6395 * "Significant" is arbitrarily defined as half the window size.
6397 if (newwin / 2 >= c->v.v2.locwindow) {
6398 struct Packet *pktout;
6402 * In order to keep track of how much window the client
6403 * actually has available, we'd like it to acknowledge each
6404 * WINDOW_ADJUST. We can't do that directly, so we accompany
6405 * it with a CHANNEL_REQUEST that has to be acknowledged.
6407 * This is only necessary if we're opening the window wide.
6408 * If we're not, then throughput is being constrained by
6409 * something other than the maximum window size anyway.
6411 * We also only send this if the main channel has finished its
6412 * initial CHANNEL_REQUESTs and installed the default
6413 * CHANNEL_FAILURE handler, so as not to risk giving it
6414 * unexpected CHANNEL_FAILUREs.
6416 if (newwin == c->v.v2.locmaxwin &&
6417 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE]) {
6418 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
6419 ssh2_pkt_adduint32(pktout, c->remoteid);
6420 ssh2_pkt_addstring(pktout, "winadj@putty.projects.tartarus.org");
6421 ssh2_pkt_addbool(pktout, TRUE);
6422 ssh2_pkt_send(ssh, pktout);
6425 * CHANNEL_FAILURE doesn't come with any indication of
6426 * what message caused it, so we have to keep track of the
6427 * outstanding CHANNEL_REQUESTs ourselves.
6429 wa = snew(struct winadj);
6430 wa->size = newwin - c->v.v2.locwindow;
6432 if (!c->v.v2.winadj_head)
6433 c->v.v2.winadj_head = wa;
6435 c->v.v2.winadj_tail->next = wa;
6436 c->v.v2.winadj_tail = wa;
6437 if (c->v.v2.throttle_state != UNTHROTTLED)
6438 c->v.v2.throttle_state = UNTHROTTLING;
6440 /* Pretend the WINDOW_ADJUST was acked immediately. */
6441 c->v.v2.remlocwin = newwin;
6442 c->v.v2.throttle_state = THROTTLED;
6444 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
6445 ssh2_pkt_adduint32(pktout, c->remoteid);
6446 ssh2_pkt_adduint32(pktout, newwin - c->v.v2.locwindow);
6447 ssh2_pkt_send(ssh, pktout);
6448 c->v.v2.locwindow = newwin;
6453 * Find the channel associated with a message. If there's no channel,
6454 * or it's not properly open, make a noise about it and return NULL.
6456 static struct ssh_channel *ssh2_channel_msg(Ssh ssh, struct Packet *pktin)
6458 unsigned localid = ssh_pkt_getuint32(pktin);
6459 struct ssh_channel *c;
6461 c = find234(ssh->channels, &localid, ssh_channelfind);
6463 (c->halfopen && pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION &&
6464 pktin->type != SSH2_MSG_CHANNEL_OPEN_FAILURE)) {
6465 char *buf = dupprintf("Received %s for %s channel %u",
6466 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
6468 c ? "half-open" : "nonexistent", localid);
6469 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6476 static void ssh2_msg_channel_success(Ssh ssh, struct Packet *pktin)
6479 * This should never get called. All channel requests are either
6480 * sent with want_reply false or are sent before this handler gets
6483 struct ssh_channel *c;
6486 c = ssh2_channel_msg(ssh, pktin);
6489 wa = c->v.v2.winadj_head;
6491 ssh_disconnect(ssh, NULL, "Received SSH_MSG_CHANNEL_SUCCESS for "
6492 "\"winadj@putty.projects.tartarus.org\"",
6493 SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6495 ssh_disconnect(ssh, NULL,
6496 "Received unsolicited SSH_MSG_CHANNEL_SUCCESS",
6497 SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6500 static void ssh2_msg_channel_failure(Ssh ssh, struct Packet *pktin)
6503 * The only time this should get called is for "winadj@putty"
6504 * messages sent above. All other channel requests are either
6505 * sent with want_reply false or are sent before this handler gets
6508 struct ssh_channel *c;
6511 c = ssh2_channel_msg(ssh, pktin);
6514 wa = c->v.v2.winadj_head;
6516 ssh_disconnect(ssh, NULL,
6517 "Received unsolicited SSH_MSG_CHANNEL_FAILURE",
6518 SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6521 c->v.v2.winadj_head = wa->next;
6522 c->v.v2.remlocwin += wa->size;
6525 * winadj messages are only sent when the window is fully open, so
6526 * if we get an ack of one, we know any pending unthrottle is
6529 if (c->v.v2.throttle_state == UNTHROTTLING)
6530 c->v.v2.throttle_state = UNTHROTTLED;
6533 static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)
6535 struct ssh_channel *c;
6536 c = ssh2_channel_msg(ssh, pktin);
6540 c->v.v2.remwindow += ssh_pkt_getuint32(pktin);
6541 ssh2_try_send_and_unthrottle(c);
6545 static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
6549 struct ssh_channel *c;
6550 c = ssh2_channel_msg(ssh, pktin);
6553 if (pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA &&
6554 ssh_pkt_getuint32(pktin) != SSH2_EXTENDED_DATA_STDERR)
6555 return; /* extended but not stderr */
6556 ssh_pkt_getstring(pktin, &data, &length);
6559 c->v.v2.locwindow -= length;
6560 c->v.v2.remlocwin -= length;
6562 case CHAN_MAINSESSION:
6564 from_backend(ssh->frontend, pktin->type ==
6565 SSH2_MSG_CHANNEL_EXTENDED_DATA,
6569 bufsize = x11_send(c->u.x11.s, data, length);
6572 bufsize = pfd_send(c->u.pfd.s, data, length);
6575 while (length > 0) {
6576 if (c->u.a.lensofar < 4) {
6577 unsigned int l = min(4 - c->u.a.lensofar,
6579 memcpy(c->u.a.msglen + c->u.a.lensofar,
6583 c->u.a.lensofar += l;
6585 if (c->u.a.lensofar == 4) {
6587 4 + GET_32BIT(c->u.a.msglen);
6588 c->u.a.message = snewn(c->u.a.totallen,
6590 memcpy(c->u.a.message, c->u.a.msglen, 4);
6592 if (c->u.a.lensofar >= 4 && length > 0) {
6594 min(c->u.a.totallen - c->u.a.lensofar,
6596 memcpy(c->u.a.message + c->u.a.lensofar,
6600 c->u.a.lensofar += l;
6602 if (c->u.a.lensofar == c->u.a.totallen) {
6605 if (agent_query(c->u.a.message,
6608 ssh_agentf_callback, c))
6609 ssh_agentf_callback(c, reply, replylen);
6610 sfree(c->u.a.message);
6611 c->u.a.lensofar = 0;
6618 * If it looks like the remote end hit the end of its window,
6619 * and we didn't want it to do that, think about using a
6622 if (c->v.v2.remlocwin <= 0 && c->v.v2.throttle_state == UNTHROTTLED &&
6623 c->v.v2.locmaxwin < 0x40000000)
6624 c->v.v2.locmaxwin += OUR_V2_WINSIZE;
6626 * If we are not buffering too much data,
6627 * enlarge the window again at the remote side.
6628 * If we are buffering too much, we may still
6629 * need to adjust the window if the server's
6632 ssh2_set_window(c, bufsize < c->v.v2.locmaxwin ?
6633 c->v.v2.locmaxwin - bufsize : 0);
6635 * If we're either buffering way too much data, or if we're
6636 * buffering anything at all and we're in "simple" mode,
6637 * throttle the whole channel.
6639 if ((bufsize > c->v.v2.locmaxwin ||
6640 (ssh->cfg.ssh_simple && bufsize > 0)) &&
6641 !c->throttling_conn) {
6642 c->throttling_conn = 1;
6643 ssh_throttle_conn(ssh, +1);
6648 static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)
6650 struct ssh_channel *c;
6652 c = ssh2_channel_msg(ssh, pktin);
6656 if (c->type == CHAN_X11) {
6658 * Remote EOF on an X11 channel means we should
6659 * wrap up and close the channel ourselves.
6661 x11_close(c->u.x11.s);
6663 } else if (c->type == CHAN_AGENT) {
6665 } else if (c->type == CHAN_SOCKDATA) {
6666 pfd_close(c->u.pfd.s);
6671 static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
6673 struct ssh_channel *c;
6674 struct Packet *pktout;
6676 c = ssh2_channel_msg(ssh, pktin);
6679 /* Do pre-close processing on the channel. */
6681 case CHAN_MAINSESSION:
6682 ssh->mainchan = NULL;
6683 update_specials_menu(ssh->frontend);
6686 if (c->u.x11.s != NULL)
6687 x11_close(c->u.x11.s);
6694 if (c->u.pfd.s != NULL)
6695 pfd_close(c->u.pfd.s);
6699 if (c->closes == 0) {
6700 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6701 ssh2_pkt_adduint32(pktout, c->remoteid);
6702 ssh2_pkt_send(ssh, pktout);
6704 del234(ssh->channels, c);
6705 bufchain_clear(&c->v.v2.outbuffer);
6709 * See if that was the last channel left open.
6710 * (This is only our termination condition if we're
6711 * not running in -N mode.)
6713 if (!ssh->cfg.ssh_no_shell && count234(ssh->channels) == 0) {
6715 * We used to send SSH_MSG_DISCONNECT here,
6716 * because I'd believed that _every_ conforming
6717 * SSH-2 connection had to end with a disconnect
6718 * being sent by at least one side; apparently
6719 * I was wrong and it's perfectly OK to
6720 * unceremoniously slam the connection shut
6721 * when you're done, and indeed OpenSSH feels
6722 * this is more polite than sending a
6723 * DISCONNECT. So now we don't.
6725 ssh_disconnect(ssh, "All channels closed", NULL, 0, TRUE);
6729 static void ssh2_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
6731 struct ssh_channel *c;
6732 struct Packet *pktout;
6734 c = ssh2_channel_msg(ssh, pktin);
6737 if (c->type != CHAN_SOCKDATA_DORMANT)
6738 return; /* dunno why they're confirming this */
6739 c->remoteid = ssh_pkt_getuint32(pktin);
6740 c->halfopen = FALSE;
6741 c->type = CHAN_SOCKDATA;
6742 c->v.v2.remwindow = ssh_pkt_getuint32(pktin);
6743 c->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
6745 pfd_confirm(c->u.pfd.s);
6748 * We have a pending close on this channel,
6749 * which we decided on before the server acked
6750 * the channel open. So now we know the
6751 * remoteid, we can close it again.
6753 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6754 ssh2_pkt_adduint32(pktout, c->remoteid);
6755 ssh2_pkt_send(ssh, pktout);
6759 static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
6761 static const char *const reasons[] = {
6762 "<unknown reason code>",
6763 "Administratively prohibited",
6765 "Unknown channel type",
6766 "Resource shortage",
6768 unsigned reason_code;
6769 char *reason_string;
6771 struct ssh_channel *c;
6772 c = ssh2_channel_msg(ssh, pktin);
6775 if (c->type != CHAN_SOCKDATA_DORMANT)
6776 return; /* dunno why they're failing this */
6778 reason_code = ssh_pkt_getuint32(pktin);
6779 if (reason_code >= lenof(reasons))
6780 reason_code = 0; /* ensure reasons[reason_code] in range */
6781 ssh_pkt_getstring(pktin, &reason_string, &reason_length);
6782 logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]",
6783 reasons[reason_code], reason_length, reason_string);
6785 pfd_close(c->u.pfd.s);
6787 del234(ssh->channels, c);
6791 static void ssh2_msg_channel_request(Ssh ssh, struct Packet *pktin)
6794 int typelen, want_reply;
6795 int reply = SSH2_MSG_CHANNEL_FAILURE; /* default */
6796 struct ssh_channel *c;
6797 struct Packet *pktout;
6799 c = ssh2_channel_msg(ssh, pktin);
6802 ssh_pkt_getstring(pktin, &type, &typelen);
6803 want_reply = ssh2_pkt_getbool(pktin);
6806 * Having got the channel number, we now look at
6807 * the request type string to see if it's something
6810 if (c == ssh->mainchan) {
6812 * We recognise "exit-status" and "exit-signal" on
6813 * the primary channel.
6815 if (typelen == 11 &&
6816 !memcmp(type, "exit-status", 11)) {
6818 ssh->exitcode = ssh_pkt_getuint32(pktin);
6819 logeventf(ssh, "Server sent command exit status %d",
6821 reply = SSH2_MSG_CHANNEL_SUCCESS;
6823 } else if (typelen == 11 &&
6824 !memcmp(type, "exit-signal", 11)) {
6826 int is_plausible = TRUE, is_int = FALSE;
6827 char *fmt_sig = "", *fmt_msg = "";
6829 int msglen = 0, core = FALSE;
6830 /* ICK: older versions of OpenSSH (e.g. 3.4p1)
6831 * provide an `int' for the signal, despite its
6832 * having been a `string' in the drafts of RFC 4254 since at
6833 * least 2001. (Fixed in session.c 1.147.) Try to
6834 * infer which we can safely parse it as. */
6836 unsigned char *p = pktin->body +
6838 long len = pktin->length - pktin->savedpos;
6839 unsigned long num = GET_32BIT(p); /* what is it? */
6840 /* If it's 0, it hardly matters; assume string */
6844 int maybe_int = FALSE, maybe_str = FALSE;
6845 #define CHECK_HYPOTHESIS(offset, result) \
6848 if (q >= 0 && q+4 <= len) { \
6849 q = q + 4 + GET_32BIT(p+q); \
6850 if (q >= 0 && q+4 <= len && \
6851 ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \
6855 CHECK_HYPOTHESIS(4+1, maybe_int);
6856 CHECK_HYPOTHESIS(4+num+1, maybe_str);
6857 #undef CHECK_HYPOTHESIS
6858 if (maybe_int && !maybe_str)
6860 else if (!maybe_int && maybe_str)
6863 /* Crikey. Either or neither. Panic. */
6864 is_plausible = FALSE;
6867 ssh->exitcode = 128; /* means `unknown signal' */
6870 /* Old non-standard OpenSSH. */
6871 int signum = ssh_pkt_getuint32(pktin);
6872 fmt_sig = dupprintf(" %d", signum);
6873 ssh->exitcode = 128 + signum;
6875 /* As per RFC 4254. */
6878 ssh_pkt_getstring(pktin, &sig, &siglen);
6879 /* Signal name isn't supposed to be blank, but
6880 * let's cope gracefully if it is. */
6882 fmt_sig = dupprintf(" \"%.*s\"",
6887 * Really hideous method of translating the
6888 * signal description back into a locally
6889 * meaningful number.
6894 #define TRANSLATE_SIGNAL(s) \
6895 else if (siglen == lenof(#s)-1 && !memcmp(sig, #s, siglen)) \
6896 ssh->exitcode = 128 + SIG ## s
6898 TRANSLATE_SIGNAL(ABRT);
6901 TRANSLATE_SIGNAL(ALRM);
6904 TRANSLATE_SIGNAL(FPE);
6907 TRANSLATE_SIGNAL(HUP);
6910 TRANSLATE_SIGNAL(ILL);
6913 TRANSLATE_SIGNAL(INT);
6916 TRANSLATE_SIGNAL(KILL);
6919 TRANSLATE_SIGNAL(PIPE);
6922 TRANSLATE_SIGNAL(QUIT);
6925 TRANSLATE_SIGNAL(SEGV);
6928 TRANSLATE_SIGNAL(TERM);
6931 TRANSLATE_SIGNAL(USR1);
6934 TRANSLATE_SIGNAL(USR2);
6936 #undef TRANSLATE_SIGNAL
6938 ssh->exitcode = 128;
6940 core = ssh2_pkt_getbool(pktin);
6941 ssh_pkt_getstring(pktin, &msg, &msglen);
6943 fmt_msg = dupprintf(" (\"%.*s\")", msglen, msg);
6945 /* ignore lang tag */
6946 } /* else don't attempt to parse */
6947 logeventf(ssh, "Server exited on signal%s%s%s",
6948 fmt_sig, core ? " (core dumped)" : "",
6950 if (*fmt_sig) sfree(fmt_sig);
6951 if (*fmt_msg) sfree(fmt_msg);
6952 reply = SSH2_MSG_CHANNEL_SUCCESS;
6957 * This is a channel request we don't know
6958 * about, so we now either ignore the request
6959 * or respond with CHANNEL_FAILURE, depending
6962 reply = SSH2_MSG_CHANNEL_FAILURE;
6965 pktout = ssh2_pkt_init(reply);
6966 ssh2_pkt_adduint32(pktout, c->remoteid);
6967 ssh2_pkt_send(ssh, pktout);
6971 static void ssh2_msg_global_request(Ssh ssh, struct Packet *pktin)
6974 int typelen, want_reply;
6975 struct Packet *pktout;
6977 ssh_pkt_getstring(pktin, &type, &typelen);
6978 want_reply = ssh2_pkt_getbool(pktin);
6981 * We currently don't support any global requests
6982 * at all, so we either ignore the request or
6983 * respond with REQUEST_FAILURE, depending on
6987 pktout = ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
6988 ssh2_pkt_send(ssh, pktout);
6992 static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
7000 struct ssh_channel *c;
7001 unsigned remid, winsize, pktsize;
7002 struct Packet *pktout;
7004 ssh_pkt_getstring(pktin, &type, &typelen);
7005 c = snew(struct ssh_channel);
7008 remid = ssh_pkt_getuint32(pktin);
7009 winsize = ssh_pkt_getuint32(pktin);
7010 pktsize = ssh_pkt_getuint32(pktin);
7012 if (typelen == 3 && !memcmp(type, "x11", 3)) {
7015 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7016 addrstr = snewn(peeraddrlen+1, char);
7017 memcpy(addrstr, peeraddr, peeraddrlen);
7018 addrstr[peeraddrlen] = '\0';
7019 peerport = ssh_pkt_getuint32(pktin);
7021 logeventf(ssh, "Received X11 connect request from %s:%d",
7024 if (!ssh->X11_fwd_enabled)
7025 error = "X11 forwarding is not enabled";
7026 else if (x11_init(&c->u.x11.s, ssh->x11disp, c,
7027 addrstr, peerport, &ssh->cfg) != NULL) {
7028 error = "Unable to open an X11 connection";
7030 logevent("Opening X11 forward connection succeeded");
7035 } else if (typelen == 15 &&
7036 !memcmp(type, "forwarded-tcpip", 15)) {
7037 struct ssh_rportfwd pf, *realpf;
7040 ssh_pkt_getstring(pktin, &dummy, &dummylen);/* skip address */
7041 pf.sport = ssh_pkt_getuint32(pktin);
7042 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7043 peerport = ssh_pkt_getuint32(pktin);
7044 realpf = find234(ssh->rportfwds, &pf, NULL);
7045 logeventf(ssh, "Received remote port %d open request "
7046 "from %s:%d", pf.sport, peeraddr, peerport);
7047 if (realpf == NULL) {
7048 error = "Remote port is not recognised";
7050 const char *e = pfd_newconnect(&c->u.pfd.s,
7054 realpf->pfrec->addressfamily);
7055 logeventf(ssh, "Attempting to forward remote port to "
7056 "%s:%d", realpf->dhost, realpf->dport);
7058 logeventf(ssh, "Port open failed: %s", e);
7059 error = "Port open failed";
7061 logevent("Forwarded port opened successfully");
7062 c->type = CHAN_SOCKDATA;
7065 } else if (typelen == 22 &&
7066 !memcmp(type, "auth-agent@openssh.com", 22)) {
7067 if (!ssh->agentfwd_enabled)
7068 error = "Agent forwarding is not enabled";
7070 c->type = CHAN_AGENT; /* identify channel type */
7071 c->u.a.lensofar = 0;
7074 error = "Unsupported channel type requested";
7077 c->remoteid = remid;
7078 c->halfopen = FALSE;
7080 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE);
7081 ssh2_pkt_adduint32(pktout, c->remoteid);
7082 ssh2_pkt_adduint32(pktout, SSH2_OPEN_CONNECT_FAILED);
7083 ssh2_pkt_addstring(pktout, error);
7084 ssh2_pkt_addstring(pktout, "en"); /* language tag */
7085 ssh2_pkt_send(ssh, pktout);
7086 logeventf(ssh, "Rejected channel open: %s", error);
7089 ssh2_channel_init(c);
7090 c->v.v2.remwindow = winsize;
7091 c->v.v2.remmaxpkt = pktsize;
7092 add234(ssh->channels, c);
7093 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
7094 ssh2_pkt_adduint32(pktout, c->remoteid);
7095 ssh2_pkt_adduint32(pktout, c->localid);
7096 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);
7097 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
7098 ssh2_pkt_send(ssh, pktout);
7103 * Buffer banner messages for later display at some convenient point.
7105 static void ssh2_msg_userauth_banner(Ssh ssh, struct Packet *pktin)
7107 /* Arbitrary limit to prevent unbounded inflation of buffer */
7108 if (bufchain_size(&ssh->banner) <= 131072) {
7109 char *banner = NULL;
7111 ssh_pkt_getstring(pktin, &banner, &size);
7113 bufchain_add(&ssh->banner, banner, size);
7117 /* Helper function to deal with sending tty modes for "pty-req" */
7118 static void ssh2_send_ttymode(void *data, char *mode, char *val)
7120 struct Packet *pktout = (struct Packet *)data;
7122 unsigned int arg = 0;
7123 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
7124 if (i == lenof(ssh_ttymodes)) return;
7125 switch (ssh_ttymodes[i].type) {
7127 arg = ssh_tty_parse_specchar(val);
7130 arg = ssh_tty_parse_boolean(val);
7133 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
7134 ssh2_pkt_adduint32(pktout, arg);
7138 * Handle the SSH-2 userauth and connection layers.
7140 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
7141 struct Packet *pktin)
7143 struct do_ssh2_authconn_state {
7146 AUTH_TYPE_PUBLICKEY,
7147 AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
7148 AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
7151 AUTH_TYPE_KEYBOARD_INTERACTIVE,
7152 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
7154 int done_service_req;
7155 int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
7156 int tried_pubkey_config, done_agent;
7159 int kbd_inter_refused;
7161 prompts_t *cur_prompt;
7166 void *publickey_blob;
7167 int publickey_bloblen;
7168 int publickey_encrypted;
7169 char *publickey_algorithm;
7170 char *publickey_comment;
7171 unsigned char agent_request[5], *agent_response, *agentp;
7172 int agent_responselen;
7173 unsigned char *pkblob_in_agent;
7175 char *pkblob, *alg, *commentp;
7176 int pklen, alglen, commentlen;
7177 int siglen, retlen, len;
7178 char *q, *agentreq, *ret;
7180 int num_env, env_left, env_ok;
7181 struct Packet *pktout;
7182 Ssh_gss_ctx gss_ctx;
7183 Ssh_gss_buf gss_buf;
7184 Ssh_gss_buf gss_rcvtok, gss_sndtok;
7185 Ssh_gss_name gss_srv_name;
7186 Ssh_gss_stat gss_stat;
7188 crState(do_ssh2_authconn_state);
7190 crBegin(ssh->do_ssh2_authconn_crstate);
7192 s->done_service_req = FALSE;
7193 s->we_are_in = FALSE;
7194 s->tried_gssapi = FALSE;
7196 if (!ssh->cfg.ssh_no_userauth) {
7198 * Request userauth protocol, and await a response to it.
7200 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7201 ssh2_pkt_addstring(s->pktout, "ssh-userauth");
7202 ssh2_pkt_send(ssh, s->pktout);
7203 crWaitUntilV(pktin);
7204 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT)
7205 s->done_service_req = TRUE;
7207 if (!s->done_service_req) {
7209 * Request connection protocol directly, without authentication.
7211 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7212 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7213 ssh2_pkt_send(ssh, s->pktout);
7214 crWaitUntilV(pktin);
7215 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT) {
7216 s->we_are_in = TRUE; /* no auth required */
7218 bombout(("Server refused service request"));
7223 /* Arrange to be able to deal with any BANNERs that come in.
7224 * (We do this now as packets may come in during the next bit.) */
7225 bufchain_init(&ssh->banner);
7226 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] =
7227 ssh2_msg_userauth_banner;
7230 * Misc one-time setup for authentication.
7232 s->publickey_blob = NULL;
7233 if (!s->we_are_in) {
7236 * Load the public half of any configured public key file
7239 if (!filename_is_null(ssh->cfg.keyfile)) {
7241 logeventf(ssh, "Reading private key file \"%.150s\"",
7242 filename_to_str(&ssh->cfg.keyfile));
7243 keytype = key_type(&ssh->cfg.keyfile);
7244 if (keytype == SSH_KEYTYPE_SSH2) {
7247 ssh2_userkey_loadpub(&ssh->cfg.keyfile,
7248 &s->publickey_algorithm,
7249 &s->publickey_bloblen,
7250 &s->publickey_comment, &error);
7251 if (s->publickey_blob) {
7252 s->publickey_encrypted =
7253 ssh2_userkey_encrypted(&ssh->cfg.keyfile, NULL);
7256 logeventf(ssh, "Unable to load private key (%s)",
7258 msgbuf = dupprintf("Unable to load private key file "
7259 "\"%.150s\" (%s)\r\n",
7260 filename_to_str(&ssh->cfg.keyfile),
7262 c_write_str(ssh, msgbuf);
7267 logeventf(ssh, "Unable to use this key file (%s)",
7268 key_type_to_str(keytype));
7269 msgbuf = dupprintf("Unable to use key file \"%.150s\""
7271 filename_to_str(&ssh->cfg.keyfile),
7272 key_type_to_str(keytype));
7273 c_write_str(ssh, msgbuf);
7275 s->publickey_blob = NULL;
7280 * Find out about any keys Pageant has (but if there's a
7281 * public key configured, filter out all others).
7284 s->agent_response = NULL;
7285 s->pkblob_in_agent = NULL;
7286 if (ssh->cfg.tryagent && agent_exists()) {
7290 logevent("Pageant is running. Requesting keys.");
7292 /* Request the keys held by the agent. */
7293 PUT_32BIT(s->agent_request, 1);
7294 s->agent_request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
7295 if (!agent_query(s->agent_request, 5, &r, &s->agent_responselen,
7296 ssh_agent_callback, ssh)) {
7300 bombout(("Unexpected data from server while"
7301 " waiting for agent response"));
7304 } while (pktin || inlen > 0);
7305 r = ssh->agent_response;
7306 s->agent_responselen = ssh->agent_response_len;
7308 s->agent_response = (unsigned char *) r;
7309 if (s->agent_response && s->agent_responselen >= 5 &&
7310 s->agent_response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
7313 p = s->agent_response + 5;
7314 s->nkeys = GET_32BIT(p);
7316 logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
7317 if (s->publickey_blob) {
7318 /* See if configured key is in agent. */
7319 for (keyi = 0; keyi < s->nkeys; keyi++) {
7320 s->pklen = GET_32BIT(p);
7321 if (s->pklen == s->publickey_bloblen &&
7322 !memcmp(p+4, s->publickey_blob,
7323 s->publickey_bloblen)) {
7324 logeventf(ssh, "Pageant key #%d matches "
7325 "configured key file", keyi);
7327 s->pkblob_in_agent = p;
7331 p += GET_32BIT(p) + 4; /* comment */
7333 if (!s->pkblob_in_agent) {
7334 logevent("Configured key file not in Pageant");
7344 * We repeat this whole loop, including the username prompt,
7345 * until we manage a successful authentication. If the user
7346 * types the wrong _password_, they can be sent back to the
7347 * beginning to try another username, if this is configured on.
7348 * (If they specify a username in the config, they are never
7349 * asked, even if they do give a wrong password.)
7351 * I think this best serves the needs of
7353 * - the people who have no configuration, no keys, and just
7354 * want to try repeated (username,password) pairs until they
7355 * type both correctly
7357 * - people who have keys and configuration but occasionally
7358 * need to fall back to passwords
7360 * - people with a key held in Pageant, who might not have
7361 * logged in to a particular machine before; so they want to
7362 * type a username, and then _either_ their key will be
7363 * accepted, _or_ they will type a password. If they mistype
7364 * the username they will want to be able to get back and
7367 s->username[0] = '\0';
7368 s->got_username = FALSE;
7369 while (!s->we_are_in) {
7373 if (s->got_username && !ssh->cfg.change_username) {
7375 * We got a username last time round this loop, and
7376 * with change_username turned off we don't try to get
7379 } else if (!get_remote_username(&ssh->cfg, s->username,
7380 sizeof(s->username))) {
7381 int ret; /* need not be kept over crReturn */
7382 s->cur_prompt = new_prompts(ssh->frontend);
7383 s->cur_prompt->to_server = TRUE;
7384 s->cur_prompt->name = dupstr("SSH login name");
7385 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE,
7386 lenof(s->username));
7387 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7390 crWaitUntilV(!pktin);
7391 ret = get_userpass_input(s->cur_prompt, in, inlen);
7396 * get_userpass_input() failed to get a username.
7399 free_prompts(s->cur_prompt);
7400 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
7403 memcpy(s->username, s->cur_prompt->prompts[0]->result,
7404 lenof(s->username));
7405 free_prompts(s->cur_prompt);
7408 if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
7409 stuff = dupprintf("Using username \"%s\".\r\n", s->username);
7410 c_write_str(ssh, stuff);
7414 s->got_username = TRUE;
7417 * Send an authentication request using method "none": (a)
7418 * just in case it succeeds, and (b) so that we know what
7419 * authentication methods we can usefully try next.
7421 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
7423 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7424 ssh2_pkt_addstring(s->pktout, s->username);
7425 ssh2_pkt_addstring(s->pktout, "ssh-connection");/* service requested */
7426 ssh2_pkt_addstring(s->pktout, "none"); /* method */
7427 ssh2_pkt_send(ssh, s->pktout);
7428 s->type = AUTH_TYPE_NONE;
7430 s->we_are_in = FALSE;
7432 s->tried_pubkey_config = FALSE;
7433 s->kbd_inter_refused = FALSE;
7435 /* Reset agent request state. */
7436 s->done_agent = FALSE;
7437 if (s->agent_response) {
7438 if (s->pkblob_in_agent) {
7439 s->agentp = s->pkblob_in_agent;
7441 s->agentp = s->agent_response + 5 + 4;
7448 * Wait for the result of the last authentication request.
7451 crWaitUntilV(pktin);
7453 * Now is a convenient point to spew any banner material
7454 * that we've accumulated. (This should ensure that when
7455 * we exit the auth loop, we haven't any left to deal
7459 int size = bufchain_size(&ssh->banner);
7461 * Don't show the banner if we're operating in
7462 * non-verbose non-interactive mode. (It's probably
7463 * a script, which means nobody will read the
7464 * banner _anyway_, and moreover the printing of
7465 * the banner will screw up processing on the
7466 * output of (say) plink.)
7468 if (size && (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE))) {
7469 char *banner = snewn(size, char);
7470 bufchain_fetch(&ssh->banner, banner, size);
7471 c_write_untrusted(ssh, banner, size);
7474 bufchain_clear(&ssh->banner);
7476 if (pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
7477 logevent("Access granted");
7478 s->we_are_in = TRUE;
7482 if (pktin->type != SSH2_MSG_USERAUTH_FAILURE && s->type != AUTH_TYPE_GSSAPI) {
7483 bombout(("Strange packet received during authentication: "
7484 "type %d", pktin->type));
7491 * OK, we're now sitting on a USERAUTH_FAILURE message, so
7492 * we can look at the string in it and know what we can
7493 * helpfully try next.
7495 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
7498 ssh_pkt_getstring(pktin, &methods, &methlen);
7499 if (!ssh2_pkt_getbool(pktin)) {
7501 * We have received an unequivocal Access
7502 * Denied. This can translate to a variety of
7505 * - if we'd just tried "none" authentication,
7506 * it's not worth printing anything at all
7508 * - if we'd just tried a public key _offer_,
7509 * the message should be "Server refused our
7510 * key" (or no message at all if the key
7511 * came from Pageant)
7513 * - if we'd just tried anything else, the
7514 * message really should be "Access denied".
7516 * Additionally, if we'd just tried password
7517 * authentication, we should break out of this
7518 * whole loop so as to go back to the username
7519 * prompt (iff we're configured to allow
7520 * username change attempts).
7522 if (s->type == AUTH_TYPE_NONE) {
7524 } else if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
7525 s->type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
7526 if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
7527 c_write_str(ssh, "Server refused our key\r\n");
7528 logevent("Server refused public key");
7529 } else if (s->type==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
7530 /* server declined keyboard-interactive; ignore */
7532 c_write_str(ssh, "Access denied\r\n");
7533 logevent("Access denied");
7534 if (s->type == AUTH_TYPE_PASSWORD &&
7535 ssh->cfg.change_username) {
7536 /* XXX perhaps we should allow
7537 * keyboard-interactive to do this too? */
7538 s->we_are_in = FALSE;
7543 c_write_str(ssh, "Further authentication required\r\n");
7544 logevent("Further authentication required");
7548 in_commasep_string("publickey", methods, methlen);
7550 in_commasep_string("password", methods, methlen);
7551 s->can_keyb_inter = ssh->cfg.try_ki_auth &&
7552 in_commasep_string("keyboard-interactive", methods, methlen);
7554 s->can_gssapi = ssh->cfg.try_gssapi_auth &&
7555 in_commasep_string("gssapi-with-mic", methods, methlen) &&
7560 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
7562 if (s->can_pubkey && !s->done_agent && s->nkeys) {
7565 * Attempt public-key authentication using a key from Pageant.
7568 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
7570 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
7572 /* Unpack key from agent response */
7573 s->pklen = GET_32BIT(s->agentp);
7575 s->pkblob = (char *)s->agentp;
7576 s->agentp += s->pklen;
7577 s->alglen = GET_32BIT(s->pkblob);
7578 s->alg = s->pkblob + 4;
7579 s->commentlen = GET_32BIT(s->agentp);
7581 s->commentp = (char *)s->agentp;
7582 s->agentp += s->commentlen;
7583 /* s->agentp now points at next key, if any */
7585 /* See if server will accept it */
7586 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7587 ssh2_pkt_addstring(s->pktout, s->username);
7588 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7589 /* service requested */
7590 ssh2_pkt_addstring(s->pktout, "publickey");
7592 ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
7593 ssh2_pkt_addstring_start(s->pktout);
7594 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
7595 ssh2_pkt_addstring_start(s->pktout);
7596 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
7597 ssh2_pkt_send(ssh, s->pktout);
7598 s->type = AUTH_TYPE_PUBLICKEY_OFFER_QUIET;
7600 crWaitUntilV(pktin);
7601 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
7603 /* Offer of key refused. */
7610 if (flags & FLAG_VERBOSE) {
7611 c_write_str(ssh, "Authenticating with "
7613 c_write(ssh, s->commentp, s->commentlen);
7614 c_write_str(ssh, "\" from agent\r\n");
7618 * Server is willing to accept the key.
7619 * Construct a SIGN_REQUEST.
7621 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7622 ssh2_pkt_addstring(s->pktout, s->username);
7623 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7624 /* service requested */
7625 ssh2_pkt_addstring(s->pktout, "publickey");
7627 ssh2_pkt_addbool(s->pktout, TRUE); /* signature included */
7628 ssh2_pkt_addstring_start(s->pktout);
7629 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
7630 ssh2_pkt_addstring_start(s->pktout);
7631 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
7633 /* Ask agent for signature. */
7634 s->siglen = s->pktout->length - 5 + 4 +
7635 ssh->v2_session_id_len;
7636 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
7638 s->len = 1; /* message type */
7639 s->len += 4 + s->pklen; /* key blob */
7640 s->len += 4 + s->siglen; /* data to sign */
7641 s->len += 4; /* flags */
7642 s->agentreq = snewn(4 + s->len, char);
7643 PUT_32BIT(s->agentreq, s->len);
7644 s->q = s->agentreq + 4;
7645 *s->q++ = SSH2_AGENTC_SIGN_REQUEST;
7646 PUT_32BIT(s->q, s->pklen);
7648 memcpy(s->q, s->pkblob, s->pklen);
7650 PUT_32BIT(s->q, s->siglen);
7652 /* Now the data to be signed... */
7653 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
7654 PUT_32BIT(s->q, ssh->v2_session_id_len);
7657 memcpy(s->q, ssh->v2_session_id,
7658 ssh->v2_session_id_len);
7659 s->q += ssh->v2_session_id_len;
7660 memcpy(s->q, s->pktout->data + 5,
7661 s->pktout->length - 5);
7662 s->q += s->pktout->length - 5;
7663 /* And finally the (zero) flags word. */
7665 if (!agent_query(s->agentreq, s->len + 4,
7667 ssh_agent_callback, ssh)) {
7671 bombout(("Unexpected data from server"
7672 " while waiting for agent"
7676 } while (pktin || inlen > 0);
7677 vret = ssh->agent_response;
7678 s->retlen = ssh->agent_response_len;
7683 if (s->ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
7684 logevent("Sending Pageant's response");
7685 ssh2_add_sigblob(ssh, s->pktout,
7686 s->pkblob, s->pklen,
7688 GET_32BIT(s->ret + 5));
7689 ssh2_pkt_send(ssh, s->pktout);
7690 s->type = AUTH_TYPE_PUBLICKEY;
7692 /* FIXME: less drastic response */
7693 bombout(("Pageant failed to answer challenge"));
7699 /* Do we have any keys left to try? */
7700 if (s->pkblob_in_agent) {
7701 s->done_agent = TRUE;
7702 s->tried_pubkey_config = TRUE;
7705 if (s->keyi >= s->nkeys)
7706 s->done_agent = TRUE;
7709 } else if (s->can_pubkey && s->publickey_blob &&
7710 !s->tried_pubkey_config) {
7712 struct ssh2_userkey *key; /* not live over crReturn */
7713 char *passphrase; /* not live over crReturn */
7715 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
7717 s->tried_pubkey_config = TRUE;
7720 * Try the public key supplied in the configuration.
7722 * First, offer the public blob to see if the server is
7723 * willing to accept it.
7725 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7726 ssh2_pkt_addstring(s->pktout, s->username);
7727 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7728 /* service requested */
7729 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
7730 ssh2_pkt_addbool(s->pktout, FALSE);
7731 /* no signature included */
7732 ssh2_pkt_addstring(s->pktout, s->publickey_algorithm);
7733 ssh2_pkt_addstring_start(s->pktout);
7734 ssh2_pkt_addstring_data(s->pktout,
7735 (char *)s->publickey_blob,
7736 s->publickey_bloblen);
7737 ssh2_pkt_send(ssh, s->pktout);
7738 logevent("Offered public key");
7740 crWaitUntilV(pktin);
7741 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
7742 /* Key refused. Give up. */
7743 s->gotit = TRUE; /* reconsider message next loop */
7744 s->type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
7745 continue; /* process this new message */
7747 logevent("Offer of public key accepted");
7750 * Actually attempt a serious authentication using
7753 if (flags & FLAG_VERBOSE) {
7754 c_write_str(ssh, "Authenticating with public key \"");
7755 c_write_str(ssh, s->publickey_comment);
7756 c_write_str(ssh, "\"\r\n");
7760 const char *error; /* not live over crReturn */
7761 if (s->publickey_encrypted) {
7763 * Get a passphrase from the user.
7765 int ret; /* need not be kept over crReturn */
7766 s->cur_prompt = new_prompts(ssh->frontend);
7767 s->cur_prompt->to_server = FALSE;
7768 s->cur_prompt->name = dupstr("SSH key passphrase");
7769 add_prompt(s->cur_prompt,
7770 dupprintf("Passphrase for key \"%.100s\": ",
7771 s->publickey_comment),
7772 FALSE, SSH_MAX_PASSWORD_LEN);
7773 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7776 crWaitUntilV(!pktin);
7777 ret = get_userpass_input(s->cur_prompt,
7782 /* Failed to get a passphrase. Terminate. */
7783 free_prompts(s->cur_prompt);
7784 ssh_disconnect(ssh, NULL,
7785 "Unable to authenticate",
7786 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
7791 dupstr(s->cur_prompt->prompts[0]->result);
7792 free_prompts(s->cur_prompt);
7794 passphrase = NULL; /* no passphrase needed */
7798 * Try decrypting the key.
7800 key = ssh2_load_userkey(&ssh->cfg.keyfile, passphrase,
7803 /* burn the evidence */
7804 memset(passphrase, 0, strlen(passphrase));
7807 if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
7809 (key == SSH2_WRONG_PASSPHRASE)) {
7810 c_write_str(ssh, "Wrong passphrase\r\n");
7812 /* and loop again */
7814 c_write_str(ssh, "Unable to load private key (");
7815 c_write_str(ssh, error);
7816 c_write_str(ssh, ")\r\n");
7818 break; /* try something else */
7824 unsigned char *pkblob, *sigblob, *sigdata;
7825 int pkblob_len, sigblob_len, sigdata_len;
7829 * We have loaded the private key and the server
7830 * has announced that it's willing to accept it.
7831 * Hallelujah. Generate a signature and send it.
7833 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7834 ssh2_pkt_addstring(s->pktout, s->username);
7835 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7836 /* service requested */
7837 ssh2_pkt_addstring(s->pktout, "publickey");
7839 ssh2_pkt_addbool(s->pktout, TRUE);
7840 /* signature follows */
7841 ssh2_pkt_addstring(s->pktout, key->alg->name);
7842 pkblob = key->alg->public_blob(key->data,
7844 ssh2_pkt_addstring_start(s->pktout);
7845 ssh2_pkt_addstring_data(s->pktout, (char *)pkblob,
7849 * The data to be signed is:
7853 * followed by everything so far placed in the
7856 sigdata_len = s->pktout->length - 5 + 4 +
7857 ssh->v2_session_id_len;
7858 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
7860 sigdata = snewn(sigdata_len, unsigned char);
7862 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
7863 PUT_32BIT(sigdata+p, ssh->v2_session_id_len);
7866 memcpy(sigdata+p, ssh->v2_session_id,
7867 ssh->v2_session_id_len);
7868 p += ssh->v2_session_id_len;
7869 memcpy(sigdata+p, s->pktout->data + 5,
7870 s->pktout->length - 5);
7871 p += s->pktout->length - 5;
7872 assert(p == sigdata_len);
7873 sigblob = key->alg->sign(key->data, (char *)sigdata,
7874 sigdata_len, &sigblob_len);
7875 ssh2_add_sigblob(ssh, s->pktout, pkblob, pkblob_len,
7876 sigblob, sigblob_len);
7881 ssh2_pkt_send(ssh, s->pktout);
7882 s->type = AUTH_TYPE_PUBLICKEY;
7883 key->alg->freekey(key->data);
7887 } else if (s->can_gssapi && !s->tried_gssapi) {
7889 /* GSSAPI Authentication */
7894 s->type = AUTH_TYPE_GSSAPI;
7895 s->tried_gssapi = TRUE;
7897 ssh->pkt_actx = SSH2_PKTCTX_GSSAPI;
7899 /* Sending USERAUTH_REQUEST with "gssapi-with-mic" method */
7900 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7901 ssh2_pkt_addstring(s->pktout, s->username);
7902 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7903 ssh2_pkt_addstring(s->pktout, "gssapi-with-mic");
7905 /* add mechanism info */
7906 ssh_gss_indicate_mech(&s->gss_buf);
7908 /* number of GSSAPI mechanisms */
7909 ssh2_pkt_adduint32(s->pktout,1);
7911 /* length of OID + 2 */
7912 ssh2_pkt_adduint32(s->pktout, s->gss_buf.length + 2);
7913 ssh2_pkt_addbyte(s->pktout, SSH2_GSS_OIDTYPE);
7916 ssh2_pkt_addbyte(s->pktout, (unsigned char) s->gss_buf.length);
7918 ssh_pkt_adddata(s->pktout, s->gss_buf.value,
7920 ssh2_pkt_send(ssh, s->pktout);
7921 crWaitUntilV(pktin);
7922 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_RESPONSE) {
7923 logevent("GSSAPI authentication request refused");
7927 /* check returned packet ... */
7929 ssh_pkt_getstring(pktin, &data, &len);
7930 s->gss_rcvtok.value = data;
7931 s->gss_rcvtok.length = len;
7932 if (s->gss_rcvtok.length != s->gss_buf.length + 2 ||
7933 ((char *)s->gss_rcvtok.value)[0] != SSH2_GSS_OIDTYPE ||
7934 ((char *)s->gss_rcvtok.value)[1] != s->gss_buf.length ||
7935 memcmp((char *)s->gss_rcvtok.value + 2,
7936 s->gss_buf.value,s->gss_buf.length) ) {
7937 logevent("GSSAPI authentication - wrong response from server");
7941 /* now start running */
7942 s->gss_stat = ssh_gss_import_name(ssh->fullhostname,
7944 if (s->gss_stat != SSH_GSS_OK) {
7945 if (s->gss_stat == SSH_GSS_BAD_HOST_NAME)
7946 logevent("GSSAPI import name failed - Bad service name");
7948 logevent("GSSAPI import name failed");
7952 /* fetch TGT into GSS engine */
7953 s->gss_stat = ssh_gss_acquire_cred(&s->gss_ctx);
7955 if (s->gss_stat != SSH_GSS_OK) {
7956 logevent("GSSAPI authentication failed to get credentials");
7957 ssh_gss_release_name(&s->gss_srv_name);
7961 /* initial tokens are empty */
7962 SSH_GSS_CLEAR_BUF(&s->gss_rcvtok);
7963 SSH_GSS_CLEAR_BUF(&s->gss_sndtok);
7965 /* now enter the loop */
7967 s->gss_stat = ssh_gss_init_sec_context(&s->gss_ctx,
7973 if (s->gss_stat!=SSH_GSS_S_COMPLETE &&
7974 s->gss_stat!=SSH_GSS_S_CONTINUE_NEEDED) {
7975 logevent("GSSAPI authentication initialisation failed");
7977 if (ssh_gss_display_status(s->gss_ctx,&s->gss_buf) == SSH_GSS_OK) {
7978 logevent(s->gss_buf.value);
7979 sfree(s->gss_buf.value);
7984 logevent("GSSAPI authentication initialised");
7986 /* Client and server now exchange tokens until GSSAPI
7987 * no longer says CONTINUE_NEEDED */
7989 if (s->gss_sndtok.length != 0) {
7990 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
7991 ssh_pkt_addstring_start(s->pktout);
7992 ssh_pkt_addstring_data(s->pktout,s->gss_sndtok.value,s->gss_sndtok.length);
7993 ssh2_pkt_send(ssh, s->pktout);
7994 ssh_gss_free_tok(&s->gss_sndtok);
7997 if (s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED) {
7998 crWaitUntilV(pktin);
7999 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_TOKEN) {
8000 logevent("GSSAPI authentication - bad server response");
8001 s->gss_stat = SSH_GSS_FAILURE;
8004 ssh_pkt_getstring(pktin, &data, &len);
8005 s->gss_rcvtok.value = data;
8006 s->gss_rcvtok.length = len;
8008 } while (s-> gss_stat == SSH_GSS_S_CONTINUE_NEEDED);
8010 if (s->gss_stat != SSH_GSS_OK) {
8011 ssh_gss_release_name(&s->gss_srv_name);
8012 ssh_gss_release_cred(&s->gss_ctx);
8015 logevent("GSSAPI authentication loop finished OK");
8017 /* Now send the MIC */
8019 s->pktout = ssh2_pkt_init(0);
8020 micoffset = s->pktout->length;
8021 ssh_pkt_addstring_start(s->pktout);
8022 ssh_pkt_addstring_data(s->pktout, (char *)ssh->v2_session_id, ssh->v2_session_id_len);
8023 ssh_pkt_addbyte(s->pktout, SSH2_MSG_USERAUTH_REQUEST);
8024 ssh_pkt_addstring(s->pktout, s->username);
8025 ssh_pkt_addstring(s->pktout, "ssh-connection");
8026 ssh_pkt_addstring(s->pktout, "gssapi-with-mic");
8028 s->gss_buf.value = (char *)s->pktout->data + micoffset;
8029 s->gss_buf.length = s->pktout->length - micoffset;
8031 ssh_gss_get_mic(s->gss_ctx, &s->gss_buf, &mic);
8032 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_MIC);
8033 ssh_pkt_addstring_start(s->pktout);
8034 ssh_pkt_addstring_data(s->pktout, mic.value, mic.length);
8035 ssh2_pkt_send(ssh, s->pktout);
8036 ssh_gss_free_mic(&mic);
8040 ssh_gss_release_name(&s->gss_srv_name);
8041 ssh_gss_release_cred(&s->gss_ctx);
8044 } else if (s->can_keyb_inter && !s->kbd_inter_refused) {
8047 * Keyboard-interactive authentication.
8050 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
8052 ssh->pkt_actx = SSH2_PKTCTX_KBDINTER;
8054 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8055 ssh2_pkt_addstring(s->pktout, s->username);
8056 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8057 /* service requested */
8058 ssh2_pkt_addstring(s->pktout, "keyboard-interactive");
8060 ssh2_pkt_addstring(s->pktout, ""); /* lang */
8061 ssh2_pkt_addstring(s->pktout, ""); /* submethods */
8062 ssh2_pkt_send(ssh, s->pktout);
8064 crWaitUntilV(pktin);
8065 if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
8066 /* Server is not willing to do keyboard-interactive
8067 * at all (or, bizarrely but legally, accepts the
8068 * user without actually issuing any prompts).
8069 * Give up on it entirely. */
8071 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE)
8072 logevent("Keyboard-interactive authentication refused");
8073 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
8074 s->kbd_inter_refused = TRUE; /* don't try it again */
8079 * Loop while the server continues to send INFO_REQUESTs.
8081 while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
8083 char *name, *inst, *lang;
8084 int name_len, inst_len, lang_len;
8088 * We've got a fresh USERAUTH_INFO_REQUEST.
8089 * Get the preamble and start building a prompt.
8091 ssh_pkt_getstring(pktin, &name, &name_len);
8092 ssh_pkt_getstring(pktin, &inst, &inst_len);
8093 ssh_pkt_getstring(pktin, &lang, &lang_len);
8094 s->cur_prompt = new_prompts(ssh->frontend);
8095 s->cur_prompt->to_server = TRUE;
8097 /* FIXME: better prefix to distinguish from
8099 s->cur_prompt->name =
8100 dupprintf("SSH server: %.*s", name_len, name);
8101 s->cur_prompt->name_reqd = TRUE;
8103 s->cur_prompt->name =
8104 dupstr("SSH server authentication");
8105 s->cur_prompt->name_reqd = FALSE;
8107 /* FIXME: ugly to print "Using..." in prompt _every_
8108 * time round. Can this be done more subtly? */
8109 s->cur_prompt->instruction =
8110 dupprintf("Using keyboard-interactive authentication.%s%.*s",
8111 inst_len ? "\n" : "", inst_len, inst);
8112 s->cur_prompt->instr_reqd = TRUE;
8115 * Get any prompt(s) from the packet.
8117 s->num_prompts = ssh_pkt_getuint32(pktin);
8118 for (i = 0; i < s->num_prompts; i++) {
8122 static char noprompt[] =
8123 "<server failed to send prompt>: ";
8125 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8126 echo = ssh2_pkt_getbool(pktin);
8129 prompt_len = lenof(noprompt)-1;
8131 add_prompt(s->cur_prompt,
8132 dupprintf("%.*s", prompt_len, prompt),
8133 echo, SSH_MAX_PASSWORD_LEN);
8137 * Display any instructions, and get the user's
8141 int ret; /* not live over crReturn */
8142 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8145 crWaitUntilV(!pktin);
8146 ret = get_userpass_input(s->cur_prompt, in, inlen);
8151 * Failed to get responses. Terminate.
8153 free_prompts(s->cur_prompt);
8154 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8155 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8162 * Send the response(s) to the server.
8164 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
8165 ssh2_pkt_adduint32(s->pktout, s->num_prompts);
8166 for (i=0; i < s->num_prompts; i++) {
8167 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8168 ssh2_pkt_addstring(s->pktout,
8169 s->cur_prompt->prompts[i]->result);
8170 end_log_omission(ssh, s->pktout);
8172 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8175 * Get the next packet in case it's another
8178 crWaitUntilV(pktin);
8183 * We should have SUCCESS or FAILURE now.
8187 } else if (s->can_passwd) {
8190 * Plain old password authentication.
8192 int ret; /* not live over crReturn */
8193 int changereq_first_time; /* not live over crReturn */
8195 ssh->pkt_actx = SSH2_PKTCTX_PASSWORD;
8197 s->cur_prompt = new_prompts(ssh->frontend);
8198 s->cur_prompt->to_server = TRUE;
8199 s->cur_prompt->name = dupstr("SSH password");
8200 add_prompt(s->cur_prompt, dupprintf("%.90s@%.90s's password: ",
8203 FALSE, SSH_MAX_PASSWORD_LEN);
8205 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8208 crWaitUntilV(!pktin);
8209 ret = get_userpass_input(s->cur_prompt, in, inlen);
8214 * Failed to get responses. Terminate.
8216 free_prompts(s->cur_prompt);
8217 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8218 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8223 * Squirrel away the password. (We may need it later if
8224 * asked to change it.)
8226 s->password = dupstr(s->cur_prompt->prompts[0]->result);
8227 free_prompts(s->cur_prompt);
8230 * Send the password packet.
8232 * We pad out the password packet to 256 bytes to make
8233 * it harder for an attacker to find the length of the
8236 * Anyone using a password longer than 256 bytes
8237 * probably doesn't have much to worry about from
8238 * people who find out how long their password is!
8240 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8241 ssh2_pkt_addstring(s->pktout, s->username);
8242 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8243 /* service requested */
8244 ssh2_pkt_addstring(s->pktout, "password");
8245 ssh2_pkt_addbool(s->pktout, FALSE);
8246 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8247 ssh2_pkt_addstring(s->pktout, s->password);
8248 end_log_omission(ssh, s->pktout);
8249 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8250 logevent("Sent password");
8251 s->type = AUTH_TYPE_PASSWORD;
8254 * Wait for next packet, in case it's a password change
8257 crWaitUntilV(pktin);
8258 changereq_first_time = TRUE;
8260 while (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
8263 * We're being asked for a new password
8264 * (perhaps not for the first time).
8265 * Loop until the server accepts it.
8268 int got_new = FALSE; /* not live over crReturn */
8269 char *prompt; /* not live over crReturn */
8270 int prompt_len; /* not live over crReturn */
8274 if (changereq_first_time)
8275 msg = "Server requested password change";
8277 msg = "Server rejected new password";
8279 c_write_str(ssh, msg);
8280 c_write_str(ssh, "\r\n");
8283 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8285 s->cur_prompt = new_prompts(ssh->frontend);
8286 s->cur_prompt->to_server = TRUE;
8287 s->cur_prompt->name = dupstr("New SSH password");
8288 s->cur_prompt->instruction =
8289 dupprintf("%.*s", prompt_len, prompt);
8290 s->cur_prompt->instr_reqd = TRUE;
8292 * There's no explicit requirement in the protocol
8293 * for the "old" passwords in the original and
8294 * password-change messages to be the same, and
8295 * apparently some Cisco kit supports password change
8296 * by the user entering a blank password originally
8297 * and the real password subsequently, so,
8298 * reluctantly, we prompt for the old password again.
8300 * (On the other hand, some servers don't even bother
8301 * to check this field.)
8303 add_prompt(s->cur_prompt,
8304 dupstr("Current password (blank for previously entered password): "),
8305 FALSE, SSH_MAX_PASSWORD_LEN);
8306 add_prompt(s->cur_prompt, dupstr("Enter new password: "),
8307 FALSE, SSH_MAX_PASSWORD_LEN);
8308 add_prompt(s->cur_prompt, dupstr("Confirm new password: "),
8309 FALSE, SSH_MAX_PASSWORD_LEN);
8312 * Loop until the user manages to enter the same
8317 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8320 crWaitUntilV(!pktin);
8321 ret = get_userpass_input(s->cur_prompt, in, inlen);
8326 * Failed to get responses. Terminate.
8328 /* burn the evidence */
8329 free_prompts(s->cur_prompt);
8330 memset(s->password, 0, strlen(s->password));
8332 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8333 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8339 * If the user specified a new original password
8340 * (IYSWIM), overwrite any previously specified
8342 * (A side effect is that the user doesn't have to
8343 * re-enter it if they louse up the new password.)
8345 if (s->cur_prompt->prompts[0]->result[0]) {
8346 memset(s->password, 0, strlen(s->password));
8347 /* burn the evidence */
8350 dupstr(s->cur_prompt->prompts[0]->result);
8354 * Check the two new passwords match.
8356 got_new = (strcmp(s->cur_prompt->prompts[1]->result,
8357 s->cur_prompt->prompts[2]->result)
8360 /* They don't. Silly user. */
8361 c_write_str(ssh, "Passwords do not match\r\n");
8366 * Send the new password (along with the old one).
8367 * (see above for padding rationale)
8369 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8370 ssh2_pkt_addstring(s->pktout, s->username);
8371 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8372 /* service requested */
8373 ssh2_pkt_addstring(s->pktout, "password");
8374 ssh2_pkt_addbool(s->pktout, TRUE);
8375 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8376 ssh2_pkt_addstring(s->pktout, s->password);
8377 ssh2_pkt_addstring(s->pktout,
8378 s->cur_prompt->prompts[1]->result);
8379 free_prompts(s->cur_prompt);
8380 end_log_omission(ssh, s->pktout);
8381 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8382 logevent("Sent new password");
8385 * Now see what the server has to say about it.
8386 * (If it's CHANGEREQ again, it's not happy with the
8389 crWaitUntilV(pktin);
8390 changereq_first_time = FALSE;
8395 * We need to reexamine the current pktin at the top
8396 * of the loop. Either:
8397 * - we weren't asked to change password at all, in
8398 * which case it's a SUCCESS or FAILURE with the
8400 * - we sent a new password, and the server was
8401 * either OK with it (SUCCESS or FAILURE w/partial
8402 * success) or unhappy with the _old_ password
8403 * (FAILURE w/o partial success)
8404 * In any of these cases, we go back to the top of
8405 * the loop and start again.
8410 * We don't need the old password any more, in any
8411 * case. Burn the evidence.
8413 memset(s->password, 0, strlen(s->password));
8418 ssh_disconnect(ssh, NULL,
8419 "No supported authentication methods available",
8420 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,
8428 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
8430 /* Clear up various bits and pieces from authentication. */
8431 if (s->publickey_blob) {
8432 sfree(s->publickey_blob);
8433 sfree(s->publickey_comment);
8435 if (s->agent_response)
8436 sfree(s->agent_response);
8439 * Now the connection protocol has started, one way or another.
8442 ssh->channels = newtree234(ssh_channelcmp);
8445 * Set up handlers for some connection protocol messages, so we
8446 * don't have to handle them repeatedly in this coroutine.
8448 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] =
8449 ssh2_msg_channel_window_adjust;
8450 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] =
8451 ssh2_msg_global_request;
8454 * Create the main session channel.
8456 if (ssh->cfg.ssh_no_shell) {
8457 ssh->mainchan = NULL;
8458 } else if (*ssh->cfg.ssh_nc_host) {
8460 * Just start a direct-tcpip channel and use it as the main
8463 ssh->mainchan = snew(struct ssh_channel);
8464 ssh->mainchan->ssh = ssh;
8465 ssh2_channel_init(ssh->mainchan);
8467 "Opening direct-tcpip channel to %s:%d in place of session",
8468 ssh->cfg.ssh_nc_host, ssh->cfg.ssh_nc_port);
8469 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
8470 ssh2_pkt_addstring(s->pktout, "direct-tcpip");
8471 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
8472 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
8473 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
8474 ssh2_pkt_addstring(s->pktout, ssh->cfg.ssh_nc_host);
8475 ssh2_pkt_adduint32(s->pktout, ssh->cfg.ssh_nc_port);
8477 * There's nothing meaningful to put in the originator
8478 * fields, but some servers insist on syntactically correct
8481 ssh2_pkt_addstring(s->pktout, "0.0.0.0");
8482 ssh2_pkt_adduint32(s->pktout, 0);
8483 ssh2_pkt_send(ssh, s->pktout);
8485 crWaitUntilV(pktin);
8486 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
8487 bombout(("Server refused to open a direct-tcpip channel"));
8489 /* FIXME: error data comes back in FAILURE packet */
8491 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
8492 bombout(("Server's channel confirmation cited wrong channel"));
8495 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
8496 ssh->mainchan->halfopen = FALSE;
8497 ssh->mainchan->type = CHAN_MAINSESSION;
8498 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
8499 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
8500 add234(ssh->channels, ssh->mainchan);
8501 update_specials_menu(ssh->frontend);
8502 logevent("Opened direct-tcpip channel");
8505 ssh->mainchan = snew(struct ssh_channel);
8506 ssh->mainchan->ssh = ssh;
8507 ssh2_channel_init(ssh->mainchan);
8508 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
8509 ssh2_pkt_addstring(s->pktout, "session");
8510 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
8511 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
8512 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
8513 ssh2_pkt_send(ssh, s->pktout);
8514 crWaitUntilV(pktin);
8515 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
8516 bombout(("Server refused to open a session"));
8518 /* FIXME: error data comes back in FAILURE packet */
8520 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
8521 bombout(("Server's channel confirmation cited wrong channel"));
8524 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
8525 ssh->mainchan->halfopen = FALSE;
8526 ssh->mainchan->type = CHAN_MAINSESSION;
8527 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
8528 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
8529 add234(ssh->channels, ssh->mainchan);
8530 update_specials_menu(ssh->frontend);
8531 logevent("Opened channel for session");
8532 ssh->ncmode = FALSE;
8536 * Now we have a channel, make dispatch table entries for
8537 * general channel-based messages.
8539 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] =
8540 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] =
8541 ssh2_msg_channel_data;
8542 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_channel_eof;
8543 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_channel_close;
8544 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] =
8545 ssh2_msg_channel_open_confirmation;
8546 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] =
8547 ssh2_msg_channel_open_failure;
8548 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] =
8549 ssh2_msg_channel_request;
8550 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] =
8551 ssh2_msg_channel_open;
8553 if (ssh->cfg.ssh_simple) {
8555 * This message indicates to the server that we promise
8556 * not to try to run any other channel in parallel with
8557 * this one, so it's safe for it to advertise a very large
8558 * window and leave the flow control to TCP.
8560 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8561 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
8562 ssh2_pkt_addstring(s->pktout, "simple@putty.projects.tartarus.org");
8563 ssh2_pkt_addbool(s->pktout, 0); /* no reply */
8564 ssh2_pkt_send(ssh, s->pktout);
8568 * Potentially enable X11 forwarding.
8570 if (ssh->mainchan && !ssh->ncmode && ssh->cfg.x11_forward) {
8571 logevent("Requesting X11 forwarding");
8572 ssh->x11disp = x11_setup_display(ssh->cfg.x11_display,
8573 ssh->cfg.x11_auth, &ssh->cfg);
8574 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8575 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
8576 ssh2_pkt_addstring(s->pktout, "x11-req");
8577 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8578 ssh2_pkt_addbool(s->pktout, 0); /* many connections */
8579 ssh2_pkt_addstring(s->pktout, ssh->x11disp->remoteauthprotoname);
8581 * Note that while we blank the X authentication data here, we don't
8582 * take any special action to blank the start of an X11 channel,
8583 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
8584 * without having session blanking enabled is likely to leak your
8585 * cookie into the log.
8587 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8588 ssh2_pkt_addstring(s->pktout, ssh->x11disp->remoteauthdatastring);
8589 end_log_omission(ssh, s->pktout);
8590 ssh2_pkt_adduint32(s->pktout, ssh->x11disp->screennum);
8591 ssh2_pkt_send(ssh, s->pktout);
8593 crWaitUntilV(pktin);
8595 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
8596 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
8597 bombout(("Unexpected response to X11 forwarding request:"
8598 " packet type %d", pktin->type));
8601 logevent("X11 forwarding refused");
8603 logevent("X11 forwarding enabled");
8604 ssh->X11_fwd_enabled = TRUE;
8609 * Enable port forwardings.
8611 ssh_setup_portfwd(ssh, &ssh->cfg);
8614 * Potentially enable agent forwarding.
8616 if (ssh->mainchan && !ssh->ncmode && ssh->cfg.agentfwd && agent_exists()) {
8617 logevent("Requesting OpenSSH-style agent forwarding");
8618 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8619 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
8620 ssh2_pkt_addstring(s->pktout, "auth-agent-req@openssh.com");
8621 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8622 ssh2_pkt_send(ssh, s->pktout);
8624 crWaitUntilV(pktin);
8626 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
8627 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
8628 bombout(("Unexpected response to agent forwarding request:"
8629 " packet type %d", pktin->type));
8632 logevent("Agent forwarding refused");
8634 logevent("Agent forwarding enabled");
8635 ssh->agentfwd_enabled = TRUE;
8640 * Now allocate a pty for the session.
8642 if (ssh->mainchan && !ssh->ncmode && !ssh->cfg.nopty) {
8643 /* Unpick the terminal-speed string. */
8644 /* XXX perhaps we should allow no speeds to be sent. */
8645 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
8646 sscanf(ssh->cfg.termspeed, "%d,%d", &ssh->ospeed, &ssh->ispeed);
8647 /* Build the pty request. */
8648 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8649 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
8650 ssh2_pkt_addstring(s->pktout, "pty-req");
8651 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8652 ssh2_pkt_addstring(s->pktout, ssh->cfg.termtype);
8653 ssh2_pkt_adduint32(s->pktout, ssh->term_width);
8654 ssh2_pkt_adduint32(s->pktout, ssh->term_height);
8655 ssh2_pkt_adduint32(s->pktout, 0); /* pixel width */
8656 ssh2_pkt_adduint32(s->pktout, 0); /* pixel height */
8657 ssh2_pkt_addstring_start(s->pktout);
8658 parse_ttymodes(ssh, ssh->cfg.ttymodes,
8659 ssh2_send_ttymode, (void *)s->pktout);
8660 ssh2_pkt_addbyte(s->pktout, SSH2_TTY_OP_ISPEED);
8661 ssh2_pkt_adduint32(s->pktout, ssh->ispeed);
8662 ssh2_pkt_addbyte(s->pktout, SSH2_TTY_OP_OSPEED);
8663 ssh2_pkt_adduint32(s->pktout, ssh->ospeed);
8664 ssh2_pkt_addstring_data(s->pktout, "\0", 1); /* TTY_OP_END */
8665 ssh2_pkt_send(ssh, s->pktout);
8666 ssh->state = SSH_STATE_INTERMED;
8668 crWaitUntilV(pktin);
8670 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
8671 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
8672 bombout(("Unexpected response to pty request:"
8673 " packet type %d", pktin->type));
8676 c_write_str(ssh, "Server refused to allocate pty\r\n");
8677 ssh->editing = ssh->echoing = 1;
8679 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
8680 ssh->ospeed, ssh->ispeed);
8683 ssh->editing = ssh->echoing = 1;
8687 * Send environment variables.
8689 * Simplest thing here is to send all the requests at once, and
8690 * then wait for a whole bunch of successes or failures.
8692 if (ssh->mainchan && !ssh->ncmode && *ssh->cfg.environmt) {
8693 char *e = ssh->cfg.environmt;
8694 char *var, *varend, *val;
8700 while (*e && *e != '\t') e++;
8702 if (*e == '\t') e++;
8707 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8708 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
8709 ssh2_pkt_addstring(s->pktout, "env");
8710 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8711 ssh2_pkt_addstring_start(s->pktout);
8712 ssh2_pkt_addstring_data(s->pktout, var, varend-var);
8713 ssh2_pkt_addstring(s->pktout, val);
8714 ssh2_pkt_send(ssh, s->pktout);
8719 logeventf(ssh, "Sent %d environment variables", s->num_env);
8722 s->env_left = s->num_env;
8724 while (s->env_left > 0) {
8725 crWaitUntilV(pktin);
8727 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
8728 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
8729 bombout(("Unexpected response to environment request:"
8730 " packet type %d", pktin->type));
8740 if (s->env_ok == s->num_env) {
8741 logevent("All environment variables successfully set");
8742 } else if (s->env_ok == 0) {
8743 logevent("All environment variables refused");
8744 c_write_str(ssh, "Server refused to set environment variables\r\n");
8746 logeventf(ssh, "%d environment variables refused",
8747 s->num_env - s->env_ok);
8748 c_write_str(ssh, "Server refused to set all environment variables\r\n");
8753 * Start a shell or a remote command. We may have to attempt
8754 * this twice if the config data has provided a second choice
8757 if (ssh->mainchan && !ssh->ncmode) while (1) {
8761 if (ssh->fallback_cmd) {
8762 subsys = ssh->cfg.ssh_subsys2;
8763 cmd = ssh->cfg.remote_cmd_ptr2;
8765 subsys = ssh->cfg.ssh_subsys;
8766 cmd = ssh->cfg.remote_cmd_ptr;
8767 if (!cmd) cmd = ssh->cfg.remote_cmd;
8770 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8771 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
8773 ssh2_pkt_addstring(s->pktout, "subsystem");
8774 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8775 ssh2_pkt_addstring(s->pktout, cmd);
8777 ssh2_pkt_addstring(s->pktout, "exec");
8778 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8779 ssh2_pkt_addstring(s->pktout, cmd);
8781 ssh2_pkt_addstring(s->pktout, "shell");
8782 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
8784 ssh2_pkt_send(ssh, s->pktout);
8786 crWaitUntilV(pktin);
8788 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
8789 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
8790 bombout(("Unexpected response to shell/command request:"
8791 " packet type %d", pktin->type));
8795 * We failed to start the command. If this is the
8796 * fallback command, we really are finished; if it's
8797 * not, and if the fallback command exists, try falling
8798 * back to it before complaining.
8800 if (!ssh->fallback_cmd && ssh->cfg.remote_cmd_ptr2 != NULL) {
8801 logevent("Primary command failed; attempting fallback");
8802 ssh->fallback_cmd = TRUE;
8805 bombout(("Server refused to start a shell/command"));
8808 logevent("Started a shell/command");
8813 ssh->state = SSH_STATE_SESSION;
8814 if (ssh->size_needed)
8815 ssh_size(ssh, ssh->term_width, ssh->term_height);
8816 if (ssh->eof_needed)
8817 ssh_special(ssh, TS_EOF);
8820 * All the initial channel requests are done, so install the default
8823 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = ssh2_msg_channel_success;
8824 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = ssh2_msg_channel_failure;
8830 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
8835 s->try_send = FALSE;
8839 * _All_ the connection-layer packets we expect to
8840 * receive are now handled by the dispatch table.
8841 * Anything that reaches here must be bogus.
8844 bombout(("Strange packet received: type %d", pktin->type));
8846 } else if (ssh->mainchan) {
8848 * We have spare data. Add it to the channel buffer.
8850 ssh2_add_channel_data(ssh->mainchan, (char *)in, inlen);
8855 struct ssh_channel *c;
8857 * Try to send data on all channels if we can.
8859 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
8860 ssh2_try_send_and_unthrottle(c);
8868 * Handlers for SSH-2 messages that might arrive at any moment.
8870 static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
8872 /* log reason code in disconnect message */
8876 reason = ssh_pkt_getuint32(pktin);
8877 ssh_pkt_getstring(pktin, &msg, &msglen);
8879 if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
8880 buf = dupprintf("Received disconnect message (%s)",
8881 ssh2_disconnect_reasons[reason]);
8883 buf = dupprintf("Received disconnect message (unknown"
8884 " type %d)", reason);
8888 buf = dupprintf("Disconnection message text: %.*s",
8891 bombout(("Server sent disconnect message\ntype %d (%s):\n\"%.*s\"",
8893 (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
8894 ssh2_disconnect_reasons[reason] : "unknown",
8899 static void ssh2_msg_debug(Ssh ssh, struct Packet *pktin)
8901 /* log the debug message */
8906 /* XXX maybe we should actually take notice of this */
8907 always_display = ssh2_pkt_getbool(pktin);
8908 ssh_pkt_getstring(pktin, &msg, &msglen);
8910 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
8913 static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
8915 struct Packet *pktout;
8916 pktout = ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED);
8917 ssh2_pkt_adduint32(pktout, pktin->sequence);
8919 * UNIMPLEMENTED messages MUST appear in the same order as the
8920 * messages they respond to. Hence, never queue them.
8922 ssh2_pkt_send_noqueue(ssh, pktout);
8926 * Handle the top-level SSH-2 protocol.
8928 static void ssh2_protocol_setup(Ssh ssh)
8933 * Most messages cause SSH2_MSG_UNIMPLEMENTED.
8935 for (i = 0; i < 256; i++)
8936 ssh->packet_dispatch[i] = ssh2_msg_something_unimplemented;
8939 * Any message we actually understand, we set to NULL so that
8940 * the coroutines will get it.
8942 ssh->packet_dispatch[SSH2_MSG_UNIMPLEMENTED] = NULL;
8943 ssh->packet_dispatch[SSH2_MSG_SERVICE_REQUEST] = NULL;
8944 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = NULL;
8945 ssh->packet_dispatch[SSH2_MSG_KEXINIT] = NULL;
8946 ssh->packet_dispatch[SSH2_MSG_NEWKEYS] = NULL;
8947 ssh->packet_dispatch[SSH2_MSG_KEXDH_INIT] = NULL;
8948 ssh->packet_dispatch[SSH2_MSG_KEXDH_REPLY] = NULL;
8949 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REQUEST] = NULL; duplicate case value */
8950 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_GROUP] = NULL; duplicate case value */
8951 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_INIT] = NULL;
8952 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REPLY] = NULL;
8953 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = NULL;
8954 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = NULL;
8955 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = NULL;
8956 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
8957 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = NULL;
8958 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = NULL; duplicate case value */
8959 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = NULL; duplicate case value */
8960 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = NULL;
8961 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = NULL;
8962 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = NULL;
8963 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = NULL;
8964 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = NULL;
8965 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = NULL;
8966 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = NULL;
8967 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = NULL;
8968 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = NULL;
8969 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = NULL;
8970 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = NULL;
8971 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = NULL;
8972 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] = NULL;
8973 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = NULL;
8974 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = NULL;
8977 * These special message types we install handlers for.
8979 ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
8980 ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
8981 ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
8984 static void ssh2_timer(void *ctx, long now)
8988 if (ssh->state == SSH_STATE_CLOSED)
8991 if (!ssh->kex_in_progress && ssh->cfg.ssh_rekey_time != 0 &&
8992 now - ssh->next_rekey >= 0) {
8993 do_ssh2_transport(ssh, "timeout", -1, NULL);
8997 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
8998 struct Packet *pktin)
9000 unsigned char *in = (unsigned char *)vin;
9001 if (ssh->state == SSH_STATE_CLOSED)
9005 ssh->incoming_data_size += pktin->encrypted_len;
9006 if (!ssh->kex_in_progress &&
9007 ssh->max_data_size != 0 &&
9008 ssh->incoming_data_size > ssh->max_data_size)
9009 do_ssh2_transport(ssh, "too much data received", -1, NULL);
9012 if (pktin && ssh->packet_dispatch[pktin->type]) {
9013 ssh->packet_dispatch[pktin->type](ssh, pktin);
9017 if (!ssh->protocol_initial_phase_done ||
9018 (pktin && pktin->type >= 20 && pktin->type < 50)) {
9019 if (do_ssh2_transport(ssh, in, inlen, pktin) &&
9020 !ssh->protocol_initial_phase_done) {
9021 ssh->protocol_initial_phase_done = TRUE;
9023 * Allow authconn to initialise itself.
9025 do_ssh2_authconn(ssh, NULL, 0, NULL);
9028 do_ssh2_authconn(ssh, in, inlen, pktin);
9033 * Called to set up the connection.
9035 * Returns an error message, or NULL on success.
9037 static const char *ssh_init(void *frontend_handle, void **backend_handle,
9039 char *host, int port, char **realhost, int nodelay,
9045 ssh = snew(struct ssh_tag);
9046 ssh->cfg = *cfg; /* STRUCTURE COPY */
9047 ssh->version = 0; /* when not ready yet */
9050 ssh->v1_cipher_ctx = NULL;
9051 ssh->crcda_ctx = NULL;
9052 ssh->cscipher = NULL;
9053 ssh->cs_cipher_ctx = NULL;
9054 ssh->sccipher = NULL;
9055 ssh->sc_cipher_ctx = NULL;
9057 ssh->cs_mac_ctx = NULL;
9059 ssh->sc_mac_ctx = NULL;
9061 ssh->cs_comp_ctx = NULL;
9063 ssh->sc_comp_ctx = NULL;
9065 ssh->kex_ctx = NULL;
9066 ssh->hostkey = NULL;
9068 ssh->close_expected = FALSE;
9069 ssh->clean_exit = FALSE;
9070 ssh->state = SSH_STATE_PREPACKET;
9071 ssh->size_needed = FALSE;
9072 ssh->eof_needed = FALSE;
9075 ssh->deferred_send_data = NULL;
9076 ssh->deferred_len = 0;
9077 ssh->deferred_size = 0;
9078 ssh->fallback_cmd = 0;
9079 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
9080 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
9081 ssh->x11disp = NULL;
9082 ssh->v1_compressing = FALSE;
9083 ssh->v2_outgoing_sequence = 0;
9084 ssh->ssh1_rdpkt_crstate = 0;
9085 ssh->ssh2_rdpkt_crstate = 0;
9086 ssh->do_ssh_init_crstate = 0;
9087 ssh->ssh_gotdata_crstate = 0;
9088 ssh->do_ssh1_connection_crstate = 0;
9089 ssh->do_ssh1_login_crstate = 0;
9090 ssh->do_ssh2_transport_crstate = 0;
9091 ssh->do_ssh2_authconn_crstate = 0;
9092 ssh->do_ssh_init_state = NULL;
9093 ssh->do_ssh1_login_state = NULL;
9094 ssh->do_ssh2_transport_state = NULL;
9095 ssh->do_ssh2_authconn_state = NULL;
9098 ssh->mainchan = NULL;
9099 ssh->throttled_all = 0;
9100 ssh->v1_stdout_throttling = 0;
9102 ssh->queuelen = ssh->queuesize = 0;
9103 ssh->queueing = FALSE;
9104 ssh->qhead = ssh->qtail = NULL;
9105 ssh->deferred_rekey_reason = NULL;
9106 bufchain_init(&ssh->queued_incoming_data);
9107 ssh->frozen = FALSE;
9109 *backend_handle = ssh;
9112 if (crypto_startup() == 0)
9113 return "Microsoft high encryption pack not installed!";
9116 ssh->frontend = frontend_handle;
9117 ssh->term_width = ssh->cfg.width;
9118 ssh->term_height = ssh->cfg.height;
9120 ssh->channels = NULL;
9121 ssh->rportfwds = NULL;
9122 ssh->portfwds = NULL;
9127 ssh->conn_throttle_count = 0;
9128 ssh->overall_bufsize = 0;
9129 ssh->fallback_cmd = 0;
9131 ssh->protocol = NULL;
9133 ssh->protocol_initial_phase_done = FALSE;
9137 ssh->incoming_data_size = ssh->outgoing_data_size =
9138 ssh->deferred_data_size = 0L;
9139 ssh->max_data_size = parse_blocksize(ssh->cfg.ssh_rekey_data);
9140 ssh->kex_in_progress = FALSE;
9142 p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
9151 static void ssh_free(void *handle)
9153 Ssh ssh = (Ssh) handle;
9154 struct ssh_channel *c;
9155 struct ssh_rportfwd *pf;
9157 if (ssh->v1_cipher_ctx)
9158 ssh->cipher->free_context(ssh->v1_cipher_ctx);
9159 if (ssh->cs_cipher_ctx)
9160 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
9161 if (ssh->sc_cipher_ctx)
9162 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
9163 if (ssh->cs_mac_ctx)
9164 ssh->csmac->free_context(ssh->cs_mac_ctx);
9165 if (ssh->sc_mac_ctx)
9166 ssh->scmac->free_context(ssh->sc_mac_ctx);
9167 if (ssh->cs_comp_ctx) {
9169 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
9171 zlib_compress_cleanup(ssh->cs_comp_ctx);
9173 if (ssh->sc_comp_ctx) {
9175 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
9177 zlib_decompress_cleanup(ssh->sc_comp_ctx);
9180 dh_cleanup(ssh->kex_ctx);
9181 sfree(ssh->savedhost);
9183 while (ssh->queuelen-- > 0)
9184 ssh_free_packet(ssh->queue[ssh->queuelen]);
9187 while (ssh->qhead) {
9188 struct queued_handler *qh = ssh->qhead;
9189 ssh->qhead = qh->next;
9192 ssh->qhead = ssh->qtail = NULL;
9194 if (ssh->channels) {
9195 while ((c = delpos234(ssh->channels, 0)) != NULL) {
9198 if (c->u.x11.s != NULL)
9199 x11_close(c->u.x11.s);
9202 if (c->u.pfd.s != NULL)
9203 pfd_close(c->u.pfd.s);
9208 freetree234(ssh->channels);
9209 ssh->channels = NULL;
9212 if (ssh->rportfwds) {
9213 while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
9215 freetree234(ssh->rportfwds);
9216 ssh->rportfwds = NULL;
9218 sfree(ssh->deferred_send_data);
9220 x11_free_display(ssh->x11disp);
9221 sfree(ssh->do_ssh_init_state);
9222 sfree(ssh->do_ssh1_login_state);
9223 sfree(ssh->do_ssh2_transport_state);
9224 sfree(ssh->do_ssh2_authconn_state);
9227 sfree(ssh->fullhostname);
9228 if (ssh->crcda_ctx) {
9229 crcda_free_context(ssh->crcda_ctx);
9230 ssh->crcda_ctx = NULL;
9233 ssh_do_close(ssh, TRUE);
9234 expire_timer_context(ssh);
9236 pinger_free(ssh->pinger);
9237 bufchain_clear(&ssh->queued_incoming_data);
9244 * Reconfigure the SSH backend.
9246 static void ssh_reconfig(void *handle, Config *cfg)
9248 Ssh ssh = (Ssh) handle;
9249 char *rekeying = NULL, rekey_mandatory = FALSE;
9250 unsigned long old_max_data_size;
9252 pinger_reconfig(ssh->pinger, &ssh->cfg, cfg);
9254 ssh_setup_portfwd(ssh, cfg);
9256 if (ssh->cfg.ssh_rekey_time != cfg->ssh_rekey_time &&
9257 cfg->ssh_rekey_time != 0) {
9258 long new_next = ssh->last_rekey + cfg->ssh_rekey_time*60*TICKSPERSEC;
9259 long now = GETTICKCOUNT();
9261 if (new_next - now < 0) {
9262 rekeying = "timeout shortened";
9264 ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
9268 old_max_data_size = ssh->max_data_size;
9269 ssh->max_data_size = parse_blocksize(cfg->ssh_rekey_data);
9270 if (old_max_data_size != ssh->max_data_size &&
9271 ssh->max_data_size != 0) {
9272 if (ssh->outgoing_data_size > ssh->max_data_size ||
9273 ssh->incoming_data_size > ssh->max_data_size)
9274 rekeying = "data limit lowered";
9277 if (ssh->cfg.compression != cfg->compression) {
9278 rekeying = "compression setting changed";
9279 rekey_mandatory = TRUE;
9282 if (ssh->cfg.ssh2_des_cbc != cfg->ssh2_des_cbc ||
9283 memcmp(ssh->cfg.ssh_cipherlist, cfg->ssh_cipherlist,
9284 sizeof(ssh->cfg.ssh_cipherlist))) {
9285 rekeying = "cipher settings changed";
9286 rekey_mandatory = TRUE;
9289 ssh->cfg = *cfg; /* STRUCTURE COPY */
9292 if (!ssh->kex_in_progress) {
9293 do_ssh2_transport(ssh, rekeying, -1, NULL);
9294 } else if (rekey_mandatory) {
9295 ssh->deferred_rekey_reason = rekeying;
9301 * Called to send data down the SSH connection.
9303 static int ssh_send(void *handle, char *buf, int len)
9305 Ssh ssh = (Ssh) handle;
9307 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
9310 ssh->protocol(ssh, (unsigned char *)buf, len, 0);
9312 return ssh_sendbuffer(ssh);
9316 * Called to query the current amount of buffered stdin data.
9318 static int ssh_sendbuffer(void *handle)
9320 Ssh ssh = (Ssh) handle;
9323 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
9327 * If the SSH socket itself has backed up, add the total backup
9328 * size on that to any individual buffer on the stdin channel.
9331 if (ssh->throttled_all)
9332 override_value = ssh->overall_bufsize;
9334 if (ssh->version == 1) {
9335 return override_value;
9336 } else if (ssh->version == 2) {
9337 if (!ssh->mainchan || ssh->mainchan->closes > 0)
9338 return override_value;
9340 return (override_value +
9341 bufchain_size(&ssh->mainchan->v.v2.outbuffer));
9348 * Called to set the size of the window from SSH's POV.
9350 static void ssh_size(void *handle, int width, int height)
9352 Ssh ssh = (Ssh) handle;
9353 struct Packet *pktout;
9355 ssh->term_width = width;
9356 ssh->term_height = height;
9358 switch (ssh->state) {
9359 case SSH_STATE_BEFORE_SIZE:
9360 case SSH_STATE_PREPACKET:
9361 case SSH_STATE_CLOSED:
9362 break; /* do nothing */
9363 case SSH_STATE_INTERMED:
9364 ssh->size_needed = TRUE; /* buffer for later */
9366 case SSH_STATE_SESSION:
9367 if (!ssh->cfg.nopty) {
9368 if (ssh->version == 1) {
9369 send_packet(ssh, SSH1_CMSG_WINDOW_SIZE,
9370 PKT_INT, ssh->term_height,
9371 PKT_INT, ssh->term_width,
9372 PKT_INT, 0, PKT_INT, 0, PKT_END);
9373 } else if (ssh->mainchan) {
9374 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9375 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
9376 ssh2_pkt_addstring(pktout, "window-change");
9377 ssh2_pkt_addbool(pktout, 0);
9378 ssh2_pkt_adduint32(pktout, ssh->term_width);
9379 ssh2_pkt_adduint32(pktout, ssh->term_height);
9380 ssh2_pkt_adduint32(pktout, 0);
9381 ssh2_pkt_adduint32(pktout, 0);
9382 ssh2_pkt_send(ssh, pktout);
9390 * Return a list of the special codes that make sense in this
9393 static const struct telnet_special *ssh_get_specials(void *handle)
9395 static const struct telnet_special ssh1_ignore_special[] = {
9396 {"IGNORE message", TS_NOP}
9398 static const struct telnet_special ssh2_transport_specials[] = {
9399 {"IGNORE message", TS_NOP},
9400 {"Repeat key exchange", TS_REKEY},
9402 static const struct telnet_special ssh2_session_specials[] = {
9405 /* These are the signal names defined by RFC 4254.
9406 * They include all the ISO C signals, but are a subset of the POSIX
9407 * required signals. */
9408 {"SIGINT (Interrupt)", TS_SIGINT},
9409 {"SIGTERM (Terminate)", TS_SIGTERM},
9410 {"SIGKILL (Kill)", TS_SIGKILL},
9411 {"SIGQUIT (Quit)", TS_SIGQUIT},
9412 {"SIGHUP (Hangup)", TS_SIGHUP},
9413 {"More signals", TS_SUBMENU},
9414 {"SIGABRT", TS_SIGABRT}, {"SIGALRM", TS_SIGALRM},
9415 {"SIGFPE", TS_SIGFPE}, {"SIGILL", TS_SIGILL},
9416 {"SIGPIPE", TS_SIGPIPE}, {"SIGSEGV", TS_SIGSEGV},
9417 {"SIGUSR1", TS_SIGUSR1}, {"SIGUSR2", TS_SIGUSR2},
9420 static const struct telnet_special specials_end[] = {
9423 /* XXX review this length for any changes: */
9424 static struct telnet_special ssh_specials[lenof(ssh2_transport_specials) +
9425 lenof(ssh2_session_specials) +
9426 lenof(specials_end)];
9427 Ssh ssh = (Ssh) handle;
9429 #define ADD_SPECIALS(name) \
9431 assert((i + lenof(name)) <= lenof(ssh_specials)); \
9432 memcpy(&ssh_specials[i], name, sizeof name); \
9436 if (ssh->version == 1) {
9437 /* Don't bother offering IGNORE if we've decided the remote
9438 * won't cope with it, since we wouldn't bother sending it if
9440 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
9441 ADD_SPECIALS(ssh1_ignore_special);
9442 } else if (ssh->version == 2) {
9443 ADD_SPECIALS(ssh2_transport_specials);
9445 ADD_SPECIALS(ssh2_session_specials);
9446 } /* else we're not ready yet */
9449 ADD_SPECIALS(specials_end);
9450 return ssh_specials;
9458 * Send special codes. TS_EOF is useful for `plink', so you
9459 * can send an EOF and collect resulting output (e.g. `plink
9462 static void ssh_special(void *handle, Telnet_Special code)
9464 Ssh ssh = (Ssh) handle;
9465 struct Packet *pktout;
9467 if (code == TS_EOF) {
9468 if (ssh->state != SSH_STATE_SESSION) {
9470 * Buffer the EOF in case we are pre-SESSION, so we can
9471 * send it as soon as we reach SESSION.
9474 ssh->eof_needed = TRUE;
9477 if (ssh->version == 1) {
9478 send_packet(ssh, SSH1_CMSG_EOF, PKT_END);
9479 } else if (ssh->mainchan) {
9480 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_EOF);
9481 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
9482 ssh2_pkt_send(ssh, pktout);
9483 ssh->send_ok = 0; /* now stop trying to read from stdin */
9485 logevent("Sent EOF message");
9486 } else if (code == TS_PING || code == TS_NOP) {
9487 if (ssh->state == SSH_STATE_CLOSED
9488 || ssh->state == SSH_STATE_PREPACKET) return;
9489 if (ssh->version == 1) {
9490 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
9491 send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
9493 pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
9494 ssh2_pkt_addstring_start(pktout);
9495 ssh2_pkt_send_noqueue(ssh, pktout);
9497 } else if (code == TS_REKEY) {
9498 if (!ssh->kex_in_progress && ssh->version == 2) {
9499 do_ssh2_transport(ssh, "at user request", -1, NULL);
9501 } else if (code == TS_BRK) {
9502 if (ssh->state == SSH_STATE_CLOSED
9503 || ssh->state == SSH_STATE_PREPACKET) return;
9504 if (ssh->version == 1) {
9505 logevent("Unable to send BREAK signal in SSH-1");
9506 } else if (ssh->mainchan) {
9507 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9508 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
9509 ssh2_pkt_addstring(pktout, "break");
9510 ssh2_pkt_addbool(pktout, 0);
9511 ssh2_pkt_adduint32(pktout, 0); /* default break length */
9512 ssh2_pkt_send(ssh, pktout);
9515 /* Is is a POSIX signal? */
9516 char *signame = NULL;
9517 if (code == TS_SIGABRT) signame = "ABRT";
9518 if (code == TS_SIGALRM) signame = "ALRM";
9519 if (code == TS_SIGFPE) signame = "FPE";
9520 if (code == TS_SIGHUP) signame = "HUP";
9521 if (code == TS_SIGILL) signame = "ILL";
9522 if (code == TS_SIGINT) signame = "INT";
9523 if (code == TS_SIGKILL) signame = "KILL";
9524 if (code == TS_SIGPIPE) signame = "PIPE";
9525 if (code == TS_SIGQUIT) signame = "QUIT";
9526 if (code == TS_SIGSEGV) signame = "SEGV";
9527 if (code == TS_SIGTERM) signame = "TERM";
9528 if (code == TS_SIGUSR1) signame = "USR1";
9529 if (code == TS_SIGUSR2) signame = "USR2";
9530 /* The SSH-2 protocol does in principle support arbitrary named
9531 * signals, including signame@domain, but we don't support those. */
9533 /* It's a signal. */
9534 if (ssh->version == 2 && ssh->mainchan) {
9535 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
9536 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
9537 ssh2_pkt_addstring(pktout, "signal");
9538 ssh2_pkt_addbool(pktout, 0);
9539 ssh2_pkt_addstring(pktout, signame);
9540 ssh2_pkt_send(ssh, pktout);
9541 logeventf(ssh, "Sent signal SIG%s", signame);
9544 /* Never heard of it. Do nothing */
9549 void *new_sock_channel(void *handle, Socket s)
9551 Ssh ssh = (Ssh) handle;
9552 struct ssh_channel *c;
9553 c = snew(struct ssh_channel);
9556 ssh2_channel_init(c);
9558 c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */
9560 add234(ssh->channels, c);
9565 * This is called when stdout/stderr (the entity to which
9566 * from_backend sends data) manages to clear some backlog.
9568 static void ssh_unthrottle(void *handle, int bufsize)
9570 Ssh ssh = (Ssh) handle;
9573 if (ssh->version == 1) {
9574 if (ssh->v1_stdout_throttling && bufsize < SSH1_BUFFER_LIMIT) {
9575 ssh->v1_stdout_throttling = 0;
9576 ssh_throttle_conn(ssh, -1);
9579 if (ssh->mainchan) {
9580 ssh2_set_window(ssh->mainchan,
9581 bufsize < ssh->mainchan->v.v2.locmaxwin ?
9582 ssh->mainchan->v.v2.locmaxwin - bufsize : 0);
9583 if (ssh->cfg.ssh_simple)
9586 buflimit = ssh->mainchan->v.v2.locmaxwin;
9587 if (ssh->mainchan->throttling_conn && bufsize <= buflimit) {
9588 ssh->mainchan->throttling_conn = 0;
9589 ssh_throttle_conn(ssh, -1);
9595 void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
9597 struct ssh_channel *c = (struct ssh_channel *)channel;
9599 struct Packet *pktout;
9601 logeventf(ssh, "Opening forwarded connection to %s:%d", hostname, port);
9603 if (ssh->version == 1) {
9604 send_packet(ssh, SSH1_MSG_PORT_OPEN,
9605 PKT_INT, c->localid,
9608 /* PKT_STR, <org:orgport>, */
9611 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
9612 ssh2_pkt_addstring(pktout, "direct-tcpip");
9613 ssh2_pkt_adduint32(pktout, c->localid);
9614 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);/* our window size */
9615 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
9616 ssh2_pkt_addstring(pktout, hostname);
9617 ssh2_pkt_adduint32(pktout, port);
9619 * We make up values for the originator data; partly it's
9620 * too much hassle to keep track, and partly I'm not
9621 * convinced the server should be told details like that
9622 * about my local network configuration.
9623 * The "originator IP address" is syntactically a numeric
9624 * IP address, and some servers (e.g., Tectia) get upset
9625 * if it doesn't match this syntax.
9627 ssh2_pkt_addstring(pktout, "0.0.0.0");
9628 ssh2_pkt_adduint32(pktout, 0);
9629 ssh2_pkt_send(ssh, pktout);
9633 static int ssh_connected(void *handle)
9635 Ssh ssh = (Ssh) handle;
9636 return ssh->s != NULL;
9639 static int ssh_sendok(void *handle)
9641 Ssh ssh = (Ssh) handle;
9642 return ssh->send_ok;
9645 static int ssh_ldisc(void *handle, int option)
9647 Ssh ssh = (Ssh) handle;
9648 if (option == LD_ECHO)
9649 return ssh->echoing;
9650 if (option == LD_EDIT)
9651 return ssh->editing;
9655 static void ssh_provide_ldisc(void *handle, void *ldisc)
9657 Ssh ssh = (Ssh) handle;
9661 static void ssh_provide_logctx(void *handle, void *logctx)
9663 Ssh ssh = (Ssh) handle;
9664 ssh->logctx = logctx;
9667 static int ssh_return_exitcode(void *handle)
9669 Ssh ssh = (Ssh) handle;
9673 return (ssh->exitcode >= 0 ? ssh->exitcode : INT_MAX);
9677 * cfg_info for SSH is the currently running version of the
9678 * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
9680 static int ssh_cfg_info(void *handle)
9682 Ssh ssh = (Ssh) handle;
9683 return ssh->version;
9687 * Gross hack: pscp will try to start SFTP but fall back to scp1 if
9688 * that fails. This variable is the means by which scp.c can reach
9689 * into the SSH code and find out which one it got.
9691 extern int ssh_fallback_cmd(void *handle)
9693 Ssh ssh = (Ssh) handle;
9694 return ssh->fallback_cmd;
9697 Backend ssh_backend = {
9707 ssh_return_exitcode,
projects / PuTTY.git / blob