static void
client_check_window_change(void)
{
struct winsize ws;
if (! received_window_change_signal)
return;
/** XXX race */
received_window_change_signal = 0;
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
return;
debug2("client_check_window_change: changed");
if (compat20) {
channel_request_start(session_ident, "window-change", 0);
packet_put_int(ws.ws_col);
packet_put_int(ws.ws_row);
packet_put_int(ws.ws_xpixel);
packet_put_int(ws.ws_ypixel);
packet_send();
} else {
packet_start(SSH_CMSG_WINDOW_SIZE);
packet_put_int(ws.ws_row);
packet_put_int(ws.ws_col);
packet_put_int(ws.ws_xpixel);
packet_put_int(ws.ws_ypixel);
packet_send();
}
}
static int
send_userauth_info_request(Authctxt *authctxt)
{
KbdintAuthctxt *kbdintctxt;
char *name, *instr, **prompts;
u_int i, *echo_on;
kbdintctxt = authctxt->kbdintctxt;
if (kbdintctxt->device->query(kbdintctxt->ctxt,
&name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
return 0;
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
packet_put_cstring(name);
packet_put_cstring(instr);
packet_put_cstring(""); /* language not used */
packet_put_int(kbdintctxt->nreq);
for (i = 0; i < kbdintctxt->nreq; i++) {
packet_put_cstring(prompts[i]);
packet_put_char(echo_on[i]);
}
packet_send();
packet_write_wait();
for (i = 0; i < kbdintctxt->nreq; i++)
free(prompts[i]);
free(prompts);
free(echo_on);
free(name);
free(instr);
return 1;
}
static void
server_input_channel_req(int type, u_int32_t seq, void *ctxt)
{
Channel *c;
int id, reply, success = 0;
char *rtype;
id = packet_get_int();
rtype = packet_get_string(NULL);
reply = packet_get_char();
debug("server_input_channel_req: channel %d request %s reply %d",
id, rtype, reply);
if ((c = channel_lookup(id)) == NULL)
packet_disconnect("server_input_channel_req: "
"unknown channel %d", id);
if (!strcmp(rtype, "*****@*****.**")) {
packet_check_eom();
chan_rcvd_eow(c);
} else if ((c->type == SSH_CHANNEL_LARVAL ||
c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0)
success = session_input_channel_req(c, rtype);
if (reply) {
packet_start(success ?
SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
packet_put_int(c->remote_id);
packet_send();
}
free(rtype);
}
void
request_roaming(void)
{
packet_start(SSH2_MSG_GLOBAL_REQUEST);
packet_put_cstring(ROAMING_REQUEST);
packet_put_char(1);
packet_put_int(get_recv_buf_size());
packet_send();
client_register_global_confirm(roaming_reply, NULL);
}
void
dispatch_protocol_error(int type, u_int32_t seq, void *ctxt)
{
logit("dispatch_protocol_error: type %d seq %u", type, seq);
if (!compat20)
fatal("protocol error");
packet_start(SSH2_MSG_UNIMPLEMENTED);
packet_put_int(seq);
packet_send();
packet_write_wait();
}
static void
chan_send_eow2(Channel *c)
{
debug2("channel %d: send eow", c->self);
if (c->ostate == CHAN_OUTPUT_CLOSED) {
error("channel %d: must not sent eow on closed output",
c->self);
return;
}
packet_start(SSH2_MSG_CHANNEL_REQUEST);
packet_put_int(c->remote_id);
packet_put_cstring("*****@*****.**");
packet_put_char(0);
packet_send();
}
static void
chan_send_close2(Channel *c)
{
debug2("channel %d: send close", c->self);
if (c->ostate != CHAN_OUTPUT_CLOSED ||
c->istate != CHAN_INPUT_CLOSED) {
error("channel %d: cannot send close for istate/ostate %d/%d",
c->self, c->istate, c->ostate);
} else if (c->flags & CHAN_CLOSE_SENT) {
error("channel %d: already sent close", c->self);
} else {
packet_start(SSH2_MSG_CHANNEL_CLOSE);
packet_put_int(c->remote_id);
packet_send();
c->flags |= CHAN_CLOSE_SENT;
}
}
static void
chan_send_eof2(Channel *c)
{
debug2("channel %d: send eof", c->self);
switch (c->istate) {
case CHAN_INPUT_WAIT_DRAIN:
packet_start(SSH2_MSG_CHANNEL_EOF);
packet_put_int(c->remote_id);
packet_send();
c->flags |= CHAN_EOF_SENT;
break;
default:
error("channel %d: cannot send eof for istate %d",
c->self, c->istate);
break;
}
}
static void
chan_send_ieof1(Channel *c)
{
debug2("channel %d: send ieof", c->self);
switch (c->istate) {
case CHAN_INPUT_OPEN:
case CHAN_INPUT_WAIT_DRAIN:
packet_start(SSH_MSG_CHANNEL_INPUT_EOF);
packet_put_int(c->remote_id);
packet_send();
break;
default:
error("channel %d: cannot send ieof for istate %d",
c->self, c->istate);
break;
}
}
static void
chan_send_oclose1(Channel *c)
{
debug2("channel %d: send oclose", c->self);
switch (c->ostate) {
case CHAN_OUTPUT_OPEN:
case CHAN_OUTPUT_WAIT_DRAIN:
buffer_clear(&c->output);
packet_start(SSH_MSG_CHANNEL_OUTPUT_CLOSE);
packet_put_int(c->remote_id);
packet_send();
break;
default:
error("channel %d: cannot send oclose for ostate %d",
c->self, c->ostate);
break;
}
}
static int
server_input_channel_open(int type, u_int32_t seq, void *ctxt)
{
Channel *c = NULL;
char *ctype;
int rchan;
u_int rmaxpack, rwindow, len;
ctype = packet_get_string(&len);
rchan = packet_get_int();
rwindow = packet_get_int();
rmaxpack = packet_get_int();
debug("server_input_channel_open: ctype %s rchan %d win %d max %d",
ctype, rchan, rwindow, rmaxpack);
if (strcmp(ctype, "session") == 0) {
c = server_request_session();
} else if (strcmp(ctype, "direct-tcpip") == 0) {
c = server_request_direct_tcpip();
} else if (strcmp(ctype, "*****@*****.**") == 0) {
c = server_request_direct_streamlocal();
} else if (strcmp(ctype, "*****@*****.**") == 0) {
c = server_request_tun();
}
if (c != NULL) {
debug("server_input_channel_open: confirm %s", ctype);
c->remote_id = rchan;
c->remote_window = rwindow;
c->remote_maxpacket = rmaxpack;
if (c->type != SSH_CHANNEL_CONNECTING) {
packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
packet_put_int(c->remote_id);
packet_put_int(c->self);
packet_put_int(c->local_window);
packet_put_int(c->local_maxpacket);
packet_send();
}
} else {
debug("server_input_channel_open: failure %s", ctype);
packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(rchan);
packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
if (!(datafellows & SSH_BUG_OPENFAILURE)) {
packet_put_cstring("open failed");
packet_put_cstring("");
}
packet_send();
}
free(ctype);
return 0;
}
void
kexgex_client(Kex *kex)
{
BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
BIGNUM *p = NULL, *g = NULL;
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int klen, slen, sbloblen, hashlen;
int kout;
int min, max, nbits;
DH *dh;
nbits = dh_estimate(kex->dh_need * 8);
if (datafellows & SSH_OLD_DHGEX) {
/* Old GEX request */
packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
packet_put_int(nbits);
min = DH_GRP_MIN;
max = DH_GRP_MAX;
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD(%u) sent", nbits);
} else {
/* New GEX request */
min = DH_GRP_MIN;
max = DH_GRP_MAX;
packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
packet_put_int(min);
packet_put_int(nbits);
packet_put_int(max);
debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent",
min, nbits, max);
}
#ifdef DEBUG_KEXDH
fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
min, nbits, max);
#endif
packet_send();
debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP);
if ((p = BN_new()) == NULL)
fatal("BN_new");
packet_get_bignum2(p);
if ((g = BN_new()) == NULL)
fatal("BN_new");
packet_get_bignum2(g);
packet_check_eom();
if (BN_num_bits(p) < min || BN_num_bits(p) > max)
fatal("DH_GEX group out of range: %d !< %d !< %d",
min, BN_num_bits(p), max);
dh = dh_new_group(g, p);
dh_gen_key(dh, kex->we_need * 8);
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
/* generate and send 'e', client DH public key */
packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
packet_put_bignum2(dh->pub_key);
packet_send();
debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY);
/* key, cert */
server_host_key_blob = packet_get_string(&sbloblen);
server_host_key = key_from_blob(server_host_key_blob, sbloblen);
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
if (server_host_key->type != kex->hostkey_type)
fatal("type mismatch for decoded server_host_key_blob");
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH parameter f, server public DH key */
if ((dh_server_pub = BN_new()) == NULL)
fatal("dh_server_pub == NULL");
packet_get_bignum2(dh_server_pub);
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_server_pub= ");
BN_print_fp(stderr, dh_server_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_server_pub));
#endif
/* signed H */
signature = packet_get_string(&slen);
packet_check_eom();
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0)
fatal("DH_compute_key: failed");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexgex_client: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexgex_client: BN_bin2bn failed");
explicit_bzero(kbuf, klen);
free(kbuf);
if (datafellows & SSH_OLD_DHGEX)
min = max = -1;
/* calc and verify H */
kexgex_hash(
kex->hash_alg,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
server_host_key_blob, sbloblen,
min, nbits, max,
dh->p, dh->g,
dh->pub_key,
dh_server_pub,
shared_secret,
&hash, &hashlen
);
/* have keys, free DH */
DH_free(dh);
free(server_host_key_blob);
BN_clear_free(dh_server_pub);
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
free(signature);
/* save session id */
if (kex->session_id == NULL) {
kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
static int
do_pam_conversation_kbd_int(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr)
{
int i, j, done;
char *text;
context_pam2.finished = 0;
context_pam2.num_received = 0;
context_pam2.num_expected = 0;
context_pam2.prompts = xmalloc(sizeof(int) * num_msg);
context_pam2.responses = xmalloc(sizeof(struct pam_response) * num_msg);
memset(context_pam2.responses, 0, sizeof(struct pam_response) * num_msg);
text = NULL;
for (i = 0, context_pam2.num_expected = 0; i < num_msg; i++) {
int style = PAM_MSG_MEMBER(msg, i, msg_style);
switch (style) {
case PAM_PROMPT_ECHO_ON:
case PAM_PROMPT_ECHO_OFF:
context_pam2.num_expected++;
break;
case PAM_TEXT_INFO:
case PAM_ERROR_MSG:
default:
/* Capture all these messages to be sent at once */
message_cat(&text, PAM_MSG_MEMBER(msg, i, msg));
break;
}
}
if (context_pam2.num_expected == 0)
return PAM_SUCCESS;
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
packet_put_cstring(""); /* Name */
packet_put_cstring(""); /* Instructions */
packet_put_cstring(""); /* Language */
packet_put_int(context_pam2.num_expected);
for (i = 0, j = 0; i < num_msg; i++) {
int style = PAM_MSG_MEMBER(msg, i, msg_style);
/* Skip messages which don't need a reply */
if (style != PAM_PROMPT_ECHO_ON && style != PAM_PROMPT_ECHO_OFF)
continue;
context_pam2.prompts[j++] = i;
if (text) {
message_cat(&text, PAM_MSG_MEMBER(msg, i, msg));
packet_put_cstring(text);
text = NULL;
} else
packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg));
packet_put_char(style == PAM_PROMPT_ECHO_ON);
}
packet_send();
packet_write_wait();
/*
* Grabbing control of execution and spinning until we get what
* we want is probably rude, but it seems to work properly, and
* the client *should* be in lock-step with us, so the loop should
* only be traversed once.
*/
while(context_pam2.finished == 0) {
done = 1;
dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr);
if(context_pam2.finished == 0)
debug("extra packet during conversation");
}
if(context_pam2.num_received == context_pam2.num_expected) {
*resp = context_pam2.responses;
return PAM_SUCCESS;
} else
return PAM_CONV_ERR;
}
static int
server_input_global_request(int type, u_int32_t seq, void *ctxt)
{
char *rtype;
int want_reply;
int success = 0, allocated_listen_port = 0;
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
/* -R style forwarding */
if (strcmp(rtype, "tcpip-forward") == 0) {
struct passwd *pw;
struct Forward fwd;
pw = the_authctxt->pw;
if (pw == NULL || !the_authctxt->valid)
fatal("server_input_global_request: no/invalid user");
memset(&fwd, 0, sizeof(fwd));
fwd.listen_host = packet_get_string(NULL);
fwd.listen_port = (u_short)packet_get_int();
debug("server_input_global_request: tcpip-forward listen %s port %d",
fwd.listen_host, fwd.listen_port);
/* check permissions */
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
(!want_reply && fwd.listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
|| (fwd.listen_port != 0 && fwd.listen_port < IPPORT_RESERVED &&
pw->pw_uid != 0)
#endif
) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
/* Start listening on the port */
success = channel_setup_remote_fwd_listener(&fwd,
&allocated_listen_port, &options.fwd_opts);
}
free(fwd.listen_host);
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
fwd.listen_host = packet_get_string(NULL);
fwd.listen_port = (u_short)packet_get_int();
debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
fwd.listen_host, fwd.listen_port);
success = channel_cancel_rport_listener(&fwd);
free(fwd.listen_host);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
fwd.listen_path = packet_get_string(NULL);
debug("server_input_global_request: streamlocal-forward listen path %s",
fwd.listen_path);
/* check permissions */
if ((options.allow_streamlocal_forwarding & FORWARD_REMOTE) == 0
|| no_port_forwarding_flag) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
/* Start listening on the socket */
success = channel_setup_remote_fwd_listener(
&fwd, NULL, &options.fwd_opts);
}
free(fwd.listen_path);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
struct Forward fwd;
memset(&fwd, 0, sizeof(fwd));
fwd.listen_path = packet_get_string(NULL);
debug("%s: cancel-streamlocal-forward path %s", __func__,
fwd.listen_path);
success = channel_cancel_rport_listener(&fwd);
free(fwd.listen_path);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
no_more_sessions = 1;
success = 1;
}
if (want_reply) {
packet_start(success ?
SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
if (success && allocated_listen_port > 0)
packet_put_int(allocated_listen_port);
packet_send();
packet_write_wait();
}
free(rtype);
return 0;
}
int
userauth_gssapi(Authctxt *authctxt)
{
Gssctxt *gssctxt = NULL;
static int initialized = 0;
static int mech_idx = 0;
static gss_OID_set supported = GSS_C_NULL_OID_SET;
gss_OID mech = GSS_C_NULL_OID;
/* Things work better if we send one mechanism at a time, rather
* than them all at once. This means that if we fail at some point
* in the middle of a negotiation, we can come back and try something
* different. */
if (datafellows & SSH_OLD_GSSAPI) return 0;
/* Before we offer a mechanism, check that we can support it. Don't
* bother trying to get credentials - as the standard fallback will
* deal with that kind of failure.
*/
if (!initialized) {
initialized = 1;
ssh_gssapi_client_mechs(authctxt->host, &supported);
if (supported == GSS_C_NULL_OID_SET || supported->count == 0)
return (0);
} else if (supported != GSS_C_NULL_OID_SET) {
/* Try next mech, if any */
mech_idx++;
if (mech_idx >= supported->count)
return (0);
} else {
return (0);
}
mech = &supported->elements[mech_idx];
ssh_gssapi_build_ctx(&gssctxt, 1, mech);
authctxt->methoddata=(void *)gssctxt;
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user);
packet_put_cstring(authctxt->service);
packet_put_cstring(authctxt->method->name);
packet_put_int(1);
/* The newest gsskeyex draft stipulates that OIDs should
* be DER encoded, so we need to add the object type and
* length information back on */
if (datafellows & SSH_BUG_GSSAPI_BER) {
packet_put_string(mech->elements, mech->length);
} else {
packet_put_int((mech->length)+2);
packet_put_char(0x06);
packet_put_char(mech->length);
packet_put_raw(mech->elements, mech->length);
}
packet_send();
packet_write_wait();
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE,&input_gssapi_response);
return 1;
}
void
kexgss_client(Kex *kex) {
gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
Gssctxt *ctxt;
OM_uint32 maj_status, min_status, ret_flags;
u_int klen, kout, slen = 0, hashlen, strlen;
DH *dh;
BIGNUM *dh_server_pub = NULL;
BIGNUM *shared_secret = NULL;
BIGNUM *p = NULL;
BIGNUM *g = NULL;
u_char *kbuf, *hash;
u_char *serverhostkey = NULL;
u_char *empty = "";
char *msg;
char *lang;
int type = 0;
int first = 1;
int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
/* Initialise our GSSAPI world */
ssh_gssapi_build_ctx(&ctxt);
if (ssh_gssapi_id_kex(ctxt, kex->name, kex->kex_type)
== GSS_C_NO_OID)
fatal("Couldn't identify host exchange");
if (ssh_gssapi_import_name(ctxt, kex->gss_host))
fatal("Couldn't import hostname");
if (kex->gss_client &&
ssh_gssapi_client_identity(ctxt, kex->gss_client))
fatal("Couldn't acquire client credentials");
switch (kex->kex_type) {
case KEX_GSS_GRP1_SHA1:
dh = dh_new_group1();
break;
case KEX_GSS_GRP14_SHA1:
dh = dh_new_group14();
break;
case KEX_GSS_GEX_SHA1:
debug("Doing group exchange\n");
nbits = dh_estimate(kex->we_need * 8);
packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
packet_put_int(min);
packet_put_int(nbits);
packet_put_int(max);
packet_send();
packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
if ((p = BN_new()) == NULL)
fatal("BN_new() failed");
packet_get_bignum2(p);
if ((g = BN_new()) == NULL)
fatal("BN_new() failed");
packet_get_bignum2(g);
packet_check_eom();
if (BN_num_bits(p) < min || BN_num_bits(p) > max)
fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
min, BN_num_bits(p), max);
dh = dh_new_group(g, p);
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
/* Step 1 - e is dh->pub_key */
dh_gen_key(dh, kex->we_need * 8);
/* This is f, we initialise it now to make life easier */
dh_server_pub = BN_new();
if (dh_server_pub == NULL)
fatal("dh_server_pub == NULL");
token_ptr = GSS_C_NO_BUFFER;
do {
debug("Calling gss_init_sec_context");
maj_status = ssh_gssapi_init_ctx(ctxt,
kex->gss_deleg_creds, token_ptr, &send_tok,
&ret_flags);
if (GSS_ERROR(maj_status)) {
if (send_tok.length != 0) {
packet_start(SSH2_MSG_KEXGSS_CONTINUE);
packet_put_string(send_tok.value,
send_tok.length);
}
fatal("gss_init_context failed");
}
/* If we've got an old receive buffer get rid of it */
if (token_ptr != GSS_C_NO_BUFFER)
xfree(recv_tok.value);
if (maj_status == GSS_S_COMPLETE) {
/* If mutual state flag is not true, kex fails */
if (!(ret_flags & GSS_C_MUTUAL_FLAG))
fatal("Mutual authentication failed");
/* If integ avail flag is not true kex fails */
if (!(ret_flags & GSS_C_INTEG_FLAG))
fatal("Integrity check failed");
}
/*
* If we have data to send, then the last message that we
* received cannot have been a 'complete'.
*/
if (send_tok.length != 0) {
if (first) {
packet_start(SSH2_MSG_KEXGSS_INIT);
packet_put_string(send_tok.value,
send_tok.length);
packet_put_bignum2(dh->pub_key);
first = 0;
} else {
packet_start(SSH2_MSG_KEXGSS_CONTINUE);
packet_put_string(send_tok.value,
send_tok.length);
}
packet_send();
gss_release_buffer(&min_status, &send_tok);
/* If we've sent them data, they should reply */
do {
type = packet_read();
if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
debug("Received KEXGSS_HOSTKEY");
if (serverhostkey)
fatal("Server host key received more than once");
serverhostkey =
packet_get_string(&slen);
}
} while (type == SSH2_MSG_KEXGSS_HOSTKEY);
switch (type) {
case SSH2_MSG_KEXGSS_CONTINUE:
debug("Received GSSAPI_CONTINUE");
if (maj_status == GSS_S_COMPLETE)
fatal("GSSAPI Continue received from server when complete");
recv_tok.value = packet_get_string(&strlen);
recv_tok.length = strlen;
break;
case SSH2_MSG_KEXGSS_COMPLETE:
debug("Received GSSAPI_COMPLETE");
packet_get_bignum2(dh_server_pub);
msg_tok.value = packet_get_string(&strlen);
msg_tok.length = strlen;
/* Is there a token included? */
if (packet_get_char()) {
recv_tok.value=
packet_get_string(&strlen);
recv_tok.length = strlen;
/* If we're already complete - protocol error */
if (maj_status == GSS_S_COMPLETE)
packet_disconnect("Protocol error: received token when complete");
} else {
/* No token included */
if (maj_status != GSS_S_COMPLETE)
packet_disconnect("Protocol error: did not receive final token");
}
break;
case SSH2_MSG_KEXGSS_ERROR:
debug("Received Error");
maj_status = packet_get_int();
min_status = packet_get_int();
msg = packet_get_string(NULL);
lang = packet_get_string(NULL);
fatal("GSSAPI Error: \n%.400s",msg);
default:
packet_disconnect("Protocol error: didn't expect packet type %d",
type);
}
token_ptr = &recv_tok;
} else {
/* No data, and not complete */
if (maj_status != GSS_S_COMPLETE)
fatal("Not complete, and no token output");
}
} while (maj_status & GSS_S_CONTINUE_NEEDED);
/*
* We _must_ have received a COMPLETE message in reply from the
* server, which will have set dh_server_pub and msg_tok
*/
if (type != SSH2_MSG_KEXGSS_COMPLETE)
fatal("Didn't receive a SSH2_MSG_KEXGSS_COMPLETE when I expected it");
/* Check f in range [1, p-1] */
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
/* compute K=f^x mod p */
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_server_pub, dh);
if (kout < 0)
fatal("DH_compute_key: failed");
shared_secret = BN_new();
if (shared_secret == NULL)
fatal("kexgss_client: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_client: BN_bin2bn failed");
memset(kbuf, 0, klen);
xfree(kbuf);
switch (kex->kex_type) {
case KEX_GSS_GRP1_SHA1:
case KEX_GSS_GRP14_SHA1:
kex_dh_hash( kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
(serverhostkey ? serverhostkey : empty), slen,
dh->pub_key, /* e */
dh_server_pub, /* f */
shared_secret, /* K */
&hash, &hashlen
);
break;
case KEX_GSS_GEX_SHA1:
kexgex_hash(
kex->evp_md,
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
(serverhostkey ? serverhostkey : empty), slen,
min, nbits, max,
dh->p, dh->g,
dh->pub_key,
dh_server_pub,
shared_secret,
&hash, &hashlen
);
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
gssbuf.value = hash;
gssbuf.length = hashlen;
/* Verify that the hash matches the MIC we just got. */
if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
packet_disconnect("Hash's MIC didn't verify");
xfree(msg_tok.value);
DH_free(dh);
if (serverhostkey)
xfree(serverhostkey);
BN_clear_free(dh_server_pub);
/* save session id */
if (kex->session_id == NULL) {
kex->session_id_len = hashlen;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
if (kex->gss_deleg_creds)
ssh_gssapi_credentials_updated(ctxt);
if (gss_kex_context == NULL)
gss_kex_context = ctxt;
else
ssh_gssapi_delete_ctx(&ctxt);
kex_derive_keys(kex, hash, hashlen, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
static int
ssh_session(void)
{
int type;
int interactive = 0;
int have_tty = 0;
struct winsize ws;
char *cp;
const char *display;
/* Enable compression if requested. */
if (options.compression) {
debug("Requesting compression at level %d.",
options.compression_level);
if (options.compression_level < 1 ||
options.compression_level > 9)
fatal("Compression level must be from 1 (fast) to "
"9 (slow, best).");
/* Send the request. */
packet_start(SSH_CMSG_REQUEST_COMPRESSION);
packet_put_int(options.compression_level);
packet_send();
packet_write_wait();
type = packet_read();
if (type == SSH_SMSG_SUCCESS)
packet_start_compression(options.compression_level);
else if (type == SSH_SMSG_FAILURE)
logit("Warning: Remote host refused compression.");
else
packet_disconnect("Protocol error waiting for "
"compression response.");
}
/* Allocate a pseudo tty if appropriate. */
if (tty_flag) {
debug("Requesting pty.");
/* Start the packet. */
packet_start(SSH_CMSG_REQUEST_PTY);
/* Store TERM in the packet. There is no limit on the
length of the string. */
cp = getenv("TERM");
if (!cp)
cp = "";
packet_put_cstring(cp);
/* Store window size in the packet. */
if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) < 0)
memset(&ws, 0, sizeof(ws));
packet_put_int((u_int)ws.ws_row);
packet_put_int((u_int)ws.ws_col);
packet_put_int((u_int)ws.ws_xpixel);
packet_put_int((u_int)ws.ws_ypixel);
/* Store tty modes in the packet. */
tty_make_modes(fileno(stdin), NULL);
/* Send the packet, and wait for it to leave. */
packet_send();
packet_write_wait();
/* Read response from the server. */
type = packet_read();
if (type == SSH_SMSG_SUCCESS) {
interactive = 1;
have_tty = 1;
} else if (type == SSH_SMSG_FAILURE)
logit("Warning: Remote host failed or refused to "
"allocate a pseudo tty.");
else
packet_disconnect("Protocol error waiting for pty "
"request response.");
}
/* Request X11 forwarding if enabled and DISPLAY is set. */
display = getenv("DISPLAY");
if (options.forward_x11 && display != NULL) {
char *proto, *data;
/* Get reasonable local authentication information. */
client_x11_get_proto(display, options.xauth_location,
options.forward_x11_trusted,
options.forward_x11_timeout,
&proto, &data);
/* Request forwarding with authentication spoofing. */
debug("Requesting X11 forwarding with authentication "
"spoofing.");
x11_request_forwarding_with_spoofing(0, display, proto,
data, 0);
/* Read response from the server. */
type = packet_read();
if (type == SSH_SMSG_SUCCESS) {
interactive = 1;
} else if (type == SSH_SMSG_FAILURE) {
logit("Warning: Remote host denied X11 forwarding.");
} else {
packet_disconnect("Protocol error waiting for X11 "
"forwarding");
}
}
/* Tell the packet module whether this is an interactive session. */
packet_set_interactive(interactive,
options.ip_qos_interactive, options.ip_qos_bulk);
/* Request authentication agent forwarding if appropriate. */
check_agent_present();
if (options.forward_agent) {
debug("Requesting authentication agent forwarding.");
auth_request_forwarding();
/* Read response from the server. */
type = packet_read();
packet_check_eom();
if (type != SSH_SMSG_SUCCESS)
logit("Warning: Remote host denied authentication agent forwarding.");
}
/* Initiate port forwardings. */
ssh_init_stdio_forwarding();
ssh_init_forwarding();
/* Execute a local command */
if (options.local_command != NULL &&
options.permit_local_command)
ssh_local_cmd(options.local_command);
/*
* If requested and we are not interested in replies to remote
* forwarding requests, then let ssh continue in the background.
*/
if (fork_after_authentication_flag) {
if (options.exit_on_forward_failure &&
options.num_remote_forwards > 0) {
debug("deferring postauth fork until remote forward "
"confirmation received");
} else
fork_postauth();
}
/*
* If a command was specified on the command line, execute the
* command now. Otherwise request the server to start a shell.
*/
if (buffer_len(&command) > 0) {
int len = buffer_len(&command);
if (len > 900)
len = 900;
debug("Sending command: %.*s", len,
(u_char *)buffer_ptr(&command));
packet_start(SSH_CMSG_EXEC_CMD);
packet_put_string(buffer_ptr(&command), buffer_len(&command));
packet_send();
packet_write_wait();
} else {
debug("Requesting shell.");
packet_start(SSH_CMSG_EXEC_SHELL);
packet_send();
packet_write_wait();
}
/* Enter the interactive session. */
return client_loop(have_tty, tty_flag ?
options.escape_char : SSH_ESCAPECHAR_NONE, 0);
}
/* process the characters one by one */
static int
process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
{
char string[1024];
pid_t pid;
int bytes = 0;
u_int i;
u_char ch;
char *s;
for (i = 0; i < len; i++) {
/* Get one character at a time. */
ch = buf[i];
if (escape_pending) {
/* We have previously seen an escape character. */
/* Clear the flag now. */
escape_pending = 0;
/* Process the escaped character. */
switch (ch) {
case '.':
/* Terminate the connection. */
snprintf(string, sizeof string, "%c.\r\n", escape_char);
buffer_append(berr, string, strlen(string));
quit_pending = 1;
return -1;
case 'Z' - 64:
/* Suspend the program. */
/* Print a message to that effect to the user. */
snprintf(string, sizeof string, "%c^Z [suspend ssh]\r\n", escape_char);
buffer_append(berr, string, strlen(string));
/* Restore terminal modes and suspend. */
client_suspend_self(bin, bout, berr);
/* We have been continued. */
continue;
case 'B':
if (compat20) {
snprintf(string, sizeof string,
"%cB\r\n", escape_char);
buffer_append(berr, string,
strlen(string));
channel_request_start(session_ident,
"break", 0);
packet_put_int(1000);
packet_send();
}
continue;
case 'R':
if (compat20) {
if (datafellows & SSH_BUG_NOREKEY)
logit("Server does not support re-keying");
else
need_rekeying = 1;
}
continue;
case '&':
/*
* Detach the program (continue to serve connections,
* but put in background and no more new connections).
*/
/* Restore tty modes. */
leave_raw_mode();
/* Stop listening for new connections. */
channel_stop_listening();
snprintf(string, sizeof string,
"%c& [backgrounded]\n", escape_char);
buffer_append(berr, string, strlen(string));
/* Fork into background. */
pid = fork();
if (pid < 0) {
error("fork: %.100s", strerror(errno));
continue;
}
if (pid != 0) { /* This is the parent. */
/* The parent just exits. */
exit(0);
}
/* The child continues serving connections. */
if (compat20) {
buffer_append(bin, "\004", 1);
/* fake EOF on stdin */
return -1;
} else if (!stdin_eof) {
/*
* Sending SSH_CMSG_EOF alone does not always appear
* to be enough. So we try to send an EOF character
* first.
*/
packet_start(SSH_CMSG_STDIN_DATA);
packet_put_string("\004", 1);
packet_send();
/* Close stdin. */
stdin_eof = 1;
if (buffer_len(bin) == 0) {
packet_start(SSH_CMSG_EOF);
packet_send();
}
}
continue;
case '?':
snprintf(string, sizeof string,
"%c?\r\n\
Supported escape sequences:\r\n\
%c. - terminate connection\r\n\
%cB - send a BREAK to the remote system\r\n\
%cC - open a command line\r\n\
%cR - Request rekey (SSH protocol 2 only)\r\n\
%c^Z - suspend ssh\r\n\
%c# - list forwarded connections\r\n\
%c& - background ssh (when waiting for connections to terminate)\r\n\
%c? - this message\r\n\
%c%c - send the escape character by typing it twice\r\n\
(Note that escapes are only recognized immediately after newline.)\r\n",
escape_char, escape_char, escape_char, escape_char,
escape_char, escape_char, escape_char, escape_char,
escape_char, escape_char, escape_char);
buffer_append(berr, string, strlen(string));
continue;
case '#':
snprintf(string, sizeof string, "%c#\r\n", escape_char);
buffer_append(berr, string, strlen(string));
s = channel_open_message();
buffer_append(berr, s, strlen(s));
xfree(s);
continue;
case 'C':
process_cmdline();
continue;
default:
if (ch != escape_char) {
buffer_put_char(bin, escape_char);
bytes++;
}
/* Escaped characters fall through here */
break;
}
} else {
/*
* The previous character was not an escape char. Check if this
* is an escape.
*/
if (last_was_cr && ch == escape_char) {
/* It is. Set the flag and continue to next character. */
escape_pending = 1;
continue;
}
}
/*
* Normal character. Record whether it was a newline,
* and append it to the buffer.
*/
last_was_cr = (ch == '\r' || ch == '\n');
buffer_put_char(bin, ch);
bytes++;
}
/*
* SSH1 key exchange
*/
void
do_ssh1_kex(void)
{
int i, len;
int rsafail = 0;
BIGNUM *session_key_int;
u_char session_key[SSH_SESSION_KEY_LENGTH];
u_char cookie[8];
u_int cipher_type, auth_mask, protocol_flags;
u_int32_t rnd = 0;
/*
* Generate check bytes that the client must send back in the user
* packet in order for it to be accepted; this is used to defy ip
* spoofing attacks. Note that this only works against somebody
* doing IP spoofing from a remote machine; any machine on the local
* network can still see outgoing packets and catch the random
* cookie. This only affects rhosts authentication, and this is one
* of the reasons why it is inherently insecure.
*/
for (i = 0; i < 8; i++) {
if (i % 4 == 0)
rnd = arc4random();
cookie[i] = rnd & 0xff;
rnd >>= 8;
}
/*
* Send our public key. We include in the packet 64 bits of random
* data that must be matched in the reply in order to prevent IP
* spoofing.
*/
packet_start(SSH_SMSG_PUBLIC_KEY);
for (i = 0; i < 8; i++)
packet_put_char(cookie[i]);
/* Store our public server RSA key. */
packet_put_int(BN_num_bits(sensitive_data.server_key->rsa->n));
packet_put_bignum(sensitive_data.server_key->rsa->e);
packet_put_bignum(sensitive_data.server_key->rsa->n);
/* Store our public host RSA key. */
packet_put_int(BN_num_bits(sensitive_data.ssh1_host_key->rsa->n));
packet_put_bignum(sensitive_data.ssh1_host_key->rsa->e);
packet_put_bignum(sensitive_data.ssh1_host_key->rsa->n);
/* Put protocol flags. */
packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
/* Declare which ciphers we support. */
packet_put_int(cipher_mask_ssh1(0));
/* Declare supported authentication types. */
auth_mask = 0;
if (options.rhosts_rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
if (options.rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RSA;
if (options.challenge_response_authentication == 1)
auth_mask |= 1 << SSH_AUTH_TIS;
if (options.password_authentication)
auth_mask |= 1 << SSH_AUTH_PASSWORD;
packet_put_int(auth_mask);
/* Send the packet and wait for it to be sent. */
packet_send();
packet_write_wait();
debug("Sent %d bit server key and %d bit host key.",
BN_num_bits(sensitive_data.server_key->rsa->n),
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n));
/* Read clients reply (cipher type and session key). */
packet_read_expect(SSH_CMSG_SESSION_KEY);
/* Get cipher type and check whether we accept this. */
cipher_type = packet_get_char();
if (!(cipher_mask_ssh1(0) & (1 << cipher_type)))
packet_disconnect("Warning: client selects unsupported cipher.");
/* Get check bytes from the packet. These must match those we
sent earlier with the public key packet. */
for (i = 0; i < 8; i++)
if (cookie[i] != packet_get_char())
packet_disconnect("IP Spoofing check bytes do not match.");
debug("Encryption type: %.200s", cipher_name(cipher_type));
/* Get the encrypted integer. */
if ((session_key_int = BN_new()) == NULL)
fatal("do_ssh1_kex: BN_new failed");
packet_get_bignum(session_key_int);
protocol_flags = packet_get_int();
packet_set_protocol_flags(protocol_flags);
packet_check_eom();
/* Decrypt session_key_int using host/server keys */
rsafail = PRIVSEP(ssh1_session_key(session_key_int));
/*
* Extract session key from the decrypted integer. The key is in the
* least significant 256 bits of the integer; the first byte of the
* key is in the highest bits.
*/
if (!rsafail) {
BN_mask_bits(session_key_int, sizeof(session_key) * 8);
len = BN_num_bytes(session_key_int);
if (len < 0 || len > sizeof(session_key)) {
error("do_connection: bad session key len from %s: "
"session_key_int %d > sizeof(session_key) %lu",
get_remote_ipaddr(), len, (u_long)sizeof(session_key));
rsafail++;
} else {
memset(session_key, 0, sizeof(session_key));
BN_bn2bin(session_key_int,
session_key + sizeof(session_key) - len);
derive_ssh1_session_id(
sensitive_data.ssh1_host_key->rsa->n,
sensitive_data.server_key->rsa->n,
cookie, session_id);
/*
* Xor the first 16 bytes of the session key with the
* session id.
*/
for (i = 0; i < 16; i++)
session_key[i] ^= session_id[i];
}
}
if (rsafail) {
int bytes = BN_num_bytes(session_key_int);
u_char *buf = xmalloc(bytes);
MD5_CTX md;
logit("do_connection: generating a fake encryption key");
BN_bn2bin(session_key_int, buf);
MD5_Init(&md);
MD5_Update(&md, buf, bytes);
MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
MD5_Final(session_key, &md);
MD5_Init(&md);
MD5_Update(&md, session_key, 16);
MD5_Update(&md, buf, bytes);
MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH);
MD5_Final(session_key + 16, &md);
memset(buf, 0, bytes);
xfree(buf);
for (i = 0; i < 16; i++)
session_id[i] = session_key[i] ^ session_key[i + 16];
}
/* Destroy the private and public keys. No longer. */
destroy_sensitive_data();
if (use_privsep)
mm_ssh1_session_id(session_id);
/* Destroy the decrypted integer. It is no longer needed. */
BN_clear_free(session_key_int);
/* Set the session key. From this on all communications will be encrypted. */
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type);
/* Destroy our copy of the session key. It is no longer needed. */
memset(session_key, 0, sizeof(session_key));
debug("Received session key; encryption turned on.");
/* Send an acknowledgment packet. Note that this packet is sent encrypted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
}
static void
server_input_global_request(int type, u_int32_t seq, void *ctxt)
{
char *rtype;
int want_reply;
int success = 0, allocated_listen_port = 0;
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
/* -R style forwarding */
if (strcmp(rtype, "tcpip-forward") == 0) {
struct passwd *pw;
char *listen_address;
u_short listen_port;
pw = the_authctxt->pw;
if (pw == NULL || !the_authctxt->valid)
fatal("server_input_global_request: no/invalid user");
listen_address = packet_get_string(NULL);
listen_port = (u_short)packet_get_int();
debug("server_input_global_request: tcpip-forward listen %s port %d",
listen_address, listen_port);
/* check permissions */
if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
no_port_forwarding_flag ||
(!want_reply && listen_port == 0)
#ifndef NO_IPPORT_RESERVED_CONCEPT
|| (listen_port != 0 && listen_port < IPPORT_RESERVED &&
pw->pw_uid != 0)
#endif
) {
success = 0;
packet_send_debug("Server has disabled port forwarding.");
} else {
/* Start listening on the port */
success = channel_setup_remote_fwd_listener(
listen_address, listen_port,
&allocated_listen_port, options.gateway_ports);
}
free(listen_address);
} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
char *cancel_address;
u_short cancel_port;
cancel_address = packet_get_string(NULL);
cancel_port = (u_short)packet_get_int();
debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
cancel_address, cancel_port);
success = channel_cancel_rport_listener(cancel_address,
cancel_port);
free(cancel_address);
} else if (strcmp(rtype, "*****@*****.**") == 0) {
no_more_sessions = 1;
success = 1;
}
if (want_reply) {
packet_start(success ?
SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
if (success && allocated_listen_port > 0)
packet_put_int(allocated_listen_port);
packet_send();
packet_write_wait();
}
free(rtype);
}
static int
roaming_resume(void)
{
u_int64_t recv_bytes;
char *str = NULL, *kexlist = NULL, *c;
int i, type;
int timeout_ms = options.connection_timeout * 1000;
u_int len;
u_int32_t rnd = 0;
resume_in_progress = 1;
/* Exchange banners */
ssh_exchange_identification(timeout_ms);
packet_set_nonblocking();
/* Send a kexinit message with [email protected] as only kex algo */
packet_start(SSH2_MSG_KEXINIT);
for (i = 0; i < KEX_COOKIE_LEN; i++) {
if (i % 4 == 0)
rnd = arc4random();
packet_put_char(rnd & 0xff);
rnd >>= 8;
}
packet_put_cstring(KEX_RESUME);
for (i = 1; i < PROPOSAL_MAX; i++) {
/* kex algorithm added so start with i=1 and not 0 */
packet_put_cstring(""); /* Not used when we resume */
}
packet_put_char(1); /* first kex_packet follows */
packet_put_int(0); /* reserved */
packet_send();
/* Assume that [email protected] will be accepted */
packet_start(SSH2_MSG_KEX_ROAMING_RESUME);
packet_put_int(roaming_id);
packet_send();
/* Read the server's kexinit and check for [email protected] */
if ((type = packet_read()) != SSH2_MSG_KEXINIT) {
debug("expected kexinit on resume, got %d", type);
goto fail;
}
for (i = 0; i < KEX_COOKIE_LEN; i++)
(void)packet_get_char();
kexlist = packet_get_string(&len);
if (!kexlist
|| (str = match_list(KEX_RESUME, kexlist, NULL)) == NULL) {
debug("server doesn't allow resume");
goto fail;
}
free(str);
for (i = 1; i < PROPOSAL_MAX; i++) {
/* kex algorithm taken care of so start with i=1 and not 0 */
free(packet_get_string(&len));
}
i = packet_get_char(); /* first_kex_packet_follows */
if (i && (c = strchr(kexlist, ',')))
*c = 0;
if (i && strcmp(kexlist, KEX_RESUME)) {
debug("server's kex guess (%s) was wrong, skipping", kexlist);
(void)packet_read(); /* Wrong guess - discard packet */
}
/*
* Read the ROAMING_AUTH_REQUIRED challenge from the server and
* send ROAMING_AUTH
*/
if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_REQUIRED) {
debug("expected roaming_auth_required, got %d", type);
goto fail;
}
roaming_auth_required();
/* Read ROAMING_AUTH_OK from the server */
if ((type = packet_read()) != SSH2_MSG_KEX_ROAMING_AUTH_OK) {
debug("expected roaming_auth_ok, got %d", type);
goto fail;
}
recv_bytes = packet_get_int64() ^ oldkey2;
debug("Peer received %llu bytes", (unsigned long long)recv_bytes);
resend_bytes(packet_get_connection_out(), &recv_bytes);
resume_in_progress = 0;
session_resumed = 1; /* Tell clientloop */
return 0;
fail:
free(kexlist);
if (packet_get_connection_in() == packet_get_connection_out())
close(packet_get_connection_in());
else {
close(packet_get_connection_in());
close(packet_get_connection_out());
}
return 1;
}
/*
* Performs the interactive session. This handles data transmission between
* the client and the program. Note that the notion of stdin, stdout, and
* stderr in this function is sort of reversed: this function writes to
* stdin (of the child program), and reads from stdout and stderr (of the
* child program).
*/
void
server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
{
fd_set *readset = NULL, *writeset = NULL;
int max_fd = 0;
u_int nalloc = 0;
int wait_status; /* Status returned by wait(). */
pid_t wait_pid; /* pid returned by wait(). */
int waiting_termination = 0; /* Have displayed waiting close message. */
u_int64_t max_time_milliseconds;
u_int previous_stdout_buffer_bytes;
u_int stdout_buffer_bytes;
int type;
debug("Entering interactive session.");
/* Initialize the SIGCHLD kludge. */
child_terminated = 0;
mysignal(SIGCHLD, sigchld_handler);
if (!use_privsep) {
signal(SIGTERM, sigterm_handler);
signal(SIGINT, sigterm_handler);
signal(SIGQUIT, sigterm_handler);
}
/* Initialize our global variables. */
fdin = fdin_arg;
fdout = fdout_arg;
fderr = fderr_arg;
/* nonblocking IO */
set_nonblock(fdin);
set_nonblock(fdout);
/* we don't have stderr for interactive terminal sessions, see below */
if (fderr != -1)
set_nonblock(fderr);
if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin))
fdin_is_tty = 1;
connection_in = packet_get_connection_in();
connection_out = packet_get_connection_out();
notify_setup();
previous_stdout_buffer_bytes = 0;
/* Set approximate I/O buffer size. */
if (packet_is_interactive())
buffer_high = 4096;
else
buffer_high = 64 * 1024;
#if 0
/* Initialize max_fd to the maximum of the known file descriptors. */
max_fd = MAX(connection_in, connection_out);
max_fd = MAX(max_fd, fdin);
max_fd = MAX(max_fd, fdout);
if (fderr != -1)
max_fd = MAX(max_fd, fderr);
#endif
/* Initialize Initialize buffers. */
buffer_init(&stdin_buffer);
buffer_init(&stdout_buffer);
buffer_init(&stderr_buffer);
/*
* If we have no separate fderr (which is the case when we have a pty
* - there we cannot make difference between data sent to stdout and
* stderr), indicate that we have seen an EOF from stderr. This way
* we don't need to check the descriptor everywhere.
*/
if (fderr == -1)
fderr_eof = 1;
server_init_dispatch();
/* Main loop of the server for the interactive session mode. */
for (;;) {
/* Process buffered packets from the client. */
process_buffered_input_packets();
/*
* If we have received eof, and there is no more pending
* input data, cause a real eof by closing fdin.
*/
if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
if (fdin != fdout)
close(fdin);
else
shutdown(fdin, SHUT_WR); /* We will no longer send. */
fdin = -1;
}
/* Make packets from buffered stderr data to send to the client. */
make_packets_from_stderr_data();
/*
* Make packets from buffered stdout data to send to the
* client. If there is very little to send, this arranges to
* not send them now, but to wait a short while to see if we
* are getting more data. This is necessary, as some systems
* wake up readers from a pty after each separate character.
*/
max_time_milliseconds = 0;
stdout_buffer_bytes = buffer_len(&stdout_buffer);
if (stdout_buffer_bytes != 0 && stdout_buffer_bytes < 256 &&
stdout_buffer_bytes != previous_stdout_buffer_bytes) {
/* try again after a while */
max_time_milliseconds = 10;
} else {
/* Send it now. */
make_packets_from_stdout_data();
}
previous_stdout_buffer_bytes = buffer_len(&stdout_buffer);
/* Send channel data to the client. */
if (packet_not_very_much_data_to_write())
channel_output_poll();
/*
* Bail out of the loop if the program has closed its output
* descriptors, and we have no more data to send to the
* client, and there is no pending buffered data.
*/
if (fdout_eof && fderr_eof && !packet_have_data_to_write() &&
buffer_len(&stdout_buffer) == 0 && buffer_len(&stderr_buffer) == 0) {
if (!channel_still_open())
break;
if (!waiting_termination) {
const char *s = "Waiting for forwarded connections to terminate... (press ~& to background)\r\n";
char *cp;
waiting_termination = 1;
buffer_append(&stderr_buffer, s, strlen(s));
/* Display list of open channels. */
cp = channel_open_message();
buffer_append(&stderr_buffer, cp, strlen(cp));
free(cp);
}
}
max_fd = MAX(connection_in, connection_out);
max_fd = MAX(max_fd, fdin);
max_fd = MAX(max_fd, fdout);
max_fd = MAX(max_fd, fderr);
max_fd = MAX(max_fd, notify_pipe[0]);
/* Sleep in select() until we can do something. */
wait_until_can_do_something(&readset, &writeset, &max_fd,
&nalloc, max_time_milliseconds);
if (received_sigterm) {
logit("Exiting on signal %d", (int)received_sigterm);
/* Clean up sessions, utmp, etc. */
cleanup_exit(255);
}
/* Process any channel events. */
channel_after_select(readset, writeset);
/* Process input from the client and from program stdout/stderr. */
process_input(readset);
/* Process output to the client and to program stdin. */
process_output(writeset);
}
free(readset);
free(writeset);
/* Cleanup and termination code. */
/* Wait until all output has been sent to the client. */
drain_output();
debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
/* Free and clear the buffers. */
buffer_free(&stdin_buffer);
buffer_free(&stdout_buffer);
buffer_free(&stderr_buffer);
/* Close the file descriptors. */
if (fdout != -1)
close(fdout);
fdout = -1;
fdout_eof = 1;
if (fderr != -1)
close(fderr);
fderr = -1;
fderr_eof = 1;
if (fdin != -1)
close(fdin);
fdin = -1;
channel_free_all();
/* We no longer want our SIGCHLD handler to be called. */
mysignal(SIGCHLD, SIG_DFL);
while ((wait_pid = waitpid(-1, &wait_status, 0)) < 0)
if (errno != EINTR)
packet_disconnect("wait: %.100s", strerror(errno));
if (wait_pid != pid)
error("Strange, wait returned pid %ld, expected %ld",
(long)wait_pid, (long)pid);
/* Check if it exited normally. */
if (WIFEXITED(wait_status)) {
/* Yes, normal exit. Get exit status and send it to the client. */
debug("Command exited with status %d.", WEXITSTATUS(wait_status));
packet_start(SSH_SMSG_EXITSTATUS);
packet_put_int(WEXITSTATUS(wait_status));
packet_send();
packet_write_wait();
/*
* Wait for exit confirmation. Note that there might be
* other packets coming before it; however, the program has
* already died so we just ignore them. The client is
* supposed to respond with the confirmation when it receives
* the exit status.
*/
do {
type = packet_read();
}
while (type != SSH_CMSG_EXIT_CONFIRMATION);
debug("Received exit confirmation.");
return;
}
/* Check if the program terminated due to a signal. */
if (WIFSIGNALED(wait_status))
packet_disconnect("Command terminated on signal %d.",
WTERMSIG(wait_status));
/* Some weird exit cause. Just exit. */
packet_disconnect("wait returned status %04x.", wait_status);
/* NOTREACHED */
}
void do_connection(int privileged_port)
{
int i;
MP_INT session_key_int;
unsigned char session_key[SSH_SESSION_KEY_LENGTH];
unsigned char check_bytes[8];
char *user;
unsigned int cipher_type, auth_mask, protocol_flags;
/* Generate check bytes that the client must send back in the user packet
in order for it to be accepted; this is used to defy ip spoofing
attacks. Note that this only works against somebody doing IP spoofing
from a remote machine; any machine on the local network can still see
outgoing packets and catch the random cookie. This only affects
rhosts authentication, and this is one of the reasons why it is
inherently insecure. */
for (i = 0; i < 8; i++)
check_bytes[i] = random_get_byte(&sensitive_data.random_state);
/* Send our public key. We include in the packet 64 bits of random
data that must be matched in the reply in order to prevent IP spoofing. */
packet_start(SSH_SMSG_PUBLIC_KEY);
for (i = 0; i < 8; i++)
packet_put_char(check_bytes[i]);
/* Store our public server RSA key. */
packet_put_int(public_key.bits);
packet_put_mp_int(&public_key.e);
packet_put_mp_int(&public_key.n);
/* Store our public host RSA key. */
packet_put_int(sensitive_data.host_key.bits);
packet_put_mp_int(&sensitive_data.host_key.e);
packet_put_mp_int(&sensitive_data.host_key.n);
/* Put protocol flags. */
packet_put_int(SSH_PROTOFLAG_HOST_IN_FWD_OPEN);
/* Declare which ciphers we support. */
packet_put_int(cipher_mask());
/* Declare supported authentication types. */
auth_mask = 0;
if (options.rhosts_authentication)
auth_mask |= 1 << SSH_AUTH_RHOSTS;
if (options.rhosts_rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA;
if (options.rsa_authentication)
auth_mask |= 1 << SSH_AUTH_RSA;
if (options.password_authentication)
auth_mask |= 1 << SSH_AUTH_PASSWORD;
packet_put_int(auth_mask);
/* Send the packet and wait for it to be sent. */
packet_send();
packet_write_wait();
debug("Sent %d bit public key and %d bit host key.", public_key.bits, sensitive_data.host_key.bits);
/* Read clients reply (cipher type and session key). */
packet_read_expect(SSH_CMSG_SESSION_KEY);
/* Get cipher type. */
cipher_type = packet_get_char();
/* Get check bytes from the packet. These must match those we sent earlier
with the public key packet. */
for (i = 0; i < 8; i++)
if (check_bytes[i] != packet_get_char())
packet_disconnect("IP Spoofing check bytes do not match.");
debug("Encryption type: %.200s", cipher_name(cipher_type));
/* Get the encrypted integer. */
mpz_init(&session_key_int);
packet_get_mp_int(&session_key_int);
/* Get protocol flags. */
protocol_flags = packet_get_int();
packet_set_protocol_flags(protocol_flags);
/* Decrypt it using our private server key and private host key (key with
larger modulus first). */
if (mpz_cmp(&sensitive_data.private_key.n, &sensitive_data.host_key.n) > 0) {
/* Private key has bigger modulus. */
assert(sensitive_data.private_key.bits >= sensitive_data.host_key.bits + SSH_KEY_BITS_RESERVED);
rsa_private_decrypt(&session_key_int, &session_key_int, &sensitive_data.private_key);
rsa_private_decrypt(&session_key_int, &session_key_int, &sensitive_data.host_key);
} else {
/* Host key has bigger modulus (or they are equal). */
assert(sensitive_data.host_key.bits >= sensitive_data.private_key.bits + SSH_KEY_BITS_RESERVED);
rsa_private_decrypt(&session_key_int, &session_key_int, &sensitive_data.host_key);
rsa_private_decrypt(&session_key_int, &session_key_int, &sensitive_data.private_key);
}
/* Compute session id for this session. */
compute_session_id(session_id, check_bytes, sensitive_data.host_key.bits, &sensitive_data.host_key.n, sensitive_data.private_key.bits, &sensitive_data.private_key.n);
/* Extract session key from the decrypted integer. The key is in the
least significant 256 bits of the integer; the first byte of the
key is in the highest bits. */
mp_linearize_msb_first(session_key, sizeof(session_key), &session_key_int);
/* Xor the first 16 bytes of the session key with the session id. */
for (i = 0; i < 16; i++)
session_key[i] ^= session_id[i];
/* Destroy the decrypted integer. It is no longer needed. */
mpz_clear(&session_key_int);
/* Set the session key. From this on all communications will be
encrypted. */
packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, cipher_type, 0);
/* Destroy our copy of the session key. It is no longer needed. */
memset(session_key, 0, sizeof(session_key));
debug("Received session key; encryption turned on.");
/* Send an acknowledgement packet. Note that this packet is sent
encrypted. */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
/* Get the name of the user that we wish to log in as. */
packet_read_expect(SSH_CMSG_USER);
/* Get the user name. */
user = packet_get_string(NULL);
/* Destroy the private and public keys. They will no longer be needed. */
rsa_clear_public_key(&public_key);
rsa_clear_private_key(&sensitive_data.private_key);
rsa_clear_private_key(&sensitive_data.host_key);
/* Do the authentication. */
do_authentication(user, privileged_port, cipher_type);
}
