static int telnet_machine(unsigned char ch)
{
switch (telnet_state) {
case 255: /* after the first IAC */
switch (ch) {
case DO:
case DONT:
case WILL:
case WONT:
telnet_state = 1;
break;
case SB: /* loop forever looking for the SE */
telnet_state = 2;
break;
case IAC:
return IAC;
default:
telnet_state = 0; /* other telnet command */
}
break;
case 1: /* Get the DO,DONT,WILL,WONT */
telnet_state = 0; /* the ch is the telnet option */
break;
case 2: /* the telnet suboption */
if (ch == 31)
telnet_state = 5; /* wait for windows size */
else if (ch == IAC)
telnet_state = 3; /* wait for SE */
else
telnet_state = 4; /* filter telnet SB data */
break;
case 3: /* wait for se */
if (ch == SE) {
telnet_state = 0;
if (naw_changed) {
naw_changed = 0;
do_naws(naw_ln, naw_col);
}
} else
telnet_state = 4;
break;
case 4: /* telnet SB data */
if (ch == IAC)
telnet_state = 3; /* wait for SE */
break;
case 5:
naw_changed = 1;
telnet_state = 6;
break;
case 6:
naw_col = ch;
if (ch == IAC)
telnet_state = 4;
else
telnet_state = 7;
break;
case 7:
if (ch == IAC)
telnet_state = 4;
else
telnet_state = 8;
break;
case 8:
naw_ln = ch;
if (ch == IAC)
telnet_state = 4;
else
telnet_state = 2;
break;
}
return 0;
}
void do_authenticated(char *pw)
{
int type;
int compression_level = 0, enable_compression_after_reply = 0;
int row, col, xpixel, ypixel;
unsigned long max_size;
char *display = NULL, *proto = NULL, *data = NULL;
/* Cancel the alarm we set to limit the time taken for authentication. */
alarm(0);
/* Inform the channel mechanism that we are the server side and that
the client may request to connect to any port at all. (The user could
do it anyway, and we wouldn\'t know what is permitted except by the
client telling us, so we can equally well trust the client not to request
anything bogus.) */
/* We stay in this loop until the client requests to execute a shell or a
command. */
while (1) {
/* Get a packet from the client. */
type = packet_read();
/* Process the packet. */
switch (type) {
case SSH_CMSG_REQUEST_COMPRESSION:
/* COMMAN: k core said that compression is not useful */
goto fail;
compression_level = packet_get_int();
if (compression_level < 1 || compression_level > 9) {
packet_send_debug("Received illegal compression level %d.", compression_level);
goto fail;
}
/* Enable compression after we have responded with SUCCESS. */
enable_compression_after_reply = 1;
break;
case SSH_CMSG_MAX_PACKET_SIZE:
/* Get maximum size from paket. */
max_size = packet_get_int();
/* Make sure that it is acceptable. */
if (max_size < 4096 || max_size > 256 * 1024) {
packet_send_debug("Received illegal max packet size %lu.", max_size);
goto fail;
}
/* Set the size and return success. */
packet_set_max_size(max_size);
break;
case SSH_CMSG_REQUEST_PTY:
packet_get_string(NULL);
row = packet_get_int();
col = packet_get_int();
xpixel = packet_get_int();
ypixel = packet_get_int();
do_naws(row, col);
packet_get_all();
debug("Allocating a pty not permitted for this authentication.");
break;
case SSH_CMSG_X11_REQUEST_FORWARDING:
packet_get_all();
debug("X11 forwarding disabled in this site.");
packet_send_debug("X11 forwarding disabled in this site.");
goto fail;
case SSH_CMSG_AGENT_REQUEST_FORWARDING:
packet_get_all();
debug("Authentication agent forwarding not permitted for this authentication.");
goto fail;
case SSH_CMSG_PORT_FORWARD_REQUEST:
packet_get_all();
debug("All port forwardings disabled in this site.");
packet_send_debug("All port forwardings disabled in this site.");
goto fail;
case SSH_CMSG_EXEC_SHELL:
/* Set interactive/non-interactive mode. */
packet_set_interactive(1, options.keepalives);
if (forced_command != NULL)
goto do_forced_command;
debug("Forking shell.");
do_exec_no_pty(NULL, pw, display, proto, data);
return;
case SSH_CMSG_EXEC_CMD:
packet_get_all();
debug("command executing disabled in this site.");
packet_send_debug("command executing disabled in this site.");
goto fail;
case SSH_CMSG_WINDOW_SIZE:
debug("Window change received.");
row = packet_get_int();
col = packet_get_int();
xpixel = packet_get_int();
ypixel = packet_get_int();
do_naws(row, col);
break;
default:
/* Any unknown messages in this phase are ignored, and a failure
message is returned. */
packet_get_all();
log_msg("Unknown packet type received after authentication: %d", type);
goto fail;
}
/* The request was successfully processed. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
/* Enable compression now that we have replied if appropriate. */
if (enable_compression_after_reply) {
enable_compression_after_reply = 0;
packet_start_compression(compression_level);
}
continue;
fail:
/* The request failed. */
packet_get_all();
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
continue;
do_forced_command:
/* There is a forced command specified for this login. Execute it. */
debug("Executing forced command: %.900s", forced_command);
return;
}
}
void ProcessOnePacket(int wait)
{
int type;
char *data;
unsigned int data_len;
int row, col, xpixel, ypixel;
while (1) {
if (wait)
type = packet_read();
else
type = packet_read_poll();
if (type == SSH_MSG_NONE)
goto read_done;
switch (type) {
case SSH_CMSG_STDIN_DATA:
/* Stdin data from the client. Append it to the buffer. */
data = packet_get_string(&data_len);
buffer_append(&NetworkBuf, data, data_len);
memset(data, 0, data_len);
xfree(data);
if (wait)
goto read_done;
break;
case SSH_CMSG_EOF:
/* Eof from the client. The stdin descriptor to the program
will be closed when all buffered data has drained. */
debug("EOF received for stdin.");
goto read_done;
break;
case SSH_CMSG_WINDOW_SIZE:
debug("Window change received.");
row = packet_get_int();
col = packet_get_int();
xpixel = packet_get_int();
ypixel = packet_get_int();
// pty_change_window_size(fdin, row, col, xpixel, ypixel);
do_naws(row, col);
break;
case SSH_MSG_PORT_OPEN:
break;
case SSH_MSG_CHANNEL_OPEN_CONFIRMATION:
debug("Received channel open confirmation.");
break;
case SSH_MSG_CHANNEL_OPEN_FAILURE:
debug("Received channel open failure.");
break;
case SSH_MSG_CHANNEL_DATA:
break;
#ifdef SUPPORT_OLD_CHANNELS
case SSH_MSG_CHANNEL_CLOSE:
debug("Received channel close.");
break;
case SSH_MSG_CHANNEL_CLOSE_CONFIRMATION:
debug("Received channel close confirmation.");
break;
#else
case SSH_MSG_CHANNEL_INPUT_EOF:
debug("Received channel input eof.");
break;
case SSH_MSG_CHANNEL_OUTPUT_CLOSED:
debug("Received channel output closed.");
break;
#endif
default:
/* In this phase, any unexpected messages cause a protocol
error. This is to ease debugging; also, since no
confirmations are sent messages, unprocessed unknown
messages could cause strange problems. Any compatible
protocol extensions must be negotiated before entering the
interactive session. */
packet_disconnect("Protocol error during session: type %d", type);
}
}
read_done:
return;
}
void do_authentication(char *user, int privileged_port, int cipher_type)
{
int type;
int authenticated = 0;
int authentication_type = 0;
char *password;
int row, col, xpixel, ypixel;
int password_attempts = 0;
if (strlen(user) > 255)
do_authentication_fail_loop();
/* Verify that the user is a valid user. We disallow usernames starting
with any characters that are commonly used to start NIS entries. */
if (user[0] == '-' || user[0] == '+' || user[0] == '@')
do_authentication_fail_loop();
debug("Attempting authentication for %.100s.", user);
/* If the user has no password, accept authentication immediately. */
if (auth_password(user, "")) {
/* Authentication with empty password succeeded. */
authentication_type = SSH_AUTH_PASSWORD;
authenticated = 1;
/* Success packet will be sent after loop below. */
} else {
/* Indicate that authentication is needed. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
}
/* Loop until the user has been authenticated or the connection is closed. */
while (!authenticated) {
/* Get a packet from the client. */
type = packet_read();
/* Process the packet. */
switch (type) {
case SSH_CMSG_AUTH_RHOSTS:
packet_get_all();
log_msg("Rhosts authentication disabled.");
break;
case SSH_CMSG_AUTH_RHOSTS_RSA:
packet_get_all();
log_msg("Rhosts with RSA authentication disabled.");
break;
case SSH_CMSG_AUTH_RSA:
packet_get_all();
log_msg("RSA authentication disabled.");
break;
case SSH_CMSG_AUTH_PASSWORD:
if (cipher_type == SSH_CIPHER_NONE) {
packet_get_all();
log_msg("Password authentication not available for unencrypted session.");
break;
}
/* Password authentication requested. */
/* Read user password. It is in plain text, but was transmitted
over the encrypted channel so it is not visible to an outside
observer. */
password = packet_get_string(NULL);
if (password_attempts >= 5) { /* Too many password authentication attempts. */
packet_disconnect("Too many password authentication attempts from %.100s for user %.100s.", get_canonical_hostname(), user);
/*NOTREACHED*/}
/* Count password authentication attempts, and log if appropriate. */
if (password_attempts > 0) {
/* Log failures if attempted more than once. */
debug("Password authentication failed for user %.100s from %.100s.", user, get_canonical_hostname());
}
password_attempts++;
/* Try authentication with the password. */
if (auth_password(user, password)) {
/* Successful authentication. */
/* Clear the password from memory. */
memset(password, 0, strlen(password));
xfree(password);
log_msg("Password authentication for %.100s accepted.", user);
authentication_type = SSH_AUTH_PASSWORD;
authenticated = 1;
break;
}
debug("Password authentication for %.100s failed.", user);
memset(password, 0, strlen(password));
xfree(password);
break;
case SSH_CMSG_WINDOW_SIZE:
debug("Window change received.");
row = packet_get_int();
col = packet_get_int();
xpixel = packet_get_int();
ypixel = packet_get_int();
do_naws(row, col);
break;
default:
/* Any unknown messages will be ignored (and failure returned)
during authentication. */
packet_get_all();
log_msg("Unknown message during authentication: type %d", type);
break; /* Respond with a failure message. */
}
/* If successfully authenticated, break out of loop. */
if (authenticated)
break;
/* Send a message indicating that the authentication attempt failed. */
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
}
/* The user has been authenticated and accepted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
/* Perform session preparation. */
do_authenticated(NULL);
}
