22 #define SSH1_MSG_DISCONNECT 1 /* 0x1 */
23 #define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */
24 #define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */
25 #define SSH1_CMSG_USER 4 /* 0x4 */
26 #define SSH1_CMSG_AUTH_RSA 6 /* 0x6 */
27 #define SSH1_SMSG_AUTH_RSA_CHALLENGE 7 /* 0x7 */
28 #define SSH1_CMSG_AUTH_RSA_RESPONSE 8 /* 0x8 */
29 #define SSH1_CMSG_AUTH_PASSWORD 9 /* 0x9 */
30 #define SSH1_CMSG_REQUEST_PTY 10 /* 0xa */
31 #define SSH1_CMSG_WINDOW_SIZE 11 /* 0xb */
32 #define SSH1_CMSG_EXEC_SHELL 12 /* 0xc */
33 #define SSH1_CMSG_EXEC_CMD 13 /* 0xd */
34 #define SSH1_SMSG_SUCCESS 14 /* 0xe */
35 #define SSH1_SMSG_FAILURE 15 /* 0xf */
36 #define SSH1_CMSG_STDIN_DATA 16 /* 0x10 */
37 #define SSH1_SMSG_STDOUT_DATA 17 /* 0x11 */
38 #define SSH1_SMSG_STDERR_DATA 18 /* 0x12 */
39 #define SSH1_CMSG_EOF 19 /* 0x13 */
40 #define SSH1_SMSG_EXIT_STATUS 20 /* 0x14 */
41 #define SSH1_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* 0x15 */
42 #define SSH1_MSG_CHANNEL_OPEN_FAILURE 22 /* 0x16 */
43 #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */
44 #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */
45 #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */
46 #define SSH1_SMSG_X11_OPEN 27 /* 0x1b */
47 #define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */
48 #define SSH1_MSG_PORT_OPEN 29 /* 0x1d */
49 #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */
50 #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */
51 #define SSH1_MSG_IGNORE 32 /* 0x20 */
52 #define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */
53 #define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */
54 #define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */
55 #define SSH1_MSG_DEBUG 36 /* 0x24 */
56 #define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */
57 #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */
58 #define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */
59 #define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */
60 #define SSH1_CMSG_AUTH_CCARD 70 /* 0x46 */
61 #define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71 /* 0x47 */
62 #define SSH1_CMSG_AUTH_CCARD_RESPONSE 72 /* 0x48 */
64 #define SSH1_AUTH_TIS 5 /* 0x5 */
65 #define SSH1_AUTH_CCARD 16 /* 0x10 */
67 #define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
68 /* Mask for protoflags we will echo back to server if seen */
69 #define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
71 #define SSH2_MSG_DISCONNECT 1 /* 0x1 */
72 #define SSH2_MSG_IGNORE 2 /* 0x2 */
73 #define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
74 #define SSH2_MSG_DEBUG 4 /* 0x4 */
75 #define SSH2_MSG_SERVICE_REQUEST 5 /* 0x5 */
76 #define SSH2_MSG_SERVICE_ACCEPT 6 /* 0x6 */
77 #define SSH2_MSG_KEXINIT 20 /* 0x14 */
78 #define SSH2_MSG_NEWKEYS 21 /* 0x15 */
79 #define SSH2_MSG_KEXDH_INIT 30 /* 0x1e */
80 #define SSH2_MSG_KEXDH_REPLY 31 /* 0x1f */
81 #define SSH2_MSG_KEX_DH_GEX_REQUEST 30 /* 0x1e */
82 #define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
83 #define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
84 #define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
85 #define SSH2_MSG_USERAUTH_REQUEST 50 /* 0x32 */
86 #define SSH2_MSG_USERAUTH_FAILURE 51 /* 0x33 */
87 #define SSH2_MSG_USERAUTH_SUCCESS 52 /* 0x34 */
88 #define SSH2_MSG_USERAUTH_BANNER 53 /* 0x35 */
89 #define SSH2_MSG_USERAUTH_PK_OK 60 /* 0x3c */
90 #define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 /* 0x3c */
91 #define SSH2_MSG_USERAUTH_INFO_REQUEST 60 /* 0x3c */
92 #define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 /* 0x3d */
93 #define SSH2_MSG_GLOBAL_REQUEST 80 /* 0x50 */
94 #define SSH2_MSG_REQUEST_SUCCESS 81 /* 0x51 */
95 #define SSH2_MSG_REQUEST_FAILURE 82 /* 0x52 */
96 #define SSH2_MSG_CHANNEL_OPEN 90 /* 0x5a */
97 #define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 /* 0x5b */
98 #define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 /* 0x5c */
99 #define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 /* 0x5d */
100 #define SSH2_MSG_CHANNEL_DATA 94 /* 0x5e */
101 #define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 /* 0x5f */
102 #define SSH2_MSG_CHANNEL_EOF 96 /* 0x60 */
103 #define SSH2_MSG_CHANNEL_CLOSE 97 /* 0x61 */
104 #define SSH2_MSG_CHANNEL_REQUEST 98 /* 0x62 */
105 #define SSH2_MSG_CHANNEL_SUCCESS 99 /* 0x63 */
106 #define SSH2_MSG_CHANNEL_FAILURE 100 /* 0x64 */
109 * Packet type contexts, so that ssh2_pkt_type can correctly decode
110 * the ambiguous type numbers back into the correct type strings.
112 #define SSH2_PKTCTX_DHGROUP 0x0001
113 #define SSH2_PKTCTX_DHGEX 0x0002
114 #define SSH2_PKTCTX_KEX_MASK 0x000F
115 #define SSH2_PKTCTX_PUBLICKEY 0x0010
116 #define SSH2_PKTCTX_PASSWORD 0x0020
117 #define SSH2_PKTCTX_KBDINTER 0x0040
118 #define SSH2_PKTCTX_AUTH_MASK 0x00F0
120 #define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
121 #define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
122 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
123 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
124 #define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
125 #define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
126 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
127 #define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
128 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
129 #define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
130 #define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
131 #define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
132 #define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
133 #define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
134 #define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
136 static const char *const ssh2_disconnect_reasons[] = {
138 "host not allowed to connect",
140 "key exchange failed",
141 "host authentication failed",
144 "service not available",
145 "protocol version not supported",
146 "host key not verifiable",
149 "too many connections",
150 "auth cancelled by user",
151 "no more auth methods available",
155 #define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
156 #define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
157 #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
158 #define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
160 #define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
163 * Various remote-bug flags.
165 #define BUG_CHOKES_ON_SSH1_IGNORE 1
166 #define BUG_SSH2_HMAC 2
167 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
168 #define BUG_CHOKES_ON_RSA 8
169 #define BUG_SSH2_RSA_PADDING 16
170 #define BUG_SSH2_DERIVEKEY 32
171 #define BUG_SSH2_REKEY 64
172 #define BUG_SSH2_PK_SESSIONID 128
175 * Codes for terminal modes.
176 * Most of these are the same in SSH-1 and SSH-2.
177 * This list is derived from draft-ietf-secsh-connect-25 and
180 static const struct {
181 const char* const mode;
183 enum { TTY_OP_CHAR, TTY_OP_BOOL } type;
185 /* "V" prefix discarded for special characters relative to SSH specs */
186 { "INTR", 1, TTY_OP_CHAR },
187 { "QUIT", 2, TTY_OP_CHAR },
188 { "ERASE", 3, TTY_OP_CHAR },
189 { "KILL", 4, TTY_OP_CHAR },
190 { "EOF", 5, TTY_OP_CHAR },
191 { "EOL", 6, TTY_OP_CHAR },
192 { "EOL2", 7, TTY_OP_CHAR },
193 { "START", 8, TTY_OP_CHAR },
194 { "STOP", 9, TTY_OP_CHAR },
195 { "SUSP", 10, TTY_OP_CHAR },
196 { "DSUSP", 11, TTY_OP_CHAR },
197 { "REPRINT", 12, TTY_OP_CHAR },
198 { "WERASE", 13, TTY_OP_CHAR },
199 { "LNEXT", 14, TTY_OP_CHAR },
200 { "FLUSH", 15, TTY_OP_CHAR },
201 { "SWTCH", 16, TTY_OP_CHAR },
202 { "STATUS", 17, TTY_OP_CHAR },
203 { "DISCARD", 18, TTY_OP_CHAR },
204 { "IGNPAR", 30, TTY_OP_BOOL },
205 { "PARMRK", 31, TTY_OP_BOOL },
206 { "INPCK", 32, TTY_OP_BOOL },
207 { "ISTRIP", 33, TTY_OP_BOOL },
208 { "INLCR", 34, TTY_OP_BOOL },
209 { "IGNCR", 35, TTY_OP_BOOL },
210 { "ICRNL", 36, TTY_OP_BOOL },
211 { "IUCLC", 37, TTY_OP_BOOL },
212 { "IXON", 38, TTY_OP_BOOL },
213 { "IXANY", 39, TTY_OP_BOOL },
214 { "IXOFF", 40, TTY_OP_BOOL },
215 { "IMAXBEL", 41, TTY_OP_BOOL },
216 { "ISIG", 50, TTY_OP_BOOL },
217 { "ICANON", 51, TTY_OP_BOOL },
218 { "XCASE", 52, TTY_OP_BOOL },
219 { "ECHO", 53, TTY_OP_BOOL },
220 { "ECHOE", 54, TTY_OP_BOOL },
221 { "ECHOK", 55, TTY_OP_BOOL },
222 { "ECHONL", 56, TTY_OP_BOOL },
223 { "NOFLSH", 57, TTY_OP_BOOL },
224 { "TOSTOP", 58, TTY_OP_BOOL },
225 { "IEXTEN", 59, TTY_OP_BOOL },
226 { "ECHOCTL", 60, TTY_OP_BOOL },
227 { "ECHOKE", 61, TTY_OP_BOOL },
228 { "PENDIN", 62, TTY_OP_BOOL }, /* XXX is this a real mode? */
229 { "OPOST", 70, TTY_OP_BOOL },
230 { "OLCUC", 71, TTY_OP_BOOL },
231 { "ONLCR", 72, TTY_OP_BOOL },
232 { "OCRNL", 73, TTY_OP_BOOL },
233 { "ONOCR", 74, TTY_OP_BOOL },
234 { "ONLRET", 75, TTY_OP_BOOL },
235 { "CS7", 90, TTY_OP_BOOL },
236 { "CS8", 91, TTY_OP_BOOL },
237 { "PARENB", 92, TTY_OP_BOOL },
238 { "PARODD", 93, TTY_OP_BOOL }
241 /* Miscellaneous other tty-related constants. */
242 #define SSH_TTY_OP_END 0
243 /* The opcodes for ISPEED/OSPEED differ between SSH-1 and SSH-2. */
244 #define SSH1_TTY_OP_ISPEED 192
245 #define SSH1_TTY_OP_OSPEED 193
246 #define SSH2_TTY_OP_ISPEED 128
247 #define SSH2_TTY_OP_OSPEED 129
249 /* Helper functions for parsing tty-related config. */
250 static unsigned int ssh_tty_parse_specchar(char *s)
255 ret = ctrlparse(s, &next);
256 if (!next) ret = s[0];
258 ret = 255; /* special value meaning "don't set" */
262 static unsigned int ssh_tty_parse_boolean(char *s)
264 if (stricmp(s, "yes") == 0 ||
265 stricmp(s, "on") == 0 ||
266 stricmp(s, "true") == 0 ||
267 stricmp(s, "+") == 0)
269 else if (stricmp(s, "no") == 0 ||
270 stricmp(s, "off") == 0 ||
271 stricmp(s, "false") == 0 ||
272 stricmp(s, "-") == 0)
273 return 0; /* false */
275 return (atoi(s) != 0);
278 #define translate(x) if (type == x) return #x
279 #define translatec(x,ctx) if (type == x && (pkt_ctx & ctx)) return #x
280 static char *ssh1_pkt_type(int type)
282 translate(SSH1_MSG_DISCONNECT);
283 translate(SSH1_SMSG_PUBLIC_KEY);
284 translate(SSH1_CMSG_SESSION_KEY);
285 translate(SSH1_CMSG_USER);
286 translate(SSH1_CMSG_AUTH_RSA);
287 translate(SSH1_SMSG_AUTH_RSA_CHALLENGE);
288 translate(SSH1_CMSG_AUTH_RSA_RESPONSE);
289 translate(SSH1_CMSG_AUTH_PASSWORD);
290 translate(SSH1_CMSG_REQUEST_PTY);
291 translate(SSH1_CMSG_WINDOW_SIZE);
292 translate(SSH1_CMSG_EXEC_SHELL);
293 translate(SSH1_CMSG_EXEC_CMD);
294 translate(SSH1_SMSG_SUCCESS);
295 translate(SSH1_SMSG_FAILURE);
296 translate(SSH1_CMSG_STDIN_DATA);
297 translate(SSH1_SMSG_STDOUT_DATA);
298 translate(SSH1_SMSG_STDERR_DATA);
299 translate(SSH1_CMSG_EOF);
300 translate(SSH1_SMSG_EXIT_STATUS);
301 translate(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION);
302 translate(SSH1_MSG_CHANNEL_OPEN_FAILURE);
303 translate(SSH1_MSG_CHANNEL_DATA);
304 translate(SSH1_MSG_CHANNEL_CLOSE);
305 translate(SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION);
306 translate(SSH1_SMSG_X11_OPEN);
307 translate(SSH1_CMSG_PORT_FORWARD_REQUEST);
308 translate(SSH1_MSG_PORT_OPEN);
309 translate(SSH1_CMSG_AGENT_REQUEST_FORWARDING);
310 translate(SSH1_SMSG_AGENT_OPEN);
311 translate(SSH1_MSG_IGNORE);
312 translate(SSH1_CMSG_EXIT_CONFIRMATION);
313 translate(SSH1_CMSG_X11_REQUEST_FORWARDING);
314 translate(SSH1_CMSG_AUTH_RHOSTS_RSA);
315 translate(SSH1_MSG_DEBUG);
316 translate(SSH1_CMSG_REQUEST_COMPRESSION);
317 translate(SSH1_CMSG_AUTH_TIS);
318 translate(SSH1_SMSG_AUTH_TIS_CHALLENGE);
319 translate(SSH1_CMSG_AUTH_TIS_RESPONSE);
320 translate(SSH1_CMSG_AUTH_CCARD);
321 translate(SSH1_SMSG_AUTH_CCARD_CHALLENGE);
322 translate(SSH1_CMSG_AUTH_CCARD_RESPONSE);
325 static char *ssh2_pkt_type(int pkt_ctx, int type)
327 translate(SSH2_MSG_DISCONNECT);
328 translate(SSH2_MSG_IGNORE);
329 translate(SSH2_MSG_UNIMPLEMENTED);
330 translate(SSH2_MSG_DEBUG);
331 translate(SSH2_MSG_SERVICE_REQUEST);
332 translate(SSH2_MSG_SERVICE_ACCEPT);
333 translate(SSH2_MSG_KEXINIT);
334 translate(SSH2_MSG_NEWKEYS);
335 translatec(SSH2_MSG_KEXDH_INIT, SSH2_PKTCTX_DHGROUP);
336 translatec(SSH2_MSG_KEXDH_REPLY, SSH2_PKTCTX_DHGROUP);
337 translatec(SSH2_MSG_KEX_DH_GEX_REQUEST, SSH2_PKTCTX_DHGEX);
338 translatec(SSH2_MSG_KEX_DH_GEX_GROUP, SSH2_PKTCTX_DHGEX);
339 translatec(SSH2_MSG_KEX_DH_GEX_INIT, SSH2_PKTCTX_DHGEX);
340 translatec(SSH2_MSG_KEX_DH_GEX_REPLY, SSH2_PKTCTX_DHGEX);
341 translate(SSH2_MSG_USERAUTH_REQUEST);
342 translate(SSH2_MSG_USERAUTH_FAILURE);
343 translate(SSH2_MSG_USERAUTH_SUCCESS);
344 translate(SSH2_MSG_USERAUTH_BANNER);
345 translatec(SSH2_MSG_USERAUTH_PK_OK, SSH2_PKTCTX_PUBLICKEY);
346 translatec(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, SSH2_PKTCTX_PASSWORD);
347 translatec(SSH2_MSG_USERAUTH_INFO_REQUEST, SSH2_PKTCTX_KBDINTER);
348 translatec(SSH2_MSG_USERAUTH_INFO_RESPONSE, SSH2_PKTCTX_KBDINTER);
349 translate(SSH2_MSG_GLOBAL_REQUEST);
350 translate(SSH2_MSG_REQUEST_SUCCESS);
351 translate(SSH2_MSG_REQUEST_FAILURE);
352 translate(SSH2_MSG_CHANNEL_OPEN);
353 translate(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
354 translate(SSH2_MSG_CHANNEL_OPEN_FAILURE);
355 translate(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
356 translate(SSH2_MSG_CHANNEL_DATA);
357 translate(SSH2_MSG_CHANNEL_EXTENDED_DATA);
358 translate(SSH2_MSG_CHANNEL_EOF);
359 translate(SSH2_MSG_CHANNEL_CLOSE);
360 translate(SSH2_MSG_CHANNEL_REQUEST);
361 translate(SSH2_MSG_CHANNEL_SUCCESS);
362 translate(SSH2_MSG_CHANNEL_FAILURE);
368 /* Enumeration values for fields in SSH-1 packets */
370 PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM,
371 /* These values are for communicating relevant semantics of
372 * fields to the packet logging code. */
373 PKTT_OTHER, PKTT_PASSWORD, PKTT_DATA
377 * Coroutine mechanics for the sillier bits of the code. If these
378 * macros look impenetrable to you, you might find it helpful to
381 * http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
383 * which explains the theory behind these macros.
385 * In particular, if you are getting `case expression not constant'
386 * errors when building with MS Visual Studio, this is because MS's
387 * Edit and Continue debugging feature causes their compiler to
388 * violate ANSI C. To disable Edit and Continue debugging:
390 * - right-click ssh.c in the FileView
392 * - select the C/C++ tab and the General category
393 * - under `Debug info:', select anything _other_ than `Program
394 * Database for Edit and Continue'.
396 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
399 if (!ssh->t) ssh->t = snew(struct t); \
401 #define crFinish(z) } *crLine = 0; return (z); }
402 #define crFinishV } *crLine = 0; return; }
403 #define crReturn(z) \
405 *crLine =__LINE__; return (z); case __LINE__:;\
409 *crLine=__LINE__; return; case __LINE__:;\
411 #define crStop(z) do{ *crLine = 0; return (z); }while(0)
412 #define crStopV do{ *crLine = 0; return; }while(0)
413 #define crWaitUntil(c) do { crReturn(0); } while (!(c))
414 #define crWaitUntilV(c) do { crReturnV; } while (!(c))
416 typedef struct ssh_tag *Ssh;
419 static struct Packet *ssh1_pkt_init(int pkt_type);
420 static struct Packet *ssh2_pkt_init(int pkt_type);
421 static void ssh_pkt_ensure(struct Packet *, int length);
422 static void ssh_pkt_adddata(struct Packet *, void *data, int len);
423 static void ssh_pkt_addbyte(struct Packet *, unsigned char value);
424 static void ssh2_pkt_addbool(struct Packet *, unsigned char value);
425 static void ssh_pkt_adduint32(struct Packet *, unsigned long value);
426 static void ssh_pkt_addstring_start(struct Packet *);
427 static void ssh_pkt_addstring_str(struct Packet *, char *data);
428 static void ssh_pkt_addstring_data(struct Packet *, char *data, int len);
429 static void ssh_pkt_addstring(struct Packet *, char *data);
430 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len);
431 static void ssh1_pkt_addmp(struct Packet *, Bignum b);
432 static void ssh2_pkt_addmp(struct Packet *, Bignum b);
433 static int ssh2_pkt_construct(Ssh, struct Packet *);
434 static void ssh2_pkt_send(Ssh, struct Packet *);
435 static void ssh2_pkt_send_noqueue(Ssh, struct Packet *);
436 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
437 struct Packet *pktin);
438 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
439 struct Packet *pktin);
442 * Buffer management constants. There are several of these for
443 * various different purposes:
445 * - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
446 * on a local data stream before we throttle the whole SSH
447 * connection (in SSH-1 only). Throttling the whole connection is
448 * pretty drastic so we set this high in the hope it won't
451 * - SSH_MAX_BACKLOG is the amount of backlog that must build up
452 * on the SSH connection itself before we defensively throttle
453 * _all_ local data streams. This is pretty drastic too (though
454 * thankfully unlikely in SSH-2 since the window mechanism should
455 * ensure that the server never has any need to throttle its end
456 * of the connection), so we set this high as well.
458 * - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
462 #define SSH1_BUFFER_LIMIT 32768
463 #define SSH_MAX_BACKLOG 32768
464 #define OUR_V2_WINSIZE 16384
465 #define OUR_V2_MAXPKT 0x4000UL
467 /* Maximum length of passwords/passphrases (arbitrary) */
468 #define SSH_MAX_PASSWORD_LEN 100
470 const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
472 const static struct ssh_mac *macs[] = {
473 &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
475 const static struct ssh_mac *buggymacs[] = {
476 &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5
479 static void *ssh_comp_none_init(void)
483 static void ssh_comp_none_cleanup(void *handle)
486 static int ssh_comp_none_block(void *handle, unsigned char *block, int len,
487 unsigned char **outblock, int *outlen)
491 static int ssh_comp_none_disable(void *handle)
495 const static struct ssh_compress ssh_comp_none = {
497 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
498 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
499 ssh_comp_none_disable, NULL
501 extern const struct ssh_compress ssh_zlib;
502 const static struct ssh_compress *compressions[] = {
503 &ssh_zlib, &ssh_comp_none
506 enum { /* channel types */
511 CHAN_SOCKDATA_DORMANT /* one the remote hasn't confirmed */
515 * 2-3-4 tree storing channels.
518 Ssh ssh; /* pointer back to main context */
519 unsigned remoteid, localid;
521 /* True if we opened this channel but server hasn't confirmed. */
524 * In SSH-1, this value contains four bits:
526 * 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
527 * 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
528 * 4 We have received SSH1_MSG_CHANNEL_CLOSE.
529 * 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
531 * A channel is completely finished with when all four bits are set.
535 struct ssh1_data_channel {
538 struct ssh2_data_channel {
540 unsigned remwindow, remmaxpkt;
545 struct ssh_agent_channel {
546 unsigned char *message;
547 unsigned char msglen[4];
548 unsigned lensofar, totallen;
550 struct ssh_x11_channel {
553 struct ssh_pfd_channel {
560 * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
561 * use this structure in different ways, reflecting SSH-2's
562 * altogether saner approach to port forwarding.
564 * In SSH-1, you arrange a remote forwarding by sending the server
565 * the remote port number, and the local destination host:port.
566 * When a connection comes in, the server sends you back that
567 * host:port pair, and you connect to it. This is a ready-made
568 * security hole if you're not on the ball: a malicious server
569 * could send you back _any_ host:port pair, so if you trustingly
570 * connect to the address it gives you then you've just opened the
571 * entire inside of your corporate network just by connecting
572 * through it to a dodgy SSH server. Hence, we must store a list of
573 * host:port pairs we _are_ trying to forward to, and reject a
574 * connection request from the server if it's not in the list.
576 * In SSH-2, each side of the connection minds its own business and
577 * doesn't send unnecessary information to the other. You arrange a
578 * remote forwarding by sending the server just the remote port
579 * number. When a connection comes in, the server tells you which
580 * of its ports was connected to; and _you_ have to remember what
581 * local host:port pair went with that port number.
583 * Hence, in SSH-1 this structure is indexed by destination
584 * host:port pair, whereas in SSH-2 it is indexed by source port.
586 struct ssh_portfwd; /* forward declaration */
588 struct ssh_rportfwd {
589 unsigned sport, dport;
592 struct ssh_portfwd *pfrec;
594 #define free_rportfwd(pf) ( \
595 ((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) )
598 * Separately to the rportfwd tree (which is for looking up port
599 * open requests from the server), a tree of _these_ structures is
600 * used to keep track of all the currently open port forwardings,
601 * so that we can reconfigure in mid-session if the user requests
605 enum { DESTROY, KEEP, CREATE } status;
607 unsigned sport, dport;
610 struct ssh_rportfwd *remote;
614 #define free_portfwd(pf) ( \
615 ((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr), \
616 sfree((pf)->sserv), sfree((pf)->dserv)) : (void)0 ), sfree(pf) )
619 long length; /* length of `data' actually used */
620 long forcepad; /* SSH-2: force padding to at least this length */
621 int type; /* only used for incoming packets */
622 unsigned long sequence; /* SSH-2 incoming sequence number */
623 unsigned char *data; /* allocated storage */
624 unsigned char *body; /* offset of payload within `data' */
625 long savedpos; /* temporary index into `data' (for strings) */
626 long maxlen; /* amount of storage allocated for `data' */
627 long encrypted_len; /* for SSH-2 total-size counting */
630 * State associated with packet logging
634 struct logblank_t *blanks;
637 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
638 struct Packet *pktin);
639 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
640 struct Packet *pktin);
641 static void ssh1_protocol_setup(Ssh ssh);
642 static void ssh2_protocol_setup(Ssh ssh);
643 static void ssh_size(void *handle, int width, int height);
644 static void ssh_special(void *handle, Telnet_Special);
645 static int ssh2_try_send(struct ssh_channel *c);
646 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len);
647 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize);
648 static void ssh2_set_window(struct ssh_channel *c, unsigned newwin);
649 static int ssh_sendbuffer(void *handle);
650 static int ssh_do_close(Ssh ssh, int notify_exit);
651 static unsigned long ssh_pkt_getuint32(struct Packet *pkt);
652 static int ssh2_pkt_getbool(struct Packet *pkt);
653 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length);
654 static void ssh2_timer(void *ctx, long now);
655 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
656 struct Packet *pktin);
658 struct rdpkt1_state_tag {
659 long len, pad, biglen, to_read;
660 unsigned long realcrc, gotcrc;
664 struct Packet *pktin;
667 struct rdpkt2_state_tag {
668 long len, pad, payload, packetlen, maclen;
671 unsigned long incoming_sequence;
672 struct Packet *pktin;
675 typedef void (*handler_fn_t)(Ssh ssh, struct Packet *pktin);
676 typedef void (*chandler_fn_t)(Ssh ssh, struct Packet *pktin, void *ctx);
678 struct queued_handler;
679 struct queued_handler {
681 chandler_fn_t handler;
683 struct queued_handler *next;
687 const struct plug_function_table *fn;
688 /* the above field _must_ be first in the structure */
698 unsigned char session_key[32];
700 int v1_remote_protoflags;
701 int v1_local_protoflags;
702 int agentfwd_enabled;
705 const struct ssh_cipher *cipher;
708 const struct ssh2_cipher *cscipher, *sccipher;
709 void *cs_cipher_ctx, *sc_cipher_ctx;
710 const struct ssh_mac *csmac, *scmac;
711 void *cs_mac_ctx, *sc_mac_ctx;
712 const struct ssh_compress *cscomp, *sccomp;
713 void *cs_comp_ctx, *sc_comp_ctx;
714 const struct ssh_kex *kex;
715 const struct ssh_signkey *hostkey;
716 unsigned char v2_session_id[SSH2_KEX_MAX_HASH_LEN];
717 int v2_session_id_len;
723 int echoing, editing;
727 int ospeed, ispeed; /* temporaries */
728 int term_width, term_height;
730 tree234 *channels; /* indexed by local id */
731 struct ssh_channel *mainchan; /* primary session channel */
732 int ncmode; /* is primary channel direct-tcpip? */
737 tree234 *rportfwds, *portfwds;
741 SSH_STATE_BEFORE_SIZE,
747 int size_needed, eof_needed;
749 struct Packet **queue;
750 int queuelen, queuesize;
752 unsigned char *deferred_send_data;
753 int deferred_len, deferred_size;
756 * Gross hack: pscp will try to start SFTP but fall back to
757 * scp1 if that fails. This variable is the means by which
758 * scp.c can reach into the SSH code and find out which one it
763 bufchain banner; /* accumulates banners during do_ssh2_authconn */
770 int v1_throttle_count;
773 int v1_stdout_throttling;
774 unsigned long v2_outgoing_sequence;
776 int ssh1_rdpkt_crstate;
777 int ssh2_rdpkt_crstate;
778 int do_ssh_init_crstate;
779 int ssh_gotdata_crstate;
780 int do_ssh1_login_crstate;
781 int do_ssh1_connection_crstate;
782 int do_ssh2_transport_crstate;
783 int do_ssh2_authconn_crstate;
785 void *do_ssh_init_state;
786 void *do_ssh1_login_state;
787 void *do_ssh2_transport_state;
788 void *do_ssh2_authconn_state;
790 struct rdpkt1_state_tag rdpkt1_state;
791 struct rdpkt2_state_tag rdpkt2_state;
793 /* SSH-1 and SSH-2 use this for different things, but both use it */
794 int protocol_initial_phase_done;
796 void (*protocol) (Ssh ssh, void *vin, int inlen,
798 struct Packet *(*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
801 * We maintain a full _copy_ of a Config structure here, not
802 * merely a pointer to it. That way, when we're passed a new
803 * one for reconfiguration, we can check the differences and
804 * potentially reconfigure port forwardings etc in mid-session.
809 * Used to transfer data back from async callbacks.
811 void *agent_response;
812 int agent_response_len;
816 * The SSH connection can be set as `frozen', meaning we are
817 * not currently accepting incoming data from the network. This
818 * is slightly more serious than setting the _socket_ as
819 * frozen, because we may already have had data passed to us
820 * from the network which we need to delay processing until
821 * after the freeze is lifted, so we also need a bufchain to
825 bufchain queued_incoming_data;
828 * Dispatch table for packet types that we may have to deal
831 handler_fn_t packet_dispatch[256];
834 * Queues of one-off handler functions for success/failure
835 * indications from a request.
837 struct queued_handler *qhead, *qtail;
840 * This module deals with sending keepalives.
845 * Track incoming and outgoing data sizes and time, for
848 unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
849 unsigned long max_data_size;
851 long next_rekey, last_rekey;
852 char *deferred_rekey_reason; /* points to STATIC string; don't free */
855 #define logevent(s) logevent(ssh->frontend, s)
857 /* logevent, only printf-formatted. */
858 static void logeventf(Ssh ssh, const char *fmt, ...)
864 buf = dupvprintf(fmt, ap);
870 #define bombout(msg) \
872 char *text = dupprintf msg; \
873 ssh_do_close(ssh, FALSE); \
875 connection_fatal(ssh->frontend, "%s", text); \
879 /* Functions to leave bits out of the SSH packet log file. */
881 static void dont_log_password(Ssh ssh, struct Packet *pkt, int blanktype)
883 if (ssh->cfg.logomitpass)
884 pkt->logmode = blanktype;
887 static void dont_log_data(Ssh ssh, struct Packet *pkt, int blanktype)
889 if (ssh->cfg.logomitdata)
890 pkt->logmode = blanktype;
893 static void end_log_omission(Ssh ssh, struct Packet *pkt)
895 pkt->logmode = PKTLOG_EMIT;
898 /* Helper function for common bits of parsing cfg.ttymodes. */
899 static void parse_ttymodes(Ssh ssh, char *modes,
900 void (*do_mode)(void *data, char *mode, char *val),
904 char *t = strchr(modes, '\t');
905 char *m = snewn(t-modes+1, char);
907 strncpy(m, modes, t-modes);
910 val = get_ttymode(ssh->frontend, m);
914 do_mode(data, m, val);
917 modes += strlen(modes) + 1;
921 static int ssh_channelcmp(void *av, void *bv)
923 struct ssh_channel *a = (struct ssh_channel *) av;
924 struct ssh_channel *b = (struct ssh_channel *) bv;
925 if (a->localid < b->localid)
927 if (a->localid > b->localid)
931 static int ssh_channelfind(void *av, void *bv)
933 unsigned *a = (unsigned *) av;
934 struct ssh_channel *b = (struct ssh_channel *) bv;
942 static int ssh_rportcmp_ssh1(void *av, void *bv)
944 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
945 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
947 if ( (i = strcmp(a->dhost, b->dhost)) != 0)
948 return i < 0 ? -1 : +1;
949 if (a->dport > b->dport)
951 if (a->dport < b->dport)
956 static int ssh_rportcmp_ssh2(void *av, void *bv)
958 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
959 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
961 if (a->sport > b->sport)
963 if (a->sport < b->sport)
969 * Special form of strcmp which can cope with NULL inputs. NULL is
970 * defined to sort before even the empty string.
972 static int nullstrcmp(const char *a, const char *b)
974 if (a == NULL && b == NULL)
983 static int ssh_portcmp(void *av, void *bv)
985 struct ssh_portfwd *a = (struct ssh_portfwd *) av;
986 struct ssh_portfwd *b = (struct ssh_portfwd *) bv;
988 if (a->type > b->type)
990 if (a->type < b->type)
992 if (a->addressfamily > b->addressfamily)
994 if (a->addressfamily < b->addressfamily)
996 if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0)
997 return i < 0 ? -1 : +1;
998 if (a->sport > b->sport)
1000 if (a->sport < b->sport)
1002 if (a->type != 'D') {
1003 if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0)
1004 return i < 0 ? -1 : +1;
1005 if (a->dport > b->dport)
1007 if (a->dport < b->dport)
1013 static int alloc_channel_id(Ssh ssh)
1015 const unsigned CHANNEL_NUMBER_OFFSET = 256;
1016 unsigned low, high, mid;
1018 struct ssh_channel *c;
1021 * First-fit allocation of channel numbers: always pick the
1022 * lowest unused one. To do this, binary-search using the
1023 * counted B-tree to find the largest channel ID which is in a
1024 * contiguous sequence from the beginning. (Precisely
1025 * everything in that sequence must have ID equal to its tree
1026 * index plus CHANNEL_NUMBER_OFFSET.)
1028 tsize = count234(ssh->channels);
1032 while (high - low > 1) {
1033 mid = (high + low) / 2;
1034 c = index234(ssh->channels, mid);
1035 if (c->localid == mid + CHANNEL_NUMBER_OFFSET)
1036 low = mid; /* this one is fine */
1038 high = mid; /* this one is past it */
1041 * Now low points to either -1, or the tree index of the
1042 * largest ID in the initial sequence.
1045 unsigned i = low + 1 + CHANNEL_NUMBER_OFFSET;
1046 assert(NULL == find234(ssh->channels, &i, ssh_channelfind));
1048 return low + 1 + CHANNEL_NUMBER_OFFSET;
1051 static void c_write_stderr(int trusted, const char *buf, int len)
1054 for (i = 0; i < len; i++)
1055 if (buf[i] != '\r' && (trusted || buf[i] & 0x60))
1056 fputc(buf[i], stderr);
1059 static void c_write(Ssh ssh, const char *buf, int len)
1061 if (flags & FLAG_STDERR)
1062 c_write_stderr(1, buf, len);
1064 from_backend(ssh->frontend, 1, buf, len);
1067 static void c_write_untrusted(Ssh ssh, const char *buf, int len)
1069 if (flags & FLAG_STDERR)
1070 c_write_stderr(0, buf, len);
1072 from_backend_untrusted(ssh->frontend, buf, len);
1075 static void c_write_str(Ssh ssh, const char *buf)
1077 c_write(ssh, buf, strlen(buf));
1080 static void ssh_free_packet(struct Packet *pkt)
1085 static struct Packet *ssh_new_packet(void)
1087 struct Packet *pkt = snew(struct Packet);
1089 pkt->body = pkt->data = NULL;
1091 pkt->logmode = PKTLOG_EMIT;
1099 * Collect incoming data in the incoming packet buffer.
1100 * Decipher and verify the packet when it is completely read.
1101 * Drop SSH1_MSG_DEBUG and SSH1_MSG_IGNORE packets.
1102 * Update the *data and *datalen variables.
1103 * Return a Packet structure when a packet is completed.
1105 static struct Packet *ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1107 struct rdpkt1_state_tag *st = &ssh->rdpkt1_state;
1109 crBegin(ssh->ssh1_rdpkt_crstate);
1111 st->pktin = ssh_new_packet();
1113 st->pktin->type = 0;
1114 st->pktin->length = 0;
1116 for (st->i = st->len = 0; st->i < 4; st->i++) {
1117 while ((*datalen) == 0)
1119 st->len = (st->len << 8) + **data;
1120 (*data)++, (*datalen)--;
1123 st->pad = 8 - (st->len % 8);
1124 st->biglen = st->len + st->pad;
1125 st->pktin->length = st->len - 5;
1127 if (st->biglen < 0) {
1128 bombout(("Extremely large packet length from server suggests"
1129 " data stream corruption"));
1130 ssh_free_packet(st->pktin);
1134 st->pktin->maxlen = st->biglen;
1135 st->pktin->data = snewn(st->biglen + APIEXTRA, unsigned char);
1137 st->to_read = st->biglen;
1138 st->p = st->pktin->data;
1139 while (st->to_read > 0) {
1140 st->chunk = st->to_read;
1141 while ((*datalen) == 0)
1143 if (st->chunk > (*datalen))
1144 st->chunk = (*datalen);
1145 memcpy(st->p, *data, st->chunk);
1147 *datalen -= st->chunk;
1149 st->to_read -= st->chunk;
1152 if (ssh->cipher && detect_attack(ssh->crcda_ctx, st->pktin->data,
1153 st->biglen, NULL)) {
1154 bombout(("Network attack (CRC compensation) detected!"));
1155 ssh_free_packet(st->pktin);
1160 ssh->cipher->decrypt(ssh->v1_cipher_ctx, st->pktin->data, st->biglen);
1162 st->realcrc = crc32_compute(st->pktin->data, st->biglen - 4);
1163 st->gotcrc = GET_32BIT(st->pktin->data + st->biglen - 4);
1164 if (st->gotcrc != st->realcrc) {
1165 bombout(("Incorrect CRC received on packet"));
1166 ssh_free_packet(st->pktin);
1170 st->pktin->body = st->pktin->data + st->pad + 1;
1171 st->pktin->savedpos = 0;
1173 if (ssh->v1_compressing) {
1174 unsigned char *decompblk;
1176 if (!zlib_decompress_block(ssh->sc_comp_ctx,
1177 st->pktin->body - 1, st->pktin->length + 1,
1178 &decompblk, &decomplen)) {
1179 bombout(("Zlib decompression encountered invalid data"));
1180 ssh_free_packet(st->pktin);
1184 if (st->pktin->maxlen < st->pad + decomplen) {
1185 st->pktin->maxlen = st->pad + decomplen;
1186 st->pktin->data = sresize(st->pktin->data,
1187 st->pktin->maxlen + APIEXTRA,
1189 st->pktin->body = st->pktin->data + st->pad + 1;
1192 memcpy(st->pktin->body - 1, decompblk, decomplen);
1194 st->pktin->length = decomplen - 1;
1197 st->pktin->type = st->pktin->body[-1];
1200 * Log incoming packet, possibly omitting sensitive fields.
1204 struct logblank_t blank;
1205 if (ssh->cfg.logomitdata) {
1206 int do_blank = FALSE, blank_prefix = 0;
1207 /* "Session data" packets - omit the data field */
1208 if ((st->pktin->type == SSH1_SMSG_STDOUT_DATA) ||
1209 (st->pktin->type == SSH1_SMSG_STDERR_DATA)) {
1210 do_blank = TRUE; blank_prefix = 0;
1211 } else if (st->pktin->type == SSH1_MSG_CHANNEL_DATA) {
1212 do_blank = TRUE; blank_prefix = 4;
1215 blank.offset = blank_prefix;
1216 blank.len = st->pktin->length;
1217 blank.type = PKTLOG_OMIT;
1221 log_packet(ssh->logctx,
1222 PKT_INCOMING, st->pktin->type,
1223 ssh1_pkt_type(st->pktin->type),
1224 st->pktin->body, st->pktin->length,
1228 crFinish(st->pktin);
1231 static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1233 struct rdpkt2_state_tag *st = &ssh->rdpkt2_state;
1235 crBegin(ssh->ssh2_rdpkt_crstate);
1237 st->pktin = ssh_new_packet();
1239 st->pktin->type = 0;
1240 st->pktin->length = 0;
1242 st->cipherblk = ssh->sccipher->blksize;
1245 if (st->cipherblk < 8)
1248 st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char);
1251 * Acquire and decrypt the first block of the packet. This will
1252 * contain the length and padding details.
1254 for (st->i = st->len = 0; st->i < st->cipherblk; st->i++) {
1255 while ((*datalen) == 0)
1257 st->pktin->data[st->i] = *(*data)++;
1262 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1263 st->pktin->data, st->cipherblk);
1266 * Now get the length and padding figures.
1268 st->len = GET_32BIT(st->pktin->data);
1269 st->pad = st->pktin->data[4];
1272 * _Completely_ silly lengths should be stomped on before they
1273 * do us any more damage.
1275 if (st->len < 0 || st->len > 35000 || st->pad < 4 ||
1276 st->len - st->pad < 1 || (st->len + 4) % st->cipherblk != 0) {
1277 bombout(("Incoming packet was garbled on decryption"));
1278 ssh_free_packet(st->pktin);
1283 * This enables us to deduce the payload length.
1285 st->payload = st->len - st->pad - 1;
1287 st->pktin->length = st->payload + 5;
1290 * So now we can work out the total packet length.
1292 st->packetlen = st->len + 4;
1293 st->maclen = ssh->scmac ? ssh->scmac->len : 0;
1296 * Allocate memory for the rest of the packet.
1298 st->pktin->maxlen = st->packetlen + st->maclen;
1299 st->pktin->data = sresize(st->pktin->data,
1300 st->pktin->maxlen + APIEXTRA,
1304 * Read and decrypt the remainder of the packet.
1306 for (st->i = st->cipherblk; st->i < st->packetlen + st->maclen;
1308 while ((*datalen) == 0)
1310 st->pktin->data[st->i] = *(*data)++;
1313 /* Decrypt everything _except_ the MAC. */
1315 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1316 st->pktin->data + st->cipherblk,
1317 st->packetlen - st->cipherblk);
1319 st->pktin->encrypted_len = st->packetlen;
1325 && !ssh->scmac->verify(ssh->sc_mac_ctx, st->pktin->data, st->len + 4,
1326 st->incoming_sequence)) {
1327 bombout(("Incorrect MAC received on packet"));
1328 ssh_free_packet(st->pktin);
1332 st->pktin->sequence = st->incoming_sequence++;
1335 * Decompress packet payload.
1338 unsigned char *newpayload;
1341 ssh->sccomp->decompress(ssh->sc_comp_ctx,
1342 st->pktin->data + 5, st->pktin->length - 5,
1343 &newpayload, &newlen)) {
1344 if (st->pktin->maxlen < newlen + 5) {
1345 st->pktin->maxlen = newlen + 5;
1346 st->pktin->data = sresize(st->pktin->data,
1347 st->pktin->maxlen + APIEXTRA,
1350 st->pktin->length = 5 + newlen;
1351 memcpy(st->pktin->data + 5, newpayload, newlen);
1356 st->pktin->savedpos = 6;
1357 st->pktin->body = st->pktin->data;
1358 st->pktin->type = st->pktin->data[5];
1361 * Log incoming packet, possibly omitting sensitive fields.
1365 struct logblank_t blank;
1366 if (ssh->cfg.logomitdata) {
1367 int do_blank = FALSE, blank_prefix = 0;
1368 /* "Session data" packets - omit the data field */
1369 if (st->pktin->type == SSH2_MSG_CHANNEL_DATA) {
1370 do_blank = TRUE; blank_prefix = 4;
1371 } else if (st->pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA) {
1372 do_blank = TRUE; blank_prefix = 8;
1375 blank.offset = blank_prefix;
1376 blank.len = (st->pktin->length-6) - blank_prefix;
1377 blank.type = PKTLOG_OMIT;
1381 log_packet(ssh->logctx, PKT_INCOMING, st->pktin->type,
1382 ssh2_pkt_type(ssh->pkt_ctx, st->pktin->type),
1383 st->pktin->data+6, st->pktin->length-6,
1387 crFinish(st->pktin);
1390 static int s_wrpkt_prepare(Ssh ssh, struct Packet *pkt, int *offset_p)
1392 int pad, biglen, i, pktoffs;
1396 * XXX various versions of SC (including 8.8.4) screw up the
1397 * register allocation in this function and use the same register
1398 * (D6) for len and as a temporary, with predictable results. The
1399 * following sledgehammer prevents this.
1406 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[12],
1407 ssh1_pkt_type(pkt->data[12]),
1408 pkt->body, pkt->length - (pkt->body - pkt->data),
1409 pkt->nblanks, pkt->blanks);
1410 sfree(pkt->blanks); pkt->blanks = NULL;
1413 if (ssh->v1_compressing) {
1414 unsigned char *compblk;
1416 zlib_compress_block(ssh->cs_comp_ctx,
1417 pkt->data + 12, pkt->length - 12,
1418 &compblk, &complen);
1419 memcpy(pkt->data + 12, compblk, complen);
1421 pkt->length = complen + 12;
1424 ssh_pkt_ensure(pkt, pkt->length + 4); /* space for CRC */
1426 len = pkt->length - 4 - 8; /* len(type+data+CRC) */
1427 pad = 8 - (len % 8);
1429 biglen = len + pad; /* len(padding+type+data+CRC) */
1431 for (i = pktoffs; i < 4+8; i++)
1432 pkt->data[i] = random_byte();
1433 crc = crc32_compute(pkt->data + pktoffs + 4, biglen - 4); /* all ex len */
1434 PUT_32BIT(pkt->data + pktoffs + 4 + biglen - 4, crc);
1435 PUT_32BIT(pkt->data + pktoffs, len);
1438 ssh->cipher->encrypt(ssh->v1_cipher_ctx,
1439 pkt->data + pktoffs + 4, biglen);
1441 if (offset_p) *offset_p = pktoffs;
1442 return biglen + 4; /* len(length+padding+type+data+CRC) */
1445 static void s_wrpkt(Ssh ssh, struct Packet *pkt)
1447 int len, backlog, offset;
1448 len = s_wrpkt_prepare(ssh, pkt, &offset);
1449 backlog = sk_write(ssh->s, (char *)pkt->data + offset, len);
1450 if (backlog > SSH_MAX_BACKLOG)
1451 ssh_throttle_all(ssh, 1, backlog);
1452 ssh_free_packet(pkt);
1455 static void s_wrpkt_defer(Ssh ssh, struct Packet *pkt)
1458 len = s_wrpkt_prepare(ssh, pkt, &offset);
1459 if (ssh->deferred_len + len > ssh->deferred_size) {
1460 ssh->deferred_size = ssh->deferred_len + len + 128;
1461 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
1465 memcpy(ssh->deferred_send_data + ssh->deferred_len,
1466 pkt->data + offset, len);
1467 ssh->deferred_len += len;
1468 ssh_free_packet(pkt);
1472 * Construct a SSH-1 packet with the specified contents.
1473 * (This all-at-once interface used to be the only one, but now SSH-1
1474 * packets can also be constructed incrementally.)
1476 static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
1482 pkt = ssh1_pkt_init(pkttype);
1484 while ((argtype = va_arg(ap, int)) != PKT_END) {
1485 unsigned char *argp, argchar;
1486 unsigned long argint;
1489 /* Actual fields in the packet */
1491 argint = va_arg(ap, int);
1492 ssh_pkt_adduint32(pkt, argint);
1495 argchar = (unsigned char) va_arg(ap, int);
1496 ssh_pkt_addbyte(pkt, argchar);
1499 argp = va_arg(ap, unsigned char *);
1500 arglen = va_arg(ap, int);
1501 ssh_pkt_adddata(pkt, argp, arglen);
1504 argp = va_arg(ap, unsigned char *);
1505 ssh_pkt_addstring(pkt, argp);
1508 bn = va_arg(ap, Bignum);
1509 ssh1_pkt_addmp(pkt, bn);
1511 /* Tokens for modifications to packet logging */
1513 dont_log_password(ssh, pkt, PKTLOG_BLANK);
1516 dont_log_data(ssh, pkt, PKTLOG_OMIT);
1519 end_log_omission(ssh, pkt);
1527 static void send_packet(Ssh ssh, int pkttype, ...)
1531 va_start(ap, pkttype);
1532 pkt = construct_packet(ssh, pkttype, ap);
1537 static void defer_packet(Ssh ssh, int pkttype, ...)
1541 va_start(ap, pkttype);
1542 pkt = construct_packet(ssh, pkttype, ap);
1544 s_wrpkt_defer(ssh, pkt);
1547 static int ssh_versioncmp(char *a, char *b)
1550 unsigned long av, bv;
1552 av = strtoul(a, &ae, 10);
1553 bv = strtoul(b, &be, 10);
1555 return (av < bv ? -1 : +1);
1560 av = strtoul(ae, &ae, 10);
1561 bv = strtoul(be, &be, 10);
1563 return (av < bv ? -1 : +1);
1568 * Utility routines for putting an SSH-protocol `string' and
1569 * `uint32' into a hash state.
1571 static void hash_string(const struct ssh_hash *h, void *s, void *str, int len)
1573 unsigned char lenblk[4];
1574 PUT_32BIT(lenblk, len);
1575 h->bytes(s, lenblk, 4);
1576 h->bytes(s, str, len);
1579 static void hash_uint32(const struct ssh_hash *h, void *s, unsigned i)
1581 unsigned char intblk[4];
1582 PUT_32BIT(intblk, i);
1583 h->bytes(s, intblk, 4);
1587 * Packet construction functions. Mostly shared between SSH-1 and SSH-2.
1589 static void ssh_pkt_ensure(struct Packet *pkt, int length)
1591 if (pkt->maxlen < length) {
1592 unsigned char *body = pkt->body;
1593 int offset = body ? body - pkt->data : 0;
1594 pkt->maxlen = length + 256;
1595 pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char);
1596 if (body) pkt->body = pkt->data + offset;
1599 static void ssh_pkt_adddata(struct Packet *pkt, void *data, int len)
1601 if (pkt->logmode != PKTLOG_EMIT) {
1603 pkt->blanks = sresize(pkt->blanks, pkt->nblanks, struct logblank_t);
1605 pkt->blanks[pkt->nblanks-1].offset = pkt->length -
1606 (pkt->body - pkt->data);
1607 pkt->blanks[pkt->nblanks-1].len = len;
1608 pkt->blanks[pkt->nblanks-1].type = pkt->logmode;
1611 ssh_pkt_ensure(pkt, pkt->length);
1612 memcpy(pkt->data + pkt->length - len, data, len);
1614 static void ssh_pkt_addbyte(struct Packet *pkt, unsigned char byte)
1616 ssh_pkt_adddata(pkt, &byte, 1);
1618 static void ssh2_pkt_addbool(struct Packet *pkt, unsigned char value)
1620 ssh_pkt_adddata(pkt, &value, 1);
1622 static void ssh_pkt_adduint32(struct Packet *pkt, unsigned long value)
1625 PUT_32BIT(x, value);
1626 ssh_pkt_adddata(pkt, x, 4);
1628 static void ssh_pkt_addstring_start(struct Packet *pkt)
1630 ssh_pkt_adduint32(pkt, 0);
1631 pkt->savedpos = pkt->length;
1633 static void ssh_pkt_addstring_str(struct Packet *pkt, char *data)
1635 ssh_pkt_adddata(pkt, data, strlen(data));
1636 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1638 static void ssh_pkt_addstring_data(struct Packet *pkt, char *data, int len)
1640 ssh_pkt_adddata(pkt, data, len);
1641 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1643 static void ssh_pkt_addstring(struct Packet *pkt, char *data)
1645 ssh_pkt_addstring_start(pkt);
1646 ssh_pkt_addstring_str(pkt, data);
1648 static void ssh1_pkt_addmp(struct Packet *pkt, Bignum b)
1650 int len = ssh1_bignum_length(b);
1651 unsigned char *data = snewn(len, char);
1652 (void) ssh1_write_bignum(data, b);
1653 ssh_pkt_adddata(pkt, data, len);
1656 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len)
1659 int i, n = (bignum_bitcount(b) + 7) / 8;
1660 p = snewn(n + 1, unsigned char);
1662 for (i = 1; i <= n; i++)
1663 p[i] = bignum_byte(b, n - i);
1665 while (i <= n && p[i] == 0 && (p[i + 1] & 0x80) == 0)
1667 memmove(p, p + i, n + 1 - i);
1671 static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
1675 p = ssh2_mpint_fmt(b, &len);
1676 ssh_pkt_addstring_start(pkt);
1677 ssh_pkt_addstring_data(pkt, (char *)p, len);
1681 static struct Packet *ssh1_pkt_init(int pkt_type)
1683 struct Packet *pkt = ssh_new_packet();
1684 pkt->length = 4 + 8; /* space for length + max padding */
1685 ssh_pkt_addbyte(pkt, pkt_type);
1686 pkt->body = pkt->data + pkt->length;
1690 /* For legacy code (SSH-1 and -2 packet construction used to be separate) */
1691 #define ssh2_pkt_ensure(pkt, length) ssh_pkt_ensure(pkt, length)
1692 #define ssh2_pkt_adddata(pkt, data, len) ssh_pkt_adddata(pkt, data, len)
1693 #define ssh2_pkt_addbyte(pkt, byte) ssh_pkt_addbyte(pkt, byte)
1694 #define ssh2_pkt_adduint32(pkt, value) ssh_pkt_adduint32(pkt, value)
1695 #define ssh2_pkt_addstring_start(pkt) ssh_pkt_addstring_start(pkt)
1696 #define ssh2_pkt_addstring_str(pkt, data) ssh_pkt_addstring_str(pkt, data)
1697 #define ssh2_pkt_addstring_data(pkt, data, len) ssh_pkt_addstring_data(pkt, data, len)
1698 #define ssh2_pkt_addstring(pkt, data) ssh_pkt_addstring(pkt, data)
1700 static struct Packet *ssh2_pkt_init(int pkt_type)
1702 struct Packet *pkt = ssh_new_packet();
1703 pkt->length = 5; /* space for packet length + padding length */
1705 ssh_pkt_addbyte(pkt, (unsigned char) pkt_type);
1706 pkt->body = pkt->data + pkt->length; /* after packet type */
1711 * Construct an SSH-2 final-form packet: compress it, encrypt it,
1712 * put the MAC on it. Final packet, ready to be sent, is stored in
1713 * pkt->data. Total length is returned.
1715 static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
1717 int cipherblk, maclen, padding, i;
1720 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[5],
1721 ssh2_pkt_type(ssh->pkt_ctx, pkt->data[5]),
1722 pkt->body, pkt->length - (pkt->body - pkt->data),
1723 pkt->nblanks, pkt->blanks);
1724 sfree(pkt->blanks); pkt->blanks = NULL;
1728 * Compress packet payload.
1731 unsigned char *newpayload;
1734 ssh->cscomp->compress(ssh->cs_comp_ctx, pkt->data + 5,
1736 &newpayload, &newlen)) {
1738 ssh2_pkt_adddata(pkt, newpayload, newlen);
1744 * Add padding. At least four bytes, and must also bring total
1745 * length (minus MAC) up to a multiple of the block size.
1746 * If pkt->forcepad is set, make sure the packet is at least that size
1749 cipherblk = ssh->cscipher ? ssh->cscipher->blksize : 8; /* block size */
1750 cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */
1752 if (pkt->length + padding < pkt->forcepad)
1753 padding = pkt->forcepad - pkt->length;
1755 (cipherblk - (pkt->length + padding) % cipherblk) % cipherblk;
1756 assert(padding <= 255);
1757 maclen = ssh->csmac ? ssh->csmac->len : 0;
1758 ssh2_pkt_ensure(pkt, pkt->length + padding + maclen);
1759 pkt->data[4] = padding;
1760 for (i = 0; i < padding; i++)
1761 pkt->data[pkt->length + i] = random_byte();
1762 PUT_32BIT(pkt->data, pkt->length + padding - 4);
1764 ssh->csmac->generate(ssh->cs_mac_ctx, pkt->data,
1765 pkt->length + padding,
1766 ssh->v2_outgoing_sequence);
1767 ssh->v2_outgoing_sequence++; /* whether or not we MACed */
1770 ssh->cscipher->encrypt(ssh->cs_cipher_ctx,
1771 pkt->data, pkt->length + padding);
1773 pkt->encrypted_len = pkt->length + padding;
1775 /* Ready-to-send packet starts at pkt->data. We return length. */
1776 return pkt->length + padding + maclen;
1780 * Routines called from the main SSH code to send packets. There
1781 * are quite a few of these, because we have two separate
1782 * mechanisms for delaying the sending of packets:
1784 * - In order to send an IGNORE message and a password message in
1785 * a single fixed-length blob, we require the ability to
1786 * concatenate the encrypted forms of those two packets _into_ a
1787 * single blob and then pass it to our <network.h> transport
1788 * layer in one go. Hence, there's a deferment mechanism which
1789 * works after packet encryption.
1791 * - In order to avoid sending any connection-layer messages
1792 * during repeat key exchange, we have to queue up any such
1793 * outgoing messages _before_ they are encrypted (and in
1794 * particular before they're allocated sequence numbers), and
1795 * then send them once we've finished.
1797 * I call these mechanisms `defer' and `queue' respectively, so as
1798 * to distinguish them reasonably easily.
1800 * The functions send_noqueue() and defer_noqueue() free the packet
1801 * structure they are passed. Every outgoing packet goes through
1802 * precisely one of these functions in its life; packets passed to
1803 * ssh2_pkt_send() or ssh2_pkt_defer() either go straight to one of
1804 * these or get queued, and then when the queue is later emptied
1805 * the packets are all passed to defer_noqueue().
1807 * When using a CBC-mode cipher, it's necessary to ensure that an
1808 * attacker can't provide data to be encrypted using an IV that they
1809 * know. We ensure this by prefixing each packet that might contain
1810 * user data with an SSH_MSG_IGNORE. This is done using the deferral
1811 * mechanism, so in this case send_noqueue() ends up redirecting to
1812 * defer_noqueue(). If you don't like this inefficiency, don't use
1816 static void ssh2_pkt_defer_noqueue(Ssh, struct Packet *, int);
1817 static void ssh_pkt_defersend(Ssh);
1820 * Send an SSH-2 packet immediately, without queuing or deferring.
1822 static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
1826 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC)) {
1827 /* We need to send two packets, so use the deferral mechanism. */
1828 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
1829 ssh_pkt_defersend(ssh);
1832 len = ssh2_pkt_construct(ssh, pkt);
1833 backlog = sk_write(ssh->s, (char *)pkt->data, len);
1834 if (backlog > SSH_MAX_BACKLOG)
1835 ssh_throttle_all(ssh, 1, backlog);
1837 ssh->outgoing_data_size += pkt->encrypted_len;
1838 if (!ssh->kex_in_progress &&
1839 ssh->max_data_size != 0 &&
1840 ssh->outgoing_data_size > ssh->max_data_size)
1841 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
1843 ssh_free_packet(pkt);
1847 * Defer an SSH-2 packet.
1849 static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)
1852 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC) &&
1853 ssh->deferred_len == 0 && !noignore) {
1855 * Interpose an SSH_MSG_IGNORE to ensure that user data don't
1856 * get encrypted with a known IV.
1858 struct Packet *ipkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
1859 ssh2_pkt_defer_noqueue(ssh, ipkt, TRUE);
1861 len = ssh2_pkt_construct(ssh, pkt);
1862 if (ssh->deferred_len + len > ssh->deferred_size) {
1863 ssh->deferred_size = ssh->deferred_len + len + 128;
1864 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
1868 memcpy(ssh->deferred_send_data + ssh->deferred_len, pkt->data, len);
1869 ssh->deferred_len += len;
1870 ssh->deferred_data_size += pkt->encrypted_len;
1871 ssh_free_packet(pkt);
1875 * Queue an SSH-2 packet.
1877 static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
1879 assert(ssh->queueing);
1881 if (ssh->queuelen >= ssh->queuesize) {
1882 ssh->queuesize = ssh->queuelen + 32;
1883 ssh->queue = sresize(ssh->queue, ssh->queuesize, struct Packet *);
1886 ssh->queue[ssh->queuelen++] = pkt;
1890 * Either queue or send a packet, depending on whether queueing is
1893 static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt)
1896 ssh2_pkt_queue(ssh, pkt);
1898 ssh2_pkt_send_noqueue(ssh, pkt);
1903 * Either queue or defer a packet, depending on whether queueing is
1906 static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
1909 ssh2_pkt_queue(ssh, pkt);
1911 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
1916 * Send the whole deferred data block constructed by
1917 * ssh2_pkt_defer() or SSH-1's defer_packet().
1919 * The expected use of the defer mechanism is that you call
1920 * ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
1921 * not currently queueing, this simply sets up deferred_send_data
1922 * and then sends it. If we _are_ currently queueing, the calls to
1923 * ssh2_pkt_defer() put the deferred packets on to the queue
1924 * instead, and therefore ssh_pkt_defersend() has no deferred data
1925 * to send. Hence, there's no need to make it conditional on
1928 static void ssh_pkt_defersend(Ssh ssh)
1931 backlog = sk_write(ssh->s, (char *)ssh->deferred_send_data,
1933 ssh->deferred_len = ssh->deferred_size = 0;
1934 sfree(ssh->deferred_send_data);
1935 ssh->deferred_send_data = NULL;
1936 if (backlog > SSH_MAX_BACKLOG)
1937 ssh_throttle_all(ssh, 1, backlog);
1939 ssh->outgoing_data_size += ssh->deferred_data_size;
1940 if (!ssh->kex_in_progress &&
1941 ssh->max_data_size != 0 &&
1942 ssh->outgoing_data_size > ssh->max_data_size)
1943 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
1944 ssh->deferred_data_size = 0;
1948 * Send all queued SSH-2 packets. We send them by means of
1949 * ssh2_pkt_defer_noqueue(), in case they included a pair of
1950 * packets that needed to be lumped together.
1952 static void ssh2_pkt_queuesend(Ssh ssh)
1956 assert(!ssh->queueing);
1958 for (i = 0; i < ssh->queuelen; i++)
1959 ssh2_pkt_defer_noqueue(ssh, ssh->queue[i], FALSE);
1962 ssh_pkt_defersend(ssh);
1966 void bndebug(char *string, Bignum b)
1970 p = ssh2_mpint_fmt(b, &len);
1971 debug(("%s", string));
1972 for (i = 0; i < len; i++)
1973 debug((" %02x", p[i]));
1979 static void hash_mpint(const struct ssh_hash *h, void *s, Bignum b)
1983 p = ssh2_mpint_fmt(b, &len);
1984 hash_string(h, s, p, len);
1989 * Packet decode functions for both SSH-1 and SSH-2.
1991 static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
1993 unsigned long value;
1994 if (pkt->length - pkt->savedpos < 4)
1995 return 0; /* arrgh, no way to decline (FIXME?) */
1996 value = GET_32BIT(pkt->body + pkt->savedpos);
2000 static int ssh2_pkt_getbool(struct Packet *pkt)
2002 unsigned long value;
2003 if (pkt->length - pkt->savedpos < 1)
2004 return 0; /* arrgh, no way to decline (FIXME?) */
2005 value = pkt->body[pkt->savedpos] != 0;
2009 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length)
2014 if (pkt->length - pkt->savedpos < 4)
2016 len = GET_32BIT(pkt->body + pkt->savedpos);
2021 if (pkt->length - pkt->savedpos < *length)
2023 *p = (char *)(pkt->body + pkt->savedpos);
2024 pkt->savedpos += *length;
2026 static void *ssh_pkt_getdata(struct Packet *pkt, int length)
2028 if (pkt->length - pkt->savedpos < length)
2030 pkt->savedpos += length;
2031 return pkt->body + (pkt->savedpos - length);
2033 static int ssh1_pkt_getrsakey(struct Packet *pkt, struct RSAKey *key,
2034 unsigned char **keystr)
2038 j = makekey(pkt->body + pkt->savedpos,
2039 pkt->length - pkt->savedpos,
2046 assert(pkt->savedpos < pkt->length);
2050 static Bignum ssh1_pkt_getmp(struct Packet *pkt)
2055 j = ssh1_read_bignum(pkt->body + pkt->savedpos,
2056 pkt->length - pkt->savedpos, &b);
2064 static Bignum ssh2_pkt_getmp(struct Packet *pkt)
2070 ssh_pkt_getstring(pkt, &p, &length);
2075 b = bignum_from_bytes((unsigned char *)p, length);
2080 * Helper function to add an SSH-2 signature blob to a packet.
2081 * Expects to be shown the public key blob as well as the signature
2082 * blob. Normally works just like ssh2_pkt_addstring, but will
2083 * fiddle with the signature packet if necessary for
2084 * BUG_SSH2_RSA_PADDING.
2086 static void ssh2_add_sigblob(Ssh ssh, struct Packet *pkt,
2087 void *pkblob_v, int pkblob_len,
2088 void *sigblob_v, int sigblob_len)
2090 unsigned char *pkblob = (unsigned char *)pkblob_v;
2091 unsigned char *sigblob = (unsigned char *)sigblob_v;
2093 /* dmemdump(pkblob, pkblob_len); */
2094 /* dmemdump(sigblob, sigblob_len); */
2097 * See if this is in fact an ssh-rsa signature and a buggy
2098 * server; otherwise we can just do this the easy way.
2100 if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) &&
2101 (GET_32BIT(pkblob) == 7 && !memcmp(pkblob+4, "ssh-rsa", 7))) {
2102 int pos, len, siglen;
2105 * Find the byte length of the modulus.
2108 pos = 4+7; /* skip over "ssh-rsa" */
2109 pos += 4 + GET_32BIT(pkblob+pos); /* skip over exponent */
2110 len = GET_32BIT(pkblob+pos); /* find length of modulus */
2111 pos += 4; /* find modulus itself */
2112 while (len > 0 && pkblob[pos] == 0)
2114 /* debug(("modulus length is %d\n", len)); */
2117 * Now find the signature integer.
2119 pos = 4+7; /* skip over "ssh-rsa" */
2120 siglen = GET_32BIT(sigblob+pos);
2121 /* debug(("signature length is %d\n", siglen)); */
2123 if (len != siglen) {
2124 unsigned char newlen[4];
2125 ssh2_pkt_addstring_start(pkt);
2126 ssh2_pkt_addstring_data(pkt, (char *)sigblob, pos);
2127 /* dmemdump(sigblob, pos); */
2128 pos += 4; /* point to start of actual sig */
2129 PUT_32BIT(newlen, len);
2130 ssh2_pkt_addstring_data(pkt, (char *)newlen, 4);
2131 /* dmemdump(newlen, 4); */
2133 while (len-- > siglen) {
2134 ssh2_pkt_addstring_data(pkt, (char *)newlen, 1);
2135 /* dmemdump(newlen, 1); */
2137 ssh2_pkt_addstring_data(pkt, (char *)(sigblob+pos), siglen);
2138 /* dmemdump(sigblob+pos, siglen); */
2142 /* Otherwise fall through and do it the easy way. */
2145 ssh2_pkt_addstring_start(pkt);
2146 ssh2_pkt_addstring_data(pkt, (char *)sigblob, sigblob_len);
2150 * Examine the remote side's version string and compare it against
2151 * a list of known buggy implementations.
2153 static void ssh_detect_bugs(Ssh ssh, char *vstring)
2155 char *imp; /* pointer to implementation part */
2157 imp += strcspn(imp, "-");
2159 imp += strcspn(imp, "-");
2162 ssh->remote_bugs = 0;
2164 if (ssh->cfg.sshbug_ignore1 == FORCE_ON ||
2165 (ssh->cfg.sshbug_ignore1 == AUTO &&
2166 (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
2167 !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
2168 !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
2169 !strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
2171 * These versions don't support SSH1_MSG_IGNORE, so we have
2172 * to use a different defence against password length
2175 ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
2176 logevent("We believe remote version has SSH-1 ignore bug");
2179 if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
2180 (ssh->cfg.sshbug_plainpw1 == AUTO &&
2181 (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
2183 * These versions need a plain password sent; they can't
2184 * handle having a null and a random length of data after
2187 ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
2188 logevent("We believe remote version needs a plain SSH-1 password");
2191 if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
2192 (ssh->cfg.sshbug_rsa1 == AUTO &&
2193 (!strcmp(imp, "Cisco-1.25")))) {
2195 * These versions apparently have no clue whatever about
2196 * RSA authentication and will panic and die if they see
2197 * an AUTH_RSA message.
2199 ssh->remote_bugs |= BUG_CHOKES_ON_RSA;
2200 logevent("We believe remote version can't handle SSH-1 RSA authentication");
2203 if (ssh->cfg.sshbug_hmac2 == FORCE_ON ||
2204 (ssh->cfg.sshbug_hmac2 == AUTO &&
2205 !wc_match("* VShell", imp) &&
2206 (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
2207 wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
2208 wc_match("2.1 *", imp)))) {
2210 * These versions have the HMAC bug.
2212 ssh->remote_bugs |= BUG_SSH2_HMAC;
2213 logevent("We believe remote version has SSH-2 HMAC bug");
2216 if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
2217 (ssh->cfg.sshbug_derivekey2 == AUTO &&
2218 !wc_match("* VShell", imp) &&
2219 (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
2221 * These versions have the key-derivation bug (failing to
2222 * include the literal shared secret in the hashes that
2223 * generate the keys).
2225 ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
2226 logevent("We believe remote version has SSH-2 key-derivation bug");
2229 if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
2230 (ssh->cfg.sshbug_rsapad2 == AUTO &&
2231 (wc_match("OpenSSH_2.[5-9]*", imp) ||
2232 wc_match("OpenSSH_3.[0-2]*", imp)))) {
2234 * These versions have the SSH-2 RSA padding bug.
2236 ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
2237 logevent("We believe remote version has SSH-2 RSA padding bug");
2240 if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
2241 (ssh->cfg.sshbug_pksessid2 == AUTO &&
2242 wc_match("OpenSSH_2.[0-2]*", imp))) {
2244 * These versions have the SSH-2 session-ID bug in
2245 * public-key authentication.
2247 ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
2248 logevent("We believe remote version has SSH-2 public-key-session-ID bug");
2251 if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
2252 (ssh->cfg.sshbug_rekey2 == AUTO &&
2253 (wc_match("DigiSSH_2.0", imp) ||
2254 wc_match("OpenSSH_2.[0-4]*", imp) ||
2255 wc_match("OpenSSH_2.5.[0-3]*", imp) ||
2256 wc_match("Sun_SSH_1.0", imp) ||
2257 wc_match("Sun_SSH_1.0.1", imp) ||
2258 /* All versions <= 1.2.6 (they changed their format in 1.2.7) */
2259 wc_match("WeOnlyDo-*", imp)))) {
2261 * These versions have the SSH-2 rekey bug.
2263 ssh->remote_bugs |= BUG_SSH2_REKEY;
2264 logevent("We believe remote version has SSH-2 rekey bug");
2269 * The `software version' part of an SSH version string is required
2270 * to contain no spaces or minus signs.
2272 static void ssh_fix_verstring(char *str)
2274 /* Eat "SSH-<protoversion>-". */
2275 assert(*str == 'S'); str++;
2276 assert(*str == 'S'); str++;
2277 assert(*str == 'H'); str++;
2278 assert(*str == '-'); str++;
2279 while (*str && *str != '-') str++;
2280 assert(*str == '-'); str++;
2282 /* Convert minus signs and spaces in the remaining string into
2285 if (*str == '-' || *str == ' ')
2291 static int do_ssh_init(Ssh ssh, unsigned char c)
2293 struct do_ssh_init_state {
2301 crState(do_ssh_init_state);
2303 crBegin(ssh->do_ssh_init_crstate);
2305 /* Search for a line beginning with the string "SSH-" in the input. */
2307 if (c != 'S') goto no;
2309 if (c != 'S') goto no;
2311 if (c != 'H') goto no;
2313 if (c != '-') goto no;
2322 s->vstring = snewn(s->vstrsize, char);
2323 strcpy(s->vstring, "SSH-");
2327 crReturn(1); /* get another char */
2328 if (s->vslen >= s->vstrsize - 1) {
2330 s->vstring = sresize(s->vstring, s->vstrsize, char);
2332 s->vstring[s->vslen++] = c;
2335 s->version[s->i] = '\0';
2337 } else if (s->i < sizeof(s->version) - 1)
2338 s->version[s->i++] = c;
2339 } else if (c == '\012')
2343 ssh->agentfwd_enabled = FALSE;
2344 ssh->rdpkt2_state.incoming_sequence = 0;
2346 s->vstring[s->vslen] = 0;
2347 s->vstring[strcspn(s->vstring, "\015\012")] = '\0';/* remove EOL chars */
2348 logeventf(ssh, "Server version: %s", s->vstring);
2349 ssh_detect_bugs(ssh, s->vstring);
2352 * Decide which SSH protocol version to support.
2355 /* Anything strictly below "2.0" means protocol 1 is supported. */
2356 s->proto1 = ssh_versioncmp(s->version, "2.0") < 0;
2357 /* Anything greater or equal to "1.99" means protocol 2 is supported. */
2358 s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
2360 if (ssh->cfg.sshprot == 0 && !s->proto1) {
2361 bombout(("SSH protocol version 1 required by user but not provided by server"));
2364 if (ssh->cfg.sshprot == 3 && !s->proto2) {
2365 bombout(("SSH protocol version 2 required by user but not provided by server"));
2372 if (s->proto2 && (ssh->cfg.sshprot >= 2 || !s->proto1)) {
2374 * Construct a v2 version string.
2376 verstring = dupprintf("SSH-2.0-%s\015\012", sshver);
2380 * Construct a v1 version string.
2382 verstring = dupprintf("SSH-%s-%s\012",
2383 (ssh_versioncmp(s->version, "1.5") <= 0 ?
2384 s->version : "1.5"),
2389 ssh_fix_verstring(verstring);
2391 if (ssh->version == 2) {
2394 * Hash our version string and their version string.
2396 len = strcspn(verstring, "\015\012");
2397 ssh->v_c = snewn(len + 1, char);
2398 memcpy(ssh->v_c, verstring, len);
2400 len = strcspn(s->vstring, "\015\012");
2401 ssh->v_s = snewn(len + 1, char);
2402 memcpy(ssh->v_s, s->vstring, len);
2406 * Initialise SSH-2 protocol.
2408 ssh->protocol = ssh2_protocol;
2409 ssh2_protocol_setup(ssh);
2410 ssh->s_rdpkt = ssh2_rdpkt;
2413 * Initialise SSH-1 protocol.
2415 ssh->protocol = ssh1_protocol;
2416 ssh1_protocol_setup(ssh);
2417 ssh->s_rdpkt = ssh1_rdpkt;
2419 logeventf(ssh, "We claim version: %.*s",
2420 strcspn(verstring, "\015\012"), verstring);
2421 sk_write(ssh->s, verstring, strlen(verstring));
2423 if (ssh->version == 2)
2424 do_ssh2_transport(ssh, NULL, -1, NULL);
2427 logeventf(ssh, "Using SSH protocol version %d", ssh->version);
2429 update_specials_menu(ssh->frontend);
2430 ssh->state = SSH_STATE_BEFORE_SIZE;
2431 ssh->pinger = pinger_new(&ssh->cfg, &ssh_backend, ssh);
2438 static void ssh_process_incoming_data(Ssh ssh,
2439 unsigned char **data, int *datalen)
2441 struct Packet *pktin = ssh->s_rdpkt(ssh, data, datalen);
2443 ssh->protocol(ssh, NULL, 0, pktin);
2444 ssh_free_packet(pktin);
2448 static void ssh_queue_incoming_data(Ssh ssh,
2449 unsigned char **data, int *datalen)
2451 bufchain_add(&ssh->queued_incoming_data, *data, *datalen);
2456 static void ssh_process_queued_incoming_data(Ssh ssh)
2459 unsigned char *data;
2462 while (!ssh->frozen && bufchain_size(&ssh->queued_incoming_data)) {
2463 bufchain_prefix(&ssh->queued_incoming_data, &vdata, &len);
2467 while (!ssh->frozen && len > 0)
2468 ssh_process_incoming_data(ssh, &data, &len);
2471 bufchain_consume(&ssh->queued_incoming_data, origlen - len);
2475 static void ssh_set_frozen(Ssh ssh, int frozen)
2478 sk_set_frozen(ssh->s, frozen);
2479 ssh->frozen = frozen;
2482 static void ssh_gotdata(Ssh ssh, unsigned char *data, int datalen)
2484 crBegin(ssh->ssh_gotdata_crstate);
2487 * To begin with, feed the characters one by one to the
2488 * protocol initialisation / selection function do_ssh_init().
2489 * When that returns 0, we're done with the initial greeting
2490 * exchange and can move on to packet discipline.
2493 int ret; /* need not be kept across crReturn */
2495 crReturnV; /* more data please */
2496 ret = do_ssh_init(ssh, *data);
2504 * We emerge from that loop when the initial negotiation is
2505 * over and we have selected an s_rdpkt function. Now pass
2506 * everything to s_rdpkt, and then pass the resulting packets
2507 * to the proper protocol handler.
2511 while (bufchain_size(&ssh->queued_incoming_data) > 0 || datalen > 0) {
2513 ssh_queue_incoming_data(ssh, &data, &datalen);
2514 /* This uses up all data and cannot cause anything interesting
2515 * to happen; indeed, for anything to happen at all, we must
2516 * return, so break out. */
2518 } else if (bufchain_size(&ssh->queued_incoming_data) > 0) {
2519 /* This uses up some or all data, and may freeze the
2521 ssh_process_queued_incoming_data(ssh);
2523 /* This uses up some or all data, and may freeze the
2525 ssh_process_incoming_data(ssh, &data, &datalen);
2527 /* FIXME this is probably EBW. */
2528 if (ssh->state == SSH_STATE_CLOSED)
2531 /* We're out of data. Go and get some more. */
2537 static int ssh_do_close(Ssh ssh, int notify_exit)
2540 struct ssh_channel *c;
2542 ssh->state = SSH_STATE_CLOSED;
2543 expire_timer_context(ssh);
2548 notify_remote_exit(ssh->frontend);
2553 * Now we must shut down any port- and X-forwarded channels going
2554 * through this connection.
2556 if (ssh->channels) {
2557 while (NULL != (c = index234(ssh->channels, 0))) {
2560 x11_close(c->u.x11.s);
2563 pfd_close(c->u.pfd.s);
2566 del234(ssh->channels, c); /* moving next one to index 0 */
2567 if (ssh->version == 2)
2568 bufchain_clear(&c->v.v2.outbuffer);
2573 * Go through port-forwardings, and close any associated
2574 * listening sockets.
2576 if (ssh->portfwds) {
2577 struct ssh_portfwd *pf;
2578 while (NULL != (pf = index234(ssh->portfwds, 0))) {
2579 /* Dispose of any listening socket. */
2581 pfd_terminate(pf->local);
2582 del234(ssh->portfwds, pf); /* moving next one to index 0 */
2590 static void ssh_log(Plug plug, int type, SockAddr addr, int port,
2591 const char *error_msg, int error_code)
2593 Ssh ssh = (Ssh) plug;
2594 char addrbuf[256], *msg;
2596 sk_getaddr(addr, addrbuf, lenof(addrbuf));
2599 msg = dupprintf("Connecting to %s port %d", addrbuf, port);
2601 msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg);
2607 static int ssh_closing(Plug plug, const char *error_msg, int error_code,
2610 Ssh ssh = (Ssh) plug;
2611 int need_notify = ssh_do_close(ssh, FALSE);
2614 if (!ssh->close_expected)
2615 error_msg = "Server unexpectedly closed network connection";
2617 error_msg = "Server closed network connection";
2621 notify_remote_exit(ssh->frontend);
2624 logevent(error_msg);
2625 if (!ssh->close_expected || !ssh->clean_exit)
2626 connection_fatal(ssh->frontend, "%s", error_msg);
2630 static int ssh_receive(Plug plug, int urgent, char *data, int len)
2632 Ssh ssh = (Ssh) plug;
2633 ssh_gotdata(ssh, (unsigned char *)data, len);
2634 if (ssh->state == SSH_STATE_CLOSED) {
2635 ssh_do_close(ssh, TRUE);
2641 static void ssh_sent(Plug plug, int bufsize)
2643 Ssh ssh = (Ssh) plug;
2645 * If the send backlog on the SSH socket itself clears, we
2646 * should unthrottle the whole world if it was throttled.
2648 if (bufsize < SSH_MAX_BACKLOG)
2649 ssh_throttle_all(ssh, 0, bufsize);
2653 * Connect to specified host and port.
2654 * Returns an error message, or NULL on success.
2655 * Also places the canonical host name into `realhost'. It must be
2656 * freed by the caller.
2658 static const char *connect_to_host(Ssh ssh, char *host, int port,
2659 char **realhost, int nodelay, int keepalive)
2661 static const struct plug_function_table fn_table = {
2672 ssh->savedhost = snewn(1 + strlen(host), char);
2673 strcpy(ssh->savedhost, host);
2676 port = 22; /* default ssh port */
2677 ssh->savedport = port;
2682 logeventf(ssh, "Looking up host \"%s\"%s", host,
2683 (ssh->cfg.addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
2684 (ssh->cfg.addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
2685 addr = name_lookup(host, port, realhost, &ssh->cfg,
2686 ssh->cfg.addressfamily);
2687 if ((err = sk_addr_error(addr)) != NULL) {
2695 ssh->fn = &fn_table;
2696 ssh->s = new_connection(addr, *realhost, port,
2697 0, 1, nodelay, keepalive, (Plug) ssh, &ssh->cfg);
2698 if ((err = sk_socket_error(ssh->s)) != NULL) {
2700 notify_remote_exit(ssh->frontend);
2708 * Throttle or unthrottle the SSH connection.
2710 static void ssh1_throttle(Ssh ssh, int adjust)
2712 int old_count = ssh->v1_throttle_count;
2713 ssh->v1_throttle_count += adjust;
2714 assert(ssh->v1_throttle_count >= 0);
2715 if (ssh->v1_throttle_count && !old_count) {
2716 ssh_set_frozen(ssh, 1);
2717 } else if (!ssh->v1_throttle_count && old_count) {
2718 ssh_set_frozen(ssh, 0);
2723 * Throttle or unthrottle _all_ local data streams (for when sends
2724 * on the SSH connection itself back up).
2726 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
2729 struct ssh_channel *c;
2731 if (enable == ssh->throttled_all)
2733 ssh->throttled_all = enable;
2734 ssh->overall_bufsize = bufsize;
2737 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
2739 case CHAN_MAINSESSION:
2741 * This is treated separately, outside the switch.
2745 x11_override_throttle(c->u.x11.s, enable);
2748 /* Agent channels require no buffer management. */
2751 pfd_override_throttle(c->u.pfd.s, enable);
2757 static void ssh_agent_callback(void *sshv, void *reply, int replylen)
2759 Ssh ssh = (Ssh) sshv;
2761 ssh->agent_response = reply;
2762 ssh->agent_response_len = replylen;
2764 if (ssh->version == 1)
2765 do_ssh1_login(ssh, NULL, -1, NULL);
2767 do_ssh2_authconn(ssh, NULL, -1, NULL);
2770 static void ssh_dialog_callback(void *sshv, int ret)
2772 Ssh ssh = (Ssh) sshv;
2774 ssh->user_response = ret;
2776 if (ssh->version == 1)
2777 do_ssh1_login(ssh, NULL, -1, NULL);
2779 do_ssh2_transport(ssh, NULL, -1, NULL);
2782 * This may have unfrozen the SSH connection, so do a
2785 ssh_process_queued_incoming_data(ssh);
2788 static void ssh_agentf_callback(void *cv, void *reply, int replylen)
2790 struct ssh_channel *c = (struct ssh_channel *)cv;
2792 void *sentreply = reply;
2795 /* Fake SSH_AGENT_FAILURE. */
2796 sentreply = "\0\0\0\1\5";
2799 if (ssh->version == 2) {
2800 ssh2_add_channel_data(c, sentreply, replylen);
2803 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
2804 PKT_INT, c->remoteid,
2807 PKT_DATA, sentreply, replylen,
2816 * Client-initiated disconnection. Send a DISCONNECT if `wire_reason'
2817 * non-NULL, otherwise just close the connection. `client_reason' == NULL
2818 * => log `wire_reason'.
2820 static void ssh_disconnect(Ssh ssh, char *client_reason, char *wire_reason,
2821 int code, int clean_exit)
2825 client_reason = wire_reason;
2827 error = dupprintf("Disconnected: %s", client_reason);
2829 error = dupstr("Disconnected");
2831 if (ssh->version == 1) {
2832 send_packet(ssh, SSH1_MSG_DISCONNECT, PKT_STR, wire_reason,
2834 } else if (ssh->version == 2) {
2835 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
2836 ssh2_pkt_adduint32(pktout, code);
2837 ssh2_pkt_addstring(pktout, wire_reason);
2838 ssh2_pkt_addstring(pktout, "en"); /* language tag */
2839 ssh2_pkt_send_noqueue(ssh, pktout);
2842 ssh->close_expected = TRUE;
2843 ssh->clean_exit = clean_exit;
2844 ssh_closing((Plug)ssh, error, 0, 0);
2849 * Handle the key exchange and user authentication phases.
2851 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
2852 struct Packet *pktin)
2855 unsigned char cookie[8], *ptr;
2856 struct RSAKey servkey, hostkey;
2857 struct MD5Context md5c;
2858 struct do_ssh1_login_state {
2860 unsigned char *rsabuf, *keystr1, *keystr2;
2861 unsigned long supported_ciphers_mask, supported_auths_mask;
2862 int tried_publickey, tried_agent;
2863 int tis_auth_refused, ccard_auth_refused;
2864 unsigned char session_id[16];
2867 void *publickey_blob;
2868 int publickey_bloblen;
2869 char *publickey_comment;
2870 int publickey_encrypted;
2871 prompts_t *cur_prompt;
2874 unsigned char request[5], *response, *p;
2884 crState(do_ssh1_login_state);
2886 crBegin(ssh->do_ssh1_login_crstate);
2891 if (pktin->type != SSH1_SMSG_PUBLIC_KEY) {
2892 bombout(("Public key packet not received"));
2896 logevent("Received public keys");
2898 ptr = ssh_pkt_getdata(pktin, 8);
2900 bombout(("SSH-1 public key packet stopped before random cookie"));
2903 memcpy(cookie, ptr, 8);
2905 if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
2906 !ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
2907 bombout(("Failed to read SSH-1 public keys from public key packet"));
2912 * Log the host key fingerprint.
2916 logevent("Host key fingerprint is:");
2917 strcpy(logmsg, " ");
2918 hostkey.comment = NULL;
2919 rsa_fingerprint(logmsg + strlen(logmsg),
2920 sizeof(logmsg) - strlen(logmsg), &hostkey);
2924 ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
2925 s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
2926 s->supported_auths_mask = ssh_pkt_getuint32(pktin);
2928 ssh->v1_local_protoflags =
2929 ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
2930 ssh->v1_local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
2933 MD5Update(&md5c, s->keystr2, hostkey.bytes);
2934 MD5Update(&md5c, s->keystr1, servkey.bytes);
2935 MD5Update(&md5c, cookie, 8);
2936 MD5Final(s->session_id, &md5c);
2938 for (i = 0; i < 32; i++)
2939 ssh->session_key[i] = random_byte();
2942 * Verify that the `bits' and `bytes' parameters match.
2944 if (hostkey.bits > hostkey.bytes * 8 ||
2945 servkey.bits > servkey.bytes * 8) {
2946 bombout(("SSH-1 public keys were badly formatted"));
2950 s->len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
2952 s->rsabuf = snewn(s->len, unsigned char);
2955 * Verify the host key.
2959 * First format the key into a string.
2961 int len = rsastr_len(&hostkey);
2962 char fingerprint[100];
2963 char *keystr = snewn(len, char);
2964 rsastr_fmt(keystr, &hostkey);
2965 rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey);
2967 ssh_set_frozen(ssh, 1);
2968 s->dlgret = verify_ssh_host_key(ssh->frontend,
2969 ssh->savedhost, ssh->savedport,
2970 "rsa", keystr, fingerprint,
2971 ssh_dialog_callback, ssh);
2973 if (s->dlgret < 0) {
2977 bombout(("Unexpected data from server while waiting"
2978 " for user host key response"));
2981 } while (pktin || inlen > 0);
2982 s->dlgret = ssh->user_response;
2984 ssh_set_frozen(ssh, 0);
2986 if (s->dlgret == 0) {
2987 ssh_disconnect(ssh, "User aborted at host key verification",
2993 for (i = 0; i < 32; i++) {
2994 s->rsabuf[i] = ssh->session_key[i];
2996 s->rsabuf[i] ^= s->session_id[i];
2999 if (hostkey.bytes > servkey.bytes) {
3000 ret = rsaencrypt(s->rsabuf, 32, &servkey);
3002 ret = rsaencrypt(s->rsabuf, servkey.bytes, &hostkey);
3004 ret = rsaencrypt(s->rsabuf, 32, &hostkey);
3006 ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
3009 bombout(("SSH-1 public key encryptions failed due to bad formatting"));
3013 logevent("Encrypted session key");
3016 int cipher_chosen = 0, warn = 0;
3017 char *cipher_string = NULL;
3019 for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
3020 int next_cipher = ssh->cfg.ssh_cipherlist[i];
3021 if (next_cipher == CIPHER_WARN) {
3022 /* If/when we choose a cipher, warn about it */
3024 } else if (next_cipher == CIPHER_AES) {
3025 /* XXX Probably don't need to mention this. */
3026 logevent("AES not supported in SSH-1, skipping");
3028 switch (next_cipher) {
3029 case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
3030 cipher_string = "3DES"; break;
3031 case CIPHER_BLOWFISH: s->cipher_type = SSH_CIPHER_BLOWFISH;
3032 cipher_string = "Blowfish"; break;
3033 case CIPHER_DES: s->cipher_type = SSH_CIPHER_DES;
3034 cipher_string = "single-DES"; break;
3036 if (s->supported_ciphers_mask & (1 << s->cipher_type))
3040 if (!cipher_chosen) {
3041 if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
3042 bombout(("Server violates SSH-1 protocol by not "
3043 "supporting 3DES encryption"));
3045 /* shouldn't happen */
3046 bombout(("No supported ciphers found"));
3050 /* Warn about chosen cipher if necessary. */
3052 ssh_set_frozen(ssh, 1);
3053 s->dlgret = askalg(ssh->frontend, "cipher", cipher_string,
3054 ssh_dialog_callback, ssh);
3055 if (s->dlgret < 0) {
3059 bombout(("Unexpected data from server while waiting"
3060 " for user response"));
3063 } while (pktin || inlen > 0);
3064 s->dlgret = ssh->user_response;
3066 ssh_set_frozen(ssh, 0);
3067 if (s->dlgret == 0) {
3068 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
3075 switch (s->cipher_type) {
3076 case SSH_CIPHER_3DES:
3077 logevent("Using 3DES encryption");
3079 case SSH_CIPHER_DES:
3080 logevent("Using single-DES encryption");
3082 case SSH_CIPHER_BLOWFISH:
3083 logevent("Using Blowfish encryption");
3087 send_packet(ssh, SSH1_CMSG_SESSION_KEY,
3088 PKT_CHAR, s->cipher_type,
3089 PKT_DATA, cookie, 8,
3090 PKT_CHAR, (s->len * 8) >> 8, PKT_CHAR, (s->len * 8) & 0xFF,
3091 PKT_DATA, s->rsabuf, s->len,
3092 PKT_INT, ssh->v1_local_protoflags, PKT_END);
3094 logevent("Trying to enable encryption...");
3098 ssh->cipher = (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 :
3099 s->cipher_type == SSH_CIPHER_DES ? &ssh_des :
3101 ssh->v1_cipher_ctx = ssh->cipher->make_context();
3102 ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key);
3103 logeventf(ssh, "Initialised %s encryption", ssh->cipher->text_name);
3105 ssh->crcda_ctx = crcda_make_context();
3106 logevent("Installing CRC compensation attack detector");
3108 if (servkey.modulus) {
3109 sfree(servkey.modulus);
3110 servkey.modulus = NULL;
3112 if (servkey.exponent) {
3113 sfree(servkey.exponent);
3114 servkey.exponent = NULL;
3116 if (hostkey.modulus) {
3117 sfree(hostkey.modulus);
3118 hostkey.modulus = NULL;
3120 if (hostkey.exponent) {
3121 sfree(hostkey.exponent);
3122 hostkey.exponent = NULL;
3126 if (pktin->type != SSH1_SMSG_SUCCESS) {
3127 bombout(("Encryption not successfully enabled"));
3131 logevent("Successfully started encryption");
3133 fflush(stdout); /* FIXME eh? */
3135 if (!*ssh->cfg.username) {
3136 int ret; /* need not be kept over crReturn */
3137 s->cur_prompt = new_prompts(ssh->frontend);
3138 s->cur_prompt->to_server = TRUE;
3139 s->cur_prompt->name = dupstr("SSH login name");
3140 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE,
3141 lenof(s->username));
3142 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3145 crWaitUntil(!pktin);
3146 ret = get_userpass_input(s->cur_prompt, in, inlen);
3151 * Failed to get a username. Terminate.
3153 free_prompts(s->cur_prompt);
3154 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
3157 memcpy(s->username, s->cur_prompt->prompts[0]->result,
3158 lenof(s->username));
3159 free_prompts(s->cur_prompt);
3161 strncpy(s->username, ssh->cfg.username, sizeof(s->username));
3162 s->username[sizeof(s->username)-1] = '\0';
3165 send_packet(ssh, SSH1_CMSG_USER, PKT_STR, s->username, PKT_END);
3167 char *userlog = dupprintf("Sent username \"%s\"", s->username);
3169 if (flags & FLAG_INTERACTIVE &&
3170 (!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
3171 c_write_str(ssh, userlog);
3172 c_write_str(ssh, "\r\n");
3180 if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA)) {
3181 /* We must not attempt PK auth. Pretend we've already tried it. */
3182 s->tried_publickey = s->tried_agent = 1;
3184 s->tried_publickey = s->tried_agent = 0;
3186 s->tis_auth_refused = s->ccard_auth_refused = 0;
3188 * Load the public half of any configured keyfile for later use.
3190 if (!filename_is_null(ssh->cfg.keyfile)) {
3192 logeventf(ssh, "Reading private key file \"%.150s\"",
3193 filename_to_str(&ssh->cfg.keyfile));
3194 keytype = key_type(&ssh->cfg.keyfile);
3195 if (keytype == SSH_KEYTYPE_SSH1) {
3197 if (rsakey_pubblob(&ssh->cfg.keyfile,
3198 &s->publickey_blob, &s->publickey_bloblen,
3199 &s->publickey_comment, &error)) {
3200 s->publickey_encrypted = rsakey_encrypted(&ssh->cfg.keyfile,
3204 logeventf(ssh, "Unable to load private key (%s)", error);
3205 msgbuf = dupprintf("Unable to load private key file "
3206 "\"%.150s\" (%s)\r\n",
3207 filename_to_str(&ssh->cfg.keyfile),
3209 c_write_str(ssh, msgbuf);
3211 s->publickey_blob = NULL;
3215 logeventf(ssh, "Unable to use this key file (%s)",
3216 key_type_to_str(keytype));
3217 msgbuf = dupprintf("Unable to use key file \"%.150s\""
3219 filename_to_str(&ssh->cfg.keyfile),
3220 key_type_to_str(keytype));
3221 c_write_str(ssh, msgbuf);
3223 s->publickey_blob = NULL;
3226 s->publickey_blob = NULL;
3228 while (pktin->type == SSH1_SMSG_FAILURE) {
3229 s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
3231 if (ssh->cfg.tryagent && agent_exists() && !s->tried_agent) {
3233 * Attempt RSA authentication using Pageant.
3239 logevent("Pageant is running. Requesting keys.");
3241 /* Request the keys held by the agent. */
3242 PUT_32BIT(s->request, 1);
3243 s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
3244 if (!agent_query(s->request, 5, &r, &s->responselen,
3245 ssh_agent_callback, ssh)) {
3249 bombout(("Unexpected data from server while waiting"
3250 " for agent response"));
3253 } while (pktin || inlen > 0);
3254 r = ssh->agent_response;
3255 s->responselen = ssh->agent_response_len;
3257 s->response = (unsigned char *) r;
3258 if (s->response && s->responselen >= 5 &&
3259 s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
3260 s->p = s->response + 5;
3261 s->nkeys = GET_32BIT(s->p);
3263 logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
3264 for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
3265 unsigned char *pkblob = s->p;
3269 do { /* do while (0) to make breaking easy */
3270 n = ssh1_read_bignum
3271 (s->p, s->responselen-(s->p-s->response),
3276 n = ssh1_read_bignum
3277 (s->p, s->responselen-(s->p-s->response),
3282 if (s->responselen - (s->p-s->response) < 4)
3284 s->commentlen = GET_32BIT(s->p);
3286 if (s->responselen - (s->p-s->response) <
3289 s->commentp = (char *)s->p;
3290 s->p += s->commentlen;
3294 logevent("Pageant key list packet was truncated");
3298 if (s->publickey_blob) {
3299 if (!memcmp(pkblob, s->publickey_blob,
3300 s->publickey_bloblen)) {
3301 logeventf(ssh, "Pageant key #%d matches "
3302 "configured key file", s->keyi);
3303 s->tried_publickey = 1;
3305 /* Skip non-configured key */
3308 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
3309 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3310 PKT_BIGNUM, s->key.modulus, PKT_END);
3312 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3313 logevent("Key refused");
3316 logevent("Received RSA challenge");
3317 if ((s->challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3318 bombout(("Server's RSA challenge was badly formatted"));
3323 char *agentreq, *q, *ret;
3326 len = 1 + 4; /* message type, bit count */
3327 len += ssh1_bignum_length(s->key.exponent);
3328 len += ssh1_bignum_length(s->key.modulus);
3329 len += ssh1_bignum_length(s->challenge);
3330 len += 16; /* session id */
3331 len += 4; /* response format */
3332 agentreq = snewn(4 + len, char);
3333 PUT_32BIT(agentreq, len);
3335 *q++ = SSH1_AGENTC_RSA_CHALLENGE;
3336 PUT_32BIT(q, bignum_bitcount(s->key.modulus));
3338 q += ssh1_write_bignum(q, s->key.exponent);
3339 q += ssh1_write_bignum(q, s->key.modulus);
3340 q += ssh1_write_bignum(q, s->challenge);
3341 memcpy(q, s->session_id, 16);
3343 PUT_32BIT(q, 1); /* response format */
3344 if (!agent_query(agentreq, len + 4, &vret, &retlen,
3345 ssh_agent_callback, ssh)) {
3350 bombout(("Unexpected data from server"
3351 " while waiting for agent"
3355 } while (pktin || inlen > 0);
3356 vret = ssh->agent_response;
3357 retlen = ssh->agent_response_len;
3362 if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
3363 logevent("Sending Pageant's response");
3364 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3365 PKT_DATA, ret + 5, 16,
3369 if (pktin->type == SSH1_SMSG_SUCCESS) {
3371 ("Pageant's response accepted");
3372 if (flags & FLAG_VERBOSE) {
3373 c_write_str(ssh, "Authenticated using"
3375 c_write(ssh, s->commentp,
3377 c_write_str(ssh, "\" from agent\r\n");
3382 ("Pageant's response not accepted");
3385 ("Pageant failed to answer challenge");
3389 logevent("No reply received from Pageant");
3392 freebn(s->key.exponent);
3393 freebn(s->key.modulus);
3394 freebn(s->challenge);
3399 if (s->publickey_blob && !s->tried_publickey)
3400 logevent("Configured key file not in Pageant");
3405 if (s->publickey_blob && !s->tried_publickey) {
3407 * Try public key authentication with the specified
3410 int got_passphrase; /* need not be kept over crReturn */
3411 if (flags & FLAG_VERBOSE)
3412 c_write_str(ssh, "Trying public key authentication.\r\n");
3413 logeventf(ssh, "Trying public key \"%s\"",
3414 filename_to_str(&ssh->cfg.keyfile));
3415 s->tried_publickey = 1;
3416 got_passphrase = FALSE;
3417 while (!got_passphrase) {
3419 * Get a passphrase, if necessary.
3421 char *passphrase = NULL; /* only written after crReturn */
3423 if (!s->publickey_encrypted) {
3424 if (flags & FLAG_VERBOSE)
3425 c_write_str(ssh, "No passphrase required.\r\n");
3428 int ret; /* need not be kept over crReturn */
3429 s->cur_prompt = new_prompts(ssh->frontend);
3430 s->cur_prompt->to_server = FALSE;
3431 s->cur_prompt->name = dupstr("SSH key passphrase");
3432 add_prompt(s->cur_prompt,
3433 dupprintf("Passphrase for key \"%.100s\": ",
3434 s->publickey_comment),
3435 FALSE, SSH_MAX_PASSWORD_LEN);
3436 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3439 crWaitUntil(!pktin);
3440 ret = get_userpass_input(s->cur_prompt, in, inlen);
3444 /* Failed to get a passphrase. Terminate. */
3445 free_prompts(s->cur_prompt);
3446 ssh_disconnect(ssh, NULL, "Unable to authenticate",
3450 passphrase = dupstr(s->cur_prompt->prompts[0]->result);
3451 free_prompts(s->cur_prompt);
3454 * Try decrypting key with passphrase.
3456 ret = loadrsakey(&ssh->cfg.keyfile, &s->key, passphrase,
3459 memset(passphrase, 0, strlen(passphrase));
3463 /* Correct passphrase. */
3464 got_passphrase = TRUE;
3465 } else if (ret == 0) {
3466 c_write_str(ssh, "Couldn't load private key from ");
3467 c_write_str(ssh, filename_to_str(&ssh->cfg.keyfile));
3468 c_write_str(ssh, " (");
3469 c_write_str(ssh, error);
3470 c_write_str(ssh, ").\r\n");
3471 got_passphrase = FALSE;
3472 break; /* go and try something else */
3473 } else if (ret == -1) {
3474 c_write_str(ssh, "Wrong passphrase.\r\n"); /* FIXME */
3475 got_passphrase = FALSE;
3478 assert(0 && "unexpected return from loadrsakey()");
3482 if (got_passphrase) {
3485 * Send a public key attempt.
3487 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3488 PKT_BIGNUM, s->key.modulus, PKT_END);
3491 if (pktin->type == SSH1_SMSG_FAILURE) {
3492 c_write_str(ssh, "Server refused our public key.\r\n");
3493 continue; /* go and try something else */
3495 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3496 bombout(("Bizarre response to offer of public key"));
3502 unsigned char buffer[32];
3503 Bignum challenge, response;
3505 if ((challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3506 bombout(("Server's RSA challenge was badly formatted"));
3509 response = rsadecrypt(challenge, &s->key);
3510 freebn(s->key.private_exponent);/* burn the evidence */
3512 for (i = 0; i < 32; i++) {
3513 buffer[i] = bignum_byte(response, 31 - i);
3517 MD5Update(&md5c, buffer, 32);
3518 MD5Update(&md5c, s->session_id, 16);
3519 MD5Final(buffer, &md5c);
3521 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3522 PKT_DATA, buffer, 16, PKT_END);
3529 if (pktin->type == SSH1_SMSG_FAILURE) {
3530 if (flags & FLAG_VERBOSE)
3531 c_write_str(ssh, "Failed to authenticate with"
3532 " our public key.\r\n");
3533 continue; /* go and try something else */
3534 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
3535 bombout(("Bizarre response to RSA authentication response"));
3539 break; /* we're through! */
3545 * Otherwise, try various forms of password-like authentication.
3547 s->cur_prompt = new_prompts(ssh->frontend);
3549 if (ssh->cfg.try_tis_auth &&
3550 (s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
3551 !s->tis_auth_refused) {
3552 s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
3553 logevent("Requested TIS authentication");
3554 send_packet(ssh, SSH1_CMSG_AUTH_TIS, PKT_END);
3556 if (pktin->type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
3557 logevent("TIS authentication declined");
3558 if (flags & FLAG_INTERACTIVE)
3559 c_write_str(ssh, "TIS authentication refused.\r\n");
3560 s->tis_auth_refused = 1;
3565 char *instr_suf, *prompt;
3567 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3569 bombout(("TIS challenge packet was badly formed"));
3572 logevent("Received TIS challenge");
3573 s->cur_prompt->to_server = TRUE;
3574 s->cur_prompt->name = dupstr("SSH TIS authentication");
3575 /* Prompt heuristic comes from OpenSSH */
3576 if (memchr(challenge, '\n', challengelen)) {
3577 instr_suf = dupstr("");
3578 prompt = dupprintf("%.*s", challengelen, challenge);
3580 instr_suf = dupprintf("%.*s", challengelen, challenge);
3581 prompt = dupstr("Response: ");
3583 s->cur_prompt->instruction =
3584 dupprintf("Using TIS authentication.%s%s",
3585 (*instr_suf) ? "\n" : "",
3587 s->cur_prompt->instr_reqd = TRUE;
3588 add_prompt(s->cur_prompt, prompt, FALSE, SSH_MAX_PASSWORD_LEN);
3592 if (ssh->cfg.try_tis_auth &&
3593 (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
3594 !s->ccard_auth_refused) {
3595 s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
3596 logevent("Requested CryptoCard authentication");
3597 send_packet(ssh, SSH1_CMSG_AUTH_CCARD, PKT_END);
3599 if (pktin->type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
3600 logevent("CryptoCard authentication declined");
3601 c_write_str(ssh, "CryptoCard authentication refused.\r\n");
3602 s->ccard_auth_refused = 1;
3607 char *instr_suf, *prompt;
3609 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3611 bombout(("CryptoCard challenge packet was badly formed"));
3614 logevent("Received CryptoCard challenge");
3615 s->cur_prompt->to_server = TRUE;
3616 s->cur_prompt->name = dupstr("SSH CryptoCard authentication");
3617 s->cur_prompt->name_reqd = FALSE;
3618 /* Prompt heuristic comes from OpenSSH */
3619 if (memchr(challenge, '\n', challengelen)) {
3620 instr_suf = dupstr("");
3621 prompt = dupprintf("%.*s", challengelen, challenge);
3623 instr_suf = dupprintf("%.*s", challengelen, challenge);
3624 prompt = dupstr("Response: ");
3626 s->cur_prompt->instruction =
3627 dupprintf("Using CryptoCard authentication.%s%s",
3628 (*instr_suf) ? "\n" : "",
3630 s->cur_prompt->instr_reqd = TRUE;
3631 add_prompt(s->cur_prompt, prompt, FALSE, SSH_MAX_PASSWORD_LEN);
3635 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
3636 s->cur_prompt->to_server = TRUE;
3637 s->cur_prompt->name = dupstr("SSH password");
3638 add_prompt(s->cur_prompt, dupprintf("%.90s@%.90s's password: ",
3639 s->username, ssh->savedhost),
3640 FALSE, SSH_MAX_PASSWORD_LEN);
3644 * Show password prompt, having first obtained it via a TIS
3645 * or CryptoCard exchange if we're doing TIS or CryptoCard
3649 int ret; /* need not be kept over crReturn */
3650 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3653 crWaitUntil(!pktin);
3654 ret = get_userpass_input(s->cur_prompt, in, inlen);
3659 * Failed to get a password (for example
3660 * because one was supplied on the command line
3661 * which has already failed to work). Terminate.
3663 free_prompts(s->cur_prompt);
3664 ssh_disconnect(ssh, NULL, "Unable to authenticate", 0, TRUE);
3669 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
3671 * Defence against traffic analysis: we send a
3672 * whole bunch of packets containing strings of
3673 * different lengths. One of these strings is the
3674 * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
3675 * The others are all random data in
3676 * SSH1_MSG_IGNORE packets. This way a passive
3677 * listener can't tell which is the password, and
3678 * hence can't deduce the password length.
3680 * Anybody with a password length greater than 16
3681 * bytes is going to have enough entropy in their
3682 * password that a listener won't find it _that_
3683 * much help to know how long it is. So what we'll
3686 * - if password length < 16, we send 15 packets
3687 * containing string lengths 1 through 15
3689 * - otherwise, we let N be the nearest multiple
3690 * of 8 below the password length, and send 8
3691 * packets containing string lengths N through
3692 * N+7. This won't obscure the order of
3693 * magnitude of the password length, but it will
3694 * introduce a bit of extra uncertainty.
3696 * A few servers (the old 1.2.18 through 1.2.22)
3697 * can't deal with SSH1_MSG_IGNORE. For these
3698 * servers, we need an alternative defence. We make
3699 * use of the fact that the password is interpreted
3700 * as a C string: so we can append a NUL, then some
3703 * One server (a Cisco one) can deal with neither
3704 * SSH1_MSG_IGNORE _nor_ a padded password string.
3705 * For this server we are left with no defences
3706 * against password length sniffing.
3708 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE)) {
3710 * The server can deal with SSH1_MSG_IGNORE, so
3711 * we can use the primary defence.
3713 int bottom, top, pwlen, i;
3716 pwlen = strlen(s->cur_prompt->prompts[0]->result);
3718 bottom = 0; /* zero length passwords are OK! :-) */
3721 bottom = pwlen & ~7;
3725 assert(pwlen >= bottom && pwlen <= top);
3727 randomstr = snewn(top + 1, char);
3729 for (i = bottom; i <= top; i++) {
3731 defer_packet(ssh, s->pwpkt_type,
3732 PKTT_PASSWORD, PKT_STR,
3733 s->cur_prompt->prompts[0]->result,
3734 PKTT_OTHER, PKT_END);
3736 for (j = 0; j < i; j++) {
3738 randomstr[j] = random_byte();
3739 } while (randomstr[j] == '\0');
3741 randomstr[i] = '\0';
3742 defer_packet(ssh, SSH1_MSG_IGNORE,
3743 PKT_STR, randomstr, PKT_END);
3746 logevent("Sending password with camouflage packets");
3747 ssh_pkt_defersend(ssh);
3750 else if (!(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
3752 * The server can't deal with SSH1_MSG_IGNORE
3753 * but can deal with padded passwords, so we
3754 * can use the secondary defence.
3760 len = strlen(s->cur_prompt->prompts[0]->result);
3761 if (len < sizeof(string)) {
3763 strcpy(string, s->cur_prompt->prompts[0]->result);
3764 len++; /* cover the zero byte */
3765 while (len < sizeof(string)) {
3766 string[len++] = (char) random_byte();
3769 ss = s->cur_prompt->prompts[0]->result;
3771 logevent("Sending length-padded password");
3772 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
3773 PKT_INT, len, PKT_DATA, ss, len,
3774 PKTT_OTHER, PKT_END);
3777 * The server has _both_
3778 * BUG_CHOKES_ON_SSH1_IGNORE and
3779 * BUG_NEEDS_SSH1_PLAIN_PASSWORD. There is
3780 * therefore nothing we can do.
3783 len = strlen(s->cur_prompt->prompts[0]->result);
3784 logevent("Sending unpadded password");
3785 send_packet(ssh, s->pwpkt_type,
3786 PKTT_PASSWORD, PKT_INT, len,
3787 PKT_DATA, s->cur_prompt->prompts[0]->result, len,
3788 PKTT_OTHER, PKT_END);
3791 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
3792 PKT_STR, s->cur_prompt->prompts[0]->result,
3793 PKTT_OTHER, PKT_END);
3795 logevent("Sent password");
3796 free_prompts(s->cur_prompt);
3798 if (pktin->type == SSH1_SMSG_FAILURE) {
3799 if (flags & FLAG_VERBOSE)
3800 c_write_str(ssh, "Access denied\r\n");
3801 logevent("Authentication refused");
3802 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
3803 bombout(("Strange packet received, type %d", pktin->type));
3809 if (s->publickey_blob) {
3810 sfree(s->publickey_blob);
3811 sfree(s->publickey_comment);
3814 logevent("Authentication successful");
3819 void sshfwd_close(struct ssh_channel *c)
3823 if (ssh->state == SSH_STATE_CLOSED)
3826 if (c && !c->closes) {
3828 * If halfopen is true, we have sent
3829 * CHANNEL_OPEN for this channel, but it hasn't even been
3830 * acknowledged by the server. So we must set a close flag
3831 * on it now, and then when the server acks the channel
3832 * open, we can close it then.
3835 if (ssh->version == 1) {
3836 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
3839 struct Packet *pktout;
3840 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
3841 ssh2_pkt_adduint32(pktout, c->remoteid);
3842 ssh2_pkt_send(ssh, pktout);
3845 c->closes = 1; /* sent MSG_CLOSE */
3846 if (c->type == CHAN_X11) {
3848 logevent("Forwarded X11 connection terminated");
3849 } else if (c->type == CHAN_SOCKDATA ||
3850 c->type == CHAN_SOCKDATA_DORMANT) {
3852 logevent("Forwarded port closed");
3857 int sshfwd_write(struct ssh_channel *c, char *buf, int len)
3861 if (ssh->state == SSH_STATE_CLOSED)
3864 if (ssh->version == 1) {
3865 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
3866 PKT_INT, c->remoteid,
3868 PKT_INT, len, PKT_DATA, buf, len,
3869 PKTT_OTHER, PKT_END);
3871 * In SSH-1 we can return 0 here - implying that forwarded
3872 * connections are never individually throttled - because
3873 * the only circumstance that can cause throttling will be
3874 * the whole SSH connection backing up, in which case
3875 * _everything_ will be throttled as a whole.
3879 ssh2_add_channel_data(c, buf, len);
3880 return ssh2_try_send(c);
3884 void sshfwd_unthrottle(struct ssh_channel *c, int bufsize)
3888 if (ssh->state == SSH_STATE_CLOSED)
3891 if (ssh->version == 1) {
3892 if (c->v.v1.throttling && bufsize < SSH1_BUFFER_LIMIT) {
3893 c->v.v1.throttling = 0;
3894 ssh1_throttle(ssh, -1);
3897 ssh2_set_window(c, OUR_V2_WINSIZE - bufsize);
3901 static void ssh_queueing_handler(Ssh ssh, struct Packet *pktin)
3903 struct queued_handler *qh = ssh->qhead;
3907 assert(pktin->type == qh->msg1 || pktin->type == qh->msg2);
3910 assert(ssh->packet_dispatch[qh->msg1] == ssh_queueing_handler);
3911 ssh->packet_dispatch[qh->msg1] = NULL;
3914 assert(ssh->packet_dispatch[qh->msg2] == ssh_queueing_handler);
3915 ssh->packet_dispatch[qh->msg2] = NULL;
3919 ssh->qhead = qh->next;
3921 if (ssh->qhead->msg1 > 0) {
3922 assert(ssh->packet_dispatch[ssh->qhead->msg1] == NULL);
3923 ssh->packet_dispatch[ssh->qhead->msg1] = ssh_queueing_handler;
3925 if (ssh->qhead->msg2 > 0) {
3926 assert(ssh->packet_dispatch[ssh->qhead->msg2] == NULL);
3927 ssh->packet_dispatch[ssh->qhead->msg2] = ssh_queueing_handler;
3930 ssh->qhead = ssh->qtail = NULL;
3931 ssh->packet_dispatch[pktin->type] = NULL;
3934 qh->handler(ssh, pktin, qh->ctx);
3939 static void ssh_queue_handler(Ssh ssh, int msg1, int msg2,
3940 chandler_fn_t handler, void *ctx)
3942 struct queued_handler *qh;
3944 qh = snew(struct queued_handler);
3947 qh->handler = handler;
3951 if (ssh->qtail == NULL) {
3955 assert(ssh->packet_dispatch[qh->msg1] == NULL);
3956 ssh->packet_dispatch[qh->msg1] = ssh_queueing_handler;
3959 assert(ssh->packet_dispatch[qh->msg2] == NULL);
3960 ssh->packet_dispatch[qh->msg2] = ssh_queueing_handler;
3963 ssh->qtail->next = qh;
3968 static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)
3970 struct ssh_rportfwd *rpf, *pf = (struct ssh_rportfwd *)ctx;
3972 if (pktin->type == (ssh->version == 1 ? SSH1_SMSG_SUCCESS :
3973 SSH2_MSG_REQUEST_SUCCESS)) {
3974 logeventf(ssh, "Remote port forwarding from %s enabled",
3977 logeventf(ssh, "Remote port forwarding from %s refused",
3980 rpf = del234(ssh->rportfwds, pf);
3986 static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
3988 const char *portfwd_strptr = cfg->portfwd;
3989 struct ssh_portfwd *epf;
3992 if (!ssh->portfwds) {
3993 ssh->portfwds = newtree234(ssh_portcmp);
3996 * Go through the existing port forwardings and tag them
3997 * with status==DESTROY. Any that we want to keep will be
3998 * re-enabled (status==KEEP) as we go through the
3999 * configuration and find out which bits are the same as
4002 struct ssh_portfwd *epf;
4004 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4005 epf->status = DESTROY;
4008 while (*portfwd_strptr) {
4009 char address_family, type;
4010 int sport,dport,sserv,dserv;
4011 char sports[256], dports[256], saddr[256], host[256];
4014 address_family = 'A';
4016 if (*portfwd_strptr == 'A' ||
4017 *portfwd_strptr == '4' ||
4018 *portfwd_strptr == '6')
4019 address_family = *portfwd_strptr++;
4020 if (*portfwd_strptr == 'L' ||
4021 *portfwd_strptr == 'R' ||
4022 *portfwd_strptr == 'D')
4023 type = *portfwd_strptr++;
4028 while (*portfwd_strptr && *portfwd_strptr != '\t') {
4029 if (*portfwd_strptr == ':') {
4031 * We've seen a colon in the middle of the
4032 * source port number. This means that
4033 * everything we've seen until now is the
4034 * source _address_, so we'll move it into
4035 * saddr and start sports from the beginning
4040 if (ssh->version == 1 && type == 'R') {
4041 logeventf(ssh, "SSH-1 cannot handle remote source address "
4042 "spec \"%s\"; ignoring", sports);
4044 strcpy(saddr, sports);
4047 if (n < lenof(sports)-1) sports[n++] = *portfwd_strptr++;
4051 if (*portfwd_strptr == '\t')
4054 while (*portfwd_strptr && *portfwd_strptr != ':') {
4055 if (n < lenof(host)-1) host[n++] = *portfwd_strptr++;
4058 if (*portfwd_strptr == ':')
4061 while (*portfwd_strptr) {
4062 if (n < lenof(dports)-1) dports[n++] = *portfwd_strptr++;
4066 dport = atoi(dports);
4070 dport = net_service_lookup(dports);
4072 logeventf(ssh, "Service lookup failed for destination"
4073 " port \"%s\"", dports);
4077 while (*portfwd_strptr) portfwd_strptr++;
4081 portfwd_strptr++; /* eat the NUL and move to next one */
4083 sport = atoi(sports);
4087 sport = net_service_lookup(sports);
4089 logeventf(ssh, "Service lookup failed for source"
4090 " port \"%s\"", sports);
4093 if (sport && dport) {
4094 /* Set up a description of the source port. */
4095 struct ssh_portfwd *pfrec, *epfrec;
4097 pfrec = snew(struct ssh_portfwd);
4099 pfrec->saddr = *saddr ? dupstr(saddr) : NULL;
4100 pfrec->sserv = sserv ? dupstr(sports) : NULL;
4101 pfrec->sport = sport;
4102 pfrec->daddr = *host ? dupstr(host) : NULL;
4103 pfrec->dserv = dserv ? dupstr(dports) : NULL;
4104 pfrec->dport = dport;
4105 pfrec->local = NULL;
4106 pfrec->remote = NULL;
4107 pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
4108 address_family == '6' ? ADDRTYPE_IPV6 :
4111 epfrec = add234(ssh->portfwds, pfrec);
4112 if (epfrec != pfrec) {
4114 * We already have a port forwarding with precisely
4115 * these parameters. Hence, no need to do anything;
4116 * simply tag the existing one as KEEP.
4118 epfrec->status = KEEP;
4119 free_portfwd(pfrec);
4121 pfrec->status = CREATE;
4127 * Now go through and destroy any port forwardings which were
4130 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4131 if (epf->status == DESTROY) {
4134 message = dupprintf("%s port forwarding from %s%s%d",
4135 epf->type == 'L' ? "local" :
4136 epf->type == 'R' ? "remote" : "dynamic",
4137 epf->saddr ? epf->saddr : "",
4138 epf->saddr ? ":" : "",
4141 if (epf->type != 'D') {
4142 char *msg2 = dupprintf("%s to %s:%d", message,
4143 epf->daddr, epf->dport);
4148 logeventf(ssh, "Cancelling %s", message);
4152 struct ssh_rportfwd *rpf = epf->remote;
4153 struct Packet *pktout;
4156 * Cancel the port forwarding at the server
4159 if (ssh->version == 1) {
4161 * We cannot cancel listening ports on the
4162 * server side in SSH-1! There's no message
4163 * to support it. Instead, we simply remove
4164 * the rportfwd record from the local end
4165 * so that any connections the server tries
4166 * to make on it are rejected.
4169 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4170 ssh2_pkt_addstring(pktout, "cancel-tcpip-forward");
4171 ssh2_pkt_addbool(pktout, 0);/* _don't_ want reply */
4173 ssh2_pkt_addstring(pktout, epf->saddr);
4174 } else if (ssh->cfg.rport_acceptall) {
4175 /* XXX: ssh->cfg.rport_acceptall may not represent
4176 * what was used to open the original connection,
4177 * since it's reconfigurable. */
4178 ssh2_pkt_addstring(pktout, "0.0.0.0");
4180 ssh2_pkt_addstring(pktout, "127.0.0.1");
4182 ssh2_pkt_adduint32(pktout, epf->sport);
4183 ssh2_pkt_send(ssh, pktout);
4186 del234(ssh->rportfwds, rpf);
4188 } else if (epf->local) {
4189 pfd_terminate(epf->local);
4192 delpos234(ssh->portfwds, i);
4194 i--; /* so we don't skip one in the list */
4198 * And finally, set up any new port forwardings (status==CREATE).
4200 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4201 if (epf->status == CREATE) {
4202 char *sportdesc, *dportdesc;
4203 sportdesc = dupprintf("%s%s%s%s%d%s",
4204 epf->saddr ? epf->saddr : "",
4205 epf->saddr ? ":" : "",
4206 epf->sserv ? epf->sserv : "",
4207 epf->sserv ? "(" : "",
4209 epf->sserv ? ")" : "");
4210 if (epf->type == 'D') {
4213 dportdesc = dupprintf("%s:%s%s%d%s",
4215 epf->dserv ? epf->dserv : "",
4216 epf->dserv ? "(" : "",
4218 epf->dserv ? ")" : "");
4221 if (epf->type == 'L') {
4222 const char *err = pfd_addforward(epf->daddr, epf->dport,
4223 epf->saddr, epf->sport,
4226 epf->addressfamily);
4228 logeventf(ssh, "Local %sport %s forwarding to %s%s%s",
4229 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4230 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4231 sportdesc, dportdesc,
4232 err ? " failed: " : "", err ? err : "");
4233 } else if (epf->type == 'D') {
4234 const char *err = pfd_addforward(NULL, -1,
4235 epf->saddr, epf->sport,
4238 epf->addressfamily);
4240 logeventf(ssh, "Local %sport %s SOCKS dynamic forwarding%s%s",
4241 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4242 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4244 err ? " failed: " : "", err ? err : "");
4246 struct ssh_rportfwd *pf;
4249 * Ensure the remote port forwardings tree exists.
4251 if (!ssh->rportfwds) {
4252 if (ssh->version == 1)
4253 ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
4255 ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
4258 pf = snew(struct ssh_rportfwd);
4259 strncpy(pf->dhost, epf->daddr, lenof(pf->dhost)-1);
4260 pf->dhost[lenof(pf->dhost)-1] = '\0';
4261 pf->dport = epf->dport;
4262 pf->sport = epf->sport;
4263 if (add234(ssh->rportfwds, pf) != pf) {
4264 logeventf(ssh, "Duplicate remote port forwarding to %s:%d",
4265 epf->daddr, epf->dport);
4268 logeventf(ssh, "Requesting remote port %s"
4269 " forward to %s", sportdesc, dportdesc);
4271 pf->sportdesc = sportdesc;
4276 if (ssh->version == 1) {
4277 send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST,
4278 PKT_INT, epf->sport,
4279 PKT_STR, epf->daddr,
4280 PKT_INT, epf->dport,
4282 ssh_queue_handler(ssh, SSH1_SMSG_SUCCESS,
4284 ssh_rportfwd_succfail, pf);
4286 struct Packet *pktout;
4287 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4288 ssh2_pkt_addstring(pktout, "tcpip-forward");
4289 ssh2_pkt_addbool(pktout, 1);/* want reply */
4291 ssh2_pkt_addstring(pktout, epf->saddr);
4292 } else if (cfg->rport_acceptall) {
4293 ssh2_pkt_addstring(pktout, "0.0.0.0");
4295 ssh2_pkt_addstring(pktout, "127.0.0.1");
4297 ssh2_pkt_adduint32(pktout, epf->sport);
4298 ssh2_pkt_send(ssh, pktout);
4300 ssh_queue_handler(ssh, SSH2_MSG_REQUEST_SUCCESS,
4301 SSH2_MSG_REQUEST_FAILURE,
4302 ssh_rportfwd_succfail, pf);
4311 static void ssh1_smsg_stdout_stderr_data(Ssh ssh, struct Packet *pktin)
4314 int stringlen, bufsize;
4316 ssh_pkt_getstring(pktin, &string, &stringlen);
4317 if (string == NULL) {
4318 bombout(("Incoming terminal data packet was badly formed"));
4322 bufsize = from_backend(ssh->frontend, pktin->type == SSH1_SMSG_STDERR_DATA,
4324 if (!ssh->v1_stdout_throttling && bufsize > SSH1_BUFFER_LIMIT) {
4325 ssh->v1_stdout_throttling = 1;
4326 ssh1_throttle(ssh, +1);
4330 static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)
4332 /* Remote side is trying to open a channel to talk to our
4333 * X-Server. Give them back a local channel number. */
4334 struct ssh_channel *c;
4335 int remoteid = ssh_pkt_getuint32(pktin);
4337 logevent("Received X11 connect request");
4338 /* Refuse if X11 forwarding is disabled. */
4339 if (!ssh->X11_fwd_enabled) {
4340 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4341 PKT_INT, remoteid, PKT_END);
4342 logevent("Rejected X11 connect request");
4344 c = snew(struct ssh_channel);
4347 if (x11_init(&c->u.x11.s, ssh->cfg.x11_display, c,
4348 ssh->x11auth, NULL, -1, &ssh->cfg) != NULL) {
4349 logevent("Opening X11 forward connection failed");
4351 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4352 PKT_INT, remoteid, PKT_END);
4355 ("Opening X11 forward connection succeeded");
4356 c->remoteid = remoteid;
4357 c->halfopen = FALSE;
4358 c->localid = alloc_channel_id(ssh);
4360 c->v.v1.throttling = 0;
4361 c->type = CHAN_X11; /* identify channel type */
4362 add234(ssh->channels, c);
4363 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4364 PKT_INT, c->remoteid, PKT_INT,
4365 c->localid, PKT_END);
4366 logevent("Opened X11 forward channel");
4371 static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
4373 /* Remote side is trying to open a channel to talk to our
4374 * agent. Give them back a local channel number. */
4375 struct ssh_channel *c;
4376 int remoteid = ssh_pkt_getuint32(pktin);
4378 /* Refuse if agent forwarding is disabled. */
4379 if (!ssh->agentfwd_enabled) {
4380 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4381 PKT_INT, remoteid, PKT_END);
4383 c = snew(struct ssh_channel);
4385 c->remoteid = remoteid;
4386 c->halfopen = FALSE;
4387 c->localid = alloc_channel_id(ssh);
4389 c->v.v1.throttling = 0;
4390 c->type = CHAN_AGENT; /* identify channel type */
4391 c->u.a.lensofar = 0;
4392 add234(ssh->channels, c);
4393 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4394 PKT_INT, c->remoteid, PKT_INT, c->localid,
4399 static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
4401 /* Remote side is trying to open a channel to talk to a
4402 * forwarded port. Give them back a local channel number. */
4403 struct ssh_channel *c;
4404 struct ssh_rportfwd pf, *pfp;
4409 c = snew(struct ssh_channel);
4412 remoteid = ssh_pkt_getuint32(pktin);
4413 ssh_pkt_getstring(pktin, &host, &hostsize);
4414 port = ssh_pkt_getuint32(pktin);
4416 if (hostsize >= lenof(pf.dhost))
4417 hostsize = lenof(pf.dhost)-1;
4418 memcpy(pf.dhost, host, hostsize);
4419 pf.dhost[hostsize] = '\0';
4421 pfp = find234(ssh->rportfwds, &pf, NULL);
4424 logeventf(ssh, "Rejected remote port open request for %s:%d",
4426 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4427 PKT_INT, remoteid, PKT_END);
4429 logeventf(ssh, "Received remote port open request for %s:%d",
4431 e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port,
4432 c, &ssh->cfg, pfp->pfrec->addressfamily);
4434 logeventf(ssh, "Port open failed: %s", e);
4436 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4437 PKT_INT, remoteid, PKT_END);
4439 c->remoteid = remoteid;
4440 c->halfopen = FALSE;
4441 c->localid = alloc_channel_id(ssh);
4443 c->v.v1.throttling = 0;
4444 c->type = CHAN_SOCKDATA; /* identify channel type */
4445 add234(ssh->channels, c);
4446 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4447 PKT_INT, c->remoteid, PKT_INT,
4448 c->localid, PKT_END);
4449 logevent("Forwarded port opened successfully");
4454 static void ssh1_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
4456 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4457 unsigned int localid = ssh_pkt_getuint32(pktin);
4458 struct ssh_channel *c;
4460 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4461 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4462 c->remoteid = localid;
4463 c->halfopen = FALSE;
4464 c->type = CHAN_SOCKDATA;
4465 c->v.v1.throttling = 0;
4466 pfd_confirm(c->u.pfd.s);
4469 if (c && c->closes) {
4471 * We have a pending close on this channel,
4472 * which we decided on before the server acked
4473 * the channel open. So now we know the
4474 * remoteid, we can close it again.
4476 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE,
4477 PKT_INT, c->remoteid, PKT_END);
4481 static void ssh1_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
4483 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4484 struct ssh_channel *c;
4486 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4487 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4488 logevent("Forwarded connection refused by server");
4489 pfd_close(c->u.pfd.s);
4490 del234(ssh->channels, c);
4495 static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin)
4497 /* Remote side closes a channel. */
4498 unsigned i = ssh_pkt_getuint32(pktin);
4499 struct ssh_channel *c;
4500 c = find234(ssh->channels, &i, ssh_channelfind);
4501 if (c && !c->halfopen) {
4504 (pktin->type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2);
4506 if ((c->closes == 0) && (c->type == CHAN_X11)) {
4507 logevent("Forwarded X11 connection terminated");
4508 assert(c->u.x11.s != NULL);
4509 x11_close(c->u.x11.s);
4512 if ((c->closes == 0) && (c->type == CHAN_SOCKDATA)) {
4513 logevent("Forwarded port closed");
4514 assert(c->u.pfd.s != NULL);
4515 pfd_close(c->u.pfd.s);
4519 c->closes |= (closetype << 2); /* seen this message */
4520 if (!(c->closes & closetype)) {
4521 send_packet(ssh, pktin->type, PKT_INT, c->remoteid,
4523 c->closes |= closetype; /* sent it too */
4526 if (c->closes == 15) {
4527 del234(ssh->channels, c);
4531 bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
4532 pktin->type == SSH1_MSG_CHANNEL_CLOSE ? "" :
4533 "_CONFIRMATION", c ? "half-open" : "nonexistent",
4538 static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
4540 /* Data sent down one of our channels. */
4541 int i = ssh_pkt_getuint32(pktin);
4544 struct ssh_channel *c;
4546 ssh_pkt_getstring(pktin, &p, &len);
4548 c = find234(ssh->channels, &i, ssh_channelfind);
4553 bufsize = x11_send(c->u.x11.s, p, len);
4556 bufsize = pfd_send(c->u.pfd.s, p, len);
4559 /* Data for an agent message. Buffer it. */
4561 if (c->u.a.lensofar < 4) {
4562 unsigned int l = min(4 - c->u.a.lensofar, len);
4563 memcpy(c->u.a.msglen + c->u.a.lensofar, p,
4567 c->u.a.lensofar += l;
4569 if (c->u.a.lensofar == 4) {
4571 4 + GET_32BIT(c->u.a.msglen);
4572 c->u.a.message = snewn(c->u.a.totallen,
4574 memcpy(c->u.a.message, c->u.a.msglen, 4);
4576 if (c->u.a.lensofar >= 4 && len > 0) {
4578 min(c->u.a.totallen - c->u.a.lensofar,
4580 memcpy(c->u.a.message + c->u.a.lensofar, p,
4584 c->u.a.lensofar += l;
4586 if (c->u.a.lensofar == c->u.a.totallen) {
4589 if (agent_query(c->u.a.message,
4592 ssh_agentf_callback, c))
4593 ssh_agentf_callback(c, reply, replylen);
4594 sfree(c->u.a.message);
4595 c->u.a.lensofar = 0;
4598 bufsize = 0; /* agent channels never back up */
4601 if (!c->v.v1.throttling && bufsize > SSH1_BUFFER_LIMIT) {
4602 c->v.v1.throttling = 1;
4603 ssh1_throttle(ssh, +1);
4608 static void ssh1_smsg_exit_status(Ssh ssh, struct Packet *pktin)
4610 ssh->exitcode = ssh_pkt_getuint32(pktin);
4611 logeventf(ssh, "Server sent command exit status %d", ssh->exitcode);
4612 send_packet(ssh, SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
4614 * In case `helpful' firewalls or proxies tack
4615 * extra human-readable text on the end of the
4616 * session which we might mistake for another
4617 * encrypted packet, we close the session once
4618 * we've sent EXIT_CONFIRMATION.
4620 ssh_disconnect(ssh, NULL, NULL, 0, TRUE);
4623 /* Helper function to deal with sending tty modes for REQUEST_PTY */
4624 static void ssh1_send_ttymode(void *data, char *mode, char *val)
4626 struct Packet *pktout = (struct Packet *)data;
4628 unsigned int arg = 0;
4629 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
4630 if (i == lenof(ssh_ttymodes)) return;
4631 switch (ssh_ttymodes[i].type) {
4633 arg = ssh_tty_parse_specchar(val);
4636 arg = ssh_tty_parse_boolean(val);
4639 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
4640 ssh2_pkt_addbyte(pktout, arg);
4644 static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
4645 struct Packet *pktin)
4647 crBegin(ssh->do_ssh1_connection_crstate);
4649 ssh->packet_dispatch[SSH1_SMSG_STDOUT_DATA] =
4650 ssh->packet_dispatch[SSH1_SMSG_STDERR_DATA] =
4651 ssh1_smsg_stdout_stderr_data;
4653 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_CONFIRMATION] =
4654 ssh1_msg_channel_open_confirmation;
4655 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_FAILURE] =
4656 ssh1_msg_channel_open_failure;
4657 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE] =
4658 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION] =
4659 ssh1_msg_channel_close;
4660 ssh->packet_dispatch[SSH1_MSG_CHANNEL_DATA] = ssh1_msg_channel_data;
4661 ssh->packet_dispatch[SSH1_SMSG_EXIT_STATUS] = ssh1_smsg_exit_status;
4663 if (ssh->cfg.agentfwd && agent_exists()) {
4664 logevent("Requesting agent forwarding");
4665 send_packet(ssh, SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
4669 if (pktin->type != SSH1_SMSG_SUCCESS
4670 && pktin->type != SSH1_SMSG_FAILURE) {
4671 bombout(("Protocol confusion"));
4673 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4674 logevent("Agent forwarding refused");
4676 logevent("Agent forwarding enabled");
4677 ssh->agentfwd_enabled = TRUE;
4678 ssh->packet_dispatch[SSH1_SMSG_AGENT_OPEN] = ssh1_smsg_agent_open;
4682 if (ssh->cfg.x11_forward) {
4683 char proto[20], data[64];
4684 logevent("Requesting X11 forwarding");
4685 ssh->x11auth = x11_invent_auth(proto, sizeof(proto),
4686 data, sizeof(data), ssh->cfg.x11_auth);
4687 x11_get_real_auth(ssh->x11auth, ssh->cfg.x11_display);
4689 * Note that while we blank the X authentication data here, we don't
4690 * take any special action to blank the start of an X11 channel,
4691 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
4692 * without having session blanking enabled is likely to leak your
4693 * cookie into the log.
4695 if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
4696 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
4698 PKTT_PASSWORD, PKT_STR, data, PKTT_OTHER,
4699 PKT_INT, x11_get_screen_number(ssh->cfg.x11_display),
4702 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
4704 PKTT_PASSWORD, PKT_STR, data, PKTT_OTHER, PKT_END);
4709 if (pktin->type != SSH1_SMSG_SUCCESS
4710 && pktin->type != SSH1_SMSG_FAILURE) {
4711 bombout(("Protocol confusion"));
4713 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4714 logevent("X11 forwarding refused");
4716 logevent("X11 forwarding enabled");
4717 ssh->X11_fwd_enabled = TRUE;
4718 ssh->packet_dispatch[SSH1_SMSG_X11_OPEN] = ssh1_smsg_x11_open;
4722 ssh_setup_portfwd(ssh, &ssh->cfg);
4723 ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = ssh1_msg_port_open;
4725 if (!ssh->cfg.nopty) {
4727 /* Unpick the terminal-speed string. */
4728 /* XXX perhaps we should allow no speeds to be sent. */
4729 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
4730 sscanf(ssh->cfg.termspeed, "%d,%d", &ssh->ospeed, &ssh->ispeed);
4731 /* Send the pty request. */
4732 pkt = ssh1_pkt_init(SSH1_CMSG_REQUEST_PTY);
4733 ssh_pkt_addstring(pkt, ssh->cfg.termtype);
4734 ssh_pkt_adduint32(pkt, ssh->term_height);
4735 ssh_pkt_adduint32(pkt, ssh->term_width);
4736 ssh_pkt_adduint32(pkt, 0); /* width in pixels */
4737 ssh_pkt_adduint32(pkt, 0); /* height in pixels */
4738 parse_ttymodes(ssh, ssh->cfg.ttymodes,
4739 ssh1_send_ttymode, (void *)pkt);
4740 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_ISPEED);
4741 ssh_pkt_adduint32(pkt, ssh->ispeed);
4742 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_OSPEED);
4743 ssh_pkt_adduint32(pkt, ssh->ospeed);
4744 ssh_pkt_addbyte(pkt, SSH_TTY_OP_END);
4746 ssh->state = SSH_STATE_INTERMED;
4750 if (pktin->type != SSH1_SMSG_SUCCESS
4751 && pktin->type != SSH1_SMSG_FAILURE) {
4752 bombout(("Protocol confusion"));
4754 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4755 c_write_str(ssh, "Server refused to allocate pty\r\n");
4756 ssh->editing = ssh->echoing = 1;
4758 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
4759 ssh->ospeed, ssh->ispeed);
4761 ssh->editing = ssh->echoing = 1;
4764 if (ssh->cfg.compression) {
4765 send_packet(ssh, SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
4769 if (pktin->type != SSH1_SMSG_SUCCESS
4770 && pktin->type != SSH1_SMSG_FAILURE) {
4771 bombout(("Protocol confusion"));
4773 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4774 c_write_str(ssh, "Server refused to compress\r\n");
4776 logevent("Started compression");
4777 ssh->v1_compressing = TRUE;
4778 ssh->cs_comp_ctx = zlib_compress_init();
4779 logevent("Initialised zlib (RFC1950) compression");
4780 ssh->sc_comp_ctx = zlib_decompress_init();
4781 logevent("Initialised zlib (RFC1950) decompression");
4785 * Start the shell or command.
4787 * Special case: if the first-choice command is an SSH-2
4788 * subsystem (hence not usable here) and the second choice
4789 * exists, we fall straight back to that.
4792 char *cmd = ssh->cfg.remote_cmd_ptr;
4794 if (!cmd) cmd = ssh->cfg.remote_cmd;
4796 if (ssh->cfg.ssh_subsys && ssh->cfg.remote_cmd_ptr2) {
4797 cmd = ssh->cfg.remote_cmd_ptr2;
4798 ssh->fallback_cmd = TRUE;
4801 send_packet(ssh, SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END);
4803 send_packet(ssh, SSH1_CMSG_EXEC_SHELL, PKT_END);
4804 logevent("Started session");
4807 ssh->state = SSH_STATE_SESSION;
4808 if (ssh->size_needed)
4809 ssh_size(ssh, ssh->term_width, ssh->term_height);
4810 if (ssh->eof_needed)
4811 ssh_special(ssh, TS_EOF);
4814 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
4816 ssh->channels = newtree234(ssh_channelcmp);
4820 * By this point, most incoming packets are already being
4821 * handled by the dispatch table, and we need only pay
4822 * attention to the unusual ones.
4827 if (pktin->type == SSH1_SMSG_SUCCESS) {
4828 /* may be from EXEC_SHELL on some servers */
4829 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4830 /* may be from EXEC_SHELL on some servers
4831 * if no pty is available or in other odd cases. Ignore */
4833 bombout(("Strange packet received: type %d", pktin->type));
4838 int len = min(inlen, 512);
4839 send_packet(ssh, SSH1_CMSG_STDIN_DATA, PKTT_DATA,
4840 PKT_INT, len, PKT_DATA, in, len,
4841 PKTT_OTHER, PKT_END);
4852 * Handle the top-level SSH-2 protocol.
4854 static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
4859 ssh_pkt_getstring(pktin, &msg, &msglen);
4860 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
4863 static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
4865 /* log reason code in disconnect message */
4869 ssh_pkt_getstring(pktin, &msg, &msglen);
4870 bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg));
4873 static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin)
4875 /* Do nothing, because we're ignoring it! Duhh. */
4878 static void ssh1_protocol_setup(Ssh ssh)
4883 * Most messages are handled by the coroutines.
4885 for (i = 0; i < 256; i++)
4886 ssh->packet_dispatch[i] = NULL;
4889 * These special message types we install handlers for.
4891 ssh->packet_dispatch[SSH1_MSG_DISCONNECT] = ssh1_msg_disconnect;
4892 ssh->packet_dispatch[SSH1_MSG_IGNORE] = ssh_msg_ignore;
4893 ssh->packet_dispatch[SSH1_MSG_DEBUG] = ssh1_msg_debug;
4896 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
4897 struct Packet *pktin)
4899 unsigned char *in=(unsigned char*)vin;
4900 if (ssh->state == SSH_STATE_CLOSED)
4903 if (pktin && ssh->packet_dispatch[pktin->type]) {
4904 ssh->packet_dispatch[pktin->type](ssh, pktin);
4908 if (!ssh->protocol_initial_phase_done) {
4909 if (do_ssh1_login(ssh, in, inlen, pktin))
4910 ssh->protocol_initial_phase_done = TRUE;
4915 do_ssh1_connection(ssh, in, inlen, pktin);
4919 * Utility routine for decoding comma-separated strings in KEXINIT.
4921 static int in_commasep_string(char *needle, char *haystack, int haylen)
4924 if (!needle || !haystack) /* protect against null pointers */
4926 needlen = strlen(needle);
4929 * Is it at the start of the string?
4931 if (haylen >= needlen && /* haystack is long enough */
4932 !memcmp(needle, haystack, needlen) && /* initial match */
4933 (haylen == needlen || haystack[needlen] == ',')
4934 /* either , or EOS follows */
4938 * If not, search for the next comma and resume after that.
4939 * If no comma found, terminate.
4941 while (haylen > 0 && *haystack != ',')
4942 haylen--, haystack++;
4945 haylen--, haystack++; /* skip over comma itself */
4950 * Similar routine for checking whether we have the first string in a list.
4952 static int first_in_commasep_string(char *needle, char *haystack, int haylen)
4955 if (!needle || !haystack) /* protect against null pointers */
4957 needlen = strlen(needle);
4959 * Is it at the start of the string?
4961 if (haylen >= needlen && /* haystack is long enough */
4962 !memcmp(needle, haystack, needlen) && /* initial match */
4963 (haylen == needlen || haystack[needlen] == ',')
4964 /* either , or EOS follows */
4972 * SSH-2 key creation method.
4973 * (Currently assumes 2 lots of any hash are sufficient to generate
4974 * keys/IVs for any cipher/MAC. SSH2_MKKEY_ITERS documents this assumption.)
4976 #define SSH2_MKKEY_ITERS (2)
4977 static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr,
4978 unsigned char *keyspace)
4980 const struct ssh_hash *h = ssh->kex->hash;
4982 /* First hlen bytes. */
4984 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
4985 hash_mpint(h, s, K);
4986 h->bytes(s, H, h->hlen);
4987 h->bytes(s, &chr, 1);
4988 h->bytes(s, ssh->v2_session_id, ssh->v2_session_id_len);
4989 h->final(s, keyspace);
4990 /* Next hlen bytes. */
4992 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
4993 hash_mpint(h, s, K);
4994 h->bytes(s, H, h->hlen);
4995 h->bytes(s, keyspace, h->hlen);
4996 h->final(s, keyspace + h->hlen);
5000 * Handle the SSH-2 transport layer.
5002 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
5003 struct Packet *pktin)
5005 unsigned char *in = (unsigned char *)vin;
5006 struct do_ssh2_transport_state {
5007 int nbits, pbits, warn_kex, warn_cscipher, warn_sccipher;
5008 Bignum p, g, e, f, K;
5011 int kex_init_value, kex_reply_value;
5012 const struct ssh_mac **maclist;
5014 const struct ssh2_cipher *cscipher_tobe;
5015 const struct ssh2_cipher *sccipher_tobe;
5016 const struct ssh_mac *csmac_tobe;
5017 const struct ssh_mac *scmac_tobe;
5018 const struct ssh_compress *cscomp_tobe;
5019 const struct ssh_compress *sccomp_tobe;
5020 char *hostkeydata, *sigdata, *keystr, *fingerprint;
5021 int hostkeylen, siglen;
5022 void *hkey; /* actual host key */
5023 unsigned char exchange_hash[SSH2_KEX_MAX_HASH_LEN];
5024 int n_preferred_kex;
5025 const struct ssh_kexes *preferred_kex[KEX_MAX];
5026 int n_preferred_ciphers;
5027 const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
5028 const struct ssh_compress *preferred_comp;
5029 int got_session_id, activated_authconn;
5030 struct Packet *pktout;
5035 crState(do_ssh2_transport_state);
5037 crBegin(ssh->do_ssh2_transport_crstate);
5039 s->cscipher_tobe = s->sccipher_tobe = NULL;
5040 s->csmac_tobe = s->scmac_tobe = NULL;
5041 s->cscomp_tobe = s->sccomp_tobe = NULL;
5043 s->got_session_id = s->activated_authconn = FALSE;
5046 * Be prepared to work around the buggy MAC problem.
5048 if (ssh->remote_bugs & BUG_SSH2_HMAC)
5049 s->maclist = buggymacs, s->nmacs = lenof(buggymacs);
5051 s->maclist = macs, s->nmacs = lenof(macs);
5054 ssh->pkt_ctx &= ~SSH2_PKTCTX_KEX_MASK;
5056 int i, j, commalist_started;
5059 * Set up the preferred key exchange. (NULL => warn below here)
5061 s->n_preferred_kex = 0;
5062 for (i = 0; i < KEX_MAX; i++) {
5063 switch (ssh->cfg.ssh_kexlist[i]) {
5065 s->preferred_kex[s->n_preferred_kex++] =
5066 &ssh_diffiehellman_gex;
5069 s->preferred_kex[s->n_preferred_kex++] =
5070 &ssh_diffiehellman_group14;
5073 s->preferred_kex[s->n_preferred_kex++] =
5074 &ssh_diffiehellman_group1;
5077 /* Flag for later. Don't bother if it's the last in
5079 if (i < KEX_MAX - 1) {
5080 s->preferred_kex[s->n_preferred_kex++] = NULL;
5087 * Set up the preferred ciphers. (NULL => warn below here)
5089 s->n_preferred_ciphers = 0;
5090 for (i = 0; i < CIPHER_MAX; i++) {
5091 switch (ssh->cfg.ssh_cipherlist[i]) {
5092 case CIPHER_BLOWFISH:
5093 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_blowfish;
5096 if (ssh->cfg.ssh2_des_cbc) {
5097 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_des;
5101 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_3des;
5104 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_aes;
5106 case CIPHER_ARCFOUR:
5107 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_arcfour;
5110 /* Flag for later. Don't bother if it's the last in
5112 if (i < CIPHER_MAX - 1) {
5113 s->preferred_ciphers[s->n_preferred_ciphers++] = NULL;
5120 * Set up preferred compression.
5122 if (ssh->cfg.compression)
5123 s->preferred_comp = &ssh_zlib;
5125 s->preferred_comp = &ssh_comp_none;
5128 * Enable queueing of outgoing auth- or connection-layer
5129 * packets while we are in the middle of a key exchange.
5131 ssh->queueing = TRUE;
5134 * Flag that KEX is in progress.
5136 ssh->kex_in_progress = TRUE;
5139 * Construct and send our key exchange packet.
5141 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXINIT);
5142 for (i = 0; i < 16; i++)
5143 ssh2_pkt_addbyte(s->pktout, (unsigned char) random_byte());
5144 /* List key exchange algorithms. */
5145 ssh2_pkt_addstring_start(s->pktout);
5146 commalist_started = 0;
5147 for (i = 0; i < s->n_preferred_kex; i++) {
5148 const struct ssh_kexes *k = s->preferred_kex[i];
5149 if (!k) continue; /* warning flag */
5150 for (j = 0; j < k->nkexes; j++) {
5151 if (commalist_started)
5152 ssh2_pkt_addstring_str(s->pktout, ",");
5153 ssh2_pkt_addstring_str(s->pktout, k->list[j]->name);
5154 commalist_started = 1;
5157 /* List server host key algorithms. */
5158 ssh2_pkt_addstring_start(s->pktout);
5159 for (i = 0; i < lenof(hostkey_algs); i++) {
5160 ssh2_pkt_addstring_str(s->pktout, hostkey_algs[i]->name);
5161 if (i < lenof(hostkey_algs) - 1)
5162 ssh2_pkt_addstring_str(s->pktout, ",");
5164 /* List client->server encryption algorithms. */
5165 ssh2_pkt_addstring_start(s->pktout);
5166 commalist_started = 0;
5167 for (i = 0; i < s->n_preferred_ciphers; i++) {
5168 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5169 if (!c) continue; /* warning flag */
5170 for (j = 0; j < c->nciphers; j++) {
5171 if (commalist_started)
5172 ssh2_pkt_addstring_str(s->pktout, ",");
5173 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5174 commalist_started = 1;
5177 /* List server->client encryption algorithms. */
5178 ssh2_pkt_addstring_start(s->pktout);
5179 commalist_started = 0;
5180 for (i = 0; i < s->n_preferred_ciphers; i++) {
5181 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5182 if (!c) continue; /* warning flag */
5183 for (j = 0; j < c->nciphers; j++) {
5184 if (commalist_started)
5185 ssh2_pkt_addstring_str(s->pktout, ",");
5186 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5187 commalist_started = 1;
5190 /* List client->server MAC algorithms. */
5191 ssh2_pkt_addstring_start(s->pktout);
5192 for (i = 0; i < s->nmacs; i++) {
5193 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5194 if (i < s->nmacs - 1)
5195 ssh2_pkt_addstring_str(s->pktout, ",");
5197 /* List server->client MAC algorithms. */
5198 ssh2_pkt_addstring_start(s->pktout);
5199 for (i = 0; i < s->nmacs; i++) {
5200 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5201 if (i < s->nmacs - 1)
5202 ssh2_pkt_addstring_str(s->pktout, ",");
5204 /* List client->server compression algorithms. */
5205 ssh2_pkt_addstring_start(s->pktout);
5206 assert(lenof(compressions) > 1);
5207 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5208 for (i = 0; i < lenof(compressions); i++) {
5209 const struct ssh_compress *c = compressions[i];
5210 if (c != s->preferred_comp) {
5211 ssh2_pkt_addstring_str(s->pktout, ",");
5212 ssh2_pkt_addstring_str(s->pktout, c->name);
5215 /* List server->client compression algorithms. */
5216 ssh2_pkt_addstring_start(s->pktout);
5217 assert(lenof(compressions) > 1);
5218 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5219 for (i = 0; i < lenof(compressions); i++) {
5220 const struct ssh_compress *c = compressions[i];
5221 if (c != s->preferred_comp) {
5222 ssh2_pkt_addstring_str(s->pktout, ",");
5223 ssh2_pkt_addstring_str(s->pktout, c->name);
5226 /* List client->server languages. Empty list. */
5227 ssh2_pkt_addstring_start(s->pktout);
5228 /* List server->client languages. Empty list. */
5229 ssh2_pkt_addstring_start(s->pktout);
5230 /* First KEX packet does _not_ follow, because we're not that brave. */
5231 ssh2_pkt_addbool(s->pktout, FALSE);
5233 ssh2_pkt_adduint32(s->pktout, 0);
5236 s->our_kexinitlen = s->pktout->length - 5;
5237 s->our_kexinit = snewn(s->our_kexinitlen, unsigned char);
5238 memcpy(s->our_kexinit, s->pktout->data + 5, s->our_kexinitlen);
5240 ssh2_pkt_send_noqueue(ssh, s->pktout);
5246 * Now examine the other side's KEXINIT to see what we're up
5250 char *str, *preferred;
5253 if (pktin->type != SSH2_MSG_KEXINIT) {
5254 bombout(("expected key exchange packet from server"));
5258 ssh->hostkey = NULL;
5259 s->cscipher_tobe = NULL;
5260 s->sccipher_tobe = NULL;
5261 s->csmac_tobe = NULL;
5262 s->scmac_tobe = NULL;
5263 s->cscomp_tobe = NULL;
5264 s->sccomp_tobe = NULL;
5265 s->warn_kex = s->warn_cscipher = s->warn_sccipher = FALSE;
5267 pktin->savedpos += 16; /* skip garbage cookie */
5268 ssh_pkt_getstring(pktin, &str, &len); /* key exchange algorithms */
5271 for (i = 0; i < s->n_preferred_kex; i++) {
5272 const struct ssh_kexes *k = s->preferred_kex[i];
5276 for (j = 0; j < k->nkexes; j++) {
5277 if (!preferred) preferred = k->list[j]->name;
5278 if (in_commasep_string(k->list[j]->name, str, len)) {
5279 ssh->kex = k->list[j];
5288 bombout(("Couldn't agree a key exchange algorithm (available: %s)",
5289 str ? str : "(null)"));
5293 * Note that the server's guess is considered wrong if it doesn't match
5294 * the first algorithm in our list, even if it's still the algorithm
5297 s->guessok = first_in_commasep_string(preferred, str, len);
5298 ssh_pkt_getstring(pktin, &str, &len); /* host key algorithms */
5299 for (i = 0; i < lenof(hostkey_algs); i++) {
5300 if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
5301 ssh->hostkey = hostkey_algs[i];
5305 s->guessok = s->guessok &&
5306 first_in_commasep_string(hostkey_algs[0]->name, str, len);
5307 ssh_pkt_getstring(pktin, &str, &len); /* client->server cipher */
5308 for (i = 0; i < s->n_preferred_ciphers; i++) {
5309 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5311 s->warn_cscipher = TRUE;
5313 for (j = 0; j < c->nciphers; j++) {
5314 if (in_commasep_string(c->list[j]->name, str, len)) {
5315 s->cscipher_tobe = c->list[j];
5320 if (s->cscipher_tobe)
5323 if (!s->cscipher_tobe) {
5324 bombout(("Couldn't agree a client-to-server cipher (available: %s)",
5325 str ? str : "(null)"));
5329 ssh_pkt_getstring(pktin, &str, &len); /* server->client cipher */
5330 for (i = 0; i < s->n_preferred_ciphers; i++) {
5331 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5333 s->warn_sccipher = TRUE;
5335 for (j = 0; j < c->nciphers; j++) {
5336 if (in_commasep_string(c->list[j]->name, str, len)) {
5337 s->sccipher_tobe = c->list[j];
5342 if (s->sccipher_tobe)
5345 if (!s->sccipher_tobe) {
5346 bombout(("Couldn't agree a server-to-client cipher (available: %s)",
5347 str ? str : "(null)"));
5351 ssh_pkt_getstring(pktin, &str, &len); /* client->server mac */
5352 for (i = 0; i < s->nmacs; i++) {
5353 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5354 s->csmac_tobe = s->maclist[i];
5358 ssh_pkt_getstring(pktin, &str, &len); /* server->client mac */
5359 for (i = 0; i < s->nmacs; i++) {
5360 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5361 s->scmac_tobe = s->maclist[i];
5365 ssh_pkt_getstring(pktin, &str, &len); /* client->server compression */
5366 for (i = 0; i < lenof(compressions) + 1; i++) {
5367 const struct ssh_compress *c =
5368 i == 0 ? s->preferred_comp : compressions[i - 1];
5369 if (in_commasep_string(c->name, str, len)) {
5374 ssh_pkt_getstring(pktin, &str, &len); /* server->client compression */
5375 for (i = 0; i < lenof(compressions) + 1; i++) {
5376 const struct ssh_compress *c =
5377 i == 0 ? s->preferred_comp : compressions[i - 1];
5378 if (in_commasep_string(c->name, str, len)) {
5383 ssh_pkt_getstring(pktin, &str, &len); /* client->server language */
5384 ssh_pkt_getstring(pktin, &str, &len); /* server->client language */
5385 s->ignorepkt = ssh2_pkt_getbool(pktin) && !s->guessok;
5388 ssh_set_frozen(ssh, 1);
5389 s->dlgret = askalg(ssh->frontend, "key-exchange algorithm",
5391 ssh_dialog_callback, ssh);
5392 if (s->dlgret < 0) {
5396 bombout(("Unexpected data from server while"
5397 " waiting for user response"));
5400 } while (pktin || inlen > 0);
5401 s->dlgret = ssh->user_response;
5403 ssh_set_frozen(ssh, 0);
5404 if (s->dlgret == 0) {
5405 ssh_disconnect(ssh, "User aborted at kex warning", NULL,
5411 if (s->warn_cscipher) {
5412 ssh_set_frozen(ssh, 1);
5413 s->dlgret = askalg(ssh->frontend,
5414 "client-to-server cipher",
5415 s->cscipher_tobe->name,
5416 ssh_dialog_callback, ssh);
5417 if (s->dlgret < 0) {
5421 bombout(("Unexpected data from server while"
5422 " waiting for user response"));
5425 } while (pktin || inlen > 0);
5426 s->dlgret = ssh->user_response;
5428 ssh_set_frozen(ssh, 0);
5429 if (s->dlgret == 0) {
5430 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5436 if (s->warn_sccipher) {
5437 ssh_set_frozen(ssh, 1);
5438 s->dlgret = askalg(ssh->frontend,
5439 "server-to-client cipher",
5440 s->sccipher_tobe->name,
5441 ssh_dialog_callback, ssh);
5442 if (s->dlgret < 0) {
5446 bombout(("Unexpected data from server while"
5447 " waiting for user response"));
5450 } while (pktin || inlen > 0);
5451 s->dlgret = ssh->user_response;
5453 ssh_set_frozen(ssh, 0);
5454 if (s->dlgret == 0) {
5455 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5461 ssh->exhash = ssh->kex->hash->init();
5462 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c));
5463 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s));
5464 hash_string(ssh->kex->hash, ssh->exhash,
5465 s->our_kexinit, s->our_kexinitlen);
5466 sfree(s->our_kexinit);
5467 if (pktin->length > 5)
5468 hash_string(ssh->kex->hash, ssh->exhash,
5469 pktin->data + 5, pktin->length - 5);
5471 if (s->ignorepkt) /* first_kex_packet_follows */
5472 crWaitUntil(pktin); /* Ignore packet */
5476 * Work out the number of bits of key we will need from the key
5477 * exchange. We start with the maximum key length of either
5483 csbits = s->cscipher_tobe->keylen;
5484 scbits = s->sccipher_tobe->keylen;
5485 s->nbits = (csbits > scbits ? csbits : scbits);
5487 /* The keys only have hlen-bit entropy, since they're based on
5488 * a hash. So cap the key size at hlen bits. */
5489 if (s->nbits > ssh->kex->hash->hlen * 8)
5490 s->nbits = ssh->kex->hash->hlen * 8;
5493 * If we're doing Diffie-Hellman group exchange, start by
5494 * requesting a group.
5496 if (!ssh->kex->pdata) {
5497 logevent("Doing Diffie-Hellman group exchange");
5498 ssh->pkt_ctx |= SSH2_PKTCTX_DHGEX;
5500 * Work out how big a DH group we will need to allow that
5503 s->pbits = 512 << ((s->nbits - 1) / 64);
5504 s->pktout = ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST);
5505 ssh2_pkt_adduint32(s->pktout, s->pbits);
5506 ssh2_pkt_send_noqueue(ssh, s->pktout);
5509 if (pktin->type != SSH2_MSG_KEX_DH_GEX_GROUP) {
5510 bombout(("expected key exchange group packet from server"));
5513 s->p = ssh2_pkt_getmp(pktin);
5514 s->g = ssh2_pkt_getmp(pktin);
5515 if (!s->p || !s->g) {
5516 bombout(("unable to read mp-ints from incoming group packet"));
5519 ssh->kex_ctx = dh_setup_gex(s->p, s->g);
5520 s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
5521 s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
5523 ssh->pkt_ctx |= SSH2_PKTCTX_DHGROUP;
5524 ssh->kex_ctx = dh_setup_group(ssh->kex);
5525 s->kex_init_value = SSH2_MSG_KEXDH_INIT;
5526 s->kex_reply_value = SSH2_MSG_KEXDH_REPLY;
5527 logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"",
5528 ssh->kex->groupname);
5531 logeventf(ssh, "Doing Diffie-Hellman key exchange with hash %s",
5532 ssh->kex->hash->text_name);
5534 * Now generate and send e for Diffie-Hellman.
5536 set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */
5537 s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2);
5538 s->pktout = ssh2_pkt_init(s->kex_init_value);
5539 ssh2_pkt_addmp(s->pktout, s->e);
5540 ssh2_pkt_send_noqueue(ssh, s->pktout);
5542 set_busy_status(ssh->frontend, BUSY_WAITING); /* wait for server */
5544 if (pktin->type != s->kex_reply_value) {
5545 bombout(("expected key exchange reply packet from server"));
5548 set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
5549 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
5550 s->f = ssh2_pkt_getmp(pktin);
5552 bombout(("unable to parse key exchange reply packet"));
5555 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
5557 s->K = dh_find_K(ssh->kex_ctx, s->f);
5559 /* We assume everything from now on will be quick, and it might
5560 * involve user interaction. */
5561 set_busy_status(ssh->frontend, BUSY_NOT);
5563 hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
5564 if (!ssh->kex->pdata) {
5565 hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
5566 hash_mpint(ssh->kex->hash, ssh->exhash, s->p);
5567 hash_mpint(ssh->kex->hash, ssh->exhash, s->g);
5569 hash_mpint(ssh->kex->hash, ssh->exhash, s->e);
5570 hash_mpint(ssh->kex->hash, ssh->exhash, s->f);
5571 hash_mpint(ssh->kex->hash, ssh->exhash, s->K);
5572 assert(ssh->kex->hash->hlen <= sizeof(s->exchange_hash));
5573 ssh->kex->hash->final(ssh->exhash, s->exchange_hash);
5575 dh_cleanup(ssh->kex_ctx);
5576 ssh->kex_ctx = NULL;
5579 debug(("Exchange hash is:\n"));
5580 dmemdump(s->exchange_hash, ssh->kex->hash->hlen);
5583 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
5585 !ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
5586 (char *)s->exchange_hash,
5587 ssh->kex->hash->hlen)) {
5588 bombout(("Server's host key did not match the signature supplied"));
5593 * Authenticate remote host: verify host key. (We've already
5594 * checked the signature of the exchange hash.)
5596 s->keystr = ssh->hostkey->fmtkey(s->hkey);
5597 s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
5598 ssh_set_frozen(ssh, 1);
5599 s->dlgret = verify_ssh_host_key(ssh->frontend,
5600 ssh->savedhost, ssh->savedport,
5601 ssh->hostkey->keytype, s->keystr,
5603 ssh_dialog_callback, ssh);
5604 if (s->dlgret < 0) {
5608 bombout(("Unexpected data from server while waiting"
5609 " for user host key response"));
5612 } while (pktin || inlen > 0);
5613 s->dlgret = ssh->user_response;
5615 ssh_set_frozen(ssh, 0);
5616 if (s->dlgret == 0) {
5617 ssh_disconnect(ssh, "User aborted at host key verification", NULL,
5621 if (!s->got_session_id) { /* don't bother logging this in rekeys */
5622 logevent("Host key fingerprint is:");
5623 logevent(s->fingerprint);
5625 sfree(s->fingerprint);
5627 ssh->hostkey->freekey(s->hkey);
5630 * The exchange hash from the very first key exchange is also
5631 * the session id, used in session key construction and
5634 if (!s->got_session_id) {
5635 assert(sizeof(s->exchange_hash) <= sizeof(ssh->v2_session_id));
5636 memcpy(ssh->v2_session_id, s->exchange_hash,
5637 sizeof(s->exchange_hash));
5638 ssh->v2_session_id_len = ssh->kex->hash->hlen;
5639 assert(ssh->v2_session_id_len <= sizeof(ssh->v2_session_id));
5640 s->got_session_id = TRUE;
5644 * Send SSH2_MSG_NEWKEYS.
5646 s->pktout = ssh2_pkt_init(SSH2_MSG_NEWKEYS);
5647 ssh2_pkt_send_noqueue(ssh, s->pktout);
5648 ssh->outgoing_data_size = 0; /* start counting from here */
5651 * We've sent client NEWKEYS, so create and initialise
5652 * client-to-server session keys.
5654 if (ssh->cs_cipher_ctx)
5655 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
5656 ssh->cscipher = s->cscipher_tobe;
5657 ssh->cs_cipher_ctx = ssh->cscipher->make_context();
5659 if (ssh->cs_mac_ctx)
5660 ssh->csmac->free_context(ssh->cs_mac_ctx);
5661 ssh->csmac = s->csmac_tobe;
5662 ssh->cs_mac_ctx = ssh->csmac->make_context();
5664 if (ssh->cs_comp_ctx)
5665 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
5666 ssh->cscomp = s->cscomp_tobe;
5667 ssh->cs_comp_ctx = ssh->cscomp->compress_init();
5670 * Set IVs on client-to-server keys. Here we use the exchange
5671 * hash from the _first_ key exchange.
5674 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
5675 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
5676 ssh2_mkkey(ssh,s->K,s->exchange_hash,'C',keyspace);
5677 assert((ssh->cscipher->keylen+7) / 8 <=
5678 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
5679 ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace);
5680 ssh2_mkkey(ssh,s->K,s->exchange_hash,'A',keyspace);
5681 assert(ssh->cscipher->blksize <=
5682 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
5683 ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace);
5684 ssh2_mkkey(ssh,s->K,s->exchange_hash,'E',keyspace);
5685 assert(ssh->csmac->len <=
5686 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
5687 ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace);
5688 memset(keyspace, 0, sizeof(keyspace));
5691 logeventf(ssh, "Initialised %.200s client->server encryption",
5692 ssh->cscipher->text_name);
5693 logeventf(ssh, "Initialised %.200s client->server MAC algorithm",
5694 ssh->csmac->text_name);
5695 if (ssh->cscomp->text_name)
5696 logeventf(ssh, "Initialised %s compression",
5697 ssh->cscomp->text_name);
5700 * Now our end of the key exchange is complete, we can send all
5701 * our queued higher-layer packets.
5703 ssh->queueing = FALSE;
5704 ssh2_pkt_queuesend(ssh);
5707 * Expect SSH2_MSG_NEWKEYS from server.
5710 if (pktin->type != SSH2_MSG_NEWKEYS) {
5711 bombout(("expected new-keys packet from server"));
5714 ssh->incoming_data_size = 0; /* start counting from here */
5717 * We've seen server NEWKEYS, so create and initialise
5718 * server-to-client session keys.
5720 if (ssh->sc_cipher_ctx)
5721 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
5722 ssh->sccipher = s->sccipher_tobe;
5723 ssh->sc_cipher_ctx = ssh->sccipher->make_context();
5725 if (ssh->sc_mac_ctx)
5726 ssh->scmac->free_context(ssh->sc_mac_ctx);
5727 ssh->scmac = s->scmac_tobe;
5728 ssh->sc_mac_ctx = ssh->scmac->make_context();
5730 if (ssh->sc_comp_ctx)
5731 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
5732 ssh->sccomp = s->sccomp_tobe;
5733 ssh->sc_comp_ctx = ssh->sccomp->decompress_init();
5736 * Set IVs on server-to-client keys. Here we use the exchange
5737 * hash from the _first_ key exchange.
5740 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
5741 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
5742 ssh2_mkkey(ssh,s->K,s->exchange_hash,'D',keyspace);
5743 assert((ssh->sccipher->keylen+7) / 8 <=
5744 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
5745 ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace);
5746 ssh2_mkkey(ssh,s->K,s->exchange_hash,'B',keyspace);
5747 assert(ssh->sccipher->blksize <=
5748 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
5749 ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace);
5750 ssh2_mkkey(ssh,s->K,s->exchange_hash,'F',keyspace);
5751 assert(ssh->scmac->len <=
5752 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
5753 ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
5754 memset(keyspace, 0, sizeof(keyspace));
5756 logeventf(ssh, "Initialised %.200s server->client encryption",
5757 ssh->sccipher->text_name);
5758 logeventf(ssh, "Initialised %.200s server->client MAC algorithm",
5759 ssh->scmac->text_name);
5760 if (ssh->sccomp->text_name)
5761 logeventf(ssh, "Initialised %s decompression",
5762 ssh->sccomp->text_name);
5765 * Free key exchange data.
5769 if (!ssh->kex->pdata) {
5775 * Key exchange is over. Loop straight back round if we have a
5776 * deferred rekey reason.
5778 if (ssh->deferred_rekey_reason) {
5779 logevent(ssh->deferred_rekey_reason);
5781 ssh->deferred_rekey_reason = NULL;
5782 goto begin_key_exchange;
5786 * Otherwise, schedule a timer for our next rekey.
5788 ssh->kex_in_progress = FALSE;
5789 ssh->last_rekey = GETTICKCOUNT();
5790 if (ssh->cfg.ssh_rekey_time != 0)
5791 ssh->next_rekey = schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
5795 * If this is the first key exchange phase, we must pass the
5796 * SSH2_MSG_NEWKEYS packet to the next layer, not because it
5797 * wants to see it but because it will need time to initialise
5798 * itself before it sees an actual packet. In subsequent key
5799 * exchange phases, we don't pass SSH2_MSG_NEWKEYS on, because
5800 * it would only confuse the layer above.
5802 if (s->activated_authconn) {
5805 s->activated_authconn = TRUE;
5808 * Now we're encrypting. Begin returning 1 to the protocol main
5809 * function so that other things can run on top of the
5810 * transport. If we ever see a KEXINIT, we must go back to the
5813 * We _also_ go back to the start if we see pktin==NULL and
5814 * inlen==-1, because this is a special signal meaning
5815 * `initiate client-driven rekey', and `in' contains a message
5816 * giving the reason for the rekey.
5818 while (!((pktin && pktin->type == SSH2_MSG_KEXINIT) ||
5819 (!pktin && inlen == -1))) {
5824 logevent("Server initiated key re-exchange");
5827 * Special case: if the server bug is set that doesn't
5828 * allow rekeying, we give a different log message and
5829 * continue waiting. (If such a server _initiates_ a rekey,
5830 * we process it anyway!)
5832 if ((ssh->remote_bugs & BUG_SSH2_REKEY)) {
5833 logeventf(ssh, "Server bug prevents key re-exchange (%s)",
5835 /* Reset the counters, so that at least this message doesn't
5836 * hit the event log _too_ often. */
5837 ssh->outgoing_data_size = 0;
5838 ssh->incoming_data_size = 0;
5839 if (ssh->cfg.ssh_rekey_time != 0) {
5841 schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
5844 goto wait_for_rekey; /* this is utterly horrid */
5846 logeventf(ssh, "Initiating key re-exchange (%s)", (char *)in);
5849 goto begin_key_exchange;
5855 * Add data to an SSH-2 channel output buffer.
5857 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
5860 bufchain_add(&c->v.v2.outbuffer, buf, len);
5864 * Attempt to send data on an SSH-2 channel.
5866 static int ssh2_try_send(struct ssh_channel *c)
5869 struct Packet *pktout;
5871 while (c->v.v2.remwindow > 0 && bufchain_size(&c->v.v2.outbuffer) > 0) {
5874 bufchain_prefix(&c->v.v2.outbuffer, &data, &len);
5875 if ((unsigned)len > c->v.v2.remwindow)
5876 len = c->v.v2.remwindow;
5877 if ((unsigned)len > c->v.v2.remmaxpkt)
5878 len = c->v.v2.remmaxpkt;
5879 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA);
5880 ssh2_pkt_adduint32(pktout, c->remoteid);
5881 dont_log_data(ssh, pktout, PKTLOG_OMIT);
5882 ssh2_pkt_addstring_start(pktout);
5883 ssh2_pkt_addstring_data(pktout, data, len);
5884 end_log_omission(ssh, pktout);
5885 ssh2_pkt_send(ssh, pktout);
5886 bufchain_consume(&c->v.v2.outbuffer, len);
5887 c->v.v2.remwindow -= len;
5891 * After having sent as much data as we can, return the amount
5894 return bufchain_size(&c->v.v2.outbuffer);
5897 static void ssh2_try_send_and_unthrottle(struct ssh_channel *c)
5901 return; /* don't send on closing channels */
5902 bufsize = ssh2_try_send(c);
5905 case CHAN_MAINSESSION:
5906 /* stdin need not receive an unthrottle
5907 * notification since it will be polled */
5910 x11_unthrottle(c->u.x11.s);
5913 /* agent sockets are request/response and need no
5914 * buffer management */
5917 pfd_unthrottle(c->u.pfd.s);
5924 * Potentially enlarge the window on an SSH-2 channel.
5926 static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
5931 * Never send WINDOW_ADJUST for a channel that the remote side
5932 * already thinks it's closed; there's no point, since it won't
5933 * be sending any more data anyway.
5939 * Only send a WINDOW_ADJUST if there's significantly more window
5940 * available than the other end thinks there is. This saves us
5941 * sending a WINDOW_ADJUST for every character in a shell session.
5943 * "Significant" is arbitrarily defined as half the window size.
5945 if (newwin > c->v.v2.locwindow * 2) {
5946 struct Packet *pktout;
5948 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
5949 ssh2_pkt_adduint32(pktout, c->remoteid);
5950 ssh2_pkt_adduint32(pktout, newwin - c->v.v2.locwindow);
5951 ssh2_pkt_send(ssh, pktout);
5952 c->v.v2.locwindow = newwin;
5956 static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)
5958 unsigned i = ssh_pkt_getuint32(pktin);
5959 struct ssh_channel *c;
5960 c = find234(ssh->channels, &i, ssh_channelfind);
5961 if (c && !c->closes) {
5962 c->v.v2.remwindow += ssh_pkt_getuint32(pktin);
5963 ssh2_try_send_and_unthrottle(c);
5967 static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
5971 unsigned i = ssh_pkt_getuint32(pktin);
5972 struct ssh_channel *c;
5973 c = find234(ssh->channels, &i, ssh_channelfind);
5975 return; /* nonexistent channel */
5976 if (pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA &&
5977 ssh_pkt_getuint32(pktin) != SSH2_EXTENDED_DATA_STDERR)
5978 return; /* extended but not stderr */
5979 ssh_pkt_getstring(pktin, &data, &length);
5982 c->v.v2.locwindow -= length;
5984 case CHAN_MAINSESSION:
5986 from_backend(ssh->frontend, pktin->type ==
5987 SSH2_MSG_CHANNEL_EXTENDED_DATA,
5991 bufsize = x11_send(c->u.x11.s, data, length);
5994 bufsize = pfd_send(c->u.pfd.s, data, length);
5997 while (length > 0) {
5998 if (c->u.a.lensofar < 4) {
5999 unsigned int l = min(4 - c->u.a.lensofar, length);
6000 memcpy(c->u.a.msglen + c->u.a.lensofar,
6004 c->u.a.lensofar += l;
6006 if (c->u.a.lensofar == 4) {
6008 4 + GET_32BIT(c->u.a.msglen);
6009 c->u.a.message = snewn(c->u.a.totallen,
6011 memcpy(c->u.a.message, c->u.a.msglen, 4);
6013 if (c->u.a.lensofar >= 4 && length > 0) {
6015 min(c->u.a.totallen - c->u.a.lensofar,
6017 memcpy(c->u.a.message + c->u.a.lensofar,
6021 c->u.a.lensofar += l;
6023 if (c->u.a.lensofar == c->u.a.totallen) {
6026 if (agent_query(c->u.a.message,
6029 ssh_agentf_callback, c))
6030 ssh_agentf_callback(c, reply, replylen);
6031 sfree(c->u.a.message);
6032 c->u.a.lensofar = 0;
6039 * If we are not buffering too much data,
6040 * enlarge the window again at the remote side.
6042 if (bufsize < OUR_V2_WINSIZE)
6043 ssh2_set_window(c, OUR_V2_WINSIZE - bufsize);
6047 static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)
6049 unsigned i = ssh_pkt_getuint32(pktin);
6050 struct ssh_channel *c;
6052 c = find234(ssh->channels, &i, ssh_channelfind);
6054 return; /* nonexistent channel */
6056 if (c->type == CHAN_X11) {
6058 * Remote EOF on an X11 channel means we should
6059 * wrap up and close the channel ourselves.
6061 x11_close(c->u.x11.s);
6063 } else if (c->type == CHAN_AGENT) {
6065 } else if (c->type == CHAN_SOCKDATA) {
6066 pfd_close(c->u.pfd.s);
6071 static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
6073 unsigned i = ssh_pkt_getuint32(pktin);
6074 struct ssh_channel *c;
6075 struct Packet *pktout;
6077 c = find234(ssh->channels, &i, ssh_channelfind);
6078 if (!c || c->halfopen) {
6079 bombout(("Received CHANNEL_CLOSE for %s channel %d\n",
6080 c ? "half-open" : "nonexistent", i));
6083 /* Do pre-close processing on the channel. */
6085 case CHAN_MAINSESSION:
6086 ssh->mainchan = NULL;
6087 update_specials_menu(ssh->frontend);
6090 if (c->u.x11.s != NULL)
6091 x11_close(c->u.x11.s);
6098 if (c->u.pfd.s != NULL)
6099 pfd_close(c->u.pfd.s);
6103 if (c->closes == 0) {
6104 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6105 ssh2_pkt_adduint32(pktout, c->remoteid);
6106 ssh2_pkt_send(ssh, pktout);
6108 del234(ssh->channels, c);
6109 bufchain_clear(&c->v.v2.outbuffer);
6113 * See if that was the last channel left open.
6114 * (This is only our termination condition if we're
6115 * not running in -N mode.)
6117 if (!ssh->cfg.ssh_no_shell && count234(ssh->channels) == 0) {
6119 * We used to send SSH_MSG_DISCONNECT here,
6120 * because I'd believed that _every_ conforming
6121 * SSH-2 connection had to end with a disconnect
6122 * being sent by at least one side; apparently
6123 * I was wrong and it's perfectly OK to
6124 * unceremoniously slam the connection shut
6125 * when you're done, and indeed OpenSSH feels
6126 * this is more polite than sending a
6127 * DISCONNECT. So now we don't.
6129 ssh_disconnect(ssh, "All channels closed", NULL, 0, TRUE);
6133 static void ssh2_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
6135 unsigned i = ssh_pkt_getuint32(pktin);
6136 struct ssh_channel *c;
6137 struct Packet *pktout;
6139 c = find234(ssh->channels, &i, ssh_channelfind);
6141 return; /* nonexistent channel */
6142 if (c->type != CHAN_SOCKDATA_DORMANT)
6143 return; /* dunno why they're confirming this */
6144 c->remoteid = ssh_pkt_getuint32(pktin);
6145 c->halfopen = FALSE;
6146 c->type = CHAN_SOCKDATA;
6147 c->v.v2.remwindow = ssh_pkt_getuint32(pktin);
6148 c->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
6150 pfd_confirm(c->u.pfd.s);
6153 * We have a pending close on this channel,
6154 * which we decided on before the server acked
6155 * the channel open. So now we know the
6156 * remoteid, we can close it again.
6158 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6159 ssh2_pkt_adduint32(pktout, c->remoteid);
6160 ssh2_pkt_send(ssh, pktout);
6164 static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
6166 static const char *const reasons[] = {
6167 "<unknown reason code>",
6168 "Administratively prohibited",
6170 "Unknown channel type",
6171 "Resource shortage",
6173 unsigned i = ssh_pkt_getuint32(pktin);
6174 unsigned reason_code;
6175 char *reason_string;
6177 struct ssh_channel *c;
6178 c = find234(ssh->channels, &i, ssh_channelfind);
6180 return; /* nonexistent channel */
6181 if (c->type != CHAN_SOCKDATA_DORMANT)
6182 return; /* dunno why they're failing this */
6184 reason_code = ssh_pkt_getuint32(pktin);
6185 if (reason_code >= lenof(reasons))
6186 reason_code = 0; /* ensure reasons[reason_code] in range */
6187 ssh_pkt_getstring(pktin, &reason_string, &reason_length);
6188 logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]",
6189 reasons[reason_code], reason_length, reason_string);
6191 pfd_close(c->u.pfd.s);
6193 del234(ssh->channels, c);
6197 static void ssh2_msg_channel_request(Ssh ssh, struct Packet *pktin)
6201 int typelen, want_reply;
6202 int reply = SSH2_MSG_CHANNEL_FAILURE; /* default */
6203 struct ssh_channel *c;
6204 struct Packet *pktout;
6206 localid = ssh_pkt_getuint32(pktin);
6207 ssh_pkt_getstring(pktin, &type, &typelen);
6208 want_reply = ssh2_pkt_getbool(pktin);
6211 * First, check that the channel exists. Otherwise,
6212 * we can instantly disconnect with a rude message.
6214 c = find234(ssh->channels, &localid, ssh_channelfind);
6216 char *buf = dupprintf("Received channel request for nonexistent"
6217 " channel %d", localid);
6218 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6224 * Having got the channel number, we now look at
6225 * the request type string to see if it's something
6228 if (c == ssh->mainchan) {
6230 * We recognise "exit-status" and "exit-signal" on
6231 * the primary channel.
6233 if (typelen == 11 &&
6234 !memcmp(type, "exit-status", 11)) {
6236 ssh->exitcode = ssh_pkt_getuint32(pktin);
6237 logeventf(ssh, "Server sent command exit status %d",
6239 reply = SSH2_MSG_CHANNEL_SUCCESS;
6241 } else if (typelen == 11 &&
6242 !memcmp(type, "exit-signal", 11)) {
6244 int is_plausible = TRUE, is_int = FALSE;
6245 char *fmt_sig = "", *fmt_msg = "";
6247 int msglen = 0, core = FALSE;
6248 /* ICK: older versions of OpenSSH (e.g. 3.4p1)
6249 * provide an `int' for the signal, despite its
6250 * having been a `string' in the drafts since at
6251 * least 2001. (Fixed in session.c 1.147.) Try to
6252 * infer which we can safely parse it as. */
6254 unsigned char *p = pktin->body +
6256 long len = pktin->length - pktin->savedpos;
6257 unsigned long num = GET_32BIT(p); /* what is it? */
6258 /* If it's 0, it hardly matters; assume string */
6262 int maybe_int = FALSE, maybe_str = FALSE;
6263 #define CHECK_HYPOTHESIS(offset, result) \
6266 if (q >= 0 && q+4 <= len) { \
6267 q = q + 4 + GET_32BIT(p+q); \
6268 if (q >= 0 && q+4 <= len && \
6269 ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \
6273 CHECK_HYPOTHESIS(4+1, maybe_int);
6274 CHECK_HYPOTHESIS(4+num+1, maybe_str);
6275 #undef CHECK_HYPOTHESIS
6276 if (maybe_int && !maybe_str)
6278 else if (!maybe_int && maybe_str)
6281 /* Crikey. Either or neither. Panic. */
6282 is_plausible = FALSE;
6287 /* Old non-standard OpenSSH. */
6288 int signum = ssh_pkt_getuint32(pktin);
6289 fmt_sig = dupprintf(" %d", signum);
6291 /* As per the drafts. */
6294 ssh_pkt_getstring(pktin, &sig, &siglen);
6295 /* Signal name isn't supposed to be blank, but
6296 * let's cope gracefully if it is. */
6298 fmt_sig = dupprintf(" \"%.*s\"",
6302 core = ssh2_pkt_getbool(pktin);
6303 ssh_pkt_getstring(pktin, &msg, &msglen);
6305 fmt_msg = dupprintf(" (\"%.*s\")", msglen, msg);
6307 /* ignore lang tag */
6308 } /* else don't attempt to parse */
6309 logeventf(ssh, "Server exited on signal%s%s%s",
6310 fmt_sig, core ? " (core dumped)" : "",
6312 if (*fmt_sig) sfree(fmt_sig);
6313 if (*fmt_msg) sfree(fmt_msg);
6314 reply = SSH2_MSG_CHANNEL_SUCCESS;
6319 * This is a channel request we don't know
6320 * about, so we now either ignore the request
6321 * or respond with CHANNEL_FAILURE, depending
6324 reply = SSH2_MSG_CHANNEL_FAILURE;
6327 pktout = ssh2_pkt_init(reply);
6328 ssh2_pkt_adduint32(pktout, c->remoteid);
6329 ssh2_pkt_send(ssh, pktout);
6333 static void ssh2_msg_global_request(Ssh ssh, struct Packet *pktin)
6336 int typelen, want_reply;
6337 struct Packet *pktout;
6339 ssh_pkt_getstring(pktin, &type, &typelen);
6340 want_reply = ssh2_pkt_getbool(pktin);
6343 * We currently don't support any global requests
6344 * at all, so we either ignore the request or
6345 * respond with REQUEST_FAILURE, depending on
6349 pktout = ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
6350 ssh2_pkt_send(ssh, pktout);
6354 static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
6362 struct ssh_channel *c;
6363 unsigned remid, winsize, pktsize;
6364 struct Packet *pktout;
6366 ssh_pkt_getstring(pktin, &type, &typelen);
6367 c = snew(struct ssh_channel);
6370 remid = ssh_pkt_getuint32(pktin);
6371 winsize = ssh_pkt_getuint32(pktin);
6372 pktsize = ssh_pkt_getuint32(pktin);
6374 if (typelen == 3 && !memcmp(type, "x11", 3)) {
6377 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
6378 addrstr = snewn(peeraddrlen+1, char);
6379 memcpy(addrstr, peeraddr, peeraddrlen);
6380 addrstr[peeraddrlen] = '\0';
6381 peerport = ssh_pkt_getuint32(pktin);
6383 logeventf(ssh, "Received X11 connect request from %s:%d",
6386 if (!ssh->X11_fwd_enabled)
6387 error = "X11 forwarding is not enabled";
6388 else if (x11_init(&c->u.x11.s, ssh->cfg.x11_display, c,
6389 ssh->x11auth, addrstr, peerport,
6390 &ssh->cfg) != NULL) {
6391 error = "Unable to open an X11 connection";
6393 logevent("Opening X11 forward connection succeeded");
6398 } else if (typelen == 15 &&
6399 !memcmp(type, "forwarded-tcpip", 15)) {
6400 struct ssh_rportfwd pf, *realpf;
6403 ssh_pkt_getstring(pktin, &dummy, &dummylen);/* skip address */
6404 pf.sport = ssh_pkt_getuint32(pktin);
6405 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
6406 peerport = ssh_pkt_getuint32(pktin);
6407 realpf = find234(ssh->rportfwds, &pf, NULL);
6408 logeventf(ssh, "Received remote port %d open request "
6409 "from %s:%d", pf.sport, peeraddr, peerport);
6410 if (realpf == NULL) {
6411 error = "Remote port is not recognised";
6413 const char *e = pfd_newconnect(&c->u.pfd.s,
6417 realpf->pfrec->addressfamily);
6418 logeventf(ssh, "Attempting to forward remote port to "
6419 "%s:%d", realpf->dhost, realpf->dport);
6421 logeventf(ssh, "Port open failed: %s", e);
6422 error = "Port open failed";
6424 logevent("Forwarded port opened successfully");
6425 c->type = CHAN_SOCKDATA;
6428 } else if (typelen == 22 &&
6429 !memcmp(type, "auth-agent@openssh.com", 22)) {
6430 if (!ssh->agentfwd_enabled)
6431 error = "Agent forwarding is not enabled";
6433 c->type = CHAN_AGENT; /* identify channel type */
6434 c->u.a.lensofar = 0;
6437 error = "Unsupported channel type requested";
6440 c->remoteid = remid;
6441 c->halfopen = FALSE;
6443 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE);
6444 ssh2_pkt_adduint32(pktout, c->remoteid);
6445 ssh2_pkt_adduint32(pktout, SSH2_OPEN_CONNECT_FAILED);
6446 ssh2_pkt_addstring(pktout, error);
6447 ssh2_pkt_addstring(pktout, "en"); /* language tag */
6448 ssh2_pkt_send(ssh, pktout);
6449 logeventf(ssh, "Rejected channel open: %s", error);
6452 c->localid = alloc_channel_id(ssh);
6454 c->v.v2.locwindow = OUR_V2_WINSIZE;
6455 c->v.v2.remwindow = winsize;
6456 c->v.v2.remmaxpkt = pktsize;
6457 bufchain_init(&c->v.v2.outbuffer);
6458 add234(ssh->channels, c);
6459 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
6460 ssh2_pkt_adduint32(pktout, c->remoteid);
6461 ssh2_pkt_adduint32(pktout, c->localid);
6462 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);
6463 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
6464 ssh2_pkt_send(ssh, pktout);
6469 * Buffer banner messages for later display at some convenient point.
6471 static void ssh2_msg_userauth_banner(Ssh ssh, struct Packet *pktin)
6473 /* Arbitrary limit to prevent unbounded inflation of buffer */
6474 if (bufchain_size(&ssh->banner) <= 131072) {
6475 char *banner = NULL;
6477 ssh_pkt_getstring(pktin, &banner, &size);
6479 bufchain_add(&ssh->banner, banner, size);
6483 /* Helper function to deal with sending tty modes for "pty-req" */
6484 static void ssh2_send_ttymode(void *data, char *mode, char *val)
6486 struct Packet *pktout = (struct Packet *)data;
6488 unsigned int arg = 0;
6489 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
6490 if (i == lenof(ssh_ttymodes)) return;
6491 switch (ssh_ttymodes[i].type) {
6493 arg = ssh_tty_parse_specchar(val);
6496 arg = ssh_tty_parse_boolean(val);
6499 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
6500 ssh2_pkt_adduint32(pktout, arg);
6504 * Handle the SSH-2 userauth and connection layers.
6506 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
6507 struct Packet *pktin)
6509 struct do_ssh2_authconn_state {
6512 AUTH_TYPE_PUBLICKEY,
6513 AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
6514 AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
6516 AUTH_TYPE_KEYBOARD_INTERACTIVE,
6517 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
6519 int done_service_req;
6520 int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
6521 int tried_pubkey_config, done_agent;
6522 int kbd_inter_refused;
6524 prompts_t *cur_prompt;
6529 void *publickey_blob;
6530 int publickey_bloblen;
6531 int publickey_encrypted;
6532 char *publickey_algorithm;
6533 char *publickey_comment;
6534 unsigned char agent_request[5], *agent_response, *agentp;
6535 int agent_responselen;
6536 unsigned char *pkblob_in_agent;
6538 char *pkblob, *alg, *commentp;
6539 int pklen, alglen, commentlen;
6540 int siglen, retlen, len;
6541 char *q, *agentreq, *ret;
6543 int num_env, env_left, env_ok;
6544 struct Packet *pktout;
6546 crState(do_ssh2_authconn_state);
6548 crBegin(ssh->do_ssh2_authconn_crstate);
6550 s->done_service_req = FALSE;
6551 s->we_are_in = FALSE;
6552 if (!ssh->cfg.ssh_no_userauth) {
6554 * Request userauth protocol, and await a response to it.
6556 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
6557 ssh2_pkt_addstring(s->pktout, "ssh-userauth");
6558 ssh2_pkt_send(ssh, s->pktout);
6559 crWaitUntilV(pktin);
6560 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT)
6561 s->done_service_req = TRUE;
6563 if (!s->done_service_req) {
6565 * Request connection protocol directly, without authentication.
6567 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
6568 ssh2_pkt_addstring(s->pktout, "ssh-connection");
6569 ssh2_pkt_send(ssh, s->pktout);
6570 crWaitUntilV(pktin);
6571 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT) {
6572 s->we_are_in = TRUE; /* no auth required */
6574 bombout(("Server refused service request"));
6579 /* Arrange to be able to deal with any BANNERs that come in.
6580 * (We do this now as packets may come in during the next bit.) */
6581 bufchain_init(&ssh->banner);
6582 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] =
6583 ssh2_msg_userauth_banner;
6586 * Misc one-time setup for authentication.
6588 s->publickey_blob = NULL;
6589 if (!s->we_are_in) {
6592 * Load the public half of any configured public key file
6595 if (!filename_is_null(ssh->cfg.keyfile)) {
6597 logeventf(ssh, "Reading private key file \"%.150s\"",
6598 filename_to_str(&ssh->cfg.keyfile));
6599 keytype = key_type(&ssh->cfg.keyfile);
6600 if (keytype == SSH_KEYTYPE_SSH2) {
6603 ssh2_userkey_loadpub(&ssh->cfg.keyfile,
6604 &s->publickey_algorithm,
6605 &s->publickey_bloblen,
6606 &s->publickey_comment, &error);
6607 if (s->publickey_blob) {
6608 s->publickey_encrypted =
6609 ssh2_userkey_encrypted(&ssh->cfg.keyfile, NULL);
6612 logeventf(ssh, "Unable to load private key (%s)",
6614 msgbuf = dupprintf("Unable to load private key file "
6615 "\"%.150s\" (%s)\r\n",
6616 filename_to_str(&ssh->cfg.keyfile),
6618 c_write_str(ssh, msgbuf);
6623 logeventf(ssh, "Unable to use this key file (%s)",
6624 key_type_to_str(keytype));
6625 msgbuf = dupprintf("Unable to use key file \"%.150s\""
6627 filename_to_str(&ssh->cfg.keyfile),
6628 key_type_to_str(keytype));
6629 c_write_str(ssh, msgbuf);
6631 s->publickey_blob = NULL;
6636 * Find out about any keys Pageant has (but if there's a
6637 * public key configured, filter out all others).
6640 s->agent_response = NULL;
6641 s->pkblob_in_agent = NULL;
6642 if (ssh->cfg.tryagent && agent_exists()) {
6646 logevent("Pageant is running. Requesting keys.");
6648 /* Request the keys held by the agent. */
6649 PUT_32BIT(s->agent_request, 1);
6650 s->agent_request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
6651 if (!agent_query(s->agent_request, 5, &r, &s->agent_responselen,
6652 ssh_agent_callback, ssh)) {
6656 bombout(("Unexpected data from server while"
6657 " waiting for agent response"));
6660 } while (pktin || inlen > 0);
6661 r = ssh->agent_response;
6662 s->agent_responselen = ssh->agent_response_len;
6664 s->agent_response = (unsigned char *) r;
6665 if (s->agent_response && s->agent_responselen >= 5 &&
6666 s->agent_response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
6669 p = s->agent_response + 5;
6670 s->nkeys = GET_32BIT(p);
6672 logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
6673 if (s->publickey_blob) {
6674 /* See if configured key is in agent. */
6675 for (keyi = 0; keyi < s->nkeys; keyi++) {
6676 s->pklen = GET_32BIT(p);
6677 if (s->pklen == s->publickey_bloblen &&
6678 !memcmp(p+4, s->publickey_blob,
6679 s->publickey_bloblen)) {
6680 logeventf(ssh, "Pageant key #%d matches "
6681 "configured key file", keyi);
6683 s->pkblob_in_agent = p;
6687 p += GET_32BIT(p) + 4; /* comment */
6689 if (!s->pkblob_in_agent) {
6690 logevent("Configured key file not in Pageant");
6700 * We repeat this whole loop, including the username prompt,
6701 * until we manage a successful authentication. If the user
6702 * types the wrong _password_, they can be sent back to the
6703 * beginning to try another username, if this is configured on.
6704 * (If they specify a username in the config, they are never
6705 * asked, even if they do give a wrong password.)
6707 * I think this best serves the needs of
6709 * - the people who have no configuration, no keys, and just
6710 * want to try repeated (username,password) pairs until they
6711 * type both correctly
6713 * - people who have keys and configuration but occasionally
6714 * need to fall back to passwords
6716 * - people with a key held in Pageant, who might not have
6717 * logged in to a particular machine before; so they want to
6718 * type a username, and then _either_ their key will be
6719 * accepted, _or_ they will type a password. If they mistype
6720 * the username they will want to be able to get back and
6723 s->username[0] = '\0';
6724 s->got_username = FALSE;
6725 while (!s->we_are_in) {
6729 if (s->got_username && !ssh->cfg.change_username) {
6731 * We got a username last time round this loop, and
6732 * with change_username turned off we don't try to get
6735 } else if (!*ssh->cfg.username) {
6736 int ret; /* need not be kept over crReturn */
6737 s->cur_prompt = new_prompts(ssh->frontend);
6738 s->cur_prompt->to_server = TRUE;
6739 s->cur_prompt->name = dupstr("SSH login name");
6740 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE,
6741 lenof(s->username));
6742 ret = get_userpass_input(s->cur_prompt, NULL, 0);
6745 crWaitUntilV(!pktin);
6746 ret = get_userpass_input(s->cur_prompt, in, inlen);
6751 * get_userpass_input() failed to get a username.
6754 free_prompts(s->cur_prompt);
6755 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
6758 memcpy(s->username, s->cur_prompt->prompts[0]->result,
6759 lenof(s->username));
6760 free_prompts(s->cur_prompt);
6763 strncpy(s->username, ssh->cfg.username, sizeof(s->username));
6764 s->username[sizeof(s->username)-1] = '\0';
6765 if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
6766 stuff = dupprintf("Using username \"%s\".\r\n", s->username);
6767 c_write_str(ssh, stuff);
6771 s->got_username = TRUE;
6774 * Send an authentication request using method "none": (a)
6775 * just in case it succeeds, and (b) so that we know what
6776 * authentication methods we can usefully try next.
6778 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
6780 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
6781 ssh2_pkt_addstring(s->pktout, s->username);
6782 ssh2_pkt_addstring(s->pktout, "ssh-connection");/* service requested */
6783 ssh2_pkt_addstring(s->pktout, "none"); /* method */
6784 ssh2_pkt_send(ssh, s->pktout);
6785 s->type = AUTH_TYPE_NONE;
6787 s->we_are_in = FALSE;
6789 s->tried_pubkey_config = FALSE;
6790 s->kbd_inter_refused = FALSE;
6792 /* Reset agent request state. */
6793 s->done_agent = FALSE;
6794 if (s->agent_response) {
6795 if (s->pkblob_in_agent) {
6796 s->agentp = s->pkblob_in_agent;
6798 s->agentp = s->agent_response + 5 + 4;
6805 * Wait for the result of the last authentication request.
6808 crWaitUntilV(pktin);
6810 * Now is a convenient point to spew any banner material
6811 * that we've accumulated. (This should ensure that when
6812 * we exit the auth loop, we haven't any left to deal
6816 int size = bufchain_size(&ssh->banner);
6818 * Don't show the banner if we're operating in
6819 * non-verbose non-interactive mode. (It's probably
6820 * a script, which means nobody will read the
6821 * banner _anyway_, and moreover the printing of
6822 * the banner will screw up processing on the
6823 * output of (say) plink.)
6825 if (size && (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE))) {
6826 char *banner = snewn(size, char);
6827 bufchain_fetch(&ssh->banner, banner, size);
6828 c_write_untrusted(ssh, banner, size);
6831 bufchain_clear(&ssh->banner);
6833 if (pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
6834 logevent("Access granted");
6835 s->we_are_in = TRUE;
6839 if (pktin->type != SSH2_MSG_USERAUTH_FAILURE) {
6840 bombout(("Strange packet received during authentication: "
6841 "type %d", pktin->type));
6848 * OK, we're now sitting on a USERAUTH_FAILURE message, so
6849 * we can look at the string in it and know what we can
6850 * helpfully try next.
6852 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
6855 ssh_pkt_getstring(pktin, &methods, &methlen);
6856 if (!ssh2_pkt_getbool(pktin)) {
6858 * We have received an unequivocal Access
6859 * Denied. This can translate to a variety of
6862 * - if we'd just tried "none" authentication,
6863 * it's not worth printing anything at all
6865 * - if we'd just tried a public key _offer_,
6866 * the message should be "Server refused our
6867 * key" (or no message at all if the key
6868 * came from Pageant)
6870 * - if we'd just tried anything else, the
6871 * message really should be "Access denied".
6873 * Additionally, if we'd just tried password
6874 * authentication, we should break out of this
6875 * whole loop so as to go back to the username
6876 * prompt (iff we're configured to allow
6877 * username change attempts).
6879 if (s->type == AUTH_TYPE_NONE) {
6881 } else if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
6882 s->type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
6883 if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
6884 c_write_str(ssh, "Server refused our key\r\n");
6885 logevent("Server refused public key");
6886 } else if (s->type==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
6887 /* server declined keyboard-interactive; ignore */
6889 c_write_str(ssh, "Access denied\r\n");
6890 logevent("Access denied");
6891 if (s->type == AUTH_TYPE_PASSWORD &&
6892 ssh->cfg.change_username) {
6893 /* XXX perhaps we should allow
6894 * keyboard-interactive to do this too? */
6895 s->we_are_in = FALSE;
6900 c_write_str(ssh, "Further authentication required\r\n");
6901 logevent("Further authentication required");
6905 in_commasep_string("publickey", methods, methlen);
6907 in_commasep_string("password", methods, methlen);
6908 s->can_keyb_inter = ssh->cfg.try_ki_auth &&
6909 in_commasep_string("keyboard-interactive", methods, methlen);
6912 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
6914 if (s->can_pubkey && !s->done_agent && s->nkeys) {
6917 * Attempt public-key authentication using a key from Pageant.
6920 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
6921 ssh->pkt_ctx |= SSH2_PKTCTX_PUBLICKEY;
6923 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
6925 /* Unpack key from agent response */
6926 s->pklen = GET_32BIT(s->agentp);
6928 s->pkblob = (char *)s->agentp;
6929 s->agentp += s->pklen;
6930 s->alglen = GET_32BIT(s->pkblob);
6931 s->alg = s->pkblob + 4;
6932 s->commentlen = GET_32BIT(s->agentp);
6934 s->commentp = (char *)s->agentp;
6935 s->agentp += s->commentlen;
6936 /* s->agentp now points at next key, if any */
6938 /* See if server will accept it */
6939 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
6940 ssh2_pkt_addstring(s->pktout, s->username);
6941 ssh2_pkt_addstring(s->pktout, "ssh-connection");
6942 /* service requested */
6943 ssh2_pkt_addstring(s->pktout, "publickey");
6945 ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
6946 ssh2_pkt_addstring_start(s->pktout);
6947 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
6948 ssh2_pkt_addstring_start(s->pktout);
6949 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
6950 ssh2_pkt_send(ssh, s->pktout);
6951 s->type = AUTH_TYPE_PUBLICKEY_OFFER_QUIET;
6953 crWaitUntilV(pktin);
6954 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
6956 /* Offer of key refused. */
6963 if (flags & FLAG_VERBOSE) {
6964 c_write_str(ssh, "Authenticating with "
6966 c_write(ssh, s->commentp, s->commentlen);
6967 c_write_str(ssh, "\" from agent\r\n");
6971 * Server is willing to accept the key.
6972 * Construct a SIGN_REQUEST.
6974 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
6975 ssh2_pkt_addstring(s->pktout, s->username);
6976 ssh2_pkt_addstring(s->pktout, "ssh-connection");
6977 /* service requested */
6978 ssh2_pkt_addstring(s->pktout, "publickey");
6980 ssh2_pkt_addbool(s->pktout, TRUE); /* signature included */
6981 ssh2_pkt_addstring_start(s->pktout);
6982 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
6983 ssh2_pkt_addstring_start(s->pktout);
6984 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
6986 /* Ask agent for signature. */
6987 s->siglen = s->pktout->length - 5 + 4 +
6988 ssh->v2_session_id_len;
6989 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
6991 s->len = 1; /* message type */
6992 s->len += 4 + s->pklen; /* key blob */
6993 s->len += 4 + s->siglen; /* data to sign */
6994 s->len += 4; /* flags */
6995 s->agentreq = snewn(4 + s->len, char);
6996 PUT_32BIT(s->agentreq, s->len);
6997 s->q = s->agentreq + 4;
6998 *s->q++ = SSH2_AGENTC_SIGN_REQUEST;
6999 PUT_32BIT(s->q, s->pklen);
7001 memcpy(s->q, s->pkblob, s->pklen);
7003 PUT_32BIT(s->q, s->siglen);
7005 /* Now the data to be signed... */
7006 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
7007 PUT_32BIT(s->q, ssh->v2_session_id_len);
7010 memcpy(s->q, ssh->v2_session_id,
7011 ssh->v2_session_id_len);
7012 s->q += ssh->v2_session_id_len;
7013 memcpy(s->q, s->pktout->data + 5,
7014 s->pktout->length - 5);
7015 s->q += s->pktout->length - 5;
7016 /* And finally the (zero) flags word. */
7018 if (!agent_query(s->agentreq, s->len + 4,
7020 ssh_agent_callback, ssh)) {
7024 bombout(("Unexpected data from server"
7025 " while waiting for agent"
7029 } while (pktin || inlen > 0);
7030 vret = ssh->agent_response;
7031 s->retlen = ssh->agent_response_len;
7036 if (s->ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
7037 logevent("Sending Pageant's response");
7038 ssh2_add_sigblob(ssh, s->pktout,
7039 s->pkblob, s->pklen,
7041 GET_32BIT(s->ret + 5));
7042 ssh2_pkt_send(ssh, s->pktout);
7043 s->type = AUTH_TYPE_PUBLICKEY;
7045 /* FIXME: less drastic response */
7046 bombout(("Pageant failed to answer challenge"));
7052 /* Do we have any keys left to try? */
7053 if (s->pkblob_in_agent) {
7054 s->done_agent = TRUE;
7055 s->tried_pubkey_config = TRUE;
7058 if (s->keyi >= s->nkeys)
7059 s->done_agent = TRUE;
7062 } else if (s->can_pubkey && s->publickey_blob &&
7063 !s->tried_pubkey_config) {
7065 struct ssh2_userkey *key; /* not live over crReturn */
7066 char *passphrase; /* not live over crReturn */
7068 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
7069 ssh->pkt_ctx |= SSH2_PKTCTX_PUBLICKEY;
7071 s->tried_pubkey_config = TRUE;
7074 * Try the public key supplied in the configuration.
7076 * First, offer the public blob to see if the server is
7077 * willing to accept it.
7079 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7080 ssh2_pkt_addstring(s->pktout, s->username);
7081 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7082 /* service requested */
7083 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
7084 ssh2_pkt_addbool(s->pktout, FALSE);
7085 /* no signature included */
7086 ssh2_pkt_addstring(s->pktout, s->publickey_algorithm);
7087 ssh2_pkt_addstring_start(s->pktout);
7088 ssh2_pkt_addstring_data(s->pktout,
7089 (char *)s->publickey_blob,
7090 s->publickey_bloblen);
7091 ssh2_pkt_send(ssh, s->pktout);
7092 logevent("Offered public key");
7094 crWaitUntilV(pktin);
7095 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
7096 /* Key refused. Give up. */
7097 s->gotit = TRUE; /* reconsider message next loop */
7098 s->type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
7099 continue; /* process this new message */
7101 logevent("Offer of public key accepted");
7104 * Actually attempt a serious authentication using
7107 if (flags & FLAG_VERBOSE) {
7108 c_write_str(ssh, "Authenticating with public key \"");
7109 c_write_str(ssh, s->publickey_comment);
7110 c_write_str(ssh, "\"\r\n");
7114 const char *error; /* not live over crReturn */
7115 if (s->publickey_encrypted) {
7117 * Get a passphrase from the user.
7119 int ret; /* need not be kept over crReturn */
7120 s->cur_prompt = new_prompts(ssh->frontend);
7121 s->cur_prompt->to_server = FALSE;
7122 s->cur_prompt->name = dupstr("SSH key passphrase");
7123 add_prompt(s->cur_prompt,
7124 dupprintf("Passphrase for key \"%.100s\": ",
7125 s->publickey_comment),
7126 FALSE, SSH_MAX_PASSWORD_LEN);
7127 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7130 crWaitUntilV(!pktin);
7131 ret = get_userpass_input(s->cur_prompt,
7136 /* Failed to get a passphrase. Terminate. */
7137 free_prompts(s->cur_prompt);
7138 ssh_disconnect(ssh, NULL,
7139 "Unable to authenticate",
7140 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
7145 dupstr(s->cur_prompt->prompts[0]->result);
7146 free_prompts(s->cur_prompt);
7148 passphrase = NULL; /* no passphrase needed */
7152 * Try decrypting the key.
7154 key = ssh2_load_userkey(&ssh->cfg.keyfile, passphrase,
7157 /* burn the evidence */
7158 memset(passphrase, 0, strlen(passphrase));
7161 if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
7163 (key == SSH2_WRONG_PASSPHRASE)) {
7164 c_write_str(ssh, "Wrong passphrase\r\n");
7166 /* and loop again */
7168 c_write_str(ssh, "Unable to load private key (");
7169 c_write_str(ssh, error);
7170 c_write_str(ssh, ")\r\n");
7172 break; /* try something else */
7178 unsigned char *pkblob, *sigblob, *sigdata;
7179 int pkblob_len, sigblob_len, sigdata_len;
7183 * We have loaded the private key and the server
7184 * has announced that it's willing to accept it.
7185 * Hallelujah. Generate a signature and send it.
7187 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7188 ssh2_pkt_addstring(s->pktout, s->username);
7189 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7190 /* service requested */
7191 ssh2_pkt_addstring(s->pktout, "publickey");
7193 ssh2_pkt_addbool(s->pktout, TRUE);
7194 /* signature follows */
7195 ssh2_pkt_addstring(s->pktout, key->alg->name);
7196 pkblob = key->alg->public_blob(key->data,
7198 ssh2_pkt_addstring_start(s->pktout);
7199 ssh2_pkt_addstring_data(s->pktout, (char *)pkblob,
7203 * The data to be signed is:
7207 * followed by everything so far placed in the
7210 sigdata_len = s->pktout->length - 5 + 4 +
7211 ssh->v2_session_id_len;
7212 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
7214 sigdata = snewn(sigdata_len, unsigned char);
7216 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
7217 PUT_32BIT(sigdata+p, ssh->v2_session_id_len);
7220 memcpy(sigdata+p, ssh->v2_session_id,
7221 ssh->v2_session_id_len);
7222 p += ssh->v2_session_id_len;
7223 memcpy(sigdata+p, s->pktout->data + 5,
7224 s->pktout->length - 5);
7225 p += s->pktout->length - 5;
7226 assert(p == sigdata_len);
7227 sigblob = key->alg->sign(key->data, (char *)sigdata,
7228 sigdata_len, &sigblob_len);
7229 ssh2_add_sigblob(ssh, s->pktout, pkblob, pkblob_len,
7230 sigblob, sigblob_len);
7235 ssh2_pkt_send(ssh, s->pktout);
7236 s->type = AUTH_TYPE_PUBLICKEY;
7237 key->alg->freekey(key->data);
7240 } else if (s->can_keyb_inter && !s->kbd_inter_refused) {
7243 * Keyboard-interactive authentication.
7246 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
7248 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
7249 ssh->pkt_ctx |= SSH2_PKTCTX_KBDINTER;
7251 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7252 ssh2_pkt_addstring(s->pktout, s->username);
7253 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7254 /* service requested */
7255 ssh2_pkt_addstring(s->pktout, "keyboard-interactive");
7257 ssh2_pkt_addstring(s->pktout, ""); /* lang */
7258 ssh2_pkt_addstring(s->pktout, ""); /* submethods */
7259 ssh2_pkt_send(ssh, s->pktout);
7261 crWaitUntilV(pktin);
7262 if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
7263 /* Server is not willing to do keyboard-interactive
7264 * at all (or, bizarrely but legally, accepts the
7265 * user without actually issuing any prompts).
7266 * Give up on it entirely. */
7268 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE)
7269 logevent("Keyboard-interactive authentication refused");
7270 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
7271 s->kbd_inter_refused = TRUE; /* don't try it again */
7276 * Loop while the server continues to send INFO_REQUESTs.
7278 while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
7280 char *name, *inst, *lang;
7281 int name_len, inst_len, lang_len;
7285 * We've got a fresh USERAUTH_INFO_REQUEST.
7286 * Get the preamble and start building a prompt.
7288 ssh_pkt_getstring(pktin, &name, &name_len);
7289 ssh_pkt_getstring(pktin, &inst, &inst_len);
7290 ssh_pkt_getstring(pktin, &lang, &lang_len);
7291 s->cur_prompt = new_prompts(ssh->frontend);
7292 s->cur_prompt->to_server = TRUE;
7294 /* FIXME: better prefix to distinguish from
7296 s->cur_prompt->name =
7297 dupprintf("SSH server: %.*s", name_len, name);
7298 s->cur_prompt->name_reqd = TRUE;
7300 s->cur_prompt->name =
7301 dupstr("SSH server authentication");
7302 s->cur_prompt->name_reqd = FALSE;
7304 /* FIXME: ugly to print "Using..." in prompt _every_
7305 * time round. Can this be done more subtly? */
7306 s->cur_prompt->instruction =
7307 dupprintf("Using keyboard-interactive authentication.%s%.*s",
7308 inst_len ? "\n" : "", inst_len, inst);
7309 s->cur_prompt->instr_reqd = TRUE;
7312 * Get the prompts from the packet.
7314 s->num_prompts = ssh_pkt_getuint32(pktin);
7315 for (i = 0; i < s->num_prompts; i++) {
7319 static char noprompt[] =
7320 "<server failed to send prompt>: ";
7322 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
7323 echo = ssh2_pkt_getbool(pktin);
7326 prompt_len = lenof(noprompt)-1;
7328 add_prompt(s->cur_prompt,
7329 dupprintf("%.*s", prompt_len, prompt),
7330 echo, SSH_MAX_PASSWORD_LEN);
7334 * Get the user's responses.
7336 if (s->num_prompts) {
7337 int ret; /* not live over crReturn */
7338 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7341 crWaitUntilV(!pktin);
7342 ret = get_userpass_input(s->cur_prompt, in, inlen);
7347 * Failed to get responses. Terminate.
7349 free_prompts(s->cur_prompt);
7350 ssh_disconnect(ssh, NULL, "Unable to authenticate",
7351 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
7358 * Send the responses to the server.
7360 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
7361 s->pktout->forcepad = 256;
7362 ssh2_pkt_adduint32(s->pktout, s->num_prompts);
7363 for (i=0; i < s->num_prompts; i++) {
7364 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
7365 ssh2_pkt_addstring(s->pktout,
7366 s->cur_prompt->prompts[i]->result);
7367 end_log_omission(ssh, s->pktout);
7369 ssh2_pkt_send(ssh, s->pktout);
7372 * Get the next packet in case it's another
7375 crWaitUntilV(pktin);
7380 * We should have SUCCESS or FAILURE now.
7384 } else if (s->can_passwd) {
7387 * Plain old password authentication.
7389 int ret; /* not live over crReturn */
7390 int changereq_first_time; /* not live over crReturn */
7392 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
7393 ssh->pkt_ctx |= SSH2_PKTCTX_PASSWORD;
7395 s->cur_prompt = new_prompts(ssh->frontend);
7396 s->cur_prompt->to_server = TRUE;
7397 s->cur_prompt->name = dupstr("SSH password");
7398 add_prompt(s->cur_prompt, dupprintf("%.90s@%.90s's password: ",
7401 FALSE, SSH_MAX_PASSWORD_LEN);
7403 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7406 crWaitUntilV(!pktin);
7407 ret = get_userpass_input(s->cur_prompt, in, inlen);
7412 * Failed to get responses. Terminate.
7414 free_prompts(s->cur_prompt);
7415 ssh_disconnect(ssh, NULL, "Unable to authenticate",
7416 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
7421 * Squirrel away the password. (We may need it later if
7422 * asked to change it.)
7424 s->password = dupstr(s->cur_prompt->prompts[0]->result);
7425 free_prompts(s->cur_prompt);
7428 * Send the password packet.
7430 * We pad out the password packet to 256 bytes to make
7431 * it harder for an attacker to find the length of the
7434 * Anyone using a password longer than 256 bytes
7435 * probably doesn't have much to worry about from
7436 * people who find out how long their password is!
7438 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7439 s->pktout->forcepad = 256;
7440 ssh2_pkt_addstring(s->pktout, s->username);
7441 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7442 /* service requested */
7443 ssh2_pkt_addstring(s->pktout, "password");
7444 ssh2_pkt_addbool(s->pktout, FALSE);
7445 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
7446 ssh2_pkt_addstring(s->pktout, s->password);
7447 end_log_omission(ssh, s->pktout);
7448 ssh2_pkt_send(ssh, s->pktout);
7449 logevent("Sent password");
7450 s->type = AUTH_TYPE_PASSWORD;
7453 * Wait for next packet, in case it's a password change
7456 crWaitUntilV(pktin);
7457 changereq_first_time = TRUE;
7459 while (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
7462 * We're being asked for a new password
7463 * (perhaps not for the first time).
7464 * Loop until the server accepts it.
7467 int got_new = FALSE; /* not live over crReturn */
7468 char *prompt; /* not live over crReturn */
7469 int prompt_len; /* not live over crReturn */
7473 if (changereq_first_time)
7474 msg = "Server requested password change";
7476 msg = "Server rejected new password";
7478 c_write_str(ssh, msg);
7479 c_write_str(ssh, "\r\n");
7482 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
7484 s->cur_prompt = new_prompts(ssh->frontend);
7485 s->cur_prompt->to_server = TRUE;
7486 s->cur_prompt->name = dupstr("New SSH password");
7487 s->cur_prompt->instruction =
7488 dupprintf("%.*s", prompt_len, prompt);
7489 s->cur_prompt->instr_reqd = TRUE;
7490 add_prompt(s->cur_prompt, dupstr("Enter new password: "),
7491 FALSE, SSH_MAX_PASSWORD_LEN);
7492 add_prompt(s->cur_prompt, dupstr("Confirm new password: "),
7493 FALSE, SSH_MAX_PASSWORD_LEN);
7496 * Loop until the user manages to enter the same
7501 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7504 crWaitUntilV(!pktin);
7505 ret = get_userpass_input(s->cur_prompt, in, inlen);
7510 * Failed to get responses. Terminate.
7512 /* burn the evidence */
7513 free_prompts(s->cur_prompt);
7514 memset(s->password, 0, strlen(s->password));
7516 ssh_disconnect(ssh, NULL, "Unable to authenticate",
7517 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
7523 * Check the two passwords match.
7525 got_new = (strcmp(s->cur_prompt->prompts[0]->result,
7526 s->cur_prompt->prompts[1]->result)
7529 /* They don't. Silly user. */
7530 c_write_str(ssh, "Passwords do not match\r\n");
7535 * Send the new password (along with the old one).
7536 * (see above for padding rationale)
7538 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7539 s->pktout->forcepad = 256;
7540 ssh2_pkt_addstring(s->pktout, s->username);
7541 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7542 /* service requested */
7543 ssh2_pkt_addstring(s->pktout, "password");
7544 ssh2_pkt_addbool(s->pktout, TRUE);
7545 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
7546 ssh2_pkt_addstring(s->pktout, s->password);
7547 ssh2_pkt_addstring(s->pktout,
7548 s->cur_prompt->prompts[0]->result);
7549 free_prompts(s->cur_prompt);
7550 end_log_omission(ssh, s->pktout);
7551 ssh2_pkt_send(ssh, s->pktout);
7552 logevent("Sent new password");
7555 * Now see what the server has to say about it.
7556 * (If it's CHANGEREQ again, it's not happy with the
7559 crWaitUntilV(pktin);
7560 changereq_first_time = FALSE;
7565 * We need to reexamine the current pktin at the top
7566 * of the loop. Either:
7567 * - we weren't asked to change password at all, in
7568 * which case it's a SUCCESS or FAILURE with the
7570 * - we sent a new password, and the server was
7571 * either OK with it (SUCCESS or FAILURE w/partial
7572 * success) or unhappy with the _old_ password
7573 * (FAILURE w/o partial success)
7574 * In any of these cases, we go back to the top of
7575 * the loop and start again.
7580 * We don't need the old password any more, in any
7581 * case. Burn the evidence.
7583 memset(s->password, 0, strlen(s->password));
7588 ssh_disconnect(ssh, NULL,
7589 "No supported authentication methods available",
7590 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,
7598 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
7600 /* Clear up various bits and pieces from authentication. */
7601 if (s->publickey_blob) {
7602 sfree(s->publickey_blob);
7603 sfree(s->publickey_comment);
7605 if (s->agent_response)
7606 sfree(s->agent_response);
7609 * Now the connection protocol has started, one way or another.
7612 ssh->channels = newtree234(ssh_channelcmp);
7615 * Set up handlers for some connection protocol messages, so we
7616 * don't have to handle them repeatedly in this coroutine.
7618 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] =
7619 ssh2_msg_channel_window_adjust;
7620 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] =
7621 ssh2_msg_global_request;
7624 * Create the main session channel.
7626 if (ssh->cfg.ssh_no_shell) {
7627 ssh->mainchan = NULL;
7628 } else if (*ssh->cfg.ssh_nc_host) {
7630 * Just start a direct-tcpip channel and use it as the main
7633 ssh->mainchan = snew(struct ssh_channel);
7634 ssh->mainchan->ssh = ssh;
7635 ssh->mainchan->localid = alloc_channel_id(ssh);
7636 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
7637 ssh2_pkt_addstring(s->pktout, "direct-tcpip");
7638 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
7639 ssh->mainchan->v.v2.locwindow = OUR_V2_WINSIZE;
7640 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
7641 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
7642 ssh2_pkt_addstring(s->pktout, ssh->cfg.ssh_nc_host);
7643 ssh2_pkt_adduint32(s->pktout, ssh->cfg.ssh_nc_port);
7645 * We make up values for the originator data; partly it's
7646 * too much hassle to keep track, and partly I'm not
7647 * convinced the server should be told details like that
7648 * about my local network configuration.
7649 * The "originator IP address" is syntactically a numeric
7650 * IP address, and some servers (e.g., Tectia) get upset
7651 * if it doesn't match this syntax.
7653 ssh2_pkt_addstring(s->pktout, "0.0.0.0");
7654 ssh2_pkt_adduint32(s->pktout, 0);
7655 ssh2_pkt_send(ssh, s->pktout);
7657 crWaitUntilV(pktin);
7658 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
7659 bombout(("Server refused to open a direct-tcpip channel"));
7661 /* FIXME: error data comes back in FAILURE packet */
7663 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
7664 bombout(("Server's channel confirmation cited wrong channel"));
7667 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
7668 ssh->mainchan->halfopen = FALSE;
7669 ssh->mainchan->type = CHAN_MAINSESSION;
7670 ssh->mainchan->closes = 0;
7671 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
7672 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
7673 bufchain_init(&ssh->mainchan->v.v2.outbuffer);
7674 add234(ssh->channels, ssh->mainchan);
7675 update_specials_menu(ssh->frontend);
7676 logevent("Opened direct-tcpip channel in place of session");
7679 ssh->mainchan = snew(struct ssh_channel);
7680 ssh->mainchan->ssh = ssh;
7681 ssh->mainchan->localid = alloc_channel_id(ssh);
7682 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
7683 ssh2_pkt_addstring(s->pktout, "session");
7684 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
7685 ssh->mainchan->v.v2.locwindow = OUR_V2_WINSIZE;
7686 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
7687 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
7688 ssh2_pkt_send(ssh, s->pktout);
7689 crWaitUntilV(pktin);
7690 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
7691 bombout(("Server refused to open a session"));
7693 /* FIXME: error data comes back in FAILURE packet */
7695 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
7696 bombout(("Server's channel confirmation cited wrong channel"));
7699 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
7700 ssh->mainchan->halfopen = FALSE;
7701 ssh->mainchan->type = CHAN_MAINSESSION;
7702 ssh->mainchan->closes = 0;
7703 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
7704 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
7705 bufchain_init(&ssh->mainchan->v.v2.outbuffer);
7706 add234(ssh->channels, ssh->mainchan);
7707 update_specials_menu(ssh->frontend);
7708 logevent("Opened channel for session");
7709 ssh->ncmode = FALSE;
7713 * Now we have a channel, make dispatch table entries for
7714 * general channel-based messages.
7716 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] =
7717 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] =
7718 ssh2_msg_channel_data;
7719 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_channel_eof;
7720 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_channel_close;
7721 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] =
7722 ssh2_msg_channel_open_confirmation;
7723 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] =
7724 ssh2_msg_channel_open_failure;
7725 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] =
7726 ssh2_msg_channel_request;
7727 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] =
7728 ssh2_msg_channel_open;
7731 * Potentially enable X11 forwarding.
7733 if (ssh->mainchan && !ssh->ncmode && ssh->cfg.x11_forward) {
7734 char proto[20], data[64];
7735 logevent("Requesting X11 forwarding");
7736 ssh->x11auth = x11_invent_auth(proto, sizeof(proto),
7737 data, sizeof(data), ssh->cfg.x11_auth);
7738 x11_get_real_auth(ssh->x11auth, ssh->cfg.x11_display);
7739 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
7740 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
7741 ssh2_pkt_addstring(s->pktout, "x11-req");
7742 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7743 ssh2_pkt_addbool(s->pktout, 0); /* many connections */
7744 ssh2_pkt_addstring(s->pktout, proto);
7746 * Note that while we blank the X authentication data here, we don't
7747 * take any special action to blank the start of an X11 channel,
7748 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
7749 * without having session blanking enabled is likely to leak your
7750 * cookie into the log.
7752 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
7753 ssh2_pkt_addstring(s->pktout, data);
7754 end_log_omission(ssh, s->pktout);
7755 ssh2_pkt_adduint32(s->pktout, x11_get_screen_number(ssh->cfg.x11_display));
7756 ssh2_pkt_send(ssh, s->pktout);
7758 crWaitUntilV(pktin);
7760 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
7761 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
7762 bombout(("Unexpected response to X11 forwarding request:"
7763 " packet type %d", pktin->type));
7766 logevent("X11 forwarding refused");
7768 logevent("X11 forwarding enabled");
7769 ssh->X11_fwd_enabled = TRUE;
7774 * Enable port forwardings.
7776 ssh_setup_portfwd(ssh, &ssh->cfg);
7779 * Potentially enable agent forwarding.
7781 if (ssh->mainchan && !ssh->ncmode && ssh->cfg.agentfwd && agent_exists()) {
7782 logevent("Requesting OpenSSH-style agent forwarding");
7783 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
7784 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
7785 ssh2_pkt_addstring(s->pktout, "auth-agent-req@openssh.com");
7786 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7787 ssh2_pkt_send(ssh, s->pktout);
7789 crWaitUntilV(pktin);
7791 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
7792 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
7793 bombout(("Unexpected response to agent forwarding request:"
7794 " packet type %d", pktin->type));
7797 logevent("Agent forwarding refused");
7799 logevent("Agent forwarding enabled");
7800 ssh->agentfwd_enabled = TRUE;
7805 * Now allocate a pty for the session.
7807 if (ssh->mainchan && !ssh->ncmode && !ssh->cfg.nopty) {
7808 /* Unpick the terminal-speed string. */
7809 /* XXX perhaps we should allow no speeds to be sent. */
7810 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
7811 sscanf(ssh->cfg.termspeed, "%d,%d", &ssh->ospeed, &ssh->ispeed);
7812 /* Build the pty request. */
7813 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
7814 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
7815 ssh2_pkt_addstring(s->pktout, "pty-req");
7816 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7817 ssh2_pkt_addstring(s->pktout, ssh->cfg.termtype);
7818 ssh2_pkt_adduint32(s->pktout, ssh->term_width);
7819 ssh2_pkt_adduint32(s->pktout, ssh->term_height);
7820 ssh2_pkt_adduint32(s->pktout, 0); /* pixel width */
7821 ssh2_pkt_adduint32(s->pktout, 0); /* pixel height */
7822 ssh2_pkt_addstring_start(s->pktout);
7823 parse_ttymodes(ssh, ssh->cfg.ttymodes,
7824 ssh2_send_ttymode, (void *)s->pktout);
7825 ssh2_pkt_addbyte(s->pktout, SSH2_TTY_OP_ISPEED);
7826 ssh2_pkt_adduint32(s->pktout, ssh->ispeed);
7827 ssh2_pkt_addbyte(s->pktout, SSH2_TTY_OP_OSPEED);
7828 ssh2_pkt_adduint32(s->pktout, ssh->ospeed);
7829 ssh2_pkt_addstring_data(s->pktout, "\0", 1); /* TTY_OP_END */
7830 ssh2_pkt_send(ssh, s->pktout);
7831 ssh->state = SSH_STATE_INTERMED;
7833 crWaitUntilV(pktin);
7835 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
7836 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
7837 bombout(("Unexpected response to pty request:"
7838 " packet type %d", pktin->type));
7841 c_write_str(ssh, "Server refused to allocate pty\r\n");
7842 ssh->editing = ssh->echoing = 1;
7844 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
7845 ssh->ospeed, ssh->ispeed);
7848 ssh->editing = ssh->echoing = 1;
7852 * Send environment variables.
7854 * Simplest thing here is to send all the requests at once, and
7855 * then wait for a whole bunch of successes or failures.
7857 if (ssh->mainchan && !ssh->ncmode && *ssh->cfg.environmt) {
7858 char *e = ssh->cfg.environmt;
7859 char *var, *varend, *val;
7865 while (*e && *e != '\t') e++;
7867 if (*e == '\t') e++;
7872 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
7873 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
7874 ssh2_pkt_addstring(s->pktout, "env");
7875 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7876 ssh2_pkt_addstring_start(s->pktout);
7877 ssh2_pkt_addstring_data(s->pktout, var, varend-var);
7878 ssh2_pkt_addstring(s->pktout, val);
7879 ssh2_pkt_send(ssh, s->pktout);
7884 logeventf(ssh, "Sent %d environment variables", s->num_env);
7887 s->env_left = s->num_env;
7889 while (s->env_left > 0) {
7890 crWaitUntilV(pktin);
7892 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
7893 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
7894 bombout(("Unexpected response to environment request:"
7895 " packet type %d", pktin->type));
7905 if (s->env_ok == s->num_env) {
7906 logevent("All environment variables successfully set");
7907 } else if (s->env_ok == 0) {
7908 logevent("All environment variables refused");
7909 c_write_str(ssh, "Server refused to set environment variables\r\n");
7911 logeventf(ssh, "%d environment variables refused",
7912 s->num_env - s->env_ok);
7913 c_write_str(ssh, "Server refused to set all environment variables\r\n");
7918 * Start a shell or a remote command. We may have to attempt
7919 * this twice if the config data has provided a second choice
7922 if (ssh->mainchan && !ssh->ncmode) while (1) {
7926 if (ssh->fallback_cmd) {
7927 subsys = ssh->cfg.ssh_subsys2;
7928 cmd = ssh->cfg.remote_cmd_ptr2;
7930 subsys = ssh->cfg.ssh_subsys;
7931 cmd = ssh->cfg.remote_cmd_ptr;
7932 if (!cmd) cmd = ssh->cfg.remote_cmd;
7935 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
7936 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
7938 ssh2_pkt_addstring(s->pktout, "subsystem");
7939 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7940 ssh2_pkt_addstring(s->pktout, cmd);
7942 ssh2_pkt_addstring(s->pktout, "exec");
7943 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7944 ssh2_pkt_addstring(s->pktout, cmd);
7946 ssh2_pkt_addstring(s->pktout, "shell");
7947 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7949 ssh2_pkt_send(ssh, s->pktout);
7951 crWaitUntilV(pktin);
7953 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
7954 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
7955 bombout(("Unexpected response to shell/command request:"
7956 " packet type %d", pktin->type));
7960 * We failed to start the command. If this is the
7961 * fallback command, we really are finished; if it's
7962 * not, and if the fallback command exists, try falling
7963 * back to it before complaining.
7965 if (!ssh->fallback_cmd && ssh->cfg.remote_cmd_ptr2 != NULL) {
7966 logevent("Primary command failed; attempting fallback");
7967 ssh->fallback_cmd = TRUE;
7970 bombout(("Server refused to start a shell/command"));
7973 logevent("Started a shell/command");
7978 ssh->state = SSH_STATE_SESSION;
7979 if (ssh->size_needed)
7980 ssh_size(ssh, ssh->term_width, ssh->term_height);
7981 if (ssh->eof_needed)
7982 ssh_special(ssh, TS_EOF);
7988 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
7993 s->try_send = FALSE;
7997 * _All_ the connection-layer packets we expect to
7998 * receive are now handled by the dispatch table.
7999 * Anything that reaches here must be bogus.
8002 bombout(("Strange packet received: type %d", pktin->type));
8004 } else if (ssh->mainchan) {
8006 * We have spare data. Add it to the channel buffer.
8008 ssh2_add_channel_data(ssh->mainchan, (char *)in, inlen);
8013 struct ssh_channel *c;
8015 * Try to send data on all channels if we can.
8017 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
8018 ssh2_try_send_and_unthrottle(c);
8026 * Handlers for SSH-2 messages that might arrive at any moment.
8028 static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
8030 /* log reason code in disconnect message */
8032 int nowlen, reason, msglen;
8034 reason = ssh_pkt_getuint32(pktin);
8035 ssh_pkt_getstring(pktin, &msg, &msglen);
8037 if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
8038 buf = dupprintf("Received disconnect message (%s)",
8039 ssh2_disconnect_reasons[reason]);
8041 buf = dupprintf("Received disconnect message (unknown"
8042 " type %d)", reason);
8046 buf = dupprintf("Disconnection message text: %n%.*s",
8047 &nowlen, msglen, msg);
8049 bombout(("Server sent disconnect message\ntype %d (%s):\n\"%s\"",
8051 (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
8052 ssh2_disconnect_reasons[reason] : "unknown",
8057 static void ssh2_msg_debug(Ssh ssh, struct Packet *pktin)
8059 /* log the debug message */
8064 /* XXX maybe we should actually take notice of this */
8065 always_display = ssh2_pkt_getbool(pktin);
8066 ssh_pkt_getstring(pktin, &msg, &msglen);
8068 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
8071 static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
8073 struct Packet *pktout;
8074 pktout = ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED);
8075 ssh2_pkt_adduint32(pktout, pktin->sequence);
8077 * UNIMPLEMENTED messages MUST appear in the same order as the
8078 * messages they respond to. Hence, never queue them.
8080 ssh2_pkt_send_noqueue(ssh, pktout);
8084 * Handle the top-level SSH-2 protocol.
8086 static void ssh2_protocol_setup(Ssh ssh)
8091 * Most messages cause SSH2_MSG_UNIMPLEMENTED.
8093 for (i = 0; i < 256; i++)
8094 ssh->packet_dispatch[i] = ssh2_msg_something_unimplemented;
8097 * Any message we actually understand, we set to NULL so that
8098 * the coroutines will get it.
8100 ssh->packet_dispatch[SSH2_MSG_UNIMPLEMENTED] = NULL;
8101 ssh->packet_dispatch[SSH2_MSG_SERVICE_REQUEST] = NULL;
8102 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = NULL;
8103 ssh->packet_dispatch[SSH2_MSG_KEXINIT] = NULL;
8104 ssh->packet_dispatch[SSH2_MSG_NEWKEYS] = NULL;
8105 ssh->packet_dispatch[SSH2_MSG_KEXDH_INIT] = NULL;
8106 ssh->packet_dispatch[SSH2_MSG_KEXDH_REPLY] = NULL;
8107 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REQUEST] = NULL; duplicate case value */
8108 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_GROUP] = NULL; duplicate case value */
8109 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_INIT] = NULL;
8110 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REPLY] = NULL;
8111 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = NULL;
8112 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = NULL;
8113 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = NULL;
8114 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
8115 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = NULL;
8116 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = NULL; duplicate case value */
8117 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = NULL; duplicate case value */
8118 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = NULL;
8119 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = NULL;
8120 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = NULL;
8121 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = NULL;
8122 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = NULL;
8123 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = NULL;
8124 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = NULL;
8125 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = NULL;
8126 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = NULL;
8127 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = NULL;
8128 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = NULL;
8129 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = NULL;
8130 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] = NULL;
8131 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = NULL;
8132 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = NULL;
8135 * These special message types we install handlers for.
8137 ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
8138 ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
8139 ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
8142 static void ssh2_timer(void *ctx, long now)
8146 if (ssh->state == SSH_STATE_CLOSED)
8149 if (!ssh->kex_in_progress && ssh->cfg.ssh_rekey_time != 0 &&
8150 now - ssh->next_rekey >= 0) {
8151 do_ssh2_transport(ssh, "timeout", -1, NULL);
8155 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
8156 struct Packet *pktin)
8158 unsigned char *in = (unsigned char *)vin;
8159 if (ssh->state == SSH_STATE_CLOSED)
8163 ssh->incoming_data_size += pktin->encrypted_len;
8164 if (!ssh->kex_in_progress &&
8165 ssh->max_data_size != 0 &&
8166 ssh->incoming_data_size > ssh->max_data_size)
8167 do_ssh2_transport(ssh, "too much data received", -1, NULL);
8170 if (pktin && ssh->packet_dispatch[pktin->type]) {
8171 ssh->packet_dispatch[pktin->type](ssh, pktin);
8175 if (!ssh->protocol_initial_phase_done ||
8176 (pktin && pktin->type >= 20 && pktin->type < 50)) {
8177 if (do_ssh2_transport(ssh, in, inlen, pktin) &&
8178 !ssh->protocol_initial_phase_done) {
8179 ssh->protocol_initial_phase_done = TRUE;
8181 * Allow authconn to initialise itself.
8183 do_ssh2_authconn(ssh, NULL, 0, NULL);
8186 do_ssh2_authconn(ssh, in, inlen, pktin);
8191 * Called to set up the connection.
8193 * Returns an error message, or NULL on success.
8195 static const char *ssh_init(void *frontend_handle, void **backend_handle,
8197 char *host, int port, char **realhost, int nodelay,
8203 ssh = snew(struct ssh_tag);
8204 ssh->cfg = *cfg; /* STRUCTURE COPY */
8205 ssh->version = 0; /* when not ready yet */
8208 ssh->v1_cipher_ctx = NULL;
8209 ssh->crcda_ctx = NULL;
8210 ssh->cscipher = NULL;
8211 ssh->cs_cipher_ctx = NULL;
8212 ssh->sccipher = NULL;
8213 ssh->sc_cipher_ctx = NULL;
8215 ssh->cs_mac_ctx = NULL;
8217 ssh->sc_mac_ctx = NULL;
8219 ssh->cs_comp_ctx = NULL;
8221 ssh->sc_comp_ctx = NULL;
8223 ssh->kex_ctx = NULL;
8224 ssh->hostkey = NULL;
8226 ssh->close_expected = FALSE;
8227 ssh->clean_exit = FALSE;
8228 ssh->state = SSH_STATE_PREPACKET;
8229 ssh->size_needed = FALSE;
8230 ssh->eof_needed = FALSE;
8233 ssh->deferred_send_data = NULL;
8234 ssh->deferred_len = 0;
8235 ssh->deferred_size = 0;
8236 ssh->fallback_cmd = 0;
8238 ssh->x11auth = NULL;
8239 ssh->v1_compressing = FALSE;
8240 ssh->v2_outgoing_sequence = 0;
8241 ssh->ssh1_rdpkt_crstate = 0;
8242 ssh->ssh2_rdpkt_crstate = 0;
8243 ssh->do_ssh_init_crstate = 0;
8244 ssh->ssh_gotdata_crstate = 0;
8245 ssh->do_ssh1_connection_crstate = 0;
8246 ssh->do_ssh1_login_crstate = 0;
8247 ssh->do_ssh2_transport_crstate = 0;
8248 ssh->do_ssh2_authconn_crstate = 0;
8249 ssh->do_ssh_init_state = NULL;
8250 ssh->do_ssh1_login_state = NULL;
8251 ssh->do_ssh2_transport_state = NULL;
8252 ssh->do_ssh2_authconn_state = NULL;
8255 ssh->mainchan = NULL;
8256 ssh->throttled_all = 0;
8257 ssh->v1_stdout_throttling = 0;
8259 ssh->queuelen = ssh->queuesize = 0;
8260 ssh->queueing = FALSE;
8261 ssh->qhead = ssh->qtail = NULL;
8262 ssh->deferred_rekey_reason = NULL;
8263 bufchain_init(&ssh->queued_incoming_data);
8264 ssh->frozen = FALSE;
8266 *backend_handle = ssh;
8269 if (crypto_startup() == 0)
8270 return "Microsoft high encryption pack not installed!";
8273 ssh->frontend = frontend_handle;
8274 ssh->term_width = ssh->cfg.width;
8275 ssh->term_height = ssh->cfg.height;
8277 ssh->channels = NULL;
8278 ssh->rportfwds = NULL;
8279 ssh->portfwds = NULL;
8284 ssh->v1_throttle_count = 0;
8285 ssh->overall_bufsize = 0;
8286 ssh->fallback_cmd = 0;
8288 ssh->protocol = NULL;
8290 ssh->protocol_initial_phase_done = FALSE;
8294 ssh->incoming_data_size = ssh->outgoing_data_size =
8295 ssh->deferred_data_size = 0L;
8296 ssh->max_data_size = parse_blocksize(ssh->cfg.ssh_rekey_data);
8297 ssh->kex_in_progress = FALSE;
8299 p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
8308 static void ssh_free(void *handle)
8310 Ssh ssh = (Ssh) handle;
8311 struct ssh_channel *c;
8312 struct ssh_rportfwd *pf;
8314 if (ssh->v1_cipher_ctx)
8315 ssh->cipher->free_context(ssh->v1_cipher_ctx);
8316 if (ssh->cs_cipher_ctx)
8317 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
8318 if (ssh->sc_cipher_ctx)
8319 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
8320 if (ssh->cs_mac_ctx)
8321 ssh->csmac->free_context(ssh->cs_mac_ctx);
8322 if (ssh->sc_mac_ctx)
8323 ssh->scmac->free_context(ssh->sc_mac_ctx);
8324 if (ssh->cs_comp_ctx) {
8326 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
8328 zlib_compress_cleanup(ssh->cs_comp_ctx);
8330 if (ssh->sc_comp_ctx) {
8332 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
8334 zlib_decompress_cleanup(ssh->sc_comp_ctx);
8337 dh_cleanup(ssh->kex_ctx);
8338 sfree(ssh->savedhost);
8340 while (ssh->queuelen-- > 0)
8341 ssh_free_packet(ssh->queue[ssh->queuelen]);
8344 while (ssh->qhead) {
8345 struct queued_handler *qh = ssh->qhead;
8346 ssh->qhead = qh->next;
8349 ssh->qhead = ssh->qtail = NULL;
8351 if (ssh->channels) {
8352 while ((c = delpos234(ssh->channels, 0)) != NULL) {
8355 if (c->u.x11.s != NULL)
8356 x11_close(c->u.x11.s);
8359 if (c->u.pfd.s != NULL)
8360 pfd_close(c->u.pfd.s);
8365 freetree234(ssh->channels);
8366 ssh->channels = NULL;
8369 if (ssh->rportfwds) {
8370 while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
8372 freetree234(ssh->rportfwds);
8373 ssh->rportfwds = NULL;
8375 sfree(ssh->deferred_send_data);
8377 x11_free_auth(ssh->x11auth);
8378 sfree(ssh->do_ssh_init_state);
8379 sfree(ssh->do_ssh1_login_state);
8380 sfree(ssh->do_ssh2_transport_state);
8381 sfree(ssh->do_ssh2_authconn_state);
8384 if (ssh->crcda_ctx) {
8385 crcda_free_context(ssh->crcda_ctx);
8386 ssh->crcda_ctx = NULL;
8389 ssh_do_close(ssh, TRUE);
8390 expire_timer_context(ssh);
8392 pinger_free(ssh->pinger);
8393 bufchain_clear(&ssh->queued_incoming_data);
8400 * Reconfigure the SSH backend.
8402 static void ssh_reconfig(void *handle, Config *cfg)
8404 Ssh ssh = (Ssh) handle;
8405 char *rekeying = NULL, rekey_mandatory = FALSE;
8406 unsigned long old_max_data_size;
8408 pinger_reconfig(ssh->pinger, &ssh->cfg, cfg);
8410 ssh_setup_portfwd(ssh, cfg);
8412 if (ssh->cfg.ssh_rekey_time != cfg->ssh_rekey_time &&
8413 cfg->ssh_rekey_time != 0) {
8414 long new_next = ssh->last_rekey + cfg->ssh_rekey_time*60*TICKSPERSEC;
8415 long now = GETTICKCOUNT();
8417 if (new_next - now < 0) {
8418 rekeying = "timeout shortened";
8420 ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
8424 old_max_data_size = ssh->max_data_size;
8425 ssh->max_data_size = parse_blocksize(cfg->ssh_rekey_data);
8426 if (old_max_data_size != ssh->max_data_size &&
8427 ssh->max_data_size != 0) {
8428 if (ssh->outgoing_data_size > ssh->max_data_size ||
8429 ssh->incoming_data_size > ssh->max_data_size)
8430 rekeying = "data limit lowered";
8433 if (ssh->cfg.compression != cfg->compression) {
8434 rekeying = "compression setting changed";
8435 rekey_mandatory = TRUE;
8438 if (ssh->cfg.ssh2_des_cbc != cfg->ssh2_des_cbc ||
8439 memcmp(ssh->cfg.ssh_cipherlist, cfg->ssh_cipherlist,
8440 sizeof(ssh->cfg.ssh_cipherlist))) {
8441 rekeying = "cipher settings changed";
8442 rekey_mandatory = TRUE;
8445 ssh->cfg = *cfg; /* STRUCTURE COPY */
8448 if (!ssh->kex_in_progress) {
8449 do_ssh2_transport(ssh, rekeying, -1, NULL);
8450 } else if (rekey_mandatory) {
8451 ssh->deferred_rekey_reason = rekeying;
8457 * Called to send data down the SSH connection.
8459 static int ssh_send(void *handle, char *buf, int len)
8461 Ssh ssh = (Ssh) handle;
8463 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
8466 ssh->protocol(ssh, (unsigned char *)buf, len, 0);
8468 return ssh_sendbuffer(ssh);
8472 * Called to query the current amount of buffered stdin data.
8474 static int ssh_sendbuffer(void *handle)
8476 Ssh ssh = (Ssh) handle;
8479 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
8483 * If the SSH socket itself has backed up, add the total backup
8484 * size on that to any individual buffer on the stdin channel.
8487 if (ssh->throttled_all)
8488 override_value = ssh->overall_bufsize;
8490 if (ssh->version == 1) {
8491 return override_value;
8492 } else if (ssh->version == 2) {
8493 if (!ssh->mainchan || ssh->mainchan->closes > 0)
8494 return override_value;
8496 return (override_value +
8497 bufchain_size(&ssh->mainchan->v.v2.outbuffer));
8504 * Called to set the size of the window from SSH's POV.
8506 static void ssh_size(void *handle, int width, int height)
8508 Ssh ssh = (Ssh) handle;
8509 struct Packet *pktout;
8511 ssh->term_width = width;
8512 ssh->term_height = height;
8514 switch (ssh->state) {
8515 case SSH_STATE_BEFORE_SIZE:
8516 case SSH_STATE_PREPACKET:
8517 case SSH_STATE_CLOSED:
8518 break; /* do nothing */
8519 case SSH_STATE_INTERMED:
8520 ssh->size_needed = TRUE; /* buffer for later */
8522 case SSH_STATE_SESSION:
8523 if (!ssh->cfg.nopty) {
8524 if (ssh->version == 1) {
8525 send_packet(ssh, SSH1_CMSG_WINDOW_SIZE,
8526 PKT_INT, ssh->term_height,
8527 PKT_INT, ssh->term_width,
8528 PKT_INT, 0, PKT_INT, 0, PKT_END);
8529 } else if (ssh->mainchan) {
8530 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8531 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
8532 ssh2_pkt_addstring(pktout, "window-change");
8533 ssh2_pkt_addbool(pktout, 0);
8534 ssh2_pkt_adduint32(pktout, ssh->term_width);
8535 ssh2_pkt_adduint32(pktout, ssh->term_height);
8536 ssh2_pkt_adduint32(pktout, 0);
8537 ssh2_pkt_adduint32(pktout, 0);
8538 ssh2_pkt_send(ssh, pktout);
8546 * Return a list of the special codes that make sense in this
8549 static const struct telnet_special *ssh_get_specials(void *handle)
8551 static const struct telnet_special ssh1_ignore_special[] = {
8552 {"IGNORE message", TS_NOP}
8554 static const struct telnet_special ssh2_transport_specials[] = {
8555 {"IGNORE message", TS_NOP},
8556 {"Repeat key exchange", TS_REKEY},
8558 static const struct telnet_special ssh2_session_specials[] = {
8561 /* These are the signal names defined by draft-ietf-secsh-connect-23.
8562 * They include all the ISO C signals, but are a subset of the POSIX
8563 * required signals. */
8564 {"SIGINT (Interrupt)", TS_SIGINT},
8565 {"SIGTERM (Terminate)", TS_SIGTERM},
8566 {"SIGKILL (Kill)", TS_SIGKILL},
8567 {"SIGQUIT (Quit)", TS_SIGQUIT},
8568 {"SIGHUP (Hangup)", TS_SIGHUP},
8569 {"More signals", TS_SUBMENU},
8570 {"SIGABRT", TS_SIGABRT}, {"SIGALRM", TS_SIGALRM},
8571 {"SIGFPE", TS_SIGFPE}, {"SIGILL", TS_SIGILL},
8572 {"SIGPIPE", TS_SIGPIPE}, {"SIGSEGV", TS_SIGSEGV},
8573 {"SIGUSR1", TS_SIGUSR1}, {"SIGUSR2", TS_SIGUSR2},
8576 static const struct telnet_special specials_end[] = {
8579 /* XXX review this length for any changes: */
8580 static struct telnet_special ssh_specials[lenof(ssh2_transport_specials) +
8581 lenof(ssh2_session_specials) +
8582 lenof(specials_end)];
8583 Ssh ssh = (Ssh) handle;
8585 #define ADD_SPECIALS(name) \
8587 assert((i + lenof(name)) <= lenof(ssh_specials)); \
8588 memcpy(&ssh_specials[i], name, sizeof name); \
8592 if (ssh->version == 1) {
8593 /* Don't bother offering IGNORE if we've decided the remote
8594 * won't cope with it, since we wouldn't bother sending it if
8596 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
8597 ADD_SPECIALS(ssh1_ignore_special);
8598 } else if (ssh->version == 2) {
8599 ADD_SPECIALS(ssh2_transport_specials);
8601 ADD_SPECIALS(ssh2_session_specials);
8602 } /* else we're not ready yet */
8605 ADD_SPECIALS(specials_end);
8606 return ssh_specials;
8614 * Send special codes. TS_EOF is useful for `plink', so you
8615 * can send an EOF and collect resulting output (e.g. `plink
8618 static void ssh_special(void *handle, Telnet_Special code)
8620 Ssh ssh = (Ssh) handle;
8621 struct Packet *pktout;
8623 if (code == TS_EOF) {
8624 if (ssh->state != SSH_STATE_SESSION) {
8626 * Buffer the EOF in case we are pre-SESSION, so we can
8627 * send it as soon as we reach SESSION.
8630 ssh->eof_needed = TRUE;
8633 if (ssh->version == 1) {
8634 send_packet(ssh, SSH1_CMSG_EOF, PKT_END);
8635 } else if (ssh->mainchan) {
8636 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_EOF);
8637 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
8638 ssh2_pkt_send(ssh, pktout);
8639 ssh->send_ok = 0; /* now stop trying to read from stdin */
8641 logevent("Sent EOF message");
8642 } else if (code == TS_PING || code == TS_NOP) {
8643 if (ssh->state == SSH_STATE_CLOSED
8644 || ssh->state == SSH_STATE_PREPACKET) return;
8645 if (ssh->version == 1) {
8646 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
8647 send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
8649 pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
8650 ssh2_pkt_addstring_start(pktout);
8651 ssh2_pkt_send_noqueue(ssh, pktout);
8653 } else if (code == TS_REKEY) {
8654 if (!ssh->kex_in_progress && ssh->version == 2) {
8655 do_ssh2_transport(ssh, "at user request", -1, NULL);
8657 } else if (code == TS_BRK) {
8658 if (ssh->state == SSH_STATE_CLOSED
8659 || ssh->state == SSH_STATE_PREPACKET) return;
8660 if (ssh->version == 1) {
8661 logevent("Unable to send BREAK signal in SSH-1");
8662 } else if (ssh->mainchan) {
8663 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8664 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
8665 ssh2_pkt_addstring(pktout, "break");
8666 ssh2_pkt_addbool(pktout, 0);
8667 ssh2_pkt_adduint32(pktout, 0); /* default break length */
8668 ssh2_pkt_send(ssh, pktout);
8671 /* Is is a POSIX signal? */
8672 char *signame = NULL;
8673 if (code == TS_SIGABRT) signame = "ABRT";
8674 if (code == TS_SIGALRM) signame = "ALRM";
8675 if (code == TS_SIGFPE) signame = "FPE";
8676 if (code == TS_SIGHUP) signame = "HUP";
8677 if (code == TS_SIGILL) signame = "ILL";
8678 if (code == TS_SIGINT) signame = "INT";
8679 if (code == TS_SIGKILL) signame = "KILL";
8680 if (code == TS_SIGPIPE) signame = "PIPE";
8681 if (code == TS_SIGQUIT) signame = "QUIT";
8682 if (code == TS_SIGSEGV) signame = "SEGV";
8683 if (code == TS_SIGTERM) signame = "TERM";
8684 if (code == TS_SIGUSR1) signame = "USR1";
8685 if (code == TS_SIGUSR2) signame = "USR2";
8686 /* The SSH-2 protocol does in principle support arbitrary named
8687 * signals, including signame@domain, but we don't support those. */
8689 /* It's a signal. */
8690 if (ssh->version == 2 && ssh->mainchan) {
8691 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8692 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
8693 ssh2_pkt_addstring(pktout, "signal");
8694 ssh2_pkt_addbool(pktout, 0);
8695 ssh2_pkt_addstring(pktout, signame);
8696 ssh2_pkt_send(ssh, pktout);
8697 logeventf(ssh, "Sent signal SIG%s", signame);
8700 /* Never heard of it. Do nothing */
8705 void *new_sock_channel(void *handle, Socket s)
8707 Ssh ssh = (Ssh) handle;
8708 struct ssh_channel *c;
8709 c = snew(struct ssh_channel);
8714 c->localid = alloc_channel_id(ssh);
8716 c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */
8718 bufchain_init(&c->v.v2.outbuffer);
8719 add234(ssh->channels, c);
8725 * This is called when stdout/stderr (the entity to which
8726 * from_backend sends data) manages to clear some backlog.
8728 static void ssh_unthrottle(void *handle, int bufsize)
8730 Ssh ssh = (Ssh) handle;
8731 if (ssh->version == 1) {
8732 if (ssh->v1_stdout_throttling && bufsize < SSH1_BUFFER_LIMIT) {
8733 ssh->v1_stdout_throttling = 0;
8734 ssh1_throttle(ssh, -1);
8737 if (ssh->mainchan && ssh->mainchan->closes == 0)
8738 ssh2_set_window(ssh->mainchan, OUR_V2_WINSIZE - bufsize);
8742 void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
8744 struct ssh_channel *c = (struct ssh_channel *)channel;
8746 struct Packet *pktout;
8748 logeventf(ssh, "Opening forwarded connection to %s:%d", hostname, port);
8750 if (ssh->version == 1) {
8751 send_packet(ssh, SSH1_MSG_PORT_OPEN,
8752 PKT_INT, c->localid,
8755 /* PKT_STR, <org:orgport>, */
8758 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
8759 ssh2_pkt_addstring(pktout, "direct-tcpip");
8760 ssh2_pkt_adduint32(pktout, c->localid);
8761 c->v.v2.locwindow = OUR_V2_WINSIZE;
8762 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);/* our window size */
8763 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
8764 ssh2_pkt_addstring(pktout, hostname);
8765 ssh2_pkt_adduint32(pktout, port);
8767 * We make up values for the originator data; partly it's
8768 * too much hassle to keep track, and partly I'm not
8769 * convinced the server should be told details like that
8770 * about my local network configuration.
8771 * The "originator IP address" is syntactically a numeric
8772 * IP address, and some servers (e.g., Tectia) get upset
8773 * if it doesn't match this syntax.
8775 ssh2_pkt_addstring(pktout, "0.0.0.0");
8776 ssh2_pkt_adduint32(pktout, 0);
8777 ssh2_pkt_send(ssh, pktout);
8781 static int ssh_connected(void *handle)
8783 Ssh ssh = (Ssh) handle;
8784 return ssh->s != NULL;
8787 static int ssh_sendok(void *handle)
8789 Ssh ssh = (Ssh) handle;
8790 return ssh->send_ok;
8793 static int ssh_ldisc(void *handle, int option)
8795 Ssh ssh = (Ssh) handle;
8796 if (option == LD_ECHO)
8797 return ssh->echoing;
8798 if (option == LD_EDIT)
8799 return ssh->editing;
8803 static void ssh_provide_ldisc(void *handle, void *ldisc)
8805 Ssh ssh = (Ssh) handle;
8809 static void ssh_provide_logctx(void *handle, void *logctx)
8811 Ssh ssh = (Ssh) handle;
8812 ssh->logctx = logctx;
8815 static int ssh_return_exitcode(void *handle)
8817 Ssh ssh = (Ssh) handle;
8821 return (ssh->exitcode >= 0 ? ssh->exitcode : INT_MAX);
8825 * cfg_info for SSH is the currently running version of the
8826 * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
8828 static int ssh_cfg_info(void *handle)
8830 Ssh ssh = (Ssh) handle;
8831 return ssh->version;
8835 * Gross hack: pscp will try to start SFTP but fall back to scp1 if
8836 * that fails. This variable is the means by which scp.c can reach
8837 * into the SSH code and find out which one it got.
8839 extern int ssh_fallback_cmd(void *handle)
8841 Ssh ssh = (Ssh) handle;
8842 return ssh->fallback_cmd;
8845 Backend ssh_backend = {
8855 ssh_return_exitcode,