Mercurial > dropbear
annotate session.h @ 1715:3974f087d9c0
Disallow leading lines before the ident for server (#102)
Per RFC4253 4.2 clients must be able to process other lines of data
before the version string, server behavior is not defined neither
with MUST/SHOULD nor with MAY.
If server process up to 50 lines too - it may cause too long hanging
session with invalid/evil client that consume host resources and
potentially may lead to DDoS on poor embedded boxes.
Let's require first line from client to be version string and fail
early if it's not - matches both RFC and real OpenSSH behavior.
author | Vladislav Grishenko <themiron@users.noreply.github.com> |
---|---|
date | Mon, 15 Jun 2020 18:22:18 +0500 |
parents | 41bf8f216644 |
children | d1b279aa5ed1 |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
1036
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
970
diff
changeset
|
25 #ifndef DROPBEAR_SESSION_H_ |
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
970
diff
changeset
|
26 #define DROPBEAR_SESSION_H_ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "includes.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "buffer.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "signkey.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 #include "kex.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 #include "auth.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 #include "channel.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #include "queue.h" |
9
7f77962de998
- Reworked non-channel fd handling to listener.c
Matt Johnston <matt@ucc.asn.au>
parents:
6
diff
changeset
|
35 #include "listener.h" |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
21
diff
changeset
|
36 #include "packet.h" |
64 | 37 #include "tcpfwd.h" |
130
154c8d5a6d1e
propagate of 82bb923d0154750ef716b66b498561f882891946 and f51a272341ee12268fe7028bc2f2bad66c603069 from branch 'matt.dbclient.work' to 'matt.dbclient.rez'
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
38 #include "chansession.h" |
614
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
575
diff
changeset
|
39 #include "dbutil.h" |
1032
0da8ba489c23
Move generic network routines to netio.c
Matt Johnston <matt@ucc.asn.au>
parents:
1027
diff
changeset
|
40 #include "netio.h" |
1654 | 41 #if DROPBEAR_PLUGIN |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
42 #include "pubkeyapi.h" |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
43 #endif |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
44 #include "gcm.h" |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
45 #include "chachapoly.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
559
diff
changeset
|
47 void common_session_init(int sock_in, int sock_out); |
1531
fa733a314bee
use a full prototype (#56)
François Perrad <francois.perrad@gadz.org>
parents:
1515
diff
changeset
|
48 void session_loop(void(*loophandler)(void)) ATTRIB_NORETURN; |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
49 void session_cleanup(void); |
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
50 void send_session_identification(void); |
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
51 void send_msg_ignore(void); |
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
52 void ignore_recv_response(void); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
54 void update_channel_prio(void); |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
55 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
56 const char* get_user_shell(void); |
483
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
57 void fill_passwd(const char* username); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 /* Server */ |
1043
38d2f6b2d1b8
Add more ATTRIB_NORETURN annotations, from Thorsten Horstmann
Matt Johnston <matt@ucc.asn.au>
parents:
1036
diff
changeset
|
60 void svr_session(int sock, int childpipe) ATTRIB_NORETURN; |
614
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
575
diff
changeset
|
61 void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; |
5
bc6477a6c393
syntactical fixups - it compiles, but channel handling code requires fixing.
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
62 void svr_dropbear_log(int priority, const char* format, va_list param); |
bc6477a6c393
syntactical fixups - it compiles, but channel handling code requires fixing.
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
63 |
26 | 64 /* Client */ |
1208
fb58cf341951
Client: kill proxy command when exiting application.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1155
diff
changeset
|
65 void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress, pid_t proxy_cmd_pid) ATTRIB_NORETURN; |
1025 | 66 void cli_connected(int result, int sock, void* userdata, const char *errstring); |
1101
94ff5316980f
Turn cleantext()'s dirtytext argument into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1074
diff
changeset
|
67 void cleantext(char* dirtytext); |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
68 void kill_proxy_command(void); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
70 /* crypto parameters that are stored individually for transmit and receive */ |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
71 struct key_context_directional { |
712
bf0ac0512ef7
Fix "-m none" case and ugly typo
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
72 const struct dropbear_cipher *algo_crypt; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
73 const struct dropbear_cipher_mode *crypt_mode; |
712
bf0ac0512ef7
Fix "-m none" case and ugly typo
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
74 const struct dropbear_hash *algo_mac; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
75 int hash_index; /* lookup for libtomcrypt */ |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
76 int algo_comp; /* compression */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 #ifndef DISABLE_ZLIB |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
78 z_streamp zstream; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 /* actual keys */ |
502 | 81 union { |
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
82 #if DROPBEAR_ENABLE_CBC_MODE |
502 | 83 symmetric_CBC cbc; |
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
84 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
85 #if DROPBEAR_ENABLE_CTR_MODE |
502 | 86 symmetric_CTR ctr; |
87 #endif | |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
88 #if DROPBEAR_ENABLE_GCM_MODE |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
89 dropbear_gcm_state gcm; |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
90 #endif |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
91 #if DROPBEAR_CHACHA20POLY1305 |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
92 dropbear_chachapoly_state chachapoly; |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
93 #endif |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
94 } cipher_state; |
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
95 unsigned char mackey[MAX_MAC_LEN]; |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
747
diff
changeset
|
96 int valid; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
97 }; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
98 |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
99 struct key_context { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
101 struct key_context_directional recv; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
102 struct key_context_directional trans; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
103 |
756 | 104 const struct dropbear_kex *algo_kex; |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
105 enum signkey_type algo_hostkey; /* server key type */ |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
106 enum signature_type algo_signature; /* server signature type */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
107 |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
108 int allow_compress; /* whether compression has started (useful in |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
109 [email protected] delayed compression case) */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
112 struct packetlist; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
113 struct packetlist { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
114 struct packetlist *next; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
115 buffer * payload; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
116 }; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
117 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 struct sshsession { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 /* Is it a client or server? */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 unsigned char isserver; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 |
1139
43a8ea69b24c
Fix problem where auth timeout wasn't checked when waiting for ident
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
123 time_t connect_time; /* time the connection was established |
43a8ea69b24c
Fix problem where auth timeout wasn't checked when waiting for ident
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
124 (cleared after auth once we're not |
43a8ea69b24c
Fix problem where auth timeout wasn't checked when waiting for ident
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
125 respecting AUTH_TIMEOUT any more). |
43a8ea69b24c
Fix problem where auth timeout wasn't checked when waiting for ident
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
126 A monotonic time, not realworld */ |
43a8ea69b24c
Fix problem where auth timeout wasn't checked when waiting for ident
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
127 |
479
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
128 int sock_in; |
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
129 int sock_out; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 |
726
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
131 /* remotehost will be initially NULL as we delay |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
132 * reading the remote version string. it will be set |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
133 * by the time any recv_() packet methods are called */ |
1108
2ebf450edc2d
Turn sshsession's remoteident attribute into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1101
diff
changeset
|
134 char *remoteident; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 int maxfd; /* the maximum file descriptor to check with select() */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 /* Packet buffers/values etc */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 buffer *writepayload; /* Unencrypted payload to write - this is used |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 throughout the code, as handlers fill out this |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 buffer with the packet to send. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 struct Queue writequeue; /* A queue of encrypted packets to send */ |
1074
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1059
diff
changeset
|
144 unsigned int writequeue_len; /* Number of bytes pending to send in writequeue */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
145 buffer *readbuf; /* From the wire, decrypted in-place */ |
1059
703c7cdd2577
Fix pubkey auth after change to reuse ses.readbuf as ses.payload
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
146 buffer *payload; /* Post-decompression, the actual SSH packet. |
703c7cdd2577
Fix pubkey auth after change to reuse ses.readbuf as ses.payload
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
147 May have extra data at the beginning, will be |
703c7cdd2577
Fix pubkey auth after change to reuse ses.readbuf as ses.payload
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
148 passed to packet processing functions positioned past |
703c7cdd2577
Fix pubkey auth after change to reuse ses.readbuf as ses.payload
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
149 that, see payload_beginning */ |
1055
4d7b4c5526c5
A bit of a bodge to avoid memcpy if zlib is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
1049
diff
changeset
|
150 unsigned int payload_beginning; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 unsigned int transseq, recvseq; /* Sequence IDs */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 /* Packet-handling flags */ |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
21
diff
changeset
|
154 const packettype * packettypes; /* Packet handler mappings for this |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
21
diff
changeset
|
155 session, see process-packet.c */ |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
21
diff
changeset
|
156 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
157 unsigned dataallowed : 1; /* whether we can send data packets or we are in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
158 the middle of a KEX or something */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 |
886
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
160 unsigned char requirenext; /* byte indicating what packets we require next, |
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
161 or 0x00 for any. */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 unsigned char ignorenext; /* whether to ignore the next packet, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 used for kex_follows stuff */ |
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
165 |
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
166 unsigned char lastpacket; /* What the last received packet type was */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
168 int signal_pipe[2]; /* stores endpoints of a self-pipe used for |
416
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
169 race-free signal handling */ |
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
170 int channel_signal_pending; /* Flag set when the signal pipe is triggered */ |
1024
aac0095dc3b4
work in progress for async connect
Matt Johnston <matt@ucc.asn.au>
parents:
970
diff
changeset
|
171 |
aac0095dc3b4
work in progress for async connect
Matt Johnston <matt@ucc.asn.au>
parents:
970
diff
changeset
|
172 m_list conn_pending; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
173 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
174 /* time of the last packet send/receive, for keepalive. Not real-world clock */ |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
175 time_t last_packet_time_keepalive_sent; |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
176 time_t last_packet_time_keepalive_recv; |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
177 time_t last_packet_time_any_sent; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
179 time_t last_packet_time_idle; /* time of the last packet transmission or receive, for |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
180 idle timeout purposes so ignores SSH_MSG_IGNORE |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
181 or responses to keepalives. Not real-world clock */ |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
182 |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
183 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 /* KEX/encryption related */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 struct KEXState kexstate; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
186 struct key_context *keys; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 struct key_context *newkeys; |
759
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
756
diff
changeset
|
188 buffer *session_id; /* this is the hash from the first kex */ |
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
756
diff
changeset
|
189 /* The below are used temporarily during kex, are freed after use */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */ |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
191 buffer *hash; /* the session hash */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 buffer* kexhashbuf; /* session hash buffer calculated from various packets*/ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 buffer* transkexinit; /* the kexinit packet we send should be kept so we |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 can add it to the hash when generating keys */ |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
572
diff
changeset
|
195 |
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
572
diff
changeset
|
196 /* Enables/disables compression */ |
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
572
diff
changeset
|
197 algo_type *compress_algos; |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
198 |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
199 /* Other side allows SSH_MSG_EXT_INFO. Currently only set for server */ |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
200 int allow_ext_info; |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
201 |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
202 /* a list of queued replies that should be sent after a KEX has |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
203 concluded (ie, while dataallowed was unset)*/ |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
204 struct packetlist *reply_queue_head, *reply_queue_tail; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
206 void(*remoteclosed)(void); /* A callback to handle closure of the |
33 | 207 remote connection */ |
208 | |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
209 void(*extra_session_cleanup)(void); /* client or server specific cleanup */ |
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
210 void(*send_kex_first_guess)(void); |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
211 |
33 | 212 struct AuthState authstate; /* Common amongst client and server, since most |
213 struct elements are common */ | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 /* Channel related */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 struct Channel ** channels; /* these pointers may be null */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 unsigned int chansize; /* the number of Channel*s allocated for channels */ |
37 | 218 unsigned int chancount; /* the number of Channel*s in use */ |
6
ab00ef513e97
Sorted out the first channel init issues.
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
219 const struct ChanType **chantypes; /* The valid channel types */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
221 /* TCP priority level for the main "port 22" tcp socket */ |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
222 enum dropbear_prio socket_prio; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
223 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
224 /* TCP forwarding - where manage listeners */ |
9
7f77962de998
- Reworked non-channel fd handling to listener.c
Matt Johnston <matt@ucc.asn.au>
parents:
6
diff
changeset
|
225 struct Listener ** listeners; |
7f77962de998
- Reworked non-channel fd handling to listener.c
Matt Johnston <matt@ucc.asn.au>
parents:
6
diff
changeset
|
226 unsigned int listensize; |
156
8c2b3506f112
Rearrange preprocessor parts so that compilation with various options
Matt Johnston <matt@ucc.asn.au>
parents:
130
diff
changeset
|
227 |
21
d7cc5b484a2e
- Port restriction code back in
Matt Johnston <matt@ucc.asn.au>
parents:
9
diff
changeset
|
228 /* Whether to allow binding to privileged ports (<1024). This doesn't |
d7cc5b484a2e
- Port restriction code back in
Matt Johnston <matt@ucc.asn.au>
parents:
9
diff
changeset
|
229 * really belong here, but nowhere else fits nicely */ |
d7cc5b484a2e
- Port restriction code back in
Matt Johnston <matt@ucc.asn.au>
parents:
9
diff
changeset
|
230 int allowprivport; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 |
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
232 /* this is set when we get SIGINT or SIGTERM, the handler is in main.c */ |
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
233 volatile int exitflag; |
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
234 /* set once the ses structure (and cli_ses/svr_ses) have been populated to their initial state */ |
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
235 int init_done; |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
236 |
1654 | 237 #if DROPBEAR_PLUGIN |
238 struct PluginSession * plugin_session; | |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
239 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 struct serversession { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 /* Server specific options */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 int childpipe; /* kept open until we successfully authenticate */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 /* userauth */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 struct ChildPid * childpids; /* array of mappings childpid<->channel */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 unsigned int childpidsize; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
250 |
130
154c8d5a6d1e
propagate of 82bb923d0154750ef716b66b498561f882891946 and f51a272341ee12268fe7028bc2f2bad66c603069 from branch 'matt.dbclient.work' to 'matt.dbclient.rez'
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
251 /* Used to avoid a race in the exit returncode handling - see |
154c8d5a6d1e
propagate of 82bb923d0154750ef716b66b498561f882891946 and f51a272341ee12268fe7028bc2f2bad66c603069 from branch 'matt.dbclient.work' to 'matt.dbclient.rez'
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
252 * svr-chansession.c for details */ |
154c8d5a6d1e
propagate of 82bb923d0154750ef716b66b498561f882891946 and f51a272341ee12268fe7028bc2f2bad66c603069 from branch 'matt.dbclient.work' to 'matt.dbclient.rez'
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
253 struct exitinfo lastexit; |
154c8d5a6d1e
propagate of 82bb923d0154750ef716b66b498561f882891946 and f51a272341ee12268fe7028bc2f2bad66c603069 from branch 'matt.dbclient.work' to 'matt.dbclient.rez'
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
254 |
158
364a75cfebab
Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
255 /* The numeric address they connected from, used for logging */ |
364a75cfebab
Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
256 char * addrstring; |
364a75cfebab
Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
257 |
572
8fd0ac8c8cab
Move remotehost into svr_ses structure since we can't look it up
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
258 /* The resolved remote address, used for lastlog etc */ |
8fd0ac8c8cab
Move remotehost into svr_ses structure since we can't look it up
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
259 char *remotehost; |
8fd0ac8c8cab
Move remotehost into svr_ses structure since we can't look it up
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
260 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
261 #if DROPBEAR_VFORK |
553
8711f20b89ab
- For uclinux, only cleanup on exit for the main process. This avoids
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
262 pid_t server_pid; |
8711f20b89ab
- For uclinux, only cleanup on exit for the main process. This avoids
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
263 #endif |
8711f20b89ab
- For uclinux, only cleanup on exit for the main process. This avoids
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
264 |
1654 | 265 #if DROPBEAR_PLUGIN |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
266 /* The shared library handle */ |
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
267 void *plugin_handle; |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
268 |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
269 /* The instance created by the plugin_new function */ |
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
270 struct PluginInstance *plugin_instance; |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
271 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
272 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 |
26 | 274 typedef enum { |
33 | 275 KEX_NOTHING, |
26 | 276 KEXINIT_RCVD, |
277 KEXDH_INIT_SENT, | |
433
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
416
diff
changeset
|
278 KEXDONE |
33 | 279 } cli_kex_state; |
280 | |
281 typedef enum { | |
282 STATE_NOTHING, | |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
283 USERAUTH_WAIT, |
33 | 284 USERAUTH_REQ_SENT, |
285 USERAUTH_FAIL_RCVD, | |
37 | 286 USERAUTH_SUCCESS_RCVD, |
433
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
416
diff
changeset
|
287 SESSION_RUNNING |
26 | 288 } cli_state; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
289 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
290 struct clientsession { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
291 |
857 | 292 /* XXX - move these to kexstate? */ |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
293 struct kex_dh_param *dh_param; |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
294 struct kex_ecdh_param *ecdh_param; |
848 | 295 struct kex_curve25519_param *curve25519_param; |
801 | 296 const struct dropbear_kex *param_kex_algo; /* KEX algorithm corresponding to current dh_e and dh_x */ |
297 | |
33 | 298 cli_kex_state kex_state; /* Used for progressing KEX */ |
299 cli_state state; /* Used to progress auth/channelsession etc */ | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
300 |
39
0883c0906870
tty raw mode support works mostly
Matt Johnston <matt@ucc.asn.au>
parents:
37
diff
changeset
|
301 int tty_raw_mode; /* Whether we're in raw mode (and have to clean up) */ |
0883c0906870
tty raw mode support works mostly
Matt Johnston <matt@ucc.asn.au>
parents:
37
diff
changeset
|
302 struct termios saved_tio; |
93
5dda5a4d475c
Don't leave the stdin FD non-blocking on exit - busybox doesn't like it.
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
303 int stdincopy; |
5dda5a4d475c
Don't leave the stdin FD non-blocking on exit - busybox doesn't like it.
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
304 int stdinflags; |
175
2c5741e4b855
* Reset the non-blocking status of stdout and stderr as well on exit
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
305 int stdoutcopy; |
2c5741e4b855
* Reset the non-blocking status of stdout and stderr as well on exit
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
306 int stdoutflags; |
2c5741e4b855
* Reset the non-blocking status of stdout and stderr as well on exit
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
307 int stderrcopy; |
2c5741e4b855
* Reset the non-blocking status of stdout and stderr as well on exit
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
308 int stderrflags; |
39
0883c0906870
tty raw mode support works mostly
Matt Johnston <matt@ucc.asn.au>
parents:
37
diff
changeset
|
309 |
722
4a274f47eabd
Add ~. and ~^Z handling to exit/suspend dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
715
diff
changeset
|
310 /* for escape char handling */ |
4a274f47eabd
Add ~. and ~^Z handling to exit/suspend dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
715
diff
changeset
|
311 int last_char; |
4a274f47eabd
Add ~. and ~^Z handling to exit/suspend dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
715
diff
changeset
|
312 |
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
313 volatile int winchange; /* Set to 1 when a windowchange signal happens */ |
41
18eccbfb9641
added window-size change handling
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
314 |
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
315 int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD, |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
316 for the last type of auth we tried */ |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
317 int ignore_next_auth_response; |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
318 #if DROPBEAR_CLI_INTERACT_AUTH |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
215
diff
changeset
|
319 int auth_interact_failed; /* flag whether interactive auth can still |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
215
diff
changeset
|
320 be used */ |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
215
diff
changeset
|
321 int interact_request_received; /* flag whether we've received an |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
215
diff
changeset
|
322 info request from the server for |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
215
diff
changeset
|
323 interactive auth.*/ |
1155
80b45616e1f3
fix build when ENABLE_CLI_INTERACT_AUTH is disabled
Mike Frysinger <vapier@gentoo.org>
parents:
1139
diff
changeset
|
324 #endif |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
325 sign_key *lastprivkey; |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
93
diff
changeset
|
326 |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
327 buffer *server_sig_algs; |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
328 |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
93
diff
changeset
|
329 int retval; /* What the command exit status was - we emulate it */ |
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
330 #if 0 |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
331 TODO |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
332 struct AgentkeyList *agentkeys; /* Keys to use for public-key auth */ |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
333 #endif |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
334 |
1215 | 335 pid_t proxy_cmd_pid; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
336 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
337 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
338 /* Global structs storing the state */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
339 extern struct sshsession ses; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
340 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
341 #if DROPBEAR_SERVER |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
342 extern struct serversession svr_ses; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
343 #endif /* DROPBEAR_SERVER */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
344 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
345 #if DROPBEAR_CLIENT |
26 | 346 extern struct clientsession cli_ses; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
347 #endif /* DROPBEAR_CLIENT */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
348 |
1036
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
970
diff
changeset
|
349 #endif /* DROPBEAR_SESSION_H_ */ |