27 #define SSH1_MSG_DISCONNECT 1 /* 0x1 */
28 #define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */
29 #define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */
30 #define SSH1_CMSG_USER 4 /* 0x4 */
31 #define SSH1_CMSG_AUTH_RSA 6 /* 0x6 */
32 #define SSH1_SMSG_AUTH_RSA_CHALLENGE 7 /* 0x7 */
33 #define SSH1_CMSG_AUTH_RSA_RESPONSE 8 /* 0x8 */
34 #define SSH1_CMSG_AUTH_PASSWORD 9 /* 0x9 */
35 #define SSH1_CMSG_REQUEST_PTY 10 /* 0xa */
36 #define SSH1_CMSG_WINDOW_SIZE 11 /* 0xb */
37 #define SSH1_CMSG_EXEC_SHELL 12 /* 0xc */
38 #define SSH1_CMSG_EXEC_CMD 13 /* 0xd */
39 #define SSH1_SMSG_SUCCESS 14 /* 0xe */
40 #define SSH1_SMSG_FAILURE 15 /* 0xf */
41 #define SSH1_CMSG_STDIN_DATA 16 /* 0x10 */
42 #define SSH1_SMSG_STDOUT_DATA 17 /* 0x11 */
43 #define SSH1_SMSG_STDERR_DATA 18 /* 0x12 */
44 #define SSH1_CMSG_EOF 19 /* 0x13 */
45 #define SSH1_SMSG_EXIT_STATUS 20 /* 0x14 */
46 #define SSH1_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* 0x15 */
47 #define SSH1_MSG_CHANNEL_OPEN_FAILURE 22 /* 0x16 */
48 #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */
49 #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */
50 #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */
51 #define SSH1_SMSG_X11_OPEN 27 /* 0x1b */
52 #define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */
53 #define SSH1_MSG_PORT_OPEN 29 /* 0x1d */
54 #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */
55 #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */
56 #define SSH1_MSG_IGNORE 32 /* 0x20 */
57 #define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */
58 #define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */
59 #define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */
60 #define SSH1_MSG_DEBUG 36 /* 0x24 */
61 #define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */
62 #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */
63 #define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */
64 #define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */
65 #define SSH1_CMSG_AUTH_CCARD 70 /* 0x46 */
66 #define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71 /* 0x47 */
67 #define SSH1_CMSG_AUTH_CCARD_RESPONSE 72 /* 0x48 */
69 #define SSH1_AUTH_RHOSTS 1 /* 0x1 */
70 #define SSH1_AUTH_RSA 2 /* 0x2 */
71 #define SSH1_AUTH_PASSWORD 3 /* 0x3 */
72 #define SSH1_AUTH_RHOSTS_RSA 4 /* 0x4 */
73 #define SSH1_AUTH_TIS 5 /* 0x5 */
74 #define SSH1_AUTH_CCARD 16 /* 0x10 */
76 #define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
77 /* Mask for protoflags we will echo back to server if seen */
78 #define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
80 #define SSH2_MSG_DISCONNECT 1 /* 0x1 */
81 #define SSH2_MSG_IGNORE 2 /* 0x2 */
82 #define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
83 #define SSH2_MSG_DEBUG 4 /* 0x4 */
84 #define SSH2_MSG_SERVICE_REQUEST 5 /* 0x5 */
85 #define SSH2_MSG_SERVICE_ACCEPT 6 /* 0x6 */
86 #define SSH2_MSG_KEXINIT 20 /* 0x14 */
87 #define SSH2_MSG_NEWKEYS 21 /* 0x15 */
88 #define SSH2_MSG_KEXDH_INIT 30 /* 0x1e */
89 #define SSH2_MSG_KEXDH_REPLY 31 /* 0x1f */
90 #define SSH2_MSG_KEX_DH_GEX_REQUEST 30 /* 0x1e */
91 #define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
92 #define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
93 #define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
94 #define SSH2_MSG_KEXRSA_PUBKEY 30 /* 0x1e */
95 #define SSH2_MSG_KEXRSA_SECRET 31 /* 0x1f */
96 #define SSH2_MSG_KEXRSA_DONE 32 /* 0x20 */
97 #define SSH2_MSG_USERAUTH_REQUEST 50 /* 0x32 */
98 #define SSH2_MSG_USERAUTH_FAILURE 51 /* 0x33 */
99 #define SSH2_MSG_USERAUTH_SUCCESS 52 /* 0x34 */
100 #define SSH2_MSG_USERAUTH_BANNER 53 /* 0x35 */
101 #define SSH2_MSG_USERAUTH_PK_OK 60 /* 0x3c */
102 #define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 /* 0x3c */
103 #define SSH2_MSG_USERAUTH_INFO_REQUEST 60 /* 0x3c */
104 #define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 /* 0x3d */
105 #define SSH2_MSG_GLOBAL_REQUEST 80 /* 0x50 */
106 #define SSH2_MSG_REQUEST_SUCCESS 81 /* 0x51 */
107 #define SSH2_MSG_REQUEST_FAILURE 82 /* 0x52 */
108 #define SSH2_MSG_CHANNEL_OPEN 90 /* 0x5a */
109 #define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 /* 0x5b */
110 #define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 /* 0x5c */
111 #define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 /* 0x5d */
112 #define SSH2_MSG_CHANNEL_DATA 94 /* 0x5e */
113 #define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 /* 0x5f */
114 #define SSH2_MSG_CHANNEL_EOF 96 /* 0x60 */
115 #define SSH2_MSG_CHANNEL_CLOSE 97 /* 0x61 */
116 #define SSH2_MSG_CHANNEL_REQUEST 98 /* 0x62 */
117 #define SSH2_MSG_CHANNEL_SUCCESS 99 /* 0x63 */
118 #define SSH2_MSG_CHANNEL_FAILURE 100 /* 0x64 */
119 #define SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
120 #define SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
121 #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
122 #define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
123 #define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
124 #define SSH2_MSG_USERAUTH_GSSAPI_MIC 66
127 * Packet type contexts, so that ssh2_pkt_type can correctly decode
128 * the ambiguous type numbers back into the correct type strings.
138 SSH2_PKTCTX_PUBLICKEY,
139 SSH2_PKTCTX_PASSWORD,
144 #define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
145 #define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
146 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
147 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
148 #define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
149 #define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
150 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
151 #define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
152 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
153 #define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
154 #define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
155 #define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
156 #define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
157 #define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
158 #define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
160 static const char *const ssh2_disconnect_reasons[] = {
162 "host not allowed to connect",
164 "key exchange failed",
165 "host authentication failed",
168 "service not available",
169 "protocol version not supported",
170 "host key not verifiable",
173 "too many connections",
174 "auth cancelled by user",
175 "no more auth methods available",
179 #define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
180 #define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
181 #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
182 #define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
184 #define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
187 * Various remote-bug flags.
189 #define BUG_CHOKES_ON_SSH1_IGNORE 1
190 #define BUG_SSH2_HMAC 2
191 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
192 #define BUG_CHOKES_ON_RSA 8
193 #define BUG_SSH2_RSA_PADDING 16
194 #define BUG_SSH2_DERIVEKEY 32
195 #define BUG_SSH2_REKEY 64
196 #define BUG_SSH2_PK_SESSIONID 128
197 #define BUG_SSH2_MAXPKT 256
198 #define BUG_CHOKES_ON_SSH2_IGNORE 512
199 #define BUG_CHOKES_ON_WINADJ 1024
202 * Codes for terminal modes.
203 * Most of these are the same in SSH-1 and SSH-2.
204 * This list is derived from RFC 4254 and
207 static const struct {
208 const char* const mode;
210 enum { TTY_OP_CHAR, TTY_OP_BOOL } type;
212 /* "V" prefix discarded for special characters relative to SSH specs */
213 { "INTR", 1, TTY_OP_CHAR },
214 { "QUIT", 2, TTY_OP_CHAR },
215 { "ERASE", 3, TTY_OP_CHAR },
216 { "KILL", 4, TTY_OP_CHAR },
217 { "EOF", 5, TTY_OP_CHAR },
218 { "EOL", 6, TTY_OP_CHAR },
219 { "EOL2", 7, TTY_OP_CHAR },
220 { "START", 8, TTY_OP_CHAR },
221 { "STOP", 9, TTY_OP_CHAR },
222 { "SUSP", 10, TTY_OP_CHAR },
223 { "DSUSP", 11, TTY_OP_CHAR },
224 { "REPRINT", 12, TTY_OP_CHAR },
225 { "WERASE", 13, TTY_OP_CHAR },
226 { "LNEXT", 14, TTY_OP_CHAR },
227 { "FLUSH", 15, TTY_OP_CHAR },
228 { "SWTCH", 16, TTY_OP_CHAR },
229 { "STATUS", 17, TTY_OP_CHAR },
230 { "DISCARD", 18, TTY_OP_CHAR },
231 { "IGNPAR", 30, TTY_OP_BOOL },
232 { "PARMRK", 31, TTY_OP_BOOL },
233 { "INPCK", 32, TTY_OP_BOOL },
234 { "ISTRIP", 33, TTY_OP_BOOL },
235 { "INLCR", 34, TTY_OP_BOOL },
236 { "IGNCR", 35, TTY_OP_BOOL },
237 { "ICRNL", 36, TTY_OP_BOOL },
238 { "IUCLC", 37, TTY_OP_BOOL },
239 { "IXON", 38, TTY_OP_BOOL },
240 { "IXANY", 39, TTY_OP_BOOL },
241 { "IXOFF", 40, TTY_OP_BOOL },
242 { "IMAXBEL", 41, TTY_OP_BOOL },
243 { "ISIG", 50, TTY_OP_BOOL },
244 { "ICANON", 51, TTY_OP_BOOL },
245 { "XCASE", 52, TTY_OP_BOOL },
246 { "ECHO", 53, TTY_OP_BOOL },
247 { "ECHOE", 54, TTY_OP_BOOL },
248 { "ECHOK", 55, TTY_OP_BOOL },
249 { "ECHONL", 56, TTY_OP_BOOL },
250 { "NOFLSH", 57, TTY_OP_BOOL },
251 { "TOSTOP", 58, TTY_OP_BOOL },
252 { "IEXTEN", 59, TTY_OP_BOOL },
253 { "ECHOCTL", 60, TTY_OP_BOOL },
254 { "ECHOKE", 61, TTY_OP_BOOL },
255 { "PENDIN", 62, TTY_OP_BOOL }, /* XXX is this a real mode? */
256 { "OPOST", 70, TTY_OP_BOOL },
257 { "OLCUC", 71, TTY_OP_BOOL },
258 { "ONLCR", 72, TTY_OP_BOOL },
259 { "OCRNL", 73, TTY_OP_BOOL },
260 { "ONOCR", 74, TTY_OP_BOOL },
261 { "ONLRET", 75, TTY_OP_BOOL },
262 { "CS7", 90, TTY_OP_BOOL },
263 { "CS8", 91, TTY_OP_BOOL },
264 { "PARENB", 92, TTY_OP_BOOL },
265 { "PARODD", 93, TTY_OP_BOOL }
268 /* Miscellaneous other tty-related constants. */
269 #define SSH_TTY_OP_END 0
270 /* The opcodes for ISPEED/OSPEED differ between SSH-1 and SSH-2. */
271 #define SSH1_TTY_OP_ISPEED 192
272 #define SSH1_TTY_OP_OSPEED 193
273 #define SSH2_TTY_OP_ISPEED 128
274 #define SSH2_TTY_OP_OSPEED 129
276 /* Helper functions for parsing tty-related config. */
277 static unsigned int ssh_tty_parse_specchar(char *s)
282 ret = ctrlparse(s, &next);
283 if (!next) ret = s[0];
285 ret = 255; /* special value meaning "don't set" */
289 static unsigned int ssh_tty_parse_boolean(char *s)
291 if (stricmp(s, "yes") == 0 ||
292 stricmp(s, "on") == 0 ||
293 stricmp(s, "true") == 0 ||
294 stricmp(s, "+") == 0)
296 else if (stricmp(s, "no") == 0 ||
297 stricmp(s, "off") == 0 ||
298 stricmp(s, "false") == 0 ||
299 stricmp(s, "-") == 0)
300 return 0; /* false */
302 return (atoi(s) != 0);
305 #define translate(x) if (type == x) return #x
306 #define translatek(x,ctx) if (type == x && (pkt_kctx == ctx)) return #x
307 #define translatea(x,ctx) if (type == x && (pkt_actx == ctx)) return #x
308 static char *ssh1_pkt_type(int type)
310 translate(SSH1_MSG_DISCONNECT);
311 translate(SSH1_SMSG_PUBLIC_KEY);
312 translate(SSH1_CMSG_SESSION_KEY);
313 translate(SSH1_CMSG_USER);
314 translate(SSH1_CMSG_AUTH_RSA);
315 translate(SSH1_SMSG_AUTH_RSA_CHALLENGE);
316 translate(SSH1_CMSG_AUTH_RSA_RESPONSE);
317 translate(SSH1_CMSG_AUTH_PASSWORD);
318 translate(SSH1_CMSG_REQUEST_PTY);
319 translate(SSH1_CMSG_WINDOW_SIZE);
320 translate(SSH1_CMSG_EXEC_SHELL);
321 translate(SSH1_CMSG_EXEC_CMD);
322 translate(SSH1_SMSG_SUCCESS);
323 translate(SSH1_SMSG_FAILURE);
324 translate(SSH1_CMSG_STDIN_DATA);
325 translate(SSH1_SMSG_STDOUT_DATA);
326 translate(SSH1_SMSG_STDERR_DATA);
327 translate(SSH1_CMSG_EOF);
328 translate(SSH1_SMSG_EXIT_STATUS);
329 translate(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION);
330 translate(SSH1_MSG_CHANNEL_OPEN_FAILURE);
331 translate(SSH1_MSG_CHANNEL_DATA);
332 translate(SSH1_MSG_CHANNEL_CLOSE);
333 translate(SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION);
334 translate(SSH1_SMSG_X11_OPEN);
335 translate(SSH1_CMSG_PORT_FORWARD_REQUEST);
336 translate(SSH1_MSG_PORT_OPEN);
337 translate(SSH1_CMSG_AGENT_REQUEST_FORWARDING);
338 translate(SSH1_SMSG_AGENT_OPEN);
339 translate(SSH1_MSG_IGNORE);
340 translate(SSH1_CMSG_EXIT_CONFIRMATION);
341 translate(SSH1_CMSG_X11_REQUEST_FORWARDING);
342 translate(SSH1_CMSG_AUTH_RHOSTS_RSA);
343 translate(SSH1_MSG_DEBUG);
344 translate(SSH1_CMSG_REQUEST_COMPRESSION);
345 translate(SSH1_CMSG_AUTH_TIS);
346 translate(SSH1_SMSG_AUTH_TIS_CHALLENGE);
347 translate(SSH1_CMSG_AUTH_TIS_RESPONSE);
348 translate(SSH1_CMSG_AUTH_CCARD);
349 translate(SSH1_SMSG_AUTH_CCARD_CHALLENGE);
350 translate(SSH1_CMSG_AUTH_CCARD_RESPONSE);
353 static char *ssh2_pkt_type(Pkt_KCtx pkt_kctx, Pkt_ACtx pkt_actx, int type)
355 translatea(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE,SSH2_PKTCTX_GSSAPI);
356 translatea(SSH2_MSG_USERAUTH_GSSAPI_TOKEN,SSH2_PKTCTX_GSSAPI);
357 translatea(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,SSH2_PKTCTX_GSSAPI);
358 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERROR,SSH2_PKTCTX_GSSAPI);
359 translatea(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK,SSH2_PKTCTX_GSSAPI);
360 translatea(SSH2_MSG_USERAUTH_GSSAPI_MIC, SSH2_PKTCTX_GSSAPI);
361 translate(SSH2_MSG_DISCONNECT);
362 translate(SSH2_MSG_IGNORE);
363 translate(SSH2_MSG_UNIMPLEMENTED);
364 translate(SSH2_MSG_DEBUG);
365 translate(SSH2_MSG_SERVICE_REQUEST);
366 translate(SSH2_MSG_SERVICE_ACCEPT);
367 translate(SSH2_MSG_KEXINIT);
368 translate(SSH2_MSG_NEWKEYS);
369 translatek(SSH2_MSG_KEXDH_INIT, SSH2_PKTCTX_DHGROUP);
370 translatek(SSH2_MSG_KEXDH_REPLY, SSH2_PKTCTX_DHGROUP);
371 translatek(SSH2_MSG_KEX_DH_GEX_REQUEST, SSH2_PKTCTX_DHGEX);
372 translatek(SSH2_MSG_KEX_DH_GEX_GROUP, SSH2_PKTCTX_DHGEX);
373 translatek(SSH2_MSG_KEX_DH_GEX_INIT, SSH2_PKTCTX_DHGEX);
374 translatek(SSH2_MSG_KEX_DH_GEX_REPLY, SSH2_PKTCTX_DHGEX);
375 translatek(SSH2_MSG_KEXRSA_PUBKEY, SSH2_PKTCTX_RSAKEX);
376 translatek(SSH2_MSG_KEXRSA_SECRET, SSH2_PKTCTX_RSAKEX);
377 translatek(SSH2_MSG_KEXRSA_DONE, SSH2_PKTCTX_RSAKEX);
378 translate(SSH2_MSG_USERAUTH_REQUEST);
379 translate(SSH2_MSG_USERAUTH_FAILURE);
380 translate(SSH2_MSG_USERAUTH_SUCCESS);
381 translate(SSH2_MSG_USERAUTH_BANNER);
382 translatea(SSH2_MSG_USERAUTH_PK_OK, SSH2_PKTCTX_PUBLICKEY);
383 translatea(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, SSH2_PKTCTX_PASSWORD);
384 translatea(SSH2_MSG_USERAUTH_INFO_REQUEST, SSH2_PKTCTX_KBDINTER);
385 translatea(SSH2_MSG_USERAUTH_INFO_RESPONSE, SSH2_PKTCTX_KBDINTER);
386 translate(SSH2_MSG_GLOBAL_REQUEST);
387 translate(SSH2_MSG_REQUEST_SUCCESS);
388 translate(SSH2_MSG_REQUEST_FAILURE);
389 translate(SSH2_MSG_CHANNEL_OPEN);
390 translate(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
391 translate(SSH2_MSG_CHANNEL_OPEN_FAILURE);
392 translate(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
393 translate(SSH2_MSG_CHANNEL_DATA);
394 translate(SSH2_MSG_CHANNEL_EXTENDED_DATA);
395 translate(SSH2_MSG_CHANNEL_EOF);
396 translate(SSH2_MSG_CHANNEL_CLOSE);
397 translate(SSH2_MSG_CHANNEL_REQUEST);
398 translate(SSH2_MSG_CHANNEL_SUCCESS);
399 translate(SSH2_MSG_CHANNEL_FAILURE);
405 /* Enumeration values for fields in SSH-1 packets */
407 PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM,
408 /* These values are for communicating relevant semantics of
409 * fields to the packet logging code. */
410 PKTT_OTHER, PKTT_PASSWORD, PKTT_DATA
414 * Coroutine mechanics for the sillier bits of the code. If these
415 * macros look impenetrable to you, you might find it helpful to
418 * http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
420 * which explains the theory behind these macros.
422 * In particular, if you are getting `case expression not constant'
423 * errors when building with MS Visual Studio, this is because MS's
424 * Edit and Continue debugging feature causes their compiler to
425 * violate ANSI C. To disable Edit and Continue debugging:
427 * - right-click ssh.c in the FileView
429 * - select the C/C++ tab and the General category
430 * - under `Debug info:', select anything _other_ than `Program
431 * Database for Edit and Continue'.
433 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
434 #define crBeginState crBegin(s->crLine)
435 #define crStateP(t, v) \
437 if (!(v)) { s = (v) = snew(struct t); s->crLine = 0; } \
439 #define crState(t) crStateP(t, ssh->t)
440 #define crFinish(z) } *crLine = 0; return (z); }
441 #define crFinishV } *crLine = 0; return; }
442 #define crFinishFree(z) } sfree(s); return (z); }
443 #define crFinishFreeV } sfree(s); return; }
444 #define crReturn(z) \
446 *crLine =__LINE__; return (z); case __LINE__:;\
450 *crLine=__LINE__; return; case __LINE__:;\
452 #define crStop(z) do{ *crLine = 0; return (z); }while(0)
453 #define crStopV do{ *crLine = 0; return; }while(0)
454 #define crWaitUntil(c) do { crReturn(0); } while (!(c))
455 #define crWaitUntilV(c) do { crReturnV; } while (!(c))
457 typedef struct ssh_tag *Ssh;
460 static struct Packet *ssh1_pkt_init(int pkt_type);
461 static struct Packet *ssh2_pkt_init(int pkt_type);
462 static void ssh_pkt_ensure(struct Packet *, int length);
463 static void ssh_pkt_adddata(struct Packet *, void *data, int len);
464 static void ssh_pkt_addbyte(struct Packet *, unsigned char value);
465 static void ssh2_pkt_addbool(struct Packet *, unsigned char value);
466 static void ssh_pkt_adduint32(struct Packet *, unsigned long value);
467 static void ssh_pkt_addstring_start(struct Packet *);
468 static void ssh_pkt_addstring_str(struct Packet *, char *data);
469 static void ssh_pkt_addstring_data(struct Packet *, char *data, int len);
470 static void ssh_pkt_addstring(struct Packet *, char *data);
471 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len);
472 static void ssh1_pkt_addmp(struct Packet *, Bignum b);
473 static void ssh2_pkt_addmp(struct Packet *, Bignum b);
474 static int ssh2_pkt_construct(Ssh, struct Packet *);
475 static void ssh2_pkt_send(Ssh, struct Packet *);
476 static void ssh2_pkt_send_noqueue(Ssh, struct Packet *);
477 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
478 struct Packet *pktin);
479 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
480 struct Packet *pktin);
481 static void ssh2_channel_check_close(struct ssh_channel *c);
482 static void ssh_channel_destroy(struct ssh_channel *c);
485 * Buffer management constants. There are several of these for
486 * various different purposes:
488 * - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
489 * on a local data stream before we throttle the whole SSH
490 * connection (in SSH-1 only). Throttling the whole connection is
491 * pretty drastic so we set this high in the hope it won't
494 * - SSH_MAX_BACKLOG is the amount of backlog that must build up
495 * on the SSH connection itself before we defensively throttle
496 * _all_ local data streams. This is pretty drastic too (though
497 * thankfully unlikely in SSH-2 since the window mechanism should
498 * ensure that the server never has any need to throttle its end
499 * of the connection), so we set this high as well.
501 * - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
504 * - OUR_V2_BIGWIN is the window size we advertise for the only
505 * channel in a simple connection. It must be <= INT_MAX.
507 * - OUR_V2_MAXPKT is the official "maximum packet size" we send
508 * to the remote side. This actually has nothing to do with the
509 * size of the _packet_, but is instead a limit on the amount
510 * of data we're willing to receive in a single SSH2 channel
513 * - OUR_V2_PACKETLIMIT is actually the maximum size of SSH
514 * _packet_ we're prepared to cope with. It must be a multiple
515 * of the cipher block size, and must be at least 35000.
518 #define SSH1_BUFFER_LIMIT 32768
519 #define SSH_MAX_BACKLOG 32768
520 #define OUR_V2_WINSIZE 16384
521 #define OUR_V2_BIGWIN 0x7fffffff
522 #define OUR_V2_MAXPKT 0x4000UL
523 #define OUR_V2_PACKETLIMIT 0x9000UL
525 const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
527 const static struct ssh_mac *macs[] = {
528 &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
530 const static struct ssh_mac *buggymacs[] = {
531 &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5
534 static void *ssh_comp_none_init(void)
538 static void ssh_comp_none_cleanup(void *handle)
541 static int ssh_comp_none_block(void *handle, unsigned char *block, int len,
542 unsigned char **outblock, int *outlen)
546 static int ssh_comp_none_disable(void *handle)
550 const static struct ssh_compress ssh_comp_none = {
552 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
553 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
554 ssh_comp_none_disable, NULL
556 extern const struct ssh_compress ssh_zlib;
557 const static struct ssh_compress *compressions[] = {
558 &ssh_zlib, &ssh_comp_none
561 enum { /* channel types */
566 CHAN_SOCKDATA_DORMANT, /* one the remote hasn't confirmed */
568 * CHAN_ZOMBIE is used to indicate a channel for which we've
569 * already destroyed the local data source: for instance, if a
570 * forwarded port experiences a socket error on the local side, we
571 * immediately destroy its local socket and turn the SSH channel
577 typedef void (*handler_fn_t)(Ssh ssh, struct Packet *pktin);
578 typedef void (*chandler_fn_t)(Ssh ssh, struct Packet *pktin, void *ctx);
579 typedef void (*cchandler_fn_t)(struct ssh_channel *, struct Packet *, void *);
582 * Each channel has a queue of outstanding CHANNEL_REQUESTS and their
585 struct outstanding_channel_request {
586 cchandler_fn_t handler;
588 struct outstanding_channel_request *next;
592 * 2-3-4 tree storing channels.
595 Ssh ssh; /* pointer back to main context */
596 unsigned remoteid, localid;
598 /* True if we opened this channel but server hasn't confirmed. */
601 * In SSH-1, this value contains four bits:
603 * 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
604 * 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
605 * 4 We have received SSH1_MSG_CHANNEL_CLOSE.
606 * 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
608 * A channel is completely finished with when all four bits are set.
610 * In SSH-2, the four bits mean:
612 * 1 We have sent SSH2_MSG_CHANNEL_EOF.
613 * 2 We have sent SSH2_MSG_CHANNEL_CLOSE.
614 * 4 We have received SSH2_MSG_CHANNEL_EOF.
615 * 8 We have received SSH2_MSG_CHANNEL_CLOSE.
617 * A channel is completely finished with when we have both sent
618 * and received CLOSE.
620 * The symbolic constants below use the SSH-2 terminology, which
621 * is a bit confusing in SSH-1, but we have to use _something_.
623 #define CLOSES_SENT_EOF 1
624 #define CLOSES_SENT_CLOSE 2
625 #define CLOSES_RCVD_EOF 4
626 #define CLOSES_RCVD_CLOSE 8
630 * This flag indicates that an EOF is pending on the outgoing side
631 * of the channel: that is, wherever we're getting the data for
632 * this channel has sent us some data followed by EOF. We can't
633 * actually send the EOF until we've finished sending the data, so
634 * we set this flag instead to remind us to do so once our buffer
640 * True if this channel is causing the underlying connection to be
645 struct ssh2_data_channel {
647 unsigned remwindow, remmaxpkt;
648 /* locwindow is signed so we can cope with excess data. */
649 int locwindow, locmaxwin;
651 * remlocwin is the amount of local window that we think
652 * the remote end had available to it after it sent the
653 * last data packet or window adjust ack.
657 * These store the list of channel requests that haven't
660 struct outstanding_channel_request *chanreq_head, *chanreq_tail;
661 enum { THROTTLED, UNTHROTTLING, UNTHROTTLED } throttle_state;
665 struct ssh_agent_channel {
666 unsigned char *message;
667 unsigned char msglen[4];
668 unsigned lensofar, totallen;
669 int outstanding_requests;
671 struct ssh_x11_channel {
674 struct ssh_pfd_channel {
681 * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
682 * use this structure in different ways, reflecting SSH-2's
683 * altogether saner approach to port forwarding.
685 * In SSH-1, you arrange a remote forwarding by sending the server
686 * the remote port number, and the local destination host:port.
687 * When a connection comes in, the server sends you back that
688 * host:port pair, and you connect to it. This is a ready-made
689 * security hole if you're not on the ball: a malicious server
690 * could send you back _any_ host:port pair, so if you trustingly
691 * connect to the address it gives you then you've just opened the
692 * entire inside of your corporate network just by connecting
693 * through it to a dodgy SSH server. Hence, we must store a list of
694 * host:port pairs we _are_ trying to forward to, and reject a
695 * connection request from the server if it's not in the list.
697 * In SSH-2, each side of the connection minds its own business and
698 * doesn't send unnecessary information to the other. You arrange a
699 * remote forwarding by sending the server just the remote port
700 * number. When a connection comes in, the server tells you which
701 * of its ports was connected to; and _you_ have to remember what
702 * local host:port pair went with that port number.
704 * Hence, in SSH-1 this structure is indexed by destination
705 * host:port pair, whereas in SSH-2 it is indexed by source port.
707 struct ssh_portfwd; /* forward declaration */
709 struct ssh_rportfwd {
710 unsigned sport, dport;
713 struct ssh_portfwd *pfrec;
715 #define free_rportfwd(pf) ( \
716 ((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) )
719 * Separately to the rportfwd tree (which is for looking up port
720 * open requests from the server), a tree of _these_ structures is
721 * used to keep track of all the currently open port forwardings,
722 * so that we can reconfigure in mid-session if the user requests
726 enum { DESTROY, KEEP, CREATE } status;
728 unsigned sport, dport;
731 struct ssh_rportfwd *remote;
735 #define free_portfwd(pf) ( \
736 ((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr), \
737 sfree((pf)->sserv), sfree((pf)->dserv)) : (void)0 ), sfree(pf) )
740 long length; /* length of `data' actually used */
741 long forcepad; /* SSH-2: force padding to at least this length */
742 int type; /* only used for incoming packets */
743 unsigned long sequence; /* SSH-2 incoming sequence number */
744 unsigned char *data; /* allocated storage */
745 unsigned char *body; /* offset of payload within `data' */
746 long savedpos; /* temporary index into `data' (for strings) */
747 long maxlen; /* amount of storage allocated for `data' */
748 long encrypted_len; /* for SSH-2 total-size counting */
751 * State associated with packet logging
755 struct logblank_t *blanks;
758 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
759 struct Packet *pktin);
760 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
761 struct Packet *pktin);
762 static void ssh1_protocol_setup(Ssh ssh);
763 static void ssh2_protocol_setup(Ssh ssh);
764 static void ssh_size(void *handle, int width, int height);
765 static void ssh_special(void *handle, Telnet_Special);
766 static int ssh2_try_send(struct ssh_channel *c);
767 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len);
768 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize);
769 static void ssh2_set_window(struct ssh_channel *c, int newwin);
770 static int ssh_sendbuffer(void *handle);
771 static int ssh_do_close(Ssh ssh, int notify_exit);
772 static unsigned long ssh_pkt_getuint32(struct Packet *pkt);
773 static int ssh2_pkt_getbool(struct Packet *pkt);
774 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length);
775 static void ssh2_timer(void *ctx, unsigned long now);
776 static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
777 struct Packet *pktin);
778 static void ssh2_msg_unexpected(Ssh ssh, struct Packet *pktin);
780 struct rdpkt1_state_tag {
781 long len, pad, biglen, to_read;
782 unsigned long realcrc, gotcrc;
786 struct Packet *pktin;
789 struct rdpkt2_state_tag {
790 long len, pad, payload, packetlen, maclen;
793 unsigned long incoming_sequence;
794 struct Packet *pktin;
797 struct queued_handler;
798 struct queued_handler {
800 chandler_fn_t handler;
802 struct queued_handler *next;
806 const struct plug_function_table *fn;
807 /* the above field _must_ be first in the structure */
817 unsigned char session_key[32];
819 int v1_remote_protoflags;
820 int v1_local_protoflags;
821 int agentfwd_enabled;
824 const struct ssh_cipher *cipher;
827 const struct ssh2_cipher *cscipher, *sccipher;
828 void *cs_cipher_ctx, *sc_cipher_ctx;
829 const struct ssh_mac *csmac, *scmac;
830 void *cs_mac_ctx, *sc_mac_ctx;
831 const struct ssh_compress *cscomp, *sccomp;
832 void *cs_comp_ctx, *sc_comp_ctx;
833 const struct ssh_kex *kex;
834 const struct ssh_signkey *hostkey;
835 unsigned char v2_session_id[SSH2_KEX_MAX_HASH_LEN];
836 int v2_session_id_len;
842 int echoing, editing;
846 int ospeed, ispeed; /* temporaries */
847 int term_width, term_height;
849 tree234 *channels; /* indexed by local id */
850 struct ssh_channel *mainchan; /* primary session channel */
851 int ncmode; /* is primary channel direct-tcpip? */
856 tree234 *rportfwds, *portfwds;
860 SSH_STATE_BEFORE_SIZE,
866 int size_needed, eof_needed;
867 int sent_console_eof;
868 int got_pty; /* affects EOF behaviour on main channel */
870 struct Packet **queue;
871 int queuelen, queuesize;
873 unsigned char *deferred_send_data;
874 int deferred_len, deferred_size;
877 * Gross hack: pscp will try to start SFTP but fall back to
878 * scp1 if that fails. This variable is the means by which
879 * scp.c can reach into the SSH code and find out which one it
884 bufchain banner; /* accumulates banners during do_ssh2_authconn */
889 struct X11Display *x11disp;
892 int conn_throttle_count;
895 int v1_stdout_throttling;
896 unsigned long v2_outgoing_sequence;
898 int ssh1_rdpkt_crstate;
899 int ssh2_rdpkt_crstate;
900 int ssh_gotdata_crstate;
901 int do_ssh1_connection_crstate;
903 void *do_ssh_init_state;
904 void *do_ssh1_login_state;
905 void *do_ssh2_transport_state;
906 void *do_ssh2_authconn_state;
908 struct rdpkt1_state_tag rdpkt1_state;
909 struct rdpkt2_state_tag rdpkt2_state;
911 /* SSH-1 and SSH-2 use this for different things, but both use it */
912 int protocol_initial_phase_done;
914 void (*protocol) (Ssh ssh, void *vin, int inlen,
916 struct Packet *(*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
919 * We maintain our own copy of a Conf structure here. That way,
920 * when we're passed a new one for reconfiguration, we can check
921 * the differences and potentially reconfigure port forwardings
922 * etc in mid-session.
927 * Values cached out of conf so as to avoid the tree234 lookup
928 * cost every time they're used.
933 * Dynamically allocated username string created during SSH
934 * login. Stored in here rather than in the coroutine state so
935 * that it'll be reliably freed if we shut down the SSH session
936 * at some unexpected moment.
941 * Used to transfer data back from async callbacks.
943 void *agent_response;
944 int agent_response_len;
948 * The SSH connection can be set as `frozen', meaning we are
949 * not currently accepting incoming data from the network. This
950 * is slightly more serious than setting the _socket_ as
951 * frozen, because we may already have had data passed to us
952 * from the network which we need to delay processing until
953 * after the freeze is lifted, so we also need a bufchain to
957 bufchain queued_incoming_data;
960 * Dispatch table for packet types that we may have to deal
963 handler_fn_t packet_dispatch[256];
966 * Queues of one-off handler functions for success/failure
967 * indications from a request.
969 struct queued_handler *qhead, *qtail;
970 handler_fn_t q_saved_handler1, q_saved_handler2;
973 * This module deals with sending keepalives.
978 * Track incoming and outgoing data sizes and time, for
981 unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
982 unsigned long max_data_size;
984 unsigned long next_rekey, last_rekey;
985 char *deferred_rekey_reason; /* points to STATIC string; don't free */
988 * Fully qualified host name, which we need if doing GSSAPI.
994 * GSSAPI libraries for this session.
996 struct ssh_gss_liblist *gsslibs;
1000 #define logevent(s) logevent(ssh->frontend, s)
1002 /* logevent, only printf-formatted. */
1003 static void logeventf(Ssh ssh, const char *fmt, ...)
1009 buf = dupvprintf(fmt, ap);
1015 static void bomb_out(Ssh ssh, char *text)
1017 ssh_do_close(ssh, FALSE);
1019 connection_fatal(ssh->frontend, "%s", text);
1023 #define bombout(msg) bomb_out(ssh, dupprintf msg)
1025 /* Functions to leave bits out of the SSH packet log file. */
1027 static void dont_log_password(Ssh ssh, struct Packet *pkt, int blanktype)
1029 if (conf_get_int(ssh->conf, CONF_logomitpass))
1030 pkt->logmode = blanktype;
1033 static void dont_log_data(Ssh ssh, struct Packet *pkt, int blanktype)
1035 if (ssh->logomitdata)
1036 pkt->logmode = blanktype;
1039 static void end_log_omission(Ssh ssh, struct Packet *pkt)
1041 pkt->logmode = PKTLOG_EMIT;
1044 /* Helper function for common bits of parsing ttymodes. */
1045 static void parse_ttymodes(Ssh ssh,
1046 void (*do_mode)(void *data, char *mode, char *val),
1051 for (val = conf_get_str_strs(ssh->conf, CONF_ttymodes, NULL, &key);
1053 val = conf_get_str_strs(ssh->conf, CONF_ttymodes, key, &key)) {
1055 * val[0] is either 'V', indicating that an explicit value
1056 * follows it, or 'A' indicating that we should pass the
1057 * value through from the local environment via get_ttymode.
1059 if (val[0] == 'A') {
1060 val = get_ttymode(ssh->frontend, key);
1062 do_mode(data, key, val);
1066 do_mode(data, key, val + 1); /* skip the 'V' */
1070 static int ssh_channelcmp(void *av, void *bv)
1072 struct ssh_channel *a = (struct ssh_channel *) av;
1073 struct ssh_channel *b = (struct ssh_channel *) bv;
1074 if (a->localid < b->localid)
1076 if (a->localid > b->localid)
1080 static int ssh_channelfind(void *av, void *bv)
1082 unsigned *a = (unsigned *) av;
1083 struct ssh_channel *b = (struct ssh_channel *) bv;
1084 if (*a < b->localid)
1086 if (*a > b->localid)
1091 static int ssh_rportcmp_ssh1(void *av, void *bv)
1093 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1094 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1096 if ( (i = strcmp(a->dhost, b->dhost)) != 0)
1097 return i < 0 ? -1 : +1;
1098 if (a->dport > b->dport)
1100 if (a->dport < b->dport)
1105 static int ssh_rportcmp_ssh2(void *av, void *bv)
1107 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
1108 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
1110 if (a->sport > b->sport)
1112 if (a->sport < b->sport)
1118 * Special form of strcmp which can cope with NULL inputs. NULL is
1119 * defined to sort before even the empty string.
1121 static int nullstrcmp(const char *a, const char *b)
1123 if (a == NULL && b == NULL)
1129 return strcmp(a, b);
1132 static int ssh_portcmp(void *av, void *bv)
1134 struct ssh_portfwd *a = (struct ssh_portfwd *) av;
1135 struct ssh_portfwd *b = (struct ssh_portfwd *) bv;
1137 if (a->type > b->type)
1139 if (a->type < b->type)
1141 if (a->addressfamily > b->addressfamily)
1143 if (a->addressfamily < b->addressfamily)
1145 if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0)
1146 return i < 0 ? -1 : +1;
1147 if (a->sport > b->sport)
1149 if (a->sport < b->sport)
1151 if (a->type != 'D') {
1152 if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0)
1153 return i < 0 ? -1 : +1;
1154 if (a->dport > b->dport)
1156 if (a->dport < b->dport)
1162 static int alloc_channel_id(Ssh ssh)
1164 const unsigned CHANNEL_NUMBER_OFFSET = 256;
1165 unsigned low, high, mid;
1167 struct ssh_channel *c;
1170 * First-fit allocation of channel numbers: always pick the
1171 * lowest unused one. To do this, binary-search using the
1172 * counted B-tree to find the largest channel ID which is in a
1173 * contiguous sequence from the beginning. (Precisely
1174 * everything in that sequence must have ID equal to its tree
1175 * index plus CHANNEL_NUMBER_OFFSET.)
1177 tsize = count234(ssh->channels);
1181 while (high - low > 1) {
1182 mid = (high + low) / 2;
1183 c = index234(ssh->channels, mid);
1184 if (c->localid == mid + CHANNEL_NUMBER_OFFSET)
1185 low = mid; /* this one is fine */
1187 high = mid; /* this one is past it */
1190 * Now low points to either -1, or the tree index of the
1191 * largest ID in the initial sequence.
1194 unsigned i = low + 1 + CHANNEL_NUMBER_OFFSET;
1195 assert(NULL == find234(ssh->channels, &i, ssh_channelfind));
1197 return low + 1 + CHANNEL_NUMBER_OFFSET;
1200 static void c_write_stderr(int trusted, const char *buf, int len)
1203 for (i = 0; i < len; i++)
1204 if (buf[i] != '\r' && (trusted || buf[i] == '\n' || (buf[i] & 0x60)))
1205 fputc(buf[i], stderr);
1208 static void c_write(Ssh ssh, const char *buf, int len)
1210 if (flags & FLAG_STDERR)
1211 c_write_stderr(1, buf, len);
1213 from_backend(ssh->frontend, 1, buf, len);
1216 static void c_write_untrusted(Ssh ssh, const char *buf, int len)
1218 if (flags & FLAG_STDERR)
1219 c_write_stderr(0, buf, len);
1221 from_backend_untrusted(ssh->frontend, buf, len);
1224 static void c_write_str(Ssh ssh, const char *buf)
1226 c_write(ssh, buf, strlen(buf));
1229 static void ssh_free_packet(struct Packet *pkt)
1234 static struct Packet *ssh_new_packet(void)
1236 struct Packet *pkt = snew(struct Packet);
1238 pkt->body = pkt->data = NULL;
1240 pkt->logmode = PKTLOG_EMIT;
1248 * Collect incoming data in the incoming packet buffer.
1249 * Decipher and verify the packet when it is completely read.
1250 * Drop SSH1_MSG_DEBUG and SSH1_MSG_IGNORE packets.
1251 * Update the *data and *datalen variables.
1252 * Return a Packet structure when a packet is completed.
1254 static struct Packet *ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1256 struct rdpkt1_state_tag *st = &ssh->rdpkt1_state;
1258 crBegin(ssh->ssh1_rdpkt_crstate);
1260 st->pktin = ssh_new_packet();
1262 st->pktin->type = 0;
1263 st->pktin->length = 0;
1265 for (st->i = st->len = 0; st->i < 4; st->i++) {
1266 while ((*datalen) == 0)
1268 st->len = (st->len << 8) + **data;
1269 (*data)++, (*datalen)--;
1272 st->pad = 8 - (st->len % 8);
1273 st->biglen = st->len + st->pad;
1274 st->pktin->length = st->len - 5;
1276 if (st->biglen < 0) {
1277 bombout(("Extremely large packet length from server suggests"
1278 " data stream corruption"));
1279 ssh_free_packet(st->pktin);
1283 st->pktin->maxlen = st->biglen;
1284 st->pktin->data = snewn(st->biglen + APIEXTRA, unsigned char);
1286 st->to_read = st->biglen;
1287 st->p = st->pktin->data;
1288 while (st->to_read > 0) {
1289 st->chunk = st->to_read;
1290 while ((*datalen) == 0)
1292 if (st->chunk > (*datalen))
1293 st->chunk = (*datalen);
1294 memcpy(st->p, *data, st->chunk);
1296 *datalen -= st->chunk;
1298 st->to_read -= st->chunk;
1301 if (ssh->cipher && detect_attack(ssh->crcda_ctx, st->pktin->data,
1302 st->biglen, NULL)) {
1303 bombout(("Network attack (CRC compensation) detected!"));
1304 ssh_free_packet(st->pktin);
1309 ssh->cipher->decrypt(ssh->v1_cipher_ctx, st->pktin->data, st->biglen);
1311 st->realcrc = crc32_compute(st->pktin->data, st->biglen - 4);
1312 st->gotcrc = GET_32BIT(st->pktin->data + st->biglen - 4);
1313 if (st->gotcrc != st->realcrc) {
1314 bombout(("Incorrect CRC received on packet"));
1315 ssh_free_packet(st->pktin);
1319 st->pktin->body = st->pktin->data + st->pad + 1;
1320 st->pktin->savedpos = 0;
1322 if (ssh->v1_compressing) {
1323 unsigned char *decompblk;
1325 if (!zlib_decompress_block(ssh->sc_comp_ctx,
1326 st->pktin->body - 1, st->pktin->length + 1,
1327 &decompblk, &decomplen)) {
1328 bombout(("Zlib decompression encountered invalid data"));
1329 ssh_free_packet(st->pktin);
1333 if (st->pktin->maxlen < st->pad + decomplen) {
1334 st->pktin->maxlen = st->pad + decomplen;
1335 st->pktin->data = sresize(st->pktin->data,
1336 st->pktin->maxlen + APIEXTRA,
1338 st->pktin->body = st->pktin->data + st->pad + 1;
1341 memcpy(st->pktin->body - 1, decompblk, decomplen);
1343 st->pktin->length = decomplen - 1;
1346 st->pktin->type = st->pktin->body[-1];
1349 * Log incoming packet, possibly omitting sensitive fields.
1353 struct logblank_t blank;
1354 if (ssh->logomitdata) {
1355 int do_blank = FALSE, blank_prefix = 0;
1356 /* "Session data" packets - omit the data field */
1357 if ((st->pktin->type == SSH1_SMSG_STDOUT_DATA) ||
1358 (st->pktin->type == SSH1_SMSG_STDERR_DATA)) {
1359 do_blank = TRUE; blank_prefix = 4;
1360 } else if (st->pktin->type == SSH1_MSG_CHANNEL_DATA) {
1361 do_blank = TRUE; blank_prefix = 8;
1364 blank.offset = blank_prefix;
1365 blank.len = st->pktin->length;
1366 blank.type = PKTLOG_OMIT;
1370 log_packet(ssh->logctx,
1371 PKT_INCOMING, st->pktin->type,
1372 ssh1_pkt_type(st->pktin->type),
1373 st->pktin->body, st->pktin->length,
1374 nblanks, &blank, NULL);
1377 crFinish(st->pktin);
1380 static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1382 struct rdpkt2_state_tag *st = &ssh->rdpkt2_state;
1384 crBegin(ssh->ssh2_rdpkt_crstate);
1386 st->pktin = ssh_new_packet();
1388 st->pktin->type = 0;
1389 st->pktin->length = 0;
1391 st->cipherblk = ssh->sccipher->blksize;
1394 if (st->cipherblk < 8)
1396 st->maclen = ssh->scmac ? ssh->scmac->len : 0;
1398 if (ssh->sccipher && (ssh->sccipher->flags & SSH_CIPHER_IS_CBC) &&
1401 * When dealing with a CBC-mode cipher, we want to avoid the
1402 * possibility of an attacker's tweaking the ciphertext stream
1403 * so as to cause us to feed the same block to the block
1404 * cipher more than once and thus leak information
1405 * (VU#958563). The way we do this is not to take any
1406 * decisions on the basis of anything we've decrypted until
1407 * we've verified it with a MAC. That includes the packet
1408 * length, so we just read data and check the MAC repeatedly,
1409 * and when the MAC passes, see if the length we've got is
1413 /* May as well allocate the whole lot now. */
1414 st->pktin->data = snewn(OUR_V2_PACKETLIMIT + st->maclen + APIEXTRA,
1417 /* Read an amount corresponding to the MAC. */
1418 for (st->i = 0; st->i < st->maclen; st->i++) {
1419 while ((*datalen) == 0)
1421 st->pktin->data[st->i] = *(*data)++;
1427 unsigned char seq[4];
1428 ssh->scmac->start(ssh->sc_mac_ctx);
1429 PUT_32BIT(seq, st->incoming_sequence);
1430 ssh->scmac->bytes(ssh->sc_mac_ctx, seq, 4);
1433 for (;;) { /* Once around this loop per cipher block. */
1434 /* Read another cipher-block's worth, and tack it onto the end. */
1435 for (st->i = 0; st->i < st->cipherblk; st->i++) {
1436 while ((*datalen) == 0)
1438 st->pktin->data[st->packetlen+st->maclen+st->i] = *(*data)++;
1441 /* Decrypt one more block (a little further back in the stream). */
1442 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1443 st->pktin->data + st->packetlen,
1445 /* Feed that block to the MAC. */
1446 ssh->scmac->bytes(ssh->sc_mac_ctx,
1447 st->pktin->data + st->packetlen, st->cipherblk);
1448 st->packetlen += st->cipherblk;
1449 /* See if that gives us a valid packet. */
1450 if (ssh->scmac->verresult(ssh->sc_mac_ctx,
1451 st->pktin->data + st->packetlen) &&
1452 (st->len = GET_32BIT(st->pktin->data)) + 4 == st->packetlen)
1454 if (st->packetlen >= OUR_V2_PACKETLIMIT) {
1455 bombout(("No valid incoming packet found"));
1456 ssh_free_packet(st->pktin);
1460 st->pktin->maxlen = st->packetlen + st->maclen;
1461 st->pktin->data = sresize(st->pktin->data,
1462 st->pktin->maxlen + APIEXTRA,
1465 st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char);
1468 * Acquire and decrypt the first block of the packet. This will
1469 * contain the length and padding details.
1471 for (st->i = st->len = 0; st->i < st->cipherblk; st->i++) {
1472 while ((*datalen) == 0)
1474 st->pktin->data[st->i] = *(*data)++;
1479 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1480 st->pktin->data, st->cipherblk);
1483 * Now get the length figure.
1485 st->len = GET_32BIT(st->pktin->data);
1488 * _Completely_ silly lengths should be stomped on before they
1489 * do us any more damage.
1491 if (st->len < 0 || st->len > OUR_V2_PACKETLIMIT ||
1492 (st->len + 4) % st->cipherblk != 0) {
1493 bombout(("Incoming packet was garbled on decryption"));
1494 ssh_free_packet(st->pktin);
1499 * So now we can work out the total packet length.
1501 st->packetlen = st->len + 4;
1504 * Allocate memory for the rest of the packet.
1506 st->pktin->maxlen = st->packetlen + st->maclen;
1507 st->pktin->data = sresize(st->pktin->data,
1508 st->pktin->maxlen + APIEXTRA,
1512 * Read and decrypt the remainder of the packet.
1514 for (st->i = st->cipherblk; st->i < st->packetlen + st->maclen;
1516 while ((*datalen) == 0)
1518 st->pktin->data[st->i] = *(*data)++;
1521 /* Decrypt everything _except_ the MAC. */
1523 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1524 st->pktin->data + st->cipherblk,
1525 st->packetlen - st->cipherblk);
1531 && !ssh->scmac->verify(ssh->sc_mac_ctx, st->pktin->data,
1532 st->len + 4, st->incoming_sequence)) {
1533 bombout(("Incorrect MAC received on packet"));
1534 ssh_free_packet(st->pktin);
1538 /* Get and sanity-check the amount of random padding. */
1539 st->pad = st->pktin->data[4];
1540 if (st->pad < 4 || st->len - st->pad < 1) {
1541 bombout(("Invalid padding length on received packet"));
1542 ssh_free_packet(st->pktin);
1546 * This enables us to deduce the payload length.
1548 st->payload = st->len - st->pad - 1;
1550 st->pktin->length = st->payload + 5;
1551 st->pktin->encrypted_len = st->packetlen;
1553 st->pktin->sequence = st->incoming_sequence++;
1556 * Decompress packet payload.
1559 unsigned char *newpayload;
1562 ssh->sccomp->decompress(ssh->sc_comp_ctx,
1563 st->pktin->data + 5, st->pktin->length - 5,
1564 &newpayload, &newlen)) {
1565 if (st->pktin->maxlen < newlen + 5) {
1566 st->pktin->maxlen = newlen + 5;
1567 st->pktin->data = sresize(st->pktin->data,
1568 st->pktin->maxlen + APIEXTRA,
1571 st->pktin->length = 5 + newlen;
1572 memcpy(st->pktin->data + 5, newpayload, newlen);
1577 st->pktin->savedpos = 6;
1578 st->pktin->body = st->pktin->data;
1579 st->pktin->type = st->pktin->data[5];
1582 * Log incoming packet, possibly omitting sensitive fields.
1586 struct logblank_t blank;
1587 if (ssh->logomitdata) {
1588 int do_blank = FALSE, blank_prefix = 0;
1589 /* "Session data" packets - omit the data field */
1590 if (st->pktin->type == SSH2_MSG_CHANNEL_DATA) {
1591 do_blank = TRUE; blank_prefix = 8;
1592 } else if (st->pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA) {
1593 do_blank = TRUE; blank_prefix = 12;
1596 blank.offset = blank_prefix;
1597 blank.len = (st->pktin->length-6) - blank_prefix;
1598 blank.type = PKTLOG_OMIT;
1602 log_packet(ssh->logctx, PKT_INCOMING, st->pktin->type,
1603 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
1605 st->pktin->data+6, st->pktin->length-6,
1606 nblanks, &blank, &st->pktin->sequence);
1609 crFinish(st->pktin);
1612 static int s_wrpkt_prepare(Ssh ssh, struct Packet *pkt, int *offset_p)
1614 int pad, biglen, i, pktoffs;
1618 * XXX various versions of SC (including 8.8.4) screw up the
1619 * register allocation in this function and use the same register
1620 * (D6) for len and as a temporary, with predictable results. The
1621 * following sledgehammer prevents this.
1628 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[12],
1629 ssh1_pkt_type(pkt->data[12]),
1630 pkt->body, pkt->length - (pkt->body - pkt->data),
1631 pkt->nblanks, pkt->blanks, NULL);
1632 sfree(pkt->blanks); pkt->blanks = NULL;
1635 if (ssh->v1_compressing) {
1636 unsigned char *compblk;
1638 zlib_compress_block(ssh->cs_comp_ctx,
1639 pkt->data + 12, pkt->length - 12,
1640 &compblk, &complen);
1641 ssh_pkt_ensure(pkt, complen + 2); /* just in case it's got bigger */
1642 memcpy(pkt->data + 12, compblk, complen);
1644 pkt->length = complen + 12;
1647 ssh_pkt_ensure(pkt, pkt->length + 4); /* space for CRC */
1649 len = pkt->length - 4 - 8; /* len(type+data+CRC) */
1650 pad = 8 - (len % 8);
1652 biglen = len + pad; /* len(padding+type+data+CRC) */
1654 for (i = pktoffs; i < 4+8; i++)
1655 pkt->data[i] = random_byte();
1656 crc = crc32_compute(pkt->data + pktoffs + 4, biglen - 4); /* all ex len */
1657 PUT_32BIT(pkt->data + pktoffs + 4 + biglen - 4, crc);
1658 PUT_32BIT(pkt->data + pktoffs, len);
1661 ssh->cipher->encrypt(ssh->v1_cipher_ctx,
1662 pkt->data + pktoffs + 4, biglen);
1664 if (offset_p) *offset_p = pktoffs;
1665 return biglen + 4; /* len(length+padding+type+data+CRC) */
1668 static int s_write(Ssh ssh, void *data, int len)
1671 log_packet(ssh->logctx, PKT_OUTGOING, -1, NULL, data, len,
1673 return sk_write(ssh->s, (char *)data, len);
1676 static void s_wrpkt(Ssh ssh, struct Packet *pkt)
1678 int len, backlog, offset;
1679 len = s_wrpkt_prepare(ssh, pkt, &offset);
1680 backlog = s_write(ssh, pkt->data + offset, len);
1681 if (backlog > SSH_MAX_BACKLOG)
1682 ssh_throttle_all(ssh, 1, backlog);
1683 ssh_free_packet(pkt);
1686 static void s_wrpkt_defer(Ssh ssh, struct Packet *pkt)
1689 len = s_wrpkt_prepare(ssh, pkt, &offset);
1690 if (ssh->deferred_len + len > ssh->deferred_size) {
1691 ssh->deferred_size = ssh->deferred_len + len + 128;
1692 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
1696 memcpy(ssh->deferred_send_data + ssh->deferred_len,
1697 pkt->data + offset, len);
1698 ssh->deferred_len += len;
1699 ssh_free_packet(pkt);
1703 * Construct a SSH-1 packet with the specified contents.
1704 * (This all-at-once interface used to be the only one, but now SSH-1
1705 * packets can also be constructed incrementally.)
1707 static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
1713 pkt = ssh1_pkt_init(pkttype);
1715 while ((argtype = va_arg(ap, int)) != PKT_END) {
1716 unsigned char *argp, argchar;
1718 unsigned long argint;
1721 /* Actual fields in the packet */
1723 argint = va_arg(ap, int);
1724 ssh_pkt_adduint32(pkt, argint);
1727 argchar = (unsigned char) va_arg(ap, int);
1728 ssh_pkt_addbyte(pkt, argchar);
1731 argp = va_arg(ap, unsigned char *);
1732 arglen = va_arg(ap, int);
1733 ssh_pkt_adddata(pkt, argp, arglen);
1736 sargp = va_arg(ap, char *);
1737 ssh_pkt_addstring(pkt, sargp);
1740 bn = va_arg(ap, Bignum);
1741 ssh1_pkt_addmp(pkt, bn);
1743 /* Tokens for modifications to packet logging */
1745 dont_log_password(ssh, pkt, PKTLOG_BLANK);
1748 dont_log_data(ssh, pkt, PKTLOG_OMIT);
1751 end_log_omission(ssh, pkt);
1759 static void send_packet(Ssh ssh, int pkttype, ...)
1763 va_start(ap, pkttype);
1764 pkt = construct_packet(ssh, pkttype, ap);
1769 static void defer_packet(Ssh ssh, int pkttype, ...)
1773 va_start(ap, pkttype);
1774 pkt = construct_packet(ssh, pkttype, ap);
1776 s_wrpkt_defer(ssh, pkt);
1779 static int ssh_versioncmp(char *a, char *b)
1782 unsigned long av, bv;
1784 av = strtoul(a, &ae, 10);
1785 bv = strtoul(b, &be, 10);
1787 return (av < bv ? -1 : +1);
1792 av = strtoul(ae, &ae, 10);
1793 bv = strtoul(be, &be, 10);
1795 return (av < bv ? -1 : +1);
1800 * Utility routines for putting an SSH-protocol `string' and
1801 * `uint32' into a hash state.
1803 static void hash_string(const struct ssh_hash *h, void *s, void *str, int len)
1805 unsigned char lenblk[4];
1806 PUT_32BIT(lenblk, len);
1807 h->bytes(s, lenblk, 4);
1808 h->bytes(s, str, len);
1811 static void hash_uint32(const struct ssh_hash *h, void *s, unsigned i)
1813 unsigned char intblk[4];
1814 PUT_32BIT(intblk, i);
1815 h->bytes(s, intblk, 4);
1819 * Packet construction functions. Mostly shared between SSH-1 and SSH-2.
1821 static void ssh_pkt_ensure(struct Packet *pkt, int length)
1823 if (pkt->maxlen < length) {
1824 unsigned char *body = pkt->body;
1825 int offset = body ? body - pkt->data : 0;
1826 pkt->maxlen = length + 256;
1827 pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char);
1828 if (body) pkt->body = pkt->data + offset;
1831 static void ssh_pkt_adddata(struct Packet *pkt, void *data, int len)
1833 if (pkt->logmode != PKTLOG_EMIT) {
1835 pkt->blanks = sresize(pkt->blanks, pkt->nblanks, struct logblank_t);
1837 pkt->blanks[pkt->nblanks-1].offset = pkt->length -
1838 (pkt->body - pkt->data);
1839 pkt->blanks[pkt->nblanks-1].len = len;
1840 pkt->blanks[pkt->nblanks-1].type = pkt->logmode;
1843 ssh_pkt_ensure(pkt, pkt->length);
1844 memcpy(pkt->data + pkt->length - len, data, len);
1846 static void ssh_pkt_addbyte(struct Packet *pkt, unsigned char byte)
1848 ssh_pkt_adddata(pkt, &byte, 1);
1850 static void ssh2_pkt_addbool(struct Packet *pkt, unsigned char value)
1852 ssh_pkt_adddata(pkt, &value, 1);
1854 static void ssh_pkt_adduint32(struct Packet *pkt, unsigned long value)
1857 PUT_32BIT(x, value);
1858 ssh_pkt_adddata(pkt, x, 4);
1860 static void ssh_pkt_addstring_start(struct Packet *pkt)
1862 ssh_pkt_adduint32(pkt, 0);
1863 pkt->savedpos = pkt->length;
1865 static void ssh_pkt_addstring_str(struct Packet *pkt, char *data)
1867 ssh_pkt_adddata(pkt, data, strlen(data));
1868 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1870 static void ssh_pkt_addstring_data(struct Packet *pkt, char *data, int len)
1872 ssh_pkt_adddata(pkt, data, len);
1873 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1875 static void ssh_pkt_addstring(struct Packet *pkt, char *data)
1877 ssh_pkt_addstring_start(pkt);
1878 ssh_pkt_addstring_str(pkt, data);
1880 static void ssh1_pkt_addmp(struct Packet *pkt, Bignum b)
1882 int len = ssh1_bignum_length(b);
1883 unsigned char *data = snewn(len, unsigned char);
1884 (void) ssh1_write_bignum(data, b);
1885 ssh_pkt_adddata(pkt, data, len);
1888 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len)
1891 int i, n = (bignum_bitcount(b) + 7) / 8;
1892 p = snewn(n + 1, unsigned char);
1894 for (i = 1; i <= n; i++)
1895 p[i] = bignum_byte(b, n - i);
1897 while (i <= n && p[i] == 0 && (p[i + 1] & 0x80) == 0)
1899 memmove(p, p + i, n + 1 - i);
1903 static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
1907 p = ssh2_mpint_fmt(b, &len);
1908 ssh_pkt_addstring_start(pkt);
1909 ssh_pkt_addstring_data(pkt, (char *)p, len);
1913 static struct Packet *ssh1_pkt_init(int pkt_type)
1915 struct Packet *pkt = ssh_new_packet();
1916 pkt->length = 4 + 8; /* space for length + max padding */
1917 ssh_pkt_addbyte(pkt, pkt_type);
1918 pkt->body = pkt->data + pkt->length;
1922 /* For legacy code (SSH-1 and -2 packet construction used to be separate) */
1923 #define ssh2_pkt_ensure(pkt, length) ssh_pkt_ensure(pkt, length)
1924 #define ssh2_pkt_adddata(pkt, data, len) ssh_pkt_adddata(pkt, data, len)
1925 #define ssh2_pkt_addbyte(pkt, byte) ssh_pkt_addbyte(pkt, byte)
1926 #define ssh2_pkt_adduint32(pkt, value) ssh_pkt_adduint32(pkt, value)
1927 #define ssh2_pkt_addstring_start(pkt) ssh_pkt_addstring_start(pkt)
1928 #define ssh2_pkt_addstring_str(pkt, data) ssh_pkt_addstring_str(pkt, data)
1929 #define ssh2_pkt_addstring_data(pkt, data, len) ssh_pkt_addstring_data(pkt, data, len)
1930 #define ssh2_pkt_addstring(pkt, data) ssh_pkt_addstring(pkt, data)
1932 static struct Packet *ssh2_pkt_init(int pkt_type)
1934 struct Packet *pkt = ssh_new_packet();
1935 pkt->length = 5; /* space for packet length + padding length */
1937 ssh_pkt_addbyte(pkt, (unsigned char) pkt_type);
1938 pkt->body = pkt->data + pkt->length; /* after packet type */
1943 * Construct an SSH-2 final-form packet: compress it, encrypt it,
1944 * put the MAC on it. Final packet, ready to be sent, is stored in
1945 * pkt->data. Total length is returned.
1947 static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
1949 int cipherblk, maclen, padding, i;
1952 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[5],
1953 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx, pkt->data[5]),
1954 pkt->body, pkt->length - (pkt->body - pkt->data),
1955 pkt->nblanks, pkt->blanks, &ssh->v2_outgoing_sequence);
1956 sfree(pkt->blanks); pkt->blanks = NULL;
1960 * Compress packet payload.
1963 unsigned char *newpayload;
1966 ssh->cscomp->compress(ssh->cs_comp_ctx, pkt->data + 5,
1968 &newpayload, &newlen)) {
1970 ssh2_pkt_adddata(pkt, newpayload, newlen);
1976 * Add padding. At least four bytes, and must also bring total
1977 * length (minus MAC) up to a multiple of the block size.
1978 * If pkt->forcepad is set, make sure the packet is at least that size
1981 cipherblk = ssh->cscipher ? ssh->cscipher->blksize : 8; /* block size */
1982 cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */
1984 if (pkt->length + padding < pkt->forcepad)
1985 padding = pkt->forcepad - pkt->length;
1987 (cipherblk - (pkt->length + padding) % cipherblk) % cipherblk;
1988 assert(padding <= 255);
1989 maclen = ssh->csmac ? ssh->csmac->len : 0;
1990 ssh2_pkt_ensure(pkt, pkt->length + padding + maclen);
1991 pkt->data[4] = padding;
1992 for (i = 0; i < padding; i++)
1993 pkt->data[pkt->length + i] = random_byte();
1994 PUT_32BIT(pkt->data, pkt->length + padding - 4);
1996 ssh->csmac->generate(ssh->cs_mac_ctx, pkt->data,
1997 pkt->length + padding,
1998 ssh->v2_outgoing_sequence);
1999 ssh->v2_outgoing_sequence++; /* whether or not we MACed */
2002 ssh->cscipher->encrypt(ssh->cs_cipher_ctx,
2003 pkt->data, pkt->length + padding);
2005 pkt->encrypted_len = pkt->length + padding;
2007 /* Ready-to-send packet starts at pkt->data. We return length. */
2008 return pkt->length + padding + maclen;
2012 * Routines called from the main SSH code to send packets. There
2013 * are quite a few of these, because we have two separate
2014 * mechanisms for delaying the sending of packets:
2016 * - In order to send an IGNORE message and a password message in
2017 * a single fixed-length blob, we require the ability to
2018 * concatenate the encrypted forms of those two packets _into_ a
2019 * single blob and then pass it to our <network.h> transport
2020 * layer in one go. Hence, there's a deferment mechanism which
2021 * works after packet encryption.
2023 * - In order to avoid sending any connection-layer messages
2024 * during repeat key exchange, we have to queue up any such
2025 * outgoing messages _before_ they are encrypted (and in
2026 * particular before they're allocated sequence numbers), and
2027 * then send them once we've finished.
2029 * I call these mechanisms `defer' and `queue' respectively, so as
2030 * to distinguish them reasonably easily.
2032 * The functions send_noqueue() and defer_noqueue() free the packet
2033 * structure they are passed. Every outgoing packet goes through
2034 * precisely one of these functions in its life; packets passed to
2035 * ssh2_pkt_send() or ssh2_pkt_defer() either go straight to one of
2036 * these or get queued, and then when the queue is later emptied
2037 * the packets are all passed to defer_noqueue().
2039 * When using a CBC-mode cipher, it's necessary to ensure that an
2040 * attacker can't provide data to be encrypted using an IV that they
2041 * know. We ensure this by prefixing each packet that might contain
2042 * user data with an SSH_MSG_IGNORE. This is done using the deferral
2043 * mechanism, so in this case send_noqueue() ends up redirecting to
2044 * defer_noqueue(). If you don't like this inefficiency, don't use
2048 static void ssh2_pkt_defer_noqueue(Ssh, struct Packet *, int);
2049 static void ssh_pkt_defersend(Ssh);
2052 * Send an SSH-2 packet immediately, without queuing or deferring.
2054 static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
2058 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC)) {
2059 /* We need to send two packets, so use the deferral mechanism. */
2060 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
2061 ssh_pkt_defersend(ssh);
2064 len = ssh2_pkt_construct(ssh, pkt);
2065 backlog = s_write(ssh, pkt->data, len);
2066 if (backlog > SSH_MAX_BACKLOG)
2067 ssh_throttle_all(ssh, 1, backlog);
2069 ssh->outgoing_data_size += pkt->encrypted_len;
2070 if (!ssh->kex_in_progress &&
2071 ssh->max_data_size != 0 &&
2072 ssh->outgoing_data_size > ssh->max_data_size)
2073 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
2075 ssh_free_packet(pkt);
2079 * Defer an SSH-2 packet.
2081 static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)
2084 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC) &&
2085 ssh->deferred_len == 0 && !noignore &&
2086 !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
2088 * Interpose an SSH_MSG_IGNORE to ensure that user data don't
2089 * get encrypted with a known IV.
2091 struct Packet *ipkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2092 ssh2_pkt_addstring_start(ipkt);
2093 ssh2_pkt_defer_noqueue(ssh, ipkt, TRUE);
2095 len = ssh2_pkt_construct(ssh, pkt);
2096 if (ssh->deferred_len + len > ssh->deferred_size) {
2097 ssh->deferred_size = ssh->deferred_len + len + 128;
2098 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
2102 memcpy(ssh->deferred_send_data + ssh->deferred_len, pkt->data, len);
2103 ssh->deferred_len += len;
2104 ssh->deferred_data_size += pkt->encrypted_len;
2105 ssh_free_packet(pkt);
2109 * Queue an SSH-2 packet.
2111 static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
2113 assert(ssh->queueing);
2115 if (ssh->queuelen >= ssh->queuesize) {
2116 ssh->queuesize = ssh->queuelen + 32;
2117 ssh->queue = sresize(ssh->queue, ssh->queuesize, struct Packet *);
2120 ssh->queue[ssh->queuelen++] = pkt;
2124 * Either queue or send a packet, depending on whether queueing is
2127 static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt)
2130 ssh2_pkt_queue(ssh, pkt);
2132 ssh2_pkt_send_noqueue(ssh, pkt);
2136 * Either queue or defer a packet, depending on whether queueing is
2139 static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
2142 ssh2_pkt_queue(ssh, pkt);
2144 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
2148 * Send the whole deferred data block constructed by
2149 * ssh2_pkt_defer() or SSH-1's defer_packet().
2151 * The expected use of the defer mechanism is that you call
2152 * ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
2153 * not currently queueing, this simply sets up deferred_send_data
2154 * and then sends it. If we _are_ currently queueing, the calls to
2155 * ssh2_pkt_defer() put the deferred packets on to the queue
2156 * instead, and therefore ssh_pkt_defersend() has no deferred data
2157 * to send. Hence, there's no need to make it conditional on
2160 static void ssh_pkt_defersend(Ssh ssh)
2163 backlog = s_write(ssh, ssh->deferred_send_data, ssh->deferred_len);
2164 ssh->deferred_len = ssh->deferred_size = 0;
2165 sfree(ssh->deferred_send_data);
2166 ssh->deferred_send_data = NULL;
2167 if (backlog > SSH_MAX_BACKLOG)
2168 ssh_throttle_all(ssh, 1, backlog);
2170 ssh->outgoing_data_size += ssh->deferred_data_size;
2171 if (!ssh->kex_in_progress &&
2172 ssh->max_data_size != 0 &&
2173 ssh->outgoing_data_size > ssh->max_data_size)
2174 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
2175 ssh->deferred_data_size = 0;
2179 * Send a packet whose length needs to be disguised (typically
2180 * passwords or keyboard-interactive responses).
2182 static void ssh2_pkt_send_with_padding(Ssh ssh, struct Packet *pkt,
2188 * The simplest way to do this is to adjust the
2189 * variable-length padding field in the outgoing packet.
2191 * Currently compiled out, because some Cisco SSH servers
2192 * don't like excessively padded packets (bah, why's it
2195 pkt->forcepad = padsize;
2196 ssh2_pkt_send(ssh, pkt);
2201 * If we can't do that, however, an alternative approach is
2202 * to use the pkt_defer mechanism to bundle the packet
2203 * tightly together with an SSH_MSG_IGNORE such that their
2204 * combined length is a constant. So first we construct the
2205 * final form of this packet and defer its sending.
2207 ssh2_pkt_defer(ssh, pkt);
2210 * Now construct an SSH_MSG_IGNORE which includes a string
2211 * that's an exact multiple of the cipher block size. (If
2212 * the cipher is NULL so that the block size is
2213 * unavailable, we don't do this trick at all, because we
2214 * gain nothing by it.)
2216 if (ssh->cscipher &&
2217 !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
2220 stringlen = (256 - ssh->deferred_len);
2221 stringlen += ssh->cscipher->blksize - 1;
2222 stringlen -= (stringlen % ssh->cscipher->blksize);
2225 * Temporarily disable actual compression, so we
2226 * can guarantee to get this string exactly the
2227 * length we want it. The compression-disabling
2228 * routine should return an integer indicating how
2229 * many bytes we should adjust our string length
2233 ssh->cscomp->disable_compression(ssh->cs_comp_ctx);
2235 pkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
2236 ssh2_pkt_addstring_start(pkt);
2237 for (i = 0; i < stringlen; i++) {
2238 char c = (char) random_byte();
2239 ssh2_pkt_addstring_data(pkt, &c, 1);
2241 ssh2_pkt_defer(ssh, pkt);
2243 ssh_pkt_defersend(ssh);
2248 * Send all queued SSH-2 packets. We send them by means of
2249 * ssh2_pkt_defer_noqueue(), in case they included a pair of
2250 * packets that needed to be lumped together.
2252 static void ssh2_pkt_queuesend(Ssh ssh)
2256 assert(!ssh->queueing);
2258 for (i = 0; i < ssh->queuelen; i++)
2259 ssh2_pkt_defer_noqueue(ssh, ssh->queue[i], FALSE);
2262 ssh_pkt_defersend(ssh);
2266 void bndebug(char *string, Bignum b)
2270 p = ssh2_mpint_fmt(b, &len);
2271 debug(("%s", string));
2272 for (i = 0; i < len; i++)
2273 debug((" %02x", p[i]));
2279 static void hash_mpint(const struct ssh_hash *h, void *s, Bignum b)
2283 p = ssh2_mpint_fmt(b, &len);
2284 hash_string(h, s, p, len);
2289 * Packet decode functions for both SSH-1 and SSH-2.
2291 static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
2293 unsigned long value;
2294 if (pkt->length - pkt->savedpos < 4)
2295 return 0; /* arrgh, no way to decline (FIXME?) */
2296 value = GET_32BIT(pkt->body + pkt->savedpos);
2300 static int ssh2_pkt_getbool(struct Packet *pkt)
2302 unsigned long value;
2303 if (pkt->length - pkt->savedpos < 1)
2304 return 0; /* arrgh, no way to decline (FIXME?) */
2305 value = pkt->body[pkt->savedpos] != 0;
2309 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length)
2314 if (pkt->length - pkt->savedpos < 4)
2316 len = GET_32BIT(pkt->body + pkt->savedpos);
2321 if (pkt->length - pkt->savedpos < *length)
2323 *p = (char *)(pkt->body + pkt->savedpos);
2324 pkt->savedpos += *length;
2326 static void *ssh_pkt_getdata(struct Packet *pkt, int length)
2328 if (pkt->length - pkt->savedpos < length)
2330 pkt->savedpos += length;
2331 return pkt->body + (pkt->savedpos - length);
2333 static int ssh1_pkt_getrsakey(struct Packet *pkt, struct RSAKey *key,
2334 unsigned char **keystr)
2338 j = makekey(pkt->body + pkt->savedpos,
2339 pkt->length - pkt->savedpos,
2346 assert(pkt->savedpos < pkt->length);
2350 static Bignum ssh1_pkt_getmp(struct Packet *pkt)
2355 j = ssh1_read_bignum(pkt->body + pkt->savedpos,
2356 pkt->length - pkt->savedpos, &b);
2364 static Bignum ssh2_pkt_getmp(struct Packet *pkt)
2370 ssh_pkt_getstring(pkt, &p, &length);
2375 b = bignum_from_bytes((unsigned char *)p, length);
2380 * Helper function to add an SSH-2 signature blob to a packet.
2381 * Expects to be shown the public key blob as well as the signature
2382 * blob. Normally works just like ssh2_pkt_addstring, but will
2383 * fiddle with the signature packet if necessary for
2384 * BUG_SSH2_RSA_PADDING.
2386 static void ssh2_add_sigblob(Ssh ssh, struct Packet *pkt,
2387 void *pkblob_v, int pkblob_len,
2388 void *sigblob_v, int sigblob_len)
2390 unsigned char *pkblob = (unsigned char *)pkblob_v;
2391 unsigned char *sigblob = (unsigned char *)sigblob_v;
2393 /* dmemdump(pkblob, pkblob_len); */
2394 /* dmemdump(sigblob, sigblob_len); */
2397 * See if this is in fact an ssh-rsa signature and a buggy
2398 * server; otherwise we can just do this the easy way.
2400 if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) &&
2401 (GET_32BIT(pkblob) == 7 && !memcmp(pkblob+4, "ssh-rsa", 7))) {
2402 int pos, len, siglen;
2405 * Find the byte length of the modulus.
2408 pos = 4+7; /* skip over "ssh-rsa" */
2409 pos += 4 + GET_32BIT(pkblob+pos); /* skip over exponent */
2410 len = GET_32BIT(pkblob+pos); /* find length of modulus */
2411 pos += 4; /* find modulus itself */
2412 while (len > 0 && pkblob[pos] == 0)
2414 /* debug(("modulus length is %d\n", len)); */
2417 * Now find the signature integer.
2419 pos = 4+7; /* skip over "ssh-rsa" */
2420 siglen = GET_32BIT(sigblob+pos);
2421 /* debug(("signature length is %d\n", siglen)); */
2423 if (len != siglen) {
2424 unsigned char newlen[4];
2425 ssh2_pkt_addstring_start(pkt);
2426 ssh2_pkt_addstring_data(pkt, (char *)sigblob, pos);
2427 /* dmemdump(sigblob, pos); */
2428 pos += 4; /* point to start of actual sig */
2429 PUT_32BIT(newlen, len);
2430 ssh2_pkt_addstring_data(pkt, (char *)newlen, 4);
2431 /* dmemdump(newlen, 4); */
2433 while (len-- > siglen) {
2434 ssh2_pkt_addstring_data(pkt, (char *)newlen, 1);
2435 /* dmemdump(newlen, 1); */
2437 ssh2_pkt_addstring_data(pkt, (char *)(sigblob+pos), siglen);
2438 /* dmemdump(sigblob+pos, siglen); */
2442 /* Otherwise fall through and do it the easy way. */
2445 ssh2_pkt_addstring_start(pkt);
2446 ssh2_pkt_addstring_data(pkt, (char *)sigblob, sigblob_len);
2450 * Examine the remote side's version string and compare it against
2451 * a list of known buggy implementations.
2453 static void ssh_detect_bugs(Ssh ssh, char *vstring)
2455 char *imp; /* pointer to implementation part */
2457 imp += strcspn(imp, "-");
2459 imp += strcspn(imp, "-");
2462 ssh->remote_bugs = 0;
2465 * General notes on server version strings:
2466 * - Not all servers reporting "Cisco-1.25" have all the bugs listed
2467 * here -- in particular, we've heard of one that's perfectly happy
2468 * with SSH1_MSG_IGNOREs -- but this string never seems to change,
2469 * so we can't distinguish them.
2471 if (conf_get_int(ssh->conf, CONF_sshbug_ignore1) == FORCE_ON ||
2472 (conf_get_int(ssh->conf, CONF_sshbug_ignore1) == AUTO &&
2473 (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
2474 !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
2475 !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
2476 !strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
2478 * These versions don't support SSH1_MSG_IGNORE, so we have
2479 * to use a different defence against password length
2482 ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
2483 logevent("We believe remote version has SSH-1 ignore bug");
2486 if (conf_get_int(ssh->conf, CONF_sshbug_plainpw1) == FORCE_ON ||
2487 (conf_get_int(ssh->conf, CONF_sshbug_plainpw1) == AUTO &&
2488 (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
2490 * These versions need a plain password sent; they can't
2491 * handle having a null and a random length of data after
2494 ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
2495 logevent("We believe remote version needs a plain SSH-1 password");
2498 if (conf_get_int(ssh->conf, CONF_sshbug_rsa1) == FORCE_ON ||
2499 (conf_get_int(ssh->conf, CONF_sshbug_rsa1) == AUTO &&
2500 (!strcmp(imp, "Cisco-1.25")))) {
2502 * These versions apparently have no clue whatever about
2503 * RSA authentication and will panic and die if they see
2504 * an AUTH_RSA message.
2506 ssh->remote_bugs |= BUG_CHOKES_ON_RSA;
2507 logevent("We believe remote version can't handle SSH-1 RSA authentication");
2510 if (conf_get_int(ssh->conf, CONF_sshbug_hmac2) == FORCE_ON ||
2511 (conf_get_int(ssh->conf, CONF_sshbug_hmac2) == AUTO &&
2512 !wc_match("* VShell", imp) &&
2513 (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
2514 wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
2515 wc_match("2.1 *", imp)))) {
2517 * These versions have the HMAC bug.
2519 ssh->remote_bugs |= BUG_SSH2_HMAC;
2520 logevent("We believe remote version has SSH-2 HMAC bug");
2523 if (conf_get_int(ssh->conf, CONF_sshbug_derivekey2) == FORCE_ON ||
2524 (conf_get_int(ssh->conf, CONF_sshbug_derivekey2) == AUTO &&
2525 !wc_match("* VShell", imp) &&
2526 (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
2528 * These versions have the key-derivation bug (failing to
2529 * include the literal shared secret in the hashes that
2530 * generate the keys).
2532 ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
2533 logevent("We believe remote version has SSH-2 key-derivation bug");
2536 if (conf_get_int(ssh->conf, CONF_sshbug_rsapad2) == FORCE_ON ||
2537 (conf_get_int(ssh->conf, CONF_sshbug_rsapad2) == AUTO &&
2538 (wc_match("OpenSSH_2.[5-9]*", imp) ||
2539 wc_match("OpenSSH_3.[0-2]*", imp)))) {
2541 * These versions have the SSH-2 RSA padding bug.
2543 ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
2544 logevent("We believe remote version has SSH-2 RSA padding bug");
2547 if (conf_get_int(ssh->conf, CONF_sshbug_pksessid2) == FORCE_ON ||
2548 (conf_get_int(ssh->conf, CONF_sshbug_pksessid2) == AUTO &&
2549 wc_match("OpenSSH_2.[0-2]*", imp))) {
2551 * These versions have the SSH-2 session-ID bug in
2552 * public-key authentication.
2554 ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
2555 logevent("We believe remote version has SSH-2 public-key-session-ID bug");
2558 if (conf_get_int(ssh->conf, CONF_sshbug_rekey2) == FORCE_ON ||
2559 (conf_get_int(ssh->conf, CONF_sshbug_rekey2) == AUTO &&
2560 (wc_match("DigiSSH_2.0", imp) ||
2561 wc_match("OpenSSH_2.[0-4]*", imp) ||
2562 wc_match("OpenSSH_2.5.[0-3]*", imp) ||
2563 wc_match("Sun_SSH_1.0", imp) ||
2564 wc_match("Sun_SSH_1.0.1", imp) ||
2565 /* All versions <= 1.2.6 (they changed their format in 1.2.7) */
2566 wc_match("WeOnlyDo-*", imp)))) {
2568 * These versions have the SSH-2 rekey bug.
2570 ssh->remote_bugs |= BUG_SSH2_REKEY;
2571 logevent("We believe remote version has SSH-2 rekey bug");
2574 if (conf_get_int(ssh->conf, CONF_sshbug_maxpkt2) == FORCE_ON ||
2575 (conf_get_int(ssh->conf, CONF_sshbug_maxpkt2) == AUTO &&
2576 (wc_match("1.36_sshlib GlobalSCAPE", imp) ||
2577 wc_match("1.36 sshlib: GlobalScape", imp)))) {
2579 * This version ignores our makpkt and needs to be throttled.
2581 ssh->remote_bugs |= BUG_SSH2_MAXPKT;
2582 logevent("We believe remote version ignores SSH-2 maximum packet size");
2585 if (conf_get_int(ssh->conf, CONF_sshbug_ignore2) == FORCE_ON) {
2587 * Servers that don't support SSH2_MSG_IGNORE. Currently,
2588 * none detected automatically.
2590 ssh->remote_bugs |= BUG_CHOKES_ON_SSH2_IGNORE;
2591 logevent("We believe remote version has SSH-2 ignore bug");
2594 if (conf_get_int(ssh->conf, CONF_sshbug_winadj) == FORCE_ON) {
2596 * Servers that don't support our winadj request for one
2597 * reason or another. Currently, none detected automatically.
2599 ssh->remote_bugs |= BUG_CHOKES_ON_WINADJ;
2600 logevent("We believe remote version has winadj bug");
2605 * The `software version' part of an SSH version string is required
2606 * to contain no spaces or minus signs.
2608 static void ssh_fix_verstring(char *str)
2610 /* Eat "SSH-<protoversion>-". */
2611 assert(*str == 'S'); str++;
2612 assert(*str == 'S'); str++;
2613 assert(*str == 'H'); str++;
2614 assert(*str == '-'); str++;
2615 while (*str && *str != '-') str++;
2616 assert(*str == '-'); str++;
2618 /* Convert minus signs and spaces in the remaining string into
2621 if (*str == '-' || *str == ' ')
2628 * Send an appropriate SSH version string.
2630 static void ssh_send_verstring(Ssh ssh, char *svers)
2634 if (ssh->version == 2) {
2636 * Construct a v2 version string.
2638 verstring = dupprintf("SSH-2.0-%s\015\012", sshver);
2641 * Construct a v1 version string.
2643 verstring = dupprintf("SSH-%s-%s\012",
2644 (ssh_versioncmp(svers, "1.5") <= 0 ?
2649 ssh_fix_verstring(verstring);
2651 if (ssh->version == 2) {
2654 * Record our version string.
2656 len = strcspn(verstring, "\015\012");
2657 ssh->v_c = snewn(len + 1, char);
2658 memcpy(ssh->v_c, verstring, len);
2662 logeventf(ssh, "We claim version: %.*s",
2663 strcspn(verstring, "\015\012"), verstring);
2664 s_write(ssh, verstring, strlen(verstring));
2668 static int do_ssh_init(Ssh ssh, unsigned char c)
2670 struct do_ssh_init_state {
2679 crState(do_ssh_init_state);
2683 /* Search for a line beginning with the string "SSH-" in the input. */
2685 if (c != 'S') goto no;
2687 if (c != 'S') goto no;
2689 if (c != 'H') goto no;
2691 if (c != '-') goto no;
2700 s->vstring = snewn(s->vstrsize, char);
2701 strcpy(s->vstring, "SSH-");
2705 crReturn(1); /* get another char */
2706 if (s->vslen >= s->vstrsize - 1) {
2708 s->vstring = sresize(s->vstring, s->vstrsize, char);
2710 s->vstring[s->vslen++] = c;
2713 s->version[s->i] = '\0';
2715 } else if (s->i < sizeof(s->version) - 1)
2716 s->version[s->i++] = c;
2717 } else if (c == '\012')
2721 ssh->agentfwd_enabled = FALSE;
2722 ssh->rdpkt2_state.incoming_sequence = 0;
2724 s->vstring[s->vslen] = 0;
2725 s->vstring[strcspn(s->vstring, "\015\012")] = '\0';/* remove EOL chars */
2726 logeventf(ssh, "Server version: %s", s->vstring);
2727 ssh_detect_bugs(ssh, s->vstring);
2730 * Decide which SSH protocol version to support.
2733 /* Anything strictly below "2.0" means protocol 1 is supported. */
2734 s->proto1 = ssh_versioncmp(s->version, "2.0") < 0;
2735 /* Anything greater or equal to "1.99" means protocol 2 is supported. */
2736 s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
2738 if (conf_get_int(ssh->conf, CONF_sshprot) == 0 && !s->proto1) {
2739 bombout(("SSH protocol version 1 required by user but not provided by server"));
2742 if (conf_get_int(ssh->conf, CONF_sshprot) == 3 && !s->proto2) {
2743 bombout(("SSH protocol version 2 required by user but not provided by server"));
2747 if (s->proto2 && (conf_get_int(ssh->conf, CONF_sshprot) >= 2 || !s->proto1))
2752 logeventf(ssh, "Using SSH protocol version %d", ssh->version);
2754 /* Send the version string, if we haven't already */
2755 if (conf_get_int(ssh->conf, CONF_sshprot) != 3)
2756 ssh_send_verstring(ssh, s->version);
2758 if (ssh->version == 2) {
2761 * Record their version string.
2763 len = strcspn(s->vstring, "\015\012");
2764 ssh->v_s = snewn(len + 1, char);
2765 memcpy(ssh->v_s, s->vstring, len);
2769 * Initialise SSH-2 protocol.
2771 ssh->protocol = ssh2_protocol;
2772 ssh2_protocol_setup(ssh);
2773 ssh->s_rdpkt = ssh2_rdpkt;
2776 * Initialise SSH-1 protocol.
2778 ssh->protocol = ssh1_protocol;
2779 ssh1_protocol_setup(ssh);
2780 ssh->s_rdpkt = ssh1_rdpkt;
2782 if (ssh->version == 2)
2783 do_ssh2_transport(ssh, NULL, -1, NULL);
2785 update_specials_menu(ssh->frontend);
2786 ssh->state = SSH_STATE_BEFORE_SIZE;
2787 ssh->pinger = pinger_new(ssh->conf, &ssh_backend, ssh);
2794 static void ssh_process_incoming_data(Ssh ssh,
2795 unsigned char **data, int *datalen)
2797 struct Packet *pktin;
2799 pktin = ssh->s_rdpkt(ssh, data, datalen);
2801 ssh->protocol(ssh, NULL, 0, pktin);
2802 ssh_free_packet(pktin);
2806 static void ssh_queue_incoming_data(Ssh ssh,
2807 unsigned char **data, int *datalen)
2809 bufchain_add(&ssh->queued_incoming_data, *data, *datalen);
2814 static void ssh_process_queued_incoming_data(Ssh ssh)
2817 unsigned char *data;
2820 while (!ssh->frozen && bufchain_size(&ssh->queued_incoming_data)) {
2821 bufchain_prefix(&ssh->queued_incoming_data, &vdata, &len);
2825 while (!ssh->frozen && len > 0)
2826 ssh_process_incoming_data(ssh, &data, &len);
2829 bufchain_consume(&ssh->queued_incoming_data, origlen - len);
2833 static void ssh_set_frozen(Ssh ssh, int frozen)
2836 sk_set_frozen(ssh->s, frozen);
2837 ssh->frozen = frozen;
2840 static void ssh_gotdata(Ssh ssh, unsigned char *data, int datalen)
2842 /* Log raw data, if we're in that mode. */
2844 log_packet(ssh->logctx, PKT_INCOMING, -1, NULL, data, datalen,
2847 crBegin(ssh->ssh_gotdata_crstate);
2850 * To begin with, feed the characters one by one to the
2851 * protocol initialisation / selection function do_ssh_init().
2852 * When that returns 0, we're done with the initial greeting
2853 * exchange and can move on to packet discipline.
2856 int ret; /* need not be kept across crReturn */
2858 crReturnV; /* more data please */
2859 ret = do_ssh_init(ssh, *data);
2867 * We emerge from that loop when the initial negotiation is
2868 * over and we have selected an s_rdpkt function. Now pass
2869 * everything to s_rdpkt, and then pass the resulting packets
2870 * to the proper protocol handler.
2874 while (bufchain_size(&ssh->queued_incoming_data) > 0 || datalen > 0) {
2876 ssh_queue_incoming_data(ssh, &data, &datalen);
2877 /* This uses up all data and cannot cause anything interesting
2878 * to happen; indeed, for anything to happen at all, we must
2879 * return, so break out. */
2881 } else if (bufchain_size(&ssh->queued_incoming_data) > 0) {
2882 /* This uses up some or all data, and may freeze the
2884 ssh_process_queued_incoming_data(ssh);
2886 /* This uses up some or all data, and may freeze the
2888 ssh_process_incoming_data(ssh, &data, &datalen);
2890 /* FIXME this is probably EBW. */
2891 if (ssh->state == SSH_STATE_CLOSED)
2894 /* We're out of data. Go and get some more. */
2900 static int ssh_do_close(Ssh ssh, int notify_exit)
2903 struct ssh_channel *c;
2905 ssh->state = SSH_STATE_CLOSED;
2906 expire_timer_context(ssh);
2911 notify_remote_exit(ssh->frontend);
2916 * Now we must shut down any port- and X-forwarded channels going
2917 * through this connection.
2919 if (ssh->channels) {
2920 while (NULL != (c = index234(ssh->channels, 0))) {
2923 x11_close(c->u.x11.s);
2926 case CHAN_SOCKDATA_DORMANT:
2927 pfd_close(c->u.pfd.s);
2930 del234(ssh->channels, c); /* moving next one to index 0 */
2931 if (ssh->version == 2)
2932 bufchain_clear(&c->v.v2.outbuffer);
2937 * Go through port-forwardings, and close any associated
2938 * listening sockets.
2940 if (ssh->portfwds) {
2941 struct ssh_portfwd *pf;
2942 while (NULL != (pf = index234(ssh->portfwds, 0))) {
2943 /* Dispose of any listening socket. */
2945 pfd_terminate(pf->local);
2946 del234(ssh->portfwds, pf); /* moving next one to index 0 */
2949 freetree234(ssh->portfwds);
2950 ssh->portfwds = NULL;
2956 static void ssh_log(Plug plug, int type, SockAddr addr, int port,
2957 const char *error_msg, int error_code)
2959 Ssh ssh = (Ssh) plug;
2960 char addrbuf[256], *msg;
2962 sk_getaddr(addr, addrbuf, lenof(addrbuf));
2965 msg = dupprintf("Connecting to %s port %d", addrbuf, port);
2967 msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg);
2973 static int ssh_closing(Plug plug, const char *error_msg, int error_code,
2976 Ssh ssh = (Ssh) plug;
2977 int need_notify = ssh_do_close(ssh, FALSE);
2980 if (!ssh->close_expected)
2981 error_msg = "Server unexpectedly closed network connection";
2983 error_msg = "Server closed network connection";
2986 if (ssh->close_expected && ssh->clean_exit && ssh->exitcode < 0)
2990 notify_remote_exit(ssh->frontend);
2993 logevent(error_msg);
2994 if (!ssh->close_expected || !ssh->clean_exit)
2995 connection_fatal(ssh->frontend, "%s", error_msg);
2999 static int ssh_receive(Plug plug, int urgent, char *data, int len)
3001 Ssh ssh = (Ssh) plug;
3002 ssh_gotdata(ssh, (unsigned char *)data, len);
3003 if (ssh->state == SSH_STATE_CLOSED) {
3004 ssh_do_close(ssh, TRUE);
3010 static void ssh_sent(Plug plug, int bufsize)
3012 Ssh ssh = (Ssh) plug;
3014 * If the send backlog on the SSH socket itself clears, we
3015 * should unthrottle the whole world if it was throttled.
3017 if (bufsize < SSH_MAX_BACKLOG)
3018 ssh_throttle_all(ssh, 0, bufsize);
3022 * Connect to specified host and port.
3023 * Returns an error message, or NULL on success.
3024 * Also places the canonical host name into `realhost'. It must be
3025 * freed by the caller.
3027 static const char *connect_to_host(Ssh ssh, char *host, int port,
3028 char **realhost, int nodelay, int keepalive)
3030 static const struct plug_function_table fn_table = {
3041 int addressfamily, sshprot;
3043 loghost = conf_get_str(ssh->conf, CONF_loghost);
3047 ssh->savedhost = dupstr(loghost);
3048 ssh->savedport = 22; /* default ssh port */
3051 * A colon suffix on savedhost also lets us affect
3054 * (FIXME: do something about IPv6 address literals here.)
3056 colon = strrchr(ssh->savedhost, ':');
3060 ssh->savedport = atoi(colon);
3063 ssh->savedhost = dupstr(host);
3065 port = 22; /* default ssh port */
3066 ssh->savedport = port;
3072 addressfamily = conf_get_int(ssh->conf, CONF_addressfamily);
3073 logeventf(ssh, "Looking up host \"%s\"%s", host,
3074 (addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
3075 (addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
3076 addr = name_lookup(host, port, realhost, ssh->conf, addressfamily);
3077 if ((err = sk_addr_error(addr)) != NULL) {
3081 ssh->fullhostname = dupstr(*realhost); /* save in case of GSSAPI */
3086 ssh->fn = &fn_table;
3087 ssh->s = new_connection(addr, *realhost, port,
3088 0, 1, nodelay, keepalive, (Plug) ssh, ssh->conf);
3089 if ((err = sk_socket_error(ssh->s)) != NULL) {
3091 notify_remote_exit(ssh->frontend);
3096 * If the SSH version number's fixed, set it now, and if it's SSH-2,
3097 * send the version string too.
3099 sshprot = conf_get_int(ssh->conf, CONF_sshprot);
3104 ssh_send_verstring(ssh, NULL);
3108 * loghost, if configured, overrides realhost.
3112 *realhost = dupstr(loghost);
3119 * Throttle or unthrottle the SSH connection.
3121 static void ssh_throttle_conn(Ssh ssh, int adjust)
3123 int old_count = ssh->conn_throttle_count;
3124 ssh->conn_throttle_count += adjust;
3125 assert(ssh->conn_throttle_count >= 0);
3126 if (ssh->conn_throttle_count && !old_count) {
3127 ssh_set_frozen(ssh, 1);
3128 } else if (!ssh->conn_throttle_count && old_count) {
3129 ssh_set_frozen(ssh, 0);
3134 * Throttle or unthrottle _all_ local data streams (for when sends
3135 * on the SSH connection itself back up).
3137 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
3140 struct ssh_channel *c;
3142 if (enable == ssh->throttled_all)
3144 ssh->throttled_all = enable;
3145 ssh->overall_bufsize = bufsize;
3148 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
3150 case CHAN_MAINSESSION:
3152 * This is treated separately, outside the switch.
3156 x11_override_throttle(c->u.x11.s, enable);
3159 /* Agent channels require no buffer management. */
3162 pfd_override_throttle(c->u.pfd.s, enable);
3168 static void ssh_agent_callback(void *sshv, void *reply, int replylen)
3170 Ssh ssh = (Ssh) sshv;
3172 ssh->agent_response = reply;
3173 ssh->agent_response_len = replylen;
3175 if (ssh->version == 1)
3176 do_ssh1_login(ssh, NULL, -1, NULL);
3178 do_ssh2_authconn(ssh, NULL, -1, NULL);
3181 static void ssh_dialog_callback(void *sshv, int ret)
3183 Ssh ssh = (Ssh) sshv;
3185 ssh->user_response = ret;
3187 if (ssh->version == 1)
3188 do_ssh1_login(ssh, NULL, -1, NULL);
3190 do_ssh2_transport(ssh, NULL, -1, NULL);
3193 * This may have unfrozen the SSH connection, so do a
3196 ssh_process_queued_incoming_data(ssh);
3199 static void ssh_agentf_callback(void *cv, void *reply, int replylen)
3201 struct ssh_channel *c = (struct ssh_channel *)cv;
3203 void *sentreply = reply;
3205 c->u.a.outstanding_requests--;
3207 /* Fake SSH_AGENT_FAILURE. */
3208 sentreply = "\0\0\0\1\5";
3211 if (ssh->version == 2) {
3212 ssh2_add_channel_data(c, sentreply, replylen);
3215 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
3216 PKT_INT, c->remoteid,
3219 PKT_DATA, sentreply, replylen,
3226 * If we've already seen an incoming EOF but haven't sent an
3227 * outgoing one, this may be the moment to send it.
3229 if (c->u.a.outstanding_requests == 0 && (c->closes & CLOSES_RCVD_EOF))
3230 sshfwd_write_eof(c);
3234 * Client-initiated disconnection. Send a DISCONNECT if `wire_reason'
3235 * non-NULL, otherwise just close the connection. `client_reason' == NULL
3236 * => log `wire_reason'.
3238 static void ssh_disconnect(Ssh ssh, char *client_reason, char *wire_reason,
3239 int code, int clean_exit)
3243 client_reason = wire_reason;
3245 error = dupprintf("Disconnected: %s", client_reason);
3247 error = dupstr("Disconnected");
3249 if (ssh->version == 1) {
3250 send_packet(ssh, SSH1_MSG_DISCONNECT, PKT_STR, wire_reason,
3252 } else if (ssh->version == 2) {
3253 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
3254 ssh2_pkt_adduint32(pktout, code);
3255 ssh2_pkt_addstring(pktout, wire_reason);
3256 ssh2_pkt_addstring(pktout, "en"); /* language tag */
3257 ssh2_pkt_send_noqueue(ssh, pktout);
3260 ssh->close_expected = TRUE;
3261 ssh->clean_exit = clean_exit;
3262 ssh_closing((Plug)ssh, error, 0, 0);
3267 * Handle the key exchange and user authentication phases.
3269 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
3270 struct Packet *pktin)
3273 unsigned char cookie[8], *ptr;
3274 struct RSAKey servkey, hostkey;
3275 struct MD5Context md5c;
3276 struct do_ssh1_login_state {
3279 unsigned char *rsabuf, *keystr1, *keystr2;
3280 unsigned long supported_ciphers_mask, supported_auths_mask;
3281 int tried_publickey, tried_agent;
3282 int tis_auth_refused, ccard_auth_refused;
3283 unsigned char session_id[16];
3285 void *publickey_blob;
3286 int publickey_bloblen;
3287 char *publickey_comment;
3288 int publickey_encrypted;
3289 prompts_t *cur_prompt;
3292 unsigned char request[5], *response, *p;
3303 crState(do_ssh1_login_state);
3310 if (pktin->type != SSH1_SMSG_PUBLIC_KEY) {
3311 bombout(("Public key packet not received"));
3315 logevent("Received public keys");
3317 ptr = ssh_pkt_getdata(pktin, 8);
3319 bombout(("SSH-1 public key packet stopped before random cookie"));
3322 memcpy(cookie, ptr, 8);
3324 if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
3325 !ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
3326 bombout(("Failed to read SSH-1 public keys from public key packet"));
3331 * Log the host key fingerprint.
3335 logevent("Host key fingerprint is:");
3336 strcpy(logmsg, " ");
3337 hostkey.comment = NULL;
3338 rsa_fingerprint(logmsg + strlen(logmsg),
3339 sizeof(logmsg) - strlen(logmsg), &hostkey);
3343 ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
3344 s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
3345 s->supported_auths_mask = ssh_pkt_getuint32(pktin);
3346 if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA))
3347 s->supported_auths_mask &= ~(1 << SSH1_AUTH_RSA);
3349 ssh->v1_local_protoflags =
3350 ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
3351 ssh->v1_local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
3354 MD5Update(&md5c, s->keystr2, hostkey.bytes);
3355 MD5Update(&md5c, s->keystr1, servkey.bytes);
3356 MD5Update(&md5c, cookie, 8);
3357 MD5Final(s->session_id, &md5c);
3359 for (i = 0; i < 32; i++)
3360 ssh->session_key[i] = random_byte();
3363 * Verify that the `bits' and `bytes' parameters match.
3365 if (hostkey.bits > hostkey.bytes * 8 ||
3366 servkey.bits > servkey.bytes * 8) {
3367 bombout(("SSH-1 public keys were badly formatted"));
3371 s->len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
3373 s->rsabuf = snewn(s->len, unsigned char);
3376 * Verify the host key.
3380 * First format the key into a string.
3382 int len = rsastr_len(&hostkey);
3383 char fingerprint[100];
3384 char *keystr = snewn(len, char);
3385 rsastr_fmt(keystr, &hostkey);
3386 rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey);
3388 ssh_set_frozen(ssh, 1);
3389 s->dlgret = verify_ssh_host_key(ssh->frontend,
3390 ssh->savedhost, ssh->savedport,
3391 "rsa", keystr, fingerprint,
3392 ssh_dialog_callback, ssh);
3394 if (s->dlgret < 0) {
3398 bombout(("Unexpected data from server while waiting"
3399 " for user host key response"));
3402 } while (pktin || inlen > 0);
3403 s->dlgret = ssh->user_response;
3405 ssh_set_frozen(ssh, 0);
3407 if (s->dlgret == 0) {
3408 ssh_disconnect(ssh, "User aborted at host key verification",
3414 for (i = 0; i < 32; i++) {
3415 s->rsabuf[i] = ssh->session_key[i];
3417 s->rsabuf[i] ^= s->session_id[i];
3420 if (hostkey.bytes > servkey.bytes) {
3421 ret = rsaencrypt(s->rsabuf, 32, &servkey);
3423 ret = rsaencrypt(s->rsabuf, servkey.bytes, &hostkey);
3425 ret = rsaencrypt(s->rsabuf, 32, &hostkey);
3427 ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
3430 bombout(("SSH-1 public key encryptions failed due to bad formatting"));
3434 logevent("Encrypted session key");
3437 int cipher_chosen = 0, warn = 0;
3438 char *cipher_string = NULL;
3440 for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
3441 int next_cipher = conf_get_int_int(ssh->conf,
3442 CONF_ssh_cipherlist, i);
3443 if (next_cipher == CIPHER_WARN) {
3444 /* If/when we choose a cipher, warn about it */
3446 } else if (next_cipher == CIPHER_AES) {
3447 /* XXX Probably don't need to mention this. */
3448 logevent("AES not supported in SSH-1, skipping");
3450 switch (next_cipher) {
3451 case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
3452 cipher_string = "3DES"; break;
3453 case CIPHER_BLOWFISH: s->cipher_type = SSH_CIPHER_BLOWFISH;
3454 cipher_string = "Blowfish"; break;
3455 case CIPHER_DES: s->cipher_type = SSH_CIPHER_DES;
3456 cipher_string = "single-DES"; break;
3458 if (s->supported_ciphers_mask & (1 << s->cipher_type))
3462 if (!cipher_chosen) {
3463 if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
3464 bombout(("Server violates SSH-1 protocol by not "
3465 "supporting 3DES encryption"));
3467 /* shouldn't happen */
3468 bombout(("No supported ciphers found"));
3472 /* Warn about chosen cipher if necessary. */
3474 ssh_set_frozen(ssh, 1);
3475 s->dlgret = askalg(ssh->frontend, "cipher", cipher_string,
3476 ssh_dialog_callback, ssh);
3477 if (s->dlgret < 0) {
3481 bombout(("Unexpected data from server while waiting"
3482 " for user response"));
3485 } while (pktin || inlen > 0);
3486 s->dlgret = ssh->user_response;
3488 ssh_set_frozen(ssh, 0);
3489 if (s->dlgret == 0) {
3490 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
3497 switch (s->cipher_type) {
3498 case SSH_CIPHER_3DES:
3499 logevent("Using 3DES encryption");
3501 case SSH_CIPHER_DES:
3502 logevent("Using single-DES encryption");
3504 case SSH_CIPHER_BLOWFISH:
3505 logevent("Using Blowfish encryption");
3509 send_packet(ssh, SSH1_CMSG_SESSION_KEY,
3510 PKT_CHAR, s->cipher_type,
3511 PKT_DATA, cookie, 8,
3512 PKT_CHAR, (s->len * 8) >> 8, PKT_CHAR, (s->len * 8) & 0xFF,
3513 PKT_DATA, s->rsabuf, s->len,
3514 PKT_INT, ssh->v1_local_protoflags, PKT_END);
3516 logevent("Trying to enable encryption...");
3520 ssh->cipher = (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 :
3521 s->cipher_type == SSH_CIPHER_DES ? &ssh_des :
3523 ssh->v1_cipher_ctx = ssh->cipher->make_context();
3524 ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key);
3525 logeventf(ssh, "Initialised %s encryption", ssh->cipher->text_name);
3527 ssh->crcda_ctx = crcda_make_context();
3528 logevent("Installing CRC compensation attack detector");
3530 if (servkey.modulus) {
3531 sfree(servkey.modulus);
3532 servkey.modulus = NULL;
3534 if (servkey.exponent) {
3535 sfree(servkey.exponent);
3536 servkey.exponent = NULL;
3538 if (hostkey.modulus) {
3539 sfree(hostkey.modulus);
3540 hostkey.modulus = NULL;
3542 if (hostkey.exponent) {
3543 sfree(hostkey.exponent);
3544 hostkey.exponent = NULL;
3548 if (pktin->type != SSH1_SMSG_SUCCESS) {
3549 bombout(("Encryption not successfully enabled"));
3553 logevent("Successfully started encryption");
3555 fflush(stdout); /* FIXME eh? */
3557 if ((ssh->username = get_remote_username(ssh->conf)) == NULL) {
3558 int ret; /* need not be kept over crReturn */
3559 s->cur_prompt = new_prompts(ssh->frontend);
3560 s->cur_prompt->to_server = TRUE;
3561 s->cur_prompt->name = dupstr("SSH login name");
3562 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE);
3563 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3566 crWaitUntil(!pktin);
3567 ret = get_userpass_input(s->cur_prompt, in, inlen);
3572 * Failed to get a username. Terminate.
3574 free_prompts(s->cur_prompt);
3575 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
3578 ssh->username = dupstr(s->cur_prompt->prompts[0]->result);
3579 free_prompts(s->cur_prompt);
3582 send_packet(ssh, SSH1_CMSG_USER, PKT_STR, ssh->username, PKT_END);
3584 char *userlog = dupprintf("Sent username \"%s\"", ssh->username);
3586 if (flags & FLAG_INTERACTIVE &&
3587 (!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
3588 c_write_str(ssh, userlog);
3589 c_write_str(ssh, "\r\n");
3597 if ((s->supported_auths_mask & (1 << SSH1_AUTH_RSA)) == 0) {
3598 /* We must not attempt PK auth. Pretend we've already tried it. */
3599 s->tried_publickey = s->tried_agent = 1;
3601 s->tried_publickey = s->tried_agent = 0;
3603 s->tis_auth_refused = s->ccard_auth_refused = 0;
3605 * Load the public half of any configured keyfile for later use.
3607 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3608 if (!filename_is_null(s->keyfile)) {
3610 logeventf(ssh, "Reading private key file \"%.150s\"",
3611 filename_to_str(s->keyfile));
3612 keytype = key_type(s->keyfile);
3613 if (keytype == SSH_KEYTYPE_SSH1) {
3615 if (rsakey_pubblob(s->keyfile,
3616 &s->publickey_blob, &s->publickey_bloblen,
3617 &s->publickey_comment, &error)) {
3618 s->publickey_encrypted = rsakey_encrypted(s->keyfile,
3622 logeventf(ssh, "Unable to load private key (%s)", error);
3623 msgbuf = dupprintf("Unable to load private key file "
3624 "\"%.150s\" (%s)\r\n",
3625 filename_to_str(s->keyfile),
3627 c_write_str(ssh, msgbuf);
3629 s->publickey_blob = NULL;
3633 logeventf(ssh, "Unable to use this key file (%s)",
3634 key_type_to_str(keytype));
3635 msgbuf = dupprintf("Unable to use key file \"%.150s\""
3637 filename_to_str(s->keyfile),
3638 key_type_to_str(keytype));
3639 c_write_str(ssh, msgbuf);
3641 s->publickey_blob = NULL;
3644 s->publickey_blob = NULL;
3646 while (pktin->type == SSH1_SMSG_FAILURE) {
3647 s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
3649 if (conf_get_int(ssh->conf, CONF_tryagent) && agent_exists() && !s->tried_agent) {
3651 * Attempt RSA authentication using Pageant.
3657 logevent("Pageant is running. Requesting keys.");
3659 /* Request the keys held by the agent. */
3660 PUT_32BIT(s->request, 1);
3661 s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
3662 if (!agent_query(s->request, 5, &r, &s->responselen,
3663 ssh_agent_callback, ssh)) {
3667 bombout(("Unexpected data from server while waiting"
3668 " for agent response"));
3671 } while (pktin || inlen > 0);
3672 r = ssh->agent_response;
3673 s->responselen = ssh->agent_response_len;
3675 s->response = (unsigned char *) r;
3676 if (s->response && s->responselen >= 5 &&
3677 s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
3678 s->p = s->response + 5;
3679 s->nkeys = GET_32BIT(s->p);
3681 logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
3682 for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
3683 unsigned char *pkblob = s->p;
3687 do { /* do while (0) to make breaking easy */
3688 n = ssh1_read_bignum
3689 (s->p, s->responselen-(s->p-s->response),
3694 n = ssh1_read_bignum
3695 (s->p, s->responselen-(s->p-s->response),
3700 if (s->responselen - (s->p-s->response) < 4)
3702 s->commentlen = GET_32BIT(s->p);
3704 if (s->responselen - (s->p-s->response) <
3707 s->commentp = (char *)s->p;
3708 s->p += s->commentlen;
3712 logevent("Pageant key list packet was truncated");
3716 if (s->publickey_blob) {
3717 if (!memcmp(pkblob, s->publickey_blob,
3718 s->publickey_bloblen)) {
3719 logeventf(ssh, "Pageant key #%d matches "
3720 "configured key file", s->keyi);
3721 s->tried_publickey = 1;
3723 /* Skip non-configured key */
3726 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
3727 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3728 PKT_BIGNUM, s->key.modulus, PKT_END);
3730 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3731 logevent("Key refused");
3734 logevent("Received RSA challenge");
3735 if ((s->challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3736 bombout(("Server's RSA challenge was badly formatted"));
3741 char *agentreq, *q, *ret;
3744 len = 1 + 4; /* message type, bit count */
3745 len += ssh1_bignum_length(s->key.exponent);
3746 len += ssh1_bignum_length(s->key.modulus);
3747 len += ssh1_bignum_length(s->challenge);
3748 len += 16; /* session id */
3749 len += 4; /* response format */
3750 agentreq = snewn(4 + len, char);
3751 PUT_32BIT(agentreq, len);
3753 *q++ = SSH1_AGENTC_RSA_CHALLENGE;
3754 PUT_32BIT(q, bignum_bitcount(s->key.modulus));
3756 q += ssh1_write_bignum(q, s->key.exponent);
3757 q += ssh1_write_bignum(q, s->key.modulus);
3758 q += ssh1_write_bignum(q, s->challenge);
3759 memcpy(q, s->session_id, 16);
3761 PUT_32BIT(q, 1); /* response format */
3762 if (!agent_query(agentreq, len + 4, &vret, &retlen,
3763 ssh_agent_callback, ssh)) {
3768 bombout(("Unexpected data from server"
3769 " while waiting for agent"
3773 } while (pktin || inlen > 0);
3774 vret = ssh->agent_response;
3775 retlen = ssh->agent_response_len;
3780 if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
3781 logevent("Sending Pageant's response");
3782 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3783 PKT_DATA, ret + 5, 16,
3787 if (pktin->type == SSH1_SMSG_SUCCESS) {
3789 ("Pageant's response accepted");
3790 if (flags & FLAG_VERBOSE) {
3791 c_write_str(ssh, "Authenticated using"
3793 c_write(ssh, s->commentp,
3795 c_write_str(ssh, "\" from agent\r\n");
3800 ("Pageant's response not accepted");
3803 ("Pageant failed to answer challenge");
3807 logevent("No reply received from Pageant");
3810 freebn(s->key.exponent);
3811 freebn(s->key.modulus);
3812 freebn(s->challenge);
3817 if (s->publickey_blob && !s->tried_publickey)
3818 logevent("Configured key file not in Pageant");
3820 logevent("Failed to get reply from Pageant");
3825 if (s->publickey_blob && !s->tried_publickey) {
3827 * Try public key authentication with the specified
3830 int got_passphrase; /* need not be kept over crReturn */
3831 if (flags & FLAG_VERBOSE)
3832 c_write_str(ssh, "Trying public key authentication.\r\n");
3833 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3834 logeventf(ssh, "Trying public key \"%s\"",
3835 filename_to_str(s->keyfile));
3836 s->tried_publickey = 1;
3837 got_passphrase = FALSE;
3838 while (!got_passphrase) {
3840 * Get a passphrase, if necessary.
3842 char *passphrase = NULL; /* only written after crReturn */
3844 if (!s->publickey_encrypted) {
3845 if (flags & FLAG_VERBOSE)
3846 c_write_str(ssh, "No passphrase required.\r\n");
3849 int ret; /* need not be kept over crReturn */
3850 s->cur_prompt = new_prompts(ssh->frontend);
3851 s->cur_prompt->to_server = FALSE;
3852 s->cur_prompt->name = dupstr("SSH key passphrase");
3853 add_prompt(s->cur_prompt,
3854 dupprintf("Passphrase for key \"%.100s\": ",
3855 s->publickey_comment), FALSE);
3856 ret = get_userpass_input(s->cur_prompt, NULL, 0);
3859 crWaitUntil(!pktin);
3860 ret = get_userpass_input(s->cur_prompt, in, inlen);
3864 /* Failed to get a passphrase. Terminate. */
3865 free_prompts(s->cur_prompt);
3866 ssh_disconnect(ssh, NULL, "Unable to authenticate",
3870 passphrase = dupstr(s->cur_prompt->prompts[0]->result);
3871 free_prompts(s->cur_prompt);
3874 * Try decrypting key with passphrase.
3876 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
3877 ret = loadrsakey(s->keyfile, &s->key, passphrase,
3880 smemclr(passphrase, strlen(passphrase));
3884 /* Correct passphrase. */
3885 got_passphrase = TRUE;
3886 } else if (ret == 0) {
3887 c_write_str(ssh, "Couldn't load private key from ");
3888 c_write_str(ssh, filename_to_str(s->keyfile));
3889 c_write_str(ssh, " (");
3890 c_write_str(ssh, error);
3891 c_write_str(ssh, ").\r\n");
3892 got_passphrase = FALSE;
3893 break; /* go and try something else */
3894 } else if (ret == -1) {
3895 c_write_str(ssh, "Wrong passphrase.\r\n"); /* FIXME */
3896 got_passphrase = FALSE;
3899 assert(0 && "unexpected return from loadrsakey()");
3900 got_passphrase = FALSE; /* placate optimisers */
3904 if (got_passphrase) {
3907 * Send a public key attempt.
3909 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3910 PKT_BIGNUM, s->key.modulus, PKT_END);
3913 if (pktin->type == SSH1_SMSG_FAILURE) {
3914 c_write_str(ssh, "Server refused our public key.\r\n");
3915 continue; /* go and try something else */
3917 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3918 bombout(("Bizarre response to offer of public key"));
3924 unsigned char buffer[32];
3925 Bignum challenge, response;
3927 if ((challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3928 bombout(("Server's RSA challenge was badly formatted"));
3931 response = rsadecrypt(challenge, &s->key);
3932 freebn(s->key.private_exponent);/* burn the evidence */
3934 for (i = 0; i < 32; i++) {
3935 buffer[i] = bignum_byte(response, 31 - i);
3939 MD5Update(&md5c, buffer, 32);
3940 MD5Update(&md5c, s->session_id, 16);
3941 MD5Final(buffer, &md5c);
3943 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3944 PKT_DATA, buffer, 16, PKT_END);
3951 if (pktin->type == SSH1_SMSG_FAILURE) {
3952 if (flags & FLAG_VERBOSE)
3953 c_write_str(ssh, "Failed to authenticate with"
3954 " our public key.\r\n");
3955 continue; /* go and try something else */
3956 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
3957 bombout(("Bizarre response to RSA authentication response"));
3961 break; /* we're through! */
3967 * Otherwise, try various forms of password-like authentication.
3969 s->cur_prompt = new_prompts(ssh->frontend);
3971 if (conf_get_int(ssh->conf, CONF_try_tis_auth) &&
3972 (s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
3973 !s->tis_auth_refused) {
3974 s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
3975 logevent("Requested TIS authentication");
3976 send_packet(ssh, SSH1_CMSG_AUTH_TIS, PKT_END);
3978 if (pktin->type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
3979 logevent("TIS authentication declined");
3980 if (flags & FLAG_INTERACTIVE)
3981 c_write_str(ssh, "TIS authentication refused.\r\n");
3982 s->tis_auth_refused = 1;
3987 char *instr_suf, *prompt;
3989 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3991 bombout(("TIS challenge packet was badly formed"));
3994 logevent("Received TIS challenge");
3995 s->cur_prompt->to_server = TRUE;
3996 s->cur_prompt->name = dupstr("SSH TIS authentication");
3997 /* Prompt heuristic comes from OpenSSH */
3998 if (memchr(challenge, '\n', challengelen)) {
3999 instr_suf = dupstr("");
4000 prompt = dupprintf("%.*s", challengelen, challenge);
4002 instr_suf = dupprintf("%.*s", challengelen, challenge);
4003 prompt = dupstr("Response: ");
4005 s->cur_prompt->instruction =
4006 dupprintf("Using TIS authentication.%s%s",
4007 (*instr_suf) ? "\n" : "",
4009 s->cur_prompt->instr_reqd = TRUE;
4010 add_prompt(s->cur_prompt, prompt, FALSE);
4014 if (conf_get_int(ssh->conf, CONF_try_tis_auth) &&
4015 (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
4016 !s->ccard_auth_refused) {
4017 s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
4018 logevent("Requested CryptoCard authentication");
4019 send_packet(ssh, SSH1_CMSG_AUTH_CCARD, PKT_END);
4021 if (pktin->type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
4022 logevent("CryptoCard authentication declined");
4023 c_write_str(ssh, "CryptoCard authentication refused.\r\n");
4024 s->ccard_auth_refused = 1;
4029 char *instr_suf, *prompt;
4031 ssh_pkt_getstring(pktin, &challenge, &challengelen);
4033 bombout(("CryptoCard challenge packet was badly formed"));
4036 logevent("Received CryptoCard challenge");
4037 s->cur_prompt->to_server = TRUE;
4038 s->cur_prompt->name = dupstr("SSH CryptoCard authentication");
4039 s->cur_prompt->name_reqd = FALSE;
4040 /* Prompt heuristic comes from OpenSSH */
4041 if (memchr(challenge, '\n', challengelen)) {
4042 instr_suf = dupstr("");
4043 prompt = dupprintf("%.*s", challengelen, challenge);
4045 instr_suf = dupprintf("%.*s", challengelen, challenge);
4046 prompt = dupstr("Response: ");
4048 s->cur_prompt->instruction =
4049 dupprintf("Using CryptoCard authentication.%s%s",
4050 (*instr_suf) ? "\n" : "",
4052 s->cur_prompt->instr_reqd = TRUE;
4053 add_prompt(s->cur_prompt, prompt, FALSE);
4057 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
4058 if ((s->supported_auths_mask & (1 << SSH1_AUTH_PASSWORD)) == 0) {
4059 bombout(("No supported authentication methods available"));
4062 s->cur_prompt->to_server = TRUE;
4063 s->cur_prompt->name = dupstr("SSH password");
4064 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
4065 ssh->username, ssh->savedhost),
4070 * Show password prompt, having first obtained it via a TIS
4071 * or CryptoCard exchange if we're doing TIS or CryptoCard
4075 int ret; /* need not be kept over crReturn */
4076 ret = get_userpass_input(s->cur_prompt, NULL, 0);
4079 crWaitUntil(!pktin);
4080 ret = get_userpass_input(s->cur_prompt, in, inlen);
4085 * Failed to get a password (for example
4086 * because one was supplied on the command line
4087 * which has already failed to work). Terminate.
4089 free_prompts(s->cur_prompt);
4090 ssh_disconnect(ssh, NULL, "Unable to authenticate", 0, TRUE);
4095 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
4097 * Defence against traffic analysis: we send a
4098 * whole bunch of packets containing strings of
4099 * different lengths. One of these strings is the
4100 * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
4101 * The others are all random data in
4102 * SSH1_MSG_IGNORE packets. This way a passive
4103 * listener can't tell which is the password, and
4104 * hence can't deduce the password length.
4106 * Anybody with a password length greater than 16
4107 * bytes is going to have enough entropy in their
4108 * password that a listener won't find it _that_
4109 * much help to know how long it is. So what we'll
4112 * - if password length < 16, we send 15 packets
4113 * containing string lengths 1 through 15
4115 * - otherwise, we let N be the nearest multiple
4116 * of 8 below the password length, and send 8
4117 * packets containing string lengths N through
4118 * N+7. This won't obscure the order of
4119 * magnitude of the password length, but it will
4120 * introduce a bit of extra uncertainty.
4122 * A few servers can't deal with SSH1_MSG_IGNORE, at
4123 * least in this context. For these servers, we need
4124 * an alternative defence. We make use of the fact
4125 * that the password is interpreted as a C string:
4126 * so we can append a NUL, then some random data.
4128 * A few servers can deal with neither SSH1_MSG_IGNORE
4129 * here _nor_ a padded password string.
4130 * For these servers we are left with no defences
4131 * against password length sniffing.
4133 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE) &&
4134 !(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4136 * The server can deal with SSH1_MSG_IGNORE, so
4137 * we can use the primary defence.
4139 int bottom, top, pwlen, i;
4142 pwlen = strlen(s->cur_prompt->prompts[0]->result);
4144 bottom = 0; /* zero length passwords are OK! :-) */
4147 bottom = pwlen & ~7;
4151 assert(pwlen >= bottom && pwlen <= top);
4153 randomstr = snewn(top + 1, char);
4155 for (i = bottom; i <= top; i++) {
4157 defer_packet(ssh, s->pwpkt_type,
4158 PKTT_PASSWORD, PKT_STR,
4159 s->cur_prompt->prompts[0]->result,
4160 PKTT_OTHER, PKT_END);
4162 for (j = 0; j < i; j++) {
4164 randomstr[j] = random_byte();
4165 } while (randomstr[j] == '\0');
4167 randomstr[i] = '\0';
4168 defer_packet(ssh, SSH1_MSG_IGNORE,
4169 PKT_STR, randomstr, PKT_END);
4172 logevent("Sending password with camouflage packets");
4173 ssh_pkt_defersend(ssh);
4176 else if (!(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
4178 * The server can't deal with SSH1_MSG_IGNORE
4179 * but can deal with padded passwords, so we
4180 * can use the secondary defence.
4186 len = strlen(s->cur_prompt->prompts[0]->result);
4187 if (len < sizeof(string)) {
4189 strcpy(string, s->cur_prompt->prompts[0]->result);
4190 len++; /* cover the zero byte */
4191 while (len < sizeof(string)) {
4192 string[len++] = (char) random_byte();
4195 ss = s->cur_prompt->prompts[0]->result;
4197 logevent("Sending length-padded password");
4198 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4199 PKT_INT, len, PKT_DATA, ss, len,
4200 PKTT_OTHER, PKT_END);
4203 * The server is believed unable to cope with
4204 * any of our password camouflage methods.
4207 len = strlen(s->cur_prompt->prompts[0]->result);
4208 logevent("Sending unpadded password");
4209 send_packet(ssh, s->pwpkt_type,
4210 PKTT_PASSWORD, PKT_INT, len,
4211 PKT_DATA, s->cur_prompt->prompts[0]->result, len,
4212 PKTT_OTHER, PKT_END);
4215 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
4216 PKT_STR, s->cur_prompt->prompts[0]->result,
4217 PKTT_OTHER, PKT_END);
4219 logevent("Sent password");
4220 free_prompts(s->cur_prompt);
4222 if (pktin->type == SSH1_SMSG_FAILURE) {
4223 if (flags & FLAG_VERBOSE)
4224 c_write_str(ssh, "Access denied\r\n");
4225 logevent("Authentication refused");
4226 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
4227 bombout(("Strange packet received, type %d", pktin->type));
4233 if (s->publickey_blob) {
4234 sfree(s->publickey_blob);
4235 sfree(s->publickey_comment);
4238 logevent("Authentication successful");
4243 static void ssh_channel_try_eof(struct ssh_channel *c)
4246 assert(c->pending_eof); /* precondition for calling us */
4248 return; /* can't close: not even opened yet */
4249 if (ssh->version == 2 && bufchain_size(&c->v.v2.outbuffer) > 0)
4250 return; /* can't send EOF: pending outgoing data */
4252 c->pending_eof = FALSE; /* we're about to send it */
4253 if (ssh->version == 1) {
4254 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4256 c->closes |= CLOSES_SENT_EOF;
4258 struct Packet *pktout;
4259 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_EOF);
4260 ssh2_pkt_adduint32(pktout, c->remoteid);
4261 ssh2_pkt_send(ssh, pktout);
4262 c->closes |= CLOSES_SENT_EOF;
4263 ssh2_channel_check_close(c);
4267 void sshfwd_write_eof(struct ssh_channel *c)
4271 if (ssh->state == SSH_STATE_CLOSED)
4274 if (c->closes & CLOSES_SENT_EOF)
4277 c->pending_eof = TRUE;
4278 ssh_channel_try_eof(c);
4281 void sshfwd_unclean_close(struct ssh_channel *c)
4285 if (ssh->state == SSH_STATE_CLOSED)
4290 x11_close(c->u.x11.s);
4291 logevent("Forwarded X11 connection terminated due to local error");
4294 case CHAN_SOCKDATA_DORMANT:
4295 pfd_close(c->u.pfd.s);
4296 logevent("Forwarded port closed due to local error");
4299 c->type = CHAN_ZOMBIE;
4301 ssh2_channel_check_close(c);
4304 int sshfwd_write(struct ssh_channel *c, char *buf, int len)
4308 if (ssh->state == SSH_STATE_CLOSED)
4311 if (ssh->version == 1) {
4312 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
4313 PKT_INT, c->remoteid,
4314 PKT_INT, len, PKTT_DATA, PKT_DATA, buf, len,
4315 PKTT_OTHER, PKT_END);
4317 * In SSH-1 we can return 0 here - implying that forwarded
4318 * connections are never individually throttled - because
4319 * the only circumstance that can cause throttling will be
4320 * the whole SSH connection backing up, in which case
4321 * _everything_ will be throttled as a whole.
4325 ssh2_add_channel_data(c, buf, len);
4326 return ssh2_try_send(c);
4330 void sshfwd_unthrottle(struct ssh_channel *c, int bufsize)
4335 if (ssh->state == SSH_STATE_CLOSED)
4338 if (ssh->version == 1) {
4339 buflimit = SSH1_BUFFER_LIMIT;
4341 buflimit = c->v.v2.locmaxwin;
4342 ssh2_set_window(c, bufsize < buflimit ? buflimit - bufsize : 0);
4344 if (c->throttling_conn && bufsize <= buflimit) {
4345 c->throttling_conn = 0;
4346 ssh_throttle_conn(ssh, -1);
4350 static void ssh_queueing_handler(Ssh ssh, struct Packet *pktin)
4352 struct queued_handler *qh = ssh->qhead;
4356 assert(pktin->type == qh->msg1 || pktin->type == qh->msg2);
4359 assert(ssh->packet_dispatch[qh->msg1] == ssh_queueing_handler);
4360 ssh->packet_dispatch[qh->msg1] = ssh->q_saved_handler1;
4363 assert(ssh->packet_dispatch[qh->msg2] == ssh_queueing_handler);
4364 ssh->packet_dispatch[qh->msg2] = ssh->q_saved_handler2;
4368 ssh->qhead = qh->next;
4370 if (ssh->qhead->msg1 > 0) {
4371 ssh->q_saved_handler1 = ssh->packet_dispatch[ssh->qhead->msg1];
4372 ssh->packet_dispatch[ssh->qhead->msg1] = ssh_queueing_handler;
4374 if (ssh->qhead->msg2 > 0) {
4375 ssh->q_saved_handler2 = ssh->packet_dispatch[ssh->qhead->msg2];
4376 ssh->packet_dispatch[ssh->qhead->msg2] = ssh_queueing_handler;
4379 ssh->qhead = ssh->qtail = NULL;
4382 qh->handler(ssh, pktin, qh->ctx);
4387 static void ssh_queue_handler(Ssh ssh, int msg1, int msg2,
4388 chandler_fn_t handler, void *ctx)
4390 struct queued_handler *qh;
4392 qh = snew(struct queued_handler);
4395 qh->handler = handler;
4399 if (ssh->qtail == NULL) {
4403 ssh->q_saved_handler1 = ssh->packet_dispatch[ssh->qhead->msg1];
4404 ssh->packet_dispatch[qh->msg1] = ssh_queueing_handler;
4407 ssh->q_saved_handler2 = ssh->packet_dispatch[ssh->qhead->msg2];
4408 ssh->packet_dispatch[qh->msg2] = ssh_queueing_handler;
4411 ssh->qtail->next = qh;
4416 static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)
4418 struct ssh_rportfwd *rpf, *pf = (struct ssh_rportfwd *)ctx;
4420 if (pktin->type == (ssh->version == 1 ? SSH1_SMSG_SUCCESS :
4421 SSH2_MSG_REQUEST_SUCCESS)) {
4422 logeventf(ssh, "Remote port forwarding from %s enabled",
4425 logeventf(ssh, "Remote port forwarding from %s refused",
4428 rpf = del234(ssh->rportfwds, pf);
4430 pf->pfrec->remote = NULL;
4435 static void ssh_setup_portfwd(Ssh ssh, Conf *conf)
4437 struct ssh_portfwd *epf;
4441 if (!ssh->portfwds) {
4442 ssh->portfwds = newtree234(ssh_portcmp);
4445 * Go through the existing port forwardings and tag them
4446 * with status==DESTROY. Any that we want to keep will be
4447 * re-enabled (status==KEEP) as we go through the
4448 * configuration and find out which bits are the same as
4451 struct ssh_portfwd *epf;
4453 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4454 epf->status = DESTROY;
4457 for (val = conf_get_str_strs(conf, CONF_portfwd, NULL, &key);
4459 val = conf_get_str_strs(conf, CONF_portfwd, key, &key)) {
4460 char *kp, *kp2, *vp, *vp2;
4461 char address_family, type;
4462 int sport,dport,sserv,dserv;
4463 char *sports, *dports, *saddr, *host;
4467 address_family = 'A';
4469 if (*kp == 'A' || *kp == '4' || *kp == '6')
4470 address_family = *kp++;
4471 if (*kp == 'L' || *kp == 'R')
4474 if ((kp2 = strchr(kp, ':')) != NULL) {
4476 * There's a colon in the middle of the source port
4477 * string, which means that the part before it is
4478 * actually a source address.
4480 saddr = dupprintf("%.*s", (int)(kp2 - kp), kp);
4486 sport = atoi(sports);
4490 sport = net_service_lookup(sports);
4492 logeventf(ssh, "Service lookup failed for source"
4493 " port \"%s\"", sports);
4497 if (type == 'L' && !strcmp(val, "D")) {
4498 /* dynamic forwarding */
4505 /* ordinary forwarding */
4507 vp2 = vp + strcspn(vp, ":");
4508 host = dupprintf("%.*s", (int)(vp2 - vp), vp);
4512 dport = atoi(dports);
4516 dport = net_service_lookup(dports);
4518 logeventf(ssh, "Service lookup failed for destination"
4519 " port \"%s\"", dports);
4524 if (sport && dport) {
4525 /* Set up a description of the source port. */
4526 struct ssh_portfwd *pfrec, *epfrec;
4528 pfrec = snew(struct ssh_portfwd);
4530 pfrec->saddr = saddr;
4531 pfrec->sserv = sserv ? dupstr(sports) : NULL;
4532 pfrec->sport = sport;
4533 pfrec->daddr = host;
4534 pfrec->dserv = dserv ? dupstr(dports) : NULL;
4535 pfrec->dport = dport;
4536 pfrec->local = NULL;
4537 pfrec->remote = NULL;
4538 pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
4539 address_family == '6' ? ADDRTYPE_IPV6 :
4542 epfrec = add234(ssh->portfwds, pfrec);
4543 if (epfrec != pfrec) {
4544 if (epfrec->status == DESTROY) {
4546 * We already have a port forwarding up and running
4547 * with precisely these parameters. Hence, no need
4548 * to do anything; simply re-tag the existing one
4551 epfrec->status = KEEP;
4554 * Anything else indicates that there was a duplicate
4555 * in our input, which we'll silently ignore.
4557 free_portfwd(pfrec);
4559 pfrec->status = CREATE;
4568 * Now go through and destroy any port forwardings which were
4571 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4572 if (epf->status == DESTROY) {
4575 message = dupprintf("%s port forwarding from %s%s%d",
4576 epf->type == 'L' ? "local" :
4577 epf->type == 'R' ? "remote" : "dynamic",
4578 epf->saddr ? epf->saddr : "",
4579 epf->saddr ? ":" : "",
4582 if (epf->type != 'D') {
4583 char *msg2 = dupprintf("%s to %s:%d", message,
4584 epf->daddr, epf->dport);
4589 logeventf(ssh, "Cancelling %s", message);
4592 /* epf->remote or epf->local may be NULL if setting up a
4593 * forwarding failed. */
4595 struct ssh_rportfwd *rpf = epf->remote;
4596 struct Packet *pktout;
4599 * Cancel the port forwarding at the server
4602 if (ssh->version == 1) {
4604 * We cannot cancel listening ports on the
4605 * server side in SSH-1! There's no message
4606 * to support it. Instead, we simply remove
4607 * the rportfwd record from the local end
4608 * so that any connections the server tries
4609 * to make on it are rejected.
4612 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4613 ssh2_pkt_addstring(pktout, "cancel-tcpip-forward");
4614 ssh2_pkt_addbool(pktout, 0);/* _don't_ want reply */
4616 ssh2_pkt_addstring(pktout, epf->saddr);
4617 } else if (conf_get_int(conf, CONF_rport_acceptall)) {
4618 /* XXX: rport_acceptall may not represent
4619 * what was used to open the original connection,
4620 * since it's reconfigurable. */
4621 ssh2_pkt_addstring(pktout, "");
4623 ssh2_pkt_addstring(pktout, "localhost");
4625 ssh2_pkt_adduint32(pktout, epf->sport);
4626 ssh2_pkt_send(ssh, pktout);
4629 del234(ssh->rportfwds, rpf);
4631 } else if (epf->local) {
4632 pfd_terminate(epf->local);
4635 delpos234(ssh->portfwds, i);
4637 i--; /* so we don't skip one in the list */
4641 * And finally, set up any new port forwardings (status==CREATE).
4643 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4644 if (epf->status == CREATE) {
4645 char *sportdesc, *dportdesc;
4646 sportdesc = dupprintf("%s%s%s%s%d%s",
4647 epf->saddr ? epf->saddr : "",
4648 epf->saddr ? ":" : "",
4649 epf->sserv ? epf->sserv : "",
4650 epf->sserv ? "(" : "",
4652 epf->sserv ? ")" : "");
4653 if (epf->type == 'D') {
4656 dportdesc = dupprintf("%s:%s%s%d%s",
4658 epf->dserv ? epf->dserv : "",
4659 epf->dserv ? "(" : "",
4661 epf->dserv ? ")" : "");
4664 if (epf->type == 'L') {
4665 const char *err = pfd_addforward(epf->daddr, epf->dport,
4666 epf->saddr, epf->sport,
4669 epf->addressfamily);
4671 logeventf(ssh, "Local %sport %s forwarding to %s%s%s",
4672 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4673 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4674 sportdesc, dportdesc,
4675 err ? " failed: " : "", err ? err : "");
4676 } else if (epf->type == 'D') {
4677 const char *err = pfd_addforward(NULL, -1,
4678 epf->saddr, epf->sport,
4681 epf->addressfamily);
4683 logeventf(ssh, "Local %sport %s SOCKS dynamic forwarding%s%s",
4684 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4685 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4687 err ? " failed: " : "", err ? err : "");
4689 struct ssh_rportfwd *pf;
4692 * Ensure the remote port forwardings tree exists.
4694 if (!ssh->rportfwds) {
4695 if (ssh->version == 1)
4696 ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
4698 ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
4701 pf = snew(struct ssh_rportfwd);
4702 strncpy(pf->dhost, epf->daddr, lenof(pf->dhost)-1);
4703 pf->dhost[lenof(pf->dhost)-1] = '\0';
4704 pf->dport = epf->dport;
4705 pf->sport = epf->sport;
4706 if (add234(ssh->rportfwds, pf) != pf) {
4707 logeventf(ssh, "Duplicate remote port forwarding to %s:%d",
4708 epf->daddr, epf->dport);
4711 logeventf(ssh, "Requesting remote port %s"
4712 " forward to %s", sportdesc, dportdesc);
4714 pf->sportdesc = sportdesc;
4719 if (ssh->version == 1) {
4720 send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST,
4721 PKT_INT, epf->sport,
4722 PKT_STR, epf->daddr,
4723 PKT_INT, epf->dport,
4725 ssh_queue_handler(ssh, SSH1_SMSG_SUCCESS,
4727 ssh_rportfwd_succfail, pf);
4729 struct Packet *pktout;
4730 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4731 ssh2_pkt_addstring(pktout, "tcpip-forward");
4732 ssh2_pkt_addbool(pktout, 1);/* want reply */
4734 ssh2_pkt_addstring(pktout, epf->saddr);
4735 } else if (conf_get_int(conf, CONF_rport_acceptall)) {
4736 ssh2_pkt_addstring(pktout, "");
4738 ssh2_pkt_addstring(pktout, "localhost");
4740 ssh2_pkt_adduint32(pktout, epf->sport);
4741 ssh2_pkt_send(ssh, pktout);
4743 ssh_queue_handler(ssh, SSH2_MSG_REQUEST_SUCCESS,
4744 SSH2_MSG_REQUEST_FAILURE,
4745 ssh_rportfwd_succfail, pf);
4754 static void ssh1_smsg_stdout_stderr_data(Ssh ssh, struct Packet *pktin)
4757 int stringlen, bufsize;
4759 ssh_pkt_getstring(pktin, &string, &stringlen);
4760 if (string == NULL) {
4761 bombout(("Incoming terminal data packet was badly formed"));
4765 bufsize = from_backend(ssh->frontend, pktin->type == SSH1_SMSG_STDERR_DATA,
4767 if (!ssh->v1_stdout_throttling && bufsize > SSH1_BUFFER_LIMIT) {
4768 ssh->v1_stdout_throttling = 1;
4769 ssh_throttle_conn(ssh, +1);
4773 static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)
4775 /* Remote side is trying to open a channel to talk to our
4776 * X-Server. Give them back a local channel number. */
4777 struct ssh_channel *c;
4778 int remoteid = ssh_pkt_getuint32(pktin);
4780 logevent("Received X11 connect request");
4781 /* Refuse if X11 forwarding is disabled. */
4782 if (!ssh->X11_fwd_enabled) {
4783 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4784 PKT_INT, remoteid, PKT_END);
4785 logevent("Rejected X11 connect request");
4787 c = snew(struct ssh_channel);
4790 if (x11_init(&c->u.x11.s, ssh->x11disp, c,
4791 NULL, -1, ssh->conf) != NULL) {
4792 logevent("Opening X11 forward connection failed");
4794 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4795 PKT_INT, remoteid, PKT_END);
4798 ("Opening X11 forward connection succeeded");
4799 c->remoteid = remoteid;
4800 c->halfopen = FALSE;
4801 c->localid = alloc_channel_id(ssh);
4803 c->pending_eof = FALSE;
4804 c->throttling_conn = 0;
4805 c->type = CHAN_X11; /* identify channel type */
4806 add234(ssh->channels, c);
4807 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4808 PKT_INT, c->remoteid, PKT_INT,
4809 c->localid, PKT_END);
4810 logevent("Opened X11 forward channel");
4815 static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
4817 /* Remote side is trying to open a channel to talk to our
4818 * agent. Give them back a local channel number. */
4819 struct ssh_channel *c;
4820 int remoteid = ssh_pkt_getuint32(pktin);
4822 /* Refuse if agent forwarding is disabled. */
4823 if (!ssh->agentfwd_enabled) {
4824 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4825 PKT_INT, remoteid, PKT_END);
4827 c = snew(struct ssh_channel);
4829 c->remoteid = remoteid;
4830 c->halfopen = FALSE;
4831 c->localid = alloc_channel_id(ssh);
4833 c->pending_eof = FALSE;
4834 c->throttling_conn = 0;
4835 c->type = CHAN_AGENT; /* identify channel type */
4836 c->u.a.lensofar = 0;
4837 c->u.a.message = NULL;
4838 c->u.a.outstanding_requests = 0;
4839 add234(ssh->channels, c);
4840 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4841 PKT_INT, c->remoteid, PKT_INT, c->localid,
4846 static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
4848 /* Remote side is trying to open a channel to talk to a
4849 * forwarded port. Give them back a local channel number. */
4850 struct ssh_channel *c;
4851 struct ssh_rportfwd pf, *pfp;
4856 c = snew(struct ssh_channel);
4859 remoteid = ssh_pkt_getuint32(pktin);
4860 ssh_pkt_getstring(pktin, &host, &hostsize);
4861 port = ssh_pkt_getuint32(pktin);
4863 if (hostsize >= lenof(pf.dhost))
4864 hostsize = lenof(pf.dhost)-1;
4865 memcpy(pf.dhost, host, hostsize);
4866 pf.dhost[hostsize] = '\0';
4868 pfp = find234(ssh->rportfwds, &pf, NULL);
4871 logeventf(ssh, "Rejected remote port open request for %s:%d",
4873 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4874 PKT_INT, remoteid, PKT_END);
4876 logeventf(ssh, "Received remote port open request for %s:%d",
4878 e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port,
4879 c, ssh->conf, pfp->pfrec->addressfamily);
4881 logeventf(ssh, "Port open failed: %s", e);
4883 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4884 PKT_INT, remoteid, PKT_END);
4886 c->remoteid = remoteid;
4887 c->halfopen = FALSE;
4888 c->localid = alloc_channel_id(ssh);
4890 c->pending_eof = FALSE;
4891 c->throttling_conn = 0;
4892 c->type = CHAN_SOCKDATA; /* identify channel type */
4893 add234(ssh->channels, c);
4894 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4895 PKT_INT, c->remoteid, PKT_INT,
4896 c->localid, PKT_END);
4897 logevent("Forwarded port opened successfully");
4902 static void ssh1_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
4904 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4905 unsigned int localid = ssh_pkt_getuint32(pktin);
4906 struct ssh_channel *c;
4908 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4909 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4910 c->remoteid = localid;
4911 c->halfopen = FALSE;
4912 c->type = CHAN_SOCKDATA;
4913 c->throttling_conn = 0;
4914 pfd_confirm(c->u.pfd.s);
4917 if (c && c->pending_eof) {
4919 * We have a pending close on this channel,
4920 * which we decided on before the server acked
4921 * the channel open. So now we know the
4922 * remoteid, we can close it again.
4924 ssh_channel_try_eof(c);
4928 static void ssh1_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
4930 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4931 struct ssh_channel *c;
4933 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4934 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4935 logevent("Forwarded connection refused by server");
4936 pfd_close(c->u.pfd.s);
4937 del234(ssh->channels, c);
4942 static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin)
4944 /* Remote side closes a channel. */
4945 unsigned i = ssh_pkt_getuint32(pktin);
4946 struct ssh_channel *c;
4947 c = find234(ssh->channels, &i, ssh_channelfind);
4948 if (c && !c->halfopen) {
4950 if (pktin->type == SSH1_MSG_CHANNEL_CLOSE &&
4951 !(c->closes & CLOSES_RCVD_EOF)) {
4953 * Received CHANNEL_CLOSE, which we translate into
4956 int send_close = FALSE;
4958 c->closes |= CLOSES_RCVD_EOF;
4963 x11_send_eof(c->u.x11.s);
4969 pfd_send_eof(c->u.pfd.s);
4978 if (send_close && !(c->closes & CLOSES_SENT_EOF)) {
4979 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
4981 c->closes |= CLOSES_SENT_EOF;
4985 if (pktin->type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION &&
4986 !(c->closes & CLOSES_RCVD_CLOSE)) {
4988 if (!(c->closes & CLOSES_SENT_EOF)) {
4989 bombout(("Received CHANNEL_CLOSE_CONFIRMATION for channel %d"
4990 " for which we never sent CHANNEL_CLOSE\n", i));
4993 c->closes |= CLOSES_RCVD_CLOSE;
4996 if (!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes) &&
4997 !(c->closes & CLOSES_SENT_CLOSE)) {
4998 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION,
4999 PKT_INT, c->remoteid, PKT_END);
5000 c->closes |= CLOSES_SENT_CLOSE;
5003 if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes))
5004 ssh_channel_destroy(c);
5006 bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
5007 pktin->type == SSH1_MSG_CHANNEL_CLOSE ? "" :
5008 "_CONFIRMATION", c ? "half-open" : "nonexistent",
5013 static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
5015 /* Data sent down one of our channels. */
5016 int i = ssh_pkt_getuint32(pktin);
5019 struct ssh_channel *c;
5021 ssh_pkt_getstring(pktin, &p, &len);
5023 c = find234(ssh->channels, &i, ssh_channelfind);
5028 bufsize = x11_send(c->u.x11.s, p, len);
5031 bufsize = pfd_send(c->u.pfd.s, p, len);
5034 /* Data for an agent message. Buffer it. */
5036 if (c->u.a.lensofar < 4) {
5037 unsigned int l = min(4 - c->u.a.lensofar, (unsigned)len);
5038 memcpy(c->u.a.msglen + c->u.a.lensofar, p,
5042 c->u.a.lensofar += l;
5044 if (c->u.a.lensofar == 4) {
5046 4 + GET_32BIT(c->u.a.msglen);
5047 c->u.a.message = snewn(c->u.a.totallen,
5049 memcpy(c->u.a.message, c->u.a.msglen, 4);
5051 if (c->u.a.lensofar >= 4 && len > 0) {
5053 min(c->u.a.totallen - c->u.a.lensofar,
5055 memcpy(c->u.a.message + c->u.a.lensofar, p,
5059 c->u.a.lensofar += l;
5061 if (c->u.a.lensofar == c->u.a.totallen) {
5064 c->u.a.outstanding_requests++;
5065 if (agent_query(c->u.a.message,
5068 ssh_agentf_callback, c))
5069 ssh_agentf_callback(c, reply, replylen);
5070 sfree(c->u.a.message);
5071 c->u.a.lensofar = 0;
5074 bufsize = 0; /* agent channels never back up */
5077 if (!c->throttling_conn && bufsize > SSH1_BUFFER_LIMIT) {
5078 c->throttling_conn = 1;
5079 ssh_throttle_conn(ssh, +1);
5084 static void ssh1_smsg_exit_status(Ssh ssh, struct Packet *pktin)
5086 ssh->exitcode = ssh_pkt_getuint32(pktin);
5087 logeventf(ssh, "Server sent command exit status %d", ssh->exitcode);
5088 send_packet(ssh, SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
5090 * In case `helpful' firewalls or proxies tack
5091 * extra human-readable text on the end of the
5092 * session which we might mistake for another
5093 * encrypted packet, we close the session once
5094 * we've sent EXIT_CONFIRMATION.
5096 ssh_disconnect(ssh, NULL, NULL, 0, TRUE);
5099 /* Helper function to deal with sending tty modes for REQUEST_PTY */
5100 static void ssh1_send_ttymode(void *data, char *mode, char *val)
5102 struct Packet *pktout = (struct Packet *)data;
5104 unsigned int arg = 0;
5105 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
5106 if (i == lenof(ssh_ttymodes)) return;
5107 switch (ssh_ttymodes[i].type) {
5109 arg = ssh_tty_parse_specchar(val);
5112 arg = ssh_tty_parse_boolean(val);
5115 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
5116 ssh2_pkt_addbyte(pktout, arg);
5120 static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
5121 struct Packet *pktin)
5123 crBegin(ssh->do_ssh1_connection_crstate);
5125 ssh->packet_dispatch[SSH1_SMSG_STDOUT_DATA] =
5126 ssh->packet_dispatch[SSH1_SMSG_STDERR_DATA] =
5127 ssh1_smsg_stdout_stderr_data;
5129 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_CONFIRMATION] =
5130 ssh1_msg_channel_open_confirmation;
5131 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_FAILURE] =
5132 ssh1_msg_channel_open_failure;
5133 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE] =
5134 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION] =
5135 ssh1_msg_channel_close;
5136 ssh->packet_dispatch[SSH1_MSG_CHANNEL_DATA] = ssh1_msg_channel_data;
5137 ssh->packet_dispatch[SSH1_SMSG_EXIT_STATUS] = ssh1_smsg_exit_status;
5139 if (conf_get_int(ssh->conf, CONF_agentfwd) && agent_exists()) {
5140 logevent("Requesting agent forwarding");
5141 send_packet(ssh, SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
5145 if (pktin->type != SSH1_SMSG_SUCCESS
5146 && pktin->type != SSH1_SMSG_FAILURE) {
5147 bombout(("Protocol confusion"));
5149 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5150 logevent("Agent forwarding refused");
5152 logevent("Agent forwarding enabled");
5153 ssh->agentfwd_enabled = TRUE;
5154 ssh->packet_dispatch[SSH1_SMSG_AGENT_OPEN] = ssh1_smsg_agent_open;
5158 if (conf_get_int(ssh->conf, CONF_x11_forward) &&
5159 (ssh->x11disp = x11_setup_display(conf_get_str(ssh->conf, CONF_x11_display),
5160 conf_get_int(ssh->conf, CONF_x11_auth), ssh->conf))) {
5161 logevent("Requesting X11 forwarding");
5163 * Note that while we blank the X authentication data here, we don't
5164 * take any special action to blank the start of an X11 channel,
5165 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
5166 * without having session blanking enabled is likely to leak your
5167 * cookie into the log.
5169 if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
5170 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
5171 PKT_STR, ssh->x11disp->remoteauthprotoname,
5173 PKT_STR, ssh->x11disp->remoteauthdatastring,
5175 PKT_INT, ssh->x11disp->screennum,
5178 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
5179 PKT_STR, ssh->x11disp->remoteauthprotoname,
5181 PKT_STR, ssh->x11disp->remoteauthdatastring,
5188 if (pktin->type != SSH1_SMSG_SUCCESS
5189 && pktin->type != SSH1_SMSG_FAILURE) {
5190 bombout(("Protocol confusion"));
5192 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5193 logevent("X11 forwarding refused");
5195 logevent("X11 forwarding enabled");
5196 ssh->X11_fwd_enabled = TRUE;
5197 ssh->packet_dispatch[SSH1_SMSG_X11_OPEN] = ssh1_smsg_x11_open;
5201 ssh_setup_portfwd(ssh, ssh->conf);
5202 ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = ssh1_msg_port_open;
5204 if (!conf_get_int(ssh->conf, CONF_nopty)) {
5206 /* Unpick the terminal-speed string. */
5207 /* XXX perhaps we should allow no speeds to be sent. */
5208 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
5209 sscanf(conf_get_str(ssh->conf, CONF_termspeed), "%d,%d", &ssh->ospeed, &ssh->ispeed);
5210 /* Send the pty request. */
5211 pkt = ssh1_pkt_init(SSH1_CMSG_REQUEST_PTY);
5212 ssh_pkt_addstring(pkt, conf_get_str(ssh->conf, CONF_termtype));
5213 ssh_pkt_adduint32(pkt, ssh->term_height);
5214 ssh_pkt_adduint32(pkt, ssh->term_width);
5215 ssh_pkt_adduint32(pkt, 0); /* width in pixels */
5216 ssh_pkt_adduint32(pkt, 0); /* height in pixels */
5217 parse_ttymodes(ssh, ssh1_send_ttymode, (void *)pkt);
5218 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_ISPEED);
5219 ssh_pkt_adduint32(pkt, ssh->ispeed);
5220 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_OSPEED);
5221 ssh_pkt_adduint32(pkt, ssh->ospeed);
5222 ssh_pkt_addbyte(pkt, SSH_TTY_OP_END);
5224 ssh->state = SSH_STATE_INTERMED;
5228 if (pktin->type != SSH1_SMSG_SUCCESS
5229 && pktin->type != SSH1_SMSG_FAILURE) {
5230 bombout(("Protocol confusion"));
5232 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5233 c_write_str(ssh, "Server refused to allocate pty\r\n");
5234 ssh->editing = ssh->echoing = 1;
5236 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
5237 ssh->ospeed, ssh->ispeed);
5238 ssh->got_pty = TRUE;
5241 ssh->editing = ssh->echoing = 1;
5244 if (conf_get_int(ssh->conf, CONF_compression)) {
5245 send_packet(ssh, SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
5249 if (pktin->type != SSH1_SMSG_SUCCESS
5250 && pktin->type != SSH1_SMSG_FAILURE) {
5251 bombout(("Protocol confusion"));
5253 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5254 c_write_str(ssh, "Server refused to compress\r\n");
5256 logevent("Started compression");
5257 ssh->v1_compressing = TRUE;
5258 ssh->cs_comp_ctx = zlib_compress_init();
5259 logevent("Initialised zlib (RFC1950) compression");
5260 ssh->sc_comp_ctx = zlib_decompress_init();
5261 logevent("Initialised zlib (RFC1950) decompression");
5265 * Start the shell or command.
5267 * Special case: if the first-choice command is an SSH-2
5268 * subsystem (hence not usable here) and the second choice
5269 * exists, we fall straight back to that.
5272 char *cmd = conf_get_str(ssh->conf, CONF_remote_cmd);
5274 if (conf_get_int(ssh->conf, CONF_ssh_subsys) &&
5275 conf_get_str(ssh->conf, CONF_remote_cmd2)) {
5276 cmd = conf_get_str(ssh->conf, CONF_remote_cmd2);
5277 ssh->fallback_cmd = TRUE;
5280 send_packet(ssh, SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END);
5282 send_packet(ssh, SSH1_CMSG_EXEC_SHELL, PKT_END);
5283 logevent("Started session");
5286 ssh->state = SSH_STATE_SESSION;
5287 if (ssh->size_needed)
5288 ssh_size(ssh, ssh->term_width, ssh->term_height);
5289 if (ssh->eof_needed)
5290 ssh_special(ssh, TS_EOF);
5293 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
5295 ssh->channels = newtree234(ssh_channelcmp);
5299 * By this point, most incoming packets are already being
5300 * handled by the dispatch table, and we need only pay
5301 * attention to the unusual ones.
5306 if (pktin->type == SSH1_SMSG_SUCCESS) {
5307 /* may be from EXEC_SHELL on some servers */
5308 } else if (pktin->type == SSH1_SMSG_FAILURE) {
5309 /* may be from EXEC_SHELL on some servers
5310 * if no pty is available or in other odd cases. Ignore */
5312 bombout(("Strange packet received: type %d", pktin->type));
5317 int len = min(inlen, 512);
5318 send_packet(ssh, SSH1_CMSG_STDIN_DATA,
5319 PKT_INT, len, PKTT_DATA, PKT_DATA, in, len,
5320 PKTT_OTHER, PKT_END);
5331 * Handle the top-level SSH-2 protocol.
5333 static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
5338 ssh_pkt_getstring(pktin, &msg, &msglen);
5339 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
5342 static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
5344 /* log reason code in disconnect message */
5348 ssh_pkt_getstring(pktin, &msg, &msglen);
5349 bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg));
5352 static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin)
5354 /* Do nothing, because we're ignoring it! Duhh. */
5357 static void ssh1_protocol_setup(Ssh ssh)
5362 * Most messages are handled by the coroutines.
5364 for (i = 0; i < 256; i++)
5365 ssh->packet_dispatch[i] = NULL;
5368 * These special message types we install handlers for.
5370 ssh->packet_dispatch[SSH1_MSG_DISCONNECT] = ssh1_msg_disconnect;
5371 ssh->packet_dispatch[SSH1_MSG_IGNORE] = ssh_msg_ignore;
5372 ssh->packet_dispatch[SSH1_MSG_DEBUG] = ssh1_msg_debug;
5375 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
5376 struct Packet *pktin)
5378 unsigned char *in=(unsigned char*)vin;
5379 if (ssh->state == SSH_STATE_CLOSED)
5382 if (pktin && ssh->packet_dispatch[pktin->type]) {
5383 ssh->packet_dispatch[pktin->type](ssh, pktin);
5387 if (!ssh->protocol_initial_phase_done) {
5388 if (do_ssh1_login(ssh, in, inlen, pktin))
5389 ssh->protocol_initial_phase_done = TRUE;
5394 do_ssh1_connection(ssh, in, inlen, pktin);
5398 * Utility routine for decoding comma-separated strings in KEXINIT.
5400 static int in_commasep_string(char *needle, char *haystack, int haylen)
5403 if (!needle || !haystack) /* protect against null pointers */
5405 needlen = strlen(needle);
5408 * Is it at the start of the string?
5410 if (haylen >= needlen && /* haystack is long enough */
5411 !memcmp(needle, haystack, needlen) && /* initial match */
5412 (haylen == needlen || haystack[needlen] == ',')
5413 /* either , or EOS follows */
5417 * If not, search for the next comma and resume after that.
5418 * If no comma found, terminate.
5420 while (haylen > 0 && *haystack != ',')
5421 haylen--, haystack++;
5424 haylen--, haystack++; /* skip over comma itself */
5429 * Similar routine for checking whether we have the first string in a list.
5431 static int first_in_commasep_string(char *needle, char *haystack, int haylen)
5434 if (!needle || !haystack) /* protect against null pointers */
5436 needlen = strlen(needle);
5438 * Is it at the start of the string?
5440 if (haylen >= needlen && /* haystack is long enough */
5441 !memcmp(needle, haystack, needlen) && /* initial match */
5442 (haylen == needlen || haystack[needlen] == ',')
5443 /* either , or EOS follows */
5451 * SSH-2 key creation method.
5452 * (Currently assumes 2 lots of any hash are sufficient to generate
5453 * keys/IVs for any cipher/MAC. SSH2_MKKEY_ITERS documents this assumption.)
5455 #define SSH2_MKKEY_ITERS (2)
5456 static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr,
5457 unsigned char *keyspace)
5459 const struct ssh_hash *h = ssh->kex->hash;
5461 /* First hlen bytes. */
5463 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
5464 hash_mpint(h, s, K);
5465 h->bytes(s, H, h->hlen);
5466 h->bytes(s, &chr, 1);
5467 h->bytes(s, ssh->v2_session_id, ssh->v2_session_id_len);
5468 h->final(s, keyspace);
5469 /* Next hlen bytes. */
5471 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
5472 hash_mpint(h, s, K);
5473 h->bytes(s, H, h->hlen);
5474 h->bytes(s, keyspace, h->hlen);
5475 h->final(s, keyspace + h->hlen);
5479 * Handle the SSH-2 transport layer.
5481 static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
5482 struct Packet *pktin)
5484 unsigned char *in = (unsigned char *)vin;
5485 struct do_ssh2_transport_state {
5487 int nbits, pbits, warn_kex, warn_cscipher, warn_sccipher;
5488 Bignum p, g, e, f, K;
5491 int kex_init_value, kex_reply_value;
5492 const struct ssh_mac **maclist;
5494 const struct ssh2_cipher *cscipher_tobe;
5495 const struct ssh2_cipher *sccipher_tobe;
5496 const struct ssh_mac *csmac_tobe;
5497 const struct ssh_mac *scmac_tobe;
5498 const struct ssh_compress *cscomp_tobe;
5499 const struct ssh_compress *sccomp_tobe;
5500 char *hostkeydata, *sigdata, *rsakeydata, *keystr, *fingerprint;
5501 int hostkeylen, siglen, rsakeylen;
5502 void *hkey; /* actual host key */
5503 void *rsakey; /* for RSA kex */
5504 unsigned char exchange_hash[SSH2_KEX_MAX_HASH_LEN];
5505 int n_preferred_kex;
5506 const struct ssh_kexes *preferred_kex[KEX_MAX];
5507 int n_preferred_ciphers;
5508 const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
5509 const struct ssh_compress *preferred_comp;
5510 int userauth_succeeded; /* for delayed compression */
5511 int pending_compression;
5512 int got_session_id, activated_authconn;
5513 struct Packet *pktout;
5518 crState(do_ssh2_transport_state);
5522 s->cscipher_tobe = s->sccipher_tobe = NULL;
5523 s->csmac_tobe = s->scmac_tobe = NULL;
5524 s->cscomp_tobe = s->sccomp_tobe = NULL;
5526 s->got_session_id = s->activated_authconn = FALSE;
5527 s->userauth_succeeded = FALSE;
5528 s->pending_compression = FALSE;
5531 * Be prepared to work around the buggy MAC problem.
5533 if (ssh->remote_bugs & BUG_SSH2_HMAC)
5534 s->maclist = buggymacs, s->nmacs = lenof(buggymacs);
5536 s->maclist = macs, s->nmacs = lenof(macs);
5539 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
5541 int i, j, k, commalist_started;
5544 * Set up the preferred key exchange. (NULL => warn below here)
5546 s->n_preferred_kex = 0;
5547 for (i = 0; i < KEX_MAX; i++) {
5548 switch (conf_get_int_int(ssh->conf, CONF_ssh_kexlist, i)) {
5550 s->preferred_kex[s->n_preferred_kex++] =
5551 &ssh_diffiehellman_gex;
5554 s->preferred_kex[s->n_preferred_kex++] =
5555 &ssh_diffiehellman_group14;
5558 s->preferred_kex[s->n_preferred_kex++] =
5559 &ssh_diffiehellman_group1;
5562 s->preferred_kex[s->n_preferred_kex++] =
5566 /* Flag for later. Don't bother if it's the last in
5568 if (i < KEX_MAX - 1) {
5569 s->preferred_kex[s->n_preferred_kex++] = NULL;
5576 * Set up the preferred ciphers. (NULL => warn below here)
5578 s->n_preferred_ciphers = 0;
5579 for (i = 0; i < CIPHER_MAX; i++) {
5580 switch (conf_get_int_int(ssh->conf, CONF_ssh_cipherlist, i)) {
5581 case CIPHER_BLOWFISH:
5582 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_blowfish;
5585 if (conf_get_int(ssh->conf, CONF_ssh2_des_cbc)) {
5586 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_des;
5590 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_3des;
5593 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_aes;
5595 case CIPHER_ARCFOUR:
5596 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_arcfour;
5599 /* Flag for later. Don't bother if it's the last in
5601 if (i < CIPHER_MAX - 1) {
5602 s->preferred_ciphers[s->n_preferred_ciphers++] = NULL;
5609 * Set up preferred compression.
5611 if (conf_get_int(ssh->conf, CONF_compression))
5612 s->preferred_comp = &ssh_zlib;
5614 s->preferred_comp = &ssh_comp_none;
5617 * Enable queueing of outgoing auth- or connection-layer
5618 * packets while we are in the middle of a key exchange.
5620 ssh->queueing = TRUE;
5623 * Flag that KEX is in progress.
5625 ssh->kex_in_progress = TRUE;
5628 * Construct and send our key exchange packet.
5630 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXINIT);
5631 for (i = 0; i < 16; i++)
5632 ssh2_pkt_addbyte(s->pktout, (unsigned char) random_byte());
5633 /* List key exchange algorithms. */
5634 ssh2_pkt_addstring_start(s->pktout);
5635 commalist_started = 0;
5636 for (i = 0; i < s->n_preferred_kex; i++) {
5637 const struct ssh_kexes *k = s->preferred_kex[i];
5638 if (!k) continue; /* warning flag */
5639 for (j = 0; j < k->nkexes; j++) {
5640 if (commalist_started)
5641 ssh2_pkt_addstring_str(s->pktout, ",");
5642 ssh2_pkt_addstring_str(s->pktout, k->list[j]->name);
5643 commalist_started = 1;
5646 /* List server host key algorithms. */
5647 ssh2_pkt_addstring_start(s->pktout);
5648 for (i = 0; i < lenof(hostkey_algs); i++) {
5649 ssh2_pkt_addstring_str(s->pktout, hostkey_algs[i]->name);
5650 if (i < lenof(hostkey_algs) - 1)
5651 ssh2_pkt_addstring_str(s->pktout, ",");
5653 /* List encryption algorithms (client->server then server->client). */
5654 for (k = 0; k < 2; k++) {
5655 ssh2_pkt_addstring_start(s->pktout);
5656 commalist_started = 0;
5657 for (i = 0; i < s->n_preferred_ciphers; i++) {
5658 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5659 if (!c) continue; /* warning flag */
5660 for (j = 0; j < c->nciphers; j++) {
5661 if (commalist_started)
5662 ssh2_pkt_addstring_str(s->pktout, ",");
5663 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5664 commalist_started = 1;
5668 /* List MAC algorithms (client->server then server->client). */
5669 for (j = 0; j < 2; j++) {
5670 ssh2_pkt_addstring_start(s->pktout);
5671 for (i = 0; i < s->nmacs; i++) {
5672 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5673 if (i < s->nmacs - 1)
5674 ssh2_pkt_addstring_str(s->pktout, ",");
5677 /* List client->server compression algorithms,
5678 * then server->client compression algorithms. (We use the
5679 * same set twice.) */
5680 for (j = 0; j < 2; j++) {
5681 ssh2_pkt_addstring_start(s->pktout);
5682 assert(lenof(compressions) > 1);
5683 /* Prefer non-delayed versions */
5684 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5685 /* We don't even list delayed versions of algorithms until
5686 * they're allowed to be used, to avoid a race. See the end of
5688 if (s->userauth_succeeded && s->preferred_comp->delayed_name) {
5689 ssh2_pkt_addstring_str(s->pktout, ",");
5690 ssh2_pkt_addstring_str(s->pktout,
5691 s->preferred_comp->delayed_name);
5693 for (i = 0; i < lenof(compressions); i++) {
5694 const struct ssh_compress *c = compressions[i];
5695 if (c != s->preferred_comp) {
5696 ssh2_pkt_addstring_str(s->pktout, ",");
5697 ssh2_pkt_addstring_str(s->pktout, c->name);
5698 if (s->userauth_succeeded && c->delayed_name) {
5699 ssh2_pkt_addstring_str(s->pktout, ",");
5700 ssh2_pkt_addstring_str(s->pktout, c->delayed_name);
5705 /* List client->server languages. Empty list. */
5706 ssh2_pkt_addstring_start(s->pktout);
5707 /* List server->client languages. Empty list. */
5708 ssh2_pkt_addstring_start(s->pktout);
5709 /* First KEX packet does _not_ follow, because we're not that brave. */
5710 ssh2_pkt_addbool(s->pktout, FALSE);
5712 ssh2_pkt_adduint32(s->pktout, 0);
5715 s->our_kexinitlen = s->pktout->length - 5;
5716 s->our_kexinit = snewn(s->our_kexinitlen, unsigned char);
5717 memcpy(s->our_kexinit, s->pktout->data + 5, s->our_kexinitlen);
5719 ssh2_pkt_send_noqueue(ssh, s->pktout);
5722 crWaitUntilV(pktin);
5725 * Now examine the other side's KEXINIT to see what we're up
5729 char *str, *preferred;
5732 if (pktin->type != SSH2_MSG_KEXINIT) {
5733 bombout(("expected key exchange packet from server"));
5737 ssh->hostkey = NULL;
5738 s->cscipher_tobe = NULL;
5739 s->sccipher_tobe = NULL;
5740 s->csmac_tobe = NULL;
5741 s->scmac_tobe = NULL;
5742 s->cscomp_tobe = NULL;
5743 s->sccomp_tobe = NULL;
5744 s->warn_kex = s->warn_cscipher = s->warn_sccipher = FALSE;
5746 pktin->savedpos += 16; /* skip garbage cookie */
5747 ssh_pkt_getstring(pktin, &str, &len); /* key exchange algorithms */
5750 for (i = 0; i < s->n_preferred_kex; i++) {
5751 const struct ssh_kexes *k = s->preferred_kex[i];
5755 for (j = 0; j < k->nkexes; j++) {
5756 if (!preferred) preferred = k->list[j]->name;
5757 if (in_commasep_string(k->list[j]->name, str, len)) {
5758 ssh->kex = k->list[j];
5767 bombout(("Couldn't agree a key exchange algorithm (available: %s)",
5768 str ? str : "(null)"));
5772 * Note that the server's guess is considered wrong if it doesn't match
5773 * the first algorithm in our list, even if it's still the algorithm
5776 s->guessok = first_in_commasep_string(preferred, str, len);
5777 ssh_pkt_getstring(pktin, &str, &len); /* host key algorithms */
5778 for (i = 0; i < lenof(hostkey_algs); i++) {
5779 if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
5780 ssh->hostkey = hostkey_algs[i];
5784 if (!ssh->hostkey) {
5785 bombout(("Couldn't agree a host key algorithm (available: %s)",
5786 str ? str : "(null)"));
5790 s->guessok = s->guessok &&
5791 first_in_commasep_string(hostkey_algs[0]->name, str, len);
5792 ssh_pkt_getstring(pktin, &str, &len); /* client->server cipher */
5793 for (i = 0; i < s->n_preferred_ciphers; i++) {
5794 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5796 s->warn_cscipher = TRUE;
5798 for (j = 0; j < c->nciphers; j++) {
5799 if (in_commasep_string(c->list[j]->name, str, len)) {
5800 s->cscipher_tobe = c->list[j];
5805 if (s->cscipher_tobe)
5808 if (!s->cscipher_tobe) {
5809 bombout(("Couldn't agree a client-to-server cipher (available: %s)",
5810 str ? str : "(null)"));
5814 ssh_pkt_getstring(pktin, &str, &len); /* server->client cipher */
5815 for (i = 0; i < s->n_preferred_ciphers; i++) {
5816 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5818 s->warn_sccipher = TRUE;
5820 for (j = 0; j < c->nciphers; j++) {
5821 if (in_commasep_string(c->list[j]->name, str, len)) {
5822 s->sccipher_tobe = c->list[j];
5827 if (s->sccipher_tobe)
5830 if (!s->sccipher_tobe) {
5831 bombout(("Couldn't agree a server-to-client cipher (available: %s)",
5832 str ? str : "(null)"));
5836 ssh_pkt_getstring(pktin, &str, &len); /* client->server mac */
5837 for (i = 0; i < s->nmacs; i++) {
5838 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5839 s->csmac_tobe = s->maclist[i];
5843 ssh_pkt_getstring(pktin, &str, &len); /* server->client mac */
5844 for (i = 0; i < s->nmacs; i++) {
5845 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5846 s->scmac_tobe = s->maclist[i];
5850 ssh_pkt_getstring(pktin, &str, &len); /* client->server compression */
5851 for (i = 0; i < lenof(compressions) + 1; i++) {
5852 const struct ssh_compress *c =
5853 i == 0 ? s->preferred_comp : compressions[i - 1];
5854 if (in_commasep_string(c->name, str, len)) {
5857 } else if (in_commasep_string(c->delayed_name, str, len)) {
5858 if (s->userauth_succeeded) {
5862 s->pending_compression = TRUE; /* try this later */
5866 ssh_pkt_getstring(pktin, &str, &len); /* server->client compression */
5867 for (i = 0; i < lenof(compressions) + 1; i++) {
5868 const struct ssh_compress *c =
5869 i == 0 ? s->preferred_comp : compressions[i - 1];
5870 if (in_commasep_string(c->name, str, len)) {
5873 } else if (in_commasep_string(c->delayed_name, str, len)) {
5874 if (s->userauth_succeeded) {
5878 s->pending_compression = TRUE; /* try this later */
5882 if (s->pending_compression) {
5883 logevent("Server supports delayed compression; "
5884 "will try this later");
5886 ssh_pkt_getstring(pktin, &str, &len); /* client->server language */
5887 ssh_pkt_getstring(pktin, &str, &len); /* server->client language */
5888 s->ignorepkt = ssh2_pkt_getbool(pktin) && !s->guessok;
5891 ssh_set_frozen(ssh, 1);
5892 s->dlgret = askalg(ssh->frontend, "key-exchange algorithm",
5894 ssh_dialog_callback, ssh);
5895 if (s->dlgret < 0) {
5899 bombout(("Unexpected data from server while"
5900 " waiting for user response"));
5903 } while (pktin || inlen > 0);
5904 s->dlgret = ssh->user_response;
5906 ssh_set_frozen(ssh, 0);
5907 if (s->dlgret == 0) {
5908 ssh_disconnect(ssh, "User aborted at kex warning", NULL,
5914 if (s->warn_cscipher) {
5915 ssh_set_frozen(ssh, 1);
5916 s->dlgret = askalg(ssh->frontend,
5917 "client-to-server cipher",
5918 s->cscipher_tobe->name,
5919 ssh_dialog_callback, ssh);
5920 if (s->dlgret < 0) {
5924 bombout(("Unexpected data from server while"
5925 " waiting for user response"));
5928 } while (pktin || inlen > 0);
5929 s->dlgret = ssh->user_response;
5931 ssh_set_frozen(ssh, 0);
5932 if (s->dlgret == 0) {
5933 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5939 if (s->warn_sccipher) {
5940 ssh_set_frozen(ssh, 1);
5941 s->dlgret = askalg(ssh->frontend,
5942 "server-to-client cipher",
5943 s->sccipher_tobe->name,
5944 ssh_dialog_callback, ssh);
5945 if (s->dlgret < 0) {
5949 bombout(("Unexpected data from server while"
5950 " waiting for user response"));
5953 } while (pktin || inlen > 0);
5954 s->dlgret = ssh->user_response;
5956 ssh_set_frozen(ssh, 0);
5957 if (s->dlgret == 0) {
5958 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5964 ssh->exhash = ssh->kex->hash->init();
5965 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c));
5966 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s));
5967 hash_string(ssh->kex->hash, ssh->exhash,
5968 s->our_kexinit, s->our_kexinitlen);
5969 sfree(s->our_kexinit);
5970 if (pktin->length > 5)
5971 hash_string(ssh->kex->hash, ssh->exhash,
5972 pktin->data + 5, pktin->length - 5);
5974 if (s->ignorepkt) /* first_kex_packet_follows */
5975 crWaitUntilV(pktin); /* Ignore packet */
5978 if (ssh->kex->main_type == KEXTYPE_DH) {
5980 * Work out the number of bits of key we will need from the
5981 * key exchange. We start with the maximum key length of
5987 csbits = s->cscipher_tobe->keylen;
5988 scbits = s->sccipher_tobe->keylen;
5989 s->nbits = (csbits > scbits ? csbits : scbits);
5991 /* The keys only have hlen-bit entropy, since they're based on
5992 * a hash. So cap the key size at hlen bits. */
5993 if (s->nbits > ssh->kex->hash->hlen * 8)
5994 s->nbits = ssh->kex->hash->hlen * 8;
5997 * If we're doing Diffie-Hellman group exchange, start by
5998 * requesting a group.
6000 if (!ssh->kex->pdata) {
6001 logevent("Doing Diffie-Hellman group exchange");
6002 ssh->pkt_kctx = SSH2_PKTCTX_DHGEX;
6004 * Work out how big a DH group we will need to allow that
6007 s->pbits = 512 << ((s->nbits - 1) / 64);
6008 s->pktout = ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST);
6009 ssh2_pkt_adduint32(s->pktout, s->pbits);
6010 ssh2_pkt_send_noqueue(ssh, s->pktout);
6012 crWaitUntilV(pktin);
6013 if (pktin->type != SSH2_MSG_KEX_DH_GEX_GROUP) {
6014 bombout(("expected key exchange group packet from server"));
6017 s->p = ssh2_pkt_getmp(pktin);
6018 s->g = ssh2_pkt_getmp(pktin);
6019 if (!s->p || !s->g) {
6020 bombout(("unable to read mp-ints from incoming group packet"));
6023 ssh->kex_ctx = dh_setup_gex(s->p, s->g);
6024 s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
6025 s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
6027 ssh->pkt_kctx = SSH2_PKTCTX_DHGROUP;
6028 ssh->kex_ctx = dh_setup_group(ssh->kex);
6029 s->kex_init_value = SSH2_MSG_KEXDH_INIT;
6030 s->kex_reply_value = SSH2_MSG_KEXDH_REPLY;
6031 logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"",
6032 ssh->kex->groupname);
6035 logeventf(ssh, "Doing Diffie-Hellman key exchange with hash %s",
6036 ssh->kex->hash->text_name);
6038 * Now generate and send e for Diffie-Hellman.
6040 set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */
6041 s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2);
6042 s->pktout = ssh2_pkt_init(s->kex_init_value);
6043 ssh2_pkt_addmp(s->pktout, s->e);
6044 ssh2_pkt_send_noqueue(ssh, s->pktout);
6046 set_busy_status(ssh->frontend, BUSY_WAITING); /* wait for server */
6047 crWaitUntilV(pktin);
6048 if (pktin->type != s->kex_reply_value) {
6049 bombout(("expected key exchange reply packet from server"));
6052 set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
6053 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
6054 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
6055 s->f = ssh2_pkt_getmp(pktin);
6057 bombout(("unable to parse key exchange reply packet"));
6060 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
6062 s->K = dh_find_K(ssh->kex_ctx, s->f);
6064 /* We assume everything from now on will be quick, and it might
6065 * involve user interaction. */
6066 set_busy_status(ssh->frontend, BUSY_NOT);
6068 hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
6069 if (!ssh->kex->pdata) {
6070 hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
6071 hash_mpint(ssh->kex->hash, ssh->exhash, s->p);
6072 hash_mpint(ssh->kex->hash, ssh->exhash, s->g);
6074 hash_mpint(ssh->kex->hash, ssh->exhash, s->e);
6075 hash_mpint(ssh->kex->hash, ssh->exhash, s->f);
6077 dh_cleanup(ssh->kex_ctx);
6079 if (!ssh->kex->pdata) {
6084 logeventf(ssh, "Doing RSA key exchange with hash %s",
6085 ssh->kex->hash->text_name);
6086 ssh->pkt_kctx = SSH2_PKTCTX_RSAKEX;
6088 * RSA key exchange. First expect a KEXRSA_PUBKEY packet
6091 crWaitUntilV(pktin);
6092 if (pktin->type != SSH2_MSG_KEXRSA_PUBKEY) {
6093 bombout(("expected RSA public key packet from server"));
6097 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
6098 hash_string(ssh->kex->hash, ssh->exhash,
6099 s->hostkeydata, s->hostkeylen);
6100 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
6104 ssh_pkt_getstring(pktin, &keydata, &s->rsakeylen);
6105 s->rsakeydata = snewn(s->rsakeylen, char);
6106 memcpy(s->rsakeydata, keydata, s->rsakeylen);
6109 s->rsakey = ssh_rsakex_newkey(s->rsakeydata, s->rsakeylen);
6111 sfree(s->rsakeydata);
6112 bombout(("unable to parse RSA public key from server"));
6116 hash_string(ssh->kex->hash, ssh->exhash, s->rsakeydata, s->rsakeylen);
6119 * Next, set up a shared secret K, of precisely KLEN -
6120 * 2*HLEN - 49 bits, where KLEN is the bit length of the
6121 * RSA key modulus and HLEN is the bit length of the hash
6125 int klen = ssh_rsakex_klen(s->rsakey);
6126 int nbits = klen - (2*ssh->kex->hash->hlen*8 + 49);
6128 unsigned char *kstr1, *kstr2, *outstr;
6129 int kstr1len, kstr2len, outstrlen;
6131 s->K = bn_power_2(nbits - 1);
6133 for (i = 0; i < nbits; i++) {
6135 byte = random_byte();
6137 bignum_set_bit(s->K, i, (byte >> (i & 7)) & 1);
6141 * Encode this as an mpint.
6143 kstr1 = ssh2_mpint_fmt(s->K, &kstr1len);
6144 kstr2 = snewn(kstr2len = 4 + kstr1len, unsigned char);
6145 PUT_32BIT(kstr2, kstr1len);
6146 memcpy(kstr2 + 4, kstr1, kstr1len);
6149 * Encrypt it with the given RSA key.
6151 outstrlen = (klen + 7) / 8;
6152 outstr = snewn(outstrlen, unsigned char);
6153 ssh_rsakex_encrypt(ssh->kex->hash, kstr2, kstr2len,
6154 outstr, outstrlen, s->rsakey);
6157 * And send it off in a return packet.
6159 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXRSA_SECRET);
6160 ssh2_pkt_addstring_start(s->pktout);
6161 ssh2_pkt_addstring_data(s->pktout, (char *)outstr, outstrlen);
6162 ssh2_pkt_send_noqueue(ssh, s->pktout);
6164 hash_string(ssh->kex->hash, ssh->exhash, outstr, outstrlen);
6171 ssh_rsakex_freekey(s->rsakey);
6173 crWaitUntilV(pktin);
6174 if (pktin->type != SSH2_MSG_KEXRSA_DONE) {
6175 sfree(s->rsakeydata);
6176 bombout(("expected signature packet from server"));
6180 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
6182 sfree(s->rsakeydata);
6185 hash_mpint(ssh->kex->hash, ssh->exhash, s->K);
6186 assert(ssh->kex->hash->hlen <= sizeof(s->exchange_hash));
6187 ssh->kex->hash->final(ssh->exhash, s->exchange_hash);
6189 ssh->kex_ctx = NULL;
6192 debug(("Exchange hash is:\n"));
6193 dmemdump(s->exchange_hash, ssh->kex->hash->hlen);
6197 !ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
6198 (char *)s->exchange_hash,
6199 ssh->kex->hash->hlen)) {
6200 bombout(("Server's host key did not match the signature supplied"));
6205 * Authenticate remote host: verify host key. (We've already
6206 * checked the signature of the exchange hash.)
6208 s->keystr = ssh->hostkey->fmtkey(s->hkey);
6209 s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
6210 ssh_set_frozen(ssh, 1);
6211 s->dlgret = verify_ssh_host_key(ssh->frontend,
6212 ssh->savedhost, ssh->savedport,
6213 ssh->hostkey->keytype, s->keystr,
6215 ssh_dialog_callback, ssh);
6216 if (s->dlgret < 0) {
6220 bombout(("Unexpected data from server while waiting"
6221 " for user host key response"));
6224 } while (pktin || inlen > 0);
6225 s->dlgret = ssh->user_response;
6227 ssh_set_frozen(ssh, 0);
6228 if (s->dlgret == 0) {
6229 ssh_disconnect(ssh, "User aborted at host key verification", NULL,
6233 if (!s->got_session_id) { /* don't bother logging this in rekeys */
6234 logevent("Host key fingerprint is:");
6235 logevent(s->fingerprint);
6237 sfree(s->fingerprint);
6239 ssh->hostkey->freekey(s->hkey);
6242 * The exchange hash from the very first key exchange is also
6243 * the session id, used in session key construction and
6246 if (!s->got_session_id) {
6247 assert(sizeof(s->exchange_hash) <= sizeof(ssh->v2_session_id));
6248 memcpy(ssh->v2_session_id, s->exchange_hash,
6249 sizeof(s->exchange_hash));
6250 ssh->v2_session_id_len = ssh->kex->hash->hlen;
6251 assert(ssh->v2_session_id_len <= sizeof(ssh->v2_session_id));
6252 s->got_session_id = TRUE;
6256 * Send SSH2_MSG_NEWKEYS.
6258 s->pktout = ssh2_pkt_init(SSH2_MSG_NEWKEYS);
6259 ssh2_pkt_send_noqueue(ssh, s->pktout);
6260 ssh->outgoing_data_size = 0; /* start counting from here */
6263 * We've sent client NEWKEYS, so create and initialise
6264 * client-to-server session keys.
6266 if (ssh->cs_cipher_ctx)
6267 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
6268 ssh->cscipher = s->cscipher_tobe;
6269 ssh->cs_cipher_ctx = ssh->cscipher->make_context();
6271 if (ssh->cs_mac_ctx)
6272 ssh->csmac->free_context(ssh->cs_mac_ctx);
6273 ssh->csmac = s->csmac_tobe;
6274 ssh->cs_mac_ctx = ssh->csmac->make_context();
6276 if (ssh->cs_comp_ctx)
6277 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
6278 ssh->cscomp = s->cscomp_tobe;
6279 ssh->cs_comp_ctx = ssh->cscomp->compress_init();
6282 * Set IVs on client-to-server keys. Here we use the exchange
6283 * hash from the _first_ key exchange.
6286 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6287 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6288 ssh2_mkkey(ssh,s->K,s->exchange_hash,'C',keyspace);
6289 assert((ssh->cscipher->keylen+7) / 8 <=
6290 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6291 ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace);
6292 ssh2_mkkey(ssh,s->K,s->exchange_hash,'A',keyspace);
6293 assert(ssh->cscipher->blksize <=
6294 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6295 ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace);
6296 ssh2_mkkey(ssh,s->K,s->exchange_hash,'E',keyspace);
6297 assert(ssh->csmac->len <=
6298 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6299 ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace);
6300 smemclr(keyspace, sizeof(keyspace));
6303 logeventf(ssh, "Initialised %.200s client->server encryption",
6304 ssh->cscipher->text_name);
6305 logeventf(ssh, "Initialised %.200s client->server MAC algorithm",
6306 ssh->csmac->text_name);
6307 if (ssh->cscomp->text_name)
6308 logeventf(ssh, "Initialised %s compression",
6309 ssh->cscomp->text_name);
6312 * Now our end of the key exchange is complete, we can send all
6313 * our queued higher-layer packets.
6315 ssh->queueing = FALSE;
6316 ssh2_pkt_queuesend(ssh);
6319 * Expect SSH2_MSG_NEWKEYS from server.
6321 crWaitUntilV(pktin);
6322 if (pktin->type != SSH2_MSG_NEWKEYS) {
6323 bombout(("expected new-keys packet from server"));
6326 ssh->incoming_data_size = 0; /* start counting from here */
6329 * We've seen server NEWKEYS, so create and initialise
6330 * server-to-client session keys.
6332 if (ssh->sc_cipher_ctx)
6333 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
6334 ssh->sccipher = s->sccipher_tobe;
6335 ssh->sc_cipher_ctx = ssh->sccipher->make_context();
6337 if (ssh->sc_mac_ctx)
6338 ssh->scmac->free_context(ssh->sc_mac_ctx);
6339 ssh->scmac = s->scmac_tobe;
6340 ssh->sc_mac_ctx = ssh->scmac->make_context();
6342 if (ssh->sc_comp_ctx)
6343 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
6344 ssh->sccomp = s->sccomp_tobe;
6345 ssh->sc_comp_ctx = ssh->sccomp->decompress_init();
6348 * Set IVs on server-to-client keys. Here we use the exchange
6349 * hash from the _first_ key exchange.
6352 unsigned char keyspace[SSH2_KEX_MAX_HASH_LEN * SSH2_MKKEY_ITERS];
6353 assert(sizeof(keyspace) >= ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6354 ssh2_mkkey(ssh,s->K,s->exchange_hash,'D',keyspace);
6355 assert((ssh->sccipher->keylen+7) / 8 <=
6356 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6357 ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace);
6358 ssh2_mkkey(ssh,s->K,s->exchange_hash,'B',keyspace);
6359 assert(ssh->sccipher->blksize <=
6360 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6361 ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace);
6362 ssh2_mkkey(ssh,s->K,s->exchange_hash,'F',keyspace);
6363 assert(ssh->scmac->len <=
6364 ssh->kex->hash->hlen * SSH2_MKKEY_ITERS);
6365 ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
6366 smemclr(keyspace, sizeof(keyspace));
6368 logeventf(ssh, "Initialised %.200s server->client encryption",
6369 ssh->sccipher->text_name);
6370 logeventf(ssh, "Initialised %.200s server->client MAC algorithm",
6371 ssh->scmac->text_name);
6372 if (ssh->sccomp->text_name)
6373 logeventf(ssh, "Initialised %s decompression",
6374 ssh->sccomp->text_name);
6377 * Free shared secret.
6382 * Key exchange is over. Loop straight back round if we have a
6383 * deferred rekey reason.
6385 if (ssh->deferred_rekey_reason) {
6386 logevent(ssh->deferred_rekey_reason);
6388 ssh->deferred_rekey_reason = NULL;
6389 goto begin_key_exchange;
6393 * Otherwise, schedule a timer for our next rekey.
6395 ssh->kex_in_progress = FALSE;
6396 ssh->last_rekey = GETTICKCOUNT();
6397 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0)
6398 ssh->next_rekey = schedule_timer(conf_get_int(ssh->conf, CONF_ssh_rekey_time)*60*TICKSPERSEC,
6402 * Now we're encrypting. Begin returning 1 to the protocol main
6403 * function so that other things can run on top of the
6404 * transport. If we ever see a KEXINIT, we must go back to the
6407 * We _also_ go back to the start if we see pktin==NULL and
6408 * inlen negative, because this is a special signal meaning
6409 * `initiate client-driven rekey', and `in' contains a message
6410 * giving the reason for the rekey.
6412 * inlen==-1 means always initiate a rekey;
6413 * inlen==-2 means that userauth has completed successfully and
6414 * we should consider rekeying (for delayed compression).
6416 while (!((pktin && pktin->type == SSH2_MSG_KEXINIT) ||
6417 (!pktin && inlen < 0))) {
6419 if (!ssh->protocol_initial_phase_done) {
6420 ssh->protocol_initial_phase_done = TRUE;
6422 * Allow authconn to initialise itself.
6424 do_ssh2_authconn(ssh, NULL, 0, NULL);
6429 logevent("Server initiated key re-exchange");
6433 * authconn has seen a USERAUTH_SUCCEEDED. Time to enable
6434 * delayed compression, if it's available.
6436 * draft-miller-secsh-compression-delayed-00 says that you
6437 * negotiate delayed compression in the first key exchange, and
6438 * both sides start compressing when the server has sent
6439 * USERAUTH_SUCCESS. This has a race condition -- the server
6440 * can't know when the client has seen it, and thus which incoming
6441 * packets it should treat as compressed.
6443 * Instead, we do the initial key exchange without offering the
6444 * delayed methods, but note if the server offers them; when we
6445 * get here, if a delayed method was available that was higher
6446 * on our list than what we got, we initiate a rekey in which we
6447 * _do_ list the delayed methods (and hopefully get it as a
6448 * result). Subsequent rekeys will do the same.
6450 assert(!s->userauth_succeeded); /* should only happen once */
6451 s->userauth_succeeded = TRUE;
6452 if (!s->pending_compression)
6453 /* Can't see any point rekeying. */
6454 goto wait_for_rekey; /* this is utterly horrid */
6455 /* else fall through to rekey... */
6456 s->pending_compression = FALSE;
6459 * Now we've decided to rekey.
6461 * Special case: if the server bug is set that doesn't
6462 * allow rekeying, we give a different log message and
6463 * continue waiting. (If such a server _initiates_ a rekey,
6464 * we process it anyway!)
6466 if ((ssh->remote_bugs & BUG_SSH2_REKEY)) {
6467 logeventf(ssh, "Server bug prevents key re-exchange (%s)",
6469 /* Reset the counters, so that at least this message doesn't
6470 * hit the event log _too_ often. */
6471 ssh->outgoing_data_size = 0;
6472 ssh->incoming_data_size = 0;
6473 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0) {
6475 schedule_timer(conf_get_int(ssh->conf, CONF_ssh_rekey_time)*60*TICKSPERSEC,
6478 goto wait_for_rekey; /* this is still utterly horrid */
6480 logeventf(ssh, "Initiating key re-exchange (%s)", (char *)in);
6483 goto begin_key_exchange;
6489 * Add data to an SSH-2 channel output buffer.
6491 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
6494 bufchain_add(&c->v.v2.outbuffer, buf, len);
6498 * Attempt to send data on an SSH-2 channel.
6500 static int ssh2_try_send(struct ssh_channel *c)
6503 struct Packet *pktout;
6506 while (c->v.v2.remwindow > 0 && bufchain_size(&c->v.v2.outbuffer) > 0) {
6509 bufchain_prefix(&c->v.v2.outbuffer, &data, &len);
6510 if ((unsigned)len > c->v.v2.remwindow)
6511 len = c->v.v2.remwindow;
6512 if ((unsigned)len > c->v.v2.remmaxpkt)
6513 len = c->v.v2.remmaxpkt;
6514 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA);
6515 ssh2_pkt_adduint32(pktout, c->remoteid);
6516 ssh2_pkt_addstring_start(pktout);
6517 dont_log_data(ssh, pktout, PKTLOG_OMIT);
6518 ssh2_pkt_addstring_data(pktout, data, len);
6519 end_log_omission(ssh, pktout);
6520 ssh2_pkt_send(ssh, pktout);
6521 bufchain_consume(&c->v.v2.outbuffer, len);
6522 c->v.v2.remwindow -= len;
6526 * After having sent as much data as we can, return the amount
6529 ret = bufchain_size(&c->v.v2.outbuffer);
6532 * And if there's no data pending but we need to send an EOF, send
6535 if (!ret && c->pending_eof)
6536 ssh_channel_try_eof(c);
6541 static void ssh2_try_send_and_unthrottle(Ssh ssh, struct ssh_channel *c)
6544 if (c->closes & CLOSES_SENT_EOF)
6545 return; /* don't send on channels we've EOFed */
6546 bufsize = ssh2_try_send(c);
6549 case CHAN_MAINSESSION:
6550 /* stdin need not receive an unthrottle
6551 * notification since it will be polled */
6554 x11_unthrottle(c->u.x11.s);
6557 /* agent sockets are request/response and need no
6558 * buffer management */
6561 pfd_unthrottle(c->u.pfd.s);
6568 * Set up most of a new ssh_channel for SSH-2.
6570 static void ssh2_channel_init(struct ssh_channel *c)
6573 c->localid = alloc_channel_id(ssh);
6575 c->pending_eof = FALSE;
6576 c->throttling_conn = FALSE;
6577 c->v.v2.locwindow = c->v.v2.locmaxwin = c->v.v2.remlocwin =
6578 conf_get_int(ssh->conf, CONF_ssh_simple) ? OUR_V2_BIGWIN : OUR_V2_WINSIZE;
6579 c->v.v2.chanreq_head = NULL;
6580 c->v.v2.throttle_state = UNTHROTTLED;
6581 bufchain_init(&c->v.v2.outbuffer);
6585 * Construct the common parts of a CHANNEL_OPEN.
6587 static struct Packet *ssh2_chanopen_init(struct ssh_channel *c, char *type)
6589 struct Packet *pktout;
6591 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
6592 ssh2_pkt_addstring(pktout, type);
6593 ssh2_pkt_adduint32(pktout, c->localid);
6594 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);/* our window size */
6595 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
6600 * CHANNEL_FAILURE doesn't come with any indication of what message
6601 * caused it, so we have to keep track of the outstanding
6602 * CHANNEL_REQUESTs ourselves.
6604 static void ssh2_queue_chanreq_handler(struct ssh_channel *c,
6605 cchandler_fn_t handler, void *ctx)
6607 struct outstanding_channel_request *ocr =
6608 snew(struct outstanding_channel_request);
6610 assert(!(c->closes & (CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE)));
6611 ocr->handler = handler;
6614 if (!c->v.v2.chanreq_head)
6615 c->v.v2.chanreq_head = ocr;
6617 c->v.v2.chanreq_tail->next = ocr;
6618 c->v.v2.chanreq_tail = ocr;
6622 * Construct the common parts of a CHANNEL_REQUEST. If handler is not
6623 * NULL then a reply will be requested and the handler will be called
6624 * when it arrives. The returned packet is ready to have any
6625 * request-specific data added and be sent. Note that if a handler is
6626 * provided, it's essential that the request actually be sent.
6628 * The handler will usually be passed the response packet in pktin.
6629 * If pktin is NULL, this means that no reply will ever be forthcoming
6630 * (e.g. because the entire connection is being destroyed) and the
6631 * handler should free any storage it's holding.
6633 static struct Packet *ssh2_chanreq_init(struct ssh_channel *c, char *type,
6634 cchandler_fn_t handler, void *ctx)
6636 struct Packet *pktout;
6638 assert(!(c->closes & (CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE)));
6639 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
6640 ssh2_pkt_adduint32(pktout, c->remoteid);
6641 ssh2_pkt_addstring(pktout, type);
6642 ssh2_pkt_addbool(pktout, handler != NULL);
6643 if (handler != NULL)
6644 ssh2_queue_chanreq_handler(c, handler, ctx);
6649 * Potentially enlarge the window on an SSH-2 channel.
6651 static void ssh2_handle_winadj_response(struct ssh_channel *, struct Packet *,
6653 static void ssh2_set_window(struct ssh_channel *c, int newwin)
6658 * Never send WINDOW_ADJUST for a channel that the remote side has
6659 * already sent EOF on; there's no point, since it won't be
6660 * sending any more data anyway. Ditto if _we've_ already sent
6663 if (c->closes & (CLOSES_RCVD_EOF | CLOSES_SENT_CLOSE))
6667 * If the remote end has a habit of ignoring maxpkt, limit the
6668 * window so that it has no choice (assuming it doesn't ignore the
6671 if ((ssh->remote_bugs & BUG_SSH2_MAXPKT) && newwin > OUR_V2_MAXPKT)
6672 newwin = OUR_V2_MAXPKT;
6675 * Only send a WINDOW_ADJUST if there's significantly more window
6676 * available than the other end thinks there is. This saves us
6677 * sending a WINDOW_ADJUST for every character in a shell session.
6679 * "Significant" is arbitrarily defined as half the window size.
6681 if (newwin / 2 >= c->v.v2.locwindow) {
6682 struct Packet *pktout;
6686 * In order to keep track of how much window the client
6687 * actually has available, we'd like it to acknowledge each
6688 * WINDOW_ADJUST. We can't do that directly, so we accompany
6689 * it with a CHANNEL_REQUEST that has to be acknowledged.
6691 * This is only necessary if we're opening the window wide.
6692 * If we're not, then throughput is being constrained by
6693 * something other than the maximum window size anyway.
6695 if (newwin == c->v.v2.locmaxwin &&
6696 !(ssh->remote_bugs & BUG_CHOKES_ON_WINADJ)) {
6697 up = snew(unsigned);
6698 *up = newwin - c->v.v2.locwindow;
6699 pktout = ssh2_chanreq_init(c, "winadj@putty.projects.tartarus.org",
6700 ssh2_handle_winadj_response, up);
6701 ssh2_pkt_send(ssh, pktout);
6703 if (c->v.v2.throttle_state != UNTHROTTLED)
6704 c->v.v2.throttle_state = UNTHROTTLING;
6706 /* Pretend the WINDOW_ADJUST was acked immediately. */
6707 c->v.v2.remlocwin = newwin;
6708 c->v.v2.throttle_state = THROTTLED;
6710 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
6711 ssh2_pkt_adduint32(pktout, c->remoteid);
6712 ssh2_pkt_adduint32(pktout, newwin - c->v.v2.locwindow);
6713 ssh2_pkt_send(ssh, pktout);
6714 c->v.v2.locwindow = newwin;
6719 * Find the channel associated with a message. If there's no channel,
6720 * or it's not properly open, make a noise about it and return NULL.
6722 static struct ssh_channel *ssh2_channel_msg(Ssh ssh, struct Packet *pktin)
6724 unsigned localid = ssh_pkt_getuint32(pktin);
6725 struct ssh_channel *c;
6727 c = find234(ssh->channels, &localid, ssh_channelfind);
6729 (c->halfopen && pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION &&
6730 pktin->type != SSH2_MSG_CHANNEL_OPEN_FAILURE)) {
6731 char *buf = dupprintf("Received %s for %s channel %u",
6732 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
6734 c ? "half-open" : "nonexistent", localid);
6735 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6742 static void ssh2_handle_winadj_response(struct ssh_channel *c,
6743 struct Packet *pktin, void *ctx)
6745 unsigned *sizep = ctx;
6748 * Winadj responses should always be failures. However, at least
6749 * one server ("boks_sshd") is known to return SUCCESS for channel
6750 * requests it's never heard of, such as "winadj@putty". Raised
6751 * with foxt.com as bug 090916-090424, but for the sake of a quiet
6752 * life, we don't worry about what kind of response we got.
6755 c->v.v2.remlocwin += *sizep;
6758 * winadj messages are only sent when the window is fully open, so
6759 * if we get an ack of one, we know any pending unthrottle is
6762 if (c->v.v2.throttle_state == UNTHROTTLING)
6763 c->v.v2.throttle_state = UNTHROTTLED;
6766 static void ssh2_msg_channel_response(Ssh ssh, struct Packet *pktin)
6768 struct ssh_channel *c = ssh2_channel_msg(ssh, pktin);
6769 struct outstanding_channel_request *ocr;
6772 ocr = c->v.v2.chanreq_head;
6774 ssh2_msg_unexpected(ssh, pktin);
6777 ocr->handler(c, pktin, ocr->ctx);
6778 c->v.v2.chanreq_head = ocr->next;
6781 * We may now initiate channel-closing procedures, if that
6782 * CHANNEL_REQUEST was the last thing outstanding before we send
6785 ssh2_channel_check_close(c);
6788 static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)
6790 struct ssh_channel *c;
6791 c = ssh2_channel_msg(ssh, pktin);
6794 if (!(c->closes & CLOSES_SENT_EOF)) {
6795 c->v.v2.remwindow += ssh_pkt_getuint32(pktin);
6796 ssh2_try_send_and_unthrottle(ssh, c);
6800 static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
6804 struct ssh_channel *c;
6805 c = ssh2_channel_msg(ssh, pktin);
6808 if (pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA &&
6809 ssh_pkt_getuint32(pktin) != SSH2_EXTENDED_DATA_STDERR)
6810 return; /* extended but not stderr */
6811 ssh_pkt_getstring(pktin, &data, &length);
6814 c->v.v2.locwindow -= length;
6815 c->v.v2.remlocwin -= length;
6817 case CHAN_MAINSESSION:
6819 from_backend(ssh->frontend, pktin->type ==
6820 SSH2_MSG_CHANNEL_EXTENDED_DATA,
6824 bufsize = x11_send(c->u.x11.s, data, length);
6827 bufsize = pfd_send(c->u.pfd.s, data, length);
6830 while (length > 0) {
6831 if (c->u.a.lensofar < 4) {
6832 unsigned int l = min(4 - c->u.a.lensofar,
6834 memcpy(c->u.a.msglen + c->u.a.lensofar,
6838 c->u.a.lensofar += l;
6840 if (c->u.a.lensofar == 4) {
6842 4 + GET_32BIT(c->u.a.msglen);
6843 c->u.a.message = snewn(c->u.a.totallen,
6845 memcpy(c->u.a.message, c->u.a.msglen, 4);
6847 if (c->u.a.lensofar >= 4 && length > 0) {
6849 min(c->u.a.totallen - c->u.a.lensofar,
6851 memcpy(c->u.a.message + c->u.a.lensofar,
6855 c->u.a.lensofar += l;
6857 if (c->u.a.lensofar == c->u.a.totallen) {
6860 c->u.a.outstanding_requests++;
6861 if (agent_query(c->u.a.message,
6864 ssh_agentf_callback, c))
6865 ssh_agentf_callback(c, reply, replylen);
6866 sfree(c->u.a.message);
6867 c->u.a.message = NULL;
6868 c->u.a.lensofar = 0;
6875 * If it looks like the remote end hit the end of its window,
6876 * and we didn't want it to do that, think about using a
6879 if (c->v.v2.remlocwin <= 0 && c->v.v2.throttle_state == UNTHROTTLED &&
6880 c->v.v2.locmaxwin < 0x40000000)
6881 c->v.v2.locmaxwin += OUR_V2_WINSIZE;
6883 * If we are not buffering too much data,
6884 * enlarge the window again at the remote side.
6885 * If we are buffering too much, we may still
6886 * need to adjust the window if the server's
6889 ssh2_set_window(c, bufsize < c->v.v2.locmaxwin ?
6890 c->v.v2.locmaxwin - bufsize : 0);
6892 * If we're either buffering way too much data, or if we're
6893 * buffering anything at all and we're in "simple" mode,
6894 * throttle the whole channel.
6896 if ((bufsize > c->v.v2.locmaxwin ||
6897 (conf_get_int(ssh->conf, CONF_ssh_simple) && bufsize > 0)) &&
6898 !c->throttling_conn) {
6899 c->throttling_conn = 1;
6900 ssh_throttle_conn(ssh, +1);
6905 static void ssh_channel_destroy(struct ssh_channel *c)
6910 case CHAN_MAINSESSION:
6911 ssh->mainchan = NULL;
6912 update_specials_menu(ssh->frontend);
6915 if (c->u.x11.s != NULL)
6916 x11_close(c->u.x11.s);
6917 logevent("Forwarded X11 connection terminated");
6920 sfree(c->u.a.message);
6923 if (c->u.pfd.s != NULL)
6924 pfd_close(c->u.pfd.s);
6925 logevent("Forwarded port closed");
6929 del234(ssh->channels, c);
6930 if (ssh->version == 2) {
6931 bufchain_clear(&c->v.v2.outbuffer);
6932 assert(c->v.v2.chanreq_head == NULL);
6937 * See if that was the last channel left open.
6938 * (This is only our termination condition if we're
6939 * not running in -N mode.)
6941 if (ssh->version == 2 &&
6942 !conf_get_int(ssh->conf, CONF_ssh_no_shell) &&
6943 count234(ssh->channels) == 0) {
6945 * We used to send SSH_MSG_DISCONNECT here,
6946 * because I'd believed that _every_ conforming
6947 * SSH-2 connection had to end with a disconnect
6948 * being sent by at least one side; apparently
6949 * I was wrong and it's perfectly OK to
6950 * unceremoniously slam the connection shut
6951 * when you're done, and indeed OpenSSH feels
6952 * this is more polite than sending a
6953 * DISCONNECT. So now we don't.
6955 ssh_disconnect(ssh, "All channels closed", NULL, 0, TRUE);
6959 static void ssh2_channel_check_close(struct ssh_channel *c)
6962 struct Packet *pktout;
6964 if ((!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes) ||
6965 c->type == CHAN_ZOMBIE) &&
6966 !c->v.v2.chanreq_head &&
6967 !(c->closes & CLOSES_SENT_CLOSE)) {
6969 * We have both sent and received EOF (or the channel is a
6970 * zombie), and we have no outstanding channel requests, which
6971 * means the channel is in final wind-up. But we haven't sent
6972 * CLOSE, so let's do so now.
6974 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6975 ssh2_pkt_adduint32(pktout, c->remoteid);
6976 ssh2_pkt_send(ssh, pktout);
6977 c->closes |= CLOSES_SENT_EOF | CLOSES_SENT_CLOSE;
6980 if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes)) {
6981 assert(c->v.v2.chanreq_head == NULL);
6983 * We have both sent and received CLOSE, which means we're
6984 * completely done with the channel.
6986 ssh_channel_destroy(c);
6990 static void ssh2_channel_got_eof(struct ssh_channel *c)
6992 if (c->closes & CLOSES_RCVD_EOF)
6993 return; /* already seen EOF */
6994 c->closes |= CLOSES_RCVD_EOF;
6996 if (c->type == CHAN_X11) {
6997 x11_send_eof(c->u.x11.s);
6998 } else if (c->type == CHAN_AGENT) {
6999 if (c->u.a.outstanding_requests == 0) {
7000 /* Manufacture an outgoing EOF in response to the incoming one. */
7001 sshfwd_write_eof(c);
7003 } else if (c->type == CHAN_SOCKDATA) {
7004 pfd_send_eof(c->u.pfd.s);
7005 } else if (c->type == CHAN_MAINSESSION) {
7008 if (!ssh->sent_console_eof &&
7009 (from_backend_eof(ssh->frontend) || ssh->got_pty)) {
7011 * Either from_backend_eof told us that the front end
7012 * wants us to close the outgoing side of the connection
7013 * as soon as we see EOF from the far end, or else we've
7014 * unilaterally decided to do that because we've allocated
7015 * a remote pty and hence EOF isn't a particularly
7016 * meaningful concept.
7018 sshfwd_write_eof(c);
7020 ssh->sent_console_eof = TRUE;
7023 ssh2_channel_check_close(c);
7026 static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)
7028 struct ssh_channel *c;
7030 c = ssh2_channel_msg(ssh, pktin);
7033 ssh2_channel_got_eof(c);
7036 static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
7038 struct ssh_channel *c;
7040 c = ssh2_channel_msg(ssh, pktin);
7045 * When we receive CLOSE on a channel, we assume it comes with an
7046 * implied EOF if we haven't seen EOF yet.
7048 ssh2_channel_got_eof(c);
7051 * And we also send an outgoing EOF, if we haven't already, on the
7052 * assumption that CLOSE is a pretty forceful announcement that
7053 * the remote side is doing away with the entire channel. (If it
7054 * had wanted to send us EOF and continue receiving data from us,
7055 * it would have just sent CHANNEL_EOF.)
7057 if (!(c->closes & CLOSES_SENT_EOF)) {
7059 * Make sure we don't read any more from whatever our local
7060 * data source is for this channel.
7063 case CHAN_MAINSESSION:
7064 ssh->send_ok = 0; /* stop trying to read from stdin */
7067 x11_override_throttle(c->u.x11.s, 1);
7070 pfd_override_throttle(c->u.pfd.s, 1);
7075 * Send outgoing EOF.
7077 sshfwd_write_eof(c);
7081 * Now process the actual close.
7083 if (!(c->closes & CLOSES_RCVD_CLOSE)) {
7084 c->closes |= CLOSES_RCVD_CLOSE;
7085 ssh2_channel_check_close(c);
7089 static void ssh2_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
7091 struct ssh_channel *c;
7093 c = ssh2_channel_msg(ssh, pktin);
7096 if (c->type != CHAN_SOCKDATA_DORMANT)
7097 return; /* dunno why they're confirming this */
7098 c->remoteid = ssh_pkt_getuint32(pktin);
7099 c->halfopen = FALSE;
7100 c->type = CHAN_SOCKDATA;
7101 c->v.v2.remwindow = ssh_pkt_getuint32(pktin);
7102 c->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
7104 pfd_confirm(c->u.pfd.s);
7106 ssh_channel_try_eof(c);
7109 static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
7111 static const char *const reasons[] = {
7112 "<unknown reason code>",
7113 "Administratively prohibited",
7115 "Unknown channel type",
7116 "Resource shortage",
7118 unsigned reason_code;
7119 char *reason_string;
7121 struct ssh_channel *c;
7122 c = ssh2_channel_msg(ssh, pktin);
7125 if (c->type != CHAN_SOCKDATA_DORMANT)
7126 return; /* dunno why they're failing this */
7128 reason_code = ssh_pkt_getuint32(pktin);
7129 if (reason_code >= lenof(reasons))
7130 reason_code = 0; /* ensure reasons[reason_code] in range */
7131 ssh_pkt_getstring(pktin, &reason_string, &reason_length);
7132 logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]",
7133 reasons[reason_code], reason_length, reason_string);
7135 pfd_close(c->u.pfd.s);
7137 del234(ssh->channels, c);
7141 static void ssh2_msg_channel_request(Ssh ssh, struct Packet *pktin)
7144 int typelen, want_reply;
7145 int reply = SSH2_MSG_CHANNEL_FAILURE; /* default */
7146 struct ssh_channel *c;
7147 struct Packet *pktout;
7149 c = ssh2_channel_msg(ssh, pktin);
7152 ssh_pkt_getstring(pktin, &type, &typelen);
7153 want_reply = ssh2_pkt_getbool(pktin);
7156 * Having got the channel number, we now look at
7157 * the request type string to see if it's something
7160 if (c == ssh->mainchan) {
7162 * We recognise "exit-status" and "exit-signal" on
7163 * the primary channel.
7165 if (typelen == 11 &&
7166 !memcmp(type, "exit-status", 11)) {
7168 ssh->exitcode = ssh_pkt_getuint32(pktin);
7169 logeventf(ssh, "Server sent command exit status %d",
7171 reply = SSH2_MSG_CHANNEL_SUCCESS;
7173 } else if (typelen == 11 &&
7174 !memcmp(type, "exit-signal", 11)) {
7176 int is_plausible = TRUE, is_int = FALSE;
7177 char *fmt_sig = "", *fmt_msg = "";
7179 int msglen = 0, core = FALSE;
7180 /* ICK: older versions of OpenSSH (e.g. 3.4p1)
7181 * provide an `int' for the signal, despite its
7182 * having been a `string' in the drafts of RFC 4254 since at
7183 * least 2001. (Fixed in session.c 1.147.) Try to
7184 * infer which we can safely parse it as. */
7186 unsigned char *p = pktin->body +
7188 long len = pktin->length - pktin->savedpos;
7189 unsigned long num = GET_32BIT(p); /* what is it? */
7190 /* If it's 0, it hardly matters; assume string */
7194 int maybe_int = FALSE, maybe_str = FALSE;
7195 #define CHECK_HYPOTHESIS(offset, result) \
7198 if (q >= 0 && q+4 <= len) { \
7199 q = q + 4 + GET_32BIT(p+q); \
7200 if (q >= 0 && q+4 <= len && \
7201 ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \
7205 CHECK_HYPOTHESIS(4+1, maybe_int);
7206 CHECK_HYPOTHESIS(4+num+1, maybe_str);
7207 #undef CHECK_HYPOTHESIS
7208 if (maybe_int && !maybe_str)
7210 else if (!maybe_int && maybe_str)
7213 /* Crikey. Either or neither. Panic. */
7214 is_plausible = FALSE;
7217 ssh->exitcode = 128; /* means `unknown signal' */
7220 /* Old non-standard OpenSSH. */
7221 int signum = ssh_pkt_getuint32(pktin);
7222 fmt_sig = dupprintf(" %d", signum);
7223 ssh->exitcode = 128 + signum;
7225 /* As per RFC 4254. */
7228 ssh_pkt_getstring(pktin, &sig, &siglen);
7229 /* Signal name isn't supposed to be blank, but
7230 * let's cope gracefully if it is. */
7232 fmt_sig = dupprintf(" \"%.*s\"",
7237 * Really hideous method of translating the
7238 * signal description back into a locally
7239 * meaningful number.
7244 #define TRANSLATE_SIGNAL(s) \
7245 else if (siglen == lenof(#s)-1 && !memcmp(sig, #s, siglen)) \
7246 ssh->exitcode = 128 + SIG ## s
7248 TRANSLATE_SIGNAL(ABRT);
7251 TRANSLATE_SIGNAL(ALRM);
7254 TRANSLATE_SIGNAL(FPE);
7257 TRANSLATE_SIGNAL(HUP);
7260 TRANSLATE_SIGNAL(ILL);
7263 TRANSLATE_SIGNAL(INT);
7266 TRANSLATE_SIGNAL(KILL);
7269 TRANSLATE_SIGNAL(PIPE);
7272 TRANSLATE_SIGNAL(QUIT);
7275 TRANSLATE_SIGNAL(SEGV);
7278 TRANSLATE_SIGNAL(TERM);
7281 TRANSLATE_SIGNAL(USR1);
7284 TRANSLATE_SIGNAL(USR2);
7286 #undef TRANSLATE_SIGNAL
7288 ssh->exitcode = 128;
7290 core = ssh2_pkt_getbool(pktin);
7291 ssh_pkt_getstring(pktin, &msg, &msglen);
7293 fmt_msg = dupprintf(" (\"%.*s\")", msglen, msg);
7295 /* ignore lang tag */
7296 } /* else don't attempt to parse */
7297 logeventf(ssh, "Server exited on signal%s%s%s",
7298 fmt_sig, core ? " (core dumped)" : "",
7300 if (*fmt_sig) sfree(fmt_sig);
7301 if (*fmt_msg) sfree(fmt_msg);
7302 reply = SSH2_MSG_CHANNEL_SUCCESS;
7307 * This is a channel request we don't know
7308 * about, so we now either ignore the request
7309 * or respond with CHANNEL_FAILURE, depending
7312 reply = SSH2_MSG_CHANNEL_FAILURE;
7315 pktout = ssh2_pkt_init(reply);
7316 ssh2_pkt_adduint32(pktout, c->remoteid);
7317 ssh2_pkt_send(ssh, pktout);
7321 static void ssh2_msg_global_request(Ssh ssh, struct Packet *pktin)
7324 int typelen, want_reply;
7325 struct Packet *pktout;
7327 ssh_pkt_getstring(pktin, &type, &typelen);
7328 want_reply = ssh2_pkt_getbool(pktin);
7331 * We currently don't support any global requests
7332 * at all, so we either ignore the request or
7333 * respond with REQUEST_FAILURE, depending on
7337 pktout = ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
7338 ssh2_pkt_send(ssh, pktout);
7342 static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
7350 struct ssh_channel *c;
7351 unsigned remid, winsize, pktsize;
7352 struct Packet *pktout;
7354 ssh_pkt_getstring(pktin, &type, &typelen);
7355 c = snew(struct ssh_channel);
7358 remid = ssh_pkt_getuint32(pktin);
7359 winsize = ssh_pkt_getuint32(pktin);
7360 pktsize = ssh_pkt_getuint32(pktin);
7362 if (typelen == 3 && !memcmp(type, "x11", 3)) {
7366 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7367 addrstr = snewn(peeraddrlen+1, char);
7368 memcpy(addrstr, peeraddr, peeraddrlen);
7369 addrstr[peeraddrlen] = '\0';
7370 peerport = ssh_pkt_getuint32(pktin);
7372 logeventf(ssh, "Received X11 connect request from %s:%d",
7375 if (!ssh->X11_fwd_enabled)
7376 error = "X11 forwarding is not enabled";
7377 else if ((x11err = x11_init(&c->u.x11.s, ssh->x11disp, c,
7378 addrstr, peerport, ssh->conf)) != NULL) {
7379 logeventf(ssh, "Local X11 connection failed: %s", x11err);
7380 error = "Unable to open an X11 connection";
7382 logevent("Opening X11 forward connection succeeded");
7387 } else if (typelen == 15 &&
7388 !memcmp(type, "forwarded-tcpip", 15)) {
7389 struct ssh_rportfwd pf, *realpf;
7392 ssh_pkt_getstring(pktin, &dummy, &dummylen);/* skip address */
7393 pf.sport = ssh_pkt_getuint32(pktin);
7394 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
7395 peerport = ssh_pkt_getuint32(pktin);
7396 realpf = find234(ssh->rportfwds, &pf, NULL);
7397 logeventf(ssh, "Received remote port %d open request "
7398 "from %s:%d", pf.sport, peeraddr, peerport);
7399 if (realpf == NULL) {
7400 error = "Remote port is not recognised";
7402 const char *e = pfd_newconnect(&c->u.pfd.s,
7406 realpf->pfrec->addressfamily);
7407 logeventf(ssh, "Attempting to forward remote port to "
7408 "%s:%d", realpf->dhost, realpf->dport);
7410 logeventf(ssh, "Port open failed: %s", e);
7411 error = "Port open failed";
7413 logevent("Forwarded port opened successfully");
7414 c->type = CHAN_SOCKDATA;
7417 } else if (typelen == 22 &&
7418 !memcmp(type, "auth-agent@openssh.com", 22)) {
7419 if (!ssh->agentfwd_enabled)
7420 error = "Agent forwarding is not enabled";
7422 c->type = CHAN_AGENT; /* identify channel type */
7423 c->u.a.lensofar = 0;
7424 c->u.a.outstanding_requests = 0;
7427 error = "Unsupported channel type requested";
7430 c->remoteid = remid;
7431 c->halfopen = FALSE;
7433 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE);
7434 ssh2_pkt_adduint32(pktout, c->remoteid);
7435 ssh2_pkt_adduint32(pktout, SSH2_OPEN_CONNECT_FAILED);
7436 ssh2_pkt_addstring(pktout, error);
7437 ssh2_pkt_addstring(pktout, "en"); /* language tag */
7438 ssh2_pkt_send(ssh, pktout);
7439 logeventf(ssh, "Rejected channel open: %s", error);
7442 ssh2_channel_init(c);
7443 c->v.v2.remwindow = winsize;
7444 c->v.v2.remmaxpkt = pktsize;
7445 add234(ssh->channels, c);
7446 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
7447 ssh2_pkt_adduint32(pktout, c->remoteid);
7448 ssh2_pkt_adduint32(pktout, c->localid);
7449 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);
7450 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
7451 ssh2_pkt_send(ssh, pktout);
7456 * Buffer banner messages for later display at some convenient point,
7457 * if we're going to display them.
7459 static void ssh2_msg_userauth_banner(Ssh ssh, struct Packet *pktin)
7461 /* Arbitrary limit to prevent unbounded inflation of buffer */
7462 if (conf_get_int(ssh->conf, CONF_ssh_show_banner) &&
7463 bufchain_size(&ssh->banner) <= 131072) {
7464 char *banner = NULL;
7466 ssh_pkt_getstring(pktin, &banner, &size);
7468 bufchain_add(&ssh->banner, banner, size);
7472 /* Helper function to deal with sending tty modes for "pty-req" */
7473 static void ssh2_send_ttymode(void *data, char *mode, char *val)
7475 struct Packet *pktout = (struct Packet *)data;
7477 unsigned int arg = 0;
7478 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
7479 if (i == lenof(ssh_ttymodes)) return;
7480 switch (ssh_ttymodes[i].type) {
7482 arg = ssh_tty_parse_specchar(val);
7485 arg = ssh_tty_parse_boolean(val);
7488 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
7489 ssh2_pkt_adduint32(pktout, arg);
7492 static void ssh2_setup_x11(struct ssh_channel *c, struct Packet *pktin,
7495 struct ssh2_setup_x11_state {
7499 struct Packet *pktout;
7500 crStateP(ssh2_setup_x11_state, ctx);
7504 logevent("Requesting X11 forwarding");
7505 pktout = ssh2_chanreq_init(ssh->mainchan, "x11-req",
7507 ssh2_pkt_addbool(pktout, 0); /* many connections */
7508 ssh2_pkt_addstring(pktout, ssh->x11disp->remoteauthprotoname);
7510 * Note that while we blank the X authentication data here, we don't
7511 * take any special action to blank the start of an X11 channel,
7512 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
7513 * without having session blanking enabled is likely to leak your
7514 * cookie into the log.
7516 dont_log_password(ssh, pktout, PKTLOG_BLANK);
7517 ssh2_pkt_addstring(pktout, ssh->x11disp->remoteauthdatastring);
7518 end_log_omission(ssh, pktout);
7519 ssh2_pkt_adduint32(pktout, ssh->x11disp->screennum);
7520 ssh2_pkt_send(ssh, pktout);
7522 crWaitUntilV(pktin);
7525 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) {
7526 logevent("X11 forwarding enabled");
7527 ssh->X11_fwd_enabled = TRUE;
7529 logevent("X11 forwarding refused");
7535 static void ssh2_setup_agent(struct ssh_channel *c, struct Packet *pktin,
7538 struct ssh2_setup_agent_state {
7542 struct Packet *pktout;
7543 crStateP(ssh2_setup_agent_state, ctx);
7547 logevent("Requesting OpenSSH-style agent forwarding");
7548 pktout = ssh2_chanreq_init(ssh->mainchan, "auth-agent-req@openssh.com",
7549 ssh2_setup_agent, s);
7550 ssh2_pkt_send(ssh, pktout);
7552 crWaitUntilV(pktin);
7555 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) {
7556 logevent("Agent forwarding enabled");
7557 ssh->agentfwd_enabled = TRUE;
7559 logevent("Agent forwarding refused");
7565 static void ssh2_setup_pty(struct ssh_channel *c, struct Packet *pktin,
7568 struct ssh2_setup_pty_state {
7572 struct Packet *pktout;
7573 crStateP(ssh2_setup_pty_state, ctx);
7577 /* Unpick the terminal-speed string. */
7578 /* XXX perhaps we should allow no speeds to be sent. */
7579 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
7580 sscanf(conf_get_str(ssh->conf, CONF_termspeed), "%d,%d", &ssh->ospeed, &ssh->ispeed);
7581 /* Build the pty request. */
7582 pktout = ssh2_chanreq_init(ssh->mainchan, "pty-req",
7584 ssh2_pkt_addstring(pktout, conf_get_str(ssh->conf, CONF_termtype));
7585 ssh2_pkt_adduint32(pktout, ssh->term_width);
7586 ssh2_pkt_adduint32(pktout, ssh->term_height);
7587 ssh2_pkt_adduint32(pktout, 0); /* pixel width */
7588 ssh2_pkt_adduint32(pktout, 0); /* pixel height */
7589 ssh2_pkt_addstring_start(pktout);
7590 parse_ttymodes(ssh, ssh2_send_ttymode, (void *)pktout);
7591 ssh2_pkt_addbyte(pktout, SSH2_TTY_OP_ISPEED);
7592 ssh2_pkt_adduint32(pktout, ssh->ispeed);
7593 ssh2_pkt_addbyte(pktout, SSH2_TTY_OP_OSPEED);
7594 ssh2_pkt_adduint32(pktout, ssh->ospeed);
7595 ssh2_pkt_addstring_data(pktout, "\0", 1); /* TTY_OP_END */
7596 ssh2_pkt_send(ssh, pktout);
7597 ssh->state = SSH_STATE_INTERMED;
7599 crWaitUntilV(pktin);
7602 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) {
7603 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
7604 ssh->ospeed, ssh->ispeed);
7605 ssh->got_pty = TRUE;
7607 c_write_str(ssh, "Server refused to allocate pty\r\n");
7608 ssh->editing = ssh->echoing = 1;
7615 static void ssh2_setup_env(struct ssh_channel *c, struct Packet *pktin,
7618 struct ssh2_setup_env_state {
7620 int num_env, env_left, env_ok;
7623 struct Packet *pktout;
7624 crStateP(ssh2_setup_env_state, ctx);
7629 * Send environment variables.
7631 * Simplest thing here is to send all the requests at once, and
7632 * then wait for a whole bunch of successes or failures.
7638 for (val = conf_get_str_strs(ssh->conf, CONF_environmt, NULL, &key);
7640 val = conf_get_str_strs(ssh->conf, CONF_environmt, key, &key)) {
7641 pktout = ssh2_chanreq_init(ssh->mainchan, "env", ssh2_setup_env, s);
7642 ssh2_pkt_addstring(pktout, key);
7643 ssh2_pkt_addstring(pktout, val);
7644 ssh2_pkt_send(ssh, pktout);
7649 logeventf(ssh, "Sent %d environment variables", s->num_env);
7654 s->env_left = s->num_env;
7656 while (s->env_left > 0) {
7657 crWaitUntilV(pktin);
7658 if (!pktin) goto out;
7659 if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS)
7664 if (s->env_ok == s->num_env) {
7665 logevent("All environment variables successfully set");
7666 } else if (s->env_ok == 0) {
7667 logevent("All environment variables refused");
7668 c_write_str(ssh, "Server refused to set environment variables\r\n");
7670 logeventf(ssh, "%d environment variables refused",
7671 s->num_env - s->env_ok);
7672 c_write_str(ssh, "Server refused to set all environment variables\r\n");
7680 * Handle the SSH-2 userauth and connection layers.
7682 static void ssh2_msg_authconn(Ssh ssh, struct Packet *pktin)
7684 do_ssh2_authconn(ssh, NULL, 0, pktin);
7687 static void ssh2_response_authconn(struct ssh_channel *c, struct Packet *pktin,
7690 do_ssh2_authconn(c->ssh, NULL, 0, pktin);
7693 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
7694 struct Packet *pktin)
7696 struct do_ssh2_authconn_state {
7700 AUTH_TYPE_PUBLICKEY,
7701 AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
7702 AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
7704 AUTH_TYPE_GSSAPI, /* always QUIET */
7705 AUTH_TYPE_KEYBOARD_INTERACTIVE,
7706 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
7708 int done_service_req;
7709 int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
7710 int tried_pubkey_config, done_agent;
7715 int kbd_inter_refused;
7716 int we_are_in, userauth_success;
7717 prompts_t *cur_prompt;
7722 void *publickey_blob;
7723 int publickey_bloblen;
7724 int publickey_encrypted;
7725 char *publickey_algorithm;
7726 char *publickey_comment;
7727 unsigned char agent_request[5], *agent_response, *agentp;
7728 int agent_responselen;
7729 unsigned char *pkblob_in_agent;
7731 char *pkblob, *alg, *commentp;
7732 int pklen, alglen, commentlen;
7733 int siglen, retlen, len;
7734 char *q, *agentreq, *ret;
7736 struct Packet *pktout;
7739 struct ssh_gss_library *gsslib;
7740 Ssh_gss_ctx gss_ctx;
7741 Ssh_gss_buf gss_buf;
7742 Ssh_gss_buf gss_rcvtok, gss_sndtok;
7743 Ssh_gss_name gss_srv_name;
7744 Ssh_gss_stat gss_stat;
7747 crState(do_ssh2_authconn_state);
7751 /* Register as a handler for all the messages this coroutine handles. */
7752 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = ssh2_msg_authconn;
7753 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = ssh2_msg_authconn;
7754 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = ssh2_msg_authconn;
7755 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = ssh2_msg_authconn;
7756 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = ssh2_msg_authconn;
7757 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = ssh2_msg_authconn;
7758 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = ssh2_msg_authconn; duplicate case value */
7759 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = ssh2_msg_authconn; duplicate case value */
7760 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = ssh2_msg_authconn;
7761 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = ssh2_msg_authconn;
7762 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = ssh2_msg_authconn;
7763 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = ssh2_msg_authconn;
7764 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = ssh2_msg_authconn;
7765 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = ssh2_msg_authconn;
7766 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = ssh2_msg_authconn;
7767 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = ssh2_msg_authconn;
7768 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = ssh2_msg_authconn;
7769 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = ssh2_msg_authconn;
7770 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_authconn;
7771 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_authconn;
7773 s->done_service_req = FALSE;
7774 s->we_are_in = s->userauth_success = FALSE;
7776 s->tried_gssapi = FALSE;
7779 if (!conf_get_int(ssh->conf, CONF_ssh_no_userauth)) {
7781 * Request userauth protocol, and await a response to it.
7783 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7784 ssh2_pkt_addstring(s->pktout, "ssh-userauth");
7785 ssh2_pkt_send(ssh, s->pktout);
7786 crWaitUntilV(pktin);
7787 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT)
7788 s->done_service_req = TRUE;
7790 if (!s->done_service_req) {
7792 * Request connection protocol directly, without authentication.
7794 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
7795 ssh2_pkt_addstring(s->pktout, "ssh-connection");
7796 ssh2_pkt_send(ssh, s->pktout);
7797 crWaitUntilV(pktin);
7798 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT) {
7799 s->we_are_in = TRUE; /* no auth required */
7801 bombout(("Server refused service request"));
7806 /* Arrange to be able to deal with any BANNERs that come in.
7807 * (We do this now as packets may come in during the next bit.) */
7808 bufchain_init(&ssh->banner);
7809 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] =
7810 ssh2_msg_userauth_banner;
7813 * Misc one-time setup for authentication.
7815 s->publickey_blob = NULL;
7816 if (!s->we_are_in) {
7819 * Load the public half of any configured public key file
7822 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
7823 if (!filename_is_null(s->keyfile)) {
7825 logeventf(ssh, "Reading private key file \"%.150s\"",
7826 filename_to_str(s->keyfile));
7827 keytype = key_type(s->keyfile);
7828 if (keytype == SSH_KEYTYPE_SSH2) {
7831 ssh2_userkey_loadpub(s->keyfile,
7832 &s->publickey_algorithm,
7833 &s->publickey_bloblen,
7834 &s->publickey_comment, &error);
7835 if (s->publickey_blob) {
7836 s->publickey_encrypted =
7837 ssh2_userkey_encrypted(s->keyfile, NULL);
7840 logeventf(ssh, "Unable to load private key (%s)",
7842 msgbuf = dupprintf("Unable to load private key file "
7843 "\"%.150s\" (%s)\r\n",
7844 filename_to_str(s->keyfile),
7846 c_write_str(ssh, msgbuf);
7851 logeventf(ssh, "Unable to use this key file (%s)",
7852 key_type_to_str(keytype));
7853 msgbuf = dupprintf("Unable to use key file \"%.150s\""
7855 filename_to_str(s->keyfile),
7856 key_type_to_str(keytype));
7857 c_write_str(ssh, msgbuf);
7859 s->publickey_blob = NULL;
7864 * Find out about any keys Pageant has (but if there's a
7865 * public key configured, filter out all others).
7868 s->agent_response = NULL;
7869 s->pkblob_in_agent = NULL;
7870 if (conf_get_int(ssh->conf, CONF_tryagent) && agent_exists()) {
7874 logevent("Pageant is running. Requesting keys.");
7876 /* Request the keys held by the agent. */
7877 PUT_32BIT(s->agent_request, 1);
7878 s->agent_request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
7879 if (!agent_query(s->agent_request, 5, &r, &s->agent_responselen,
7880 ssh_agent_callback, ssh)) {
7884 bombout(("Unexpected data from server while"
7885 " waiting for agent response"));
7888 } while (pktin || inlen > 0);
7889 r = ssh->agent_response;
7890 s->agent_responselen = ssh->agent_response_len;
7892 s->agent_response = (unsigned char *) r;
7893 if (s->agent_response && s->agent_responselen >= 5 &&
7894 s->agent_response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
7897 p = s->agent_response + 5;
7898 s->nkeys = GET_32BIT(p);
7900 logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
7901 if (s->publickey_blob) {
7902 /* See if configured key is in agent. */
7903 for (keyi = 0; keyi < s->nkeys; keyi++) {
7904 s->pklen = GET_32BIT(p);
7905 if (s->pklen == s->publickey_bloblen &&
7906 !memcmp(p+4, s->publickey_blob,
7907 s->publickey_bloblen)) {
7908 logeventf(ssh, "Pageant key #%d matches "
7909 "configured key file", keyi);
7911 s->pkblob_in_agent = p;
7915 p += GET_32BIT(p) + 4; /* comment */
7917 if (!s->pkblob_in_agent) {
7918 logevent("Configured key file not in Pageant");
7923 logevent("Failed to get reply from Pageant");
7930 * We repeat this whole loop, including the username prompt,
7931 * until we manage a successful authentication. If the user
7932 * types the wrong _password_, they can be sent back to the
7933 * beginning to try another username, if this is configured on.
7934 * (If they specify a username in the config, they are never
7935 * asked, even if they do give a wrong password.)
7937 * I think this best serves the needs of
7939 * - the people who have no configuration, no keys, and just
7940 * want to try repeated (username,password) pairs until they
7941 * type both correctly
7943 * - people who have keys and configuration but occasionally
7944 * need to fall back to passwords
7946 * - people with a key held in Pageant, who might not have
7947 * logged in to a particular machine before; so they want to
7948 * type a username, and then _either_ their key will be
7949 * accepted, _or_ they will type a password. If they mistype
7950 * the username they will want to be able to get back and
7953 s->got_username = FALSE;
7954 while (!s->we_are_in) {
7958 if (s->got_username && !conf_get_int(ssh->conf, CONF_change_username)) {
7960 * We got a username last time round this loop, and
7961 * with change_username turned off we don't try to get
7964 } else if ((ssh->username = get_remote_username(ssh->conf)) == NULL) {
7965 int ret; /* need not be kept over crReturn */
7966 s->cur_prompt = new_prompts(ssh->frontend);
7967 s->cur_prompt->to_server = TRUE;
7968 s->cur_prompt->name = dupstr("SSH login name");
7969 add_prompt(s->cur_prompt, dupstr("login as: "), TRUE);
7970 ret = get_userpass_input(s->cur_prompt, NULL, 0);
7973 crWaitUntilV(!pktin);
7974 ret = get_userpass_input(s->cur_prompt, in, inlen);
7979 * get_userpass_input() failed to get a username.
7982 free_prompts(s->cur_prompt);
7983 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
7986 ssh->username = dupstr(s->cur_prompt->prompts[0]->result);
7987 free_prompts(s->cur_prompt);
7990 if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
7991 stuff = dupprintf("Using username \"%s\".\r\n", ssh->username);
7992 c_write_str(ssh, stuff);
7996 s->got_username = TRUE;
7999 * Send an authentication request using method "none": (a)
8000 * just in case it succeeds, and (b) so that we know what
8001 * authentication methods we can usefully try next.
8003 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
8005 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8006 ssh2_pkt_addstring(s->pktout, ssh->username);
8007 ssh2_pkt_addstring(s->pktout, "ssh-connection");/* service requested */
8008 ssh2_pkt_addstring(s->pktout, "none"); /* method */
8009 ssh2_pkt_send(ssh, s->pktout);
8010 s->type = AUTH_TYPE_NONE;
8012 s->we_are_in = FALSE;
8014 s->tried_pubkey_config = FALSE;
8015 s->kbd_inter_refused = FALSE;
8017 /* Reset agent request state. */
8018 s->done_agent = FALSE;
8019 if (s->agent_response) {
8020 if (s->pkblob_in_agent) {
8021 s->agentp = s->pkblob_in_agent;
8023 s->agentp = s->agent_response + 5 + 4;
8029 char *methods = NULL;
8033 * Wait for the result of the last authentication request.
8036 crWaitUntilV(pktin);
8038 * Now is a convenient point to spew any banner material
8039 * that we've accumulated. (This should ensure that when
8040 * we exit the auth loop, we haven't any left to deal
8044 int size = bufchain_size(&ssh->banner);
8046 * Don't show the banner if we're operating in
8047 * non-verbose non-interactive mode. (It's probably
8048 * a script, which means nobody will read the
8049 * banner _anyway_, and moreover the printing of
8050 * the banner will screw up processing on the
8051 * output of (say) plink.)
8053 if (size && (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE))) {
8054 char *banner = snewn(size, char);
8055 bufchain_fetch(&ssh->banner, banner, size);
8056 c_write_untrusted(ssh, banner, size);
8059 bufchain_clear(&ssh->banner);
8061 if (pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
8062 logevent("Access granted");
8063 s->we_are_in = s->userauth_success = TRUE;
8067 if (pktin->type != SSH2_MSG_USERAUTH_FAILURE && s->type != AUTH_TYPE_GSSAPI) {
8068 bombout(("Strange packet received during authentication: "
8069 "type %d", pktin->type));
8076 * OK, we're now sitting on a USERAUTH_FAILURE message, so
8077 * we can look at the string in it and know what we can
8078 * helpfully try next.
8080 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
8081 ssh_pkt_getstring(pktin, &methods, &methlen);
8082 if (!ssh2_pkt_getbool(pktin)) {
8084 * We have received an unequivocal Access
8085 * Denied. This can translate to a variety of
8086 * messages, or no message at all.
8088 * For forms of authentication which are attempted
8089 * implicitly, by which I mean without printing
8090 * anything in the window indicating that we're
8091 * trying them, we should never print 'Access
8094 * If we do print a message saying that we're
8095 * attempting some kind of authentication, it's OK
8096 * to print a followup message saying it failed -
8097 * but the message may sometimes be more specific
8098 * than simply 'Access denied'.
8100 * Additionally, if we'd just tried password
8101 * authentication, we should break out of this
8102 * whole loop so as to go back to the username
8103 * prompt (iff we're configured to allow
8104 * username change attempts).
8106 if (s->type == AUTH_TYPE_NONE) {
8108 } else if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
8109 s->type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
8110 if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
8111 c_write_str(ssh, "Server refused our key\r\n");
8112 logevent("Server refused our key");
8113 } else if (s->type == AUTH_TYPE_PUBLICKEY) {
8114 /* This _shouldn't_ happen except by a
8115 * protocol bug causing client and server to
8116 * disagree on what is a correct signature. */
8117 c_write_str(ssh, "Server refused public-key signature"
8118 " despite accepting key!\r\n");
8119 logevent("Server refused public-key signature"
8120 " despite accepting key!");
8121 } else if (s->type==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
8122 /* quiet, so no c_write */
8123 logevent("Server refused keyboard-interactive authentication");
8124 } else if (s->type==AUTH_TYPE_GSSAPI) {
8125 /* always quiet, so no c_write */
8126 /* also, the code down in the GSSAPI block has
8127 * already logged this in the Event Log */
8128 } else if (s->type == AUTH_TYPE_KEYBOARD_INTERACTIVE) {
8129 logevent("Keyboard-interactive authentication failed");
8130 c_write_str(ssh, "Access denied\r\n");
8132 assert(s->type == AUTH_TYPE_PASSWORD);
8133 logevent("Password authentication failed");
8134 c_write_str(ssh, "Access denied\r\n");
8136 if (conf_get_int(ssh->conf, CONF_change_username)) {
8137 /* XXX perhaps we should allow
8138 * keyboard-interactive to do this too? */
8139 s->we_are_in = FALSE;
8144 c_write_str(ssh, "Further authentication required\r\n");
8145 logevent("Further authentication required");
8149 in_commasep_string("publickey", methods, methlen);
8151 in_commasep_string("password", methods, methlen);
8152 s->can_keyb_inter = conf_get_int(ssh->conf, CONF_try_ki_auth) &&
8153 in_commasep_string("keyboard-interactive", methods, methlen);
8156 ssh->gsslibs = ssh_gss_setup(ssh->conf);
8157 s->can_gssapi = conf_get_int(ssh->conf, CONF_try_gssapi_auth) &&
8158 in_commasep_string("gssapi-with-mic", methods, methlen) &&
8159 ssh->gsslibs->nlibraries > 0;
8163 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
8165 if (s->can_pubkey && !s->done_agent && s->nkeys) {
8168 * Attempt public-key authentication using a key from Pageant.
8171 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
8173 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
8175 /* Unpack key from agent response */
8176 s->pklen = GET_32BIT(s->agentp);
8178 s->pkblob = (char *)s->agentp;
8179 s->agentp += s->pklen;
8180 s->alglen = GET_32BIT(s->pkblob);
8181 s->alg = s->pkblob + 4;
8182 s->commentlen = GET_32BIT(s->agentp);
8184 s->commentp = (char *)s->agentp;
8185 s->agentp += s->commentlen;
8186 /* s->agentp now points at next key, if any */
8188 /* See if server will accept it */
8189 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8190 ssh2_pkt_addstring(s->pktout, ssh->username);
8191 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8192 /* service requested */
8193 ssh2_pkt_addstring(s->pktout, "publickey");
8195 ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
8196 ssh2_pkt_addstring_start(s->pktout);
8197 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
8198 ssh2_pkt_addstring_start(s->pktout);
8199 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
8200 ssh2_pkt_send(ssh, s->pktout);
8201 s->type = AUTH_TYPE_PUBLICKEY_OFFER_QUIET;
8203 crWaitUntilV(pktin);
8204 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
8206 /* Offer of key refused. */
8213 if (flags & FLAG_VERBOSE) {
8214 c_write_str(ssh, "Authenticating with "
8216 c_write(ssh, s->commentp, s->commentlen);
8217 c_write_str(ssh, "\" from agent\r\n");
8221 * Server is willing to accept the key.
8222 * Construct a SIGN_REQUEST.
8224 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8225 ssh2_pkt_addstring(s->pktout, ssh->username);
8226 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8227 /* service requested */
8228 ssh2_pkt_addstring(s->pktout, "publickey");
8230 ssh2_pkt_addbool(s->pktout, TRUE); /* signature included */
8231 ssh2_pkt_addstring_start(s->pktout);
8232 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
8233 ssh2_pkt_addstring_start(s->pktout);
8234 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
8236 /* Ask agent for signature. */
8237 s->siglen = s->pktout->length - 5 + 4 +
8238 ssh->v2_session_id_len;
8239 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
8241 s->len = 1; /* message type */
8242 s->len += 4 + s->pklen; /* key blob */
8243 s->len += 4 + s->siglen; /* data to sign */
8244 s->len += 4; /* flags */
8245 s->agentreq = snewn(4 + s->len, char);
8246 PUT_32BIT(s->agentreq, s->len);
8247 s->q = s->agentreq + 4;
8248 *s->q++ = SSH2_AGENTC_SIGN_REQUEST;
8249 PUT_32BIT(s->q, s->pklen);
8251 memcpy(s->q, s->pkblob, s->pklen);
8253 PUT_32BIT(s->q, s->siglen);
8255 /* Now the data to be signed... */
8256 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
8257 PUT_32BIT(s->q, ssh->v2_session_id_len);
8260 memcpy(s->q, ssh->v2_session_id,
8261 ssh->v2_session_id_len);
8262 s->q += ssh->v2_session_id_len;
8263 memcpy(s->q, s->pktout->data + 5,
8264 s->pktout->length - 5);
8265 s->q += s->pktout->length - 5;
8266 /* And finally the (zero) flags word. */
8268 if (!agent_query(s->agentreq, s->len + 4,
8270 ssh_agent_callback, ssh)) {
8274 bombout(("Unexpected data from server"
8275 " while waiting for agent"
8279 } while (pktin || inlen > 0);
8280 vret = ssh->agent_response;
8281 s->retlen = ssh->agent_response_len;
8286 if (s->ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
8287 logevent("Sending Pageant's response");
8288 ssh2_add_sigblob(ssh, s->pktout,
8289 s->pkblob, s->pklen,
8291 GET_32BIT(s->ret + 5));
8292 ssh2_pkt_send(ssh, s->pktout);
8293 s->type = AUTH_TYPE_PUBLICKEY;
8295 /* FIXME: less drastic response */
8296 bombout(("Pageant failed to answer challenge"));
8302 /* Do we have any keys left to try? */
8303 if (s->pkblob_in_agent) {
8304 s->done_agent = TRUE;
8305 s->tried_pubkey_config = TRUE;
8308 if (s->keyi >= s->nkeys)
8309 s->done_agent = TRUE;
8312 } else if (s->can_pubkey && s->publickey_blob &&
8313 !s->tried_pubkey_config) {
8315 struct ssh2_userkey *key; /* not live over crReturn */
8316 char *passphrase; /* not live over crReturn */
8318 ssh->pkt_actx = SSH2_PKTCTX_PUBLICKEY;
8320 s->tried_pubkey_config = TRUE;
8323 * Try the public key supplied in the configuration.
8325 * First, offer the public blob to see if the server is
8326 * willing to accept it.
8328 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8329 ssh2_pkt_addstring(s->pktout, ssh->username);
8330 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8331 /* service requested */
8332 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
8333 ssh2_pkt_addbool(s->pktout, FALSE);
8334 /* no signature included */
8335 ssh2_pkt_addstring(s->pktout, s->publickey_algorithm);
8336 ssh2_pkt_addstring_start(s->pktout);
8337 ssh2_pkt_addstring_data(s->pktout,
8338 (char *)s->publickey_blob,
8339 s->publickey_bloblen);
8340 ssh2_pkt_send(ssh, s->pktout);
8341 logevent("Offered public key");
8343 crWaitUntilV(pktin);
8344 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
8345 /* Key refused. Give up. */
8346 s->gotit = TRUE; /* reconsider message next loop */
8347 s->type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
8348 continue; /* process this new message */
8350 logevent("Offer of public key accepted");
8353 * Actually attempt a serious authentication using
8356 if (flags & FLAG_VERBOSE) {
8357 c_write_str(ssh, "Authenticating with public key \"");
8358 c_write_str(ssh, s->publickey_comment);
8359 c_write_str(ssh, "\"\r\n");
8363 const char *error; /* not live over crReturn */
8364 if (s->publickey_encrypted) {
8366 * Get a passphrase from the user.
8368 int ret; /* need not be kept over crReturn */
8369 s->cur_prompt = new_prompts(ssh->frontend);
8370 s->cur_prompt->to_server = FALSE;
8371 s->cur_prompt->name = dupstr("SSH key passphrase");
8372 add_prompt(s->cur_prompt,
8373 dupprintf("Passphrase for key \"%.100s\": ",
8374 s->publickey_comment),
8376 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8379 crWaitUntilV(!pktin);
8380 ret = get_userpass_input(s->cur_prompt,
8385 /* Failed to get a passphrase. Terminate. */
8386 free_prompts(s->cur_prompt);
8387 ssh_disconnect(ssh, NULL,
8388 "Unable to authenticate",
8389 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8394 dupstr(s->cur_prompt->prompts[0]->result);
8395 free_prompts(s->cur_prompt);
8397 passphrase = NULL; /* no passphrase needed */
8401 * Try decrypting the key.
8403 s->keyfile = conf_get_filename(ssh->conf, CONF_keyfile);
8404 key = ssh2_load_userkey(s->keyfile, passphrase, &error);
8406 /* burn the evidence */
8407 smemclr(passphrase, strlen(passphrase));
8410 if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
8412 (key == SSH2_WRONG_PASSPHRASE)) {
8413 c_write_str(ssh, "Wrong passphrase\r\n");
8415 /* and loop again */
8417 c_write_str(ssh, "Unable to load private key (");
8418 c_write_str(ssh, error);
8419 c_write_str(ssh, ")\r\n");
8421 break; /* try something else */
8427 unsigned char *pkblob, *sigblob, *sigdata;
8428 int pkblob_len, sigblob_len, sigdata_len;
8432 * We have loaded the private key and the server
8433 * has announced that it's willing to accept it.
8434 * Hallelujah. Generate a signature and send it.
8436 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8437 ssh2_pkt_addstring(s->pktout, ssh->username);
8438 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8439 /* service requested */
8440 ssh2_pkt_addstring(s->pktout, "publickey");
8442 ssh2_pkt_addbool(s->pktout, TRUE);
8443 /* signature follows */
8444 ssh2_pkt_addstring(s->pktout, key->alg->name);
8445 pkblob = key->alg->public_blob(key->data,
8447 ssh2_pkt_addstring_start(s->pktout);
8448 ssh2_pkt_addstring_data(s->pktout, (char *)pkblob,
8452 * The data to be signed is:
8456 * followed by everything so far placed in the
8459 sigdata_len = s->pktout->length - 5 + 4 +
8460 ssh->v2_session_id_len;
8461 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
8463 sigdata = snewn(sigdata_len, unsigned char);
8465 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
8466 PUT_32BIT(sigdata+p, ssh->v2_session_id_len);
8469 memcpy(sigdata+p, ssh->v2_session_id,
8470 ssh->v2_session_id_len);
8471 p += ssh->v2_session_id_len;
8472 memcpy(sigdata+p, s->pktout->data + 5,
8473 s->pktout->length - 5);
8474 p += s->pktout->length - 5;
8475 assert(p == sigdata_len);
8476 sigblob = key->alg->sign(key->data, (char *)sigdata,
8477 sigdata_len, &sigblob_len);
8478 ssh2_add_sigblob(ssh, s->pktout, pkblob, pkblob_len,
8479 sigblob, sigblob_len);
8484 ssh2_pkt_send(ssh, s->pktout);
8485 logevent("Sent public key signature");
8486 s->type = AUTH_TYPE_PUBLICKEY;
8487 key->alg->freekey(key->data);
8491 } else if (s->can_gssapi && !s->tried_gssapi) {
8493 /* GSSAPI Authentication */
8498 s->type = AUTH_TYPE_GSSAPI;
8499 s->tried_gssapi = TRUE;
8501 ssh->pkt_actx = SSH2_PKTCTX_GSSAPI;
8504 * Pick the highest GSS library on the preference
8510 for (i = 0; i < ngsslibs; i++) {
8511 int want_id = conf_get_int_int(ssh->conf,
8512 CONF_ssh_gsslist, i);
8513 for (j = 0; j < ssh->gsslibs->nlibraries; j++)
8514 if (ssh->gsslibs->libraries[j].id == want_id) {
8515 s->gsslib = &ssh->gsslibs->libraries[j];
8516 goto got_gsslib; /* double break */
8521 * We always expect to have found something in
8522 * the above loop: we only came here if there
8523 * was at least one viable GSS library, and the
8524 * preference list should always mention
8525 * everything and only change the order.
8530 if (s->gsslib->gsslogmsg)
8531 logevent(s->gsslib->gsslogmsg);
8533 /* Sending USERAUTH_REQUEST with "gssapi-with-mic" method */
8534 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8535 ssh2_pkt_addstring(s->pktout, ssh->username);
8536 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8537 ssh2_pkt_addstring(s->pktout, "gssapi-with-mic");
8538 logevent("Attempting GSSAPI authentication");
8540 /* add mechanism info */
8541 s->gsslib->indicate_mech(s->gsslib, &s->gss_buf);
8543 /* number of GSSAPI mechanisms */
8544 ssh2_pkt_adduint32(s->pktout,1);
8546 /* length of OID + 2 */
8547 ssh2_pkt_adduint32(s->pktout, s->gss_buf.length + 2);
8548 ssh2_pkt_addbyte(s->pktout, SSH2_GSS_OIDTYPE);
8551 ssh2_pkt_addbyte(s->pktout, (unsigned char) s->gss_buf.length);
8553 ssh_pkt_adddata(s->pktout, s->gss_buf.value,
8555 ssh2_pkt_send(ssh, s->pktout);
8556 crWaitUntilV(pktin);
8557 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_RESPONSE) {
8558 logevent("GSSAPI authentication request refused");
8562 /* check returned packet ... */
8564 ssh_pkt_getstring(pktin, &data, &len);
8565 s->gss_rcvtok.value = data;
8566 s->gss_rcvtok.length = len;
8567 if (s->gss_rcvtok.length != s->gss_buf.length + 2 ||
8568 ((char *)s->gss_rcvtok.value)[0] != SSH2_GSS_OIDTYPE ||
8569 ((char *)s->gss_rcvtok.value)[1] != s->gss_buf.length ||
8570 memcmp((char *)s->gss_rcvtok.value + 2,
8571 s->gss_buf.value,s->gss_buf.length) ) {
8572 logevent("GSSAPI authentication - wrong response from server");
8576 /* now start running */
8577 s->gss_stat = s->gsslib->import_name(s->gsslib,
8580 if (s->gss_stat != SSH_GSS_OK) {
8581 if (s->gss_stat == SSH_GSS_BAD_HOST_NAME)
8582 logevent("GSSAPI import name failed - Bad service name");
8584 logevent("GSSAPI import name failed");
8588 /* fetch TGT into GSS engine */
8589 s->gss_stat = s->gsslib->acquire_cred(s->gsslib, &s->gss_ctx);
8591 if (s->gss_stat != SSH_GSS_OK) {
8592 logevent("GSSAPI authentication failed to get credentials");
8593 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8597 /* initial tokens are empty */
8598 SSH_GSS_CLEAR_BUF(&s->gss_rcvtok);
8599 SSH_GSS_CLEAR_BUF(&s->gss_sndtok);
8601 /* now enter the loop */
8603 s->gss_stat = s->gsslib->init_sec_context
8607 conf_get_int(ssh->conf, CONF_gssapifwd),
8611 if (s->gss_stat!=SSH_GSS_S_COMPLETE &&
8612 s->gss_stat!=SSH_GSS_S_CONTINUE_NEEDED) {
8613 logevent("GSSAPI authentication initialisation failed");
8615 if (s->gsslib->display_status(s->gsslib, s->gss_ctx,
8616 &s->gss_buf) == SSH_GSS_OK) {
8617 logevent(s->gss_buf.value);
8618 sfree(s->gss_buf.value);
8623 logevent("GSSAPI authentication initialised");
8625 /* Client and server now exchange tokens until GSSAPI
8626 * no longer says CONTINUE_NEEDED */
8628 if (s->gss_sndtok.length != 0) {
8629 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
8630 ssh_pkt_addstring_start(s->pktout);
8631 ssh_pkt_addstring_data(s->pktout,s->gss_sndtok.value,s->gss_sndtok.length);
8632 ssh2_pkt_send(ssh, s->pktout);
8633 s->gsslib->free_tok(s->gsslib, &s->gss_sndtok);
8636 if (s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED) {
8637 crWaitUntilV(pktin);
8638 if (pktin->type != SSH2_MSG_USERAUTH_GSSAPI_TOKEN) {
8639 logevent("GSSAPI authentication - bad server response");
8640 s->gss_stat = SSH_GSS_FAILURE;
8643 ssh_pkt_getstring(pktin, &data, &len);
8644 s->gss_rcvtok.value = data;
8645 s->gss_rcvtok.length = len;
8647 } while (s-> gss_stat == SSH_GSS_S_CONTINUE_NEEDED);
8649 if (s->gss_stat != SSH_GSS_OK) {
8650 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8651 s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
8654 logevent("GSSAPI authentication loop finished OK");
8656 /* Now send the MIC */
8658 s->pktout = ssh2_pkt_init(0);
8659 micoffset = s->pktout->length;
8660 ssh_pkt_addstring_start(s->pktout);
8661 ssh_pkt_addstring_data(s->pktout, (char *)ssh->v2_session_id, ssh->v2_session_id_len);
8662 ssh_pkt_addbyte(s->pktout, SSH2_MSG_USERAUTH_REQUEST);
8663 ssh_pkt_addstring(s->pktout, ssh->username);
8664 ssh_pkt_addstring(s->pktout, "ssh-connection");
8665 ssh_pkt_addstring(s->pktout, "gssapi-with-mic");
8667 s->gss_buf.value = (char *)s->pktout->data + micoffset;
8668 s->gss_buf.length = s->pktout->length - micoffset;
8670 s->gsslib->get_mic(s->gsslib, s->gss_ctx, &s->gss_buf, &mic);
8671 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_MIC);
8672 ssh_pkt_addstring_start(s->pktout);
8673 ssh_pkt_addstring_data(s->pktout, mic.value, mic.length);
8674 ssh2_pkt_send(ssh, s->pktout);
8675 s->gsslib->free_mic(s->gsslib, &mic);
8679 s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
8680 s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
8683 } else if (s->can_keyb_inter && !s->kbd_inter_refused) {
8686 * Keyboard-interactive authentication.
8689 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
8691 ssh->pkt_actx = SSH2_PKTCTX_KBDINTER;
8693 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8694 ssh2_pkt_addstring(s->pktout, ssh->username);
8695 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8696 /* service requested */
8697 ssh2_pkt_addstring(s->pktout, "keyboard-interactive");
8699 ssh2_pkt_addstring(s->pktout, ""); /* lang */
8700 ssh2_pkt_addstring(s->pktout, ""); /* submethods */
8701 ssh2_pkt_send(ssh, s->pktout);
8703 logevent("Attempting keyboard-interactive authentication");
8705 crWaitUntilV(pktin);
8706 if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
8707 /* Server is not willing to do keyboard-interactive
8708 * at all (or, bizarrely but legally, accepts the
8709 * user without actually issuing any prompts).
8710 * Give up on it entirely. */
8712 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
8713 s->kbd_inter_refused = TRUE; /* don't try it again */
8718 * Loop while the server continues to send INFO_REQUESTs.
8720 while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
8722 char *name, *inst, *lang;
8723 int name_len, inst_len, lang_len;
8727 * We've got a fresh USERAUTH_INFO_REQUEST.
8728 * Get the preamble and start building a prompt.
8730 ssh_pkt_getstring(pktin, &name, &name_len);
8731 ssh_pkt_getstring(pktin, &inst, &inst_len);
8732 ssh_pkt_getstring(pktin, &lang, &lang_len);
8733 s->cur_prompt = new_prompts(ssh->frontend);
8734 s->cur_prompt->to_server = TRUE;
8737 * Get any prompt(s) from the packet.
8739 s->num_prompts = ssh_pkt_getuint32(pktin);
8740 for (i = 0; i < s->num_prompts; i++) {
8744 static char noprompt[] =
8745 "<server failed to send prompt>: ";
8747 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8748 echo = ssh2_pkt_getbool(pktin);
8751 prompt_len = lenof(noprompt)-1;
8753 add_prompt(s->cur_prompt,
8754 dupprintf("%.*s", prompt_len, prompt),
8759 /* FIXME: better prefix to distinguish from
8761 s->cur_prompt->name =
8762 dupprintf("SSH server: %.*s", name_len, name);
8763 s->cur_prompt->name_reqd = TRUE;
8765 s->cur_prompt->name =
8766 dupstr("SSH server authentication");
8767 s->cur_prompt->name_reqd = FALSE;
8769 /* We add a prefix to try to make it clear that a prompt
8770 * has come from the server.
8771 * FIXME: ugly to print "Using..." in prompt _every_
8772 * time round. Can this be done more subtly? */
8773 /* Special case: for reasons best known to themselves,
8774 * some servers send k-i requests with no prompts and
8775 * nothing to display. Keep quiet in this case. */
8776 if (s->num_prompts || name_len || inst_len) {
8777 s->cur_prompt->instruction =
8778 dupprintf("Using keyboard-interactive authentication.%s%.*s",
8779 inst_len ? "\n" : "", inst_len, inst);
8780 s->cur_prompt->instr_reqd = TRUE;
8782 s->cur_prompt->instr_reqd = FALSE;
8786 * Display any instructions, and get the user's
8790 int ret; /* not live over crReturn */
8791 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8794 crWaitUntilV(!pktin);
8795 ret = get_userpass_input(s->cur_prompt, in, inlen);
8800 * Failed to get responses. Terminate.
8802 free_prompts(s->cur_prompt);
8803 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8804 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8811 * Send the response(s) to the server.
8813 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
8814 ssh2_pkt_adduint32(s->pktout, s->num_prompts);
8815 for (i=0; i < s->num_prompts; i++) {
8816 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8817 ssh2_pkt_addstring(s->pktout,
8818 s->cur_prompt->prompts[i]->result);
8819 end_log_omission(ssh, s->pktout);
8821 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8824 * Free the prompts structure from this iteration.
8825 * If there's another, a new one will be allocated
8826 * when we return to the top of this while loop.
8828 free_prompts(s->cur_prompt);
8831 * Get the next packet in case it's another
8834 crWaitUntilV(pktin);
8839 * We should have SUCCESS or FAILURE now.
8843 } else if (s->can_passwd) {
8846 * Plain old password authentication.
8848 int ret; /* not live over crReturn */
8849 int changereq_first_time; /* not live over crReturn */
8851 ssh->pkt_actx = SSH2_PKTCTX_PASSWORD;
8853 s->cur_prompt = new_prompts(ssh->frontend);
8854 s->cur_prompt->to_server = TRUE;
8855 s->cur_prompt->name = dupstr("SSH password");
8856 add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
8861 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8864 crWaitUntilV(!pktin);
8865 ret = get_userpass_input(s->cur_prompt, in, inlen);
8870 * Failed to get responses. Terminate.
8872 free_prompts(s->cur_prompt);
8873 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8874 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8879 * Squirrel away the password. (We may need it later if
8880 * asked to change it.)
8882 s->password = dupstr(s->cur_prompt->prompts[0]->result);
8883 free_prompts(s->cur_prompt);
8886 * Send the password packet.
8888 * We pad out the password packet to 256 bytes to make
8889 * it harder for an attacker to find the length of the
8892 * Anyone using a password longer than 256 bytes
8893 * probably doesn't have much to worry about from
8894 * people who find out how long their password is!
8896 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
8897 ssh2_pkt_addstring(s->pktout, ssh->username);
8898 ssh2_pkt_addstring(s->pktout, "ssh-connection");
8899 /* service requested */
8900 ssh2_pkt_addstring(s->pktout, "password");
8901 ssh2_pkt_addbool(s->pktout, FALSE);
8902 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
8903 ssh2_pkt_addstring(s->pktout, s->password);
8904 end_log_omission(ssh, s->pktout);
8905 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
8906 logevent("Sent password");
8907 s->type = AUTH_TYPE_PASSWORD;
8910 * Wait for next packet, in case it's a password change
8913 crWaitUntilV(pktin);
8914 changereq_first_time = TRUE;
8916 while (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
8919 * We're being asked for a new password
8920 * (perhaps not for the first time).
8921 * Loop until the server accepts it.
8924 int got_new = FALSE; /* not live over crReturn */
8925 char *prompt; /* not live over crReturn */
8926 int prompt_len; /* not live over crReturn */
8930 if (changereq_first_time)
8931 msg = "Server requested password change";
8933 msg = "Server rejected new password";
8935 c_write_str(ssh, msg);
8936 c_write_str(ssh, "\r\n");
8939 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
8941 s->cur_prompt = new_prompts(ssh->frontend);
8942 s->cur_prompt->to_server = TRUE;
8943 s->cur_prompt->name = dupstr("New SSH password");
8944 s->cur_prompt->instruction =
8945 dupprintf("%.*s", prompt_len, prompt);
8946 s->cur_prompt->instr_reqd = TRUE;
8948 * There's no explicit requirement in the protocol
8949 * for the "old" passwords in the original and
8950 * password-change messages to be the same, and
8951 * apparently some Cisco kit supports password change
8952 * by the user entering a blank password originally
8953 * and the real password subsequently, so,
8954 * reluctantly, we prompt for the old password again.
8956 * (On the other hand, some servers don't even bother
8957 * to check this field.)
8959 add_prompt(s->cur_prompt,
8960 dupstr("Current password (blank for previously entered password): "),
8962 add_prompt(s->cur_prompt, dupstr("Enter new password: "),
8964 add_prompt(s->cur_prompt, dupstr("Confirm new password: "),
8968 * Loop until the user manages to enter the same
8973 ret = get_userpass_input(s->cur_prompt, NULL, 0);
8976 crWaitUntilV(!pktin);
8977 ret = get_userpass_input(s->cur_prompt, in, inlen);
8982 * Failed to get responses. Terminate.
8984 /* burn the evidence */
8985 free_prompts(s->cur_prompt);
8986 smemclr(s->password, strlen(s->password));
8988 ssh_disconnect(ssh, NULL, "Unable to authenticate",
8989 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
8995 * If the user specified a new original password
8996 * (IYSWIM), overwrite any previously specified
8998 * (A side effect is that the user doesn't have to
8999 * re-enter it if they louse up the new password.)
9001 if (s->cur_prompt->prompts[0]->result[0]) {
9002 smemclr(s->password, strlen(s->password));
9003 /* burn the evidence */
9006 dupstr(s->cur_prompt->prompts[0]->result);
9010 * Check the two new passwords match.
9012 got_new = (strcmp(s->cur_prompt->prompts[1]->result,
9013 s->cur_prompt->prompts[2]->result)
9016 /* They don't. Silly user. */
9017 c_write_str(ssh, "Passwords do not match\r\n");
9022 * Send the new password (along with the old one).
9023 * (see above for padding rationale)
9025 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
9026 ssh2_pkt_addstring(s->pktout, ssh->username);
9027 ssh2_pkt_addstring(s->pktout, "ssh-connection");
9028 /* service requested */
9029 ssh2_pkt_addstring(s->pktout, "password");
9030 ssh2_pkt_addbool(s->pktout, TRUE);
9031 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
9032 ssh2_pkt_addstring(s->pktout, s->password);
9033 ssh2_pkt_addstring(s->pktout,
9034 s->cur_prompt->prompts[1]->result);
9035 free_prompts(s->cur_prompt);
9036 end_log_omission(ssh, s->pktout);
9037 ssh2_pkt_send_with_padding(ssh, s->pktout, 256);
9038 logevent("Sent new password");
9041 * Now see what the server has to say about it.
9042 * (If it's CHANGEREQ again, it's not happy with the
9045 crWaitUntilV(pktin);
9046 changereq_first_time = FALSE;
9051 * We need to reexamine the current pktin at the top
9052 * of the loop. Either:
9053 * - we weren't asked to change password at all, in
9054 * which case it's a SUCCESS or FAILURE with the
9056 * - we sent a new password, and the server was
9057 * either OK with it (SUCCESS or FAILURE w/partial
9058 * success) or unhappy with the _old_ password
9059 * (FAILURE w/o partial success)
9060 * In any of these cases, we go back to the top of
9061 * the loop and start again.
9066 * We don't need the old password any more, in any
9067 * case. Burn the evidence.
9069 smemclr(s->password, strlen(s->password));
9073 char *str = dupprintf("No supported authentication methods available"
9074 " (server sent: %.*s)",
9077 ssh_disconnect(ssh, str,
9078 "No supported authentication methods available",
9079 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,
9089 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
9091 /* Clear up various bits and pieces from authentication. */
9092 if (s->publickey_blob) {
9093 sfree(s->publickey_blob);
9094 sfree(s->publickey_comment);
9096 if (s->agent_response)
9097 sfree(s->agent_response);
9099 if (s->userauth_success) {
9101 * We've just received USERAUTH_SUCCESS, and we haven't sent any
9102 * packets since. Signal the transport layer to consider enacting
9103 * delayed compression.
9105 * (Relying on we_are_in is not sufficient, as
9106 * draft-miller-secsh-compression-delayed is quite clear that it
9107 * triggers on USERAUTH_SUCCESS specifically, and we_are_in can
9108 * become set for other reasons.)
9110 do_ssh2_transport(ssh, "enabling delayed compression", -2, NULL);
9114 * Now the connection protocol has started, one way or another.
9117 ssh->channels = newtree234(ssh_channelcmp);
9120 * Set up handlers for some connection protocol messages, so we
9121 * don't have to handle them repeatedly in this coroutine.
9123 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] =
9124 ssh2_msg_channel_window_adjust;
9125 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] =
9126 ssh2_msg_global_request;
9129 * Create the main session channel.
9131 if (conf_get_int(ssh->conf, CONF_ssh_no_shell)) {
9132 ssh->mainchan = NULL;
9134 ssh->mainchan = snew(struct ssh_channel);
9135 ssh->mainchan->ssh = ssh;
9136 ssh2_channel_init(ssh->mainchan);
9138 if (*conf_get_str(ssh->conf, CONF_ssh_nc_host)) {
9140 * Just start a direct-tcpip channel and use it as the main
9143 ssh_send_port_open(ssh->mainchan,
9144 conf_get_str(ssh->conf, CONF_ssh_nc_host),
9145 conf_get_int(ssh->conf, CONF_ssh_nc_port),
9149 s->pktout = ssh2_chanopen_init(ssh->mainchan, "session");
9150 logevent("Opening session as main channel");
9151 ssh2_pkt_send(ssh, s->pktout);
9152 ssh->ncmode = FALSE;
9154 crWaitUntilV(pktin);
9155 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
9156 bombout(("Server refused to open channel"));
9158 /* FIXME: error data comes back in FAILURE packet */
9160 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
9161 bombout(("Server's channel confirmation cited wrong channel"));
9164 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
9165 ssh->mainchan->halfopen = FALSE;
9166 ssh->mainchan->type = CHAN_MAINSESSION;
9167 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
9168 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
9169 add234(ssh->channels, ssh->mainchan);
9170 update_specials_menu(ssh->frontend);
9171 logevent("Opened main channel");
9175 * Now we have a channel, make dispatch table entries for
9176 * general channel-based messages.
9178 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] =
9179 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] =
9180 ssh2_msg_channel_data;
9181 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_channel_eof;
9182 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_channel_close;
9183 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] =
9184 ssh2_msg_channel_open_confirmation;
9185 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] =
9186 ssh2_msg_channel_open_failure;
9187 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] =
9188 ssh2_msg_channel_request;
9189 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] =
9190 ssh2_msg_channel_open;
9191 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = ssh2_msg_channel_response;
9192 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = ssh2_msg_channel_response;
9195 if (ssh->mainchan && conf_get_int(ssh->conf, CONF_ssh_simple)) {
9197 * This message indicates to the server that we promise
9198 * not to try to run any other channel in parallel with
9199 * this one, so it's safe for it to advertise a very large
9200 * window and leave the flow control to TCP.
9202 s->pktout = ssh2_chanreq_init(ssh->mainchan,
9203 "simple@putty.projects.tartarus.org",
9205 ssh2_pkt_send(ssh, s->pktout);
9209 * Enable port forwardings.
9211 ssh_setup_portfwd(ssh, ssh->conf);
9213 if (ssh->mainchan && !ssh->ncmode) {
9215 * Send the CHANNEL_REQUESTS for the main session channel.
9216 * Each one is handled by its own little asynchronous
9220 /* Potentially enable X11 forwarding. */
9221 if (conf_get_int(ssh->conf, CONF_x11_forward) &&
9223 x11_setup_display(conf_get_str(ssh->conf, CONF_x11_display),
9224 conf_get_int(ssh->conf, CONF_x11_auth),
9226 ssh2_setup_x11(ssh->mainchan, NULL, NULL);
9228 /* Potentially enable agent forwarding. */
9229 if (conf_get_int(ssh->conf, CONF_agentfwd) && agent_exists())
9230 ssh2_setup_agent(ssh->mainchan, NULL, NULL);
9232 /* Now allocate a pty for the session. */
9233 if (!conf_get_int(ssh->conf, CONF_nopty))
9234 ssh2_setup_pty(ssh->mainchan, NULL, NULL);
9236 /* Send environment variables. */
9237 ssh2_setup_env(ssh->mainchan, NULL, NULL);
9240 * Start a shell or a remote command. We may have to attempt
9241 * this twice if the config data has provided a second choice
9248 if (ssh->fallback_cmd) {
9249 subsys = conf_get_int(ssh->conf, CONF_ssh_subsys2);
9250 cmd = conf_get_str(ssh->conf, CONF_remote_cmd2);
9252 subsys = conf_get_int(ssh->conf, CONF_ssh_subsys);
9253 cmd = conf_get_str(ssh->conf, CONF_remote_cmd);
9257 s->pktout = ssh2_chanreq_init(ssh->mainchan, "subsystem",
9258 ssh2_response_authconn, NULL);
9259 ssh2_pkt_addstring(s->pktout, cmd);
9261 s->pktout = ssh2_chanreq_init(ssh->mainchan, "exec",
9262 ssh2_response_authconn, NULL);
9263 ssh2_pkt_addstring(s->pktout, cmd);
9265 s->pktout = ssh2_chanreq_init(ssh->mainchan, "shell",
9266 ssh2_response_authconn, NULL);
9268 ssh2_pkt_send(ssh, s->pktout);
9270 crWaitUntilV(pktin);
9272 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
9273 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
9274 bombout(("Unexpected response to shell/command request:"
9275 " packet type %d", pktin->type));
9279 * We failed to start the command. If this is the
9280 * fallback command, we really are finished; if it's
9281 * not, and if the fallback command exists, try falling
9282 * back to it before complaining.
9284 if (!ssh->fallback_cmd &&
9285 *conf_get_str(ssh->conf, CONF_remote_cmd2)) {
9286 logevent("Primary command failed; attempting fallback");
9287 ssh->fallback_cmd = TRUE;
9290 bombout(("Server refused to start a shell/command"));
9293 logevent("Started a shell/command");
9298 ssh->editing = ssh->echoing = TRUE;
9301 ssh->state = SSH_STATE_SESSION;
9302 if (ssh->size_needed)
9303 ssh_size(ssh, ssh->term_width, ssh->term_height);
9304 if (ssh->eof_needed)
9305 ssh_special(ssh, TS_EOF);
9311 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
9316 s->try_send = FALSE;
9320 * _All_ the connection-layer packets we expect to
9321 * receive are now handled by the dispatch table.
9322 * Anything that reaches here must be bogus.
9325 bombout(("Strange packet received: type %d", pktin->type));
9327 } else if (ssh->mainchan) {
9329 * We have spare data. Add it to the channel buffer.
9331 ssh2_add_channel_data(ssh->mainchan, (char *)in, inlen);
9336 struct ssh_channel *c;
9338 * Try to send data on all channels if we can.
9340 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
9341 ssh2_try_send_and_unthrottle(ssh, c);
9349 * Handlers for SSH-2 messages that might arrive at any moment.
9351 static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
9353 /* log reason code in disconnect message */
9357 reason = ssh_pkt_getuint32(pktin);
9358 ssh_pkt_getstring(pktin, &msg, &msglen);
9360 if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
9361 buf = dupprintf("Received disconnect message (%s)",
9362 ssh2_disconnect_reasons[reason]);
9364 buf = dupprintf("Received disconnect message (unknown"
9365 " type %d)", reason);
9369 buf = dupprintf("Disconnection message text: %.*s",
9372 bombout(("Server sent disconnect message\ntype %d (%s):\n\"%.*s\"",
9374 (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
9375 ssh2_disconnect_reasons[reason] : "unknown",
9380 static void ssh2_msg_debug(Ssh ssh, struct Packet *pktin)
9382 /* log the debug message */
9386 /* XXX maybe we should actually take notice of the return value */
9387 ssh2_pkt_getbool(pktin);
9388 ssh_pkt_getstring(pktin, &msg, &msglen);
9390 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
9393 static void ssh2_msg_transport(Ssh ssh, struct Packet *pktin)
9395 do_ssh2_transport(ssh, NULL, 0, pktin);
9399 * Called if we receive a packet that isn't allowed by the protocol.
9400 * This only applies to packets whose meaning PuTTY understands.
9401 * Entirely unknown packets are handled below.
9403 static void ssh2_msg_unexpected(Ssh ssh, struct Packet *pktin)
9405 char *buf = dupprintf("Server protocol violation: unexpected %s packet",
9406 ssh2_pkt_type(ssh->pkt_kctx, ssh->pkt_actx,
9408 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
9412 static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
9414 struct Packet *pktout;
9415 pktout = ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED);
9416 ssh2_pkt_adduint32(pktout, pktin->sequence);
9418 * UNIMPLEMENTED messages MUST appear in the same order as the
9419 * messages they respond to. Hence, never queue them.
9421 ssh2_pkt_send_noqueue(ssh, pktout);
9425 * Handle the top-level SSH-2 protocol.
9427 static void ssh2_protocol_setup(Ssh ssh)
9432 * Most messages cause SSH2_MSG_UNIMPLEMENTED.
9434 for (i = 0; i < 256; i++)
9435 ssh->packet_dispatch[i] = ssh2_msg_something_unimplemented;
9438 * Initially, we only accept transport messages (and a few generic
9439 * ones). do_ssh2_authconn will add more when it starts.
9440 * Messages that are understood but not currently acceptable go to
9441 * ssh2_msg_unexpected.
9443 ssh->packet_dispatch[SSH2_MSG_UNIMPLEMENTED] = ssh2_msg_unexpected;
9444 ssh->packet_dispatch[SSH2_MSG_SERVICE_REQUEST] = ssh2_msg_unexpected;
9445 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = ssh2_msg_unexpected;
9446 ssh->packet_dispatch[SSH2_MSG_KEXINIT] = ssh2_msg_transport;
9447 ssh->packet_dispatch[SSH2_MSG_NEWKEYS] = ssh2_msg_transport;
9448 ssh->packet_dispatch[SSH2_MSG_KEXDH_INIT] = ssh2_msg_transport;
9449 ssh->packet_dispatch[SSH2_MSG_KEXDH_REPLY] = ssh2_msg_transport;
9450 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REQUEST] = ssh2_msg_transport; duplicate case value */
9451 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_GROUP] = ssh2_msg_transport; duplicate case value */
9452 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_INIT] = ssh2_msg_transport;
9453 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REPLY] = ssh2_msg_transport;
9454 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = ssh2_msg_unexpected;
9455 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = ssh2_msg_unexpected;
9456 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = ssh2_msg_unexpected;
9457 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = ssh2_msg_unexpected;
9458 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = ssh2_msg_unexpected;
9459 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = ssh2_msg_unexpected; duplicate case value */
9460 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = ssh2_msg_unexpected; duplicate case value */
9461 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = ssh2_msg_unexpected;
9462 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = ssh2_msg_unexpected;
9463 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = ssh2_msg_unexpected;
9464 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = ssh2_msg_unexpected;
9465 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = ssh2_msg_unexpected;
9466 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = ssh2_msg_unexpected;
9467 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = ssh2_msg_unexpected;
9468 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = ssh2_msg_unexpected;
9469 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = ssh2_msg_unexpected;
9470 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = ssh2_msg_unexpected;
9471 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_unexpected;
9472 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_unexpected;
9473 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] = ssh2_msg_unexpected;
9474 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = ssh2_msg_unexpected;
9475 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = ssh2_msg_unexpected;
9478 * These messages have a special handler from the start.
9480 ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
9481 ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
9482 ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
9485 static void ssh2_timer(void *ctx, unsigned long now)
9489 if (ssh->state == SSH_STATE_CLOSED)
9492 if (!ssh->kex_in_progress && conf_get_int(ssh->conf, CONF_ssh_rekey_time) != 0 &&
9493 now == ssh->next_rekey) {
9494 do_ssh2_transport(ssh, "timeout", -1, NULL);
9498 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
9499 struct Packet *pktin)
9501 unsigned char *in = (unsigned char *)vin;
9502 if (ssh->state == SSH_STATE_CLOSED)
9506 ssh->incoming_data_size += pktin->encrypted_len;
9507 if (!ssh->kex_in_progress &&
9508 ssh->max_data_size != 0 &&
9509 ssh->incoming_data_size > ssh->max_data_size)
9510 do_ssh2_transport(ssh, "too much data received", -1, NULL);
9514 ssh->packet_dispatch[pktin->type](ssh, pktin);
9515 else if (!ssh->protocol_initial_phase_done)
9516 do_ssh2_transport(ssh, in, inlen, pktin);
9518 do_ssh2_authconn(ssh, in, inlen, pktin);
9521 static void ssh_cache_conf_values(Ssh ssh)
9523 ssh->logomitdata = conf_get_int(ssh->conf, CONF_logomitdata);
9527 * Called to set up the connection.
9529 * Returns an error message, or NULL on success.
9531 static const char *ssh_init(void *frontend_handle, void **backend_handle,
9532 Conf *conf, char *host, int port, char **realhost,
9533 int nodelay, int keepalive)
9538 ssh = snew(struct ssh_tag);
9539 ssh->conf = conf_copy(conf);
9540 ssh_cache_conf_values(ssh);
9541 ssh->version = 0; /* when not ready yet */
9544 ssh->v1_cipher_ctx = NULL;
9545 ssh->crcda_ctx = NULL;
9546 ssh->cscipher = NULL;
9547 ssh->cs_cipher_ctx = NULL;
9548 ssh->sccipher = NULL;
9549 ssh->sc_cipher_ctx = NULL;
9551 ssh->cs_mac_ctx = NULL;
9553 ssh->sc_mac_ctx = NULL;
9555 ssh->cs_comp_ctx = NULL;
9557 ssh->sc_comp_ctx = NULL;
9559 ssh->kex_ctx = NULL;
9560 ssh->hostkey = NULL;
9562 ssh->close_expected = FALSE;
9563 ssh->clean_exit = FALSE;
9564 ssh->state = SSH_STATE_PREPACKET;
9565 ssh->size_needed = FALSE;
9566 ssh->eof_needed = FALSE;
9569 ssh->deferred_send_data = NULL;
9570 ssh->deferred_len = 0;
9571 ssh->deferred_size = 0;
9572 ssh->fallback_cmd = 0;
9573 ssh->pkt_kctx = SSH2_PKTCTX_NOKEX;
9574 ssh->pkt_actx = SSH2_PKTCTX_NOAUTH;
9575 ssh->x11disp = NULL;
9576 ssh->v1_compressing = FALSE;
9577 ssh->v2_outgoing_sequence = 0;
9578 ssh->ssh1_rdpkt_crstate = 0;
9579 ssh->ssh2_rdpkt_crstate = 0;
9580 ssh->ssh_gotdata_crstate = 0;
9581 ssh->do_ssh1_connection_crstate = 0;
9582 ssh->do_ssh_init_state = NULL;
9583 ssh->do_ssh1_login_state = NULL;
9584 ssh->do_ssh2_transport_state = NULL;
9585 ssh->do_ssh2_authconn_state = NULL;
9588 ssh->mainchan = NULL;
9589 ssh->throttled_all = 0;
9590 ssh->v1_stdout_throttling = 0;
9592 ssh->queuelen = ssh->queuesize = 0;
9593 ssh->queueing = FALSE;
9594 ssh->qhead = ssh->qtail = NULL;
9595 ssh->deferred_rekey_reason = NULL;
9596 bufchain_init(&ssh->queued_incoming_data);
9597 ssh->frozen = FALSE;
9598 ssh->username = NULL;
9599 ssh->sent_console_eof = FALSE;
9600 ssh->got_pty = FALSE;
9602 *backend_handle = ssh;
9605 if (crypto_startup() == 0)
9606 return "Microsoft high encryption pack not installed!";
9609 ssh->frontend = frontend_handle;
9610 ssh->term_width = conf_get_int(ssh->conf, CONF_width);
9611 ssh->term_height = conf_get_int(ssh->conf, CONF_height);
9613 ssh->channels = NULL;
9614 ssh->rportfwds = NULL;
9615 ssh->portfwds = NULL;
9620 ssh->conn_throttle_count = 0;
9621 ssh->overall_bufsize = 0;
9622 ssh->fallback_cmd = 0;
9624 ssh->protocol = NULL;
9626 ssh->protocol_initial_phase_done = FALSE;
9630 ssh->incoming_data_size = ssh->outgoing_data_size =
9631 ssh->deferred_data_size = 0L;
9632 ssh->max_data_size = parse_blocksize(conf_get_str(ssh->conf,
9633 CONF_ssh_rekey_data));
9634 ssh->kex_in_progress = FALSE;
9637 ssh->gsslibs = NULL;
9640 p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
9649 static void ssh_free(void *handle)
9651 Ssh ssh = (Ssh) handle;
9652 struct ssh_channel *c;
9653 struct ssh_rportfwd *pf;
9655 if (ssh->v1_cipher_ctx)
9656 ssh->cipher->free_context(ssh->v1_cipher_ctx);
9657 if (ssh->cs_cipher_ctx)
9658 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
9659 if (ssh->sc_cipher_ctx)
9660 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
9661 if (ssh->cs_mac_ctx)
9662 ssh->csmac->free_context(ssh->cs_mac_ctx);
9663 if (ssh->sc_mac_ctx)
9664 ssh->scmac->free_context(ssh->sc_mac_ctx);
9665 if (ssh->cs_comp_ctx) {
9667 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
9669 zlib_compress_cleanup(ssh->cs_comp_ctx);
9671 if (ssh->sc_comp_ctx) {
9673 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
9675 zlib_decompress_cleanup(ssh->sc_comp_ctx);
9678 dh_cleanup(ssh->kex_ctx);
9679 sfree(ssh->savedhost);
9681 while (ssh->queuelen-- > 0)
9682 ssh_free_packet(ssh->queue[ssh->queuelen]);
9685 while (ssh->qhead) {
9686 struct queued_handler *qh = ssh->qhead;
9687 ssh->qhead = qh->next;
9690 ssh->qhead = ssh->qtail = NULL;
9692 if (ssh->channels) {
9693 while ((c = delpos234(ssh->channels, 0)) != NULL) {
9696 if (c->u.x11.s != NULL)
9697 x11_close(c->u.x11.s);
9700 case CHAN_SOCKDATA_DORMANT:
9701 if (c->u.pfd.s != NULL)
9702 pfd_close(c->u.pfd.s);
9705 if (ssh->version == 2) {
9706 struct outstanding_channel_request *ocr, *nocr;
9707 ocr = c->v.v2.chanreq_head;
9709 ocr->handler(c, NULL, ocr->ctx);
9714 bufchain_clear(&c->v.v2.outbuffer);
9718 freetree234(ssh->channels);
9719 ssh->channels = NULL;
9722 if (ssh->rportfwds) {
9723 while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
9725 freetree234(ssh->rportfwds);
9726 ssh->rportfwds = NULL;
9728 sfree(ssh->deferred_send_data);
9730 x11_free_display(ssh->x11disp);
9731 sfree(ssh->do_ssh_init_state);
9732 sfree(ssh->do_ssh1_login_state);
9733 sfree(ssh->do_ssh2_transport_state);
9734 sfree(ssh->do_ssh2_authconn_state);
9737 sfree(ssh->fullhostname);
9738 if (ssh->crcda_ctx) {
9739 crcda_free_context(ssh->crcda_ctx);
9740 ssh->crcda_ctx = NULL;
9743 ssh_do_close(ssh, TRUE);
9744 expire_timer_context(ssh);
9746 pinger_free(ssh->pinger);
9747 bufchain_clear(&ssh->queued_incoming_data);
9748 sfree(ssh->username);
9749 conf_free(ssh->conf);
9752 ssh_gss_cleanup(ssh->gsslibs);
9760 * Reconfigure the SSH backend.
9762 static void ssh_reconfig(void *handle, Conf *conf)
9764 Ssh ssh = (Ssh) handle;
9765 char *rekeying = NULL, rekey_mandatory = FALSE;
9766 unsigned long old_max_data_size;
9769 pinger_reconfig(ssh->pinger, ssh->conf, conf);
9771 ssh_setup_portfwd(ssh, conf);
9773 rekey_time = conf_get_int(conf, CONF_ssh_rekey_time);
9774 if (conf_get_int(ssh->conf, CONF_ssh_rekey_time) != rekey_time &&
9776 unsigned long new_next = ssh->last_rekey + rekey_time*60*TICKSPERSEC;
9777 unsigned long now = GETTICKCOUNT();
9779 if (now - ssh->last_rekey > rekey_time*60*TICKSPERSEC) {
9780 rekeying = "timeout shortened";
9782 ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
9786 old_max_data_size = ssh->max_data_size;
9787 ssh->max_data_size = parse_blocksize(conf_get_str(ssh->conf,
9788 CONF_ssh_rekey_data));
9789 if (old_max_data_size != ssh->max_data_size &&
9790 ssh->max_data_size != 0) {
9791 if (ssh->outgoing_data_size > ssh->max_data_size ||
9792 ssh->incoming_data_size > ssh->max_data_size)
9793 rekeying = "data limit lowered";
9796 if (conf_get_int(ssh->conf, CONF_compression) !=
9797 conf_get_int(conf, CONF_compression)) {
9798 rekeying = "compression setting changed";
9799 rekey_mandatory = TRUE;
9802 for (i = 0; i < CIPHER_MAX; i++)
9803 if (conf_get_int_int(ssh->conf, CONF_ssh_cipherlist, i) !=
9804 conf_get_int_int(conf, CONF_ssh_cipherlist, i)) {
9805 rekeying = "cipher settings changed";
9806 rekey_mandatory = TRUE;
9808 if (conf_get_int(ssh->conf, CONF_ssh2_des_cbc) !=
9809 conf_get_int(conf, CONF_ssh2_des_cbc)) {
9810 rekeying = "cipher settings changed";
9811 rekey_mandatory = TRUE;
9814 conf_free(ssh->conf);
9815 ssh->conf = conf_copy(conf);
9816 ssh_cache_conf_values(ssh);
9819 if (!ssh->kex_in_progress) {
9820 do_ssh2_transport(ssh, rekeying, -1, NULL);
9821 } else if (rekey_mandatory) {
9822 ssh->deferred_rekey_reason = rekeying;
9828 * Called to send data down the SSH connection.
9830 static int ssh_send(void *handle, char *buf, int len)
9832 Ssh ssh = (Ssh) handle;
9834 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
9837 ssh->protocol(ssh, (unsigned char *)buf, len, 0);
9839 return ssh_sendbuffer(ssh);
9843 * Called to query the current amount of buffered stdin data.
9845 static int ssh_sendbuffer(void *handle)
9847 Ssh ssh = (Ssh) handle;
9850 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
9854 * If the SSH socket itself has backed up, add the total backup
9855 * size on that to any individual buffer on the stdin channel.
9858 if (ssh->throttled_all)
9859 override_value = ssh->overall_bufsize;
9861 if (ssh->version == 1) {
9862 return override_value;
9863 } else if (ssh->version == 2) {
9865 return override_value;
9867 return (override_value +
9868 bufchain_size(&ssh->mainchan->v.v2.outbuffer));
9875 * Called to set the size of the window from SSH's POV.
9877 static void ssh_size(void *handle, int width, int height)
9879 Ssh ssh = (Ssh) handle;
9880 struct Packet *pktout;
9882 ssh->term_width = width;
9883 ssh->term_height = height;
9885 switch (ssh->state) {
9886 case SSH_STATE_BEFORE_SIZE:
9887 case SSH_STATE_PREPACKET:
9888 case SSH_STATE_CLOSED:
9889 break; /* do nothing */
9890 case SSH_STATE_INTERMED:
9891 ssh->size_needed = TRUE; /* buffer for later */
9893 case SSH_STATE_SESSION:
9894 if (!conf_get_int(ssh->conf, CONF_nopty)) {
9895 if (ssh->version == 1) {
9896 send_packet(ssh, SSH1_CMSG_WINDOW_SIZE,
9897 PKT_INT, ssh->term_height,
9898 PKT_INT, ssh->term_width,
9899 PKT_INT, 0, PKT_INT, 0, PKT_END);
9900 } else if (ssh->mainchan) {
9901 pktout = ssh2_chanreq_init(ssh->mainchan, "window-change",
9903 ssh2_pkt_adduint32(pktout, ssh->term_width);
9904 ssh2_pkt_adduint32(pktout, ssh->term_height);
9905 ssh2_pkt_adduint32(pktout, 0);
9906 ssh2_pkt_adduint32(pktout, 0);
9907 ssh2_pkt_send(ssh, pktout);
9915 * Return a list of the special codes that make sense in this
9918 static const struct telnet_special *ssh_get_specials(void *handle)
9920 static const struct telnet_special ssh1_ignore_special[] = {
9921 {"IGNORE message", TS_NOP}
9923 static const struct telnet_special ssh2_ignore_special[] = {
9924 {"IGNORE message", TS_NOP},
9926 static const struct telnet_special ssh2_rekey_special[] = {
9927 {"Repeat key exchange", TS_REKEY},
9929 static const struct telnet_special ssh2_session_specials[] = {
9932 /* These are the signal names defined by RFC 4254.
9933 * They include all the ISO C signals, but are a subset of the POSIX
9934 * required signals. */
9935 {"SIGINT (Interrupt)", TS_SIGINT},
9936 {"SIGTERM (Terminate)", TS_SIGTERM},
9937 {"SIGKILL (Kill)", TS_SIGKILL},
9938 {"SIGQUIT (Quit)", TS_SIGQUIT},
9939 {"SIGHUP (Hangup)", TS_SIGHUP},
9940 {"More signals", TS_SUBMENU},
9941 {"SIGABRT", TS_SIGABRT}, {"SIGALRM", TS_SIGALRM},
9942 {"SIGFPE", TS_SIGFPE}, {"SIGILL", TS_SIGILL},
9943 {"SIGPIPE", TS_SIGPIPE}, {"SIGSEGV", TS_SIGSEGV},
9944 {"SIGUSR1", TS_SIGUSR1}, {"SIGUSR2", TS_SIGUSR2},
9947 static const struct telnet_special specials_end[] = {
9950 /* XXX review this length for any changes: */
9951 static struct telnet_special ssh_specials[lenof(ssh2_ignore_special) +
9952 lenof(ssh2_rekey_special) +
9953 lenof(ssh2_session_specials) +
9954 lenof(specials_end)];
9955 Ssh ssh = (Ssh) handle;
9957 #define ADD_SPECIALS(name) \
9959 assert((i + lenof(name)) <= lenof(ssh_specials)); \
9960 memcpy(&ssh_specials[i], name, sizeof name); \
9964 if (ssh->version == 1) {
9965 /* Don't bother offering IGNORE if we've decided the remote
9966 * won't cope with it, since we wouldn't bother sending it if
9968 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
9969 ADD_SPECIALS(ssh1_ignore_special);
9970 } else if (ssh->version == 2) {
9971 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE))
9972 ADD_SPECIALS(ssh2_ignore_special);
9973 if (!(ssh->remote_bugs & BUG_SSH2_REKEY))
9974 ADD_SPECIALS(ssh2_rekey_special);
9976 ADD_SPECIALS(ssh2_session_specials);
9977 } /* else we're not ready yet */
9980 ADD_SPECIALS(specials_end);
9981 return ssh_specials;
9989 * Send special codes. TS_EOF is useful for `plink', so you
9990 * can send an EOF and collect resulting output (e.g. `plink
9993 static void ssh_special(void *handle, Telnet_Special code)
9995 Ssh ssh = (Ssh) handle;
9996 struct Packet *pktout;
9998 if (code == TS_EOF) {
9999 if (ssh->state != SSH_STATE_SESSION) {
10001 * Buffer the EOF in case we are pre-SESSION, so we can
10002 * send it as soon as we reach SESSION.
10004 if (code == TS_EOF)
10005 ssh->eof_needed = TRUE;
10008 if (ssh->version == 1) {
10009 send_packet(ssh, SSH1_CMSG_EOF, PKT_END);
10010 } else if (ssh->mainchan) {
10011 sshfwd_write_eof(ssh->mainchan);
10012 ssh->send_ok = 0; /* now stop trying to read from stdin */
10014 logevent("Sent EOF message");
10015 } else if (code == TS_PING || code == TS_NOP) {
10016 if (ssh->state == SSH_STATE_CLOSED
10017 || ssh->state == SSH_STATE_PREPACKET) return;
10018 if (ssh->version == 1) {
10019 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
10020 send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
10022 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
10023 pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
10024 ssh2_pkt_addstring_start(pktout);
10025 ssh2_pkt_send_noqueue(ssh, pktout);
10028 } else if (code == TS_REKEY) {
10029 if (!ssh->kex_in_progress && ssh->version == 2) {
10030 do_ssh2_transport(ssh, "at user request", -1, NULL);
10032 } else if (code == TS_BRK) {
10033 if (ssh->state == SSH_STATE_CLOSED
10034 || ssh->state == SSH_STATE_PREPACKET) return;
10035 if (ssh->version == 1) {
10036 logevent("Unable to send BREAK signal in SSH-1");
10037 } else if (ssh->mainchan) {
10038 pktout = ssh2_chanreq_init(ssh->mainchan, "break", NULL, NULL);
10039 ssh2_pkt_adduint32(pktout, 0); /* default break length */
10040 ssh2_pkt_send(ssh, pktout);
10043 /* Is is a POSIX signal? */
10044 char *signame = NULL;
10045 if (code == TS_SIGABRT) signame = "ABRT";
10046 if (code == TS_SIGALRM) signame = "ALRM";
10047 if (code == TS_SIGFPE) signame = "FPE";
10048 if (code == TS_SIGHUP) signame = "HUP";
10049 if (code == TS_SIGILL) signame = "ILL";
10050 if (code == TS_SIGINT) signame = "INT";
10051 if (code == TS_SIGKILL) signame = "KILL";
10052 if (code == TS_SIGPIPE) signame = "PIPE";
10053 if (code == TS_SIGQUIT) signame = "QUIT";
10054 if (code == TS_SIGSEGV) signame = "SEGV";
10055 if (code == TS_SIGTERM) signame = "TERM";
10056 if (code == TS_SIGUSR1) signame = "USR1";
10057 if (code == TS_SIGUSR2) signame = "USR2";
10058 /* The SSH-2 protocol does in principle support arbitrary named
10059 * signals, including signame@domain, but we don't support those. */
10061 /* It's a signal. */
10062 if (ssh->version == 2 && ssh->mainchan) {
10063 pktout = ssh2_chanreq_init(ssh->mainchan, "signal", NULL, NULL);
10064 ssh2_pkt_addstring(pktout, signame);
10065 ssh2_pkt_send(ssh, pktout);
10066 logeventf(ssh, "Sent signal SIG%s", signame);
10069 /* Never heard of it. Do nothing */
10074 void *new_sock_channel(void *handle, Socket s)
10076 Ssh ssh = (Ssh) handle;
10077 struct ssh_channel *c;
10078 c = snew(struct ssh_channel);
10081 ssh2_channel_init(c);
10082 c->halfopen = TRUE;
10083 c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */
10085 add234(ssh->channels, c);
10090 * This is called when stdout/stderr (the entity to which
10091 * from_backend sends data) manages to clear some backlog.
10093 static void ssh_unthrottle(void *handle, int bufsize)
10095 Ssh ssh = (Ssh) handle;
10098 if (ssh->version == 1) {
10099 if (ssh->v1_stdout_throttling && bufsize < SSH1_BUFFER_LIMIT) {
10100 ssh->v1_stdout_throttling = 0;
10101 ssh_throttle_conn(ssh, -1);
10104 if (ssh->mainchan) {
10105 ssh2_set_window(ssh->mainchan,
10106 bufsize < ssh->mainchan->v.v2.locmaxwin ?
10107 ssh->mainchan->v.v2.locmaxwin - bufsize : 0);
10108 if (conf_get_int(ssh->conf, CONF_ssh_simple))
10111 buflimit = ssh->mainchan->v.v2.locmaxwin;
10112 if (ssh->mainchan->throttling_conn && bufsize <= buflimit) {
10113 ssh->mainchan->throttling_conn = 0;
10114 ssh_throttle_conn(ssh, -1);
10120 * Now process any SSH connection data that was stashed in our
10121 * queue while we were frozen.
10123 ssh_process_queued_incoming_data(ssh);
10126 void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
10128 struct ssh_channel *c = (struct ssh_channel *)channel;
10130 struct Packet *pktout;
10132 logeventf(ssh, "Opening connection to %s:%d for %s", hostname, port, org);
10134 if (ssh->version == 1) {
10135 send_packet(ssh, SSH1_MSG_PORT_OPEN,
10136 PKT_INT, c->localid,
10139 /* PKT_STR, <org:orgport>, */
10142 pktout = ssh2_chanopen_init(c, "direct-tcpip");
10143 ssh2_pkt_addstring(pktout, hostname);
10144 ssh2_pkt_adduint32(pktout, port);
10146 * We make up values for the originator data; partly it's
10147 * too much hassle to keep track, and partly I'm not
10148 * convinced the server should be told details like that
10149 * about my local network configuration.
10150 * The "originator IP address" is syntactically a numeric
10151 * IP address, and some servers (e.g., Tectia) get upset
10152 * if it doesn't match this syntax.
10154 ssh2_pkt_addstring(pktout, "0.0.0.0");
10155 ssh2_pkt_adduint32(pktout, 0);
10156 ssh2_pkt_send(ssh, pktout);
10160 static int ssh_connected(void *handle)
10162 Ssh ssh = (Ssh) handle;
10163 return ssh->s != NULL;
10166 static int ssh_sendok(void *handle)
10168 Ssh ssh = (Ssh) handle;
10169 return ssh->send_ok;
10172 static int ssh_ldisc(void *handle, int option)
10174 Ssh ssh = (Ssh) handle;
10175 if (option == LD_ECHO)
10176 return ssh->echoing;
10177 if (option == LD_EDIT)
10178 return ssh->editing;
10182 static void ssh_provide_ldisc(void *handle, void *ldisc)
10184 Ssh ssh = (Ssh) handle;
10185 ssh->ldisc = ldisc;
10188 static void ssh_provide_logctx(void *handle, void *logctx)
10190 Ssh ssh = (Ssh) handle;
10191 ssh->logctx = logctx;
10194 static int ssh_return_exitcode(void *handle)
10196 Ssh ssh = (Ssh) handle;
10197 if (ssh->s != NULL)
10200 return (ssh->exitcode >= 0 ? ssh->exitcode : INT_MAX);
10204 * cfg_info for SSH is the currently running version of the
10205 * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
10207 static int ssh_cfg_info(void *handle)
10209 Ssh ssh = (Ssh) handle;
10210 return ssh->version;
10214 * Gross hack: pscp will try to start SFTP but fall back to scp1 if
10215 * that fails. This variable is the means by which scp.c can reach
10216 * into the SSH code and find out which one it got.
10218 extern int ssh_fallback_cmd(void *handle)
10220 Ssh ssh = (Ssh) handle;
10221 return ssh->fallback_cmd;
10224 Backend ssh_backend = {
10234 ssh_return_exitcode,
10238 ssh_provide_logctx,