const void *
ssh_packet_get_string_ptr(struct ssh *ssh, u_int *length_ptr)
{
int r;
size_t len;
const u_char *val;
if ((r = sshpkt_get_string_direct(ssh, &val, &len)) != 0)
fatal("%s: %s", __func__, ssh_err(r));
if (length_ptr != NULL)
*length_ptr = (u_int)len;
return val;
}
static int
server_input_hostkeys_prove(struct sshbuf **respp)
{
struct ssh *ssh = active_state; /* XXX */
struct sshbuf *resp = NULL;
struct sshbuf *sigbuf = NULL;
struct sshkey *key = NULL, *key_pub = NULL, *key_prv = NULL;
int r, ndx, success = 0;
const u_char *blob;
u_char *sig = 0;
size_t blen, slen;
if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__);
while (ssh_packet_remaining(ssh) > 0) {
sshkey_free(key);
key = NULL;
if ((r = sshpkt_get_string_direct(ssh, &blob, &blen)) != 0 ||
(r = sshkey_from_blob(blob, blen, &key)) != 0) {
error("%s: couldn't parse key: %s",
__func__, ssh_err(r));
goto out;
}
/*
* Better check that this is actually one of our hostkeys
* before attempting to sign anything with it.
*/
if ((ndx = ssh->kex->host_key_index(key, 1, ssh)) == -1) {
error("%s: unknown host %s key",
__func__, sshkey_type(key));
goto out;
}
/*
* XXX refactor: make kex->sign just use an index rather
* than passing in public and private keys
*/
if ((key_prv = get_hostkey_by_index(ndx)) == NULL &&
(key_pub = get_hostkey_public_by_index(ndx, ssh)) == NULL) {
error("%s: can't retrieve hostkey %d", __func__, ndx);
goto out;
}
sshbuf_reset(sigbuf);
free(sig);
sig = NULL;
if ((r = sshbuf_put_cstring(sigbuf,
"*****@*****.**")) != 0 ||
(r = sshbuf_put_string(sigbuf,
ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||
(r = sshkey_puts(key, sigbuf)) != 0 ||
(r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,
sshbuf_ptr(sigbuf), sshbuf_len(sigbuf), 0)) != 0 ||
(r = sshbuf_put_string(resp, sig, slen)) != 0) {
error("%s: couldn't prepare signature: %s",
__func__, ssh_err(r));
goto out;
}
}
/* Success */
*respp = resp;
resp = NULL; /* don't free it */
success = 1;
out:
free(sig);
sshbuf_free(resp);
sshbuf_free(sigbuf);
sshkey_free(key);
return success;
}
/*
* Decodes terminal modes for the terminal referenced by fd in a portable
* manner from a packet being read.
*/
void
ssh_tty_parse_modes(struct ssh *ssh, int fd)
{
struct termios tio;
struct sshbuf *buf;
const u_char *data;
u_char opcode;
u_int baud, u;
int r, failure = 0;
size_t len;
if ((r = sshpkt_get_string_direct(ssh, &data, &len)) != 0)
fatal("%s: packet error: %s", __func__, ssh_err(r));
if (len == 0)
return;
if ((buf = sshbuf_from(data, len)) == NULL) {
error("%s: sshbuf_from failed", __func__);
return;
}
/*
* Get old attributes for the terminal. We will modify these
* flags. I am hoping that if there are any machine-specific
* modes, they will initially have reasonable values.
*/
if (tcgetattr(fd, &tio) == -1) {
logit("tcgetattr: %.100s", strerror(errno));
failure = -1;
}
while (sshbuf_len(buf) > 0) {
if ((r = sshbuf_get_u8(buf, &opcode)) != 0)
fatal("%s: packet error: %s", __func__, ssh_err(r));
switch (opcode) {
case TTY_OP_END:
goto set;
case TTY_OP_ISPEED:
if ((r = sshbuf_get_u32(buf, &baud)) != 0)
fatal("%s: packet error: %s",
__func__, ssh_err(r));
if (failure != -1 &&
cfsetispeed(&tio, baud_to_speed(baud)) == -1)
error("cfsetispeed failed for %d", baud);
break;
case TTY_OP_OSPEED:
if ((r = sshbuf_get_u32(buf, &baud)) != 0)
fatal("%s: packet error: %s",
__func__, ssh_err(r));
if (failure != -1 &&
cfsetospeed(&tio, baud_to_speed(baud)) == -1)
error("cfsetospeed failed for %d", baud);
break;
#define TTYCHAR(NAME, OP) \
case OP: \
if ((r = sshbuf_get_u32(buf, &u)) != 0) \
fatal("%s: packet error: %s", __func__, \
ssh_err(r)); \
tio.c_cc[NAME] = u; \
break;
#define TTYMODE(NAME, FIELD, OP) \
case OP: \
if ((r = sshbuf_get_u32(buf, &u)) != 0) \
fatal("%s: packet error: %s", __func__, \
ssh_err(r)); \
if (u) \
tio.FIELD |= NAME; \
else \
tio.FIELD &= ~NAME; \
break;
#include "ttymodes.h"
#undef TTYCHAR
#undef TTYMODE
default:
debug("Ignoring unsupported tty mode opcode %d (0x%x)",
opcode, opcode);
/*
* SSH2:
* Opcodes 1 to 159 are defined to have a uint32
* argument.
* Opcodes 160 to 255 are undefined and cause parsing
* to stop.
*/
if (opcode > 0 && opcode < 160) {
if ((r = sshbuf_get_u32(buf, NULL)) != 0)
fatal("%s: packet error: %s", __func__,
ssh_err(r));
break;
} else {
logit("%s: unknown opcode %d", __func__,
opcode);
goto set;
}
}
}
set:
len = sshbuf_len(buf);
sshbuf_free(buf);
if (len > 0) {
logit("%s: %zu bytes left", __func__, len);
return; /* Don't process bytes passed */
}
if (failure == -1)
return; /* Packet parsed ok but tcgetattr() failed */
/* Set the new modes for the terminal. */
if (tcsetattr(fd, TCSANOW, &tio) == -1)
logit("Setting tty modes failed: %.100s", strerror(errno));
}
