2 * Dropbear - a SSH2 server
4 * Copyright (c) 2002,2003 Matt Johnston
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
39 #include "chansession.h"
41 extern int sessinitdone; /* Is set to 0 somewhere */
44 void common_session_init(int sock, char* remotehost);
45 void session_loop(void(*loophandler)());
46 void common_session_cleanup();
47 void session_identification();
51 void svr_session(int sock, int childpipe, char *remotehost, char *addrstring);
52 void svr_dropbear_exit(int exitcode, const char* format, va_list param);
53 void svr_dropbear_log(int priority, const char* format, va_list param);
56 void cli_session(int sock, char *remotehost);
57 void cli_session_cleanup();
58 void cleantext(unsigned char* dirtytext);
62 const struct dropbear_cipher *recv_algo_crypt; /* NULL for none */
63 const struct dropbear_cipher *trans_algo_crypt; /* NULL for none */
64 const struct dropbear_hash *recv_algo_mac; /* NULL for none */
65 const struct dropbear_hash *trans_algo_mac; /* NULL for none */
69 char recv_algo_comp; /* compression */
72 z_streamp recv_zstream;
73 z_streamp trans_zstream;
77 symmetric_CBC recv_symmetric_struct;
78 symmetric_CBC trans_symmetric_struct;
79 unsigned char recvmackey[MAX_MAC_KEY];
80 unsigned char transmackey[MAX_MAC_KEY];
86 /* Is it a client or server? */
87 unsigned char isserver;
89 long connecttimeout; /* time to disconnect if we have a timeout (for
90 userauth etc), or 0 for no timeout */
94 unsigned char *remotehost; /* the peer hostname */
96 unsigned char *remoteident;
98 int maxfd; /* the maximum file descriptor to check with select() */
101 /* Packet buffers/values etc */
102 buffer *writepayload; /* Unencrypted payload to write - this is used
103 throughout the code, as handlers fill out this
104 buffer with the packet to send. */
105 struct Queue writequeue; /* A queue of encrypted packets to send */
106 buffer *readbuf; /* Encrypted */
107 buffer *decryptreadbuf; /* Post-decryption */
108 buffer *payload; /* Post-decompression, the actual SSH packet */
109 unsigned int transseq, recvseq; /* Sequence IDs */
111 /* Packet-handling flags */
112 const packettype * packettypes; /* Packet handler mappings for this
113 session, see process-packet.c */
115 unsigned dataallowed : 1; /* whether we can send data packets or we are in
116 the middle of a KEX or something */
118 unsigned char requirenext; /* byte indicating what packet we require next,
121 unsigned char ignorenext; /* whether to ignore the next packet,
122 used for kex_follows stuff */
124 unsigned char lastpacket; /* What the last received packet type was */
128 /* KEX/encryption related */
129 struct KEXState kexstate;
130 struct key_context *keys;
131 struct key_context *newkeys;
132 unsigned char *session_id; /* this is the hash from the first kex */
133 /* The below are used temorarily during kex, are freed after use */
134 mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */
135 unsigned char hash[SHA1_HASH_SIZE]; /* the hash*/
136 buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
137 buffer* transkexinit; /* the kexinit packet we send should be kept so we
138 can add it to the hash when generating keys */
140 algo_type*(*buf_match_algo)(buffer*buf, algo_type localalgos[],
141 int *goodguess); /* The function to use to choose which algorithm
142 to use from the ones presented by the remote
143 side. Is specific to the client/server mode,
144 hence the function-pointer callback.*/
146 void(*remoteclosed)(); /* A callback to handle closure of the
150 struct AuthState authstate; /* Common amongst client and server, since most
151 struct elements are common */
153 /* Channel related */
154 struct Channel ** channels; /* these pointers may be null */
155 unsigned int chansize; /* the number of Channel*s allocated for channels */
156 unsigned int chancount; /* the number of Channel*s in use */
157 const struct ChanType **chantypes; /* The valid channel types */
160 /* TCP forwarding - where manage listeners */
161 struct Listener ** listeners;
162 unsigned int listensize;
164 /* Whether to allow binding to privileged ports (<1024). This doesn't
165 * really belong here, but nowhere else fits nicely */
170 struct serversession {
172 /* Server specific options */
173 int childpipe; /* kept open until we successfully authenticate */
176 struct ChildPid * childpids; /* array of mappings childpid<->channel */
177 unsigned int childpidsize;
179 /* Used to avoid a race in the exit returncode handling - see
180 * svr-chansession.c for details */
181 struct exitinfo lastexit;
183 /* The numeric address they connected from, used for logging */
198 SERVICE_AUTH_REQ_SENT,
199 SERVICE_AUTH_ACCEPT_RCVD,
200 SERVICE_CONN_REQ_SENT,
201 SERVICE_CONN_ACCEPT_RCVD,
204 USERAUTH_SUCCESS_RCVD,
209 struct clientsession {
211 mp_int *dh_e, *dh_x; /* Used during KEX */
212 cli_kex_state kex_state; /* Used for progressing KEX */
213 cli_state state; /* Used to progress auth/channelsession etc */
214 unsigned donefirstkex : 1; /* Set when we set sentnewkeys, never reset */
216 int tty_raw_mode; /* Whether we're in raw mode (and have to clean up) */
217 struct termios saved_tio;
225 int winchange; /* Set to 1 when a windowchange signal happens */
227 int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
228 for the last type of auth we tried */
229 struct SignKeyList *lastprivkey;
231 int retval; /* What the command exit status was - we emulate it */
234 struct AgentkeyList *agentkeys; /* Keys to use for public-key auth */
239 /* Global structs storing the state */
240 extern struct sshsession ses;
242 #ifdef DROPBEAR_SERVER
243 extern struct serversession svr_ses;
244 #endif /* DROPBEAR_SERVER */
246 #ifdef DROPBEAR_CLIENT
247 extern struct clientsession cli_ses;
248 #endif /* DROPBEAR_CLIENT */
250 #endif /* _SESSION_H_ */