• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Dropbear - a SSH2 server
3  *
4  * Copyright (c) 2002,2003 Matt Johnston
5  * All rights reserved.
6  *
7  * Permission is hereby granted, free of charge, to any person obtaining a copy
8  * of this software and associated documentation files (the "Software"), to deal
9  * in the Software without restriction, including without limitation the rights
10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11  * copies of the Software, and to permit persons to whom the Software is
12  * furnished to do so, subject to the following conditions:
13  *
14  * The above copyright notice and this permission notice shall be included in
15  * all copies or substantial portions of the Software.
16  *
17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23  * SOFTWARE. */
24 
25 #ifndef _SESSION_H_
26 #define _SESSION_H_
27 
28 #include "includes.h"
29 #include "options.h"
30 #include "buffer.h"
31 #include "signkey.h"
32 #include "kex.h"
33 #include "auth.h"
34 #include "channel.h"
35 #include "queue.h"
36 #include "listener.h"
37 #include "packet.h"
38 #include "tcpfwd.h"
39 #include "chansession.h"
40 
41 extern int sessinitdone; /* Is set to 0 somewhere */
42 extern int exitflag;
43 
44 void common_session_init(int sock, char* remotehost);
45 void session_loop(void(*loophandler)());
46 void common_session_cleanup();
47 void session_identification();
48 
49 
50 /* Server */
51 void svr_session(int sock, int childpipe, char *remotehost, char *addrstring);
52 void svr_dropbear_exit(int exitcode, const char* format, va_list param);
53 void svr_dropbear_log(int priority, const char* format, va_list param);
54 
55 /* Client */
56 void cli_session(int sock, char *remotehost);
57 void cli_session_cleanup();
58 void cleantext(unsigned char* dirtytext);
59 
60 struct key_context {
61 
62 	const struct dropbear_cipher *recv_algo_crypt; /* NULL for none */
63 	const struct dropbear_cipher *trans_algo_crypt; /* NULL for none */
64 	const struct dropbear_hash *recv_algo_mac; /* NULL for none */
65 	const struct dropbear_hash *trans_algo_mac; /* NULL for none */
66 	char algo_kex;
67 	char algo_hostkey;
68 
69 	char recv_algo_comp; /* compression */
70 	char trans_algo_comp;
71 #ifndef DISABLE_ZLIB
72 	z_streamp recv_zstream;
73 	z_streamp trans_zstream;
74 #endif
75 
76 	/* actual keys */
77 	symmetric_CBC recv_symmetric_struct;
78 	symmetric_CBC trans_symmetric_struct;
79 	unsigned char recvmackey[MAX_MAC_KEY];
80 	unsigned char transmackey[MAX_MAC_KEY];
81 
82 };
83 
84 struct sshsession {
85 
86 	/* Is it a client or server? */
87 	unsigned char isserver;
88 
89 	long connecttimeout; /* time to disconnect if we have a timeout (for
90 							userauth etc), or 0 for no timeout */
91 
92 	int sock;
93 
94 	unsigned char *remotehost; /* the peer hostname */
95 
96 	unsigned char *remoteident;
97 
98 	int maxfd; /* the maximum file descriptor to check with select() */
99 
100 
101 	/* Packet buffers/values etc */
102 	buffer *writepayload; /* Unencrypted payload to write - this is used
103 							 throughout the code, as handlers fill out this
104 							 buffer with the packet to send. */
105 	struct Queue writequeue; /* A queue of encrypted packets to send */
106 	buffer *readbuf; /* Encrypted */
107 	buffer *decryptreadbuf; /* Post-decryption */
108 	buffer *payload; /* Post-decompression, the actual SSH packet */
109 	unsigned int transseq, recvseq; /* Sequence IDs */
110 
111 	/* Packet-handling flags */
112 	const packettype * packettypes; /* Packet handler mappings for this
113 										session, see process-packet.c */
114 
115 	unsigned dataallowed : 1; /* whether we can send data packets or we are in
116 								 the middle of a KEX or something */
117 
118 	unsigned char requirenext; /* byte indicating what packet we require next,
119 								or 0x00 for any */
120 
121 	unsigned char ignorenext; /* whether to ignore the next packet,
122 								 used for kex_follows stuff */
123 
124 	unsigned char lastpacket; /* What the last received packet type was */
125 
126     int signal_pipe[2]; /* stores endpoints of a self-pipe used for
127 						   race-free signal handling */
128 
129 	/* KEX/encryption related */
130 	struct KEXState kexstate;
131 	struct key_context *keys;
132 	struct key_context *newkeys;
133 	unsigned char *session_id; /* this is the hash from the first kex */
134 	/* The below are used temorarily during kex, are freed after use */
135 	mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */
136 	unsigned char hash[SHA1_HASH_SIZE]; /* the hash*/
137 	buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
138 	buffer* transkexinit; /* the kexinit packet we send should be kept so we
139 							 can add it to the hash when generating keys */
140 
141 	algo_type*(*buf_match_algo)(buffer*buf, algo_type localalgos[],
142 			int *goodguess); /* The function to use to choose which algorithm
143 								to use from the ones presented by the remote
144 								side. Is specific to the client/server mode,
145 								hence the function-pointer callback.*/
146 
147 	void(*remoteclosed)(); /* A callback to handle closure of the
148 									  remote connection */
149 
150 
151 	struct AuthState authstate; /* Common amongst client and server, since most
152 								   struct elements are common */
153 
154 	/* Channel related */
155 	struct Channel ** channels; /* these pointers may be null */
156 	unsigned int chansize; /* the number of Channel*s allocated for channels */
157 	unsigned int chancount; /* the number of Channel*s in use */
158 	const struct ChanType **chantypes; /* The valid channel types */
159 
160 
161 	/* TCP forwarding - where manage listeners */
162 	struct Listener ** listeners;
163 	unsigned int listensize;
164 
165 	/* Whether to allow binding to privileged ports (<1024). This doesn't
166 	 * really belong here, but nowhere else fits nicely */
167 	int allowprivport;
168 
169 };
170 
171 struct serversession {
172 
173 	/* Server specific options */
174 	int childpipe; /* kept open until we successfully authenticate */
175 	/* userauth */
176 
177 	struct ChildPid * childpids; /* array of mappings childpid<->channel */
178 	unsigned int childpidsize;
179 
180 	/* Used to avoid a race in the exit returncode handling - see
181 	 * svr-chansession.c for details */
182 	struct exitinfo lastexit;
183 
184 	/* The numeric address they connected from, used for logging */
185 	char * addrstring;
186 
187 };
188 
189 typedef enum {
190 	KEX_NOTHING,
191 	KEXINIT_RCVD,
192 	KEXDH_INIT_SENT,
193 	KEXDONE
194 } cli_kex_state;
195 
196 typedef enum {
197 	STATE_NOTHING,
198 	SERVICE_AUTH_REQ_SENT,
199 	SERVICE_AUTH_ACCEPT_RCVD,
200 	SERVICE_CONN_REQ_SENT,
201 	SERVICE_CONN_ACCEPT_RCVD,
202 	USERAUTH_REQ_SENT,
203 	USERAUTH_FAIL_RCVD,
204 	USERAUTH_SUCCESS_RCVD,
205 	SESSION_RUNNING
206 } cli_state;
207 
208 struct clientsession {
209 
210 	mp_int *dh_e, *dh_x; /* Used during KEX */
211 	cli_kex_state kex_state; /* Used for progressing KEX */
212 	cli_state state; /* Used to progress auth/channelsession etc */
213 	unsigned donefirstkex : 1; /* Set when we set sentnewkeys, never reset */
214 
215 	int tty_raw_mode; /* Whether we're in raw mode (and have to clean up) */
216 	struct termios saved_tio;
217 	int stdincopy;
218 	int stdinflags;
219 	int stdoutcopy;
220 	int stdoutflags;
221 	int stderrcopy;
222 	int stderrflags;
223 
224 	int winchange; /* Set to 1 when a windowchange signal happens */
225 
226 	int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
227 						 for the last type of auth we tried */
228 #ifdef ENABLE_CLI_INTERACT_AUTH
229 	int auth_interact_failed; /* flag whether interactive auth can still
230 								 be used */
231 	int interact_request_received; /* flag whether we've received an
232 									  info request from the server for
233 									  interactive auth.*/
234 #endif
235 	struct SignKeyList *lastprivkey;
236 
237 	int retval; /* What the command exit status was - we emulate it */
238 #if 0
239 	TODO
240 	struct AgentkeyList *agentkeys; /* Keys to use for public-key auth */
241 #endif
242 
243 };
244 
245 /* Global structs storing the state */
246 extern struct sshsession ses;
247 
248 #ifdef DROPBEAR_SERVER
249 extern struct serversession svr_ses;
250 #endif /* DROPBEAR_SERVER */
251 
252 #ifdef DROPBEAR_CLIENT
253 extern struct clientsession cli_ses;
254 #endif /* DROPBEAR_CLIENT */
255 
256 #endif /* _SESSION_H_ */
257