int sftp_reply_status(sftp_client_message msg, uint32_t status,
const char *message) {
ssh_buffer out;
ssh_string s;
out = ssh_buffer_new();
if (out == NULL) {
return -1;
}
s = ssh_string_from_char(message ? message : "");
if (s == NULL) {
ssh_buffer_free(out);
return -1;
}
if (ssh_buffer_add_u32(out, msg->id) < 0 ||
ssh_buffer_add_u32(out, htonl(status)) < 0 ||
ssh_buffer_add_ssh_string(out, s) < 0 ||
ssh_buffer_add_u32(out, 0) < 0 || /* language string */
sftp_packet_write(msg->sftp, SSH_FXP_STATUS, out) < 0) {
ssh_buffer_free(out);
ssh_string_free(s);
return -1;
}
ssh_buffer_free(out);
ssh_string_free(s);
return 0;
}
/*
* This function concats in a buffer the values needed to do a signature
* verification. */
ssh_buffer ssh_userauth_build_digest(ssh_session session, ssh_message msg, char *service) {
/*
The value of 'signature' is a signature by the corresponding private
key over the following data, in the following order:
string session identifier
byte SSH_MSG_USERAUTH_REQUEST
string user name
string service name
string "publickey"
boolean TRUE
string public key algorithm name
string public key to be used for authentication
*/
struct ssh_crypto_struct *crypto = session->current_crypto ? session->current_crypto :
session->next_crypto;
ssh_buffer buffer = NULL;
ssh_string session_id = NULL;
uint8_t type = SSH2_MSG_USERAUTH_REQUEST;
ssh_string username = ssh_string_from_char(msg->auth_request.username);
ssh_string servicename = ssh_string_from_char(service);
ssh_string method = ssh_string_from_char("publickey");
uint8_t has_sign = 1;
ssh_string algo = ssh_string_from_char(msg->auth_request.public_key->type_c);
ssh_string publickey = publickey_to_string(msg->auth_request.public_key);
buffer = ssh_buffer_new();
if (buffer == NULL) {
goto error;
}
session_id = ssh_string_new(SHA_DIGEST_LEN);
if (session_id == NULL) {
ssh_buffer_free(buffer);
buffer = NULL;
goto error;
}
ssh_string_fill(session_id, crypto->session_id, SHA_DIGEST_LEN);
if(buffer_add_ssh_string(buffer, session_id) < 0 ||
buffer_add_u8(buffer, type) < 0 ||
buffer_add_ssh_string(buffer, username) < 0 ||
buffer_add_ssh_string(buffer, servicename) < 0 ||
buffer_add_ssh_string(buffer, method) < 0 ||
buffer_add_u8(buffer, has_sign) < 0 ||
buffer_add_ssh_string(buffer, algo) < 0 ||
buffer_add_ssh_string(buffer, publickey) < 0) {
ssh_buffer_free(buffer);
buffer = NULL;
goto error;
}
error:
if(session_id) ssh_string_free(session_id);
if(username) ssh_string_free(username);
if(servicename) ssh_string_free(servicename);
if(method) ssh_string_free(method);
if(algo) ssh_string_free(algo);
if(publickey) ssh_string_free(publickey);
return buffer;
}
int sftp_reply_name(sftp_client_message msg, const char *name,
sftp_attributes attr) {
ssh_buffer out;
ssh_string file;
out = ssh_buffer_new();
if (out == NULL) {
return -1;
}
file = ssh_string_from_char(name);
if (file == NULL) {
ssh_buffer_free(out);
return -1;
}
if (ssh_buffer_add_u32(out, msg->id) < 0 ||
ssh_buffer_add_u32(out, htonl(1)) < 0 ||
ssh_buffer_add_ssh_string(out, file) < 0 ||
ssh_buffer_add_ssh_string(out, file) < 0 || /* The protocol is broken here between 3 & 4 */
buffer_add_attributes(out, attr) < 0 ||
sftp_packet_write(msg->sftp, SSH_FXP_NAME, out) < 0) {
ssh_buffer_free(out);
ssh_string_free(file);
return -1;
}
ssh_buffer_free(out);
ssh_string_free(file);
return 0;
}
int sftp_reply_names(sftp_client_message msg) {
ssh_buffer out;
out = ssh_buffer_new();
if (out == NULL) {
ssh_buffer_free(msg->attrbuf);
return -1;
}
if (ssh_buffer_add_u32(out, msg->id) < 0 ||
ssh_buffer_add_u32(out, htonl(msg->attr_num)) < 0 ||
ssh_buffer_add_data(out, ssh_buffer_get(msg->attrbuf),
ssh_buffer_get_len(msg->attrbuf)) < 0 ||
sftp_packet_write(msg->sftp, SSH_FXP_NAME, out) < 0) {
ssh_buffer_free(out);
ssh_buffer_free(msg->attrbuf);
return -1;
}
ssh_buffer_free(out);
ssh_buffer_free(msg->attrbuf);
msg->attr_num = 0;
msg->attrbuf = NULL;
return 0;
}
/**
* @brief Import a base64 formated public key from a memory c-string.
*
* @param[in] b64_key The base64 key to format.
*
* @param[in] type The type of the key to format.
*
* @param[out] pkey A pointer where the allocated key can be stored. You
* need to free the memory.
*
* @return SSH_OK on success, SSH_ERROR on error.
*
* @see ssh_key_free()
*/
int ssh_pki_import_pubkey_base64(const char *b64_key,
enum ssh_keytypes_e type,
ssh_key *pkey) {
ssh_buffer buffer;
ssh_string type_s;
int rc;
if (b64_key == NULL || pkey == NULL) {
return SSH_ERROR;
}
buffer = base64_to_bin(b64_key);
if (buffer == NULL) {
return SSH_ERROR;
}
type_s = ssh_buffer_get_ssh_string(buffer);
if (type_s == NULL) {
ssh_buffer_free(buffer);
return SSH_ERROR;
}
ssh_string_free(type_s);
if (type == SSH_KEYTYPE_RSA_CERT01 ||
type == SSH_KEYTYPE_DSS_CERT01) {
rc = pki_import_cert_buffer(buffer, type, pkey);
} else {
rc = pki_import_pubkey_buffer(buffer, type, pkey);
}
ssh_buffer_free(buffer);
return rc;
}
/**
* @brief Import a base64 formated public key from a memory c-string.
*
* @param[in] b64_key The base64 key to format.
*
* @param[in] type The type of the key to format.
*
* @param[out] pkey A pointer where the allocated key can be stored. You
* need to free the memory.
*
* @return SSH_OK on success, SSH_ERROR on error.
*
* @see ssh_key_free()
*/
int ssh_pki_import_pubkey_base64(const char *b64_key,
enum ssh_keytypes_e type,
ssh_key *pkey) {
ssh_buffer buffer;
ssh_string type_s;
int rc;
if (b64_key == NULL || pkey == NULL) {
return SSH_ERROR;
}
buffer = base64_to_bin(b64_key);
if (buffer == NULL) {
return SSH_ERROR;
}
type_s = buffer_get_ssh_string(buffer);
if (type_s == NULL) {
ssh_buffer_free(buffer);
return SSH_ERROR;
}
ssh_string_free(type_s);
rc = pki_import_pubkey_buffer(buffer, type, pkey);
ssh_buffer_free(buffer);
return rc;
}
int main()
{
int pass;
SshStream s1, s2;
ssh_rand_seed((SshUInt32)ssh_time());
ssh_event_loop_initialize();
for (pass = 0; pass < 100; pass++)
{
ssh_stream_pair_create(&s1, &s2);
break_test = ssh_rand() % 2;
copy_data_test(s1, s2);
ssh_stream_pair_create(&s1, &s2);
break_test = ssh_rand() % 2;
copy_data_test(s2, s1);
}
if (testdata)
ssh_buffer_free(testdata);
if (received_data)
ssh_buffer_free(received_data);
ssh_event_loop_uninitialize();
ssh_util_uninit();
return 0;
}
/**
* @internal
*
* @brief Import a public key from a ssh string.
*
* @param[in] key_blob The key blob to import as specified in RFC 4253 section
* 6.6 "Public Key Algorithms".
*
* @param[out] pkey A pointer where the allocated key can be stored. You
* need to free the memory.
*
* @return SSH_OK on success, SSH_ERROR on error.
*
* @see ssh_key_free()
*/
int ssh_pki_import_pubkey_blob(const ssh_string key_blob,
ssh_key *pkey) {
ssh_buffer buffer;
ssh_string type_s = NULL;
enum ssh_keytypes_e type;
int rc;
if (key_blob == NULL || pkey == NULL) {
return SSH_ERROR;
}
buffer = ssh_buffer_new();
if (buffer == NULL) {
SSH_LOG(SSH_LOG_WARN, "Out of memory!");
return SSH_ERROR;
}
rc = ssh_buffer_add_data(buffer, ssh_string_data(key_blob),
ssh_string_len(key_blob));
if (rc < 0) {
SSH_LOG(SSH_LOG_WARN, "Out of memory!");
goto fail;
}
type_s = ssh_buffer_get_ssh_string(buffer);
if (type_s == NULL) {
SSH_LOG(SSH_LOG_WARN, "Out of memory!");
goto fail;
}
type = ssh_key_type_from_name(ssh_string_get_char(type_s));
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Unknown key type found!");
goto fail;
}
ssh_string_free(type_s);
if (type == SSH_KEYTYPE_RSA_CERT01 ||
type == SSH_KEYTYPE_DSS_CERT01) {
rc = pki_import_cert_buffer(buffer, type, pkey);
} else {
rc = pki_import_pubkey_buffer(buffer, type, pkey);
}
ssh_buffer_free(buffer);
return rc;
fail:
ssh_buffer_free(buffer);
ssh_string_free(type_s);
return SSH_ERROR;
}
int ssh_pki_import_signature_blob(const ssh_string sig_blob,
const ssh_key pubkey,
ssh_signature *psig)
{
ssh_signature sig;
enum ssh_keytypes_e type;
ssh_string str;
ssh_buffer buf;
int rc;
if (sig_blob == NULL || psig == NULL) {
return SSH_ERROR;
}
buf = ssh_buffer_new();
if (buf == NULL) {
return SSH_ERROR;
}
rc = ssh_buffer_add_data(buf,
ssh_string_data(sig_blob),
ssh_string_len(sig_blob));
if (rc < 0) {
ssh_buffer_free(buf);
return SSH_ERROR;
}
str = ssh_buffer_get_ssh_string(buf);
if (str == NULL) {
ssh_buffer_free(buf);
return SSH_ERROR;
}
type = ssh_key_type_from_name(ssh_string_get_char(str));
ssh_string_free(str);
str = ssh_buffer_get_ssh_string(buf);
ssh_buffer_free(buf);
if (str == NULL) {
return SSH_ERROR;
}
sig = pki_signature_from_blob(pubkey, str, type);
ssh_string_free(str);
if (sig == NULL) {
return SSH_ERROR;
}
*psig = sig;
return SSH_OK;
}
static ssh_buffer gzip_decompress(ssh_session session, ssh_buffer source, size_t maxlen) {
z_stream *zin = session->current_crypto->compress_in_ctx;
void *in_ptr = buffer_get_rest(source);
unsigned long in_size = buffer_get_rest_len(source);
unsigned char out_buf[BLOCKSIZE] = {0};
ssh_buffer dest = NULL;
unsigned long len;
int status;
if (zin == NULL) {
zin = session->current_crypto->compress_in_ctx = initdecompress(session);
if (zin == NULL) {
return NULL;
}
}
dest = ssh_buffer_new();
if (dest == NULL) {
return NULL;
}
zin->next_out = out_buf;
zin->next_in = in_ptr;
zin->avail_in = in_size;
do {
zin->avail_out = BLOCKSIZE;
status = inflate(zin, Z_PARTIAL_FLUSH);
if (status != Z_OK && status != Z_BUF_ERROR) {
ssh_set_error(session, SSH_FATAL,
"status %d inflating zlib packet", status);
ssh_buffer_free(dest);
return NULL;
}
len = BLOCKSIZE - zin->avail_out;
if (buffer_add_data(dest,out_buf,len) < 0) {
ssh_buffer_free(dest);
return NULL;
}
if (buffer_get_rest_len(dest) > maxlen) {
/* Size of packet exceeded, avoid a denial of service attack */
ssh_buffer_free(dest);
return NULL;
}
zin->next_out = out_buf;
} while (zin->avail_out == 0);
return dest;
}
ssh_string ssh_pki_do_sign_agent(ssh_session session,
struct ssh_buffer_struct *buf,
const ssh_key pubkey) {
struct ssh_crypto_struct *crypto;
ssh_string session_id;
ssh_string sig_blob;
ssh_buffer sig_buf;
int rc;
if (session->current_crypto) {
crypto = session->current_crypto;
} else {
crypto = session->next_crypto;
}
/* prepend session identifier */
session_id = ssh_string_new(crypto->digest_len);
if (session_id == NULL) {
return NULL;
}
ssh_string_fill(session_id, crypto->session_id, crypto->digest_len);
sig_buf = ssh_buffer_new();
if (sig_buf == NULL) {
ssh_string_free(session_id);
return NULL;
}
rc = ssh_buffer_add_ssh_string(sig_buf, session_id);
if (rc < 0) {
ssh_string_free(session_id);
ssh_buffer_free(sig_buf);
return NULL;
}
ssh_string_free(session_id);
/* append out buffer */
if (ssh_buffer_add_buffer(sig_buf, buf) < 0) {
ssh_buffer_free(sig_buf);
return NULL;
}
/* create signature */
sig_blob = ssh_agent_sign_data(session, pubkey, sig_buf);
ssh_buffer_free(sig_buf);
return sig_blob;
}
static ssh_buffer ssh_gssapi_build_mic(ssh_session session){
ssh_buffer mic_buffer;
int rc;
mic_buffer = ssh_buffer_new();
if (mic_buffer == NULL) {
ssh_set_error_oom(session);
return NULL;
}
rc = ssh_buffer_pack(mic_buffer,
"dPbsss",
session->current_crypto->digest_len,
(size_t)session->current_crypto->digest_len, session->current_crypto->session_id,
SSH2_MSG_USERAUTH_REQUEST,
session->gssapi->user,
"ssh-connection",
"gssapi-with-mic");
if (rc != SSH_OK) {
ssh_set_error_oom(session);
ssh_buffer_free(mic_buffer);
return NULL;
}
return mic_buffer;
}
/**
* @brief Copy the certificate part of a public key into a private key.
*
* @param[in] certkey The certificate key.
*
* @param[in] privkey The target private key to copy the certificate to.
*
* @returns SSH_OK on success, SSH_ERROR otherwise.
**/
int ssh_pki_copy_cert_to_privkey(const ssh_key certkey, ssh_key privkey) {
ssh_buffer cert_buffer;
int rc;
if (certkey == NULL || privkey == NULL) {
return SSH_ERROR;
}
if (privkey->cert != NULL) {
return SSH_ERROR;
}
if (certkey->cert == NULL) {
return SSH_ERROR;
}
cert_buffer = ssh_buffer_new();
if (cert_buffer == NULL) {
return SSH_ERROR;
}
rc = ssh_buffer_add_buffer(cert_buffer, certkey->cert);
if (rc != 0) {
ssh_buffer_free(cert_buffer);
return SSH_ERROR;
}
privkey->cert = cert_buffer;
privkey->cert_type = certkey->type;
return SSH_OK;
}
void
ssh_eap_send_signal(SshEap eap,
SshUInt8 type,
SshEapSignal signal,
SshBuffer buf)
{
SSH_PRECOND(eap != NULL);
if (eap->destroy_pending == 1
|| eap->params == NULL
|| eap->params->signal_cb == NULL_FNPTR)
{
SSH_DEBUG(SSH_D_ERROR,
("incapable of delivering signal, discarding it"));
if (buf)
ssh_buffer_free(buf);
return;
}
SSH_EAP_CB(eap, eap->params->signal_cb(eap,
type,
signal,
buf,
eap->ctx));
}
void
ssh_eap_build_and_send_request(SshEap eap, SshUInt8 type,
const SshUInt8 *ptr, unsigned long len)
{
SshBuffer pkt;
pkt = ssh_eap_create_request(eap, (SshUInt16)len, type);
if (pkt == NULL)
{
ssh_eap_fatal(eap, NULL,
"Out of memory. Can not send request.");
return;
}
if (len != 0 && ptr != NULL)
{
if (ssh_buffer_append(pkt, ptr, len) != SSH_BUFFER_OK)
{
ssh_buffer_free(pkt);
ssh_eap_fatal(eap, NULL,
"Out of memory. Can not send request.");
return;
}
}
/* Send packet */
ssh_eap_protocol_send_request(NULL, eap, pkt);
}
/**
* @brief clean up the key and deallocate all existing keys
* @param[in] key ssh_key to clean
*/
void ssh_key_clean (ssh_key key){
if(key == NULL)
return;
#ifdef HAVE_LIBGCRYPT
if(key->dsa) gcry_sexp_release(key->dsa);
if(key->rsa) gcry_sexp_release(key->rsa);
if(key->ecdsa) gcry_sexp_release(key->ecdsa);
#elif defined HAVE_LIBCRYPTO
if(key->dsa) DSA_free(key->dsa);
if(key->rsa) RSA_free(key->rsa);
#ifdef HAVE_OPENSSL_ECC
if(key->ecdsa) EC_KEY_free(key->ecdsa);
#endif /* HAVE_OPENSSL_ECC */
#endif
if (key->ed25519_privkey != NULL){
BURN_BUFFER(key->ed25519_privkey, sizeof(ed25519_privkey));
SAFE_FREE(key->ed25519_privkey);
}
SAFE_FREE(key->ed25519_pubkey);
if (key->cert != NULL) {
ssh_buffer_free(key->cert);
}
key->cert_type = SSH_KEYTYPE_UNKNOWN;
key->flags=SSH_KEY_FLAG_EMPTY;
key->type=SSH_KEYTYPE_UNKNOWN;
key->ecdsa_nid = 0;
key->type_c=NULL;
key->dsa = NULL;
key->rsa = NULL;
key->ecdsa = NULL;
}
/**
* @brief opens a new pcap file and create header
*/
int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename){
ssh_buffer header;
int err;
if(pcap == NULL)
return SSH_ERROR;
if(pcap->output){
fclose(pcap->output);
pcap->output=NULL;
}
pcap->output=fopen(filename,"wb");
if(pcap->output==NULL)
return SSH_ERROR;
header=ssh_buffer_new();
if(header==NULL)
return SSH_ERROR;
buffer_add_u32(header,htonl(PCAP_MAGIC));
buffer_add_u16(header,htons(PCAP_VERSION_MAJOR));
buffer_add_u16(header,htons(PCAP_VERSION_MINOR));
/* currently hardcode GMT to 0 */
buffer_add_u32(header,htonl(0));
/* accuracy */
buffer_add_u32(header,htonl(0));
/* size of the biggest packet */
buffer_add_u32(header,htonl(MAX_PACKET_LEN));
/* we will write sort-of IP */
buffer_add_u32(header,htonl(DLT_RAW));
err=ssh_pcap_file_write(pcap,header);
ssh_buffer_free(header);
return err;
}
/**
* \internal
* \brief creates a new Socket object
*/
ssh_socket ssh_socket_new(ssh_session session) {
ssh_socket s;
s = malloc(sizeof(struct ssh_socket_struct));
if (s == NULL) {
ssh_set_error_oom(session);
return NULL;
}
s->fd_in = SSH_INVALID_SOCKET;
s->fd_out= SSH_INVALID_SOCKET;
s->last_errno = -1;
s->fd_is_socket = 1;
s->session = session;
s->in_buffer = ssh_buffer_new();
if (s->in_buffer == NULL) {
ssh_set_error_oom(session);
SAFE_FREE(s);
return NULL;
}
s->out_buffer=ssh_buffer_new();
if (s->out_buffer == NULL) {
ssh_set_error_oom(session);
ssh_buffer_free(s->in_buffer);
SAFE_FREE(s);
return NULL;
}
s->read_wontblock = 0;
s->write_wontblock = 0;
s->data_except = 0;
s->poll_in=s->poll_out=NULL;
s->state=SSH_SOCKET_NONE;
return s;
}
SshBuffer
ssh_eap_create_reply(SshEap eap, SshUInt16 len, SshUInt8 type)
{
SshBuffer pkt;
SSH_PRECOND(eap != NULL);
pkt = ssh_buffer_allocate();
if (pkt == NULL)
return NULL;
SSH_ASSERT(eap->id_isinit == 1);
if (!ssh_eap_packet_build_hdr_with_type(pkt,
SSH_EAP_CODE_REPLY,
eap->id,
len,
type))
{
ssh_buffer_free(pkt);
return NULL;
}
return pkt;
}
/* this is a public key in openssh's format */
static ssh_string make_rsa1_string(ssh_string e, ssh_string n){
ssh_buffer buffer = NULL;
ssh_string rsa = NULL;
ssh_string ret = NULL;
buffer = ssh_buffer_new();
rsa = ssh_string_from_char("ssh-rsa1");
if (rsa == NULL) {
goto error;
}
if (ssh_buffer_add_ssh_string(buffer, rsa) < 0) {
goto error;
}
if (ssh_buffer_add_ssh_string(buffer, e) < 0) {
goto error;
}
if (ssh_buffer_add_ssh_string(buffer, n) < 0) {
goto error;
}
ret = ssh_string_new(ssh_buffer_get_len(buffer));
if (ret == NULL) {
goto error;
}
ssh_string_fill(ret, ssh_buffer_get(buffer), ssh_buffer_get_len(buffer));
error:
ssh_buffer_free(buffer);
ssh_string_free(rsa);
return ret;
}
SshBuffer
ssh_eap_create_request(SshEap eap, SshUInt16 len, SshUInt8 type)
{
SshBuffer pkt;
pkt = ssh_buffer_allocate();
if (pkt == NULL)
return NULL;
eap->id++; /* Increment identifier here,
making "each packet" unique */
if (!ssh_eap_packet_build_hdr_with_type(pkt,
SSH_EAP_CODE_REQUEST,
eap->id,
len,
type))
{
ssh_buffer_free(pkt);
return NULL;
}
return pkt;
}
static int ssh_gssapi_send_mic(ssh_session session){
OM_uint32 maj_stat, min_stat;
gss_buffer_desc mic_buf = GSS_C_EMPTY_BUFFER;
gss_buffer_desc mic_token_buf = GSS_C_EMPTY_BUFFER;
ssh_buffer mic_buffer;
int rc;
SSH_LOG(SSH_LOG_PACKET,"Sending SSH_MSG_USERAUTH_GSSAPI_MIC");
mic_buffer = ssh_gssapi_build_mic(session);
if (mic_buffer == NULL) {
ssh_set_error_oom(session);
return SSH_ERROR;
}
mic_buf.length = ssh_buffer_get_len(mic_buffer);
mic_buf.value = ssh_buffer_get_begin(mic_buffer);
maj_stat = gss_get_mic(&min_stat,session->gssapi->ctx, GSS_C_QOP_DEFAULT, &mic_buf, &mic_token_buf);
if (GSS_ERROR(maj_stat)){
ssh_buffer_free(mic_buffer);
ssh_gssapi_log_error(0, "generating MIC", maj_stat);
return SSH_ERROR;
}
rc = buffer_add_u8(session->out_buffer, SSH2_MSG_USERAUTH_GSSAPI_MIC);
if (rc < 0) {
ssh_buffer_free(mic_buffer);
ssh_set_error_oom(session);
return SSH_ERROR;
}
rc = buffer_add_u32(session->out_buffer, htonl(mic_token_buf.length));
if (rc < 0) {
ssh_buffer_free(mic_buffer);
ssh_set_error_oom(session);
return SSH_ERROR;
}
rc = buffer_add_data(session->out_buffer, mic_token_buf.value, mic_token_buf.length);
ssh_buffer_free(mic_buffer);
if (rc < 0) {
ssh_set_error_oom(session);
return SSH_ERROR;
}
return packet_send(session);
}
void
ssh_eap_remember_packet(SshEap eap, SshBuffer buf)
{
if (eap->prev_pkt != NULL)
ssh_buffer_free(eap->prev_pkt);
eap->prev_pkt = buf;
}
ssh_string ssh_do_sign_with_agent(ssh_session session,
struct ssh_buffer_struct *buf, struct ssh_public_key_struct *publickey) {
struct ssh_buffer_struct *sigbuf = NULL;
struct ssh_string_struct *signature = NULL;
struct ssh_string_struct *session_id = NULL;
struct ssh_crypto_struct *crypto = NULL;
if (session->current_crypto) {
crypto = session->current_crypto;
} else {
crypto = session->next_crypto;
}
/* prepend session identifier */
session_id = ssh_string_new(crypto->digest_len);
if (session_id == NULL) {
return NULL;
}
ssh_string_fill(session_id, crypto->session_id, crypto->digest_len);
sigbuf = ssh_buffer_new();
if (sigbuf == NULL) {
ssh_string_free(session_id);
return NULL;
}
if (buffer_add_ssh_string(sigbuf, session_id) < 0) {
ssh_buffer_free(sigbuf);
ssh_string_free(session_id);
return NULL;
}
ssh_string_free(session_id);
/* append out buffer */
if (buffer_add_buffer(sigbuf, buf) < 0) {
ssh_buffer_free(sigbuf);
return NULL;
}
/* create signature */
signature = agent_sign_data(session, sigbuf, publickey);
ssh_buffer_free(sigbuf);
return signature;
}
void
ssh_eap_build_and_send_reply(SshEap eap, SshUInt8 type,
const SshUInt8 *ptr, SshUInt16 len)
{
SshBuffer pkt;
/* Only send replies to requests */
SSH_ASSERT(eap->id_isinit == 1);
pkt = ssh_buffer_allocate();
if (pkt == NULL)
{
ssh_eap_fatal(eap, NULL,
"Out of memory. Can not send reply.");
return;
}
if (!ssh_eap_packet_build_hdr_with_type(pkt,
SSH_EAP_CODE_REPLY,
eap->id,
len,
type))
{
ssh_buffer_free(pkt);
ssh_eap_fatal(eap, NULL,
"Out of memory. Can not send reply.");
return;
}
if (len != 0 && ptr != NULL)
{
if (ssh_buffer_append(pkt, ptr, len) != SSH_BUFFER_OK)
{
ssh_buffer_free(pkt);
ssh_eap_fatal(eap, NULL, "Out of memory. Can not send reply.");
return;
}
}
/* Ok. let's transmit this packet */
ssh_eap_remember_packet(eap, pkt);
ssh_eap_send_packet(eap, pkt);
}
static Boolean
ssh_eap_send_failure(SshEap eap)
{
SshBuffer pkt;
Boolean ret;
ret = FALSE;
pkt = ssh_buffer_allocate();
if (pkt == NULL)
{
ssh_eap_fatal(eap, NULL,
"Out of memory. Can not send EAP failure packet.");
return FALSE;
}
eap->previous_eap_code = SSH_EAP_CODE_FAILURE;
eap->previous_eap_type = 0;
if (eap->id_isrecv == 1)
{
SSH_DEBUG(SSH_D_MIDOK,("sending EAP failure packet!"));
if (ssh_eap_packet_build_hdr(pkt, SSH_EAP_CODE_FAILURE,
eap->id, 0) == TRUE)
{
ssh_eap_remember_packet(eap, pkt);
ssh_eap_send_packet(eap, pkt);
ret = TRUE;
}
else
{
ssh_buffer_free(pkt);
ssh_eap_fatal(eap, NULL,
"Out of memory. "
"Canot not send EAP failure packet");
}
}
else
{
ssh_buffer_free(pkt);
ssh_eap_fatal(eap, NULL, "Cannot send EAP failure packet, "
"no valid identifier available!");
}
return ret;
}
int sftp_reply_handle(sftp_client_message msg, ssh_string handle){
ssh_buffer out;
out = ssh_buffer_new();
if (out == NULL) {
return -1;
}
if (ssh_buffer_add_u32(out, msg->id) < 0 ||
ssh_buffer_add_ssh_string(out, handle) < 0 ||
sftp_packet_write(msg->sftp, SSH_FXP_HANDLE, out) < 0) {
ssh_buffer_free(out);
return -1;
}
ssh_buffer_free(out);
return 0;
}
int sftp_reply_attr(sftp_client_message msg, sftp_attributes attr) {
ssh_buffer out;
out = ssh_buffer_new();
if (out == NULL) {
return -1;
}
if (ssh_buffer_add_u32(out, msg->id) < 0 ||
buffer_add_attributes(out, attr) < 0 ||
sftp_packet_write(msg->sftp, SSH_FXP_ATTRS, out) < 0) {
ssh_buffer_free(out);
return -1;
}
ssh_buffer_free(out);
return 0;
}
/*
* Inserts specified event into log file specified in context.
* event parameter specifies the audited event. Each element after event
* must start with a SshAuditformat type followed by arguments of the
* appropriate type, and the list must end with SSH_AUDIT_ARGUMENT_END.
*/
void ssh_audit_event(SshAuditContext context, SshAuditEvent event, ...)
{
size_t bytes;
va_list ap;
SshBuffer *audit_info, *formated_str;
char *audit_time;
if (context == NULL) return;
if ((event < 0) || (event > SSH_AUDIT_MAX_VALUE)) return;
/* Check if given event is allowed */
if (!context->ssh_audit_event_allowed[(int)event]) return;
/* Initialize a buffer for output string */
audit_info = ssh_buffer_allocate();
/* Start constructing string which will be inserted into audit log.*/
/* Start with inserting the name of the event.*/
/* then date and time */
audit_time = ssh_time_string(ssh_time());
ssh_buffer_append_cstrs(audit_info,
ssh_find_keyword_name(ssh_audit_event_title,
(int)event),
": ", audit_time, ": ",
NULL);
ssh_xfree(audit_time);
/* Handle the variable list*/
va_start(ap, event);
formated_str = ssh_format_audit_string(ap);
va_end(ap);
/* Insert given parameters into string*/
ssh_buffer_append(audit_info,
ssh_buffer_ptr(formated_str),
ssh_buffer_len(formated_str));
ssh_buffer_append(audit_info, (unsigned char *) "\0", 1);
/* Output the log message*/
ssh_send_log_message(context, ssh_buffer_ptr(audit_info));
ssh_buffer_free(formated_str);
ssh_buffer_free(audit_info);
}
int sftp_reply_data(sftp_client_message msg, const void *data, int len) {
ssh_buffer out;
out = ssh_buffer_new();
if (out == NULL) {
return -1;
}
if (ssh_buffer_add_u32(out, msg->id) < 0 ||
ssh_buffer_add_u32(out, ntohl(len)) < 0 ||
ssh_buffer_add_data(out, data, len) < 0 ||
sftp_packet_write(msg->sftp, SSH_FXP_DATA, out) < 0) {
ssh_buffer_free(out);
return -1;
}
ssh_buffer_free(out);
return 0;
}