Mercurial > dropbear

comparison session.h @ 285:1b9e69c058d2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3) to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
author Matt Johnston <matt@ucc.asn.au>
date Wed, 08 Mar 2006 13:23:58 +0000
parents efbaf6b03837
children a01c0c8e543a
comparison
equal deleted inserted replaced
281:997e6f7dc01e 285:1b9e69c058d2
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #ifndef _SESSION_H_
26 #define _SESSION_H_
27
28 #include "includes.h"
29 #include "options.h"
30 #include "buffer.h"
31 #include "signkey.h"
32 #include "kex.h"
33 #include "auth.h"
34 #include "channel.h"
35 #include "queue.h"
36 #include "listener.h"
37 #include "packet.h"
38 #include "tcpfwd.h"
39 #include "chansession.h"
40
41 extern int sessinitdone; /* Is set to 0 somewhere */
42 extern int exitflag;
43
44 void common_session_init(int sock, char* remotehost);
45 void session_loop(void(*loophandler)());
46 void common_session_cleanup();
47 void session_identification();
48
49
50 /* Server */
51 void svr_session(int sock, int childpipe, char *remotehost, char *addrstring);
52 void svr_dropbear_exit(int exitcode, const char* format, va_list param);
53 void svr_dropbear_log(int priority, const char* format, va_list param);
54
55 /* Client */
56 void cli_session(int sock, char *remotehost);
57 void cli_session_cleanup();
58 void cleantext(unsigned char* dirtytext);
59
60 struct key_context {
61
62 const struct dropbear_cipher *recv_algo_crypt; /* NULL for none */
63 const struct dropbear_cipher *trans_algo_crypt; /* NULL for none */
64 const struct dropbear_hash *recv_algo_mac; /* NULL for none */
65 const struct dropbear_hash *trans_algo_mac; /* NULL for none */
66 char algo_kex;
67 char algo_hostkey;
68
69 char recv_algo_comp; /* compression */
70 char trans_algo_comp;
71 #ifndef DISABLE_ZLIB
72 z_streamp recv_zstream;
73 z_streamp trans_zstream;
74 #endif
75
76 /* actual keys */
77 symmetric_CBC recv_symmetric_struct;
78 symmetric_CBC trans_symmetric_struct;
79 unsigned char recvmackey[MAX_MAC_KEY];
80 unsigned char transmackey[MAX_MAC_KEY];
81
82 };
83
84 struct sshsession {
85
86 /* Is it a client or server? */
87 unsigned char isserver;
88
89 long connecttimeout; /* time to disconnect if we have a timeout (for
90 userauth etc), or 0 for no timeout */
91
92 int sock;
93
94 unsigned char *remotehost; /* the peer hostname */
95
96 unsigned char *remoteident;
97
98 int maxfd; /* the maximum file descriptor to check with select() */
99
100
101 /* Packet buffers/values etc */
102 buffer *writepayload; /* Unencrypted payload to write - this is used
103 throughout the code, as handlers fill out this
104 buffer with the packet to send. */
105 struct Queue writequeue; /* A queue of encrypted packets to send */
106 buffer *readbuf; /* Encrypted */
107 buffer *decryptreadbuf; /* Post-decryption */
108 buffer *payload; /* Post-decompression, the actual SSH packet */
109 unsigned int transseq, recvseq; /* Sequence IDs */
110
111 /* Packet-handling flags */
112 const packettype * packettypes; /* Packet handler mappings for this
113 session, see process-packet.c */
114
115 unsigned dataallowed : 1; /* whether we can send data packets or we are in
116 the middle of a KEX or something */
117
118 unsigned char requirenext; /* byte indicating what packet we require next,
119 or 0x00 for any */
120
121 unsigned char ignorenext; /* whether to ignore the next packet,
122 used for kex_follows stuff */
123
124 unsigned char lastpacket; /* What the last received packet type was */
125
126
127
128 /* KEX/encryption related */
129 struct KEXState kexstate;
130 struct key_context *keys;
131 struct key_context *newkeys;
132 unsigned char *session_id; /* this is the hash from the first kex */
133 /* The below are used temorarily during kex, are freed after use */
134 mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */
135 unsigned char hash[SHA1_HASH_SIZE]; /* the hash*/
136 buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
137 buffer* transkexinit; /* the kexinit packet we send should be kept so we
138 can add it to the hash when generating keys */
139
140 algo_type*(*buf_match_algo)(buffer*buf, algo_type localalgos[],
141 int *goodguess); /* The function to use to choose which algorithm
142 to use from the ones presented by the remote
143 side. Is specific to the client/server mode,
144 hence the function-pointer callback.*/
145
146 void(*remoteclosed)(); /* A callback to handle closure of the
147 remote connection */
148
149
150 struct AuthState authstate; /* Common amongst client and server, since most
151 struct elements are common */
152
153 /* Channel related */
154 struct Channel ** channels; /* these pointers may be null */
155 unsigned int chansize; /* the number of Channel*s allocated for channels */
156 unsigned int chancount; /* the number of Channel*s in use */
157 const struct ChanType **chantypes; /* The valid channel types */
158
159
160 /* TCP forwarding - where manage listeners */
161 struct Listener ** listeners;
162 unsigned int listensize;
163
164 /* Whether to allow binding to privileged ports (<1024). This doesn't
165 * really belong here, but nowhere else fits nicely */
166 int allowprivport;
167
168 };
169
170 struct serversession {
171
172 /* Server specific options */
173 int childpipe; /* kept open until we successfully authenticate */
174 /* userauth */
175
176 struct ChildPid * childpids; /* array of mappings childpid<->channel */
177 unsigned int childpidsize;
178
179 /* Used to avoid a race in the exit returncode handling - see
180 * svr-chansession.c for details */
181 struct exitinfo lastexit;
182
183 /* The numeric address they connected from, used for logging */
184 char * addrstring;
185
186 };
187
188 typedef enum {
189 KEX_NOTHING,
190 KEXINIT_RCVD,
191 KEXDH_INIT_SENT,
192 KEXDONE,
193
194 } cli_kex_state;
195
196 typedef enum {
197 STATE_NOTHING,
198 SERVICE_AUTH_REQ_SENT,
199 SERVICE_AUTH_ACCEPT_RCVD,
200 SERVICE_CONN_REQ_SENT,
201 SERVICE_CONN_ACCEPT_RCVD,
202 USERAUTH_REQ_SENT,
203 USERAUTH_FAIL_RCVD,
204 USERAUTH_SUCCESS_RCVD,
205 SESSION_RUNNING,
206
207 } cli_state;
208
209 struct clientsession {
210
211 mp_int *dh_e, *dh_x; /* Used during KEX */
212 cli_kex_state kex_state; /* Used for progressing KEX */
213 cli_state state; /* Used to progress auth/channelsession etc */
214 unsigned donefirstkex : 1; /* Set when we set sentnewkeys, never reset */
215
216 int tty_raw_mode; /* Whether we're in raw mode (and have to clean up) */
217 struct termios saved_tio;
218 int stdincopy;
219 int stdinflags;
220 int stdoutcopy;
221 int stdoutflags;
222 int stderrcopy;
223 int stderrflags;
224
225 int winchange; /* Set to 1 when a windowchange signal happens */
226
227 int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
228 for the last type of auth we tried */
229 #ifdef ENABLE_CLI_INTERACT_AUTH
230 int auth_interact_failed; /* flag whether interactive auth can still
231 be used */
232 int interact_request_received; /* flag whether we've received an
233 info request from the server for
234 interactive auth.*/
235 #endif
236 struct SignKeyList *lastprivkey;
237
238 int retval; /* What the command exit status was - we emulate it */
239 #if 0
240 TODO
241 struct AgentkeyList *agentkeys; /* Keys to use for public-key auth */
242 #endif
243
244 };
245
246 /* Global structs storing the state */
247 extern struct sshsession ses;
248
249 #ifdef DROPBEAR_SERVER
250 extern struct serversession svr_ses;
251 #endif /* DROPBEAR_SERVER */
252
253 #ifdef DROPBEAR_CLIENT
254 extern struct clientsession cli_ses;
255 #endif /* DROPBEAR_CLIENT */
256
257 #endif /* _SESSION_H_ */