17 #define SSH1_MSG_DISCONNECT 1 /* 0x1 */
18 #define SSH1_SMSG_PUBLIC_KEY 2 /* 0x2 */
19 #define SSH1_CMSG_SESSION_KEY 3 /* 0x3 */
20 #define SSH1_CMSG_USER 4 /* 0x4 */
21 #define SSH1_CMSG_AUTH_RSA 6 /* 0x6 */
22 #define SSH1_SMSG_AUTH_RSA_CHALLENGE 7 /* 0x7 */
23 #define SSH1_CMSG_AUTH_RSA_RESPONSE 8 /* 0x8 */
24 #define SSH1_CMSG_AUTH_PASSWORD 9 /* 0x9 */
25 #define SSH1_CMSG_REQUEST_PTY 10 /* 0xa */
26 #define SSH1_CMSG_WINDOW_SIZE 11 /* 0xb */
27 #define SSH1_CMSG_EXEC_SHELL 12 /* 0xc */
28 #define SSH1_CMSG_EXEC_CMD 13 /* 0xd */
29 #define SSH1_SMSG_SUCCESS 14 /* 0xe */
30 #define SSH1_SMSG_FAILURE 15 /* 0xf */
31 #define SSH1_CMSG_STDIN_DATA 16 /* 0x10 */
32 #define SSH1_SMSG_STDOUT_DATA 17 /* 0x11 */
33 #define SSH1_SMSG_STDERR_DATA 18 /* 0x12 */
34 #define SSH1_CMSG_EOF 19 /* 0x13 */
35 #define SSH1_SMSG_EXIT_STATUS 20 /* 0x14 */
36 #define SSH1_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* 0x15 */
37 #define SSH1_MSG_CHANNEL_OPEN_FAILURE 22 /* 0x16 */
38 #define SSH1_MSG_CHANNEL_DATA 23 /* 0x17 */
39 #define SSH1_MSG_CHANNEL_CLOSE 24 /* 0x18 */
40 #define SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* 0x19 */
41 #define SSH1_SMSG_X11_OPEN 27 /* 0x1b */
42 #define SSH1_CMSG_PORT_FORWARD_REQUEST 28 /* 0x1c */
43 #define SSH1_MSG_PORT_OPEN 29 /* 0x1d */
44 #define SSH1_CMSG_AGENT_REQUEST_FORWARDING 30 /* 0x1e */
45 #define SSH1_SMSG_AGENT_OPEN 31 /* 0x1f */
46 #define SSH1_MSG_IGNORE 32 /* 0x20 */
47 #define SSH1_CMSG_EXIT_CONFIRMATION 33 /* 0x21 */
48 #define SSH1_CMSG_X11_REQUEST_FORWARDING 34 /* 0x22 */
49 #define SSH1_CMSG_AUTH_RHOSTS_RSA 35 /* 0x23 */
50 #define SSH1_MSG_DEBUG 36 /* 0x24 */
51 #define SSH1_CMSG_REQUEST_COMPRESSION 37 /* 0x25 */
52 #define SSH1_CMSG_AUTH_TIS 39 /* 0x27 */
53 #define SSH1_SMSG_AUTH_TIS_CHALLENGE 40 /* 0x28 */
54 #define SSH1_CMSG_AUTH_TIS_RESPONSE 41 /* 0x29 */
55 #define SSH1_CMSG_AUTH_CCARD 70 /* 0x46 */
56 #define SSH1_SMSG_AUTH_CCARD_CHALLENGE 71 /* 0x47 */
57 #define SSH1_CMSG_AUTH_CCARD_RESPONSE 72 /* 0x48 */
59 #define SSH1_AUTH_TIS 5 /* 0x5 */
60 #define SSH1_AUTH_CCARD 16 /* 0x10 */
62 #define SSH1_PROTOFLAG_SCREEN_NUMBER 1 /* 0x1 */
63 /* Mask for protoflags we will echo back to server if seen */
64 #define SSH1_PROTOFLAGS_SUPPORTED 0 /* 0x1 */
66 #define SSH2_MSG_DISCONNECT 1 /* 0x1 */
67 #define SSH2_MSG_IGNORE 2 /* 0x2 */
68 #define SSH2_MSG_UNIMPLEMENTED 3 /* 0x3 */
69 #define SSH2_MSG_DEBUG 4 /* 0x4 */
70 #define SSH2_MSG_SERVICE_REQUEST 5 /* 0x5 */
71 #define SSH2_MSG_SERVICE_ACCEPT 6 /* 0x6 */
72 #define SSH2_MSG_KEXINIT 20 /* 0x14 */
73 #define SSH2_MSG_NEWKEYS 21 /* 0x15 */
74 #define SSH2_MSG_KEXDH_INIT 30 /* 0x1e */
75 #define SSH2_MSG_KEXDH_REPLY 31 /* 0x1f */
76 #define SSH2_MSG_KEX_DH_GEX_REQUEST 30 /* 0x1e */
77 #define SSH2_MSG_KEX_DH_GEX_GROUP 31 /* 0x1f */
78 #define SSH2_MSG_KEX_DH_GEX_INIT 32 /* 0x20 */
79 #define SSH2_MSG_KEX_DH_GEX_REPLY 33 /* 0x21 */
80 #define SSH2_MSG_USERAUTH_REQUEST 50 /* 0x32 */
81 #define SSH2_MSG_USERAUTH_FAILURE 51 /* 0x33 */
82 #define SSH2_MSG_USERAUTH_SUCCESS 52 /* 0x34 */
83 #define SSH2_MSG_USERAUTH_BANNER 53 /* 0x35 */
84 #define SSH2_MSG_USERAUTH_PK_OK 60 /* 0x3c */
85 #define SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60 /* 0x3c */
86 #define SSH2_MSG_USERAUTH_INFO_REQUEST 60 /* 0x3c */
87 #define SSH2_MSG_USERAUTH_INFO_RESPONSE 61 /* 0x3d */
88 #define SSH2_MSG_GLOBAL_REQUEST 80 /* 0x50 */
89 #define SSH2_MSG_REQUEST_SUCCESS 81 /* 0x51 */
90 #define SSH2_MSG_REQUEST_FAILURE 82 /* 0x52 */
91 #define SSH2_MSG_CHANNEL_OPEN 90 /* 0x5a */
92 #define SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91 /* 0x5b */
93 #define SSH2_MSG_CHANNEL_OPEN_FAILURE 92 /* 0x5c */
94 #define SSH2_MSG_CHANNEL_WINDOW_ADJUST 93 /* 0x5d */
95 #define SSH2_MSG_CHANNEL_DATA 94 /* 0x5e */
96 #define SSH2_MSG_CHANNEL_EXTENDED_DATA 95 /* 0x5f */
97 #define SSH2_MSG_CHANNEL_EOF 96 /* 0x60 */
98 #define SSH2_MSG_CHANNEL_CLOSE 97 /* 0x61 */
99 #define SSH2_MSG_CHANNEL_REQUEST 98 /* 0x62 */
100 #define SSH2_MSG_CHANNEL_SUCCESS 99 /* 0x63 */
101 #define SSH2_MSG_CHANNEL_FAILURE 100 /* 0x64 */
104 * Packet type contexts, so that ssh2_pkt_type can correctly decode
105 * the ambiguous type numbers back into the correct type strings.
107 #define SSH2_PKTCTX_DHGROUP 0x0001
108 #define SSH2_PKTCTX_DHGEX 0x0002
109 #define SSH2_PKTCTX_KEX_MASK 0x000F
110 #define SSH2_PKTCTX_PUBLICKEY 0x0010
111 #define SSH2_PKTCTX_PASSWORD 0x0020
112 #define SSH2_PKTCTX_KBDINTER 0x0040
113 #define SSH2_PKTCTX_AUTH_MASK 0x00F0
115 #define SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 /* 0x1 */
116 #define SSH2_DISCONNECT_PROTOCOL_ERROR 2 /* 0x2 */
117 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED 3 /* 0x3 */
118 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED 4 /* 0x4 */
119 #define SSH2_DISCONNECT_MAC_ERROR 5 /* 0x5 */
120 #define SSH2_DISCONNECT_COMPRESSION_ERROR 6 /* 0x6 */
121 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE 7 /* 0x7 */
122 #define SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 /* 0x8 */
123 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 /* 0x9 */
124 #define SSH2_DISCONNECT_CONNECTION_LOST 10 /* 0xa */
125 #define SSH2_DISCONNECT_BY_APPLICATION 11 /* 0xb */
126 #define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS 12 /* 0xc */
127 #define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER 13 /* 0xd */
128 #define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 /* 0xe */
129 #define SSH2_DISCONNECT_ILLEGAL_USER_NAME 15 /* 0xf */
131 static const char *const ssh2_disconnect_reasons[] = {
133 "host not allowed to connect",
135 "key exchange failed",
136 "host authentication failed",
139 "service not available",
140 "protocol version not supported",
141 "host key not verifiable",
144 "too many connections",
145 "auth cancelled by user",
146 "no more auth methods available",
150 #define SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED 1 /* 0x1 */
151 #define SSH2_OPEN_CONNECT_FAILED 2 /* 0x2 */
152 #define SSH2_OPEN_UNKNOWN_CHANNEL_TYPE 3 /* 0x3 */
153 #define SSH2_OPEN_RESOURCE_SHORTAGE 4 /* 0x4 */
155 #define SSH2_EXTENDED_DATA_STDERR 1 /* 0x1 */
158 * Various remote-bug flags.
160 #define BUG_CHOKES_ON_SSH1_IGNORE 1
161 #define BUG_SSH2_HMAC 2
162 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4
163 #define BUG_CHOKES_ON_RSA 8
164 #define BUG_SSH2_RSA_PADDING 16
165 #define BUG_SSH2_DERIVEKEY 32
166 #define BUG_SSH2_REKEY 64
167 #define BUG_SSH2_PK_SESSIONID 128
170 * Codes for terminal modes.
171 * Most of these are the same in SSH-1 and SSH-2.
172 * This list is derived from draft-ietf-secsh-connect-25 and
175 static const struct {
176 const char* const mode;
178 enum { TTY_OP_CHAR, TTY_OP_BOOL } type;
180 /* "V" prefix discarded for special characters relative to SSH specs */
181 { "INTR", 1, TTY_OP_CHAR },
182 { "QUIT", 2, TTY_OP_CHAR },
183 { "ERASE", 3, TTY_OP_CHAR },
184 { "KILL", 4, TTY_OP_CHAR },
185 { "EOF", 5, TTY_OP_CHAR },
186 { "EOL", 6, TTY_OP_CHAR },
187 { "EOL2", 7, TTY_OP_CHAR },
188 { "START", 8, TTY_OP_CHAR },
189 { "STOP", 9, TTY_OP_CHAR },
190 { "SUSP", 10, TTY_OP_CHAR },
191 { "DSUSP", 11, TTY_OP_CHAR },
192 { "REPRINT", 12, TTY_OP_CHAR },
193 { "WERASE", 13, TTY_OP_CHAR },
194 { "LNEXT", 14, TTY_OP_CHAR },
195 { "FLUSH", 15, TTY_OP_CHAR },
196 { "SWTCH", 16, TTY_OP_CHAR },
197 { "STATUS", 17, TTY_OP_CHAR },
198 { "DISCARD", 18, TTY_OP_CHAR },
199 { "IGNPAR", 30, TTY_OP_BOOL },
200 { "PARMRK", 31, TTY_OP_BOOL },
201 { "INPCK", 32, TTY_OP_BOOL },
202 { "ISTRIP", 33, TTY_OP_BOOL },
203 { "INLCR", 34, TTY_OP_BOOL },
204 { "IGNCR", 35, TTY_OP_BOOL },
205 { "ICRNL", 36, TTY_OP_BOOL },
206 { "IUCLC", 37, TTY_OP_BOOL },
207 { "IXON", 38, TTY_OP_BOOL },
208 { "IXANY", 39, TTY_OP_BOOL },
209 { "IXOFF", 40, TTY_OP_BOOL },
210 { "IMAXBEL", 41, TTY_OP_BOOL },
211 { "ISIG", 50, TTY_OP_BOOL },
212 { "ICANON", 51, TTY_OP_BOOL },
213 { "XCASE", 52, TTY_OP_BOOL },
214 { "ECHO", 53, TTY_OP_BOOL },
215 { "ECHOE", 54, TTY_OP_BOOL },
216 { "ECHOK", 55, TTY_OP_BOOL },
217 { "ECHONL", 56, TTY_OP_BOOL },
218 { "NOFLSH", 57, TTY_OP_BOOL },
219 { "TOSTOP", 58, TTY_OP_BOOL },
220 { "IEXTEN", 59, TTY_OP_BOOL },
221 { "ECHOCTL", 60, TTY_OP_BOOL },
222 { "ECHOKE", 61, TTY_OP_BOOL },
223 { "PENDIN", 62, TTY_OP_BOOL }, /* XXX is this a real mode? */
224 { "OPOST", 70, TTY_OP_BOOL },
225 { "OLCUC", 71, TTY_OP_BOOL },
226 { "ONLCR", 72, TTY_OP_BOOL },
227 { "OCRNL", 73, TTY_OP_BOOL },
228 { "ONOCR", 74, TTY_OP_BOOL },
229 { "ONLRET", 75, TTY_OP_BOOL },
230 { "CS7", 90, TTY_OP_BOOL },
231 { "CS8", 91, TTY_OP_BOOL },
232 { "PARENB", 92, TTY_OP_BOOL },
233 { "PARODD", 93, TTY_OP_BOOL }
236 /* Miscellaneous other tty-related constants. */
237 #define SSH_TTY_OP_END 0
238 /* The opcodes for ISPEED/OSPEED differ between SSH-1 and SSH-2. */
239 #define SSH1_TTY_OP_ISPEED 192
240 #define SSH1_TTY_OP_OSPEED 193
241 #define SSH2_TTY_OP_ISPEED 128
242 #define SSH2_TTY_OP_OSPEED 129
244 /* Helper functions for parsing tty-related config. */
245 static unsigned int ssh_tty_parse_specchar(char *s)
250 ret = ctrlparse(s, &next);
251 if (!next) ret = s[0];
253 ret = 255; /* special value meaning "don't set" */
257 static unsigned int ssh_tty_parse_boolean(char *s)
259 if (stricmp(s, "yes") == 0 ||
260 stricmp(s, "on") == 0 ||
261 stricmp(s, "true") == 0 ||
262 stricmp(s, "+") == 0)
264 else if (stricmp(s, "no") == 0 ||
265 stricmp(s, "off") == 0 ||
266 stricmp(s, "false") == 0 ||
267 stricmp(s, "-") == 0)
268 return 0; /* false */
270 return (atoi(s) != 0);
273 #define translate(x) if (type == x) return #x
274 #define translatec(x,ctx) if (type == x && (pkt_ctx & ctx)) return #x
275 static char *ssh1_pkt_type(int type)
277 translate(SSH1_MSG_DISCONNECT);
278 translate(SSH1_SMSG_PUBLIC_KEY);
279 translate(SSH1_CMSG_SESSION_KEY);
280 translate(SSH1_CMSG_USER);
281 translate(SSH1_CMSG_AUTH_RSA);
282 translate(SSH1_SMSG_AUTH_RSA_CHALLENGE);
283 translate(SSH1_CMSG_AUTH_RSA_RESPONSE);
284 translate(SSH1_CMSG_AUTH_PASSWORD);
285 translate(SSH1_CMSG_REQUEST_PTY);
286 translate(SSH1_CMSG_WINDOW_SIZE);
287 translate(SSH1_CMSG_EXEC_SHELL);
288 translate(SSH1_CMSG_EXEC_CMD);
289 translate(SSH1_SMSG_SUCCESS);
290 translate(SSH1_SMSG_FAILURE);
291 translate(SSH1_CMSG_STDIN_DATA);
292 translate(SSH1_SMSG_STDOUT_DATA);
293 translate(SSH1_SMSG_STDERR_DATA);
294 translate(SSH1_CMSG_EOF);
295 translate(SSH1_SMSG_EXIT_STATUS);
296 translate(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION);
297 translate(SSH1_MSG_CHANNEL_OPEN_FAILURE);
298 translate(SSH1_MSG_CHANNEL_DATA);
299 translate(SSH1_MSG_CHANNEL_CLOSE);
300 translate(SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION);
301 translate(SSH1_SMSG_X11_OPEN);
302 translate(SSH1_CMSG_PORT_FORWARD_REQUEST);
303 translate(SSH1_MSG_PORT_OPEN);
304 translate(SSH1_CMSG_AGENT_REQUEST_FORWARDING);
305 translate(SSH1_SMSG_AGENT_OPEN);
306 translate(SSH1_MSG_IGNORE);
307 translate(SSH1_CMSG_EXIT_CONFIRMATION);
308 translate(SSH1_CMSG_X11_REQUEST_FORWARDING);
309 translate(SSH1_CMSG_AUTH_RHOSTS_RSA);
310 translate(SSH1_MSG_DEBUG);
311 translate(SSH1_CMSG_REQUEST_COMPRESSION);
312 translate(SSH1_CMSG_AUTH_TIS);
313 translate(SSH1_SMSG_AUTH_TIS_CHALLENGE);
314 translate(SSH1_CMSG_AUTH_TIS_RESPONSE);
315 translate(SSH1_CMSG_AUTH_CCARD);
316 translate(SSH1_SMSG_AUTH_CCARD_CHALLENGE);
317 translate(SSH1_CMSG_AUTH_CCARD_RESPONSE);
320 static char *ssh2_pkt_type(int pkt_ctx, int type)
322 translate(SSH2_MSG_DISCONNECT);
323 translate(SSH2_MSG_IGNORE);
324 translate(SSH2_MSG_UNIMPLEMENTED);
325 translate(SSH2_MSG_DEBUG);
326 translate(SSH2_MSG_SERVICE_REQUEST);
327 translate(SSH2_MSG_SERVICE_ACCEPT);
328 translate(SSH2_MSG_KEXINIT);
329 translate(SSH2_MSG_NEWKEYS);
330 translatec(SSH2_MSG_KEXDH_INIT, SSH2_PKTCTX_DHGROUP);
331 translatec(SSH2_MSG_KEXDH_REPLY, SSH2_PKTCTX_DHGROUP);
332 translatec(SSH2_MSG_KEX_DH_GEX_REQUEST, SSH2_PKTCTX_DHGEX);
333 translatec(SSH2_MSG_KEX_DH_GEX_GROUP, SSH2_PKTCTX_DHGEX);
334 translatec(SSH2_MSG_KEX_DH_GEX_INIT, SSH2_PKTCTX_DHGEX);
335 translatec(SSH2_MSG_KEX_DH_GEX_REPLY, SSH2_PKTCTX_DHGEX);
336 translate(SSH2_MSG_USERAUTH_REQUEST);
337 translate(SSH2_MSG_USERAUTH_FAILURE);
338 translate(SSH2_MSG_USERAUTH_SUCCESS);
339 translate(SSH2_MSG_USERAUTH_BANNER);
340 translatec(SSH2_MSG_USERAUTH_PK_OK, SSH2_PKTCTX_PUBLICKEY);
341 translatec(SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ, SSH2_PKTCTX_PASSWORD);
342 translatec(SSH2_MSG_USERAUTH_INFO_REQUEST, SSH2_PKTCTX_KBDINTER);
343 translatec(SSH2_MSG_USERAUTH_INFO_RESPONSE, SSH2_PKTCTX_KBDINTER);
344 translate(SSH2_MSG_GLOBAL_REQUEST);
345 translate(SSH2_MSG_REQUEST_SUCCESS);
346 translate(SSH2_MSG_REQUEST_FAILURE);
347 translate(SSH2_MSG_CHANNEL_OPEN);
348 translate(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
349 translate(SSH2_MSG_CHANNEL_OPEN_FAILURE);
350 translate(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
351 translate(SSH2_MSG_CHANNEL_DATA);
352 translate(SSH2_MSG_CHANNEL_EXTENDED_DATA);
353 translate(SSH2_MSG_CHANNEL_EOF);
354 translate(SSH2_MSG_CHANNEL_CLOSE);
355 translate(SSH2_MSG_CHANNEL_REQUEST);
356 translate(SSH2_MSG_CHANNEL_SUCCESS);
357 translate(SSH2_MSG_CHANNEL_FAILURE);
363 /* Enumeration values for fields in SSH-1 packets */
365 PKT_END, PKT_INT, PKT_CHAR, PKT_DATA, PKT_STR, PKT_BIGNUM,
366 /* These values are for communicating relevant semantics of
367 * fields to the packet logging code. */
368 PKTT_OTHER, PKTT_PASSWORD, PKTT_DATA
372 * Coroutine mechanics for the sillier bits of the code. If these
373 * macros look impenetrable to you, you might find it helpful to
376 * http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
378 * which explains the theory behind these macros.
380 * In particular, if you are getting `case expression not constant'
381 * errors when building with MS Visual Studio, this is because MS's
382 * Edit and Continue debugging feature causes their compiler to
383 * violate ANSI C. To disable Edit and Continue debugging:
385 * - right-click ssh.c in the FileView
387 * - select the C/C++ tab and the General category
388 * - under `Debug info:', select anything _other_ than `Program
389 * Database for Edit and Continue'.
391 #define crBegin(v) { int *crLine = &v; switch(v) { case 0:;
394 if (!ssh->t) ssh->t = snew(struct t); \
396 #define crFinish(z) } *crLine = 0; return (z); }
397 #define crFinishV } *crLine = 0; return; }
398 #define crReturn(z) \
400 *crLine =__LINE__; return (z); case __LINE__:;\
404 *crLine=__LINE__; return; case __LINE__:;\
406 #define crStop(z) do{ *crLine = 0; return (z); }while(0)
407 #define crStopV do{ *crLine = 0; return; }while(0)
408 #define crWaitUntil(c) do { crReturn(0); } while (!(c))
409 #define crWaitUntilV(c) do { crReturnV; } while (!(c))
411 typedef struct ssh_tag *Ssh;
414 static struct Packet *ssh1_pkt_init(int pkt_type);
415 static struct Packet *ssh2_pkt_init(int pkt_type);
416 static void ssh_pkt_ensure(struct Packet *, int length);
417 static void ssh_pkt_adddata(struct Packet *, void *data, int len);
418 static void ssh_pkt_addbyte(struct Packet *, unsigned char value);
419 static void ssh2_pkt_addbool(struct Packet *, unsigned char value);
420 static void ssh_pkt_adduint32(struct Packet *, unsigned long value);
421 static void ssh_pkt_addstring_start(struct Packet *);
422 static void ssh_pkt_addstring_str(struct Packet *, char *data);
423 static void ssh_pkt_addstring_data(struct Packet *, char *data, int len);
424 static void ssh_pkt_addstring(struct Packet *, char *data);
425 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len);
426 static void ssh1_pkt_addmp(struct Packet *, Bignum b);
427 static void ssh2_pkt_addmp(struct Packet *, Bignum b);
428 static int ssh2_pkt_construct(Ssh, struct Packet *);
429 static void ssh2_pkt_send(Ssh, struct Packet *);
430 static void ssh2_pkt_send_noqueue(Ssh, struct Packet *);
431 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
432 struct Packet *pktin);
433 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
434 struct Packet *pktin);
437 * Buffer management constants. There are several of these for
438 * various different purposes:
440 * - SSH1_BUFFER_LIMIT is the amount of backlog that must build up
441 * on a local data stream before we throttle the whole SSH
442 * connection (in SSH-1 only). Throttling the whole connection is
443 * pretty drastic so we set this high in the hope it won't
446 * - SSH_MAX_BACKLOG is the amount of backlog that must build up
447 * on the SSH connection itself before we defensively throttle
448 * _all_ local data streams. This is pretty drastic too (though
449 * thankfully unlikely in SSH-2 since the window mechanism should
450 * ensure that the server never has any need to throttle its end
451 * of the connection), so we set this high as well.
453 * - OUR_V2_WINSIZE is the maximum window size we present on SSH-2
457 #define SSH1_BUFFER_LIMIT 32768
458 #define SSH_MAX_BACKLOG 32768
459 #define OUR_V2_WINSIZE 16384
460 #define OUR_V2_MAXPKT 0x4000UL
462 const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
464 const static struct ssh_mac *macs[] = {
465 &ssh_hmac_sha1, &ssh_hmac_sha1_96, &ssh_hmac_md5
467 const static struct ssh_mac *buggymacs[] = {
468 &ssh_hmac_sha1_buggy, &ssh_hmac_sha1_96_buggy, &ssh_hmac_md5
471 static void *ssh_comp_none_init(void)
475 static void ssh_comp_none_cleanup(void *handle)
478 static int ssh_comp_none_block(void *handle, unsigned char *block, int len,
479 unsigned char **outblock, int *outlen)
483 static int ssh_comp_none_disable(void *handle)
487 const static struct ssh_compress ssh_comp_none = {
489 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
490 ssh_comp_none_init, ssh_comp_none_cleanup, ssh_comp_none_block,
491 ssh_comp_none_disable, NULL
493 extern const struct ssh_compress ssh_zlib;
494 const static struct ssh_compress *compressions[] = {
495 &ssh_zlib, &ssh_comp_none
498 enum { /* channel types */
503 CHAN_SOCKDATA_DORMANT /* one the remote hasn't confirmed */
507 * 2-3-4 tree storing channels.
510 Ssh ssh; /* pointer back to main context */
511 unsigned remoteid, localid;
513 /* True if we opened this channel but server hasn't confirmed. */
516 * In SSH-1, this value contains four bits:
518 * 1 We have sent SSH1_MSG_CHANNEL_CLOSE.
519 * 2 We have sent SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
520 * 4 We have received SSH1_MSG_CHANNEL_CLOSE.
521 * 8 We have received SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION.
523 * A channel is completely finished with when all four bits are set.
527 struct ssh1_data_channel {
530 struct ssh2_data_channel {
532 unsigned remwindow, remmaxpkt;
537 struct ssh_agent_channel {
538 unsigned char *message;
539 unsigned char msglen[4];
540 unsigned lensofar, totallen;
542 struct ssh_x11_channel {
545 struct ssh_pfd_channel {
552 * 2-3-4 tree storing remote->local port forwardings. SSH-1 and SSH-2
553 * use this structure in different ways, reflecting SSH-2's
554 * altogether saner approach to port forwarding.
556 * In SSH-1, you arrange a remote forwarding by sending the server
557 * the remote port number, and the local destination host:port.
558 * When a connection comes in, the server sends you back that
559 * host:port pair, and you connect to it. This is a ready-made
560 * security hole if you're not on the ball: a malicious server
561 * could send you back _any_ host:port pair, so if you trustingly
562 * connect to the address it gives you then you've just opened the
563 * entire inside of your corporate network just by connecting
564 * through it to a dodgy SSH server. Hence, we must store a list of
565 * host:port pairs we _are_ trying to forward to, and reject a
566 * connection request from the server if it's not in the list.
568 * In SSH-2, each side of the connection minds its own business and
569 * doesn't send unnecessary information to the other. You arrange a
570 * remote forwarding by sending the server just the remote port
571 * number. When a connection comes in, the server tells you which
572 * of its ports was connected to; and _you_ have to remember what
573 * local host:port pair went with that port number.
575 * Hence, in SSH-1 this structure is indexed by destination
576 * host:port pair, whereas in SSH-2 it is indexed by source port.
578 struct ssh_portfwd; /* forward declaration */
580 struct ssh_rportfwd {
581 unsigned sport, dport;
584 struct ssh_portfwd *pfrec;
586 #define free_rportfwd(pf) ( \
587 ((pf) ? (sfree((pf)->sportdesc)) : (void)0 ), sfree(pf) )
590 * Separately to the rportfwd tree (which is for looking up port
591 * open requests from the server), a tree of _these_ structures is
592 * used to keep track of all the currently open port forwardings,
593 * so that we can reconfigure in mid-session if the user requests
597 enum { DESTROY, KEEP, CREATE } status;
599 unsigned sport, dport;
602 struct ssh_rportfwd *remote;
606 #define free_portfwd(pf) ( \
607 ((pf) ? (sfree((pf)->saddr), sfree((pf)->daddr), \
608 sfree((pf)->sserv), sfree((pf)->dserv)) : (void)0 ), sfree(pf) )
611 long length; /* length of `data' actually used */
612 long forcepad; /* SSH-2: force padding to at least this length */
613 int type; /* only used for incoming packets */
614 unsigned long sequence; /* SSH-2 incoming sequence number */
615 unsigned char *data; /* allocated storage */
616 unsigned char *body; /* offset of payload within `data' */
617 long savedpos; /* temporary index into `data' (for strings) */
618 long maxlen; /* amount of storage allocated for `data' */
619 long encrypted_len; /* for SSH-2 total-size counting */
622 * State associated with packet logging
626 struct logblank_t *blanks;
629 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
630 struct Packet *pktin);
631 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
632 struct Packet *pktin);
633 static void ssh1_protocol_setup(Ssh ssh);
634 static void ssh2_protocol_setup(Ssh ssh);
635 static void ssh_size(void *handle, int width, int height);
636 static void ssh_special(void *handle, Telnet_Special);
637 static int ssh2_try_send(struct ssh_channel *c);
638 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf, int len);
639 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize);
640 static void ssh2_set_window(struct ssh_channel *c, unsigned newwin);
641 static int ssh_sendbuffer(void *handle);
642 static int ssh_do_close(Ssh ssh, int notify_exit);
643 static unsigned long ssh_pkt_getuint32(struct Packet *pkt);
644 static int ssh2_pkt_getbool(struct Packet *pkt);
645 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length);
646 static void ssh2_timer(void *ctx, long now);
647 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
648 struct Packet *pktin);
650 struct rdpkt1_state_tag {
651 long len, pad, biglen, to_read;
652 unsigned long realcrc, gotcrc;
656 struct Packet *pktin;
659 struct rdpkt2_state_tag {
660 long len, pad, payload, packetlen, maclen;
663 unsigned long incoming_sequence;
664 struct Packet *pktin;
667 typedef void (*handler_fn_t)(Ssh ssh, struct Packet *pktin);
668 typedef void (*chandler_fn_t)(Ssh ssh, struct Packet *pktin, void *ctx);
670 struct queued_handler;
671 struct queued_handler {
673 chandler_fn_t handler;
675 struct queued_handler *next;
679 const struct plug_function_table *fn;
680 /* the above field _must_ be first in the structure */
690 unsigned char session_key[32];
692 int v1_remote_protoflags;
693 int v1_local_protoflags;
694 int agentfwd_enabled;
697 const struct ssh_cipher *cipher;
700 const struct ssh2_cipher *cscipher, *sccipher;
701 void *cs_cipher_ctx, *sc_cipher_ctx;
702 const struct ssh_mac *csmac, *scmac;
703 void *cs_mac_ctx, *sc_mac_ctx;
704 const struct ssh_compress *cscomp, *sccomp;
705 void *cs_comp_ctx, *sc_comp_ctx;
706 const struct ssh_kex *kex;
707 const struct ssh_signkey *hostkey;
708 unsigned char v2_session_id[32];
709 int v2_session_id_len;
715 int echoing, editing;
719 int ospeed, ispeed; /* temporaries */
720 int term_width, term_height;
722 tree234 *channels; /* indexed by local id */
723 struct ssh_channel *mainchan; /* primary session channel */
728 tree234 *rportfwds, *portfwds;
732 SSH_STATE_BEFORE_SIZE,
738 int size_needed, eof_needed;
740 struct Packet **queue;
741 int queuelen, queuesize;
743 unsigned char *deferred_send_data;
744 int deferred_len, deferred_size;
747 * Gross hack: pscp will try to start SFTP but fall back to
748 * scp1 if that fails. This variable is the means by which
749 * scp.c can reach into the SSH code and find out which one it
754 bufchain banner; /* accumulates banners during do_ssh2_authconn */
756 * Used for username and password input.
758 char *userpass_input_buffer;
759 int userpass_input_buflen;
760 int userpass_input_bufpos;
761 int userpass_input_echo;
768 int v1_throttle_count;
771 int v1_stdout_throttling;
772 unsigned long v2_outgoing_sequence;
774 int ssh1_rdpkt_crstate;
775 int ssh2_rdpkt_crstate;
776 int do_ssh_init_crstate;
777 int ssh_gotdata_crstate;
778 int do_ssh1_login_crstate;
779 int do_ssh1_connection_crstate;
780 int do_ssh2_transport_crstate;
781 int do_ssh2_authconn_crstate;
783 void *do_ssh_init_state;
784 void *do_ssh1_login_state;
785 void *do_ssh2_transport_state;
786 void *do_ssh2_authconn_state;
788 struct rdpkt1_state_tag rdpkt1_state;
789 struct rdpkt2_state_tag rdpkt2_state;
791 /* SSH-1 and SSH-2 use this for different things, but both use it */
792 int protocol_initial_phase_done;
794 void (*protocol) (Ssh ssh, void *vin, int inlen,
796 struct Packet *(*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
799 * We maintain a full _copy_ of a Config structure here, not
800 * merely a pointer to it. That way, when we're passed a new
801 * one for reconfiguration, we can check the differences and
802 * potentially reconfigure port forwardings etc in mid-session.
807 * Used to transfer data back from async callbacks.
809 void *agent_response;
810 int agent_response_len;
814 * The SSH connection can be set as `frozen', meaning we are
815 * not currently accepting incoming data from the network. This
816 * is slightly more serious than setting the _socket_ as
817 * frozen, because we may already have had data passed to us
818 * from the network which we need to delay processing until
819 * after the freeze is lifted, so we also need a bufchain to
823 bufchain queued_incoming_data;
826 * Dispatch table for packet types that we may have to deal
829 handler_fn_t packet_dispatch[256];
832 * Queues of one-off handler functions for success/failure
833 * indications from a request.
835 struct queued_handler *qhead, *qtail;
838 * This module deals with sending keepalives.
843 * Track incoming and outgoing data sizes and time, for
846 unsigned long incoming_data_size, outgoing_data_size, deferred_data_size;
847 unsigned long max_data_size;
849 long next_rekey, last_rekey;
850 char *deferred_rekey_reason; /* points to STATIC string; don't free */
853 #define logevent(s) logevent(ssh->frontend, s)
855 /* logevent, only printf-formatted. */
856 static void logeventf(Ssh ssh, const char *fmt, ...)
862 buf = dupvprintf(fmt, ap);
868 #define bombout(msg) \
870 char *text = dupprintf msg; \
871 ssh_do_close(ssh, FALSE); \
873 connection_fatal(ssh->frontend, "%s", text); \
877 /* Functions to leave bits out of the SSH packet log file. */
879 static void dont_log_password(Ssh ssh, struct Packet *pkt, int blanktype)
881 if (ssh->cfg.logomitpass)
882 pkt->logmode = blanktype;
885 static void dont_log_data(Ssh ssh, struct Packet *pkt, int blanktype)
887 if (ssh->cfg.logomitdata)
888 pkt->logmode = blanktype;
891 static void end_log_omission(Ssh ssh, struct Packet *pkt)
893 pkt->logmode = PKTLOG_EMIT;
896 /* Helper function for common bits of parsing cfg.ttymodes. */
897 static void parse_ttymodes(Ssh ssh, char *modes,
898 void (*do_mode)(void *data, char *mode, char *val),
902 char *t = strchr(modes, '\t');
903 char *m = snewn(t-modes+1, char);
905 strncpy(m, modes, t-modes);
908 val = get_ttymode(ssh->frontend, m);
912 do_mode(data, m, val);
915 modes += strlen(modes) + 1;
919 static int ssh_channelcmp(void *av, void *bv)
921 struct ssh_channel *a = (struct ssh_channel *) av;
922 struct ssh_channel *b = (struct ssh_channel *) bv;
923 if (a->localid < b->localid)
925 if (a->localid > b->localid)
929 static int ssh_channelfind(void *av, void *bv)
931 unsigned *a = (unsigned *) av;
932 struct ssh_channel *b = (struct ssh_channel *) bv;
940 static int ssh_rportcmp_ssh1(void *av, void *bv)
942 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
943 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
945 if ( (i = strcmp(a->dhost, b->dhost)) != 0)
946 return i < 0 ? -1 : +1;
947 if (a->dport > b->dport)
949 if (a->dport < b->dport)
954 static int ssh_rportcmp_ssh2(void *av, void *bv)
956 struct ssh_rportfwd *a = (struct ssh_rportfwd *) av;
957 struct ssh_rportfwd *b = (struct ssh_rportfwd *) bv;
959 if (a->sport > b->sport)
961 if (a->sport < b->sport)
967 * Special form of strcmp which can cope with NULL inputs. NULL is
968 * defined to sort before even the empty string.
970 static int nullstrcmp(const char *a, const char *b)
972 if (a == NULL && b == NULL)
981 static int ssh_portcmp(void *av, void *bv)
983 struct ssh_portfwd *a = (struct ssh_portfwd *) av;
984 struct ssh_portfwd *b = (struct ssh_portfwd *) bv;
986 if (a->type > b->type)
988 if (a->type < b->type)
990 if (a->addressfamily > b->addressfamily)
992 if (a->addressfamily < b->addressfamily)
994 if ( (i = nullstrcmp(a->saddr, b->saddr)) != 0)
995 return i < 0 ? -1 : +1;
996 if (a->sport > b->sport)
998 if (a->sport < b->sport)
1000 if (a->type != 'D') {
1001 if ( (i = nullstrcmp(a->daddr, b->daddr)) != 0)
1002 return i < 0 ? -1 : +1;
1003 if (a->dport > b->dport)
1005 if (a->dport < b->dport)
1011 static int alloc_channel_id(Ssh ssh)
1013 const unsigned CHANNEL_NUMBER_OFFSET = 256;
1014 unsigned low, high, mid;
1016 struct ssh_channel *c;
1019 * First-fit allocation of channel numbers: always pick the
1020 * lowest unused one. To do this, binary-search using the
1021 * counted B-tree to find the largest channel ID which is in a
1022 * contiguous sequence from the beginning. (Precisely
1023 * everything in that sequence must have ID equal to its tree
1024 * index plus CHANNEL_NUMBER_OFFSET.)
1026 tsize = count234(ssh->channels);
1030 while (high - low > 1) {
1031 mid = (high + low) / 2;
1032 c = index234(ssh->channels, mid);
1033 if (c->localid == mid + CHANNEL_NUMBER_OFFSET)
1034 low = mid; /* this one is fine */
1036 high = mid; /* this one is past it */
1039 * Now low points to either -1, or the tree index of the
1040 * largest ID in the initial sequence.
1043 unsigned i = low + 1 + CHANNEL_NUMBER_OFFSET;
1044 assert(NULL == find234(ssh->channels, &i, ssh_channelfind));
1046 return low + 1 + CHANNEL_NUMBER_OFFSET;
1049 static void c_write(Ssh ssh, const char *buf, int len)
1051 if ((flags & FLAG_STDERR)) {
1053 for (i = 0; i < len; i++)
1055 fputc(buf[i], stderr);
1058 from_backend(ssh->frontend, 1, buf, len);
1061 static void c_write_untrusted(Ssh ssh, const char *buf, int len)
1064 for (i = 0; i < len; i++) {
1066 c_write(ssh, "\r\n", 2);
1067 else if ((buf[i] & 0x60) || (buf[i] == '\r'))
1068 c_write(ssh, buf + i, 1);
1072 static void c_write_str(Ssh ssh, const char *buf)
1074 c_write(ssh, buf, strlen(buf));
1077 static void ssh_free_packet(struct Packet *pkt)
1082 static struct Packet *ssh_new_packet(void)
1084 struct Packet *pkt = snew(struct Packet);
1086 pkt->body = pkt->data = NULL;
1088 pkt->logmode = PKTLOG_EMIT;
1096 * Collect incoming data in the incoming packet buffer.
1097 * Decipher and verify the packet when it is completely read.
1098 * Drop SSH1_MSG_DEBUG and SSH1_MSG_IGNORE packets.
1099 * Update the *data and *datalen variables.
1100 * Return a Packet structure when a packet is completed.
1102 static struct Packet *ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1104 struct rdpkt1_state_tag *st = &ssh->rdpkt1_state;
1106 crBegin(ssh->ssh1_rdpkt_crstate);
1108 st->pktin = ssh_new_packet();
1110 st->pktin->type = 0;
1111 st->pktin->length = 0;
1113 for (st->i = st->len = 0; st->i < 4; st->i++) {
1114 while ((*datalen) == 0)
1116 st->len = (st->len << 8) + **data;
1117 (*data)++, (*datalen)--;
1120 st->pad = 8 - (st->len % 8);
1121 st->biglen = st->len + st->pad;
1122 st->pktin->length = st->len - 5;
1124 if (st->biglen < 0) {
1125 bombout(("Extremely large packet length from server suggests"
1126 " data stream corruption"));
1127 ssh_free_packet(st->pktin);
1131 st->pktin->maxlen = st->biglen;
1132 st->pktin->data = snewn(st->biglen + APIEXTRA, unsigned char);
1134 st->to_read = st->biglen;
1135 st->p = st->pktin->data;
1136 while (st->to_read > 0) {
1137 st->chunk = st->to_read;
1138 while ((*datalen) == 0)
1140 if (st->chunk > (*datalen))
1141 st->chunk = (*datalen);
1142 memcpy(st->p, *data, st->chunk);
1144 *datalen -= st->chunk;
1146 st->to_read -= st->chunk;
1149 if (ssh->cipher && detect_attack(ssh->crcda_ctx, st->pktin->data,
1150 st->biglen, NULL)) {
1151 bombout(("Network attack (CRC compensation) detected!"));
1152 ssh_free_packet(st->pktin);
1157 ssh->cipher->decrypt(ssh->v1_cipher_ctx, st->pktin->data, st->biglen);
1159 st->realcrc = crc32_compute(st->pktin->data, st->biglen - 4);
1160 st->gotcrc = GET_32BIT(st->pktin->data + st->biglen - 4);
1161 if (st->gotcrc != st->realcrc) {
1162 bombout(("Incorrect CRC received on packet"));
1163 ssh_free_packet(st->pktin);
1167 st->pktin->body = st->pktin->data + st->pad + 1;
1168 st->pktin->savedpos = 0;
1170 if (ssh->v1_compressing) {
1171 unsigned char *decompblk;
1173 if (!zlib_decompress_block(ssh->sc_comp_ctx,
1174 st->pktin->body - 1, st->pktin->length + 1,
1175 &decompblk, &decomplen)) {
1176 bombout(("Zlib decompression encountered invalid data"));
1177 ssh_free_packet(st->pktin);
1181 if (st->pktin->maxlen < st->pad + decomplen) {
1182 st->pktin->maxlen = st->pad + decomplen;
1183 st->pktin->data = sresize(st->pktin->data,
1184 st->pktin->maxlen + APIEXTRA,
1186 st->pktin->body = st->pktin->data + st->pad + 1;
1189 memcpy(st->pktin->body - 1, decompblk, decomplen);
1191 st->pktin->length = decomplen - 1;
1194 st->pktin->type = st->pktin->body[-1];
1197 * Log incoming packet, possibly omitting sensitive fields.
1201 struct logblank_t blank;
1202 if (ssh->cfg.logomitdata) {
1203 int do_blank = FALSE, blank_prefix = 0;
1204 /* "Session data" packets - omit the data field */
1205 if ((st->pktin->type == SSH1_SMSG_STDOUT_DATA) ||
1206 (st->pktin->type == SSH1_SMSG_STDERR_DATA)) {
1207 do_blank = TRUE; blank_prefix = 0;
1208 } else if (st->pktin->type == SSH1_MSG_CHANNEL_DATA) {
1209 do_blank = TRUE; blank_prefix = 4;
1212 blank.offset = blank_prefix;
1213 blank.len = st->pktin->length;
1214 blank.type = PKTLOG_OMIT;
1218 log_packet(ssh->logctx,
1219 PKT_INCOMING, st->pktin->type,
1220 ssh1_pkt_type(st->pktin->type),
1221 st->pktin->body, st->pktin->length,
1225 crFinish(st->pktin);
1228 static struct Packet *ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
1230 struct rdpkt2_state_tag *st = &ssh->rdpkt2_state;
1232 crBegin(ssh->ssh2_rdpkt_crstate);
1234 st->pktin = ssh_new_packet();
1236 st->pktin->type = 0;
1237 st->pktin->length = 0;
1239 st->cipherblk = ssh->sccipher->blksize;
1242 if (st->cipherblk < 8)
1245 st->pktin->data = snewn(st->cipherblk + APIEXTRA, unsigned char);
1248 * Acquire and decrypt the first block of the packet. This will
1249 * contain the length and padding details.
1251 for (st->i = st->len = 0; st->i < st->cipherblk; st->i++) {
1252 while ((*datalen) == 0)
1254 st->pktin->data[st->i] = *(*data)++;
1259 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1260 st->pktin->data, st->cipherblk);
1263 * Now get the length and padding figures.
1265 st->len = GET_32BIT(st->pktin->data);
1266 st->pad = st->pktin->data[4];
1269 * _Completely_ silly lengths should be stomped on before they
1270 * do us any more damage.
1272 if (st->len < 0 || st->len > 35000 || st->pad < 4 ||
1273 st->len - st->pad < 1 || (st->len + 4) % st->cipherblk != 0) {
1274 bombout(("Incoming packet was garbled on decryption"));
1275 ssh_free_packet(st->pktin);
1280 * This enables us to deduce the payload length.
1282 st->payload = st->len - st->pad - 1;
1284 st->pktin->length = st->payload + 5;
1287 * So now we can work out the total packet length.
1289 st->packetlen = st->len + 4;
1290 st->maclen = ssh->scmac ? ssh->scmac->len : 0;
1293 * Allocate memory for the rest of the packet.
1295 st->pktin->maxlen = st->packetlen + st->maclen;
1296 st->pktin->data = sresize(st->pktin->data,
1297 st->pktin->maxlen + APIEXTRA,
1301 * Read and decrypt the remainder of the packet.
1303 for (st->i = st->cipherblk; st->i < st->packetlen + st->maclen;
1305 while ((*datalen) == 0)
1307 st->pktin->data[st->i] = *(*data)++;
1310 /* Decrypt everything _except_ the MAC. */
1312 ssh->sccipher->decrypt(ssh->sc_cipher_ctx,
1313 st->pktin->data + st->cipherblk,
1314 st->packetlen - st->cipherblk);
1316 st->pktin->encrypted_len = st->packetlen;
1322 && !ssh->scmac->verify(ssh->sc_mac_ctx, st->pktin->data, st->len + 4,
1323 st->incoming_sequence)) {
1324 bombout(("Incorrect MAC received on packet"));
1325 ssh_free_packet(st->pktin);
1329 st->pktin->sequence = st->incoming_sequence++;
1332 * Decompress packet payload.
1335 unsigned char *newpayload;
1338 ssh->sccomp->decompress(ssh->sc_comp_ctx,
1339 st->pktin->data + 5, st->pktin->length - 5,
1340 &newpayload, &newlen)) {
1341 if (st->pktin->maxlen < newlen + 5) {
1342 st->pktin->maxlen = newlen + 5;
1343 st->pktin->data = sresize(st->pktin->data,
1344 st->pktin->maxlen + APIEXTRA,
1347 st->pktin->length = 5 + newlen;
1348 memcpy(st->pktin->data + 5, newpayload, newlen);
1353 st->pktin->savedpos = 6;
1354 st->pktin->body = st->pktin->data;
1355 st->pktin->type = st->pktin->data[5];
1358 * Log incoming packet, possibly omitting sensitive fields.
1362 struct logblank_t blank;
1363 if (ssh->cfg.logomitdata) {
1364 int do_blank = FALSE, blank_prefix = 0;
1365 /* "Session data" packets - omit the data field */
1366 if (st->pktin->type == SSH2_MSG_CHANNEL_DATA) {
1367 do_blank = TRUE; blank_prefix = 4;
1368 } else if (st->pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA) {
1369 do_blank = TRUE; blank_prefix = 8;
1372 blank.offset = blank_prefix;
1373 blank.len = (st->pktin->length-6) - blank_prefix;
1374 blank.type = PKTLOG_OMIT;
1378 log_packet(ssh->logctx, PKT_INCOMING, st->pktin->type,
1379 ssh2_pkt_type(ssh->pkt_ctx, st->pktin->type),
1380 st->pktin->data+6, st->pktin->length-6,
1384 crFinish(st->pktin);
1387 static int s_wrpkt_prepare(Ssh ssh, struct Packet *pkt, int *offset_p)
1389 int pad, biglen, i, pktoffs;
1393 * XXX various versions of SC (including 8.8.4) screw up the
1394 * register allocation in this function and use the same register
1395 * (D6) for len and as a temporary, with predictable results. The
1396 * following sledgehammer prevents this.
1403 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[12],
1404 ssh1_pkt_type(pkt->data[12]),
1405 pkt->body, pkt->length - (pkt->body - pkt->data),
1406 pkt->nblanks, pkt->blanks);
1407 sfree(pkt->blanks); pkt->blanks = NULL;
1410 if (ssh->v1_compressing) {
1411 unsigned char *compblk;
1413 zlib_compress_block(ssh->cs_comp_ctx,
1414 pkt->data + 12, pkt->length - 12,
1415 &compblk, &complen);
1416 memcpy(pkt->data + 12, compblk, complen);
1418 pkt->length = complen + 12;
1421 ssh_pkt_ensure(pkt, pkt->length + 4); /* space for CRC */
1423 len = pkt->length - 4 - 8; /* len(type+data+CRC) */
1424 pad = 8 - (len % 8);
1426 biglen = len + pad; /* len(padding+type+data+CRC) */
1428 for (i = pktoffs; i < 4+8; i++)
1429 pkt->data[i] = random_byte();
1430 crc = crc32_compute(pkt->data + pktoffs + 4, biglen - 4); /* all ex len */
1431 PUT_32BIT(pkt->data + pktoffs + 4 + biglen - 4, crc);
1432 PUT_32BIT(pkt->data + pktoffs, len);
1435 ssh->cipher->encrypt(ssh->v1_cipher_ctx,
1436 pkt->data + pktoffs + 4, biglen);
1438 if (offset_p) *offset_p = pktoffs;
1439 return biglen + 4; /* len(length+padding+type+data+CRC) */
1442 static void s_wrpkt(Ssh ssh, struct Packet *pkt)
1444 int len, backlog, offset;
1445 len = s_wrpkt_prepare(ssh, pkt, &offset);
1446 backlog = sk_write(ssh->s, (char *)pkt->data + offset, len);
1447 if (backlog > SSH_MAX_BACKLOG)
1448 ssh_throttle_all(ssh, 1, backlog);
1449 ssh_free_packet(pkt);
1452 static void s_wrpkt_defer(Ssh ssh, struct Packet *pkt)
1455 len = s_wrpkt_prepare(ssh, pkt, &offset);
1456 if (ssh->deferred_len + len > ssh->deferred_size) {
1457 ssh->deferred_size = ssh->deferred_len + len + 128;
1458 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
1462 memcpy(ssh->deferred_send_data + ssh->deferred_len,
1463 pkt->data + offset, len);
1464 ssh->deferred_len += len;
1465 ssh_free_packet(pkt);
1469 * Construct a SSH-1 packet with the specified contents.
1470 * (This all-at-once interface used to be the only one, but now SSH-1
1471 * packets can also be constructed incrementally.)
1473 static struct Packet *construct_packet(Ssh ssh, int pkttype, va_list ap)
1479 pkt = ssh1_pkt_init(pkttype);
1481 while ((argtype = va_arg(ap, int)) != PKT_END) {
1482 unsigned char *argp, argchar;
1483 unsigned long argint;
1486 /* Actual fields in the packet */
1488 argint = va_arg(ap, int);
1489 ssh_pkt_adduint32(pkt, argint);
1492 argchar = (unsigned char) va_arg(ap, int);
1493 ssh_pkt_addbyte(pkt, argchar);
1496 argp = va_arg(ap, unsigned char *);
1497 arglen = va_arg(ap, int);
1498 ssh_pkt_adddata(pkt, argp, arglen);
1501 argp = va_arg(ap, unsigned char *);
1502 ssh_pkt_addstring(pkt, argp);
1505 bn = va_arg(ap, Bignum);
1506 ssh1_pkt_addmp(pkt, bn);
1508 /* Tokens for modifications to packet logging */
1510 dont_log_password(ssh, pkt, PKTLOG_BLANK);
1513 dont_log_data(ssh, pkt, PKTLOG_OMIT);
1516 end_log_omission(ssh, pkt);
1524 static void send_packet(Ssh ssh, int pkttype, ...)
1528 va_start(ap, pkttype);
1529 pkt = construct_packet(ssh, pkttype, ap);
1534 static void defer_packet(Ssh ssh, int pkttype, ...)
1538 va_start(ap, pkttype);
1539 pkt = construct_packet(ssh, pkttype, ap);
1541 s_wrpkt_defer(ssh, pkt);
1544 static int ssh_versioncmp(char *a, char *b)
1547 unsigned long av, bv;
1549 av = strtoul(a, &ae, 10);
1550 bv = strtoul(b, &be, 10);
1552 return (av < bv ? -1 : +1);
1557 av = strtoul(ae, &ae, 10);
1558 bv = strtoul(be, &be, 10);
1560 return (av < bv ? -1 : +1);
1565 * Utility routines for putting an SSH-protocol `string' and
1566 * `uint32' into a hash state.
1568 static void hash_string(const struct ssh_hash *h, void *s, void *str, int len)
1570 unsigned char lenblk[4];
1571 PUT_32BIT(lenblk, len);
1572 h->bytes(s, lenblk, 4);
1573 h->bytes(s, str, len);
1576 static void hash_uint32(const struct ssh_hash *h, void *s, unsigned i)
1578 unsigned char intblk[4];
1579 PUT_32BIT(intblk, i);
1580 h->bytes(s, intblk, 4);
1584 * Packet construction functions. Mostly shared between SSH-1 and SSH-2.
1586 static void ssh_pkt_ensure(struct Packet *pkt, int length)
1588 if (pkt->maxlen < length) {
1589 unsigned char *body = pkt->body;
1590 int offset = body ? body - pkt->data : 0;
1591 pkt->maxlen = length + 256;
1592 pkt->data = sresize(pkt->data, pkt->maxlen + APIEXTRA, unsigned char);
1593 if (body) pkt->body = pkt->data + offset;
1596 static void ssh_pkt_adddata(struct Packet *pkt, void *data, int len)
1598 if (pkt->logmode != PKTLOG_EMIT) {
1600 pkt->blanks = sresize(pkt->blanks, pkt->nblanks, struct logblank_t);
1602 pkt->blanks[pkt->nblanks-1].offset = pkt->length -
1603 (pkt->body - pkt->data);
1604 pkt->blanks[pkt->nblanks-1].len = len;
1605 pkt->blanks[pkt->nblanks-1].type = pkt->logmode;
1608 ssh_pkt_ensure(pkt, pkt->length);
1609 memcpy(pkt->data + pkt->length - len, data, len);
1611 static void ssh_pkt_addbyte(struct Packet *pkt, unsigned char byte)
1613 ssh_pkt_adddata(pkt, &byte, 1);
1615 static void ssh2_pkt_addbool(struct Packet *pkt, unsigned char value)
1617 ssh_pkt_adddata(pkt, &value, 1);
1619 static void ssh_pkt_adduint32(struct Packet *pkt, unsigned long value)
1622 PUT_32BIT(x, value);
1623 ssh_pkt_adddata(pkt, x, 4);
1625 static void ssh_pkt_addstring_start(struct Packet *pkt)
1627 ssh_pkt_adduint32(pkt, 0);
1628 pkt->savedpos = pkt->length;
1630 static void ssh_pkt_addstring_str(struct Packet *pkt, char *data)
1632 ssh_pkt_adddata(pkt, data, strlen(data));
1633 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1635 static void ssh_pkt_addstring_data(struct Packet *pkt, char *data, int len)
1637 ssh_pkt_adddata(pkt, data, len);
1638 PUT_32BIT(pkt->data + pkt->savedpos - 4, pkt->length - pkt->savedpos);
1640 static void ssh_pkt_addstring(struct Packet *pkt, char *data)
1642 ssh_pkt_addstring_start(pkt);
1643 ssh_pkt_addstring_str(pkt, data);
1645 static void ssh1_pkt_addmp(struct Packet *pkt, Bignum b)
1647 int len = ssh1_bignum_length(b);
1648 unsigned char *data = snewn(len, char);
1649 (void) ssh1_write_bignum(data, b);
1650 ssh_pkt_adddata(pkt, data, len);
1653 static unsigned char *ssh2_mpint_fmt(Bignum b, int *len)
1656 int i, n = (bignum_bitcount(b) + 7) / 8;
1657 p = snewn(n + 1, unsigned char);
1659 for (i = 1; i <= n; i++)
1660 p[i] = bignum_byte(b, n - i);
1662 while (i <= n && p[i] == 0 && (p[i + 1] & 0x80) == 0)
1664 memmove(p, p + i, n + 1 - i);
1668 static void ssh2_pkt_addmp(struct Packet *pkt, Bignum b)
1672 p = ssh2_mpint_fmt(b, &len);
1673 ssh_pkt_addstring_start(pkt);
1674 ssh_pkt_addstring_data(pkt, (char *)p, len);
1678 static struct Packet *ssh1_pkt_init(int pkt_type)
1680 struct Packet *pkt = ssh_new_packet();
1681 pkt->length = 4 + 8; /* space for length + max padding */
1682 ssh_pkt_addbyte(pkt, pkt_type);
1683 pkt->body = pkt->data + pkt->length;
1687 /* For legacy code (SSH-1 and -2 packet construction used to be separate) */
1688 #define ssh2_pkt_ensure(pkt, length) ssh_pkt_ensure(pkt, length)
1689 #define ssh2_pkt_adddata(pkt, data, len) ssh_pkt_adddata(pkt, data, len)
1690 #define ssh2_pkt_addbyte(pkt, byte) ssh_pkt_addbyte(pkt, byte)
1691 #define ssh2_pkt_adduint32(pkt, value) ssh_pkt_adduint32(pkt, value)
1692 #define ssh2_pkt_addstring_start(pkt) ssh_pkt_addstring_start(pkt)
1693 #define ssh2_pkt_addstring_str(pkt, data) ssh_pkt_addstring_str(pkt, data)
1694 #define ssh2_pkt_addstring_data(pkt, data, len) ssh_pkt_addstring_data(pkt, data, len)
1695 #define ssh2_pkt_addstring(pkt, data) ssh_pkt_addstring(pkt, data)
1697 static struct Packet *ssh2_pkt_init(int pkt_type)
1699 struct Packet *pkt = ssh_new_packet();
1700 pkt->length = 5; /* space for packet length + padding length */
1702 ssh_pkt_addbyte(pkt, (unsigned char) pkt_type);
1703 pkt->body = pkt->data + pkt->length; /* after packet type */
1708 * Construct an SSH-2 final-form packet: compress it, encrypt it,
1709 * put the MAC on it. Final packet, ready to be sent, is stored in
1710 * pkt->data. Total length is returned.
1712 static int ssh2_pkt_construct(Ssh ssh, struct Packet *pkt)
1714 int cipherblk, maclen, padding, i;
1717 log_packet(ssh->logctx, PKT_OUTGOING, pkt->data[5],
1718 ssh2_pkt_type(ssh->pkt_ctx, pkt->data[5]),
1719 pkt->body, pkt->length - (pkt->body - pkt->data),
1720 pkt->nblanks, pkt->blanks);
1721 sfree(pkt->blanks); pkt->blanks = NULL;
1725 * Compress packet payload.
1728 unsigned char *newpayload;
1731 ssh->cscomp->compress(ssh->cs_comp_ctx, pkt->data + 5,
1733 &newpayload, &newlen)) {
1735 ssh2_pkt_adddata(pkt, newpayload, newlen);
1741 * Add padding. At least four bytes, and must also bring total
1742 * length (minus MAC) up to a multiple of the block size.
1743 * If pkt->forcepad is set, make sure the packet is at least that size
1746 cipherblk = ssh->cscipher ? ssh->cscipher->blksize : 8; /* block size */
1747 cipherblk = cipherblk < 8 ? 8 : cipherblk; /* or 8 if blksize < 8 */
1749 if (pkt->length + padding < pkt->forcepad)
1750 padding = pkt->forcepad - pkt->length;
1752 (cipherblk - (pkt->length + padding) % cipherblk) % cipherblk;
1753 assert(padding <= 255);
1754 maclen = ssh->csmac ? ssh->csmac->len : 0;
1755 ssh2_pkt_ensure(pkt, pkt->length + padding + maclen);
1756 pkt->data[4] = padding;
1757 for (i = 0; i < padding; i++)
1758 pkt->data[pkt->length + i] = random_byte();
1759 PUT_32BIT(pkt->data, pkt->length + padding - 4);
1761 ssh->csmac->generate(ssh->cs_mac_ctx, pkt->data,
1762 pkt->length + padding,
1763 ssh->v2_outgoing_sequence);
1764 ssh->v2_outgoing_sequence++; /* whether or not we MACed */
1767 ssh->cscipher->encrypt(ssh->cs_cipher_ctx,
1768 pkt->data, pkt->length + padding);
1770 pkt->encrypted_len = pkt->length + padding;
1772 /* Ready-to-send packet starts at pkt->data. We return length. */
1773 return pkt->length + padding + maclen;
1777 * Routines called from the main SSH code to send packets. There
1778 * are quite a few of these, because we have two separate
1779 * mechanisms for delaying the sending of packets:
1781 * - In order to send an IGNORE message and a password message in
1782 * a single fixed-length blob, we require the ability to
1783 * concatenate the encrypted forms of those two packets _into_ a
1784 * single blob and then pass it to our <network.h> transport
1785 * layer in one go. Hence, there's a deferment mechanism which
1786 * works after packet encryption.
1788 * - In order to avoid sending any connection-layer messages
1789 * during repeat key exchange, we have to queue up any such
1790 * outgoing messages _before_ they are encrypted (and in
1791 * particular before they're allocated sequence numbers), and
1792 * then send them once we've finished.
1794 * I call these mechanisms `defer' and `queue' respectively, so as
1795 * to distinguish them reasonably easily.
1797 * The functions send_noqueue() and defer_noqueue() free the packet
1798 * structure they are passed. Every outgoing packet goes through
1799 * precisely one of these functions in its life; packets passed to
1800 * ssh2_pkt_send() or ssh2_pkt_defer() either go straight to one of
1801 * these or get queued, and then when the queue is later emptied
1802 * the packets are all passed to defer_noqueue().
1804 * When using a CBC-mode cipher, it's necessary to ensure that an
1805 * attacker can't provide data to be encrypted using an IV that they
1806 * know. We ensure this by prefixing each packet that might contain
1807 * user data with an SSH_MSG_IGNORE. This is done using the deferral
1808 * mechanism, so in this case send_noqueue() ends up redirecting to
1809 * defer_noqueue(). If you don't like this inefficiency, don't use
1813 static void ssh2_pkt_defer_noqueue(Ssh, struct Packet *, int);
1814 static void ssh_pkt_defersend(Ssh);
1817 * Send an SSH-2 packet immediately, without queuing or deferring.
1819 static void ssh2_pkt_send_noqueue(Ssh ssh, struct Packet *pkt)
1823 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC)) {
1824 /* We need to send two packets, so use the deferral mechanism. */
1825 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
1826 ssh_pkt_defersend(ssh);
1829 len = ssh2_pkt_construct(ssh, pkt);
1830 backlog = sk_write(ssh->s, (char *)pkt->data, len);
1831 if (backlog > SSH_MAX_BACKLOG)
1832 ssh_throttle_all(ssh, 1, backlog);
1834 ssh->outgoing_data_size += pkt->encrypted_len;
1835 if (!ssh->kex_in_progress &&
1836 ssh->max_data_size != 0 &&
1837 ssh->outgoing_data_size > ssh->max_data_size)
1838 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
1840 ssh_free_packet(pkt);
1844 * Defer an SSH-2 packet.
1846 static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)
1849 if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC) &&
1850 ssh->deferred_len == 0 && !noignore) {
1852 * Interpose an SSH_MSG_IGNORE to ensure that user data don't
1853 * get encrypted with a known IV.
1855 struct Packet *ipkt = ssh2_pkt_init(SSH2_MSG_IGNORE);
1856 ssh2_pkt_defer_noqueue(ssh, ipkt, TRUE);
1858 len = ssh2_pkt_construct(ssh, pkt);
1859 if (ssh->deferred_len + len > ssh->deferred_size) {
1860 ssh->deferred_size = ssh->deferred_len + len + 128;
1861 ssh->deferred_send_data = sresize(ssh->deferred_send_data,
1865 memcpy(ssh->deferred_send_data + ssh->deferred_len, pkt->data, len);
1866 ssh->deferred_len += len;
1867 ssh->deferred_data_size += pkt->encrypted_len;
1868 ssh_free_packet(pkt);
1872 * Queue an SSH-2 packet.
1874 static void ssh2_pkt_queue(Ssh ssh, struct Packet *pkt)
1876 assert(ssh->queueing);
1878 if (ssh->queuelen >= ssh->queuesize) {
1879 ssh->queuesize = ssh->queuelen + 32;
1880 ssh->queue = sresize(ssh->queue, ssh->queuesize, struct Packet *);
1883 ssh->queue[ssh->queuelen++] = pkt;
1887 * Either queue or send a packet, depending on whether queueing is
1890 static void ssh2_pkt_send(Ssh ssh, struct Packet *pkt)
1893 ssh2_pkt_queue(ssh, pkt);
1895 ssh2_pkt_send_noqueue(ssh, pkt);
1900 * Either queue or defer a packet, depending on whether queueing is
1903 static void ssh2_pkt_defer(Ssh ssh, struct Packet *pkt)
1906 ssh2_pkt_queue(ssh, pkt);
1908 ssh2_pkt_defer_noqueue(ssh, pkt, FALSE);
1913 * Send the whole deferred data block constructed by
1914 * ssh2_pkt_defer() or SSH-1's defer_packet().
1916 * The expected use of the defer mechanism is that you call
1917 * ssh2_pkt_defer() a few times, then call ssh_pkt_defersend(). If
1918 * not currently queueing, this simply sets up deferred_send_data
1919 * and then sends it. If we _are_ currently queueing, the calls to
1920 * ssh2_pkt_defer() put the deferred packets on to the queue
1921 * instead, and therefore ssh_pkt_defersend() has no deferred data
1922 * to send. Hence, there's no need to make it conditional on
1925 static void ssh_pkt_defersend(Ssh ssh)
1928 backlog = sk_write(ssh->s, (char *)ssh->deferred_send_data,
1930 ssh->deferred_len = ssh->deferred_size = 0;
1931 sfree(ssh->deferred_send_data);
1932 ssh->deferred_send_data = NULL;
1933 if (backlog > SSH_MAX_BACKLOG)
1934 ssh_throttle_all(ssh, 1, backlog);
1936 ssh->outgoing_data_size += ssh->deferred_data_size;
1937 if (!ssh->kex_in_progress &&
1938 ssh->max_data_size != 0 &&
1939 ssh->outgoing_data_size > ssh->max_data_size)
1940 do_ssh2_transport(ssh, "too much data sent", -1, NULL);
1941 ssh->deferred_data_size = 0;
1945 * Send all queued SSH-2 packets. We send them by means of
1946 * ssh2_pkt_defer_noqueue(), in case they included a pair of
1947 * packets that needed to be lumped together.
1949 static void ssh2_pkt_queuesend(Ssh ssh)
1953 assert(!ssh->queueing);
1955 for (i = 0; i < ssh->queuelen; i++)
1956 ssh2_pkt_defer_noqueue(ssh, ssh->queue[i], FALSE);
1959 ssh_pkt_defersend(ssh);
1963 void bndebug(char *string, Bignum b)
1967 p = ssh2_mpint_fmt(b, &len);
1968 debug(("%s", string));
1969 for (i = 0; i < len; i++)
1970 debug((" %02x", p[i]));
1976 static void hash_mpint(const struct ssh_hash *h, void *s, Bignum b)
1980 p = ssh2_mpint_fmt(b, &len);
1981 hash_string(h, s, p, len);
1986 * Packet decode functions for both SSH-1 and SSH-2.
1988 static unsigned long ssh_pkt_getuint32(struct Packet *pkt)
1990 unsigned long value;
1991 if (pkt->length - pkt->savedpos < 4)
1992 return 0; /* arrgh, no way to decline (FIXME?) */
1993 value = GET_32BIT(pkt->body + pkt->savedpos);
1997 static int ssh2_pkt_getbool(struct Packet *pkt)
1999 unsigned long value;
2000 if (pkt->length - pkt->savedpos < 1)
2001 return 0; /* arrgh, no way to decline (FIXME?) */
2002 value = pkt->body[pkt->savedpos] != 0;
2006 static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length)
2011 if (pkt->length - pkt->savedpos < 4)
2013 len = GET_32BIT(pkt->body + pkt->savedpos);
2018 if (pkt->length - pkt->savedpos < *length)
2020 *p = (char *)(pkt->body + pkt->savedpos);
2021 pkt->savedpos += *length;
2023 static void *ssh_pkt_getdata(struct Packet *pkt, int length)
2025 if (pkt->length - pkt->savedpos < length)
2027 pkt->savedpos += length;
2028 return pkt->body + (pkt->savedpos - length);
2030 static int ssh1_pkt_getrsakey(struct Packet *pkt, struct RSAKey *key,
2031 unsigned char **keystr)
2035 j = makekey(pkt->body + pkt->savedpos,
2036 pkt->length - pkt->savedpos,
2043 assert(pkt->savedpos < pkt->length);
2047 static Bignum ssh1_pkt_getmp(struct Packet *pkt)
2052 j = ssh1_read_bignum(pkt->body + pkt->savedpos,
2053 pkt->length - pkt->savedpos, &b);
2061 static Bignum ssh2_pkt_getmp(struct Packet *pkt)
2067 ssh_pkt_getstring(pkt, &p, &length);
2072 b = bignum_from_bytes((unsigned char *)p, length);
2077 * Helper function to add an SSH-2 signature blob to a packet.
2078 * Expects to be shown the public key blob as well as the signature
2079 * blob. Normally works just like ssh2_pkt_addstring, but will
2080 * fiddle with the signature packet if necessary for
2081 * BUG_SSH2_RSA_PADDING.
2083 static void ssh2_add_sigblob(Ssh ssh, struct Packet *pkt,
2084 void *pkblob_v, int pkblob_len,
2085 void *sigblob_v, int sigblob_len)
2087 unsigned char *pkblob = (unsigned char *)pkblob_v;
2088 unsigned char *sigblob = (unsigned char *)sigblob_v;
2090 /* dmemdump(pkblob, pkblob_len); */
2091 /* dmemdump(sigblob, sigblob_len); */
2094 * See if this is in fact an ssh-rsa signature and a buggy
2095 * server; otherwise we can just do this the easy way.
2097 if ((ssh->remote_bugs & BUG_SSH2_RSA_PADDING) &&
2098 (GET_32BIT(pkblob) == 7 && !memcmp(pkblob+4, "ssh-rsa", 7))) {
2099 int pos, len, siglen;
2102 * Find the byte length of the modulus.
2105 pos = 4+7; /* skip over "ssh-rsa" */
2106 pos += 4 + GET_32BIT(pkblob+pos); /* skip over exponent */
2107 len = GET_32BIT(pkblob+pos); /* find length of modulus */
2108 pos += 4; /* find modulus itself */
2109 while (len > 0 && pkblob[pos] == 0)
2111 /* debug(("modulus length is %d\n", len)); */
2114 * Now find the signature integer.
2116 pos = 4+7; /* skip over "ssh-rsa" */
2117 siglen = GET_32BIT(sigblob+pos);
2118 /* debug(("signature length is %d\n", siglen)); */
2120 if (len != siglen) {
2121 unsigned char newlen[4];
2122 ssh2_pkt_addstring_start(pkt);
2123 ssh2_pkt_addstring_data(pkt, (char *)sigblob, pos);
2124 /* dmemdump(sigblob, pos); */
2125 pos += 4; /* point to start of actual sig */
2126 PUT_32BIT(newlen, len);
2127 ssh2_pkt_addstring_data(pkt, (char *)newlen, 4);
2128 /* dmemdump(newlen, 4); */
2130 while (len-- > siglen) {
2131 ssh2_pkt_addstring_data(pkt, (char *)newlen, 1);
2132 /* dmemdump(newlen, 1); */
2134 ssh2_pkt_addstring_data(pkt, (char *)(sigblob+pos), siglen);
2135 /* dmemdump(sigblob+pos, siglen); */
2139 /* Otherwise fall through and do it the easy way. */
2142 ssh2_pkt_addstring_start(pkt);
2143 ssh2_pkt_addstring_data(pkt, (char *)sigblob, sigblob_len);
2147 * Examine the remote side's version string and compare it against
2148 * a list of known buggy implementations.
2150 static void ssh_detect_bugs(Ssh ssh, char *vstring)
2152 char *imp; /* pointer to implementation part */
2154 imp += strcspn(imp, "-");
2156 imp += strcspn(imp, "-");
2159 ssh->remote_bugs = 0;
2161 if (ssh->cfg.sshbug_ignore1 == FORCE_ON ||
2162 (ssh->cfg.sshbug_ignore1 == AUTO &&
2163 (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
2164 !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
2165 !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
2166 !strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
2168 * These versions don't support SSH1_MSG_IGNORE, so we have
2169 * to use a different defence against password length
2172 ssh->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
2173 logevent("We believe remote version has SSH-1 ignore bug");
2176 if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
2177 (ssh->cfg.sshbug_plainpw1 == AUTO &&
2178 (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
2180 * These versions need a plain password sent; they can't
2181 * handle having a null and a random length of data after
2184 ssh->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
2185 logevent("We believe remote version needs a plain SSH-1 password");
2188 if (ssh->cfg.sshbug_rsa1 == FORCE_ON ||
2189 (ssh->cfg.sshbug_rsa1 == AUTO &&
2190 (!strcmp(imp, "Cisco-1.25")))) {
2192 * These versions apparently have no clue whatever about
2193 * RSA authentication and will panic and die if they see
2194 * an AUTH_RSA message.
2196 ssh->remote_bugs |= BUG_CHOKES_ON_RSA;
2197 logevent("We believe remote version can't handle SSH-1 RSA authentication");
2200 if (ssh->cfg.sshbug_hmac2 == FORCE_ON ||
2201 (ssh->cfg.sshbug_hmac2 == AUTO &&
2202 !wc_match("* VShell", imp) &&
2203 (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
2204 wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
2205 wc_match("2.1 *", imp)))) {
2207 * These versions have the HMAC bug.
2209 ssh->remote_bugs |= BUG_SSH2_HMAC;
2210 logevent("We believe remote version has SSH-2 HMAC bug");
2213 if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
2214 (ssh->cfg.sshbug_derivekey2 == AUTO &&
2215 !wc_match("* VShell", imp) &&
2216 (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
2218 * These versions have the key-derivation bug (failing to
2219 * include the literal shared secret in the hashes that
2220 * generate the keys).
2222 ssh->remote_bugs |= BUG_SSH2_DERIVEKEY;
2223 logevent("We believe remote version has SSH-2 key-derivation bug");
2226 if (ssh->cfg.sshbug_rsapad2 == FORCE_ON ||
2227 (ssh->cfg.sshbug_rsapad2 == AUTO &&
2228 (wc_match("OpenSSH_2.[5-9]*", imp) ||
2229 wc_match("OpenSSH_3.[0-2]*", imp)))) {
2231 * These versions have the SSH-2 RSA padding bug.
2233 ssh->remote_bugs |= BUG_SSH2_RSA_PADDING;
2234 logevent("We believe remote version has SSH-2 RSA padding bug");
2237 if (ssh->cfg.sshbug_pksessid2 == FORCE_ON ||
2238 (ssh->cfg.sshbug_pksessid2 == AUTO &&
2239 wc_match("OpenSSH_2.[0-2]*", imp))) {
2241 * These versions have the SSH-2 session-ID bug in
2242 * public-key authentication.
2244 ssh->remote_bugs |= BUG_SSH2_PK_SESSIONID;
2245 logevent("We believe remote version has SSH-2 public-key-session-ID bug");
2248 if (ssh->cfg.sshbug_rekey2 == FORCE_ON ||
2249 (ssh->cfg.sshbug_rekey2 == AUTO &&
2250 (wc_match("DigiSSH_2.0", imp) ||
2251 wc_match("OpenSSH_2.[0-4]*", imp) ||
2252 wc_match("OpenSSH_2.5.[0-3]*", imp) ||
2253 wc_match("Sun_SSH_1.0", imp) ||
2254 wc_match("Sun_SSH_1.0.1", imp) ||
2255 /* All versions <= 1.2.6 (they changed their format in 1.2.7) */
2256 wc_match("WeOnlyDo-*", imp)))) {
2258 * These versions have the SSH-2 rekey bug.
2260 ssh->remote_bugs |= BUG_SSH2_REKEY;
2261 logevent("We believe remote version has SSH-2 rekey bug");
2266 * The `software version' part of an SSH version string is required
2267 * to contain no spaces or minus signs.
2269 static void ssh_fix_verstring(char *str)
2271 /* Eat "SSH-<protoversion>-". */
2272 assert(*str == 'S'); str++;
2273 assert(*str == 'S'); str++;
2274 assert(*str == 'H'); str++;
2275 assert(*str == '-'); str++;
2276 while (*str && *str != '-') str++;
2277 assert(*str == '-'); str++;
2279 /* Convert minus signs and spaces in the remaining string into
2282 if (*str == '-' || *str == ' ')
2288 static int do_ssh_init(Ssh ssh, unsigned char c)
2290 struct do_ssh_init_state {
2298 crState(do_ssh_init_state);
2300 crBegin(ssh->do_ssh_init_crstate);
2302 /* Search for a line beginning with the string "SSH-" in the input. */
2304 if (c != 'S') goto no;
2306 if (c != 'S') goto no;
2308 if (c != 'H') goto no;
2310 if (c != '-') goto no;
2319 s->vstring = snewn(s->vstrsize, char);
2320 strcpy(s->vstring, "SSH-");
2324 crReturn(1); /* get another char */
2325 if (s->vslen >= s->vstrsize - 1) {
2327 s->vstring = sresize(s->vstring, s->vstrsize, char);
2329 s->vstring[s->vslen++] = c;
2332 s->version[s->i] = '\0';
2334 } else if (s->i < sizeof(s->version) - 1)
2335 s->version[s->i++] = c;
2336 } else if (c == '\012')
2340 ssh->agentfwd_enabled = FALSE;
2341 ssh->rdpkt2_state.incoming_sequence = 0;
2343 s->vstring[s->vslen] = 0;
2344 s->vstring[strcspn(s->vstring, "\015\012")] = '\0';/* remove EOL chars */
2345 logeventf(ssh, "Server version: %s", s->vstring);
2346 ssh_detect_bugs(ssh, s->vstring);
2349 * Decide which SSH protocol version to support.
2352 /* Anything strictly below "2.0" means protocol 1 is supported. */
2353 s->proto1 = ssh_versioncmp(s->version, "2.0") < 0;
2354 /* Anything greater or equal to "1.99" means protocol 2 is supported. */
2355 s->proto2 = ssh_versioncmp(s->version, "1.99") >= 0;
2357 if (ssh->cfg.sshprot == 0 && !s->proto1) {
2358 bombout(("SSH protocol version 1 required by user but not provided by server"));
2361 if (ssh->cfg.sshprot == 3 && !s->proto2) {
2362 bombout(("SSH protocol version 2 required by user but not provided by server"));
2369 if (s->proto2 && (ssh->cfg.sshprot >= 2 || !s->proto1)) {
2371 * Construct a v2 version string.
2373 verstring = dupprintf("SSH-2.0-%s\015\012", sshver);
2377 * Construct a v1 version string.
2379 verstring = dupprintf("SSH-%s-%s\012",
2380 (ssh_versioncmp(s->version, "1.5") <= 0 ?
2381 s->version : "1.5"),
2386 ssh_fix_verstring(verstring);
2388 if (ssh->version == 2) {
2391 * Hash our version string and their version string.
2393 len = strcspn(verstring, "\015\012");
2394 ssh->v_c = snewn(len + 1, char);
2395 memcpy(ssh->v_c, verstring, len);
2397 len = strcspn(s->vstring, "\015\012");
2398 ssh->v_s = snewn(len + 1, char);
2399 memcpy(ssh->v_s, s->vstring, len);
2403 * Initialise SSH-2 protocol.
2405 ssh->protocol = ssh2_protocol;
2406 ssh2_protocol_setup(ssh);
2407 ssh->s_rdpkt = ssh2_rdpkt;
2410 * Initialise SSH-1 protocol.
2412 ssh->protocol = ssh1_protocol;
2413 ssh1_protocol_setup(ssh);
2414 ssh->s_rdpkt = ssh1_rdpkt;
2416 logeventf(ssh, "We claim version: %.*s",
2417 strcspn(verstring, "\015\012"), verstring);
2418 sk_write(ssh->s, verstring, strlen(verstring));
2420 if (ssh->version == 2)
2421 do_ssh2_transport(ssh, NULL, -1, NULL);
2424 logeventf(ssh, "Using SSH protocol version %d", ssh->version);
2426 update_specials_menu(ssh->frontend);
2427 ssh->state = SSH_STATE_BEFORE_SIZE;
2428 ssh->pinger = pinger_new(&ssh->cfg, &ssh_backend, ssh);
2435 static void ssh_process_incoming_data(Ssh ssh,
2436 unsigned char **data, int *datalen)
2438 struct Packet *pktin = ssh->s_rdpkt(ssh, data, datalen);
2440 ssh->protocol(ssh, NULL, 0, pktin);
2441 ssh_free_packet(pktin);
2445 static void ssh_queue_incoming_data(Ssh ssh,
2446 unsigned char **data, int *datalen)
2448 bufchain_add(&ssh->queued_incoming_data, *data, *datalen);
2453 static void ssh_process_queued_incoming_data(Ssh ssh)
2456 unsigned char *data;
2459 while (!ssh->frozen && bufchain_size(&ssh->queued_incoming_data)) {
2460 bufchain_prefix(&ssh->queued_incoming_data, &vdata, &len);
2464 while (!ssh->frozen && len > 0)
2465 ssh_process_incoming_data(ssh, &data, &len);
2468 bufchain_consume(&ssh->queued_incoming_data, origlen - len);
2472 static void ssh_set_frozen(Ssh ssh, int frozen)
2475 sk_set_frozen(ssh->s, frozen);
2476 ssh->frozen = frozen;
2479 static void ssh_gotdata(Ssh ssh, unsigned char *data, int datalen)
2481 crBegin(ssh->ssh_gotdata_crstate);
2484 * To begin with, feed the characters one by one to the
2485 * protocol initialisation / selection function do_ssh_init().
2486 * When that returns 0, we're done with the initial greeting
2487 * exchange and can move on to packet discipline.
2490 int ret; /* need not be kept across crReturn */
2492 crReturnV; /* more data please */
2493 ret = do_ssh_init(ssh, *data);
2501 * We emerge from that loop when the initial negotiation is
2502 * over and we have selected an s_rdpkt function. Now pass
2503 * everything to s_rdpkt, and then pass the resulting packets
2504 * to the proper protocol handler.
2508 while (bufchain_size(&ssh->queued_incoming_data) > 0 || datalen > 0) {
2510 ssh_queue_incoming_data(ssh, &data, &datalen);
2511 /* This uses up all data and cannot cause anything interesting
2512 * to happen; indeed, for anything to happen at all, we must
2513 * return, so break out. */
2515 } else if (bufchain_size(&ssh->queued_incoming_data) > 0) {
2516 /* This uses up some or all data, and may freeze the
2518 ssh_process_queued_incoming_data(ssh);
2520 /* This uses up some or all data, and may freeze the
2522 ssh_process_incoming_data(ssh, &data, &datalen);
2524 /* FIXME this is probably EBW. */
2525 if (ssh->state == SSH_STATE_CLOSED)
2528 /* We're out of data. Go and get some more. */
2534 static int ssh_do_close(Ssh ssh, int notify_exit)
2537 struct ssh_channel *c;
2539 ssh->state = SSH_STATE_CLOSED;
2540 expire_timer_context(ssh);
2545 notify_remote_exit(ssh->frontend);
2550 * Now we must shut down any port- and X-forwarded channels going
2551 * through this connection.
2553 if (ssh->channels) {
2554 while (NULL != (c = index234(ssh->channels, 0))) {
2557 x11_close(c->u.x11.s);
2560 pfd_close(c->u.pfd.s);
2563 del234(ssh->channels, c); /* moving next one to index 0 */
2564 if (ssh->version == 2)
2565 bufchain_clear(&c->v.v2.outbuffer);
2570 * Go through port-forwardings, and close any associated
2571 * listening sockets.
2573 if (ssh->portfwds) {
2574 struct ssh_portfwd *pf;
2575 while (NULL != (pf = index234(ssh->portfwds, 0))) {
2576 /* Dispose of any listening socket. */
2578 pfd_terminate(pf->local);
2579 del234(ssh->portfwds, pf); /* moving next one to index 0 */
2587 static void ssh_log(Plug plug, int type, SockAddr addr, int port,
2588 const char *error_msg, int error_code)
2590 Ssh ssh = (Ssh) plug;
2591 char addrbuf[256], *msg;
2593 sk_getaddr(addr, addrbuf, lenof(addrbuf));
2596 msg = dupprintf("Connecting to %s port %d", addrbuf, port);
2598 msg = dupprintf("Failed to connect to %s: %s", addrbuf, error_msg);
2604 static int ssh_closing(Plug plug, const char *error_msg, int error_code,
2607 Ssh ssh = (Ssh) plug;
2608 int need_notify = ssh_do_close(ssh, FALSE);
2611 if (!ssh->close_expected)
2612 error_msg = "Server unexpectedly closed network connection";
2614 error_msg = "Server closed network connection";
2618 notify_remote_exit(ssh->frontend);
2621 logevent(error_msg);
2622 if (!ssh->close_expected || !ssh->clean_exit)
2623 connection_fatal(ssh->frontend, "%s", error_msg);
2627 static int ssh_receive(Plug plug, int urgent, char *data, int len)
2629 Ssh ssh = (Ssh) plug;
2630 ssh_gotdata(ssh, (unsigned char *)data, len);
2631 if (ssh->state == SSH_STATE_CLOSED) {
2632 ssh_do_close(ssh, TRUE);
2638 static void ssh_sent(Plug plug, int bufsize)
2640 Ssh ssh = (Ssh) plug;
2642 * If the send backlog on the SSH socket itself clears, we
2643 * should unthrottle the whole world if it was throttled.
2645 if (bufsize < SSH_MAX_BACKLOG)
2646 ssh_throttle_all(ssh, 0, bufsize);
2650 * Connect to specified host and port.
2651 * Returns an error message, or NULL on success.
2652 * Also places the canonical host name into `realhost'. It must be
2653 * freed by the caller.
2655 static const char *connect_to_host(Ssh ssh, char *host, int port,
2656 char **realhost, int nodelay, int keepalive)
2658 static const struct plug_function_table fn_table = {
2669 ssh->savedhost = snewn(1 + strlen(host), char);
2670 strcpy(ssh->savedhost, host);
2673 port = 22; /* default ssh port */
2674 ssh->savedport = port;
2679 logeventf(ssh, "Looking up host \"%s\"%s", host,
2680 (ssh->cfg.addressfamily == ADDRTYPE_IPV4 ? " (IPv4)" :
2681 (ssh->cfg.addressfamily == ADDRTYPE_IPV6 ? " (IPv6)" : "")));
2682 addr = name_lookup(host, port, realhost, &ssh->cfg,
2683 ssh->cfg.addressfamily);
2684 if ((err = sk_addr_error(addr)) != NULL) {
2692 ssh->fn = &fn_table;
2693 ssh->s = new_connection(addr, *realhost, port,
2694 0, 1, nodelay, keepalive, (Plug) ssh, &ssh->cfg);
2695 if ((err = sk_socket_error(ssh->s)) != NULL) {
2697 notify_remote_exit(ssh->frontend);
2705 * Throttle or unthrottle the SSH connection.
2707 static void ssh1_throttle(Ssh ssh, int adjust)
2709 int old_count = ssh->v1_throttle_count;
2710 ssh->v1_throttle_count += adjust;
2711 assert(ssh->v1_throttle_count >= 0);
2712 if (ssh->v1_throttle_count && !old_count) {
2713 ssh_set_frozen(ssh, 1);
2714 } else if (!ssh->v1_throttle_count && old_count) {
2715 ssh_set_frozen(ssh, 0);
2720 * Throttle or unthrottle _all_ local data streams (for when sends
2721 * on the SSH connection itself back up).
2723 static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
2726 struct ssh_channel *c;
2728 if (enable == ssh->throttled_all)
2730 ssh->throttled_all = enable;
2731 ssh->overall_bufsize = bufsize;
2734 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++) {
2736 case CHAN_MAINSESSION:
2738 * This is treated separately, outside the switch.
2742 x11_override_throttle(c->u.x11.s, enable);
2745 /* Agent channels require no buffer management. */
2748 pfd_override_throttle(c->u.pfd.s, enable);
2755 * Username and password input, abstracted off into routines
2756 * reusable in several places - even between SSH-1 and SSH-2.
2759 /* Set up a username or password input loop on a given buffer. */
2760 static void setup_userpass_input(Ssh ssh, char *buffer, int buflen, int echo)
2762 ssh->userpass_input_buffer = buffer;
2763 ssh->userpass_input_buflen = buflen;
2764 ssh->userpass_input_bufpos = 0;
2765 ssh->userpass_input_echo = echo;
2769 * Process some terminal data in the course of username/password
2770 * input. Returns >0 for success (line of input returned in
2771 * buffer), <0 for failure (user hit ^C/^D, bomb out and exit), 0
2772 * for inconclusive (keep waiting for more input please).
2774 static int process_userpass_input(Ssh ssh, unsigned char *in, int inlen)
2779 switch (c = *in++) {
2782 ssh->userpass_input_buffer[ssh->userpass_input_bufpos] = 0;
2783 ssh->userpass_input_buffer[ssh->userpass_input_buflen-1] = 0;
2788 if (ssh->userpass_input_bufpos > 0) {
2789 if (ssh->userpass_input_echo)
2790 c_write_str(ssh, "\b \b");
2791 ssh->userpass_input_bufpos--;
2796 while (ssh->userpass_input_bufpos > 0) {
2797 if (ssh->userpass_input_echo)
2798 c_write_str(ssh, "\b \b");
2799 ssh->userpass_input_bufpos--;
2808 * This simplistic check for printability is disabled
2809 * when we're doing password input, because some people
2810 * have control characters in their passwords.o
2812 if ((!ssh->userpass_input_echo ||
2813 (c >= ' ' && c <= '~') ||
2814 ((unsigned char) c >= 160))
2815 && ssh->userpass_input_bufpos < ssh->userpass_input_buflen-1) {
2816 ssh->userpass_input_buffer[ssh->userpass_input_bufpos++] = c;
2817 if (ssh->userpass_input_echo)
2818 c_write(ssh, &c, 1);
2826 static void ssh_agent_callback(void *sshv, void *reply, int replylen)
2828 Ssh ssh = (Ssh) sshv;
2830 ssh->agent_response = reply;
2831 ssh->agent_response_len = replylen;
2833 if (ssh->version == 1)
2834 do_ssh1_login(ssh, NULL, -1, NULL);
2836 do_ssh2_authconn(ssh, NULL, -1, NULL);
2839 static void ssh_dialog_callback(void *sshv, int ret)
2841 Ssh ssh = (Ssh) sshv;
2843 ssh->user_response = ret;
2845 if (ssh->version == 1)
2846 do_ssh1_login(ssh, NULL, -1, NULL);
2848 do_ssh2_transport(ssh, NULL, -1, NULL);
2851 * This may have unfrozen the SSH connection, so do a
2854 ssh_process_queued_incoming_data(ssh);
2857 static void ssh_agentf_callback(void *cv, void *reply, int replylen)
2859 struct ssh_channel *c = (struct ssh_channel *)cv;
2861 void *sentreply = reply;
2864 /* Fake SSH_AGENT_FAILURE. */
2865 sentreply = "\0\0\0\1\5";
2868 if (ssh->version == 2) {
2869 ssh2_add_channel_data(c, sentreply, replylen);
2872 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
2873 PKT_INT, c->remoteid,
2876 PKT_DATA, sentreply, replylen,
2885 * Client-initiated disconnection. Send a DISCONNECT if `wire_reason'
2886 * non-NULL, otherwise just close the connection. `client_reason' == NULL
2887 * => log `wire_reason'.
2889 static void ssh_disconnect(Ssh ssh, char *client_reason, char *wire_reason,
2890 int code, int clean_exit)
2894 client_reason = wire_reason;
2896 error = dupprintf("Disconnected: %s", client_reason);
2898 error = dupstr("Disconnected");
2900 if (ssh->version == 1) {
2901 send_packet(ssh, SSH1_MSG_DISCONNECT, PKT_STR, wire_reason,
2903 } else if (ssh->version == 2) {
2904 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_DISCONNECT);
2905 ssh2_pkt_adduint32(pktout, code);
2906 ssh2_pkt_addstring(pktout, wire_reason);
2907 ssh2_pkt_addstring(pktout, "en"); /* language tag */
2908 ssh2_pkt_send_noqueue(ssh, pktout);
2911 ssh->close_expected = TRUE;
2912 ssh->clean_exit = clean_exit;
2913 ssh_closing((Plug)ssh, error, 0, 0);
2918 * Handle the key exchange and user authentication phases.
2920 static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
2921 struct Packet *pktin)
2924 unsigned char cookie[8], *ptr;
2925 struct RSAKey servkey, hostkey;
2926 struct MD5Context md5c;
2927 struct do_ssh1_login_state {
2929 unsigned char *rsabuf, *keystr1, *keystr2;
2930 unsigned long supported_ciphers_mask, supported_auths_mask;
2931 int tried_publickey, tried_agent;
2932 int tis_auth_refused, ccard_auth_refused;
2933 unsigned char session_id[16];
2936 void *publickey_blob;
2937 int publickey_bloblen;
2943 unsigned char request[5], *response, *p;
2953 crState(do_ssh1_login_state);
2955 crBegin(ssh->do_ssh1_login_crstate);
2960 if (pktin->type != SSH1_SMSG_PUBLIC_KEY) {
2961 bombout(("Public key packet not received"));
2965 logevent("Received public keys");
2967 ptr = ssh_pkt_getdata(pktin, 8);
2969 bombout(("SSH-1 public key packet stopped before random cookie"));
2972 memcpy(cookie, ptr, 8);
2974 if (!ssh1_pkt_getrsakey(pktin, &servkey, &s->keystr1) ||
2975 !ssh1_pkt_getrsakey(pktin, &hostkey, &s->keystr2)) {
2976 bombout(("Failed to read SSH-1 public keys from public key packet"));
2981 * Log the host key fingerprint.
2985 logevent("Host key fingerprint is:");
2986 strcpy(logmsg, " ");
2987 hostkey.comment = NULL;
2988 rsa_fingerprint(logmsg + strlen(logmsg),
2989 sizeof(logmsg) - strlen(logmsg), &hostkey);
2993 ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
2994 s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
2995 s->supported_auths_mask = ssh_pkt_getuint32(pktin);
2997 ssh->v1_local_protoflags =
2998 ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
2999 ssh->v1_local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
3002 MD5Update(&md5c, s->keystr2, hostkey.bytes);
3003 MD5Update(&md5c, s->keystr1, servkey.bytes);
3004 MD5Update(&md5c, cookie, 8);
3005 MD5Final(s->session_id, &md5c);
3007 for (i = 0; i < 32; i++)
3008 ssh->session_key[i] = random_byte();
3011 * Verify that the `bits' and `bytes' parameters match.
3013 if (hostkey.bits > hostkey.bytes * 8 ||
3014 servkey.bits > servkey.bytes * 8) {
3015 bombout(("SSH-1 public keys were badly formatted"));
3019 s->len = (hostkey.bytes > servkey.bytes ? hostkey.bytes : servkey.bytes);
3021 s->rsabuf = snewn(s->len, unsigned char);
3024 * Verify the host key.
3028 * First format the key into a string.
3030 int len = rsastr_len(&hostkey);
3031 char fingerprint[100];
3032 char *keystr = snewn(len, char);
3033 rsastr_fmt(keystr, &hostkey);
3034 rsa_fingerprint(fingerprint, sizeof(fingerprint), &hostkey);
3036 ssh_set_frozen(ssh, 1);
3037 s->dlgret = verify_ssh_host_key(ssh->frontend,
3038 ssh->savedhost, ssh->savedport,
3039 "rsa", keystr, fingerprint,
3040 ssh_dialog_callback, ssh);
3042 if (s->dlgret < 0) {
3046 bombout(("Unexpected data from server while waiting"
3047 " for user host key response"));
3050 } while (pktin || inlen > 0);
3051 s->dlgret = ssh->user_response;
3053 ssh_set_frozen(ssh, 0);
3055 if (s->dlgret == 0) {
3056 ssh_disconnect(ssh, "User aborted at host key verification",
3062 for (i = 0; i < 32; i++) {
3063 s->rsabuf[i] = ssh->session_key[i];
3065 s->rsabuf[i] ^= s->session_id[i];
3068 if (hostkey.bytes > servkey.bytes) {
3069 ret = rsaencrypt(s->rsabuf, 32, &servkey);
3071 ret = rsaencrypt(s->rsabuf, servkey.bytes, &hostkey);
3073 ret = rsaencrypt(s->rsabuf, 32, &hostkey);
3075 ret = rsaencrypt(s->rsabuf, hostkey.bytes, &servkey);
3078 bombout(("SSH-1 public key encryptions failed due to bad formatting"));
3082 logevent("Encrypted session key");
3085 int cipher_chosen = 0, warn = 0;
3086 char *cipher_string = NULL;
3088 for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
3089 int next_cipher = ssh->cfg.ssh_cipherlist[i];
3090 if (next_cipher == CIPHER_WARN) {
3091 /* If/when we choose a cipher, warn about it */
3093 } else if (next_cipher == CIPHER_AES) {
3094 /* XXX Probably don't need to mention this. */
3095 logevent("AES not supported in SSH-1, skipping");
3097 switch (next_cipher) {
3098 case CIPHER_3DES: s->cipher_type = SSH_CIPHER_3DES;
3099 cipher_string = "3DES"; break;
3100 case CIPHER_BLOWFISH: s->cipher_type = SSH_CIPHER_BLOWFISH;
3101 cipher_string = "Blowfish"; break;
3102 case CIPHER_DES: s->cipher_type = SSH_CIPHER_DES;
3103 cipher_string = "single-DES"; break;
3105 if (s->supported_ciphers_mask & (1 << s->cipher_type))
3109 if (!cipher_chosen) {
3110 if ((s->supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
3111 bombout(("Server violates SSH-1 protocol by not "
3112 "supporting 3DES encryption"));
3114 /* shouldn't happen */
3115 bombout(("No supported ciphers found"));
3119 /* Warn about chosen cipher if necessary. */
3121 ssh_set_frozen(ssh, 1);
3122 s->dlgret = askalg(ssh->frontend, "cipher", cipher_string,
3123 ssh_dialog_callback, ssh);
3124 if (s->dlgret < 0) {
3128 bombout(("Unexpected data from server while waiting"
3129 " for user response"));
3132 } while (pktin || inlen > 0);
3133 s->dlgret = ssh->user_response;
3135 ssh_set_frozen(ssh, 0);
3136 if (s->dlgret == 0) {
3137 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
3144 switch (s->cipher_type) {
3145 case SSH_CIPHER_3DES:
3146 logevent("Using 3DES encryption");
3148 case SSH_CIPHER_DES:
3149 logevent("Using single-DES encryption");
3151 case SSH_CIPHER_BLOWFISH:
3152 logevent("Using Blowfish encryption");
3156 send_packet(ssh, SSH1_CMSG_SESSION_KEY,
3157 PKT_CHAR, s->cipher_type,
3158 PKT_DATA, cookie, 8,
3159 PKT_CHAR, (s->len * 8) >> 8, PKT_CHAR, (s->len * 8) & 0xFF,
3160 PKT_DATA, s->rsabuf, s->len,
3161 PKT_INT, ssh->v1_local_protoflags, PKT_END);
3163 logevent("Trying to enable encryption...");
3167 ssh->cipher = (s->cipher_type == SSH_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 :
3168 s->cipher_type == SSH_CIPHER_DES ? &ssh_des :
3170 ssh->v1_cipher_ctx = ssh->cipher->make_context();
3171 ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key);
3172 logeventf(ssh, "Initialised %s encryption", ssh->cipher->text_name);
3174 ssh->crcda_ctx = crcda_make_context();
3175 logevent("Installing CRC compensation attack detector");
3177 if (servkey.modulus) {
3178 sfree(servkey.modulus);
3179 servkey.modulus = NULL;
3181 if (servkey.exponent) {
3182 sfree(servkey.exponent);
3183 servkey.exponent = NULL;
3185 if (hostkey.modulus) {
3186 sfree(hostkey.modulus);
3187 hostkey.modulus = NULL;
3189 if (hostkey.exponent) {
3190 sfree(hostkey.exponent);
3191 hostkey.exponent = NULL;
3195 if (pktin->type != SSH1_SMSG_SUCCESS) {
3196 bombout(("Encryption not successfully enabled"));
3200 logevent("Successfully started encryption");
3204 if (!*ssh->cfg.username) {
3205 if (ssh_get_line && !ssh_getline_pw_only) {
3206 if (!ssh_get_line("login as: ",
3207 s->username, sizeof(s->username), FALSE)) {
3209 * get_line failed to get a username.
3212 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
3216 int ret; /* need not be kept over crReturn */
3217 c_write_str(ssh, "login as: ");
3220 setup_userpass_input(ssh, s->username, sizeof(s->username), 1);
3222 crWaitUntil(!pktin);
3223 ret = process_userpass_input(ssh, in, inlen);
3227 c_write_str(ssh, "\r\n");
3230 strncpy(s->username, ssh->cfg.username, sizeof(s->username));
3231 s->username[sizeof(s->username)-1] = '\0';
3234 send_packet(ssh, SSH1_CMSG_USER, PKT_STR, s->username, PKT_END);
3236 char userlog[22 + sizeof(s->username)];
3237 sprintf(userlog, "Sent username \"%s\"", s->username);
3239 if (flags & FLAG_INTERACTIVE &&
3240 (!((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)))) {
3241 strcat(userlog, "\r\n");
3242 c_write_str(ssh, userlog);
3249 if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA)) {
3250 /* We must not attempt PK auth. Pretend we've already tried it. */
3251 s->tried_publickey = s->tried_agent = 1;
3253 s->tried_publickey = s->tried_agent = 0;
3255 s->tis_auth_refused = s->ccard_auth_refused = 0;
3256 /* Load the public half of ssh->cfg.keyfile so we notice if it's in Pageant */
3257 if (!filename_is_null(ssh->cfg.keyfile)) {
3258 if (!rsakey_pubblob(&ssh->cfg.keyfile,
3259 &s->publickey_blob, &s->publickey_bloblen, NULL))
3260 s->publickey_blob = NULL;
3262 s->publickey_blob = NULL;
3264 while (pktin->type == SSH1_SMSG_FAILURE) {
3265 s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
3267 if (agent_exists() && !s->tried_agent) {
3269 * Attempt RSA authentication using Pageant.
3275 logevent("Pageant is running. Requesting keys.");
3277 /* Request the keys held by the agent. */
3278 PUT_32BIT(s->request, 1);
3279 s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
3280 if (!agent_query(s->request, 5, &r, &s->responselen,
3281 ssh_agent_callback, ssh)) {
3285 bombout(("Unexpected data from server while waiting"
3286 " for agent response"));
3289 } while (pktin || inlen > 0);
3290 r = ssh->agent_response;
3291 s->responselen = ssh->agent_response_len;
3293 s->response = (unsigned char *) r;
3294 if (s->response && s->responselen >= 5 &&
3295 s->response[4] == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
3296 s->p = s->response + 5;
3297 s->nkeys = GET_32BIT(s->p);
3299 logeventf(ssh, "Pageant has %d SSH-1 keys", s->nkeys);
3300 for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
3301 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
3302 if (s->publickey_blob &&
3303 !memcmp(s->p, s->publickey_blob,
3304 s->publickey_bloblen)) {
3305 logevent("This key matches configured key file");
3306 s->tried_publickey = 1;
3311 do { /* do while (0) to make breaking easy */
3312 n = ssh1_read_bignum
3313 (s->p, s->responselen-(s->p-s->response),
3318 n = ssh1_read_bignum
3319 (s->p, s->responselen-(s->p-s->response),
3324 if (s->responselen - (s->p-s->response) < 4)
3326 s->commentlen = GET_32BIT(s->p);
3328 if (s->responselen - (s->p-s->response) <
3331 s->commentp = (char *)s->p;
3332 s->p += s->commentlen;
3336 logevent("Pageant key list packet was truncated");
3340 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3341 PKT_BIGNUM, s->key.modulus, PKT_END);
3343 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3344 logevent("Key refused");
3347 logevent("Received RSA challenge");
3348 if ((s->challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3349 bombout(("Server's RSA challenge was badly formatted"));
3354 char *agentreq, *q, *ret;
3357 len = 1 + 4; /* message type, bit count */
3358 len += ssh1_bignum_length(s->key.exponent);
3359 len += ssh1_bignum_length(s->key.modulus);
3360 len += ssh1_bignum_length(s->challenge);
3361 len += 16; /* session id */
3362 len += 4; /* response format */
3363 agentreq = snewn(4 + len, char);
3364 PUT_32BIT(agentreq, len);
3366 *q++ = SSH1_AGENTC_RSA_CHALLENGE;
3367 PUT_32BIT(q, bignum_bitcount(s->key.modulus));
3369 q += ssh1_write_bignum(q, s->key.exponent);
3370 q += ssh1_write_bignum(q, s->key.modulus);
3371 q += ssh1_write_bignum(q, s->challenge);
3372 memcpy(q, s->session_id, 16);
3374 PUT_32BIT(q, 1); /* response format */
3375 if (!agent_query(agentreq, len + 4, &vret, &retlen,
3376 ssh_agent_callback, ssh)) {
3381 bombout(("Unexpected data from server"
3382 " while waiting for agent"
3386 } while (pktin || inlen > 0);
3387 vret = ssh->agent_response;
3388 retlen = ssh->agent_response_len;
3393 if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
3394 logevent("Sending Pageant's response");
3395 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3396 PKT_DATA, ret + 5, 16,
3400 if (pktin->type == SSH1_SMSG_SUCCESS) {
3402 ("Pageant's response accepted");
3403 if (flags & FLAG_VERBOSE) {
3404 c_write_str(ssh, "Authenticated using"
3406 c_write(ssh, s->commentp,
3408 c_write_str(ssh, "\" from agent\r\n");
3413 ("Pageant's response not accepted");
3416 ("Pageant failed to answer challenge");
3420 logevent("No reply received from Pageant");
3423 freebn(s->key.exponent);
3424 freebn(s->key.modulus);
3425 freebn(s->challenge);
3434 if (!filename_is_null(ssh->cfg.keyfile) && !s->tried_publickey)
3435 s->pwpkt_type = SSH1_CMSG_AUTH_RSA;
3437 if (ssh->cfg.try_tis_auth &&
3438 (s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
3439 !s->tis_auth_refused) {
3440 s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
3441 logevent("Requested TIS authentication");
3442 send_packet(ssh, SSH1_CMSG_AUTH_TIS, PKT_END);
3444 if (pktin->type != SSH1_SMSG_AUTH_TIS_CHALLENGE) {
3445 logevent("TIS authentication declined");
3446 if (flags & FLAG_INTERACTIVE)
3447 c_write_str(ssh, "TIS authentication refused.\r\n");
3448 s->tis_auth_refused = 1;
3454 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3456 bombout(("TIS challenge packet was badly formed"));
3459 c_write_str(ssh, "Using TIS authentication.\r\n");
3460 logevent("Received TIS challenge");
3461 if (challengelen > sizeof(s->prompt) - 1)
3462 challengelen = sizeof(s->prompt) - 1;/* prevent overrun */
3463 memcpy(s->prompt, challenge, challengelen);
3464 /* Prompt heuristic comes from OpenSSH */
3465 strncpy(s->prompt + challengelen,
3466 memchr(s->prompt, '\n', challengelen) ?
3467 "": "\r\nResponse: ",
3468 (sizeof s->prompt) - challengelen);
3469 s->prompt[(sizeof s->prompt) - 1] = '\0';
3472 if (ssh->cfg.try_tis_auth &&
3473 (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
3474 !s->ccard_auth_refused) {
3475 s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
3476 logevent("Requested CryptoCard authentication");
3477 send_packet(ssh, SSH1_CMSG_AUTH_CCARD, PKT_END);
3479 if (pktin->type != SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
3480 logevent("CryptoCard authentication declined");
3481 c_write_str(ssh, "CryptoCard authentication refused.\r\n");
3482 s->ccard_auth_refused = 1;
3488 ssh_pkt_getstring(pktin, &challenge, &challengelen);
3490 bombout(("CryptoCard challenge packet was badly formed"));
3493 c_write_str(ssh, "Using CryptoCard authentication.\r\n");
3494 logevent("Received CryptoCard challenge");
3495 if (challengelen > sizeof(s->prompt) - 1)
3496 challengelen = sizeof(s->prompt) - 1;/* prevent overrun */
3497 memcpy(s->prompt, challenge, challengelen);
3498 strncpy(s->prompt + challengelen,
3499 memchr(s->prompt, '\n', challengelen) ?
3500 "" : "\r\nResponse: ",
3501 sizeof(s->prompt) - challengelen);
3502 s->prompt[sizeof(s->prompt) - 1] = '\0';
3505 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
3506 sprintf(s->prompt, "%.90s@%.90s's password: ",
3507 s->username, ssh->savedhost);
3509 if (s->pwpkt_type == SSH1_CMSG_AUTH_RSA) {
3510 char *comment = NULL;
3512 if (flags & FLAG_VERBOSE)
3513 c_write_str(ssh, "Trying public key authentication.\r\n");
3514 logeventf(ssh, "Trying public key \"%s\"",
3515 filename_to_str(&ssh->cfg.keyfile));
3516 type = key_type(&ssh->cfg.keyfile);
3517 if (type != SSH_KEYTYPE_SSH1) {
3518 char *msg = dupprintf("Key is of wrong type (%s)",
3519 key_type_to_str(type));
3521 c_write_str(ssh, msg);
3522 c_write_str(ssh, "\r\n");
3524 s->tried_publickey = 1;
3527 if (!rsakey_encrypted(&ssh->cfg.keyfile, &comment)) {
3528 if (flags & FLAG_VERBOSE)
3529 c_write_str(ssh, "No passphrase required.\r\n");
3532 sprintf(s->prompt, "Passphrase for key \"%.100s\": ", comment);
3537 * Show password prompt, having first obtained it via a TIS
3538 * or CryptoCard exchange if we're doing TIS or CryptoCard
3542 if (!ssh_get_line(s->prompt, s->password,
3543 sizeof(s->password), TRUE)) {
3545 * get_line failed to get a password (for example
3546 * because one was supplied on the command line
3547 * which has already failed to work). Terminate.
3549 ssh_disconnect(ssh, NULL, "Unable to authenticate", 0, FALSE);
3553 /* Prompt may have come from server. We've munged it a bit, so
3554 * we know it to be zero-terminated at least once. */
3555 int ret; /* need not be saved over crReturn */
3556 c_write_untrusted(ssh, s->prompt, strlen(s->prompt));
3559 setup_userpass_input(ssh, s->password, sizeof(s->password), 0);
3561 crWaitUntil(!pktin);
3562 ret = process_userpass_input(ssh, in, inlen);
3566 c_write_str(ssh, "\r\n");
3570 if (s->pwpkt_type == SSH1_CMSG_AUTH_RSA) {
3572 * Try public key authentication with the specified
3575 s->tried_publickey = 1;
3578 const char *error = NULL;
3579 int ret = loadrsakey(&ssh->cfg.keyfile, &s->key, s->password,
3582 c_write_str(ssh, "Couldn't load private key from ");
3583 c_write_str(ssh, filename_to_str(&ssh->cfg.keyfile));
3584 c_write_str(ssh, " (");
3585 c_write_str(ssh, error);
3586 c_write_str(ssh, ").\r\n");
3587 continue; /* go and try password */
3590 c_write_str(ssh, "Wrong passphrase.\r\n");
3591 s->tried_publickey = 0;
3592 continue; /* try again */
3597 * Send a public key attempt.
3599 send_packet(ssh, SSH1_CMSG_AUTH_RSA,
3600 PKT_BIGNUM, s->key.modulus, PKT_END);
3603 if (pktin->type == SSH1_SMSG_FAILURE) {
3604 c_write_str(ssh, "Server refused our public key.\r\n");
3605 continue; /* go and try password */
3607 if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
3608 bombout(("Bizarre response to offer of public key"));
3614 unsigned char buffer[32];
3615 Bignum challenge, response;
3617 if ((challenge = ssh1_pkt_getmp(pktin)) == NULL) {
3618 bombout(("Server's RSA challenge was badly formatted"));
3621 response = rsadecrypt(challenge, &s->key);
3622 freebn(s->key.private_exponent);/* burn the evidence */
3624 for (i = 0; i < 32; i++) {
3625 buffer[i] = bignum_byte(response, 31 - i);
3629 MD5Update(&md5c, buffer, 32);
3630 MD5Update(&md5c, s->session_id, 16);
3631 MD5Final(buffer, &md5c);
3633 send_packet(ssh, SSH1_CMSG_AUTH_RSA_RESPONSE,
3634 PKT_DATA, buffer, 16, PKT_END);
3641 if (pktin->type == SSH1_SMSG_FAILURE) {
3642 if (flags & FLAG_VERBOSE)
3643 c_write_str(ssh, "Failed to authenticate with"
3644 " our public key.\r\n");
3645 continue; /* go and try password */
3646 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
3647 bombout(("Bizarre response to RSA authentication response"));
3651 break; /* we're through! */
3653 if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
3655 * Defence against traffic analysis: we send a
3656 * whole bunch of packets containing strings of
3657 * different lengths. One of these strings is the
3658 * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
3659 * The others are all random data in
3660 * SSH1_MSG_IGNORE packets. This way a passive
3661 * listener can't tell which is the password, and
3662 * hence can't deduce the password length.
3664 * Anybody with a password length greater than 16
3665 * bytes is going to have enough entropy in their
3666 * password that a listener won't find it _that_
3667 * much help to know how long it is. So what we'll
3670 * - if password length < 16, we send 15 packets
3671 * containing string lengths 1 through 15
3673 * - otherwise, we let N be the nearest multiple
3674 * of 8 below the password length, and send 8
3675 * packets containing string lengths N through
3676 * N+7. This won't obscure the order of
3677 * magnitude of the password length, but it will
3678 * introduce a bit of extra uncertainty.
3680 * A few servers (the old 1.2.18 through 1.2.22)
3681 * can't deal with SSH1_MSG_IGNORE. For these
3682 * servers, we need an alternative defence. We make
3683 * use of the fact that the password is interpreted
3684 * as a C string: so we can append a NUL, then some
3687 * One server (a Cisco one) can deal with neither
3688 * SSH1_MSG_IGNORE _nor_ a padded password string.
3689 * For this server we are left with no defences
3690 * against password length sniffing.
3692 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE)) {
3694 * The server can deal with SSH1_MSG_IGNORE, so
3695 * we can use the primary defence.
3697 int bottom, top, pwlen, i;
3700 pwlen = strlen(s->password);
3702 bottom = 0; /* zero length passwords are OK! :-) */
3705 bottom = pwlen & ~7;
3709 assert(pwlen >= bottom && pwlen <= top);
3711 randomstr = snewn(top + 1, char);
3713 for (i = bottom; i <= top; i++) {
3715 defer_packet(ssh, s->pwpkt_type,
3716 PKTT_PASSWORD, PKT_STR, s->password,
3717 PKTT_OTHER, PKT_END);
3719 for (j = 0; j < i; j++) {
3721 randomstr[j] = random_byte();
3722 } while (randomstr[j] == '\0');
3724 randomstr[i] = '\0';
3725 defer_packet(ssh, SSH1_MSG_IGNORE,
3726 PKT_STR, randomstr, PKT_END);
3729 logevent("Sending password with camouflage packets");
3730 ssh_pkt_defersend(ssh);
3733 else if (!(ssh->remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
3735 * The server can't deal with SSH1_MSG_IGNORE
3736 * but can deal with padded passwords, so we
3737 * can use the secondary defence.
3743 len = strlen(s->password);
3744 if (len < sizeof(string)) {
3746 strcpy(string, s->password);
3747 len++; /* cover the zero byte */
3748 while (len < sizeof(string)) {
3749 string[len++] = (char) random_byte();
3754 logevent("Sending length-padded password");
3755 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
3756 PKT_INT, len, PKT_DATA, ss, len,
3757 PKTT_OTHER, PKT_END);
3760 * The server has _both_
3761 * BUG_CHOKES_ON_SSH1_IGNORE and
3762 * BUG_NEEDS_SSH1_PLAIN_PASSWORD. There is
3763 * therefore nothing we can do.
3766 len = strlen(s->password);
3767 logevent("Sending unpadded password");
3768 send_packet(ssh, s->pwpkt_type,
3769 PKTT_PASSWORD, PKT_INT, len,
3770 PKT_DATA, s->password, len,
3771 PKTT_OTHER, PKT_END);
3774 send_packet(ssh, s->pwpkt_type, PKTT_PASSWORD,
3775 PKT_STR, s->password, PKTT_OTHER, PKT_END);
3778 logevent("Sent password");
3779 memset(s->password, 0, strlen(s->password));
3781 if (pktin->type == SSH1_SMSG_FAILURE) {
3782 if (flags & FLAG_VERBOSE)
3783 c_write_str(ssh, "Access denied\r\n");
3784 logevent("Authentication refused");
3785 } else if (pktin->type != SSH1_SMSG_SUCCESS) {
3786 bombout(("Strange packet received, type %d", pktin->type));
3791 logevent("Authentication successful");
3796 void sshfwd_close(struct ssh_channel *c)
3800 if (ssh->state == SSH_STATE_CLOSED)
3803 if (c && !c->closes) {
3805 * If halfopen is true, we have sent
3806 * CHANNEL_OPEN for this channel, but it hasn't even been
3807 * acknowledged by the server. So we must set a close flag
3808 * on it now, and then when the server acks the channel
3809 * open, we can close it then.
3812 if (ssh->version == 1) {
3813 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
3816 struct Packet *pktout;
3817 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
3818 ssh2_pkt_adduint32(pktout, c->remoteid);
3819 ssh2_pkt_send(ssh, pktout);
3822 c->closes = 1; /* sent MSG_CLOSE */
3823 if (c->type == CHAN_X11) {
3825 logevent("Forwarded X11 connection terminated");
3826 } else if (c->type == CHAN_SOCKDATA ||
3827 c->type == CHAN_SOCKDATA_DORMANT) {
3829 logevent("Forwarded port closed");
3834 int sshfwd_write(struct ssh_channel *c, char *buf, int len)
3838 if (ssh->state == SSH_STATE_CLOSED)
3841 if (ssh->version == 1) {
3842 send_packet(ssh, SSH1_MSG_CHANNEL_DATA,
3843 PKT_INT, c->remoteid,
3845 PKT_INT, len, PKT_DATA, buf, len,
3846 PKTT_OTHER, PKT_END);
3848 * In SSH-1 we can return 0 here - implying that forwarded
3849 * connections are never individually throttled - because
3850 * the only circumstance that can cause throttling will be
3851 * the whole SSH connection backing up, in which case
3852 * _everything_ will be throttled as a whole.
3856 ssh2_add_channel_data(c, buf, len);
3857 return ssh2_try_send(c);
3861 void sshfwd_unthrottle(struct ssh_channel *c, int bufsize)
3865 if (ssh->state == SSH_STATE_CLOSED)
3868 if (ssh->version == 1) {
3869 if (c->v.v1.throttling && bufsize < SSH1_BUFFER_LIMIT) {
3870 c->v.v1.throttling = 0;
3871 ssh1_throttle(ssh, -1);
3874 ssh2_set_window(c, OUR_V2_WINSIZE - bufsize);
3878 static void ssh_queueing_handler(Ssh ssh, struct Packet *pktin)
3880 struct queued_handler *qh = ssh->qhead;
3884 assert(pktin->type == qh->msg1 || pktin->type == qh->msg2);
3887 assert(ssh->packet_dispatch[qh->msg1] == ssh_queueing_handler);
3888 ssh->packet_dispatch[qh->msg1] = NULL;
3891 assert(ssh->packet_dispatch[qh->msg2] == ssh_queueing_handler);
3892 ssh->packet_dispatch[qh->msg2] = NULL;
3896 ssh->qhead = qh->next;
3898 if (ssh->qhead->msg1 > 0) {
3899 assert(ssh->packet_dispatch[ssh->qhead->msg1] == NULL);
3900 ssh->packet_dispatch[ssh->qhead->msg1] = ssh_queueing_handler;
3902 if (ssh->qhead->msg2 > 0) {
3903 assert(ssh->packet_dispatch[ssh->qhead->msg2] == NULL);
3904 ssh->packet_dispatch[ssh->qhead->msg2] = ssh_queueing_handler;
3907 ssh->qhead = ssh->qtail = NULL;
3908 ssh->packet_dispatch[pktin->type] = NULL;
3911 qh->handler(ssh, pktin, qh->ctx);
3916 static void ssh_queue_handler(Ssh ssh, int msg1, int msg2,
3917 chandler_fn_t handler, void *ctx)
3919 struct queued_handler *qh;
3921 qh = snew(struct queued_handler);
3924 qh->handler = handler;
3928 if (ssh->qtail == NULL) {
3932 assert(ssh->packet_dispatch[qh->msg1] == NULL);
3933 ssh->packet_dispatch[qh->msg1] = ssh_queueing_handler;
3936 assert(ssh->packet_dispatch[qh->msg2] == NULL);
3937 ssh->packet_dispatch[qh->msg2] = ssh_queueing_handler;
3940 ssh->qtail->next = qh;
3945 static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)
3947 struct ssh_rportfwd *rpf, *pf = (struct ssh_rportfwd *)ctx;
3949 if (pktin->type == (ssh->version == 1 ? SSH1_SMSG_SUCCESS :
3950 SSH2_MSG_REQUEST_SUCCESS)) {
3951 logeventf(ssh, "Remote port forwarding from %s enabled",
3954 logeventf(ssh, "Remote port forwarding from %s refused",
3957 rpf = del234(ssh->rportfwds, pf);
3963 static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
3965 const char *portfwd_strptr = cfg->portfwd;
3966 struct ssh_portfwd *epf;
3969 if (!ssh->portfwds) {
3970 ssh->portfwds = newtree234(ssh_portcmp);
3973 * Go through the existing port forwardings and tag them
3974 * with status==DESTROY. Any that we want to keep will be
3975 * re-enabled (status==KEEP) as we go through the
3976 * configuration and find out which bits are the same as
3979 struct ssh_portfwd *epf;
3981 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
3982 epf->status = DESTROY;
3985 while (*portfwd_strptr) {
3986 char address_family, type;
3987 int sport,dport,sserv,dserv;
3988 char sports[256], dports[256], saddr[256], host[256];
3991 address_family = 'A';
3993 if (*portfwd_strptr == 'A' ||
3994 *portfwd_strptr == '4' ||
3995 *portfwd_strptr == '6')
3996 address_family = *portfwd_strptr++;
3997 if (*portfwd_strptr == 'L' ||
3998 *portfwd_strptr == 'R' ||
3999 *portfwd_strptr == 'D')
4000 type = *portfwd_strptr++;
4005 while (*portfwd_strptr && *portfwd_strptr != '\t') {
4006 if (*portfwd_strptr == ':') {
4008 * We've seen a colon in the middle of the
4009 * source port number. This means that
4010 * everything we've seen until now is the
4011 * source _address_, so we'll move it into
4012 * saddr and start sports from the beginning
4017 if (ssh->version == 1 && type == 'R') {
4018 logeventf(ssh, "SSH-1 cannot handle remote source address "
4019 "spec \"%s\"; ignoring", sports);
4021 strcpy(saddr, sports);
4024 if (n < lenof(sports)-1) sports[n++] = *portfwd_strptr++;
4028 if (*portfwd_strptr == '\t')
4031 while (*portfwd_strptr && *portfwd_strptr != ':') {
4032 if (n < lenof(host)-1) host[n++] = *portfwd_strptr++;
4035 if (*portfwd_strptr == ':')
4038 while (*portfwd_strptr) {
4039 if (n < lenof(dports)-1) dports[n++] = *portfwd_strptr++;
4043 dport = atoi(dports);
4047 dport = net_service_lookup(dports);
4049 logeventf(ssh, "Service lookup failed for destination"
4050 " port \"%s\"", dports);
4054 while (*portfwd_strptr) portfwd_strptr++;
4058 portfwd_strptr++; /* eat the NUL and move to next one */
4060 sport = atoi(sports);
4064 sport = net_service_lookup(sports);
4066 logeventf(ssh, "Service lookup failed for source"
4067 " port \"%s\"", sports);
4070 if (sport && dport) {
4071 /* Set up a description of the source port. */
4072 struct ssh_portfwd *pfrec, *epfrec;
4074 pfrec = snew(struct ssh_portfwd);
4076 pfrec->saddr = *saddr ? dupstr(saddr) : NULL;
4077 pfrec->sserv = sserv ? dupstr(sports) : NULL;
4078 pfrec->sport = sport;
4079 pfrec->daddr = *host ? dupstr(host) : NULL;
4080 pfrec->dserv = dserv ? dupstr(dports) : NULL;
4081 pfrec->dport = dport;
4082 pfrec->local = NULL;
4083 pfrec->remote = NULL;
4084 pfrec->addressfamily = (address_family == '4' ? ADDRTYPE_IPV4 :
4085 address_family == '6' ? ADDRTYPE_IPV6 :
4088 epfrec = add234(ssh->portfwds, pfrec);
4089 if (epfrec != pfrec) {
4091 * We already have a port forwarding with precisely
4092 * these parameters. Hence, no need to do anything;
4093 * simply tag the existing one as KEEP.
4095 epfrec->status = KEEP;
4096 free_portfwd(pfrec);
4098 pfrec->status = CREATE;
4104 * Now go through and destroy any port forwardings which were
4107 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4108 if (epf->status == DESTROY) {
4111 message = dupprintf("%s port forwarding from %s%s%d",
4112 epf->type == 'L' ? "local" :
4113 epf->type == 'R' ? "remote" : "dynamic",
4114 epf->saddr ? epf->saddr : "",
4115 epf->saddr ? ":" : "",
4118 if (epf->type != 'D') {
4119 char *msg2 = dupprintf("%s to %s:%d", message,
4120 epf->daddr, epf->dport);
4125 logeventf(ssh, "Cancelling %s", message);
4129 struct ssh_rportfwd *rpf = epf->remote;
4130 struct Packet *pktout;
4133 * Cancel the port forwarding at the server
4136 if (ssh->version == 1) {
4138 * We cannot cancel listening ports on the
4139 * server side in SSH-1! There's no message
4140 * to support it. Instead, we simply remove
4141 * the rportfwd record from the local end
4142 * so that any connections the server tries
4143 * to make on it are rejected.
4146 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4147 ssh2_pkt_addstring(pktout, "cancel-tcpip-forward");
4148 ssh2_pkt_addbool(pktout, 0);/* _don't_ want reply */
4150 ssh2_pkt_addstring(pktout, epf->saddr);
4151 } else if (ssh->cfg.rport_acceptall) {
4152 /* XXX: ssh->cfg.rport_acceptall may not represent
4153 * what was used to open the original connection,
4154 * since it's reconfigurable. */
4155 ssh2_pkt_addstring(pktout, "0.0.0.0");
4157 ssh2_pkt_addstring(pktout, "127.0.0.1");
4159 ssh2_pkt_adduint32(pktout, epf->sport);
4160 ssh2_pkt_send(ssh, pktout);
4163 del234(ssh->rportfwds, rpf);
4165 } else if (epf->local) {
4166 pfd_terminate(epf->local);
4169 delpos234(ssh->portfwds, i);
4171 i--; /* so we don't skip one in the list */
4175 * And finally, set up any new port forwardings (status==CREATE).
4177 for (i = 0; (epf = index234(ssh->portfwds, i)) != NULL; i++)
4178 if (epf->status == CREATE) {
4179 char *sportdesc, *dportdesc;
4180 sportdesc = dupprintf("%s%s%s%s%d%s",
4181 epf->saddr ? epf->saddr : "",
4182 epf->saddr ? ":" : "",
4183 epf->sserv ? epf->sserv : "",
4184 epf->sserv ? "(" : "",
4186 epf->sserv ? ")" : "");
4187 if (epf->type == 'D') {
4190 dportdesc = dupprintf("%s:%s%s%d%s",
4192 epf->dserv ? epf->dserv : "",
4193 epf->dserv ? "(" : "",
4195 epf->dserv ? ")" : "");
4198 if (epf->type == 'L') {
4199 const char *err = pfd_addforward(epf->daddr, epf->dport,
4200 epf->saddr, epf->sport,
4203 epf->addressfamily);
4205 logeventf(ssh, "Local %sport %s forwarding to %s%s%s",
4206 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4207 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4208 sportdesc, dportdesc,
4209 err ? " failed: " : "", err ? err : "");
4210 } else if (epf->type == 'D') {
4211 const char *err = pfd_addforward(NULL, -1,
4212 epf->saddr, epf->sport,
4215 epf->addressfamily);
4217 logeventf(ssh, "Local %sport %s SOCKS dynamic forwarding%s%s",
4218 epf->addressfamily == ADDRTYPE_IPV4 ? "IPv4 " :
4219 epf->addressfamily == ADDRTYPE_IPV6 ? "IPv6 " : "",
4221 err ? " failed: " : "", err ? err : "");
4223 struct ssh_rportfwd *pf;
4226 * Ensure the remote port forwardings tree exists.
4228 if (!ssh->rportfwds) {
4229 if (ssh->version == 1)
4230 ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
4232 ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
4235 pf = snew(struct ssh_rportfwd);
4236 strncpy(pf->dhost, epf->daddr, lenof(pf->dhost)-1);
4237 pf->dhost[lenof(pf->dhost)-1] = '\0';
4238 pf->dport = epf->dport;
4239 pf->sport = epf->sport;
4240 if (add234(ssh->rportfwds, pf) != pf) {
4241 logeventf(ssh, "Duplicate remote port forwarding to %s:%d",
4242 epf->daddr, epf->dport);
4245 logeventf(ssh, "Requesting remote port %s"
4246 " forward to %s", sportdesc, dportdesc);
4248 pf->sportdesc = sportdesc;
4253 if (ssh->version == 1) {
4254 send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST,
4255 PKT_INT, epf->sport,
4256 PKT_STR, epf->daddr,
4257 PKT_INT, epf->dport,
4259 ssh_queue_handler(ssh, SSH1_SMSG_SUCCESS,
4261 ssh_rportfwd_succfail, pf);
4263 struct Packet *pktout;
4264 pktout = ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
4265 ssh2_pkt_addstring(pktout, "tcpip-forward");
4266 ssh2_pkt_addbool(pktout, 1);/* want reply */
4268 ssh2_pkt_addstring(pktout, epf->saddr);
4269 } else if (cfg->rport_acceptall) {
4270 ssh2_pkt_addstring(pktout, "0.0.0.0");
4272 ssh2_pkt_addstring(pktout, "127.0.0.1");
4274 ssh2_pkt_adduint32(pktout, epf->sport);
4275 ssh2_pkt_send(ssh, pktout);
4277 ssh_queue_handler(ssh, SSH2_MSG_REQUEST_SUCCESS,
4278 SSH2_MSG_REQUEST_FAILURE,
4279 ssh_rportfwd_succfail, pf);
4288 static void ssh1_smsg_stdout_stderr_data(Ssh ssh, struct Packet *pktin)
4291 int stringlen, bufsize;
4293 ssh_pkt_getstring(pktin, &string, &stringlen);
4294 if (string == NULL) {
4295 bombout(("Incoming terminal data packet was badly formed"));
4299 bufsize = from_backend(ssh->frontend, pktin->type == SSH1_SMSG_STDERR_DATA,
4301 if (!ssh->v1_stdout_throttling && bufsize > SSH1_BUFFER_LIMIT) {
4302 ssh->v1_stdout_throttling = 1;
4303 ssh1_throttle(ssh, +1);
4307 static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)
4309 /* Remote side is trying to open a channel to talk to our
4310 * X-Server. Give them back a local channel number. */
4311 struct ssh_channel *c;
4312 int remoteid = ssh_pkt_getuint32(pktin);
4314 logevent("Received X11 connect request");
4315 /* Refuse if X11 forwarding is disabled. */
4316 if (!ssh->X11_fwd_enabled) {
4317 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4318 PKT_INT, remoteid, PKT_END);
4319 logevent("Rejected X11 connect request");
4321 c = snew(struct ssh_channel);
4324 if (x11_init(&c->u.x11.s, ssh->cfg.x11_display, c,
4325 ssh->x11auth, NULL, -1, &ssh->cfg) != NULL) {
4326 logevent("Opening X11 forward connection failed");
4328 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4329 PKT_INT, remoteid, PKT_END);
4332 ("Opening X11 forward connection succeeded");
4333 c->remoteid = remoteid;
4334 c->halfopen = FALSE;
4335 c->localid = alloc_channel_id(ssh);
4337 c->v.v1.throttling = 0;
4338 c->type = CHAN_X11; /* identify channel type */
4339 add234(ssh->channels, c);
4340 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4341 PKT_INT, c->remoteid, PKT_INT,
4342 c->localid, PKT_END);
4343 logevent("Opened X11 forward channel");
4348 static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
4350 /* Remote side is trying to open a channel to talk to our
4351 * agent. Give them back a local channel number. */
4352 struct ssh_channel *c;
4353 int remoteid = ssh_pkt_getuint32(pktin);
4355 /* Refuse if agent forwarding is disabled. */
4356 if (!ssh->agentfwd_enabled) {
4357 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4358 PKT_INT, remoteid, PKT_END);
4360 c = snew(struct ssh_channel);
4362 c->remoteid = remoteid;
4363 c->halfopen = FALSE;
4364 c->localid = alloc_channel_id(ssh);
4366 c->v.v1.throttling = 0;
4367 c->type = CHAN_AGENT; /* identify channel type */
4368 c->u.a.lensofar = 0;
4369 add234(ssh->channels, c);
4370 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4371 PKT_INT, c->remoteid, PKT_INT, c->localid,
4376 static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
4378 /* Remote side is trying to open a channel to talk to a
4379 * forwarded port. Give them back a local channel number. */
4380 struct ssh_channel *c;
4381 struct ssh_rportfwd pf, *pfp;
4386 c = snew(struct ssh_channel);
4389 remoteid = ssh_pkt_getuint32(pktin);
4390 ssh_pkt_getstring(pktin, &host, &hostsize);
4391 port = ssh_pkt_getuint32(pktin);
4393 if (hostsize >= lenof(pf.dhost))
4394 hostsize = lenof(pf.dhost)-1;
4395 memcpy(pf.dhost, host, hostsize);
4396 pf.dhost[hostsize] = '\0';
4398 pfp = find234(ssh->rportfwds, &pf, NULL);
4401 logeventf(ssh, "Rejected remote port open request for %s:%d",
4403 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4404 PKT_INT, remoteid, PKT_END);
4406 logeventf(ssh, "Received remote port open request for %s:%d",
4408 e = pfd_newconnect(&c->u.pfd.s, pf.dhost, port,
4409 c, &ssh->cfg, pfp->pfrec->addressfamily);
4411 logeventf(ssh, "Port open failed: %s", e);
4413 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_FAILURE,
4414 PKT_INT, remoteid, PKT_END);
4416 c->remoteid = remoteid;
4417 c->halfopen = FALSE;
4418 c->localid = alloc_channel_id(ssh);
4420 c->v.v1.throttling = 0;
4421 c->type = CHAN_SOCKDATA; /* identify channel type */
4422 add234(ssh->channels, c);
4423 send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
4424 PKT_INT, c->remoteid, PKT_INT,
4425 c->localid, PKT_END);
4426 logevent("Forwarded port opened successfully");
4431 static void ssh1_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
4433 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4434 unsigned int localid = ssh_pkt_getuint32(pktin);
4435 struct ssh_channel *c;
4437 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4438 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4439 c->remoteid = localid;
4440 c->halfopen = FALSE;
4441 c->type = CHAN_SOCKDATA;
4442 c->v.v1.throttling = 0;
4443 pfd_confirm(c->u.pfd.s);
4446 if (c && c->closes) {
4448 * We have a pending close on this channel,
4449 * which we decided on before the server acked
4450 * the channel open. So now we know the
4451 * remoteid, we can close it again.
4453 send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE,
4454 PKT_INT, c->remoteid, PKT_END);
4458 static void ssh1_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
4460 unsigned int remoteid = ssh_pkt_getuint32(pktin);
4461 struct ssh_channel *c;
4463 c = find234(ssh->channels, &remoteid, ssh_channelfind);
4464 if (c && c->type == CHAN_SOCKDATA_DORMANT) {
4465 logevent("Forwarded connection refused by server");
4466 pfd_close(c->u.pfd.s);
4467 del234(ssh->channels, c);
4472 static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin)
4474 /* Remote side closes a channel. */
4475 unsigned i = ssh_pkt_getuint32(pktin);
4476 struct ssh_channel *c;
4477 c = find234(ssh->channels, &i, ssh_channelfind);
4478 if (c && !c->halfopen) {
4481 (pktin->type == SSH1_MSG_CHANNEL_CLOSE ? 1 : 2);
4483 if ((c->closes == 0) && (c->type == CHAN_X11)) {
4484 logevent("Forwarded X11 connection terminated");
4485 assert(c->u.x11.s != NULL);
4486 x11_close(c->u.x11.s);
4489 if ((c->closes == 0) && (c->type == CHAN_SOCKDATA)) {
4490 logevent("Forwarded port closed");
4491 assert(c->u.pfd.s != NULL);
4492 pfd_close(c->u.pfd.s);
4496 c->closes |= (closetype << 2); /* seen this message */
4497 if (!(c->closes & closetype)) {
4498 send_packet(ssh, pktin->type, PKT_INT, c->remoteid,
4500 c->closes |= closetype; /* sent it too */
4503 if (c->closes == 15) {
4504 del234(ssh->channels, c);
4508 bombout(("Received CHANNEL_CLOSE%s for %s channel %d\n",
4509 pktin->type == SSH1_MSG_CHANNEL_CLOSE ? "" :
4510 "_CONFIRMATION", c ? "half-open" : "nonexistent",
4515 static void ssh1_msg_channel_data(Ssh ssh, struct Packet *pktin)
4517 /* Data sent down one of our channels. */
4518 int i = ssh_pkt_getuint32(pktin);
4521 struct ssh_channel *c;
4523 ssh_pkt_getstring(pktin, &p, &len);
4525 c = find234(ssh->channels, &i, ssh_channelfind);
4530 bufsize = x11_send(c->u.x11.s, p, len);
4533 bufsize = pfd_send(c->u.pfd.s, p, len);
4536 /* Data for an agent message. Buffer it. */
4538 if (c->u.a.lensofar < 4) {
4539 unsigned int l = min(4 - c->u.a.lensofar, len);
4540 memcpy(c->u.a.msglen + c->u.a.lensofar, p,
4544 c->u.a.lensofar += l;
4546 if (c->u.a.lensofar == 4) {
4548 4 + GET_32BIT(c->u.a.msglen);
4549 c->u.a.message = snewn(c->u.a.totallen,
4551 memcpy(c->u.a.message, c->u.a.msglen, 4);
4553 if (c->u.a.lensofar >= 4 && len > 0) {
4555 min(c->u.a.totallen - c->u.a.lensofar,
4557 memcpy(c->u.a.message + c->u.a.lensofar, p,
4561 c->u.a.lensofar += l;
4563 if (c->u.a.lensofar == c->u.a.totallen) {
4566 if (agent_query(c->u.a.message,
4569 ssh_agentf_callback, c))
4570 ssh_agentf_callback(c, reply, replylen);
4571 sfree(c->u.a.message);
4572 c->u.a.lensofar = 0;
4575 bufsize = 0; /* agent channels never back up */
4578 if (!c->v.v1.throttling && bufsize > SSH1_BUFFER_LIMIT) {
4579 c->v.v1.throttling = 1;
4580 ssh1_throttle(ssh, +1);
4585 static void ssh1_smsg_exit_status(Ssh ssh, struct Packet *pktin)
4587 ssh->exitcode = ssh_pkt_getuint32(pktin);
4588 logeventf(ssh, "Server sent command exit status %d", ssh->exitcode);
4589 send_packet(ssh, SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
4591 * In case `helpful' firewalls or proxies tack
4592 * extra human-readable text on the end of the
4593 * session which we might mistake for another
4594 * encrypted packet, we close the session once
4595 * we've sent EXIT_CONFIRMATION.
4597 ssh_disconnect(ssh, NULL, NULL, 0, TRUE);
4600 /* Helper function to deal with sending tty modes for REQUEST_PTY */
4601 static void ssh1_send_ttymode(void *data, char *mode, char *val)
4603 struct Packet *pktout = (struct Packet *)data;
4605 unsigned int arg = 0;
4606 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
4607 if (i == lenof(ssh_ttymodes)) return;
4608 switch (ssh_ttymodes[i].type) {
4610 arg = ssh_tty_parse_specchar(val);
4613 arg = ssh_tty_parse_boolean(val);
4616 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
4617 ssh2_pkt_addbyte(pktout, arg);
4621 static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
4622 struct Packet *pktin)
4624 crBegin(ssh->do_ssh1_connection_crstate);
4626 ssh->packet_dispatch[SSH1_SMSG_STDOUT_DATA] =
4627 ssh->packet_dispatch[SSH1_SMSG_STDERR_DATA] =
4628 ssh1_smsg_stdout_stderr_data;
4630 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_CONFIRMATION] =
4631 ssh1_msg_channel_open_confirmation;
4632 ssh->packet_dispatch[SSH1_MSG_CHANNEL_OPEN_FAILURE] =
4633 ssh1_msg_channel_open_failure;
4634 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE] =
4635 ssh->packet_dispatch[SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION] =
4636 ssh1_msg_channel_close;
4637 ssh->packet_dispatch[SSH1_MSG_CHANNEL_DATA] = ssh1_msg_channel_data;
4638 ssh->packet_dispatch[SSH1_SMSG_EXIT_STATUS] = ssh1_smsg_exit_status;
4640 if (ssh->cfg.agentfwd && agent_exists()) {
4641 logevent("Requesting agent forwarding");
4642 send_packet(ssh, SSH1_CMSG_AGENT_REQUEST_FORWARDING, PKT_END);
4646 if (pktin->type != SSH1_SMSG_SUCCESS
4647 && pktin->type != SSH1_SMSG_FAILURE) {
4648 bombout(("Protocol confusion"));
4650 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4651 logevent("Agent forwarding refused");
4653 logevent("Agent forwarding enabled");
4654 ssh->agentfwd_enabled = TRUE;
4655 ssh->packet_dispatch[SSH1_SMSG_AGENT_OPEN] = ssh1_smsg_agent_open;
4659 if (ssh->cfg.x11_forward) {
4660 char proto[20], data[64];
4661 logevent("Requesting X11 forwarding");
4662 ssh->x11auth = x11_invent_auth(proto, sizeof(proto),
4663 data, sizeof(data), ssh->cfg.x11_auth);
4664 x11_get_real_auth(ssh->x11auth, ssh->cfg.x11_display);
4666 * Note that while we blank the X authentication data here, we don't
4667 * take any special action to blank the start of an X11 channel,
4668 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
4669 * without having session blanking enabled is likely to leak your
4670 * cookie into the log.
4672 if (ssh->v1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
4673 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
4675 PKTT_PASSWORD, PKT_STR, data, PKTT_OTHER,
4676 PKT_INT, x11_get_screen_number(ssh->cfg.x11_display),
4679 send_packet(ssh, SSH1_CMSG_X11_REQUEST_FORWARDING,
4681 PKTT_PASSWORD, PKT_STR, data, PKTT_OTHER, PKT_END);
4686 if (pktin->type != SSH1_SMSG_SUCCESS
4687 && pktin->type != SSH1_SMSG_FAILURE) {
4688 bombout(("Protocol confusion"));
4690 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4691 logevent("X11 forwarding refused");
4693 logevent("X11 forwarding enabled");
4694 ssh->X11_fwd_enabled = TRUE;
4695 ssh->packet_dispatch[SSH1_SMSG_X11_OPEN] = ssh1_smsg_x11_open;
4699 ssh_setup_portfwd(ssh, &ssh->cfg);
4700 ssh->packet_dispatch[SSH1_MSG_PORT_OPEN] = ssh1_msg_port_open;
4702 if (!ssh->cfg.nopty) {
4704 /* Unpick the terminal-speed string. */
4705 /* XXX perhaps we should allow no speeds to be sent. */
4706 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
4707 sscanf(ssh->cfg.termspeed, "%d,%d", &ssh->ospeed, &ssh->ispeed);
4708 /* Send the pty request. */
4709 pkt = ssh1_pkt_init(SSH1_CMSG_REQUEST_PTY);
4710 ssh_pkt_addstring(pkt, ssh->cfg.termtype);
4711 ssh_pkt_adduint32(pkt, ssh->term_height);
4712 ssh_pkt_adduint32(pkt, ssh->term_width);
4713 ssh_pkt_adduint32(pkt, 0); /* width in pixels */
4714 ssh_pkt_adduint32(pkt, 0); /* height in pixels */
4715 parse_ttymodes(ssh, ssh->cfg.ttymodes,
4716 ssh1_send_ttymode, (void *)pkt);
4717 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_ISPEED);
4718 ssh_pkt_adduint32(pkt, ssh->ispeed);
4719 ssh_pkt_addbyte(pkt, SSH1_TTY_OP_OSPEED);
4720 ssh_pkt_adduint32(pkt, ssh->ospeed);
4721 ssh_pkt_addbyte(pkt, SSH_TTY_OP_END);
4723 ssh->state = SSH_STATE_INTERMED;
4727 if (pktin->type != SSH1_SMSG_SUCCESS
4728 && pktin->type != SSH1_SMSG_FAILURE) {
4729 bombout(("Protocol confusion"));
4731 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4732 c_write_str(ssh, "Server refused to allocate pty\r\n");
4733 ssh->editing = ssh->echoing = 1;
4735 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
4736 ssh->ospeed, ssh->ispeed);
4738 ssh->editing = ssh->echoing = 1;
4741 if (ssh->cfg.compression) {
4742 send_packet(ssh, SSH1_CMSG_REQUEST_COMPRESSION, PKT_INT, 6, PKT_END);
4746 if (pktin->type != SSH1_SMSG_SUCCESS
4747 && pktin->type != SSH1_SMSG_FAILURE) {
4748 bombout(("Protocol confusion"));
4750 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4751 c_write_str(ssh, "Server refused to compress\r\n");
4753 logevent("Started compression");
4754 ssh->v1_compressing = TRUE;
4755 ssh->cs_comp_ctx = zlib_compress_init();
4756 logevent("Initialised zlib (RFC1950) compression");
4757 ssh->sc_comp_ctx = zlib_decompress_init();
4758 logevent("Initialised zlib (RFC1950) decompression");
4762 * Start the shell or command.
4764 * Special case: if the first-choice command is an SSH-2
4765 * subsystem (hence not usable here) and the second choice
4766 * exists, we fall straight back to that.
4769 char *cmd = ssh->cfg.remote_cmd_ptr;
4771 if (!cmd) cmd = ssh->cfg.remote_cmd;
4773 if (ssh->cfg.ssh_subsys && ssh->cfg.remote_cmd_ptr2) {
4774 cmd = ssh->cfg.remote_cmd_ptr2;
4775 ssh->fallback_cmd = TRUE;
4778 send_packet(ssh, SSH1_CMSG_EXEC_CMD, PKT_STR, cmd, PKT_END);
4780 send_packet(ssh, SSH1_CMSG_EXEC_SHELL, PKT_END);
4781 logevent("Started session");
4784 ssh->state = SSH_STATE_SESSION;
4785 if (ssh->size_needed)
4786 ssh_size(ssh, ssh->term_width, ssh->term_height);
4787 if (ssh->eof_needed)
4788 ssh_special(ssh, TS_EOF);
4791 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
4793 ssh->channels = newtree234(ssh_channelcmp);
4797 * By this point, most incoming packets are already being
4798 * handled by the dispatch table, and we need only pay
4799 * attention to the unusual ones.
4804 if (pktin->type == SSH1_SMSG_SUCCESS) {
4805 /* may be from EXEC_SHELL on some servers */
4806 } else if (pktin->type == SSH1_SMSG_FAILURE) {
4807 /* may be from EXEC_SHELL on some servers
4808 * if no pty is available or in other odd cases. Ignore */
4810 bombout(("Strange packet received: type %d", pktin->type));
4815 int len = min(inlen, 512);
4816 send_packet(ssh, SSH1_CMSG_STDIN_DATA, PKTT_DATA,
4817 PKT_INT, len, PKT_DATA, in, len,
4818 PKTT_OTHER, PKT_END);
4829 * Handle the top-level SSH-2 protocol.
4831 static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
4836 ssh_pkt_getstring(pktin, &msg, &msglen);
4837 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
4840 static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
4842 /* log reason code in disconnect message */
4846 ssh_pkt_getstring(pktin, &msg, &msglen);
4847 bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg));
4850 static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin)
4852 /* Do nothing, because we're ignoring it! Duhh. */
4855 static void ssh1_protocol_setup(Ssh ssh)
4860 * Most messages are handled by the coroutines.
4862 for (i = 0; i < 256; i++)
4863 ssh->packet_dispatch[i] = NULL;
4866 * These special message types we install handlers for.
4868 ssh->packet_dispatch[SSH1_MSG_DISCONNECT] = ssh1_msg_disconnect;
4869 ssh->packet_dispatch[SSH1_MSG_IGNORE] = ssh_msg_ignore;
4870 ssh->packet_dispatch[SSH1_MSG_DEBUG] = ssh1_msg_debug;
4873 static void ssh1_protocol(Ssh ssh, void *vin, int inlen,
4874 struct Packet *pktin)
4876 unsigned char *in=(unsigned char*)vin;
4877 if (ssh->state == SSH_STATE_CLOSED)
4880 if (pktin && ssh->packet_dispatch[pktin->type]) {
4881 ssh->packet_dispatch[pktin->type](ssh, pktin);
4885 if (!ssh->protocol_initial_phase_done) {
4886 if (do_ssh1_login(ssh, in, inlen, pktin))
4887 ssh->protocol_initial_phase_done = TRUE;
4892 do_ssh1_connection(ssh, in, inlen, pktin);
4896 * Utility routine for decoding comma-separated strings in KEXINIT.
4898 static int in_commasep_string(char *needle, char *haystack, int haylen)
4901 if (!needle || !haystack) /* protect against null pointers */
4903 needlen = strlen(needle);
4906 * Is it at the start of the string?
4908 if (haylen >= needlen && /* haystack is long enough */
4909 !memcmp(needle, haystack, needlen) && /* initial match */
4910 (haylen == needlen || haystack[needlen] == ',')
4911 /* either , or EOS follows */
4915 * If not, search for the next comma and resume after that.
4916 * If no comma found, terminate.
4918 while (haylen > 0 && *haystack != ',')
4919 haylen--, haystack++;
4922 haylen--, haystack++; /* skip over comma itself */
4927 * Similar routine for checking whether we have the first string in a list.
4929 static int first_in_commasep_string(char *needle, char *haystack, int haylen)
4932 if (!needle || !haystack) /* protect against null pointers */
4934 needlen = strlen(needle);
4936 * Is it at the start of the string?
4938 if (haylen >= needlen && /* haystack is long enough */
4939 !memcmp(needle, haystack, needlen) && /* initial match */
4940 (haylen == needlen || haystack[needlen] == ',')
4941 /* either , or EOS follows */
4949 * SSH-2 key creation method.
4951 static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr,
4952 unsigned char *keyspace)
4954 const struct ssh_hash *h = ssh->kex->hash;
4956 /* First hlen bytes. */
4958 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
4959 hash_mpint(h, s, K);
4960 h->bytes(s, H, h->hlen);
4961 h->bytes(s, &chr, 1);
4962 h->bytes(s, ssh->v2_session_id, ssh->v2_session_id_len);
4963 h->final(s, keyspace);
4964 /* Next hlen bytes. */
4966 if (!(ssh->remote_bugs & BUG_SSH2_DERIVEKEY))
4967 hash_mpint(h, s, K);
4968 h->bytes(s, H, h->hlen);
4969 h->bytes(s, keyspace, h->hlen);
4970 h->final(s, keyspace + h->hlen);
4974 * Handle the SSH-2 transport layer.
4976 static int do_ssh2_transport(Ssh ssh, void *vin, int inlen,
4977 struct Packet *pktin)
4979 unsigned char *in = (unsigned char *)vin;
4980 struct do_ssh2_transport_state {
4981 int nbits, pbits, warn_kex, warn_cscipher, warn_sccipher;
4982 Bignum p, g, e, f, K;
4985 int kex_init_value, kex_reply_value;
4986 const struct ssh_mac **maclist;
4988 const struct ssh2_cipher *cscipher_tobe;
4989 const struct ssh2_cipher *sccipher_tobe;
4990 const struct ssh_mac *csmac_tobe;
4991 const struct ssh_mac *scmac_tobe;
4992 const struct ssh_compress *cscomp_tobe;
4993 const struct ssh_compress *sccomp_tobe;
4994 char *hostkeydata, *sigdata, *keystr, *fingerprint;
4995 int hostkeylen, siglen;
4996 void *hkey; /* actual host key */
4997 unsigned char exchange_hash[32];
4998 int n_preferred_kex;
4999 const struct ssh_kexes *preferred_kex[KEX_MAX];
5000 int n_preferred_ciphers;
5001 const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
5002 const struct ssh_compress *preferred_comp;
5003 int got_session_id, activated_authconn;
5004 struct Packet *pktout;
5009 crState(do_ssh2_transport_state);
5011 crBegin(ssh->do_ssh2_transport_crstate);
5013 s->cscipher_tobe = s->sccipher_tobe = NULL;
5014 s->csmac_tobe = s->scmac_tobe = NULL;
5015 s->cscomp_tobe = s->sccomp_tobe = NULL;
5017 s->got_session_id = s->activated_authconn = FALSE;
5020 * Be prepared to work around the buggy MAC problem.
5022 if (ssh->remote_bugs & BUG_SSH2_HMAC)
5023 s->maclist = buggymacs, s->nmacs = lenof(buggymacs);
5025 s->maclist = macs, s->nmacs = lenof(macs);
5028 ssh->pkt_ctx &= ~SSH2_PKTCTX_KEX_MASK;
5030 int i, j, commalist_started;
5033 * Set up the preferred key exchange. (NULL => warn below here)
5035 s->n_preferred_kex = 0;
5036 for (i = 0; i < KEX_MAX; i++) {
5037 switch (ssh->cfg.ssh_kexlist[i]) {
5039 s->preferred_kex[s->n_preferred_kex++] =
5040 &ssh_diffiehellman_gex;
5043 s->preferred_kex[s->n_preferred_kex++] =
5044 &ssh_diffiehellman_group14;
5047 s->preferred_kex[s->n_preferred_kex++] =
5048 &ssh_diffiehellman_group1;
5051 /* Flag for later. Don't bother if it's the last in
5053 if (i < KEX_MAX - 1) {
5054 s->preferred_kex[s->n_preferred_kex++] = NULL;
5061 * Set up the preferred ciphers. (NULL => warn below here)
5063 s->n_preferred_ciphers = 0;
5064 for (i = 0; i < CIPHER_MAX; i++) {
5065 switch (ssh->cfg.ssh_cipherlist[i]) {
5066 case CIPHER_BLOWFISH:
5067 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_blowfish;
5070 if (ssh->cfg.ssh2_des_cbc) {
5071 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_des;
5075 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_3des;
5078 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_aes;
5080 case CIPHER_ARCFOUR:
5081 s->preferred_ciphers[s->n_preferred_ciphers++] = &ssh2_arcfour;
5084 /* Flag for later. Don't bother if it's the last in
5086 if (i < CIPHER_MAX - 1) {
5087 s->preferred_ciphers[s->n_preferred_ciphers++] = NULL;
5094 * Set up preferred compression.
5096 if (ssh->cfg.compression)
5097 s->preferred_comp = &ssh_zlib;
5099 s->preferred_comp = &ssh_comp_none;
5102 * Enable queueing of outgoing auth- or connection-layer
5103 * packets while we are in the middle of a key exchange.
5105 ssh->queueing = TRUE;
5108 * Flag that KEX is in progress.
5110 ssh->kex_in_progress = TRUE;
5113 * Construct and send our key exchange packet.
5115 s->pktout = ssh2_pkt_init(SSH2_MSG_KEXINIT);
5116 for (i = 0; i < 16; i++)
5117 ssh2_pkt_addbyte(s->pktout, (unsigned char) random_byte());
5118 /* List key exchange algorithms. */
5119 ssh2_pkt_addstring_start(s->pktout);
5120 commalist_started = 0;
5121 for (i = 0; i < s->n_preferred_kex; i++) {
5122 const struct ssh_kexes *k = s->preferred_kex[i];
5123 if (!k) continue; /* warning flag */
5124 for (j = 0; j < k->nkexes; j++) {
5125 if (commalist_started)
5126 ssh2_pkt_addstring_str(s->pktout, ",");
5127 ssh2_pkt_addstring_str(s->pktout, k->list[j]->name);
5128 commalist_started = 1;
5131 /* List server host key algorithms. */
5132 ssh2_pkt_addstring_start(s->pktout);
5133 for (i = 0; i < lenof(hostkey_algs); i++) {
5134 ssh2_pkt_addstring_str(s->pktout, hostkey_algs[i]->name);
5135 if (i < lenof(hostkey_algs) - 1)
5136 ssh2_pkt_addstring_str(s->pktout, ",");
5138 /* List client->server encryption algorithms. */
5139 ssh2_pkt_addstring_start(s->pktout);
5140 commalist_started = 0;
5141 for (i = 0; i < s->n_preferred_ciphers; i++) {
5142 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5143 if (!c) continue; /* warning flag */
5144 for (j = 0; j < c->nciphers; j++) {
5145 if (commalist_started)
5146 ssh2_pkt_addstring_str(s->pktout, ",");
5147 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5148 commalist_started = 1;
5151 /* List server->client encryption algorithms. */
5152 ssh2_pkt_addstring_start(s->pktout);
5153 commalist_started = 0;
5154 for (i = 0; i < s->n_preferred_ciphers; i++) {
5155 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5156 if (!c) continue; /* warning flag */
5157 for (j = 0; j < c->nciphers; j++) {
5158 if (commalist_started)
5159 ssh2_pkt_addstring_str(s->pktout, ",");
5160 ssh2_pkt_addstring_str(s->pktout, c->list[j]->name);
5161 commalist_started = 1;
5164 /* List client->server MAC algorithms. */
5165 ssh2_pkt_addstring_start(s->pktout);
5166 for (i = 0; i < s->nmacs; i++) {
5167 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5168 if (i < s->nmacs - 1)
5169 ssh2_pkt_addstring_str(s->pktout, ",");
5171 /* List server->client MAC algorithms. */
5172 ssh2_pkt_addstring_start(s->pktout);
5173 for (i = 0; i < s->nmacs; i++) {
5174 ssh2_pkt_addstring_str(s->pktout, s->maclist[i]->name);
5175 if (i < s->nmacs - 1)
5176 ssh2_pkt_addstring_str(s->pktout, ",");
5178 /* List client->server compression algorithms. */
5179 ssh2_pkt_addstring_start(s->pktout);
5180 assert(lenof(compressions) > 1);
5181 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5182 for (i = 0; i < lenof(compressions); i++) {
5183 const struct ssh_compress *c = compressions[i];
5184 if (c != s->preferred_comp) {
5185 ssh2_pkt_addstring_str(s->pktout, ",");
5186 ssh2_pkt_addstring_str(s->pktout, c->name);
5189 /* List server->client compression algorithms. */
5190 ssh2_pkt_addstring_start(s->pktout);
5191 assert(lenof(compressions) > 1);
5192 ssh2_pkt_addstring_str(s->pktout, s->preferred_comp->name);
5193 for (i = 0; i < lenof(compressions); i++) {
5194 const struct ssh_compress *c = compressions[i];
5195 if (c != s->preferred_comp) {
5196 ssh2_pkt_addstring_str(s->pktout, ",");
5197 ssh2_pkt_addstring_str(s->pktout, c->name);
5200 /* List client->server languages. Empty list. */
5201 ssh2_pkt_addstring_start(s->pktout);
5202 /* List server->client languages. Empty list. */
5203 ssh2_pkt_addstring_start(s->pktout);
5204 /* First KEX packet does _not_ follow, because we're not that brave. */
5205 ssh2_pkt_addbool(s->pktout, FALSE);
5207 ssh2_pkt_adduint32(s->pktout, 0);
5210 s->our_kexinitlen = s->pktout->length - 5;
5211 s->our_kexinit = snewn(s->our_kexinitlen, unsigned char);
5212 memcpy(s->our_kexinit, s->pktout->data + 5, s->our_kexinitlen);
5214 ssh2_pkt_send_noqueue(ssh, s->pktout);
5220 * Now examine the other side's KEXINIT to see what we're up
5224 char *str, *preferred;
5227 if (pktin->type != SSH2_MSG_KEXINIT) {
5228 bombout(("expected key exchange packet from server"));
5232 ssh->hostkey = NULL;
5233 s->cscipher_tobe = NULL;
5234 s->sccipher_tobe = NULL;
5235 s->csmac_tobe = NULL;
5236 s->scmac_tobe = NULL;
5237 s->cscomp_tobe = NULL;
5238 s->sccomp_tobe = NULL;
5239 s->warn_kex = s->warn_cscipher = s->warn_sccipher = FALSE;
5241 pktin->savedpos += 16; /* skip garbage cookie */
5242 ssh_pkt_getstring(pktin, &str, &len); /* key exchange algorithms */
5245 for (i = 0; i < s->n_preferred_kex; i++) {
5246 const struct ssh_kexes *k = s->preferred_kex[i];
5250 for (j = 0; j < k->nkexes; j++) {
5251 if (!preferred) preferred = k->list[j]->name;
5252 if (in_commasep_string(k->list[j]->name, str, len)) {
5253 ssh->kex = k->list[j];
5262 bombout(("Couldn't agree a key exchange algorithm (available: %s)",
5263 str ? str : "(null)"));
5267 * Note that the server's guess is considered wrong if it doesn't match
5268 * the first algorithm in our list, even if it's still the algorithm
5271 s->guessok = first_in_commasep_string(preferred, str, len);
5272 ssh_pkt_getstring(pktin, &str, &len); /* host key algorithms */
5273 for (i = 0; i < lenof(hostkey_algs); i++) {
5274 if (in_commasep_string(hostkey_algs[i]->name, str, len)) {
5275 ssh->hostkey = hostkey_algs[i];
5279 s->guessok = s->guessok &&
5280 first_in_commasep_string(hostkey_algs[0]->name, str, len);
5281 ssh_pkt_getstring(pktin, &str, &len); /* client->server cipher */
5282 for (i = 0; i < s->n_preferred_ciphers; i++) {
5283 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5285 s->warn_cscipher = TRUE;
5287 for (j = 0; j < c->nciphers; j++) {
5288 if (in_commasep_string(c->list[j]->name, str, len)) {
5289 s->cscipher_tobe = c->list[j];
5294 if (s->cscipher_tobe)
5297 if (!s->cscipher_tobe) {
5298 bombout(("Couldn't agree a client-to-server cipher (available: %s)",
5299 str ? str : "(null)"));
5303 ssh_pkt_getstring(pktin, &str, &len); /* server->client cipher */
5304 for (i = 0; i < s->n_preferred_ciphers; i++) {
5305 const struct ssh2_ciphers *c = s->preferred_ciphers[i];
5307 s->warn_sccipher = TRUE;
5309 for (j = 0; j < c->nciphers; j++) {
5310 if (in_commasep_string(c->list[j]->name, str, len)) {
5311 s->sccipher_tobe = c->list[j];
5316 if (s->sccipher_tobe)
5319 if (!s->sccipher_tobe) {
5320 bombout(("Couldn't agree a server-to-client cipher (available: %s)",
5321 str ? str : "(null)"));
5325 ssh_pkt_getstring(pktin, &str, &len); /* client->server mac */
5326 for (i = 0; i < s->nmacs; i++) {
5327 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5328 s->csmac_tobe = s->maclist[i];
5332 ssh_pkt_getstring(pktin, &str, &len); /* server->client mac */
5333 for (i = 0; i < s->nmacs; i++) {
5334 if (in_commasep_string(s->maclist[i]->name, str, len)) {
5335 s->scmac_tobe = s->maclist[i];
5339 ssh_pkt_getstring(pktin, &str, &len); /* client->server compression */
5340 for (i = 0; i < lenof(compressions) + 1; i++) {
5341 const struct ssh_compress *c =
5342 i == 0 ? s->preferred_comp : compressions[i - 1];
5343 if (in_commasep_string(c->name, str, len)) {
5348 ssh_pkt_getstring(pktin, &str, &len); /* server->client compression */
5349 for (i = 0; i < lenof(compressions) + 1; i++) {
5350 const struct ssh_compress *c =
5351 i == 0 ? s->preferred_comp : compressions[i - 1];
5352 if (in_commasep_string(c->name, str, len)) {
5357 ssh_pkt_getstring(pktin, &str, &len); /* client->server language */
5358 ssh_pkt_getstring(pktin, &str, &len); /* server->client language */
5359 s->ignorepkt = ssh2_pkt_getbool(pktin) && !s->guessok;
5362 ssh_set_frozen(ssh, 1);
5363 s->dlgret = askalg(ssh->frontend, "key-exchange algorithm",
5365 ssh_dialog_callback, ssh);
5366 if (s->dlgret < 0) {
5370 bombout(("Unexpected data from server while"
5371 " waiting for user response"));
5374 } while (pktin || inlen > 0);
5375 s->dlgret = ssh->user_response;
5377 ssh_set_frozen(ssh, 0);
5378 if (s->dlgret == 0) {
5379 ssh_disconnect(ssh, "User aborted at kex warning", NULL,
5385 if (s->warn_cscipher) {
5386 ssh_set_frozen(ssh, 1);
5387 s->dlgret = askalg(ssh->frontend,
5388 "client-to-server cipher",
5389 s->cscipher_tobe->name,
5390 ssh_dialog_callback, ssh);
5391 if (s->dlgret < 0) {
5395 bombout(("Unexpected data from server while"
5396 " waiting for user response"));
5399 } while (pktin || inlen > 0);
5400 s->dlgret = ssh->user_response;
5402 ssh_set_frozen(ssh, 0);
5403 if (s->dlgret == 0) {
5404 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5410 if (s->warn_sccipher) {
5411 ssh_set_frozen(ssh, 1);
5412 s->dlgret = askalg(ssh->frontend,
5413 "server-to-client cipher",
5414 s->sccipher_tobe->name,
5415 ssh_dialog_callback, ssh);
5416 if (s->dlgret < 0) {
5420 bombout(("Unexpected data from server while"
5421 " waiting for user response"));
5424 } while (pktin || inlen > 0);
5425 s->dlgret = ssh->user_response;
5427 ssh_set_frozen(ssh, 0);
5428 if (s->dlgret == 0) {
5429 ssh_disconnect(ssh, "User aborted at cipher warning", NULL,
5435 ssh->exhash = ssh->kex->hash->init();
5436 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_c, strlen(ssh->v_c));
5437 hash_string(ssh->kex->hash, ssh->exhash, ssh->v_s, strlen(ssh->v_s));
5438 hash_string(ssh->kex->hash, ssh->exhash,
5439 s->our_kexinit, s->our_kexinitlen);
5440 sfree(s->our_kexinit);
5441 if (pktin->length > 5)
5442 hash_string(ssh->kex->hash, ssh->exhash,
5443 pktin->data + 5, pktin->length - 5);
5445 if (s->ignorepkt) /* first_kex_packet_follows */
5446 crWaitUntil(pktin); /* Ignore packet */
5450 * Work out the number of bits of key we will need from the key
5451 * exchange. We start with the maximum key length of either
5457 csbits = s->cscipher_tobe->keylen;
5458 scbits = s->sccipher_tobe->keylen;
5459 s->nbits = (csbits > scbits ? csbits : scbits);
5461 /* The keys only have hlen-bit entropy, since they're based on
5462 * a hash. So cap the key size at hlen bits. */
5463 if (s->nbits > ssh->kex->hash->hlen * 8)
5464 s->nbits = ssh->kex->hash->hlen * 8;
5467 * If we're doing Diffie-Hellman group exchange, start by
5468 * requesting a group.
5470 if (!ssh->kex->pdata) {
5471 logevent("Doing Diffie-Hellman group exchange");
5472 ssh->pkt_ctx |= SSH2_PKTCTX_DHGEX;
5474 * Work out how big a DH group we will need to allow that
5477 s->pbits = 512 << ((s->nbits - 1) / 64);
5478 s->pktout = ssh2_pkt_init(SSH2_MSG_KEX_DH_GEX_REQUEST);
5479 ssh2_pkt_adduint32(s->pktout, s->pbits);
5480 ssh2_pkt_send_noqueue(ssh, s->pktout);
5483 if (pktin->type != SSH2_MSG_KEX_DH_GEX_GROUP) {
5484 bombout(("expected key exchange group packet from server"));
5487 s->p = ssh2_pkt_getmp(pktin);
5488 s->g = ssh2_pkt_getmp(pktin);
5489 if (!s->p || !s->g) {
5490 bombout(("unable to read mp-ints from incoming group packet"));
5493 ssh->kex_ctx = dh_setup_gex(s->p, s->g);
5494 s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT;
5495 s->kex_reply_value = SSH2_MSG_KEX_DH_GEX_REPLY;
5497 ssh->pkt_ctx |= SSH2_PKTCTX_DHGROUP;
5498 ssh->kex_ctx = dh_setup_group(ssh->kex);
5499 s->kex_init_value = SSH2_MSG_KEXDH_INIT;
5500 s->kex_reply_value = SSH2_MSG_KEXDH_REPLY;
5501 logeventf(ssh, "Using Diffie-Hellman with standard group \"%s\"",
5502 ssh->kex->groupname);
5505 logevent("Doing Diffie-Hellman key exchange");
5507 * Now generate and send e for Diffie-Hellman.
5509 set_busy_status(ssh->frontend, BUSY_CPU); /* this can take a while */
5510 s->e = dh_create_e(ssh->kex_ctx, s->nbits * 2);
5511 s->pktout = ssh2_pkt_init(s->kex_init_value);
5512 ssh2_pkt_addmp(s->pktout, s->e);
5513 ssh2_pkt_send_noqueue(ssh, s->pktout);
5515 set_busy_status(ssh->frontend, BUSY_WAITING); /* wait for server */
5517 if (pktin->type != s->kex_reply_value) {
5518 bombout(("expected key exchange reply packet from server"));
5521 set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */
5522 ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen);
5523 s->f = ssh2_pkt_getmp(pktin);
5525 bombout(("unable to parse key exchange reply packet"));
5528 ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
5530 s->K = dh_find_K(ssh->kex_ctx, s->f);
5532 /* We assume everything from now on will be quick, and it might
5533 * involve user interaction. */
5534 set_busy_status(ssh->frontend, BUSY_NOT);
5536 hash_string(ssh->kex->hash, ssh->exhash, s->hostkeydata, s->hostkeylen);
5537 if (!ssh->kex->pdata) {
5538 hash_uint32(ssh->kex->hash, ssh->exhash, s->pbits);
5539 hash_mpint(ssh->kex->hash, ssh->exhash, s->p);
5540 hash_mpint(ssh->kex->hash, ssh->exhash, s->g);
5542 hash_mpint(ssh->kex->hash, ssh->exhash, s->e);
5543 hash_mpint(ssh->kex->hash, ssh->exhash, s->f);
5544 hash_mpint(ssh->kex->hash, ssh->exhash, s->K);
5545 assert(ssh->kex->hash->hlen <= sizeof(s->exchange_hash));
5546 ssh->kex->hash->final(ssh->exhash, s->exchange_hash);
5548 dh_cleanup(ssh->kex_ctx);
5549 ssh->kex_ctx = NULL;
5552 debug(("Exchange hash is:\n"));
5553 dmemdump(s->exchange_hash, ssh->kex->hash->hlen);
5556 s->hkey = ssh->hostkey->newkey(s->hostkeydata, s->hostkeylen);
5558 !ssh->hostkey->verifysig(s->hkey, s->sigdata, s->siglen,
5559 (char *)s->exchange_hash,
5560 ssh->kex->hash->hlen)) {
5561 bombout(("Server's host key did not match the signature supplied"));
5566 * Authenticate remote host: verify host key. (We've already
5567 * checked the signature of the exchange hash.)
5569 s->keystr = ssh->hostkey->fmtkey(s->hkey);
5570 s->fingerprint = ssh->hostkey->fingerprint(s->hkey);
5571 ssh_set_frozen(ssh, 1);
5572 s->dlgret = verify_ssh_host_key(ssh->frontend,
5573 ssh->savedhost, ssh->savedport,
5574 ssh->hostkey->keytype, s->keystr,
5576 ssh_dialog_callback, ssh);
5577 if (s->dlgret < 0) {
5581 bombout(("Unexpected data from server while waiting"
5582 " for user host key response"));
5585 } while (pktin || inlen > 0);
5586 s->dlgret = ssh->user_response;
5588 ssh_set_frozen(ssh, 0);
5589 if (s->dlgret == 0) {
5590 ssh_disconnect(ssh, "User aborted at host key verification", NULL,
5594 if (!s->got_session_id) { /* don't bother logging this in rekeys */
5595 logevent("Host key fingerprint is:");
5596 logevent(s->fingerprint);
5598 sfree(s->fingerprint);
5600 ssh->hostkey->freekey(s->hkey);
5603 * The exchange hash from the very first key exchange is also
5604 * the session id, used in session key construction and
5607 if (!s->got_session_id) {
5608 assert(sizeof(s->exchange_hash) <= sizeof(ssh->v2_session_id));
5609 memcpy(ssh->v2_session_id, s->exchange_hash,
5610 sizeof(s->exchange_hash));
5611 ssh->v2_session_id_len = ssh->kex->hash->hlen;
5612 assert(ssh->v2_session_id_len <= sizeof(ssh->v2_session_id));
5613 s->got_session_id = TRUE;
5617 * Send SSH2_MSG_NEWKEYS.
5619 s->pktout = ssh2_pkt_init(SSH2_MSG_NEWKEYS);
5620 ssh2_pkt_send_noqueue(ssh, s->pktout);
5621 ssh->outgoing_data_size = 0; /* start counting from here */
5624 * We've sent client NEWKEYS, so create and initialise
5625 * client-to-server session keys.
5627 if (ssh->cs_cipher_ctx)
5628 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
5629 ssh->cscipher = s->cscipher_tobe;
5630 ssh->cs_cipher_ctx = ssh->cscipher->make_context();
5632 if (ssh->cs_mac_ctx)
5633 ssh->csmac->free_context(ssh->cs_mac_ctx);
5634 ssh->csmac = s->csmac_tobe;
5635 ssh->cs_mac_ctx = ssh->csmac->make_context();
5637 if (ssh->cs_comp_ctx)
5638 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
5639 ssh->cscomp = s->cscomp_tobe;
5640 ssh->cs_comp_ctx = ssh->cscomp->compress_init();
5643 * Set IVs on client-to-server keys. Here we use the exchange
5644 * hash from the _first_ key exchange.
5647 unsigned char keyspace[40];
5648 ssh2_mkkey(ssh,s->K,s->exchange_hash,'C',keyspace);
5649 ssh->cscipher->setkey(ssh->cs_cipher_ctx, keyspace);
5650 ssh2_mkkey(ssh,s->K,s->exchange_hash,'A',keyspace);
5651 ssh->cscipher->setiv(ssh->cs_cipher_ctx, keyspace);
5652 ssh2_mkkey(ssh,s->K,s->exchange_hash,'E',keyspace);
5653 ssh->csmac->setkey(ssh->cs_mac_ctx, keyspace);
5656 logeventf(ssh, "Initialised %.200s client->server encryption",
5657 ssh->cscipher->text_name);
5658 logeventf(ssh, "Initialised %.200s client->server MAC algorithm",
5659 ssh->csmac->text_name);
5660 if (ssh->cscomp->text_name)
5661 logeventf(ssh, "Initialised %s compression",
5662 ssh->cscomp->text_name);
5665 * Now our end of the key exchange is complete, we can send all
5666 * our queued higher-layer packets.
5668 ssh->queueing = FALSE;
5669 ssh2_pkt_queuesend(ssh);
5672 * Expect SSH2_MSG_NEWKEYS from server.
5675 if (pktin->type != SSH2_MSG_NEWKEYS) {
5676 bombout(("expected new-keys packet from server"));
5679 ssh->incoming_data_size = 0; /* start counting from here */
5682 * We've seen server NEWKEYS, so create and initialise
5683 * server-to-client session keys.
5685 if (ssh->sc_cipher_ctx)
5686 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
5687 ssh->sccipher = s->sccipher_tobe;
5688 ssh->sc_cipher_ctx = ssh->sccipher->make_context();
5690 if (ssh->sc_mac_ctx)
5691 ssh->scmac->free_context(ssh->sc_mac_ctx);
5692 ssh->scmac = s->scmac_tobe;
5693 ssh->sc_mac_ctx = ssh->scmac->make_context();
5695 if (ssh->sc_comp_ctx)
5696 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
5697 ssh->sccomp = s->sccomp_tobe;
5698 ssh->sc_comp_ctx = ssh->sccomp->decompress_init();
5701 * Set IVs on server-to-client keys. Here we use the exchange
5702 * hash from the _first_ key exchange.
5705 unsigned char keyspace[40];
5706 ssh2_mkkey(ssh,s->K,s->exchange_hash,'D',keyspace);
5707 ssh->sccipher->setkey(ssh->sc_cipher_ctx, keyspace);
5708 ssh2_mkkey(ssh,s->K,s->exchange_hash,'B',keyspace);
5709 ssh->sccipher->setiv(ssh->sc_cipher_ctx, keyspace);
5710 ssh2_mkkey(ssh,s->K,s->exchange_hash,'F',keyspace);
5711 ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
5713 logeventf(ssh, "Initialised %.200s server->client encryption",
5714 ssh->sccipher->text_name);
5715 logeventf(ssh, "Initialised %.200s server->client MAC algorithm",
5716 ssh->scmac->text_name);
5717 if (ssh->sccomp->text_name)
5718 logeventf(ssh, "Initialised %s decompression",
5719 ssh->sccomp->text_name);
5722 * Free key exchange data.
5726 if (!ssh->kex->pdata) {
5732 * Key exchange is over. Loop straight back round if we have a
5733 * deferred rekey reason.
5735 if (ssh->deferred_rekey_reason) {
5736 logevent(ssh->deferred_rekey_reason);
5738 ssh->deferred_rekey_reason = NULL;
5739 goto begin_key_exchange;
5743 * Otherwise, schedule a timer for our next rekey.
5745 ssh->kex_in_progress = FALSE;
5746 ssh->last_rekey = GETTICKCOUNT();
5747 if (ssh->cfg.ssh_rekey_time != 0)
5748 ssh->next_rekey = schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
5752 * If this is the first key exchange phase, we must pass the
5753 * SSH2_MSG_NEWKEYS packet to the next layer, not because it
5754 * wants to see it but because it will need time to initialise
5755 * itself before it sees an actual packet. In subsequent key
5756 * exchange phases, we don't pass SSH2_MSG_NEWKEYS on, because
5757 * it would only confuse the layer above.
5759 if (s->activated_authconn) {
5762 s->activated_authconn = TRUE;
5765 * Now we're encrypting. Begin returning 1 to the protocol main
5766 * function so that other things can run on top of the
5767 * transport. If we ever see a KEXINIT, we must go back to the
5770 * We _also_ go back to the start if we see pktin==NULL and
5771 * inlen==-1, because this is a special signal meaning
5772 * `initiate client-driven rekey', and `in' contains a message
5773 * giving the reason for the rekey.
5775 while (!((pktin && pktin->type == SSH2_MSG_KEXINIT) ||
5776 (!pktin && inlen == -1))) {
5781 logevent("Server initiated key re-exchange");
5784 * Special case: if the server bug is set that doesn't
5785 * allow rekeying, we give a different log message and
5786 * continue waiting. (If such a server _initiates_ a rekey,
5787 * we process it anyway!)
5789 if ((ssh->remote_bugs & BUG_SSH2_REKEY)) {
5790 logeventf(ssh, "Server bug prevents key re-exchange (%s)",
5792 /* Reset the counters, so that at least this message doesn't
5793 * hit the event log _too_ often. */
5794 ssh->outgoing_data_size = 0;
5795 ssh->incoming_data_size = 0;
5796 if (ssh->cfg.ssh_rekey_time != 0) {
5798 schedule_timer(ssh->cfg.ssh_rekey_time*60*TICKSPERSEC,
5801 goto wait_for_rekey; /* this is utterly horrid */
5803 logeventf(ssh, "Initiating key re-exchange (%s)", (char *)in);
5806 goto begin_key_exchange;
5812 * Add data to an SSH-2 channel output buffer.
5814 static void ssh2_add_channel_data(struct ssh_channel *c, char *buf,
5817 bufchain_add(&c->v.v2.outbuffer, buf, len);
5821 * Attempt to send data on an SSH-2 channel.
5823 static int ssh2_try_send(struct ssh_channel *c)
5826 struct Packet *pktout;
5828 while (c->v.v2.remwindow > 0 && bufchain_size(&c->v.v2.outbuffer) > 0) {
5831 bufchain_prefix(&c->v.v2.outbuffer, &data, &len);
5832 if ((unsigned)len > c->v.v2.remwindow)
5833 len = c->v.v2.remwindow;
5834 if ((unsigned)len > c->v.v2.remmaxpkt)
5835 len = c->v.v2.remmaxpkt;
5836 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_DATA);
5837 ssh2_pkt_adduint32(pktout, c->remoteid);
5838 dont_log_data(ssh, pktout, PKTLOG_OMIT);
5839 ssh2_pkt_addstring_start(pktout);
5840 ssh2_pkt_addstring_data(pktout, data, len);
5841 end_log_omission(ssh, pktout);
5842 ssh2_pkt_send(ssh, pktout);
5843 bufchain_consume(&c->v.v2.outbuffer, len);
5844 c->v.v2.remwindow -= len;
5848 * After having sent as much data as we can, return the amount
5851 return bufchain_size(&c->v.v2.outbuffer);
5854 static void ssh2_try_send_and_unthrottle(struct ssh_channel *c)
5858 return; /* don't send on closing channels */
5859 bufsize = ssh2_try_send(c);
5862 case CHAN_MAINSESSION:
5863 /* stdin need not receive an unthrottle
5864 * notification since it will be polled */
5867 x11_unthrottle(c->u.x11.s);
5870 /* agent sockets are request/response and need no
5871 * buffer management */
5874 pfd_unthrottle(c->u.pfd.s);
5881 * Potentially enlarge the window on an SSH-2 channel.
5883 static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
5888 * Never send WINDOW_ADJUST for a channel that the remote side
5889 * already thinks it's closed; there's no point, since it won't
5890 * be sending any more data anyway.
5896 * Only send a WINDOW_ADJUST if there's significantly more window
5897 * available than the other end thinks there is. This saves us
5898 * sending a WINDOW_ADJUST for every character in a shell session.
5900 * "Significant" is arbitrarily defined as half the window size.
5902 if (newwin > c->v.v2.locwindow * 2) {
5903 struct Packet *pktout;
5905 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
5906 ssh2_pkt_adduint32(pktout, c->remoteid);
5907 ssh2_pkt_adduint32(pktout, newwin - c->v.v2.locwindow);
5908 ssh2_pkt_send(ssh, pktout);
5909 c->v.v2.locwindow = newwin;
5913 static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)
5915 unsigned i = ssh_pkt_getuint32(pktin);
5916 struct ssh_channel *c;
5917 c = find234(ssh->channels, &i, ssh_channelfind);
5918 if (c && !c->closes) {
5919 c->v.v2.remwindow += ssh_pkt_getuint32(pktin);
5920 ssh2_try_send_and_unthrottle(c);
5924 static void ssh2_msg_channel_data(Ssh ssh, struct Packet *pktin)
5928 unsigned i = ssh_pkt_getuint32(pktin);
5929 struct ssh_channel *c;
5930 c = find234(ssh->channels, &i, ssh_channelfind);
5932 return; /* nonexistent channel */
5933 if (pktin->type == SSH2_MSG_CHANNEL_EXTENDED_DATA &&
5934 ssh_pkt_getuint32(pktin) != SSH2_EXTENDED_DATA_STDERR)
5935 return; /* extended but not stderr */
5936 ssh_pkt_getstring(pktin, &data, &length);
5939 c->v.v2.locwindow -= length;
5941 case CHAN_MAINSESSION:
5943 from_backend(ssh->frontend, pktin->type ==
5944 SSH2_MSG_CHANNEL_EXTENDED_DATA,
5948 bufsize = x11_send(c->u.x11.s, data, length);
5951 bufsize = pfd_send(c->u.pfd.s, data, length);
5954 while (length > 0) {
5955 if (c->u.a.lensofar < 4) {
5956 unsigned int l = min(4 - c->u.a.lensofar, length);
5957 memcpy(c->u.a.msglen + c->u.a.lensofar,
5961 c->u.a.lensofar += l;
5963 if (c->u.a.lensofar == 4) {
5965 4 + GET_32BIT(c->u.a.msglen);
5966 c->u.a.message = snewn(c->u.a.totallen,
5968 memcpy(c->u.a.message, c->u.a.msglen, 4);
5970 if (c->u.a.lensofar >= 4 && length > 0) {
5972 min(c->u.a.totallen - c->u.a.lensofar,
5974 memcpy(c->u.a.message + c->u.a.lensofar,
5978 c->u.a.lensofar += l;
5980 if (c->u.a.lensofar == c->u.a.totallen) {
5983 if (agent_query(c->u.a.message,
5986 ssh_agentf_callback, c))
5987 ssh_agentf_callback(c, reply, replylen);
5988 sfree(c->u.a.message);
5989 c->u.a.lensofar = 0;
5996 * If we are not buffering too much data,
5997 * enlarge the window again at the remote side.
5999 if (bufsize < OUR_V2_WINSIZE)
6000 ssh2_set_window(c, OUR_V2_WINSIZE - bufsize);
6004 static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)
6006 unsigned i = ssh_pkt_getuint32(pktin);
6007 struct ssh_channel *c;
6009 c = find234(ssh->channels, &i, ssh_channelfind);
6011 return; /* nonexistent channel */
6013 if (c->type == CHAN_X11) {
6015 * Remote EOF on an X11 channel means we should
6016 * wrap up and close the channel ourselves.
6018 x11_close(c->u.x11.s);
6020 } else if (c->type == CHAN_AGENT) {
6022 } else if (c->type == CHAN_SOCKDATA) {
6023 pfd_close(c->u.pfd.s);
6028 static void ssh2_msg_channel_close(Ssh ssh, struct Packet *pktin)
6030 unsigned i = ssh_pkt_getuint32(pktin);
6031 struct ssh_channel *c;
6032 struct Packet *pktout;
6034 c = find234(ssh->channels, &i, ssh_channelfind);
6035 if (!c || c->halfopen) {
6036 bombout(("Received CHANNEL_CLOSE for %s channel %d\n",
6037 c ? "half-open" : "nonexistent", i));
6040 /* Do pre-close processing on the channel. */
6042 case CHAN_MAINSESSION:
6043 ssh->mainchan = NULL;
6044 update_specials_menu(ssh->frontend);
6047 if (c->u.x11.s != NULL)
6048 x11_close(c->u.x11.s);
6055 if (c->u.pfd.s != NULL)
6056 pfd_close(c->u.pfd.s);
6060 if (c->closes == 0) {
6061 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6062 ssh2_pkt_adduint32(pktout, c->remoteid);
6063 ssh2_pkt_send(ssh, pktout);
6065 del234(ssh->channels, c);
6066 bufchain_clear(&c->v.v2.outbuffer);
6070 * See if that was the last channel left open.
6071 * (This is only our termination condition if we're
6072 * not running in -N mode.)
6074 if (!ssh->cfg.ssh_no_shell && count234(ssh->channels) == 0) {
6076 * We used to send SSH_MSG_DISCONNECT here,
6077 * because I'd believed that _every_ conforming
6078 * SSH-2 connection had to end with a disconnect
6079 * being sent by at least one side; apparently
6080 * I was wrong and it's perfectly OK to
6081 * unceremoniously slam the connection shut
6082 * when you're done, and indeed OpenSSH feels
6083 * this is more polite than sending a
6084 * DISCONNECT. So now we don't.
6086 ssh_disconnect(ssh, "All channels closed", NULL, 0, TRUE);
6090 static void ssh2_msg_channel_open_confirmation(Ssh ssh, struct Packet *pktin)
6092 unsigned i = ssh_pkt_getuint32(pktin);
6093 struct ssh_channel *c;
6094 struct Packet *pktout;
6096 c = find234(ssh->channels, &i, ssh_channelfind);
6098 return; /* nonexistent channel */
6099 if (c->type != CHAN_SOCKDATA_DORMANT)
6100 return; /* dunno why they're confirming this */
6101 c->remoteid = ssh_pkt_getuint32(pktin);
6102 c->halfopen = FALSE;
6103 c->type = CHAN_SOCKDATA;
6104 c->v.v2.remwindow = ssh_pkt_getuint32(pktin);
6105 c->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
6107 pfd_confirm(c->u.pfd.s);
6110 * We have a pending close on this channel,
6111 * which we decided on before the server acked
6112 * the channel open. So now we know the
6113 * remoteid, we can close it again.
6115 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
6116 ssh2_pkt_adduint32(pktout, c->remoteid);
6117 ssh2_pkt_send(ssh, pktout);
6121 static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
6123 static const char *const reasons[] = {
6124 "<unknown reason code>",
6125 "Administratively prohibited",
6127 "Unknown channel type",
6128 "Resource shortage",
6130 unsigned i = ssh_pkt_getuint32(pktin);
6131 unsigned reason_code;
6132 char *reason_string;
6134 struct ssh_channel *c;
6135 c = find234(ssh->channels, &i, ssh_channelfind);
6137 return; /* nonexistent channel */
6138 if (c->type != CHAN_SOCKDATA_DORMANT)
6139 return; /* dunno why they're failing this */
6141 reason_code = ssh_pkt_getuint32(pktin);
6142 if (reason_code >= lenof(reasons))
6143 reason_code = 0; /* ensure reasons[reason_code] in range */
6144 ssh_pkt_getstring(pktin, &reason_string, &reason_length);
6145 logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]",
6146 reasons[reason_code], reason_length, reason_string);
6148 pfd_close(c->u.pfd.s);
6150 del234(ssh->channels, c);
6154 static void ssh2_msg_channel_request(Ssh ssh, struct Packet *pktin)
6158 int typelen, want_reply;
6159 int reply = SSH2_MSG_CHANNEL_FAILURE; /* default */
6160 struct ssh_channel *c;
6161 struct Packet *pktout;
6163 localid = ssh_pkt_getuint32(pktin);
6164 ssh_pkt_getstring(pktin, &type, &typelen);
6165 want_reply = ssh2_pkt_getbool(pktin);
6168 * First, check that the channel exists. Otherwise,
6169 * we can instantly disconnect with a rude message.
6171 c = find234(ssh->channels, &localid, ssh_channelfind);
6173 char *buf = dupprintf("Received channel request for nonexistent"
6174 " channel %d", localid);
6175 ssh_disconnect(ssh, NULL, buf, SSH2_DISCONNECT_PROTOCOL_ERROR, FALSE);
6181 * Having got the channel number, we now look at
6182 * the request type string to see if it's something
6185 if (c == ssh->mainchan) {
6187 * We recognise "exit-status" and "exit-signal" on
6188 * the primary channel.
6190 if (typelen == 11 &&
6191 !memcmp(type, "exit-status", 11)) {
6193 ssh->exitcode = ssh_pkt_getuint32(pktin);
6194 logeventf(ssh, "Server sent command exit status %d",
6196 reply = SSH2_MSG_CHANNEL_SUCCESS;
6198 } else if (typelen == 11 &&
6199 !memcmp(type, "exit-signal", 11)) {
6201 int is_plausible = TRUE, is_int = FALSE;
6202 char *fmt_sig = "", *fmt_msg = "";
6204 int msglen = 0, core = FALSE;
6205 /* ICK: older versions of OpenSSH (e.g. 3.4p1)
6206 * provide an `int' for the signal, despite its
6207 * having been a `string' in the drafts since at
6208 * least 2001. (Fixed in session.c 1.147.) Try to
6209 * infer which we can safely parse it as. */
6211 unsigned char *p = pktin->body +
6213 long len = pktin->length - pktin->savedpos;
6214 unsigned long num = GET_32BIT(p); /* what is it? */
6215 /* If it's 0, it hardly matters; assume string */
6219 int maybe_int = FALSE, maybe_str = FALSE;
6220 #define CHECK_HYPOTHESIS(offset, result) \
6223 if (q >= 0 && q+4 <= len) { \
6224 q = q + 4 + GET_32BIT(p+q); \
6225 if (q >= 0 && q+4 <= len && \
6226 ((q = q + 4 + GET_32BIT(p+q))!= 0) && q == len) \
6230 CHECK_HYPOTHESIS(4+1, maybe_int);
6231 CHECK_HYPOTHESIS(4+num+1, maybe_str);
6232 #undef CHECK_HYPOTHESIS
6233 if (maybe_int && !maybe_str)
6235 else if (!maybe_int && maybe_str)
6238 /* Crikey. Either or neither. Panic. */
6239 is_plausible = FALSE;
6244 /* Old non-standard OpenSSH. */
6245 int signum = ssh_pkt_getuint32(pktin);
6246 fmt_sig = dupprintf(" %d", signum);
6248 /* As per the drafts. */
6251 ssh_pkt_getstring(pktin, &sig, &siglen);
6252 /* Signal name isn't supposed to be blank, but
6253 * let's cope gracefully if it is. */
6255 fmt_sig = dupprintf(" \"%.*s\"",
6259 core = ssh2_pkt_getbool(pktin);
6260 ssh_pkt_getstring(pktin, &msg, &msglen);
6262 fmt_msg = dupprintf(" (\"%.*s\")", msglen, msg);
6264 /* ignore lang tag */
6265 } /* else don't attempt to parse */
6266 logeventf(ssh, "Server exited on signal%s%s%s",
6267 fmt_sig, core ? " (core dumped)" : "",
6269 if (*fmt_sig) sfree(fmt_sig);
6270 if (*fmt_msg) sfree(fmt_msg);
6271 reply = SSH2_MSG_CHANNEL_SUCCESS;
6276 * This is a channel request we don't know
6277 * about, so we now either ignore the request
6278 * or respond with CHANNEL_FAILURE, depending
6281 reply = SSH2_MSG_CHANNEL_FAILURE;
6284 pktout = ssh2_pkt_init(reply);
6285 ssh2_pkt_adduint32(pktout, c->remoteid);
6286 ssh2_pkt_send(ssh, pktout);
6290 static void ssh2_msg_global_request(Ssh ssh, struct Packet *pktin)
6293 int typelen, want_reply;
6294 struct Packet *pktout;
6296 ssh_pkt_getstring(pktin, &type, &typelen);
6297 want_reply = ssh2_pkt_getbool(pktin);
6300 * We currently don't support any global requests
6301 * at all, so we either ignore the request or
6302 * respond with REQUEST_FAILURE, depending on
6306 pktout = ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
6307 ssh2_pkt_send(ssh, pktout);
6311 static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
6319 struct ssh_channel *c;
6320 unsigned remid, winsize, pktsize;
6321 struct Packet *pktout;
6323 ssh_pkt_getstring(pktin, &type, &typelen);
6324 c = snew(struct ssh_channel);
6327 remid = ssh_pkt_getuint32(pktin);
6328 winsize = ssh_pkt_getuint32(pktin);
6329 pktsize = ssh_pkt_getuint32(pktin);
6331 if (typelen == 3 && !memcmp(type, "x11", 3)) {
6334 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
6335 addrstr = snewn(peeraddrlen+1, char);
6336 memcpy(addrstr, peeraddr, peeraddrlen);
6337 addrstr[peeraddrlen] = '\0';
6338 peerport = ssh_pkt_getuint32(pktin);
6340 logeventf(ssh, "Received X11 connect request from %s:%d",
6343 if (!ssh->X11_fwd_enabled)
6344 error = "X11 forwarding is not enabled";
6345 else if (x11_init(&c->u.x11.s, ssh->cfg.x11_display, c,
6346 ssh->x11auth, addrstr, peerport,
6347 &ssh->cfg) != NULL) {
6348 error = "Unable to open an X11 connection";
6350 logevent("Opening X11 forward connection succeeded");
6355 } else if (typelen == 15 &&
6356 !memcmp(type, "forwarded-tcpip", 15)) {
6357 struct ssh_rportfwd pf, *realpf;
6360 ssh_pkt_getstring(pktin, &dummy, &dummylen);/* skip address */
6361 pf.sport = ssh_pkt_getuint32(pktin);
6362 ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
6363 peerport = ssh_pkt_getuint32(pktin);
6364 realpf = find234(ssh->rportfwds, &pf, NULL);
6365 logeventf(ssh, "Received remote port %d open request "
6366 "from %s:%d", pf.sport, peeraddr, peerport);
6367 if (realpf == NULL) {
6368 error = "Remote port is not recognised";
6370 const char *e = pfd_newconnect(&c->u.pfd.s,
6374 realpf->pfrec->addressfamily);
6375 logeventf(ssh, "Attempting to forward remote port to "
6376 "%s:%d", realpf->dhost, realpf->dport);
6378 logeventf(ssh, "Port open failed: %s", e);
6379 error = "Port open failed";
6381 logevent("Forwarded port opened successfully");
6382 c->type = CHAN_SOCKDATA;
6385 } else if (typelen == 22 &&
6386 !memcmp(type, "auth-agent@openssh.com", 22)) {
6387 if (!ssh->agentfwd_enabled)
6388 error = "Agent forwarding is not enabled";
6390 c->type = CHAN_AGENT; /* identify channel type */
6391 c->u.a.lensofar = 0;
6394 error = "Unsupported channel type requested";
6397 c->remoteid = remid;
6398 c->halfopen = FALSE;
6400 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_FAILURE);
6401 ssh2_pkt_adduint32(pktout, c->remoteid);
6402 ssh2_pkt_adduint32(pktout, SSH2_OPEN_CONNECT_FAILED);
6403 ssh2_pkt_addstring(pktout, error);
6404 ssh2_pkt_addstring(pktout, "en"); /* language tag */
6405 ssh2_pkt_send(ssh, pktout);
6406 logeventf(ssh, "Rejected channel open: %s", error);
6409 c->localid = alloc_channel_id(ssh);
6411 c->v.v2.locwindow = OUR_V2_WINSIZE;
6412 c->v.v2.remwindow = winsize;
6413 c->v.v2.remmaxpkt = pktsize;
6414 bufchain_init(&c->v.v2.outbuffer);
6415 add234(ssh->channels, c);
6416 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
6417 ssh2_pkt_adduint32(pktout, c->remoteid);
6418 ssh2_pkt_adduint32(pktout, c->localid);
6419 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);
6420 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
6421 ssh2_pkt_send(ssh, pktout);
6426 * Buffer banner messages for later display at some convenient point.
6428 static void ssh2_msg_userauth_banner(Ssh ssh, struct Packet *pktin)
6430 /* Arbitrary limit to prevent unbounded inflation of buffer */
6431 if (bufchain_size(&ssh->banner) <= 131072) {
6432 char *banner = NULL;
6434 ssh_pkt_getstring(pktin, &banner, &size);
6436 bufchain_add(&ssh->banner, banner, size);
6440 /* Helper function to deal with sending tty modes for "pty-req" */
6441 static void ssh2_send_ttymode(void *data, char *mode, char *val)
6443 struct Packet *pktout = (struct Packet *)data;
6445 unsigned int arg = 0;
6446 while (strcmp(mode, ssh_ttymodes[i].mode) != 0) i++;
6447 if (i == lenof(ssh_ttymodes)) return;
6448 switch (ssh_ttymodes[i].type) {
6450 arg = ssh_tty_parse_specchar(val);
6453 arg = ssh_tty_parse_boolean(val);
6456 ssh2_pkt_addbyte(pktout, ssh_ttymodes[i].opcode);
6457 ssh2_pkt_adduint32(pktout, arg);
6461 * Handle the SSH-2 userauth and connection layers.
6463 static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
6464 struct Packet *pktin)
6466 struct do_ssh2_authconn_state {
6468 AUTH_INVALID, AUTH_PUBLICKEY_AGENT, AUTH_PUBLICKEY_FILE,
6470 AUTH_KEYBOARD_INTERACTIVE
6474 AUTH_TYPE_PUBLICKEY,
6475 AUTH_TYPE_PUBLICKEY_OFFER_LOUD,
6476 AUTH_TYPE_PUBLICKEY_OFFER_QUIET,
6478 AUTH_TYPE_KEYBOARD_INTERACTIVE,
6479 AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET
6481 int done_service_req;
6482 int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
6483 int tried_pubkey_config, tried_agent;
6484 int kbd_inter_running, kbd_inter_refused;
6486 int num_prompts, curr_prompt, echo;
6491 void *publickey_blob;
6492 int publickey_bloblen;
6493 unsigned char request[5], *response, *p;
6497 char *pkblob, *alg, *commentp;
6498 int pklen, alglen, commentlen;
6499 int siglen, retlen, len;
6500 char *q, *agentreq, *ret;
6502 int num_env, env_left, env_ok;
6503 struct Packet *pktout;
6505 crState(do_ssh2_authconn_state);
6507 crBegin(ssh->do_ssh2_authconn_crstate);
6509 s->done_service_req = FALSE;
6510 s->we_are_in = FALSE;
6511 if (!ssh->cfg.ssh_no_userauth) {
6513 * Request userauth protocol, and await a response to it.
6515 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
6516 ssh2_pkt_addstring(s->pktout, "ssh-userauth");
6517 ssh2_pkt_send(ssh, s->pktout);
6518 crWaitUntilV(pktin);
6519 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT)
6520 s->done_service_req = TRUE;
6522 if (!s->done_service_req) {
6524 * Request connection protocol directly, without authentication.
6526 s->pktout = ssh2_pkt_init(SSH2_MSG_SERVICE_REQUEST);
6527 ssh2_pkt_addstring(s->pktout, "ssh-connection");
6528 ssh2_pkt_send(ssh, s->pktout);
6529 crWaitUntilV(pktin);
6530 if (pktin->type == SSH2_MSG_SERVICE_ACCEPT) {
6531 s->we_are_in = TRUE; /* no auth required */
6533 bombout(("Server refused service request"));
6539 * We repeat this whole loop, including the username prompt,
6540 * until we manage a successful authentication. If the user
6541 * types the wrong _password_, they can be sent back to the
6542 * beginning to try another username, if this is configured on.
6543 * (If they specify a username in the config, they are never
6544 * asked, even if they do give a wrong password.)
6546 * I think this best serves the needs of
6548 * - the people who have no configuration, no keys, and just
6549 * want to try repeated (username,password) pairs until they
6550 * type both correctly
6552 * - people who have keys and configuration but occasionally
6553 * need to fall back to passwords
6555 * - people with a key held in Pageant, who might not have
6556 * logged in to a particular machine before; so they want to
6557 * type a username, and then _either_ their key will be
6558 * accepted, _or_ they will type a password. If they mistype
6559 * the username they will want to be able to get back and
6562 s->username[0] = '\0';
6563 s->got_username = FALSE;
6564 bufchain_init(&ssh->banner);
6565 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] =
6566 ssh2_msg_userauth_banner;
6567 while (!s->we_are_in) {
6571 if (s->got_username && !ssh->cfg.change_username) {
6573 * We got a username last time round this loop, and
6574 * with change_username turned off we don't try to get
6577 } else if (!*ssh->cfg.username) {
6578 if (ssh_get_line && !ssh_getline_pw_only) {
6579 if (!ssh_get_line("login as: ",
6580 s->username, sizeof(s->username), FALSE)) {
6582 * get_line failed to get a username.
6585 ssh_disconnect(ssh, "No username provided", NULL, 0, TRUE);
6589 int ret; /* need not be saved across crReturn */
6590 c_write_str(ssh, "login as: ");
6592 setup_userpass_input(ssh, s->username, sizeof(s->username), 1);
6594 crWaitUntilV(!pktin);
6595 ret = process_userpass_input(ssh, in, inlen);
6599 c_write_str(ssh, "\r\n");
6601 s->username[strcspn(s->username, "\n\r")] = '\0';
6604 strncpy(s->username, ssh->cfg.username, sizeof(s->username));
6605 s->username[sizeof(s->username)-1] = '\0';
6606 if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
6607 stuff = dupprintf("Using username \"%s\".\r\n", s->username);
6608 c_write_str(ssh, stuff);
6612 s->got_username = TRUE;
6615 * Send an authentication request using method "none": (a)
6616 * just in case it succeeds, and (b) so that we know what
6617 * authentication methods we can usefully try next.
6619 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
6621 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
6622 ssh2_pkt_addstring(s->pktout, s->username);
6623 ssh2_pkt_addstring(s->pktout, "ssh-connection");/* service requested */
6624 ssh2_pkt_addstring(s->pktout, "none"); /* method */
6625 ssh2_pkt_send(ssh, s->pktout);
6626 s->type = AUTH_TYPE_NONE;
6628 s->we_are_in = FALSE;
6630 s->tried_pubkey_config = FALSE;
6631 s->tried_agent = FALSE;
6632 s->kbd_inter_running = FALSE;
6633 s->kbd_inter_refused = FALSE;
6634 /* Load the pub half of ssh->cfg.keyfile so we notice if it's in Pageant */
6635 if (!filename_is_null(ssh->cfg.keyfile)) {
6637 logeventf(ssh, "Reading private key file \"%.150s\"",
6638 filename_to_str(&ssh->cfg.keyfile));
6639 keytype = key_type(&ssh->cfg.keyfile);
6640 if (keytype == SSH_KEYTYPE_SSH2) {
6642 ssh2_userkey_loadpub(&ssh->cfg.keyfile, NULL,
6643 &s->publickey_bloblen, NULL);
6646 logeventf(ssh, "Unable to use this key file (%s)",
6647 key_type_to_str(keytype));
6648 msgbuf = dupprintf("Unable to use key file \"%.150s\""
6650 filename_to_str(&ssh->cfg.keyfile),
6651 key_type_to_str(keytype));
6652 c_write_str(ssh, msgbuf);
6654 s->publickey_blob = NULL;
6657 s->publickey_blob = NULL;
6661 * Wait for the result of the last authentication request.
6664 crWaitUntilV(pktin);
6666 * Now is a convenient point to spew any banner material
6667 * that we've accumulated. (This should ensure that when
6668 * we exit the auth loop, we haven't any left to deal
6672 int size = bufchain_size(&ssh->banner);
6674 * Don't show the banner if we're operating in
6675 * non-verbose non-interactive mode. (It's probably
6676 * a script, which means nobody will read the
6677 * banner _anyway_, and moreover the printing of
6678 * the banner will screw up processing on the
6679 * output of (say) plink.)
6681 if (size && (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE))) {
6682 char *banner = snewn(size, char);
6683 bufchain_fetch(&ssh->banner, banner, size);
6684 c_write_untrusted(ssh, banner, size);
6687 bufchain_clear(&ssh->banner);
6689 if (pktin->type == SSH2_MSG_USERAUTH_SUCCESS) {
6690 logevent("Access granted");
6691 s->we_are_in = TRUE;
6695 if (s->kbd_inter_running &&
6696 pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
6698 * This is either a further set-of-prompts packet
6699 * in keyboard-interactive authentication, or it's
6700 * the same one and we came back here with `gotit'
6701 * set. In the former case, we must reset the
6702 * curr_prompt variable.
6706 } else if (pktin->type == SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ) {
6707 /* FIXME: perhaps we should support this? */
6708 bombout(("PASSWD_CHANGEREQ not yet supported"));
6710 } else if (pktin->type != SSH2_MSG_USERAUTH_FAILURE) {
6711 bombout(("Strange packet received during authentication: type %d",
6719 * OK, we're now sitting on a USERAUTH_FAILURE message, so
6720 * we can look at the string in it and know what we can
6721 * helpfully try next.
6723 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
6726 ssh_pkt_getstring(pktin, &methods, &methlen);
6727 s->kbd_inter_running = FALSE;
6728 if (!ssh2_pkt_getbool(pktin)) {
6730 * We have received an unequivocal Access
6731 * Denied. This can translate to a variety of
6734 * - if we'd just tried "none" authentication,
6735 * it's not worth printing anything at all
6737 * - if we'd just tried a public key _offer_,
6738 * the message should be "Server refused our
6739 * key" (or no message at all if the key
6740 * came from Pageant)
6742 * - if we'd just tried anything else, the
6743 * message really should be "Access denied".
6745 * Additionally, if we'd just tried password
6746 * authentication, we should break out of this
6747 * whole loop so as to go back to the username
6748 * prompt (iff we're configured to allow
6749 * username change attempts).
6751 if (s->type == AUTH_TYPE_NONE) {
6753 } else if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD ||
6754 s->type == AUTH_TYPE_PUBLICKEY_OFFER_QUIET) {
6755 if (s->type == AUTH_TYPE_PUBLICKEY_OFFER_LOUD)
6756 c_write_str(ssh, "Server refused our key\r\n");
6757 logevent("Server refused public key");
6758 } else if (s->type==AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET) {
6759 /* server declined keyboard-interactive; ignore */
6761 c_write_str(ssh, "Access denied\r\n");
6762 logevent("Access denied");
6763 if (s->type == AUTH_TYPE_PASSWORD &&
6764 ssh->cfg.change_username) {
6765 /* XXX perhaps we should allow
6766 * keyboard-interactive to do this too? */
6767 s->we_are_in = FALSE;
6772 c_write_str(ssh, "Further authentication required\r\n");
6773 logevent("Further authentication required");
6777 in_commasep_string("publickey", methods, methlen);
6779 in_commasep_string("password", methods, methlen);
6780 s->can_keyb_inter = ssh->cfg.try_ki_auth &&
6781 in_commasep_string("keyboard-interactive", methods, methlen);
6785 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
6789 * Most password/passphrase prompts will be
6790 * non-echoing, so we set this to 0 by default.
6791 * Exception is that some keyboard-interactive prompts
6792 * can be echoing, in which case we'll set this to 1.
6796 if (!s->method && s->can_pubkey &&
6797 agent_exists() && !s->tried_agent) {
6799 * Attempt public-key authentication using Pageant.
6804 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
6805 ssh->pkt_ctx |= SSH2_PKTCTX_PUBLICKEY;
6807 s->tried_agent = TRUE;
6809 logevent("Pageant is running. Requesting keys.");
6811 /* Request the keys held by the agent. */
6812 PUT_32BIT(s->request, 1);
6813 s->request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
6814 if (!agent_query(s->request, 5, &r, &s->responselen,
6815 ssh_agent_callback, ssh)) {
6819 bombout(("Unexpected data from server while"
6820 " waiting for agent response"));
6823 } while (pktin || inlen > 0);
6824 r = ssh->agent_response;
6825 s->responselen = ssh->agent_response_len;
6827 s->response = (unsigned char *) r;
6828 if (s->response && s->responselen >= 5 &&
6829 s->response[4] == SSH2_AGENT_IDENTITIES_ANSWER) {
6830 s->p = s->response + 5;
6831 s->nkeys = GET_32BIT(s->p);
6833 logeventf(ssh, "Pageant has %d SSH-2 keys", s->nkeys);
6834 for (s->keyi = 0; s->keyi < s->nkeys; s->keyi++) {
6837 logeventf(ssh, "Trying Pageant key #%d", s->keyi);
6838 s->pklen = GET_32BIT(s->p);
6840 if (s->publickey_blob &&
6841 s->pklen == s->publickey_bloblen &&
6842 !memcmp(s->p, s->publickey_blob,
6843 s->publickey_bloblen)) {
6844 logevent("This key matches configured key file");
6845 s->tried_pubkey_config = 1;
6847 s->pkblob = (char *)s->p;
6849 s->alglen = GET_32BIT(s->pkblob);
6850 s->alg = s->pkblob + 4;
6851 s->commentlen = GET_32BIT(s->p);
6853 s->commentp = (char *)s->p;
6854 s->p += s->commentlen;
6855 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
6856 ssh2_pkt_addstring(s->pktout, s->username);
6857 ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
6858 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
6859 ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
6860 ssh2_pkt_addstring_start(s->pktout);
6861 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
6862 ssh2_pkt_addstring_start(s->pktout);
6863 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
6864 ssh2_pkt_send(ssh, s->pktout);
6866 crWaitUntilV(pktin);
6867 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
6868 logevent("Key refused");
6872 if (flags & FLAG_VERBOSE) {
6873 c_write_str(ssh, "Authenticating with "
6875 c_write(ssh, s->commentp, s->commentlen);
6876 c_write_str(ssh, "\" from agent\r\n");
6880 * Server is willing to accept the key.
6881 * Construct a SIGN_REQUEST.
6883 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
6884 ssh2_pkt_addstring(s->pktout, s->username);
6885 ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
6886 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
6887 ssh2_pkt_addbool(s->pktout, TRUE);
6888 ssh2_pkt_addstring_start(s->pktout);
6889 ssh2_pkt_addstring_data(s->pktout, s->alg, s->alglen);
6890 ssh2_pkt_addstring_start(s->pktout);
6891 ssh2_pkt_addstring_data(s->pktout, s->pkblob, s->pklen);
6893 s->siglen = s->pktout->length - 5 + 4 +
6894 ssh->v2_session_id_len;
6895 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
6897 s->len = 1; /* message type */
6898 s->len += 4 + s->pklen; /* key blob */
6899 s->len += 4 + s->siglen; /* data to sign */
6900 s->len += 4; /* flags */
6901 s->agentreq = snewn(4 + s->len, char);
6902 PUT_32BIT(s->agentreq, s->len);
6903 s->q = s->agentreq + 4;
6904 *s->q++ = SSH2_AGENTC_SIGN_REQUEST;
6905 PUT_32BIT(s->q, s->pklen);
6907 memcpy(s->q, s->pkblob, s->pklen);
6909 PUT_32BIT(s->q, s->siglen);
6911 /* Now the data to be signed... */
6912 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
6913 PUT_32BIT(s->q, ssh->v2_session_id_len);
6916 memcpy(s->q, ssh->v2_session_id,
6917 ssh->v2_session_id_len);
6918 s->q += ssh->v2_session_id_len;
6919 memcpy(s->q, s->pktout->data + 5,
6920 s->pktout->length - 5);
6921 s->q += s->pktout->length - 5;
6922 /* And finally the (zero) flags word. */
6924 if (!agent_query(s->agentreq, s->len + 4,
6926 ssh_agent_callback, ssh)) {
6930 bombout(("Unexpected data from server"
6931 " while waiting for agent"
6935 } while (pktin || inlen > 0);
6936 vret = ssh->agent_response;
6937 s->retlen = ssh->agent_response_len;
6942 if (s->ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
6943 logevent("Sending Pageant's response");
6944 ssh2_add_sigblob(ssh, s->pktout,
6945 s->pkblob, s->pklen,
6947 GET_32BIT(s->ret + 5));
6948 ssh2_pkt_send(ssh, s->pktout);
6953 ("Pageant failed to answer challenge");
6964 if (!s->method && s->can_pubkey && s->publickey_blob
6965 && !s->tried_pubkey_config) {
6966 unsigned char *pub_blob;
6967 char *algorithm, *comment;
6970 s->tried_pubkey_config = TRUE;
6972 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
6973 ssh->pkt_ctx |= SSH2_PKTCTX_PUBLICKEY;
6976 * Try the public key supplied in the configuration.
6978 * First, offer the public blob to see if the server is
6979 * willing to accept it.
6982 (unsigned char *)ssh2_userkey_loadpub(&ssh->cfg.keyfile,
6987 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
6988 ssh2_pkt_addstring(s->pktout, s->username);
6989 ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
6990 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
6991 ssh2_pkt_addbool(s->pktout, FALSE); /* no signature included */
6992 ssh2_pkt_addstring(s->pktout, algorithm);
6993 ssh2_pkt_addstring_start(s->pktout);
6994 ssh2_pkt_addstring_data(s->pktout, (char *)pub_blob,
6996 ssh2_pkt_send(ssh, s->pktout);
6997 logevent("Offered public key");
6999 crWaitUntilV(pktin);
7000 if (pktin->type != SSH2_MSG_USERAUTH_PK_OK) {
7002 s->type = AUTH_TYPE_PUBLICKEY_OFFER_LOUD;
7003 continue; /* key refused; give up on it */
7006 logevent("Offer of public key accepted");
7008 * Actually attempt a serious authentication using
7011 if (ssh2_userkey_encrypted(&ssh->cfg.keyfile, &comment)) {
7012 sprintf(s->pwprompt,
7013 "Passphrase for key \"%.100s\": ",
7019 if (flags & FLAG_VERBOSE) {
7020 c_write_str(ssh, "Authenticating with public key \"");
7021 c_write_str(ssh, comment);
7022 c_write_str(ssh, "\"\r\n");
7024 s->method = AUTH_PUBLICKEY_FILE;
7028 if (!s->method && s->can_keyb_inter && !s->kbd_inter_refused &&
7029 !s->kbd_inter_running) {
7030 s->method = AUTH_KEYBOARD_INTERACTIVE;
7031 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
7033 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
7034 ssh->pkt_ctx |= SSH2_PKTCTX_KBDINTER;
7036 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7037 ssh2_pkt_addstring(s->pktout, s->username);
7038 ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
7039 ssh2_pkt_addstring(s->pktout, "keyboard-interactive"); /* method */
7040 ssh2_pkt_addstring(s->pktout, ""); /* lang */
7041 ssh2_pkt_addstring(s->pktout, "");
7042 ssh2_pkt_send(ssh, s->pktout);
7044 crWaitUntilV(pktin);
7045 if (pktin->type != SSH2_MSG_USERAUTH_INFO_REQUEST) {
7046 if (pktin->type == SSH2_MSG_USERAUTH_FAILURE)
7048 logevent("Keyboard-interactive authentication refused");
7049 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE_QUIET;
7050 s->kbd_inter_refused = TRUE; /* don't try it again */
7054 c_write_str(ssh, "Using keyboard-interactive authentication.\r\n");
7055 s->kbd_inter_running = TRUE;
7059 if (s->kbd_inter_running) {
7060 s->method = AUTH_KEYBOARD_INTERACTIVE;
7061 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
7063 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
7064 ssh->pkt_ctx |= SSH2_PKTCTX_KBDINTER;
7066 if (s->curr_prompt == 0) {
7068 * We've got a fresh USERAUTH_INFO_REQUEST.
7069 * Display header data, and start going through
7072 char *name, *inst, *lang;
7073 int name_len, inst_len, lang_len;
7075 ssh_pkt_getstring(pktin, &name, &name_len);
7076 ssh_pkt_getstring(pktin, &inst, &inst_len);
7077 ssh_pkt_getstring(pktin, &lang, &lang_len);
7079 c_write_untrusted(ssh, name, name_len);
7080 c_write_str(ssh, "\r\n");
7083 c_write_untrusted(ssh, inst, inst_len);
7084 c_write_str(ssh, "\r\n");
7086 s->num_prompts = ssh_pkt_getuint32(pktin);
7090 * If there are prompts remaining in the packet,
7091 * display one and get a response.
7093 if (s->curr_prompt < s->num_prompts) {
7097 ssh_pkt_getstring(pktin, &prompt, &prompt_len);
7098 if (prompt_len > 0) {
7099 static const char trunc[] = "<prompt truncated>: ";
7100 static const int prlen = sizeof(s->pwprompt) -
7102 if (prompt_len > prlen) {
7103 memcpy(s->pwprompt, prompt, prlen);
7104 strcpy(s->pwprompt + prlen, trunc);
7106 memcpy(s->pwprompt, prompt, prompt_len);
7107 s->pwprompt[prompt_len] = '\0';
7111 "<server failed to send prompt>: ");
7113 s->echo = ssh2_pkt_getbool(pktin);
7119 if (!s->method && s->can_passwd) {
7120 s->method = AUTH_PASSWORD;
7121 ssh->pkt_ctx &= ~SSH2_PKTCTX_AUTH_MASK;
7122 ssh->pkt_ctx |= SSH2_PKTCTX_PASSWORD;
7123 sprintf(s->pwprompt, "%.90s@%.90s's password: ", s->username,
7130 if (!ssh_get_line(s->pwprompt, s->password,
7131 sizeof(s->password), TRUE)) {
7133 * get_line failed to get a password (for
7134 * example because one was supplied on the
7135 * command line which has already failed to
7138 ssh_disconnect(ssh, NULL, "Unable to authenticate",
7139 SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER,
7144 int ret; /* need not be saved across crReturn */
7145 c_write_untrusted(ssh, s->pwprompt, strlen(s->pwprompt));
7148 setup_userpass_input(ssh, s->password,
7149 sizeof(s->password), s->echo);
7151 crWaitUntilV(!pktin);
7152 ret = process_userpass_input(ssh, in, inlen);
7156 c_write_str(ssh, "\r\n");
7160 if (s->method == AUTH_PUBLICKEY_FILE) {
7162 * We have our passphrase. Now try the actual authentication.
7164 struct ssh2_userkey *key;
7165 const char *error = NULL;
7167 key = ssh2_load_userkey(&ssh->cfg.keyfile, s->password,
7169 if (key == SSH2_WRONG_PASSPHRASE || key == NULL) {
7170 if (key == SSH2_WRONG_PASSPHRASE) {
7171 c_write_str(ssh, "Wrong passphrase\r\n");
7172 s->tried_pubkey_config = FALSE;
7174 c_write_str(ssh, "Unable to load private key (");
7175 c_write_str(ssh, error);
7176 c_write_str(ssh, ")\r\n");
7177 s->tried_pubkey_config = TRUE;
7179 /* Send a spurious AUTH_NONE to return to the top. */
7180 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7181 ssh2_pkt_addstring(s->pktout, s->username);
7182 ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
7183 ssh2_pkt_addstring(s->pktout, "none"); /* method */
7184 ssh2_pkt_send(ssh, s->pktout);
7185 s->type = AUTH_TYPE_NONE;
7187 unsigned char *pkblob, *sigblob, *sigdata;
7188 int pkblob_len, sigblob_len, sigdata_len;
7192 * We have loaded the private key and the server
7193 * has announced that it's willing to accept it.
7194 * Hallelujah. Generate a signature and send it.
7196 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7197 ssh2_pkt_addstring(s->pktout, s->username);
7198 ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
7199 ssh2_pkt_addstring(s->pktout, "publickey"); /* method */
7200 ssh2_pkt_addbool(s->pktout, TRUE);
7201 ssh2_pkt_addstring(s->pktout, key->alg->name);
7202 pkblob = key->alg->public_blob(key->data, &pkblob_len);
7203 ssh2_pkt_addstring_start(s->pktout);
7204 ssh2_pkt_addstring_data(s->pktout, (char *)pkblob, pkblob_len);
7207 * The data to be signed is:
7211 * followed by everything so far placed in the
7214 sigdata_len = s->pktout->length - 5 + 4 +
7215 ssh->v2_session_id_len;
7216 if (ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)
7218 sigdata = snewn(sigdata_len, unsigned char);
7220 if (!(ssh->remote_bugs & BUG_SSH2_PK_SESSIONID)) {
7221 PUT_32BIT(sigdata+p, ssh->v2_session_id_len);
7224 memcpy(sigdata+p, ssh->v2_session_id,
7225 ssh->v2_session_id_len);
7226 p += ssh->v2_session_id_len;
7227 memcpy(sigdata+p, s->pktout->data + 5,
7228 s->pktout->length - 5);
7229 p += s->pktout->length - 5;
7230 assert(p == sigdata_len);
7231 sigblob = key->alg->sign(key->data, (char *)sigdata,
7232 sigdata_len, &sigblob_len);
7233 ssh2_add_sigblob(ssh, s->pktout, pkblob, pkblob_len,
7234 sigblob, sigblob_len);
7239 ssh2_pkt_send(ssh, s->pktout);
7240 s->type = AUTH_TYPE_PUBLICKEY;
7241 key->alg->freekey(key->data);
7243 } else if (s->method == AUTH_PASSWORD) {
7245 * We pad out the password packet to 256 bytes to make
7246 * it harder for an attacker to find the length of the
7249 * Anyone using a password longer than 256 bytes
7250 * probably doesn't have much to worry about from
7251 * people who find out how long their password is!
7253 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
7254 s->pktout->forcepad = 256;
7255 ssh2_pkt_addstring(s->pktout, s->username);
7256 ssh2_pkt_addstring(s->pktout, "ssh-connection"); /* service requested */
7257 ssh2_pkt_addstring(s->pktout, "password");
7258 ssh2_pkt_addbool(s->pktout, FALSE);
7259 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
7260 ssh2_pkt_addstring(s->pktout, s->password);
7261 memset(s->password, 0, sizeof(s->password));
7262 end_log_omission(ssh, s->pktout);
7263 ssh2_pkt_send(ssh, s->pktout);
7264 logevent("Sent password");
7265 s->type = AUTH_TYPE_PASSWORD;
7266 } else if (s->method == AUTH_KEYBOARD_INTERACTIVE) {
7267 if (s->curr_prompt == 0) {
7268 s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_INFO_RESPONSE);
7269 s->pktout->forcepad = 256;
7270 ssh2_pkt_adduint32(s->pktout, s->num_prompts);
7272 if (s->need_pw) { /* only add pw if we just got one! */
7273 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
7274 ssh2_pkt_addstring(s->pktout, s->password);
7275 memset(s->password, 0, sizeof(s->password));
7276 end_log_omission(ssh, s->pktout);
7279 if (s->curr_prompt >= s->num_prompts) {
7280 ssh2_pkt_send(ssh, s->pktout);
7283 * If there are prompts remaining, we set
7284 * `gotit' so that we won't attempt to get
7285 * another packet. Then we go back round the
7286 * loop and will end up retrieving another
7287 * prompt out of the existing packet. Funky or
7292 s->type = AUTH_TYPE_KEYBOARD_INTERACTIVE;
7294 ssh_disconnect(ssh, NULL,
7295 "No supported authentication methods available",
7296 SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,
7302 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
7305 * Now the connection protocol has started, one way or another.
7308 ssh->channels = newtree234(ssh_channelcmp);
7311 * Set up handlers for some connection protocol messages, so we
7312 * don't have to handle them repeatedly in this coroutine.
7314 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] =
7315 ssh2_msg_channel_window_adjust;
7316 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] =
7317 ssh2_msg_global_request;
7320 * Create the main session channel.
7322 if (!ssh->cfg.ssh_no_shell) {
7323 ssh->mainchan = snew(struct ssh_channel);
7324 ssh->mainchan->ssh = ssh;
7325 ssh->mainchan->localid = alloc_channel_id(ssh);
7326 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
7327 ssh2_pkt_addstring(s->pktout, "session");
7328 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->localid);
7329 ssh->mainchan->v.v2.locwindow = OUR_V2_WINSIZE;
7330 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->v.v2.locwindow);/* our window size */
7331 ssh2_pkt_adduint32(s->pktout, OUR_V2_MAXPKT); /* our max pkt size */
7332 ssh2_pkt_send(ssh, s->pktout);
7333 crWaitUntilV(pktin);
7334 if (pktin->type != SSH2_MSG_CHANNEL_OPEN_CONFIRMATION) {
7335 bombout(("Server refused to open a session"));
7337 /* FIXME: error data comes back in FAILURE packet */
7339 if (ssh_pkt_getuint32(pktin) != ssh->mainchan->localid) {
7340 bombout(("Server's channel confirmation cited wrong channel"));
7343 ssh->mainchan->remoteid = ssh_pkt_getuint32(pktin);
7344 ssh->mainchan->halfopen = FALSE;
7345 ssh->mainchan->type = CHAN_MAINSESSION;
7346 ssh->mainchan->closes = 0;
7347 ssh->mainchan->v.v2.remwindow = ssh_pkt_getuint32(pktin);
7348 ssh->mainchan->v.v2.remmaxpkt = ssh_pkt_getuint32(pktin);
7349 bufchain_init(&ssh->mainchan->v.v2.outbuffer);
7350 add234(ssh->channels, ssh->mainchan);
7351 update_specials_menu(ssh->frontend);
7352 logevent("Opened channel for session");
7354 ssh->mainchan = NULL;
7357 * Now we have a channel, make dispatch table entries for
7358 * general channel-based messages.
7360 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] =
7361 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] =
7362 ssh2_msg_channel_data;
7363 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = ssh2_msg_channel_eof;
7364 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = ssh2_msg_channel_close;
7365 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] =
7366 ssh2_msg_channel_open_confirmation;
7367 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] =
7368 ssh2_msg_channel_open_failure;
7369 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] =
7370 ssh2_msg_channel_request;
7371 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] =
7372 ssh2_msg_channel_open;
7375 * Potentially enable X11 forwarding.
7377 if (ssh->mainchan && ssh->cfg.x11_forward) {
7378 char proto[20], data[64];
7379 logevent("Requesting X11 forwarding");
7380 ssh->x11auth = x11_invent_auth(proto, sizeof(proto),
7381 data, sizeof(data), ssh->cfg.x11_auth);
7382 x11_get_real_auth(ssh->x11auth, ssh->cfg.x11_display);
7383 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
7384 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
7385 ssh2_pkt_addstring(s->pktout, "x11-req");
7386 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7387 ssh2_pkt_addbool(s->pktout, 0); /* many connections */
7388 ssh2_pkt_addstring(s->pktout, proto);
7390 * Note that while we blank the X authentication data here, we don't
7391 * take any special action to blank the start of an X11 channel,
7392 * so using MIT-MAGIC-COOKIE-1 and actually opening an X connection
7393 * without having session blanking enabled is likely to leak your
7394 * cookie into the log.
7396 dont_log_password(ssh, s->pktout, PKTLOG_BLANK);
7397 ssh2_pkt_addstring(s->pktout, data);
7398 end_log_omission(ssh, s->pktout);
7399 ssh2_pkt_adduint32(s->pktout, x11_get_screen_number(ssh->cfg.x11_display));
7400 ssh2_pkt_send(ssh, s->pktout);
7402 crWaitUntilV(pktin);
7404 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
7405 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
7406 bombout(("Unexpected response to X11 forwarding request:"
7407 " packet type %d", pktin->type));
7410 logevent("X11 forwarding refused");
7412 logevent("X11 forwarding enabled");
7413 ssh->X11_fwd_enabled = TRUE;
7418 * Enable port forwardings.
7420 ssh_setup_portfwd(ssh, &ssh->cfg);
7423 * Potentially enable agent forwarding.
7425 if (ssh->mainchan && ssh->cfg.agentfwd && agent_exists()) {
7426 logevent("Requesting OpenSSH-style agent forwarding");
7427 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
7428 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
7429 ssh2_pkt_addstring(s->pktout, "auth-agent-req@openssh.com");
7430 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7431 ssh2_pkt_send(ssh, s->pktout);
7433 crWaitUntilV(pktin);
7435 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
7436 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
7437 bombout(("Unexpected response to agent forwarding request:"
7438 " packet type %d", pktin->type));
7441 logevent("Agent forwarding refused");
7443 logevent("Agent forwarding enabled");
7444 ssh->agentfwd_enabled = TRUE;
7449 * Now allocate a pty for the session.
7451 if (ssh->mainchan && !ssh->cfg.nopty) {
7452 /* Unpick the terminal-speed string. */
7453 /* XXX perhaps we should allow no speeds to be sent. */
7454 ssh->ospeed = 38400; ssh->ispeed = 38400; /* last-resort defaults */
7455 sscanf(ssh->cfg.termspeed, "%d,%d", &ssh->ospeed, &ssh->ispeed);
7456 /* Build the pty request. */
7457 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
7458 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
7459 ssh2_pkt_addstring(s->pktout, "pty-req");
7460 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7461 ssh2_pkt_addstring(s->pktout, ssh->cfg.termtype);
7462 ssh2_pkt_adduint32(s->pktout, ssh->term_width);
7463 ssh2_pkt_adduint32(s->pktout, ssh->term_height);
7464 ssh2_pkt_adduint32(s->pktout, 0); /* pixel width */
7465 ssh2_pkt_adduint32(s->pktout, 0); /* pixel height */
7466 ssh2_pkt_addstring_start(s->pktout);
7467 parse_ttymodes(ssh, ssh->cfg.ttymodes,
7468 ssh2_send_ttymode, (void *)s->pktout);
7469 ssh2_pkt_addbyte(s->pktout, SSH2_TTY_OP_ISPEED);
7470 ssh2_pkt_adduint32(s->pktout, ssh->ispeed);
7471 ssh2_pkt_addbyte(s->pktout, SSH2_TTY_OP_OSPEED);
7472 ssh2_pkt_adduint32(s->pktout, ssh->ospeed);
7473 ssh2_pkt_addstring_data(s->pktout, "\0", 1); /* TTY_OP_END */
7474 ssh2_pkt_send(ssh, s->pktout);
7475 ssh->state = SSH_STATE_INTERMED;
7477 crWaitUntilV(pktin);
7479 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
7480 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
7481 bombout(("Unexpected response to pty request:"
7482 " packet type %d", pktin->type));
7485 c_write_str(ssh, "Server refused to allocate pty\r\n");
7486 ssh->editing = ssh->echoing = 1;
7488 logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)",
7489 ssh->ospeed, ssh->ispeed);
7492 ssh->editing = ssh->echoing = 1;
7496 * Send environment variables.
7498 * Simplest thing here is to send all the requests at once, and
7499 * then wait for a whole bunch of successes or failures.
7501 if (ssh->mainchan && *ssh->cfg.environmt) {
7502 char *e = ssh->cfg.environmt;
7503 char *var, *varend, *val;
7509 while (*e && *e != '\t') e++;
7511 if (*e == '\t') e++;
7516 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
7517 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
7518 ssh2_pkt_addstring(s->pktout, "env");
7519 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7520 ssh2_pkt_addstring_start(s->pktout);
7521 ssh2_pkt_addstring_data(s->pktout, var, varend-var);
7522 ssh2_pkt_addstring(s->pktout, val);
7523 ssh2_pkt_send(ssh, s->pktout);
7528 logeventf(ssh, "Sent %d environment variables", s->num_env);
7531 s->env_left = s->num_env;
7533 while (s->env_left > 0) {
7534 crWaitUntilV(pktin);
7536 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
7537 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
7538 bombout(("Unexpected response to environment request:"
7539 " packet type %d", pktin->type));
7549 if (s->env_ok == s->num_env) {
7550 logevent("All environment variables successfully set");
7551 } else if (s->env_ok == 0) {
7552 logevent("All environment variables refused");
7553 c_write_str(ssh, "Server refused to set environment variables\r\n");
7555 logeventf(ssh, "%d environment variables refused",
7556 s->num_env - s->env_ok);
7557 c_write_str(ssh, "Server refused to set all environment variables\r\n");
7562 * Start a shell or a remote command. We may have to attempt
7563 * this twice if the config data has provided a second choice
7566 if (ssh->mainchan) while (1) {
7570 if (ssh->fallback_cmd) {
7571 subsys = ssh->cfg.ssh_subsys2;
7572 cmd = ssh->cfg.remote_cmd_ptr2;
7574 subsys = ssh->cfg.ssh_subsys;
7575 cmd = ssh->cfg.remote_cmd_ptr;
7576 if (!cmd) cmd = ssh->cfg.remote_cmd;
7579 s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
7580 ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid); /* recipient channel */
7582 ssh2_pkt_addstring(s->pktout, "subsystem");
7583 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7584 ssh2_pkt_addstring(s->pktout, cmd);
7586 ssh2_pkt_addstring(s->pktout, "exec");
7587 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7588 ssh2_pkt_addstring(s->pktout, cmd);
7590 ssh2_pkt_addstring(s->pktout, "shell");
7591 ssh2_pkt_addbool(s->pktout, 1); /* want reply */
7593 ssh2_pkt_send(ssh, s->pktout);
7595 crWaitUntilV(pktin);
7597 if (pktin->type != SSH2_MSG_CHANNEL_SUCCESS) {
7598 if (pktin->type != SSH2_MSG_CHANNEL_FAILURE) {
7599 bombout(("Unexpected response to shell/command request:"
7600 " packet type %d", pktin->type));
7604 * We failed to start the command. If this is the
7605 * fallback command, we really are finished; if it's
7606 * not, and if the fallback command exists, try falling
7607 * back to it before complaining.
7609 if (!ssh->fallback_cmd && ssh->cfg.remote_cmd_ptr2 != NULL) {
7610 logevent("Primary command failed; attempting fallback");
7611 ssh->fallback_cmd = TRUE;
7614 bombout(("Server refused to start a shell/command"));
7617 logevent("Started a shell/command");
7622 ssh->state = SSH_STATE_SESSION;
7623 if (ssh->size_needed)
7624 ssh_size(ssh, ssh->term_width, ssh->term_height);
7625 if (ssh->eof_needed)
7626 ssh_special(ssh, TS_EOF);
7632 ldisc_send(ssh->ldisc, NULL, 0, 0);/* cause ldisc to notice changes */
7637 s->try_send = FALSE;
7641 * _All_ the connection-layer packets we expect to
7642 * receive are now handled by the dispatch table.
7643 * Anything that reaches here must be bogus.
7646 bombout(("Strange packet received: type %d", pktin->type));
7648 } else if (ssh->mainchan) {
7650 * We have spare data. Add it to the channel buffer.
7652 ssh2_add_channel_data(ssh->mainchan, (char *)in, inlen);
7657 struct ssh_channel *c;
7659 * Try to send data on all channels if we can.
7661 for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
7662 ssh2_try_send_and_unthrottle(c);
7670 * Handlers for SSH-2 messages that might arrive at any moment.
7672 static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
7674 /* log reason code in disconnect message */
7676 int nowlen, reason, msglen;
7678 reason = ssh_pkt_getuint32(pktin);
7679 ssh_pkt_getstring(pktin, &msg, &msglen);
7681 if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
7682 buf = dupprintf("Received disconnect message (%s)",
7683 ssh2_disconnect_reasons[reason]);
7685 buf = dupprintf("Received disconnect message (unknown"
7686 " type %d)", reason);
7690 buf = dupprintf("Disconnection message text: %n%.*s",
7691 &nowlen, msglen, msg);
7693 bombout(("Server sent disconnect message\ntype %d (%s):\n\"%s\"",
7695 (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
7696 ssh2_disconnect_reasons[reason] : "unknown",
7701 static void ssh2_msg_debug(Ssh ssh, struct Packet *pktin)
7703 /* log the debug message */
7708 /* XXX maybe we should actually take notice of this */
7709 always_display = ssh2_pkt_getbool(pktin);
7710 ssh_pkt_getstring(pktin, &msg, &msglen);
7712 logeventf(ssh, "Remote debug message: %.*s", msglen, msg);
7715 static void ssh2_msg_something_unimplemented(Ssh ssh, struct Packet *pktin)
7717 struct Packet *pktout;
7718 pktout = ssh2_pkt_init(SSH2_MSG_UNIMPLEMENTED);
7719 ssh2_pkt_adduint32(pktout, pktin->sequence);
7721 * UNIMPLEMENTED messages MUST appear in the same order as the
7722 * messages they respond to. Hence, never queue them.
7724 ssh2_pkt_send_noqueue(ssh, pktout);
7728 * Handle the top-level SSH-2 protocol.
7730 static void ssh2_protocol_setup(Ssh ssh)
7735 * Most messages cause SSH2_MSG_UNIMPLEMENTED.
7737 for (i = 0; i < 256; i++)
7738 ssh->packet_dispatch[i] = ssh2_msg_something_unimplemented;
7741 * Any message we actually understand, we set to NULL so that
7742 * the coroutines will get it.
7744 ssh->packet_dispatch[SSH2_MSG_UNIMPLEMENTED] = NULL;
7745 ssh->packet_dispatch[SSH2_MSG_SERVICE_REQUEST] = NULL;
7746 ssh->packet_dispatch[SSH2_MSG_SERVICE_ACCEPT] = NULL;
7747 ssh->packet_dispatch[SSH2_MSG_KEXINIT] = NULL;
7748 ssh->packet_dispatch[SSH2_MSG_NEWKEYS] = NULL;
7749 ssh->packet_dispatch[SSH2_MSG_KEXDH_INIT] = NULL;
7750 ssh->packet_dispatch[SSH2_MSG_KEXDH_REPLY] = NULL;
7751 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REQUEST] = NULL; duplicate case value */
7752 /* ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_GROUP] = NULL; duplicate case value */
7753 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_INIT] = NULL;
7754 ssh->packet_dispatch[SSH2_MSG_KEX_DH_GEX_REPLY] = NULL;
7755 ssh->packet_dispatch[SSH2_MSG_USERAUTH_REQUEST] = NULL;
7756 ssh->packet_dispatch[SSH2_MSG_USERAUTH_FAILURE] = NULL;
7757 ssh->packet_dispatch[SSH2_MSG_USERAUTH_SUCCESS] = NULL;
7758 ssh->packet_dispatch[SSH2_MSG_USERAUTH_BANNER] = NULL;
7759 ssh->packet_dispatch[SSH2_MSG_USERAUTH_PK_OK] = NULL;
7760 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ] = NULL; duplicate case value */
7761 /* ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_REQUEST] = NULL; duplicate case value */
7762 ssh->packet_dispatch[SSH2_MSG_USERAUTH_INFO_RESPONSE] = NULL;
7763 ssh->packet_dispatch[SSH2_MSG_GLOBAL_REQUEST] = NULL;
7764 ssh->packet_dispatch[SSH2_MSG_REQUEST_SUCCESS] = NULL;
7765 ssh->packet_dispatch[SSH2_MSG_REQUEST_FAILURE] = NULL;
7766 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] = NULL;
7767 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_CONFIRMATION] = NULL;
7768 ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN_FAILURE] = NULL;
7769 ssh->packet_dispatch[SSH2_MSG_CHANNEL_WINDOW_ADJUST] = NULL;
7770 ssh->packet_dispatch[SSH2_MSG_CHANNEL_DATA] = NULL;
7771 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EXTENDED_DATA] = NULL;
7772 ssh->packet_dispatch[SSH2_MSG_CHANNEL_EOF] = NULL;
7773 ssh->packet_dispatch[SSH2_MSG_CHANNEL_CLOSE] = NULL;
7774 ssh->packet_dispatch[SSH2_MSG_CHANNEL_REQUEST] = NULL;
7775 ssh->packet_dispatch[SSH2_MSG_CHANNEL_SUCCESS] = NULL;
7776 ssh->packet_dispatch[SSH2_MSG_CHANNEL_FAILURE] = NULL;
7779 * These special message types we install handlers for.
7781 ssh->packet_dispatch[SSH2_MSG_DISCONNECT] = ssh2_msg_disconnect;
7782 ssh->packet_dispatch[SSH2_MSG_IGNORE] = ssh_msg_ignore; /* shared with SSH-1 */
7783 ssh->packet_dispatch[SSH2_MSG_DEBUG] = ssh2_msg_debug;
7786 static void ssh2_timer(void *ctx, long now)
7790 if (ssh->state == SSH_STATE_CLOSED)
7793 if (!ssh->kex_in_progress && ssh->cfg.ssh_rekey_time != 0 &&
7794 now - ssh->next_rekey >= 0) {
7795 do_ssh2_transport(ssh, "timeout", -1, NULL);
7799 static void ssh2_protocol(Ssh ssh, void *vin, int inlen,
7800 struct Packet *pktin)
7802 unsigned char *in = (unsigned char *)vin;
7803 if (ssh->state == SSH_STATE_CLOSED)
7807 ssh->incoming_data_size += pktin->encrypted_len;
7808 if (!ssh->kex_in_progress &&
7809 ssh->max_data_size != 0 &&
7810 ssh->incoming_data_size > ssh->max_data_size)
7811 do_ssh2_transport(ssh, "too much data received", -1, NULL);
7814 if (pktin && ssh->packet_dispatch[pktin->type]) {
7815 ssh->packet_dispatch[pktin->type](ssh, pktin);
7819 if (!ssh->protocol_initial_phase_done ||
7820 (pktin && pktin->type >= 20 && pktin->type < 50)) {
7821 if (do_ssh2_transport(ssh, in, inlen, pktin) &&
7822 !ssh->protocol_initial_phase_done) {
7823 ssh->protocol_initial_phase_done = TRUE;
7825 * Allow authconn to initialise itself.
7827 do_ssh2_authconn(ssh, NULL, 0, NULL);
7830 do_ssh2_authconn(ssh, in, inlen, pktin);
7835 * Called to set up the connection.
7837 * Returns an error message, or NULL on success.
7839 static const char *ssh_init(void *frontend_handle, void **backend_handle,
7841 char *host, int port, char **realhost, int nodelay,
7847 ssh = snew(struct ssh_tag);
7848 ssh->cfg = *cfg; /* STRUCTURE COPY */
7849 ssh->version = 0; /* when not ready yet */
7852 ssh->v1_cipher_ctx = NULL;
7853 ssh->crcda_ctx = NULL;
7854 ssh->cscipher = NULL;
7855 ssh->cs_cipher_ctx = NULL;
7856 ssh->sccipher = NULL;
7857 ssh->sc_cipher_ctx = NULL;
7859 ssh->cs_mac_ctx = NULL;
7861 ssh->sc_mac_ctx = NULL;
7863 ssh->cs_comp_ctx = NULL;
7865 ssh->sc_comp_ctx = NULL;
7867 ssh->kex_ctx = NULL;
7868 ssh->hostkey = NULL;
7870 ssh->close_expected = FALSE;
7871 ssh->clean_exit = FALSE;
7872 ssh->state = SSH_STATE_PREPACKET;
7873 ssh->size_needed = FALSE;
7874 ssh->eof_needed = FALSE;
7877 ssh->deferred_send_data = NULL;
7878 ssh->deferred_len = 0;
7879 ssh->deferred_size = 0;
7880 ssh->fallback_cmd = 0;
7882 ssh->x11auth = NULL;
7883 ssh->v1_compressing = FALSE;
7884 ssh->v2_outgoing_sequence = 0;
7885 ssh->ssh1_rdpkt_crstate = 0;
7886 ssh->ssh2_rdpkt_crstate = 0;
7887 ssh->do_ssh_init_crstate = 0;
7888 ssh->ssh_gotdata_crstate = 0;
7889 ssh->do_ssh1_connection_crstate = 0;
7890 ssh->do_ssh1_login_crstate = 0;
7891 ssh->do_ssh2_transport_crstate = 0;
7892 ssh->do_ssh2_authconn_crstate = 0;
7893 ssh->do_ssh_init_state = NULL;
7894 ssh->do_ssh1_login_state = NULL;
7895 ssh->do_ssh2_transport_state = NULL;
7896 ssh->do_ssh2_authconn_state = NULL;
7899 ssh->mainchan = NULL;
7900 ssh->throttled_all = 0;
7901 ssh->v1_stdout_throttling = 0;
7903 ssh->queuelen = ssh->queuesize = 0;
7904 ssh->queueing = FALSE;
7905 ssh->qhead = ssh->qtail = NULL;
7906 ssh->deferred_rekey_reason = NULL;
7907 bufchain_init(&ssh->queued_incoming_data);
7908 ssh->frozen = FALSE;
7910 *backend_handle = ssh;
7913 if (crypto_startup() == 0)
7914 return "Microsoft high encryption pack not installed!";
7917 ssh->frontend = frontend_handle;
7918 ssh->term_width = ssh->cfg.width;
7919 ssh->term_height = ssh->cfg.height;
7921 ssh->channels = NULL;
7922 ssh->rportfwds = NULL;
7923 ssh->portfwds = NULL;
7928 ssh->v1_throttle_count = 0;
7929 ssh->overall_bufsize = 0;
7930 ssh->fallback_cmd = 0;
7932 ssh->protocol = NULL;
7934 ssh->protocol_initial_phase_done = FALSE;
7938 ssh->incoming_data_size = ssh->outgoing_data_size =
7939 ssh->deferred_data_size = 0L;
7940 ssh->max_data_size = parse_blocksize(ssh->cfg.ssh_rekey_data);
7941 ssh->kex_in_progress = FALSE;
7943 p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
7952 static void ssh_free(void *handle)
7954 Ssh ssh = (Ssh) handle;
7955 struct ssh_channel *c;
7956 struct ssh_rportfwd *pf;
7958 if (ssh->v1_cipher_ctx)
7959 ssh->cipher->free_context(ssh->v1_cipher_ctx);
7960 if (ssh->cs_cipher_ctx)
7961 ssh->cscipher->free_context(ssh->cs_cipher_ctx);
7962 if (ssh->sc_cipher_ctx)
7963 ssh->sccipher->free_context(ssh->sc_cipher_ctx);
7964 if (ssh->cs_mac_ctx)
7965 ssh->csmac->free_context(ssh->cs_mac_ctx);
7966 if (ssh->sc_mac_ctx)
7967 ssh->scmac->free_context(ssh->sc_mac_ctx);
7968 if (ssh->cs_comp_ctx) {
7970 ssh->cscomp->compress_cleanup(ssh->cs_comp_ctx);
7972 zlib_compress_cleanup(ssh->cs_comp_ctx);
7974 if (ssh->sc_comp_ctx) {
7976 ssh->sccomp->decompress_cleanup(ssh->sc_comp_ctx);
7978 zlib_decompress_cleanup(ssh->sc_comp_ctx);
7981 dh_cleanup(ssh->kex_ctx);
7982 sfree(ssh->savedhost);
7984 while (ssh->queuelen-- > 0)
7985 ssh_free_packet(ssh->queue[ssh->queuelen]);
7988 while (ssh->qhead) {
7989 struct queued_handler *qh = ssh->qhead;
7990 ssh->qhead = qh->next;
7993 ssh->qhead = ssh->qtail = NULL;
7995 if (ssh->channels) {
7996 while ((c = delpos234(ssh->channels, 0)) != NULL) {
7999 if (c->u.x11.s != NULL)
8000 x11_close(c->u.x11.s);
8003 if (c->u.pfd.s != NULL)
8004 pfd_close(c->u.pfd.s);
8009 freetree234(ssh->channels);
8010 ssh->channels = NULL;
8013 if (ssh->rportfwds) {
8014 while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
8016 freetree234(ssh->rportfwds);
8017 ssh->rportfwds = NULL;
8019 sfree(ssh->deferred_send_data);
8021 x11_free_auth(ssh->x11auth);
8022 sfree(ssh->do_ssh_init_state);
8023 sfree(ssh->do_ssh1_login_state);
8024 sfree(ssh->do_ssh2_transport_state);
8025 sfree(ssh->do_ssh2_authconn_state);
8028 if (ssh->crcda_ctx) {
8029 crcda_free_context(ssh->crcda_ctx);
8030 ssh->crcda_ctx = NULL;
8033 ssh_do_close(ssh, TRUE);
8034 expire_timer_context(ssh);
8036 pinger_free(ssh->pinger);
8037 bufchain_clear(&ssh->queued_incoming_data);
8044 * Reconfigure the SSH backend.
8046 static void ssh_reconfig(void *handle, Config *cfg)
8048 Ssh ssh = (Ssh) handle;
8049 char *rekeying = NULL, rekey_mandatory = FALSE;
8050 unsigned long old_max_data_size;
8052 pinger_reconfig(ssh->pinger, &ssh->cfg, cfg);
8054 ssh_setup_portfwd(ssh, cfg);
8056 if (ssh->cfg.ssh_rekey_time != cfg->ssh_rekey_time &&
8057 cfg->ssh_rekey_time != 0) {
8058 long new_next = ssh->last_rekey + cfg->ssh_rekey_time*60*TICKSPERSEC;
8059 long now = GETTICKCOUNT();
8061 if (new_next - now < 0) {
8062 rekeying = "timeout shortened";
8064 ssh->next_rekey = schedule_timer(new_next - now, ssh2_timer, ssh);
8068 old_max_data_size = ssh->max_data_size;
8069 ssh->max_data_size = parse_blocksize(cfg->ssh_rekey_data);
8070 if (old_max_data_size != ssh->max_data_size &&
8071 ssh->max_data_size != 0) {
8072 if (ssh->outgoing_data_size > ssh->max_data_size ||
8073 ssh->incoming_data_size > ssh->max_data_size)
8074 rekeying = "data limit lowered";
8077 if (ssh->cfg.compression != cfg->compression) {
8078 rekeying = "compression setting changed";
8079 rekey_mandatory = TRUE;
8082 if (ssh->cfg.ssh2_des_cbc != cfg->ssh2_des_cbc ||
8083 memcmp(ssh->cfg.ssh_cipherlist, cfg->ssh_cipherlist,
8084 sizeof(ssh->cfg.ssh_cipherlist))) {
8085 rekeying = "cipher settings changed";
8086 rekey_mandatory = TRUE;
8089 ssh->cfg = *cfg; /* STRUCTURE COPY */
8092 if (!ssh->kex_in_progress) {
8093 do_ssh2_transport(ssh, rekeying, -1, NULL);
8094 } else if (rekey_mandatory) {
8095 ssh->deferred_rekey_reason = rekeying;
8101 * Called to send data down the SSH connection.
8103 static int ssh_send(void *handle, char *buf, int len)
8105 Ssh ssh = (Ssh) handle;
8107 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
8110 ssh->protocol(ssh, (unsigned char *)buf, len, 0);
8112 return ssh_sendbuffer(ssh);
8116 * Called to query the current amount of buffered stdin data.
8118 static int ssh_sendbuffer(void *handle)
8120 Ssh ssh = (Ssh) handle;
8123 if (ssh == NULL || ssh->s == NULL || ssh->protocol == NULL)
8127 * If the SSH socket itself has backed up, add the total backup
8128 * size on that to any individual buffer on the stdin channel.
8131 if (ssh->throttled_all)
8132 override_value = ssh->overall_bufsize;
8134 if (ssh->version == 1) {
8135 return override_value;
8136 } else if (ssh->version == 2) {
8137 if (!ssh->mainchan || ssh->mainchan->closes > 0)
8138 return override_value;
8140 return (override_value +
8141 bufchain_size(&ssh->mainchan->v.v2.outbuffer));
8148 * Called to set the size of the window from SSH's POV.
8150 static void ssh_size(void *handle, int width, int height)
8152 Ssh ssh = (Ssh) handle;
8153 struct Packet *pktout;
8155 ssh->term_width = width;
8156 ssh->term_height = height;
8158 switch (ssh->state) {
8159 case SSH_STATE_BEFORE_SIZE:
8160 case SSH_STATE_PREPACKET:
8161 case SSH_STATE_CLOSED:
8162 break; /* do nothing */
8163 case SSH_STATE_INTERMED:
8164 ssh->size_needed = TRUE; /* buffer for later */
8166 case SSH_STATE_SESSION:
8167 if (!ssh->cfg.nopty) {
8168 if (ssh->version == 1) {
8169 send_packet(ssh, SSH1_CMSG_WINDOW_SIZE,
8170 PKT_INT, ssh->term_height,
8171 PKT_INT, ssh->term_width,
8172 PKT_INT, 0, PKT_INT, 0, PKT_END);
8173 } else if (ssh->mainchan) {
8174 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8175 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
8176 ssh2_pkt_addstring(pktout, "window-change");
8177 ssh2_pkt_addbool(pktout, 0);
8178 ssh2_pkt_adduint32(pktout, ssh->term_width);
8179 ssh2_pkt_adduint32(pktout, ssh->term_height);
8180 ssh2_pkt_adduint32(pktout, 0);
8181 ssh2_pkt_adduint32(pktout, 0);
8182 ssh2_pkt_send(ssh, pktout);
8190 * Return a list of the special codes that make sense in this
8193 static const struct telnet_special *ssh_get_specials(void *handle)
8195 static const struct telnet_special ssh1_ignore_special[] = {
8196 {"IGNORE message", TS_NOP}
8198 static const struct telnet_special ssh2_transport_specials[] = {
8199 {"IGNORE message", TS_NOP},
8200 {"Repeat key exchange", TS_REKEY},
8202 static const struct telnet_special ssh2_session_specials[] = {
8205 /* These are the signal names defined by draft-ietf-secsh-connect-23.
8206 * They include all the ISO C signals, but are a subset of the POSIX
8207 * required signals. */
8208 {"SIGINT (Interrupt)", TS_SIGINT},
8209 {"SIGTERM (Terminate)", TS_SIGTERM},
8210 {"SIGKILL (Kill)", TS_SIGKILL},
8211 {"SIGQUIT (Quit)", TS_SIGQUIT},
8212 {"SIGHUP (Hangup)", TS_SIGHUP},
8213 {"More signals", TS_SUBMENU},
8214 {"SIGABRT", TS_SIGABRT}, {"SIGALRM", TS_SIGALRM},
8215 {"SIGFPE", TS_SIGFPE}, {"SIGILL", TS_SIGILL},
8216 {"SIGPIPE", TS_SIGPIPE}, {"SIGSEGV", TS_SIGSEGV},
8217 {"SIGUSR1", TS_SIGUSR1}, {"SIGUSR2", TS_SIGUSR2},
8220 static const struct telnet_special specials_end[] = {
8223 /* XXX review this length for any changes: */
8224 static struct telnet_special ssh_specials[lenof(ssh2_transport_specials) +
8225 lenof(ssh2_session_specials) +
8226 lenof(specials_end)];
8227 Ssh ssh = (Ssh) handle;
8229 #define ADD_SPECIALS(name) \
8231 assert((i + lenof(name)) <= lenof(ssh_specials)); \
8232 memcpy(&ssh_specials[i], name, sizeof name); \
8236 if (ssh->version == 1) {
8237 /* Don't bother offering IGNORE if we've decided the remote
8238 * won't cope with it, since we wouldn't bother sending it if
8240 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
8241 ADD_SPECIALS(ssh1_ignore_special);
8242 } else if (ssh->version == 2) {
8243 ADD_SPECIALS(ssh2_transport_specials);
8245 ADD_SPECIALS(ssh2_session_specials);
8246 } /* else we're not ready yet */
8249 ADD_SPECIALS(specials_end);
8250 return ssh_specials;
8258 * Send special codes. TS_EOF is useful for `plink', so you
8259 * can send an EOF and collect resulting output (e.g. `plink
8262 static void ssh_special(void *handle, Telnet_Special code)
8264 Ssh ssh = (Ssh) handle;
8265 struct Packet *pktout;
8267 if (code == TS_EOF) {
8268 if (ssh->state != SSH_STATE_SESSION) {
8270 * Buffer the EOF in case we are pre-SESSION, so we can
8271 * send it as soon as we reach SESSION.
8274 ssh->eof_needed = TRUE;
8277 if (ssh->version == 1) {
8278 send_packet(ssh, SSH1_CMSG_EOF, PKT_END);
8279 } else if (ssh->mainchan) {
8280 struct Packet *pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_EOF);
8281 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
8282 ssh2_pkt_send(ssh, pktout);
8283 ssh->send_ok = 0; /* now stop trying to read from stdin */
8285 logevent("Sent EOF message");
8286 } else if (code == TS_PING || code == TS_NOP) {
8287 if (ssh->state == SSH_STATE_CLOSED
8288 || ssh->state == SSH_STATE_PREPACKET) return;
8289 if (ssh->version == 1) {
8290 if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
8291 send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
8293 pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
8294 ssh2_pkt_addstring_start(pktout);
8295 ssh2_pkt_send_noqueue(ssh, pktout);
8297 } else if (code == TS_REKEY) {
8298 if (!ssh->kex_in_progress && ssh->version == 2) {
8299 do_ssh2_transport(ssh, "at user request", -1, NULL);
8301 } else if (code == TS_BRK) {
8302 if (ssh->state == SSH_STATE_CLOSED
8303 || ssh->state == SSH_STATE_PREPACKET) return;
8304 if (ssh->version == 1) {
8305 logevent("Unable to send BREAK signal in SSH-1");
8306 } else if (ssh->mainchan) {
8307 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8308 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
8309 ssh2_pkt_addstring(pktout, "break");
8310 ssh2_pkt_addbool(pktout, 0);
8311 ssh2_pkt_adduint32(pktout, 0); /* default break length */
8312 ssh2_pkt_send(ssh, pktout);
8315 /* Is is a POSIX signal? */
8316 char *signame = NULL;
8317 if (code == TS_SIGABRT) signame = "ABRT";
8318 if (code == TS_SIGALRM) signame = "ALRM";
8319 if (code == TS_SIGFPE) signame = "FPE";
8320 if (code == TS_SIGHUP) signame = "HUP";
8321 if (code == TS_SIGILL) signame = "ILL";
8322 if (code == TS_SIGINT) signame = "INT";
8323 if (code == TS_SIGKILL) signame = "KILL";
8324 if (code == TS_SIGPIPE) signame = "PIPE";
8325 if (code == TS_SIGQUIT) signame = "QUIT";
8326 if (code == TS_SIGSEGV) signame = "SEGV";
8327 if (code == TS_SIGTERM) signame = "TERM";
8328 if (code == TS_SIGUSR1) signame = "USR1";
8329 if (code == TS_SIGUSR2) signame = "USR2";
8330 /* The SSH-2 protocol does in principle support arbitrary named
8331 * signals, including signame@domain, but we don't support those. */
8333 /* It's a signal. */
8334 if (ssh->version == 2 && ssh->mainchan) {
8335 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
8336 ssh2_pkt_adduint32(pktout, ssh->mainchan->remoteid);
8337 ssh2_pkt_addstring(pktout, "signal");
8338 ssh2_pkt_addbool(pktout, 0);
8339 ssh2_pkt_addstring(pktout, signame);
8340 ssh2_pkt_send(ssh, pktout);
8341 logeventf(ssh, "Sent signal SIG%s", signame);
8344 /* Never heard of it. Do nothing */
8349 void *new_sock_channel(void *handle, Socket s)
8351 Ssh ssh = (Ssh) handle;
8352 struct ssh_channel *c;
8353 c = snew(struct ssh_channel);
8358 c->localid = alloc_channel_id(ssh);
8360 c->type = CHAN_SOCKDATA_DORMANT;/* identify channel type */
8362 bufchain_init(&c->v.v2.outbuffer);
8363 add234(ssh->channels, c);
8369 * This is called when stdout/stderr (the entity to which
8370 * from_backend sends data) manages to clear some backlog.
8372 static void ssh_unthrottle(void *handle, int bufsize)
8374 Ssh ssh = (Ssh) handle;
8375 if (ssh->version == 1) {
8376 if (ssh->v1_stdout_throttling && bufsize < SSH1_BUFFER_LIMIT) {
8377 ssh->v1_stdout_throttling = 0;
8378 ssh1_throttle(ssh, -1);
8381 if (ssh->mainchan && ssh->mainchan->closes == 0)
8382 ssh2_set_window(ssh->mainchan, OUR_V2_WINSIZE - bufsize);
8386 void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
8388 struct ssh_channel *c = (struct ssh_channel *)channel;
8390 struct Packet *pktout;
8392 logeventf(ssh, "Opening forwarded connection to %s:%d", hostname, port);
8394 if (ssh->version == 1) {
8395 send_packet(ssh, SSH1_MSG_PORT_OPEN,
8396 PKT_INT, c->localid,
8399 /* PKT_STR, <org:orgport>, */
8402 pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_OPEN);
8403 ssh2_pkt_addstring(pktout, "direct-tcpip");
8404 ssh2_pkt_adduint32(pktout, c->localid);
8405 c->v.v2.locwindow = OUR_V2_WINSIZE;
8406 ssh2_pkt_adduint32(pktout, c->v.v2.locwindow);/* our window size */
8407 ssh2_pkt_adduint32(pktout, OUR_V2_MAXPKT); /* our max pkt size */
8408 ssh2_pkt_addstring(pktout, hostname);
8409 ssh2_pkt_adduint32(pktout, port);
8411 * We make up values for the originator data; partly it's
8412 * too much hassle to keep track, and partly I'm not
8413 * convinced the server should be told details like that
8414 * about my local network configuration.
8416 ssh2_pkt_addstring(pktout, "client-side-connection");
8417 ssh2_pkt_adduint32(pktout, 0);
8418 ssh2_pkt_send(ssh, pktout);
8422 static Socket ssh_socket(void *handle)
8424 Ssh ssh = (Ssh) handle;
8428 static int ssh_sendok(void *handle)
8430 Ssh ssh = (Ssh) handle;
8431 return ssh->send_ok;
8434 static int ssh_ldisc(void *handle, int option)
8436 Ssh ssh = (Ssh) handle;
8437 if (option == LD_ECHO)
8438 return ssh->echoing;
8439 if (option == LD_EDIT)
8440 return ssh->editing;
8444 static void ssh_provide_ldisc(void *handle, void *ldisc)
8446 Ssh ssh = (Ssh) handle;
8450 static void ssh_provide_logctx(void *handle, void *logctx)
8452 Ssh ssh = (Ssh) handle;
8453 ssh->logctx = logctx;
8456 static int ssh_return_exitcode(void *handle)
8458 Ssh ssh = (Ssh) handle;
8462 return (ssh->exitcode >= 0 ? ssh->exitcode : 0);
8466 * cfg_info for SSH is the currently running version of the
8467 * protocol. (1 for 1; 2 for 2; 0 for not-decided-yet.)
8469 static int ssh_cfg_info(void *handle)
8471 Ssh ssh = (Ssh) handle;
8472 return ssh->version;
8476 * Gross hack: pscp will try to start SFTP but fall back to scp1 if
8477 * that fails. This variable is the means by which scp.c can reach
8478 * into the SSH code and find out which one it got.
8480 extern int ssh_fallback_cmd(void *handle)
8482 Ssh ssh = (Ssh) handle;
8483 return ssh->fallback_cmd;
8486 Backend ssh_backend = {
8496 ssh_return_exitcode,