release/src/router/dropbear/session.h

   1 /*
   2  * Dropbear - a SSH2 server
   3  *
   4  * Copyright (c) 2002,2003 Matt Johnston
   5  * All rights reserved.
   6  *
   7  * Permission is hereby granted, free of charge, to any person obtaining a copy
   8  * of this software and associated documentation files (the "Software"), to deal
   9  * in the Software without restriction, including without limitation the rights
  10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  11  * copies of the Software, and to permit persons to whom the Software is
  12  * furnished to do so, subject to the following conditions:
  13  *
  14  * The above copyright notice and this permission notice shall be included in
  15  * all copies or substantial portions of the Software.
  16  *
  17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  20  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  23  * SOFTWARE. */
  24
  25 #ifndef DROPBEAR_SESSION_H_
  26 #define DROPBEAR_SESSION_H_
  27
  28 #include "includes.h"
  29 #include "options.h"
  30 #include "buffer.h"
  31 #include "signkey.h"
  32 #include "kex.h"
  33 #include "auth.h"
  34 #include "channel.h"
  35 #include "queue.h"
  36 #include "listener.h"
  37 #include "packet.h"
  38 #include "tcpfwd.h"
  39 #include "chansession.h"
  40 #include "dbutil.h"
  41 #include "netio.h"
  42
  43 extern int sessinitdone; /* Is set to 0 somewhere */
  44 extern int exitflag;
  45
  46 void common_session_init(int sock_in, int sock_out);
  47 void session_loop(void(*loophandler)()) ATTRIB_NORETURN;
  48 void session_cleanup(void);
  49 void send_session_identification(void);
  50 void send_msg_ignore(void);
  51 void ignore_recv_response(void);
  52
  53 void update_channel_prio(void);
  54
  55 const char* get_user_shell(void);
  56 void fill_passwd(const char* username);
  57
  58 /* Server */
  59 void svr_session(int sock, int childpipe) ATTRIB_NORETURN;
  60 void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
  61 void svr_dropbear_log(int priority, const char* format, va_list param);
  62
  63 /* Client */
  64 void cli_session(int sock_in, int sock_out, struct dropbear_progress_connection *progress, pid_t proxy_cmd_pid) ATTRIB_NORETURN;
  65 void cli_connected(int result, int sock, void* userdata, const char *errstring);
  66 void cleantext(char* dirtytext);
  67 void kill_proxy_command(void);
  68
  69 /* crypto parameters that are stored individually for transmit and receive */
  70 struct key_context_directional {
  71         const struct dropbear_cipher *algo_crypt;
  72         const struct dropbear_cipher_mode *crypt_mode;
  73         const struct dropbear_hash *algo_mac;
  74         int hash_index; /* lookup for libtomcrypt */
  75         int algo_comp; /* compression */
  76 #ifndef DISABLE_ZLIB
  77         z_streamp zstream;
  78 #endif
  79         /* actual keys */
  80         union {
  81                 symmetric_CBC cbc;
  82 #ifdef DROPBEAR_ENABLE_CTR_MODE
  83                 symmetric_CTR ctr;
  84 #endif
  85         } cipher_state;
  86         unsigned char mackey[MAX_MAC_LEN];
  87         int valid;
  88 };
  89
  90 struct key_context {
  91
  92         struct key_context_directional recv;
  93         struct key_context_directional trans;
  94
  95         const struct dropbear_kex *algo_kex;
  96         int algo_hostkey;
  97
  98         int allow_compress; /* whether compression has started (useful in
  99                                                         zlib@openssh.com delayed compression case) */
 100 };
 101
 102 struct packetlist;
 103 struct packetlist {
 104         struct packetlist *next;
 105         buffer * payload;
 106 };
 107
 108 struct sshsession {
 109
 110         /* Is it a client or server? */
 111         unsigned char isserver;
 112
 113         time_t connect_time; /* time the connection was established
 114                                                         (cleared after auth once we're not
 115                                                         respecting AUTH_TIMEOUT any more).
 116                                                         A monotonic time, not realworld */
 117
 118         int sock_in;
 119         int sock_out;
 120
 121         /* remotehost will be initially NULL as we delay
 122          * reading the remote version string. it will be set
 123          * by the time any recv_() packet methods are called */
 124         char *remoteident;
 125
 126         int maxfd; /* the maximum file descriptor to check with select() */
 127
 128
 129         /* Packet buffers/values etc */
 130         buffer *writepayload; /* Unencrypted payload to write - this is used
 131                                                          throughout the code, as handlers fill out this
 132                                                          buffer with the packet to send. */
 133         struct Queue writequeue; /* A queue of encrypted packets to send */
 134         unsigned int writequeue_len; /* Number of bytes pending to send in writequeue */
 135         buffer *readbuf; /* From the wire, decrypted in-place */
 136         buffer *payload; /* Post-decompression, the actual SSH packet.
 137                                                 May have extra data at the beginning, will be
 138                                                 passed to packet processing functions positioned past
 139                                                 that, see payload_beginning */
 140         unsigned int payload_beginning;
 141         unsigned int transseq, recvseq; /* Sequence IDs */
 142
 143         /* Packet-handling flags */
 144         const packettype * packettypes; /* Packet handler mappings for this
 145                                                                                 session, see process-packet.c */
 146
 147         unsigned dataallowed : 1; /* whether we can send data packets or we are in
 148                                                                  the middle of a KEX or something */
 149
 150         unsigned char requirenext; /* byte indicating what packets we require next,
 151                                                                          or 0x00 for any.  */
 152
 153         unsigned char ignorenext; /* whether to ignore the next packet,
 154                                                                  used for kex_follows stuff */
 155
 156         unsigned char lastpacket; /* What the last received packet type was */
 157
 158         int signal_pipe[2]; /* stores endpoints of a self-pipe used for
 159                                                    race-free signal handling */
 160
 161         m_list conn_pending;
 162
 163         /* time of the last packet send/receive, for keepalive. Not real-world clock */
 164         time_t last_packet_time_keepalive_sent;
 165         time_t last_packet_time_keepalive_recv;
 166         time_t last_packet_time_any_sent;
 167
 168         time_t last_packet_time_idle; /* time of the last packet transmission or receive, for
 169                                                                 idle timeout purposes so ignores SSH_MSG_IGNORE
 170                                                                 or responses to keepalives. Not real-world clock */
 171
 172
 173         /* KEX/encryption related */
 174         struct KEXState kexstate;
 175         struct key_context *keys;
 176         struct key_context *newkeys;
 177         buffer *session_id; /* this is the hash from the first kex */
 178         /* The below are used temporarily during kex, are freed after use */
 179         mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */
 180         buffer *hash; /* the session hash */
 181         buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
 182         buffer* transkexinit; /* the kexinit packet we send should be kept so we
 183                                                          can add it to the hash when generating keys */
 184
 185         /* Enables/disables compression */
 186         algo_type *compress_algos;
 187
 188         /* a list of queued replies that should be sent after a KEX has
 189            concluded (ie, while dataallowed was unset)*/
 190         struct packetlist *reply_queue_head, *reply_queue_tail;
 191
 192         void(*remoteclosed)(void); /* A callback to handle closure of the
 193                                                                           remote connection */
 194
 195         void(*extra_session_cleanup)(void); /* client or server specific cleanup */
 196         void(*send_kex_first_guess)(void);
 197
 198         struct AuthState authstate; /* Common amongst client and server, since most
 199                                                                    struct elements are common */
 200
 201         /* Channel related */
 202         struct Channel ** channels; /* these pointers may be null */
 203         unsigned int chansize; /* the number of Channel*s allocated for channels */
 204         unsigned int chancount; /* the number of Channel*s in use */
 205         const struct ChanType **chantypes; /* The valid channel types */
 206         int channel_signal_pending; /* Flag set by sigchld handler */
 207
 208         /* TCP priority level for the main "port 22" tcp socket */
 209         enum dropbear_prio socket_prio;
 210
 211         /* TCP forwarding - where manage listeners */
 212         struct Listener ** listeners;
 213         unsigned int listensize;
 214
 215         /* Whether to allow binding to privileged ports (<1024). This doesn't
 216          * really belong here, but nowhere else fits nicely */
 217         int allowprivport;
 218
 219 };
 220
 221 struct serversession {
 222
 223         /* Server specific options */
 224         int childpipe; /* kept open until we successfully authenticate */
 225         /* userauth */
 226
 227         struct ChildPid * childpids; /* array of mappings childpid<->channel */
 228         unsigned int childpidsize;
 229
 230         /* Used to avoid a race in the exit returncode handling - see
 231          * svr-chansession.c for details */
 232         struct exitinfo lastexit;
 233
 234         /* The numeric address they connected from, used for logging */
 235         char * addrstring;
 236
 237         /* The resolved remote address, used for lastlog etc */
 238         char *remotehost;
 239
 240 #ifdef USE_VFORK
 241         pid_t server_pid;
 242 #endif
 243
 244 };
 245
 246 typedef enum {
 247         KEX_NOTHING,
 248         KEXINIT_RCVD,
 249         KEXDH_INIT_SENT,
 250         KEXDONE
 251 } cli_kex_state;
 252
 253 typedef enum {
 254         STATE_NOTHING,
 255         USERAUTH_WAIT,
 256         USERAUTH_REQ_SENT,
 257         USERAUTH_FAIL_RCVD,
 258         USERAUTH_SUCCESS_RCVD,
 259         SESSION_RUNNING
 260 } cli_state;
 261
 262 struct clientsession {
 263
 264         /* XXX - move these to kexstate? */
 265         struct kex_dh_param *dh_param;
 266         struct kex_ecdh_param *ecdh_param;
 267         struct kex_curve25519_param *curve25519_param;
 268         const struct dropbear_kex *param_kex_algo; /* KEX algorithm corresponding to current dh_e and dh_x */
 269
 270         cli_kex_state kex_state; /* Used for progressing KEX */
 271         cli_state state; /* Used to progress auth/channelsession etc */
 272         unsigned donefirstkex : 1; /* Set when we set sentnewkeys, never reset */
 273
 274         int tty_raw_mode; /* Whether we're in raw mode (and have to clean up) */
 275         struct termios saved_tio;
 276         int stdincopy;
 277         int stdinflags;
 278         int stdoutcopy;
 279         int stdoutflags;
 280         int stderrcopy;
 281         int stderrflags;
 282
 283         /* for escape char handling */
 284         int last_char;
 285
 286         int winchange; /* Set to 1 when a windowchange signal happens */
 287
 288         int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
 289                                                  for the last type of auth we tried */
 290         int ignore_next_auth_response;
 291 #ifdef ENABLE_CLI_INTERACT_AUTH
 292         int auth_interact_failed; /* flag whether interactive auth can still
 293                                                                  be used */
 294         int interact_request_received; /* flag whether we've received an
 295                                                                           info request from the server for
 296                                                                           interactive auth.*/
 297 #endif
 298         int cipher_none_after_auth; /* Set to 1 if the user requested "none"
 299                                                                    auth */
 300         sign_key *lastprivkey;
 301
 302         int retval; /* What the command exit status was - we emulate it */
 303 #if 0
 304         TODO
 305         struct AgentkeyList *agentkeys; /* Keys to use for public-key auth */
 306 #endif
 307
 308         pid_t proxy_cmd_pid;
 309 };
 310
 311 /* Global structs storing the state */
 312 extern struct sshsession ses;
 313
 314 #ifdef DROPBEAR_SERVER
 315 extern struct serversession svr_ses;
 316 #endif /* DROPBEAR_SERVER */
 317
 318 #ifdef DROPBEAR_CLIENT
 319 extern struct clientsession cli_ses;
 320 #endif /* DROPBEAR_CLIENT */
 321
 322 #endif /* DROPBEAR_SESSION_H_ */