2 * Dropbear - a SSH2 server
4 * Copyright (c) 2002,2003 Matt Johnston
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
25 #ifndef DROPBEAR_SESSION_H_
26 #define DROPBEAR_SESSION_H_
39 #include "chansession.h"
43 extern int sessinitdone
; /* Is set to 0 somewhere */
46 void common_session_init(int sock_in
, int sock_out
);
47 void session_loop(void(*loophandler
)()) ATTRIB_NORETURN
;
48 void session_cleanup(void);
49 void send_session_identification(void);
50 void send_msg_ignore(void);
51 void ignore_recv_response(void);
53 void update_channel_prio(void);
55 const char* get_user_shell(void);
56 void fill_passwd(const char* username
);
59 void svr_session(int sock
, int childpipe
) ATTRIB_NORETURN
;
60 void svr_dropbear_exit(int exitcode
, const char* format
, va_list param
) ATTRIB_NORETURN
;
61 void svr_dropbear_log(int priority
, const char* format
, va_list param
);
64 void cli_session(int sock_in
, int sock_out
, struct dropbear_progress_connection
*progress
, pid_t proxy_cmd_pid
) ATTRIB_NORETURN
;
65 void cli_connected(int result
, int sock
, void* userdata
, const char *errstring
);
66 void cleantext(char* dirtytext
);
67 void kill_proxy_command(void);
69 /* crypto parameters that are stored individually for transmit and receive */
70 struct key_context_directional
{
71 const struct dropbear_cipher
*algo_crypt
;
72 const struct dropbear_cipher_mode
*crypt_mode
;
73 const struct dropbear_hash
*algo_mac
;
74 int hash_index
; /* lookup for libtomcrypt */
75 int algo_comp
; /* compression */
82 #ifdef DROPBEAR_ENABLE_CTR_MODE
86 unsigned char mackey
[MAX_MAC_LEN
];
92 struct key_context_directional recv
;
93 struct key_context_directional trans
;
95 const struct dropbear_kex
*algo_kex
;
98 int allow_compress
; /* whether compression has started (useful in
99 zlib@openssh.com delayed compression case) */
104 struct packetlist
*next
;
110 /* Is it a client or server? */
111 unsigned char isserver
;
113 time_t connect_time
; /* time the connection was established
114 (cleared after auth once we're not
115 respecting AUTH_TIMEOUT any more).
116 A monotonic time, not realworld */
121 /* remotehost will be initially NULL as we delay
122 * reading the remote version string. it will be set
123 * by the time any recv_() packet methods are called */
126 int maxfd
; /* the maximum file descriptor to check with select() */
129 /* Packet buffers/values etc */
130 buffer
*writepayload
; /* Unencrypted payload to write - this is used
131 throughout the code, as handlers fill out this
132 buffer with the packet to send. */
133 struct Queue writequeue
; /* A queue of encrypted packets to send */
134 unsigned int writequeue_len
; /* Number of bytes pending to send in writequeue */
135 buffer
*readbuf
; /* From the wire, decrypted in-place */
136 buffer
*payload
; /* Post-decompression, the actual SSH packet.
137 May have extra data at the beginning, will be
138 passed to packet processing functions positioned past
139 that, see payload_beginning */
140 unsigned int payload_beginning
;
141 unsigned int transseq
, recvseq
; /* Sequence IDs */
143 /* Packet-handling flags */
144 const packettype
* packettypes
; /* Packet handler mappings for this
145 session, see process-packet.c */
147 unsigned dataallowed
: 1; /* whether we can send data packets or we are in
148 the middle of a KEX or something */
150 unsigned char requirenext
; /* byte indicating what packets we require next,
153 unsigned char ignorenext
; /* whether to ignore the next packet,
154 used for kex_follows stuff */
156 unsigned char lastpacket
; /* What the last received packet type was */
158 int signal_pipe
[2]; /* stores endpoints of a self-pipe used for
159 race-free signal handling */
163 /* time of the last packet send/receive, for keepalive. Not real-world clock */
164 time_t last_packet_time_keepalive_sent
;
165 time_t last_packet_time_keepalive_recv
;
166 time_t last_packet_time_any_sent
;
168 time_t last_packet_time_idle
; /* time of the last packet transmission or receive, for
169 idle timeout purposes so ignores SSH_MSG_IGNORE
170 or responses to keepalives. Not real-world clock */
173 /* KEX/encryption related */
174 struct KEXState kexstate
;
175 struct key_context
*keys
;
176 struct key_context
*newkeys
;
177 buffer
*session_id
; /* this is the hash from the first kex */
178 /* The below are used temporarily during kex, are freed after use */
179 mp_int
* dh_K
; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */
180 buffer
*hash
; /* the session hash */
181 buffer
* kexhashbuf
; /* session hash buffer calculated from various packets*/
182 buffer
* transkexinit
; /* the kexinit packet we send should be kept so we
183 can add it to the hash when generating keys */
185 /* Enables/disables compression */
186 algo_type
*compress_algos
;
188 /* a list of queued replies that should be sent after a KEX has
189 concluded (ie, while dataallowed was unset)*/
190 struct packetlist
*reply_queue_head
, *reply_queue_tail
;
192 void(*remoteclosed
)(void); /* A callback to handle closure of the
195 void(*extra_session_cleanup
)(void); /* client or server specific cleanup */
196 void(*send_kex_first_guess
)(void);
198 struct AuthState authstate
; /* Common amongst client and server, since most
199 struct elements are common */
201 /* Channel related */
202 struct Channel
** channels
; /* these pointers may be null */
203 unsigned int chansize
; /* the number of Channel*s allocated for channels */
204 unsigned int chancount
; /* the number of Channel*s in use */
205 const struct ChanType
**chantypes
; /* The valid channel types */
206 int channel_signal_pending
; /* Flag set by sigchld handler */
208 /* TCP priority level for the main "port 22" tcp socket */
209 enum dropbear_prio socket_prio
;
211 /* TCP forwarding - where manage listeners */
212 struct Listener
** listeners
;
213 unsigned int listensize
;
215 /* Whether to allow binding to privileged ports (<1024). This doesn't
216 * really belong here, but nowhere else fits nicely */
221 struct serversession
{
223 /* Server specific options */
224 int childpipe
; /* kept open until we successfully authenticate */
227 struct ChildPid
* childpids
; /* array of mappings childpid<->channel */
228 unsigned int childpidsize
;
230 /* Used to avoid a race in the exit returncode handling - see
231 * svr-chansession.c for details */
232 struct exitinfo lastexit
;
234 /* The numeric address they connected from, used for logging */
237 /* The resolved remote address, used for lastlog etc */
258 USERAUTH_SUCCESS_RCVD
,
262 struct clientsession
{
264 /* XXX - move these to kexstate? */
265 struct kex_dh_param
*dh_param
;
266 struct kex_ecdh_param
*ecdh_param
;
267 struct kex_curve25519_param
*curve25519_param
;
268 const struct dropbear_kex
*param_kex_algo
; /* KEX algorithm corresponding to current dh_e and dh_x */
270 cli_kex_state kex_state
; /* Used for progressing KEX */
271 cli_state state
; /* Used to progress auth/channelsession etc */
272 unsigned donefirstkex
: 1; /* Set when we set sentnewkeys, never reset */
274 int tty_raw_mode
; /* Whether we're in raw mode (and have to clean up) */
275 struct termios saved_tio
;
283 /* for escape char handling */
286 int winchange
; /* Set to 1 when a windowchange signal happens */
288 int lastauthtype
; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
289 for the last type of auth we tried */
290 int ignore_next_auth_response
;
291 #ifdef ENABLE_CLI_INTERACT_AUTH
292 int auth_interact_failed
; /* flag whether interactive auth can still
294 int interact_request_received
; /* flag whether we've received an
295 info request from the server for
298 int cipher_none_after_auth
; /* Set to 1 if the user requested "none"
300 sign_key
*lastprivkey
;
302 int retval
; /* What the command exit status was - we emulate it */
305 struct AgentkeyList
*agentkeys
; /* Keys to use for public-key auth */
311 /* Global structs storing the state */
312 extern struct sshsession ses
;
314 #ifdef DROPBEAR_SERVER
315 extern struct serversession svr_ses
;
316 #endif /* DROPBEAR_SERVER */
318 #ifdef DROPBEAR_CLIENT
319 extern struct clientsession cli_ses
;
320 #endif /* DROPBEAR_CLIENT */
322 #endif /* DROPBEAR_SESSION_H_ */