Mercurial > dropbear
comparison session.h @ 285:1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Wed, 08 Mar 2006 13:23:58 +0000 |
parents | efbaf6b03837 |
children | a01c0c8e543a |
comparison
equal
deleted
inserted
replaced
281:997e6f7dc01e | 285:1b9e69c058d2 |
---|---|
1 /* | |
2 * Dropbear - a SSH2 server | |
3 * | |
4 * Copyright (c) 2002,2003 Matt Johnston | |
5 * All rights reserved. | |
6 * | |
7 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
8 * of this software and associated documentation files (the "Software"), to deal | |
9 * in the Software without restriction, including without limitation the rights | |
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
11 * copies of the Software, and to permit persons to whom the Software is | |
12 * furnished to do so, subject to the following conditions: | |
13 * | |
14 * The above copyright notice and this permission notice shall be included in | |
15 * all copies or substantial portions of the Software. | |
16 * | |
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
23 * SOFTWARE. */ | |
24 | |
25 #ifndef _SESSION_H_ | |
26 #define _SESSION_H_ | |
27 | |
28 #include "includes.h" | |
29 #include "options.h" | |
30 #include "buffer.h" | |
31 #include "signkey.h" | |
32 #include "kex.h" | |
33 #include "auth.h" | |
34 #include "channel.h" | |
35 #include "queue.h" | |
36 #include "listener.h" | |
37 #include "packet.h" | |
38 #include "tcpfwd.h" | |
39 #include "chansession.h" | |
40 | |
41 extern int sessinitdone; /* Is set to 0 somewhere */ | |
42 extern int exitflag; | |
43 | |
44 void common_session_init(int sock, char* remotehost); | |
45 void session_loop(void(*loophandler)()); | |
46 void common_session_cleanup(); | |
47 void session_identification(); | |
48 | |
49 | |
50 /* Server */ | |
51 void svr_session(int sock, int childpipe, char *remotehost, char *addrstring); | |
52 void svr_dropbear_exit(int exitcode, const char* format, va_list param); | |
53 void svr_dropbear_log(int priority, const char* format, va_list param); | |
54 | |
55 /* Client */ | |
56 void cli_session(int sock, char *remotehost); | |
57 void cli_session_cleanup(); | |
58 void cleantext(unsigned char* dirtytext); | |
59 | |
60 struct key_context { | |
61 | |
62 const struct dropbear_cipher *recv_algo_crypt; /* NULL for none */ | |
63 const struct dropbear_cipher *trans_algo_crypt; /* NULL for none */ | |
64 const struct dropbear_hash *recv_algo_mac; /* NULL for none */ | |
65 const struct dropbear_hash *trans_algo_mac; /* NULL for none */ | |
66 char algo_kex; | |
67 char algo_hostkey; | |
68 | |
69 char recv_algo_comp; /* compression */ | |
70 char trans_algo_comp; | |
71 #ifndef DISABLE_ZLIB | |
72 z_streamp recv_zstream; | |
73 z_streamp trans_zstream; | |
74 #endif | |
75 | |
76 /* actual keys */ | |
77 symmetric_CBC recv_symmetric_struct; | |
78 symmetric_CBC trans_symmetric_struct; | |
79 unsigned char recvmackey[MAX_MAC_KEY]; | |
80 unsigned char transmackey[MAX_MAC_KEY]; | |
81 | |
82 }; | |
83 | |
84 struct sshsession { | |
85 | |
86 /* Is it a client or server? */ | |
87 unsigned char isserver; | |
88 | |
89 long connecttimeout; /* time to disconnect if we have a timeout (for | |
90 userauth etc), or 0 for no timeout */ | |
91 | |
92 int sock; | |
93 | |
94 unsigned char *remotehost; /* the peer hostname */ | |
95 | |
96 unsigned char *remoteident; | |
97 | |
98 int maxfd; /* the maximum file descriptor to check with select() */ | |
99 | |
100 | |
101 /* Packet buffers/values etc */ | |
102 buffer *writepayload; /* Unencrypted payload to write - this is used | |
103 throughout the code, as handlers fill out this | |
104 buffer with the packet to send. */ | |
105 struct Queue writequeue; /* A queue of encrypted packets to send */ | |
106 buffer *readbuf; /* Encrypted */ | |
107 buffer *decryptreadbuf; /* Post-decryption */ | |
108 buffer *payload; /* Post-decompression, the actual SSH packet */ | |
109 unsigned int transseq, recvseq; /* Sequence IDs */ | |
110 | |
111 /* Packet-handling flags */ | |
112 const packettype * packettypes; /* Packet handler mappings for this | |
113 session, see process-packet.c */ | |
114 | |
115 unsigned dataallowed : 1; /* whether we can send data packets or we are in | |
116 the middle of a KEX or something */ | |
117 | |
118 unsigned char requirenext; /* byte indicating what packet we require next, | |
119 or 0x00 for any */ | |
120 | |
121 unsigned char ignorenext; /* whether to ignore the next packet, | |
122 used for kex_follows stuff */ | |
123 | |
124 unsigned char lastpacket; /* What the last received packet type was */ | |
125 | |
126 | |
127 | |
128 /* KEX/encryption related */ | |
129 struct KEXState kexstate; | |
130 struct key_context *keys; | |
131 struct key_context *newkeys; | |
132 unsigned char *session_id; /* this is the hash from the first kex */ | |
133 /* The below are used temorarily during kex, are freed after use */ | |
134 mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */ | |
135 unsigned char hash[SHA1_HASH_SIZE]; /* the hash*/ | |
136 buffer* kexhashbuf; /* session hash buffer calculated from various packets*/ | |
137 buffer* transkexinit; /* the kexinit packet we send should be kept so we | |
138 can add it to the hash when generating keys */ | |
139 | |
140 algo_type*(*buf_match_algo)(buffer*buf, algo_type localalgos[], | |
141 int *goodguess); /* The function to use to choose which algorithm | |
142 to use from the ones presented by the remote | |
143 side. Is specific to the client/server mode, | |
144 hence the function-pointer callback.*/ | |
145 | |
146 void(*remoteclosed)(); /* A callback to handle closure of the | |
147 remote connection */ | |
148 | |
149 | |
150 struct AuthState authstate; /* Common amongst client and server, since most | |
151 struct elements are common */ | |
152 | |
153 /* Channel related */ | |
154 struct Channel ** channels; /* these pointers may be null */ | |
155 unsigned int chansize; /* the number of Channel*s allocated for channels */ | |
156 unsigned int chancount; /* the number of Channel*s in use */ | |
157 const struct ChanType **chantypes; /* The valid channel types */ | |
158 | |
159 | |
160 /* TCP forwarding - where manage listeners */ | |
161 struct Listener ** listeners; | |
162 unsigned int listensize; | |
163 | |
164 /* Whether to allow binding to privileged ports (<1024). This doesn't | |
165 * really belong here, but nowhere else fits nicely */ | |
166 int allowprivport; | |
167 | |
168 }; | |
169 | |
170 struct serversession { | |
171 | |
172 /* Server specific options */ | |
173 int childpipe; /* kept open until we successfully authenticate */ | |
174 /* userauth */ | |
175 | |
176 struct ChildPid * childpids; /* array of mappings childpid<->channel */ | |
177 unsigned int childpidsize; | |
178 | |
179 /* Used to avoid a race in the exit returncode handling - see | |
180 * svr-chansession.c for details */ | |
181 struct exitinfo lastexit; | |
182 | |
183 /* The numeric address they connected from, used for logging */ | |
184 char * addrstring; | |
185 | |
186 }; | |
187 | |
188 typedef enum { | |
189 KEX_NOTHING, | |
190 KEXINIT_RCVD, | |
191 KEXDH_INIT_SENT, | |
192 KEXDONE, | |
193 | |
194 } cli_kex_state; | |
195 | |
196 typedef enum { | |
197 STATE_NOTHING, | |
198 SERVICE_AUTH_REQ_SENT, | |
199 SERVICE_AUTH_ACCEPT_RCVD, | |
200 SERVICE_CONN_REQ_SENT, | |
201 SERVICE_CONN_ACCEPT_RCVD, | |
202 USERAUTH_REQ_SENT, | |
203 USERAUTH_FAIL_RCVD, | |
204 USERAUTH_SUCCESS_RCVD, | |
205 SESSION_RUNNING, | |
206 | |
207 } cli_state; | |
208 | |
209 struct clientsession { | |
210 | |
211 mp_int *dh_e, *dh_x; /* Used during KEX */ | |
212 cli_kex_state kex_state; /* Used for progressing KEX */ | |
213 cli_state state; /* Used to progress auth/channelsession etc */ | |
214 unsigned donefirstkex : 1; /* Set when we set sentnewkeys, never reset */ | |
215 | |
216 int tty_raw_mode; /* Whether we're in raw mode (and have to clean up) */ | |
217 struct termios saved_tio; | |
218 int stdincopy; | |
219 int stdinflags; | |
220 int stdoutcopy; | |
221 int stdoutflags; | |
222 int stderrcopy; | |
223 int stderrflags; | |
224 | |
225 int winchange; /* Set to 1 when a windowchange signal happens */ | |
226 | |
227 int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD, | |
228 for the last type of auth we tried */ | |
229 #ifdef ENABLE_CLI_INTERACT_AUTH | |
230 int auth_interact_failed; /* flag whether interactive auth can still | |
231 be used */ | |
232 int interact_request_received; /* flag whether we've received an | |
233 info request from the server for | |
234 interactive auth.*/ | |
235 #endif | |
236 struct SignKeyList *lastprivkey; | |
237 | |
238 int retval; /* What the command exit status was - we emulate it */ | |
239 #if 0 | |
240 TODO | |
241 struct AgentkeyList *agentkeys; /* Keys to use for public-key auth */ | |
242 #endif | |
243 | |
244 }; | |
245 | |
246 /* Global structs storing the state */ | |
247 extern struct sshsession ses; | |
248 | |
249 #ifdef DROPBEAR_SERVER | |
250 extern struct serversession svr_ses; | |
251 #endif /* DROPBEAR_SERVER */ | |
252 | |
253 #ifdef DROPBEAR_CLIENT | |
254 extern struct clientsession cli_ses; | |
255 #endif /* DROPBEAR_CLIENT */ | |
256 | |
257 #endif /* _SESSION_H_ */ |