Mercurial > dropbear
annotate session.h @ 1902:4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 24 Mar 2022 13:42:08 +0800 |
parents | df8d8ec1801c |
children |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
1036
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
970
diff
changeset
|
25 #ifndef DROPBEAR_SESSION_H_ |
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
970
diff
changeset
|
26 #define DROPBEAR_SESSION_H_ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "includes.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "buffer.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 #include "signkey.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 #include "kex.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 #include "auth.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 #include "channel.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #include "queue.h" |
9
7f77962de998
- Reworked non-channel fd handling to listener.c
Matt Johnston <matt@ucc.asn.au>
parents:
6
diff
changeset
|
35 #include "listener.h" |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
21
diff
changeset
|
36 #include "packet.h" |
64 | 37 #include "tcpfwd.h" |
130
154c8d5a6d1e
propagate of 82bb923d0154750ef716b66b498561f882891946 and f51a272341ee12268fe7028bc2f2bad66c603069 from branch 'matt.dbclient.work' to 'matt.dbclient.rez'
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
38 #include "chansession.h" |
614
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
575
diff
changeset
|
39 #include "dbutil.h" |
1032
0da8ba489c23
Move generic network routines to netio.c
Matt Johnston <matt@ucc.asn.au>
parents:
1027
diff
changeset
|
40 #include "netio.h" |
1654 | 41 #if DROPBEAR_PLUGIN |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
42 #include "pubkeyapi.h" |
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
43 #endif |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
44 #include "gcm.h" |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
45 #include "chachapoly.h" |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 |
568
005530560594
Rearrange getaddrstring() etc
Matt Johnston <matt@ucc.asn.au>
parents:
559
diff
changeset
|
47 void common_session_init(int sock_in, int sock_out); |
1531
fa733a314bee
use a full prototype (#56)
François Perrad <francois.perrad@gadz.org>
parents:
1515
diff
changeset
|
48 void session_loop(void(*loophandler)(void)) ATTRIB_NORETURN; |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
49 void session_cleanup(void); |
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
50 void send_session_identification(void); |
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
51 void send_msg_ignore(void); |
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
52 void ignore_recv_response(void); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
54 void update_channel_prio(void); |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
55 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
56 const char* get_user_shell(void); |
483
738313e73b1c
- "-J 'nc localhost 22'" kind of works, needs fixing hostkeys, ptys etc.
Matt Johnston <matt@ucc.asn.au>
parents:
482
diff
changeset
|
57 void fill_passwd(const char* username); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 /* Server */ |
1043
38d2f6b2d1b8
Add more ATTRIB_NORETURN annotations, from Thorsten Horstmann
Matt Johnston <matt@ucc.asn.au>
parents:
1036
diff
changeset
|
60 void svr_session(int sock, int childpipe) ATTRIB_NORETURN; |
614
00eca37e47e8
Add noreturn and format attribute hints for some functions.
Matt Johnston <matt@ucc.asn.au>
parents:
575
diff
changeset
|
61 void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; |
5
bc6477a6c393
syntactical fixups - it compiles, but channel handling code requires fixing.
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
62 void svr_dropbear_log(int priority, const char* format, va_list param); |
bc6477a6c393
syntactical fixups - it compiles, but channel handling code requires fixing.
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
63 |
26 | 64 /* Client */ |
1208
fb58cf341951
Client: kill proxy command when exiting application.
Konstantin Tokarev <ktokarev@smartlabs.tv>
parents:
1155
diff
changeset
|
65 void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress, pid_t proxy_cmd_pid) ATTRIB_NORETURN; |
1025 | 66 void cli_connected(int result, int sock, void* userdata, const char *errstring); |
1741
d1b279aa5ed1
Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents:
1683
diff
changeset
|
67 void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN; |
d1b279aa5ed1
Get client fuzzer building and starting (fails straight away)
Matt Johnston <matt@ucc.asn.au>
parents:
1683
diff
changeset
|
68 void cli_dropbear_log(int priority, const char* format, va_list param); |
1101
94ff5316980f
Turn cleantext()'s dirtytext argument into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1074
diff
changeset
|
69 void cleantext(char* dirtytext); |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
70 void kill_proxy_command(void); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
72 /* crypto parameters that are stored individually for transmit and receive */ |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
73 struct key_context_directional { |
712
bf0ac0512ef7
Fix "-m none" case and ugly typo
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
74 const struct dropbear_cipher *algo_crypt; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
75 const struct dropbear_cipher_mode *crypt_mode; |
712
bf0ac0512ef7
Fix "-m none" case and ugly typo
Matt Johnston <matt@ucc.asn.au>
parents:
686
diff
changeset
|
76 const struct dropbear_hash *algo_mac; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
77 int hash_index; /* lookup for libtomcrypt */ |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
78 int algo_comp; /* compression */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 #ifndef DISABLE_ZLIB |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
80 z_streamp zstream; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 /* actual keys */ |
502 | 83 union { |
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
84 #if DROPBEAR_ENABLE_CBC_MODE |
502 | 85 symmetric_CBC cbc; |
1673
e0871128e61f
CBC mode cleanup (#95)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1672
diff
changeset
|
86 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
87 #if DROPBEAR_ENABLE_CTR_MODE |
502 | 88 symmetric_CTR ctr; |
89 #endif | |
1672
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
90 #if DROPBEAR_ENABLE_GCM_MODE |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
91 dropbear_gcm_state gcm; |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
92 #endif |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
93 #if DROPBEAR_CHACHA20POLY1305 |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
94 dropbear_chachapoly_state chachapoly; |
3a97f14c0235
Add Chacha20-Poly1305, AES128-GCM and AES256-GCM support (#93)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1654
diff
changeset
|
95 #endif |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
96 } cipher_state; |
715
cd3d3c63d189
Make hmac-sha2-256 and hmac-sha2-512 work
Matt Johnston <matt@ucc.asn.au>
parents:
712
diff
changeset
|
97 unsigned char mackey[MAX_MAC_LEN]; |
753
d63ef1e211ea
Take transmit and receive keys into use separately
Matt Johnston <matt@ucc.asn.au>
parents:
747
diff
changeset
|
98 int valid; |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
99 }; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
100 |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
101 struct key_context { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
103 struct key_context_directional recv; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
104 struct key_context_directional trans; |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
105 |
756 | 106 const struct dropbear_kex *algo_kex; |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
107 enum signkey_type algo_hostkey; /* server key type */ |
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
108 enum signature_type algo_signature; /* server signature type */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
109 |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
110 int allow_compress; /* whether compression has started (useful in |
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
111 [email protected] delayed compression case) */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
114 struct packetlist; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
115 struct packetlist { |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
116 struct packetlist *next; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
117 buffer * payload; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
118 }; |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
119 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 struct sshsession { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 /* Is it a client or server? */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 unsigned char isserver; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 |
1139
43a8ea69b24c
Fix problem where auth timeout wasn't checked when waiting for ident
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
125 time_t connect_time; /* time the connection was established |
43a8ea69b24c
Fix problem where auth timeout wasn't checked when waiting for ident
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
126 (cleared after auth once we're not |
43a8ea69b24c
Fix problem where auth timeout wasn't checked when waiting for ident
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
127 respecting AUTH_TIMEOUT any more). |
43a8ea69b24c
Fix problem where auth timeout wasn't checked when waiting for ident
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
128 A monotonic time, not realworld */ |
43a8ea69b24c
Fix problem where auth timeout wasn't checked when waiting for ident
Matt Johnston <matt@ucc.asn.au>
parents:
1108
diff
changeset
|
129 |
479
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
130 int sock_in; |
e3db1f7a2e43
- Split main socket var into ses.sock_in/ses.sock_out in preparation
Matt Johnston <matt@ucc.asn.au>
parents:
454
diff
changeset
|
131 int sock_out; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 |
726
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
133 /* remotehost will be initially NULL as we delay |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
134 * reading the remote version string. it will be set |
78eda530c000
send out our kexinit packet before blocking to read the SSH version string
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
135 * by the time any recv_() packet methods are called */ |
1108
2ebf450edc2d
Turn sshsession's remoteident attribute into char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1101
diff
changeset
|
136 char *remoteident; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 int maxfd; /* the maximum file descriptor to check with select() */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 /* Packet buffers/values etc */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 buffer *writepayload; /* Unencrypted payload to write - this is used |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 throughout the code, as handlers fill out this |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
144 buffer with the packet to send. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 struct Queue writequeue; /* A queue of encrypted packets to send */ |
1074
10f198d4a308
Make main socket nonblocking. Limit writequeue size.
Matt Johnston <matt@ucc.asn.au>
parents:
1059
diff
changeset
|
146 unsigned int writequeue_len; /* Number of bytes pending to send in writequeue */ |
534
0431915df79f
- Get rid of decryptreadbuf, just decrypt in-place with readbuf
Matt Johnston <matt@ucc.asn.au>
parents:
513
diff
changeset
|
147 buffer *readbuf; /* From the wire, decrypted in-place */ |
1059
703c7cdd2577
Fix pubkey auth after change to reuse ses.readbuf as ses.payload
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
148 buffer *payload; /* Post-decompression, the actual SSH packet. |
703c7cdd2577
Fix pubkey auth after change to reuse ses.readbuf as ses.payload
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
149 May have extra data at the beginning, will be |
703c7cdd2577
Fix pubkey auth after change to reuse ses.readbuf as ses.payload
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
150 passed to packet processing functions positioned past |
703c7cdd2577
Fix pubkey auth after change to reuse ses.readbuf as ses.payload
Matt Johnston <matt@ucc.asn.au>
parents:
1055
diff
changeset
|
151 that, see payload_beginning */ |
1055
4d7b4c5526c5
A bit of a bodge to avoid memcpy if zlib is disabled
Matt Johnston <matt@ucc.asn.au>
parents:
1049
diff
changeset
|
152 unsigned int payload_beginning; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 unsigned int transseq, recvseq; /* Sequence IDs */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 /* Packet-handling flags */ |
22
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
21
diff
changeset
|
156 const packettype * packettypes; /* Packet handler mappings for this |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
21
diff
changeset
|
157 session, see process-packet.c */ |
c1e5d9195402
merge of abac2150ee4f4031a98016241fbd136d24fed127
Matt Johnston <matt@ucc.asn.au>
parents:
21
diff
changeset
|
158 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 unsigned dataallowed : 1; /* whether we can send data packets or we are in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
160 the middle of a KEX or something */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
161 |
886
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
162 unsigned char requirenext; /* byte indicating what packets we require next, |
cbc73a5aefb0
requirenext doesn't need two values
Matt Johnston <matt@ucc.asn.au>
parents:
883
diff
changeset
|
163 or 0x00 for any. */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 unsigned char ignorenext; /* whether to ignore the next packet, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 used for kex_follows stuff */ |
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
167 |
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
33
diff
changeset
|
168 unsigned char lastpacket; /* What the last received packet type was */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
169 |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
170 int signal_pipe[2]; /* stores endpoints of a self-pipe used for |
416
a01c0c8e543a
Improve behaviour when flushing out after a process has exited.
Matt Johnston <matt@ucc.asn.au>
parents:
249
diff
changeset
|
171 race-free signal handling */ |
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
172 int channel_signal_pending; /* Flag set when the signal pipe is triggered */ |
1024
aac0095dc3b4
work in progress for async connect
Matt Johnston <matt@ucc.asn.au>
parents:
970
diff
changeset
|
173 |
aac0095dc3b4
work in progress for async connect
Matt Johnston <matt@ucc.asn.au>
parents:
970
diff
changeset
|
174 m_list conn_pending; |
454
7e43f5e473b9
- Add -K keepalive flag for dropbear and dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
452
diff
changeset
|
175 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
176 /* time of the last packet send/receive, for keepalive. Not real-world clock */ |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
177 time_t last_packet_time_keepalive_sent; |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
178 time_t last_packet_time_keepalive_recv; |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
179 time_t last_packet_time_any_sent; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 |
939
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
181 time_t last_packet_time_idle; /* time of the last packet transmission or receive, for |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
182 idle timeout purposes so ignores SSH_MSG_IGNORE |
a0819ecfee0b
Make -K keepalive behave like OpenSSH's ServerAliveInterval
Matt Johnston <matt@ucc.asn.au>
parents:
928
diff
changeset
|
183 or responses to keepalives. Not real-world clock */ |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
184 |
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
502
diff
changeset
|
185 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
186 /* KEX/encryption related */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 struct KEXState kexstate; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 struct key_context *keys; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 struct key_context *newkeys; |
759
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
756
diff
changeset
|
190 buffer *session_id; /* this is the hash from the first kex */ |
76fba0856749
More changes for KEX and ECDH. Set up hash descriptors, make ECC code work,
Matt Johnston <matt@ucc.asn.au>
parents:
756
diff
changeset
|
191 /* The below are used temporarily during kex, are freed after use */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */ |
761
ac2158e3e403
ecc kind of works, needs fixing/testing
Matt Johnston <matt@ucc.asn.au>
parents:
759
diff
changeset
|
193 buffer *hash; /* the session hash */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 buffer* kexhashbuf; /* session hash buffer calculated from various packets*/ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 buffer* transkexinit; /* the kexinit packet we send should be kept so we |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 can add it to the hash when generating keys */ |
575
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
572
diff
changeset
|
197 |
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
572
diff
changeset
|
198 /* Enables/disables compression */ |
f9b5dc0cba61
- Disable compression for non-final multihops
Matt Johnston <matt@ucc.asn.au>
parents:
572
diff
changeset
|
199 algo_type *compress_algos; |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
200 |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
201 /* Other side allows SSH_MSG_EXT_INFO. Currently only set for server */ |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
202 int allow_ext_info; |
452
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
203 |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
204 /* a list of queued replies that should be sent after a KEX has |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
205 concluded (ie, while dataallowed was unset)*/ |
4cab61369879
Prevent invalid packets being sent during key-exchange, instead queue
Matt Johnston <matt@ucc.asn.au>
parents:
433
diff
changeset
|
206 struct packetlist *reply_queue_head, *reply_queue_tail; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
208 void(*remoteclosed)(void); /* A callback to handle closure of the |
33 | 209 remote connection */ |
210 | |
1276
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
211 void(*extra_session_cleanup)(void); /* client or server specific cleanup */ |
9169e4e7cbee
fix empty C prototypes
Francois Perrad <francois.perrad@gadz.org>
parents:
1215
diff
changeset
|
212 void(*send_kex_first_guess)(void); |
739
d44325108d0e
first_kex_packet_follows working, needs tidying
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
213 |
33 | 214 struct AuthState authstate; /* Common amongst client and server, since most |
215 struct elements are common */ | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 /* Channel related */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 struct Channel ** channels; /* these pointers may be null */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 unsigned int chansize; /* the number of Channel*s allocated for channels */ |
37 | 220 unsigned int chancount; /* the number of Channel*s in use */ |
6
ab00ef513e97
Sorted out the first channel init issues.
Matt Johnston <matt@ucc.asn.au>
parents:
5
diff
changeset
|
221 const struct ChanType **chantypes; /* The valid channel types */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 |
941
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
223 /* TCP priority level for the main "port 22" tcp socket */ |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
224 enum dropbear_prio socket_prio; |
5daedffd0769
Set tcp priority as follows:
Matt Johnston <matt@ucc.asn.au>
parents:
940
diff
changeset
|
225 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 /* TCP forwarding - where manage listeners */ |
9
7f77962de998
- Reworked non-channel fd handling to listener.c
Matt Johnston <matt@ucc.asn.au>
parents:
6
diff
changeset
|
227 struct Listener ** listeners; |
7f77962de998
- Reworked non-channel fd handling to listener.c
Matt Johnston <matt@ucc.asn.au>
parents:
6
diff
changeset
|
228 unsigned int listensize; |
156
8c2b3506f112
Rearrange preprocessor parts so that compilation with various options
Matt Johnston <matt@ucc.asn.au>
parents:
130
diff
changeset
|
229 |
21
d7cc5b484a2e
- Port restriction code back in
Matt Johnston <matt@ucc.asn.au>
parents:
9
diff
changeset
|
230 /* Whether to allow binding to privileged ports (<1024). This doesn't |
d7cc5b484a2e
- Port restriction code back in
Matt Johnston <matt@ucc.asn.au>
parents:
9
diff
changeset
|
231 * really belong here, but nowhere else fits nicely */ |
d7cc5b484a2e
- Port restriction code back in
Matt Johnston <matt@ucc.asn.au>
parents:
9
diff
changeset
|
232 int allowprivport; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 |
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
234 /* this is set when we get SIGINT or SIGTERM, the handler is in main.c */ |
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
235 volatile int exitflag; |
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
236 /* set once the ses structure (and cli_ses/svr_ses) have been populated to their initial state */ |
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
237 int init_done; |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
238 |
1654 | 239 #if DROPBEAR_PLUGIN |
240 struct PluginSession * plugin_session; | |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
241 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 struct serversession { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 /* Server specific options */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 int childpipe; /* kept open until we successfully authenticate */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 /* userauth */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
250 struct ChildPid * childpids; /* array of mappings childpid<->channel */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
251 unsigned int childpidsize; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
252 |
130
154c8d5a6d1e
propagate of 82bb923d0154750ef716b66b498561f882891946 and f51a272341ee12268fe7028bc2f2bad66c603069 from branch 'matt.dbclient.work' to 'matt.dbclient.rez'
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
253 /* Used to avoid a race in the exit returncode handling - see |
154c8d5a6d1e
propagate of 82bb923d0154750ef716b66b498561f882891946 and f51a272341ee12268fe7028bc2f2bad66c603069 from branch 'matt.dbclient.work' to 'matt.dbclient.rez'
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
254 * svr-chansession.c for details */ |
154c8d5a6d1e
propagate of 82bb923d0154750ef716b66b498561f882891946 and f51a272341ee12268fe7028bc2f2bad66c603069 from branch 'matt.dbclient.work' to 'matt.dbclient.rez'
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
255 struct exitinfo lastexit; |
154c8d5a6d1e
propagate of 82bb923d0154750ef716b66b498561f882891946 and f51a272341ee12268fe7028bc2f2bad66c603069 from branch 'matt.dbclient.work' to 'matt.dbclient.rez'
Matt Johnston <matt@ucc.asn.au>
parents:
108
diff
changeset
|
256 |
158
364a75cfebab
Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
257 /* The numeric address they connected from, used for logging */ |
364a75cfebab
Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
258 char * addrstring; |
364a75cfebab
Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents:
156
diff
changeset
|
259 |
572
8fd0ac8c8cab
Move remotehost into svr_ses structure since we can't look it up
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
260 /* The resolved remote address, used for lastlog etc */ |
8fd0ac8c8cab
Move remotehost into svr_ses structure since we can't look it up
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
261 char *remotehost; |
8fd0ac8c8cab
Move remotehost into svr_ses structure since we can't look it up
Matt Johnston <matt@ucc.asn.au>
parents:
568
diff
changeset
|
262 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
263 #if DROPBEAR_VFORK |
553
8711f20b89ab
- For uclinux, only cleanup on exit for the main process. This avoids
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
264 pid_t server_pid; |
8711f20b89ab
- For uclinux, only cleanup on exit for the main process. This avoids
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
265 #endif |
8711f20b89ab
- For uclinux, only cleanup on exit for the main process. This avoids
Matt Johnston <matt@ucc.asn.au>
parents:
534
diff
changeset
|
266 |
1654 | 267 #if DROPBEAR_PLUGIN |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
268 /* The shared library handle */ |
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
269 void *plugin_handle; |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
270 |
1681
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
271 /* The instance created by the plugin_new function */ |
435cfb9ec96e
send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents:
1676
diff
changeset
|
272 struct PluginInstance *plugin_instance; |
1653
76189c9ffea2
External Public-Key Authentication API (#72)
fabriziobertocci <fabriziobertocci@gmail.com>
parents:
1531
diff
changeset
|
273 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
274 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
275 |
26 | 276 typedef enum { |
33 | 277 KEX_NOTHING, |
26 | 278 KEXINIT_RCVD, |
279 KEXDH_INIT_SENT, | |
433
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
416
diff
changeset
|
280 KEXDONE |
33 | 281 } cli_kex_state; |
282 | |
283 typedef enum { | |
284 STATE_NOTHING, | |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
285 USERAUTH_WAIT, |
33 | 286 USERAUTH_REQ_SENT, |
287 USERAUTH_FAIL_RCVD, | |
37 | 288 USERAUTH_SUCCESS_RCVD, |
433
c216212001fc
Fix for -pedantic -ansi compilation, change // to /**/, plus some signedness
Matt Johnston <matt@ucc.asn.au>
parents:
416
diff
changeset
|
289 SESSION_RUNNING |
26 | 290 } cli_state; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
291 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
292 struct clientsession { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
293 |
857 | 294 /* XXX - move these to kexstate? */ |
755
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
295 struct kex_dh_param *dh_param; |
b07eb3dc23ec
refactor kexdh code a bit, start working on ecdh etc
Matt Johnston <matt@ucc.asn.au>
parents:
722
diff
changeset
|
296 struct kex_ecdh_param *ecdh_param; |
848 | 297 struct kex_curve25519_param *curve25519_param; |
801 | 298 const struct dropbear_kex *param_kex_algo; /* KEX algorithm corresponding to current dh_e and dh_x */ |
299 | |
33 | 300 cli_kex_state kex_state; /* Used for progressing KEX */ |
301 cli_state state; /* Used to progress auth/channelsession etc */ | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
302 |
39
0883c0906870
tty raw mode support works mostly
Matt Johnston <matt@ucc.asn.au>
parents:
37
diff
changeset
|
303 int tty_raw_mode; /* Whether we're in raw mode (and have to clean up) */ |
0883c0906870
tty raw mode support works mostly
Matt Johnston <matt@ucc.asn.au>
parents:
37
diff
changeset
|
304 struct termios saved_tio; |
93
5dda5a4d475c
Don't leave the stdin FD non-blocking on exit - busybox doesn't like it.
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
305 int stdincopy; |
5dda5a4d475c
Don't leave the stdin FD non-blocking on exit - busybox doesn't like it.
Matt Johnston <matt@ucc.asn.au>
parents:
64
diff
changeset
|
306 int stdinflags; |
175
2c5741e4b855
* Reset the non-blocking status of stdout and stderr as well on exit
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
307 int stdoutcopy; |
2c5741e4b855
* Reset the non-blocking status of stdout and stderr as well on exit
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
308 int stdoutflags; |
2c5741e4b855
* Reset the non-blocking status of stdout and stderr as well on exit
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
309 int stderrcopy; |
2c5741e4b855
* Reset the non-blocking status of stdout and stderr as well on exit
Matt Johnston <matt@ucc.asn.au>
parents:
158
diff
changeset
|
310 int stderrflags; |
39
0883c0906870
tty raw mode support works mostly
Matt Johnston <matt@ucc.asn.au>
parents:
37
diff
changeset
|
311 |
722
4a274f47eabd
Add ~. and ~^Z handling to exit/suspend dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
715
diff
changeset
|
312 /* for escape char handling */ |
4a274f47eabd
Add ~. and ~^Z handling to exit/suspend dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
715
diff
changeset
|
313 int last_char; |
4a274f47eabd
Add ~. and ~^Z handling to exit/suspend dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
715
diff
changeset
|
314 |
1495
0c16b4ccbd54
make signal flags volatile, simplify handling
Matt Johnston <matt@ucc.asn.au>
parents:
1477
diff
changeset
|
315 volatile int winchange; /* Set to 1 when a windowchange signal happens */ |
41
18eccbfb9641
added window-size change handling
Matt Johnston <matt@ucc.asn.au>
parents:
40
diff
changeset
|
316 |
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
317 int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD, |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
318 for the last type of auth we tried */ |
1821
df8d8ec1801c
added option to disable trivial auth methods (#128)
Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
parents:
1741
diff
changeset
|
319 int is_trivial_auth; |
883
ff597bf2cfb0
DROPBEAR_CLI_AUTH_IMMEDIATE fixed, now enabled by default
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
320 int ignore_next_auth_response; |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
321 #if DROPBEAR_CLI_INTERACT_AUTH |
249
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
215
diff
changeset
|
322 int auth_interact_failed; /* flag whether interactive auth can still |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
215
diff
changeset
|
323 be used */ |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
215
diff
changeset
|
324 int interact_request_received; /* flag whether we've received an |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
215
diff
changeset
|
325 info request from the server for |
efbaf6b03837
added keyboard-interactive client support
Matt Johnston <matt@ucc.asn.au>
parents:
215
diff
changeset
|
326 interactive auth.*/ |
1155
80b45616e1f3
fix build when ENABLE_CLI_INTERACT_AUTH is disabled
Mike Frysinger <vapier@gentoo.org>
parents:
1139
diff
changeset
|
327 #endif |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
550
diff
changeset
|
328 sign_key *lastprivkey; |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
93
diff
changeset
|
329 |
1676
d5cdc60db08e
ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents:
1675
diff
changeset
|
330 buffer *server_sig_algs; |
1675
ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents:
1674
diff
changeset
|
331 |
108
10f4d3319780
- added circular buffering for channels
Matt Johnston <matt@ucc.asn.au>
parents:
93
diff
changeset
|
332 int retval; /* What the command exit status was - we emulate it */ |
45
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
333 #if 0 |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
334 TODO |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
335 struct AgentkeyList *agentkeys; /* Keys to use for public-key auth */ |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
336 #endif |
9ee8996a375f
Pubkey auth is mostly there for the client. Something strange with
Matt Johnston <matt@ucc.asn.au>
parents:
43
diff
changeset
|
337 |
1215 | 338 pid_t proxy_cmd_pid; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
339 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
340 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
341 /* Global structs storing the state */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
342 extern struct sshsession ses; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
343 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
344 #if DROPBEAR_SERVER |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
345 extern struct serversession svr_ses; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
346 #endif /* DROPBEAR_SERVER */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
347 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1276
diff
changeset
|
348 #if DROPBEAR_CLIENT |
26 | 349 extern struct clientsession cli_ses; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
350 #endif /* DROPBEAR_CLIENT */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
351 |
1036
deed0571cacc
DROPBEAR_ prefix for include guards to avoid collisions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
970
diff
changeset
|
352 #endif /* DROPBEAR_SESSION_H_ */ |