cli-session.c 8.35 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
/*
 * Dropbear SSH
 * 
 * Copyright (c) 2002,2003 Matt Johnston
 * Copyright (c) 2004 by Mihnea Stoenescu
 * All rights reserved.
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE. */

Matt Johnston's avatar
Matt Johnston committed
26
27
28
29
30
31
#include "includes.h"
#include "session.h"
#include "dbutil.h"
#include "kex.h"
#include "ssh.h"
#include "packet.h"
Matt Johnston's avatar
Matt Johnston committed
32
#include "tcpfwd.h"
Matt Johnston's avatar
Matt Johnston committed
33
34
#include "channel.h"
#include "random.h"
Matt Johnston's avatar
Matt Johnston committed
35
#include "service.h"
36
37
#include "runopts.h"
#include "chansession.h"
Matt Johnston's avatar
Matt Johnston committed
38
39
40

static void cli_remoteclosed();
static void cli_sessionloop();
Matt Johnston's avatar
Matt Johnston committed
41
static void cli_session_init();
42
static void cli_finished();
Matt Johnston's avatar
Matt Johnston committed
43
44
45

struct clientsession cli_ses; /* GLOBAL */

46
47
/* Sorted in decreasing frequency will be more efficient - data and window
 * should be first */
Matt Johnston's avatar
Matt Johnston committed
48
static const packettype cli_packettypes[] = {
49
	/* TYPE, FUNCTION */
Matt Johnston's avatar
Matt Johnston committed
50
	{SSH_MSG_CHANNEL_DATA, recv_msg_channel_data},
Matt Johnston's avatar
Nasty.    
Matt Johnston committed
51
	{SSH_MSG_CHANNEL_EXTENDED_DATA, recv_msg_channel_extended_data},
Matt Johnston's avatar
Matt Johnston committed
52
	{SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust},
53
54
55
56
57
58
	{SSH_MSG_USERAUTH_FAILURE, recv_msg_userauth_failure}, /* client */
	{SSH_MSG_USERAUTH_SUCCESS, recv_msg_userauth_success}, /* client */
	{SSH_MSG_KEXINIT, recv_msg_kexinit},
	{SSH_MSG_KEXDH_REPLY, recv_msg_kexdh_reply}, /* client */
	{SSH_MSG_NEWKEYS, recv_msg_newkeys},
	{SSH_MSG_SERVICE_ACCEPT, recv_msg_service_accept}, /* client */
Matt Johnston's avatar
Matt Johnston committed
59
60
61
62
63
64
	{SSH_MSG_CHANNEL_REQUEST, recv_msg_channel_request},
	{SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open},
	{SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof},
	{SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close},
	{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
	{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
65
	{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
66
	{SSH_MSG_USERAUTH_SPECIFIC_60, recv_msg_userauth_specific_60}, /* client */
Matt Johnston's avatar
Matt Johnston committed
67
68
69
70
	{0, 0} /* End */
};

static const struct ChanType *cli_chantypes[] = {
Matt Johnston's avatar
Matt Johnston committed
71
72
73
#ifdef ENABLE_CLI_REMOTETCPFWD
	&cli_chan_tcpremote,
#endif
Matt Johnston's avatar
Matt Johnston committed
74
75
	NULL /* Null termination */
};
Matt Johnston's avatar
Matt Johnston committed
76

Matt Johnston's avatar
Matt Johnston committed
77
78
79
80
81
82
83
84
void cli_session(int sock, char* remotehost) {

	crypto_init();
	common_session_init(sock, remotehost);

	chaninitialise(cli_chantypes);


Matt Johnston's avatar
Matt Johnston committed
85
86
	/* Set up cli_ses vars */
	cli_session_init();
Matt Johnston's avatar
Matt Johnston committed
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

	/* Ready to go */
	sessinitdone = 1;

	/* Exchange identification */
	session_identification();

	seedrandom();

	send_msg_kexinit();

	/* XXX here we do stuff differently */

	session_loop(cli_sessionloop);

	/* Not reached */

Matt Johnston's avatar
Matt Johnston committed
104
105
106
}

static void cli_session_init() {
Matt Johnston's avatar
Matt Johnston committed
107

Matt Johnston's avatar
Matt Johnston committed
108
109
110
	cli_ses.state = STATE_NOTHING;
	cli_ses.kex_state = KEX_NOTHING;

111
	cli_ses.tty_raw_mode = 0;
112
	cli_ses.winchange = 0;
113

114
115
	/* We store std{in,out,err}'s flags, so we can set them back on exit
	 * (otherwise busybox's ash isn't happy */
116
117
	cli_ses.stdincopy = dup(STDIN_FILENO);
	cli_ses.stdinflags = fcntl(STDIN_FILENO, F_GETFL, 0);
118
119
120
121
	cli_ses.stdoutcopy = dup(STDOUT_FILENO);
	cli_ses.stdoutflags = fcntl(STDOUT_FILENO, F_GETFL, 0);
	cli_ses.stderrcopy = dup(STDERR_FILENO);
	cli_ses.stderrflags = fcntl(STDERR_FILENO, F_GETFL, 0);
122

123
124
125
	cli_ses.retval = EXIT_SUCCESS; /* Assume it's clean if we don't get a
									  specific exit status */

Matt Johnston's avatar
Matt Johnston committed
126
	/* Auth */
127
	cli_ses.lastprivkey = NULL;
128
	cli_ses.lastauthtype = 0;
Matt Johnston's avatar
Matt Johnston committed
129

Matt Johnston's avatar
Matt Johnston committed
130
131
132
133
134
135
	/* For printing "remote host closed" for the user */
	ses.remoteclosed = cli_remoteclosed;
	ses.buf_match_algo = cli_buf_match_algo;

	/* packet handlers */
	ses.packettypes = cli_packettypes;
Matt Johnston's avatar
Matt Johnston committed
136
137

	ses.isserver = 0;
Matt Johnston's avatar
Matt Johnston committed
138
139
}

Matt Johnston's avatar
Matt Johnston committed
140
141
/* This function drives the progress of the session - it initiates KEX,
 * service, userauth and channel requests */
Matt Johnston's avatar
Matt Johnston committed
142
143
static void cli_sessionloop() {

144
	TRACE(("enter cli_sessionloop"))
Matt Johnston's avatar
Matt Johnston committed
145

146
147
	if (ses.lastpacket == SSH_MSG_KEXINIT && cli_ses.kex_state == KEX_NOTHING) {
		cli_ses.kex_state = KEXINIT_RCVD;
Matt Johnston's avatar
Matt Johnston committed
148
	}
Matt Johnston's avatar
Matt Johnston committed
149

150
	if (cli_ses.kex_state == KEXINIT_RCVD) {
Matt Johnston's avatar
Matt Johnston committed
151

Matt Johnston's avatar
Matt Johnston committed
152
153
154
155
		/* We initiate the KEXDH. If DH wasn't the correct type, the KEXINIT
		 * negotiation would have failed. */
		send_msg_kexdh_init();
		cli_ses.kex_state = KEXDH_INIT_SENT;
156
		TRACE(("leave cli_sessionloop: done with KEXINIT_RCVD"))
Matt Johnston's avatar
Matt Johnston committed
157
		return;
Matt Johnston's avatar
Matt Johnston committed
158
159
	}

Matt Johnston's avatar
Matt Johnston committed
160
161
162
163
164
165
166
167
	/* A KEX has finished, so we should go back to our KEX_NOTHING state */
	if (cli_ses.kex_state != KEX_NOTHING && ses.kexstate.recvkexinit == 0
			&& ses.kexstate.sentkexinit == 0) {
		cli_ses.kex_state = KEX_NOTHING;
	}

	/* We shouldn't do anything else if a KEX is in progress */
	if (cli_ses.kex_state != KEX_NOTHING) {
168
		TRACE(("leave cli_sessionloop: kex_state != KEX_NOTHING"))
Matt Johnston's avatar
Matt Johnston committed
169
170
		return;
	}
Matt Johnston's avatar
Matt Johnston committed
171

Matt Johnston's avatar
Matt Johnston committed
172
173
174
	/* We should exit if we haven't donefirstkex: we shouldn't reach here
	 * in normal operation */
	if (ses.kexstate.donefirstkex == 0) {
175
		TRACE(("XXX XXX might be bad! leave cli_sessionloop: haven't donefirstkex"))
176
		return;
Matt Johnston's avatar
Matt Johnston committed
177
178
179
180
181
182
183
184
185
	}

	switch (cli_ses.state) {

		case STATE_NOTHING:
			/* We've got the transport layer sorted, we now need to request
			 * userauth */
			send_msg_service_request(SSH_SERVICE_USERAUTH);
			cli_ses.state = SERVICE_AUTH_REQ_SENT;
186
			TRACE(("leave cli_sessionloop: sent userauth service req"))
Matt Johnston's avatar
Matt Johnston committed
187
188
189
190
191
			return;

		/* userauth code */
		case SERVICE_AUTH_ACCEPT_RCVD:
			cli_auth_getmethods();
192
			cli_ses.state = USERAUTH_REQ_SENT;
193
			TRACE(("leave cli_sessionloop: sent userauth methods req"))
Matt Johnston's avatar
Matt Johnston committed
194
195
196
197
			return;
			
		case USERAUTH_FAIL_RCVD:
			cli_auth_try();
198
			cli_ses.state = USERAUTH_REQ_SENT;
199
			TRACE(("leave cli_sessionloop: cli_auth_try"))
Matt Johnston's avatar
Matt Johnston committed
200
201
			return;

Matt Johnston's avatar
Matt Johnston committed
202
			/*
Matt Johnston's avatar
Matt Johnston committed
203
204
205
		case USERAUTH_SUCCESS_RCVD:
			send_msg_service_request(SSH_SERVICE_CONNECTION);
			cli_ses.state = SERVICE_CONN_REQ_SENT;
206
			TRACE(("leave cli_sessionloop: sent ssh-connection service req"))
Matt Johnston's avatar
Matt Johnston committed
207
208
			return;

209
210
		case SERVICE_CONN_ACCEPT_RCVD:
			cli_send_chansess_request();
211
			TRACE(("leave cli_sessionloop: cli_send_chansess_request"))
212
213
			cli_ses.state = SESSION_RUNNING;
			return;
Matt Johnston's avatar
Matt Johnston committed
214
			*/
215

Matt Johnston's avatar
Matt Johnston committed
216
		case USERAUTH_SUCCESS_RCVD:
Matt Johnston's avatar
Matt Johnston committed
217
218
#ifdef ENABLE_CLI_LOCALTCPFWD
			setup_localtcp();
219
220
221
#endif
#ifdef ENABLE_CLI_REMOTETCPFWD
			setup_remotetcp();
Matt Johnston's avatar
Matt Johnston committed
222
#endif
Matt Johnston's avatar
Matt Johnston committed
223
			cli_send_chansess_request();
224
			TRACE(("leave cli_sessionloop: cli_send_chansess_request"))
Matt Johnston's avatar
Matt Johnston committed
225
226
227
			cli_ses.state = SESSION_RUNNING;
			return;

228
229
230
231
		case SESSION_RUNNING:
			if (ses.chancount < 1) {
				cli_finished();
			}
232
233
234
235

			if (cli_ses.winchange) {
				cli_chansess_winchange();
			}
236
237
			return;

Matt Johnston's avatar
Matt Johnston committed
238
239
240
241
242
243
		/* XXX more here needed */


	default:
		break;
	}
Matt Johnston's avatar
Matt Johnston committed
244

245
	TRACE(("leave cli_sessionloop: fell out"))
Matt Johnston's avatar
Matt Johnston committed
246
247
248

}

249
250
251
252
253
void cli_session_cleanup() {

	if (!sessinitdone) {
		return;
	}
254

255
256
	/* Set std{in,out,err} back to non-blocking - busybox ash dies nastily if
	 * we don't revert the flags */
257
	fcntl(cli_ses.stdincopy, F_SETFL, cli_ses.stdinflags);
258
259
	fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags);
	fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags);
260

261
262
263
264
265
266
267
268
269
270
	cli_tty_cleanup();

}

static void cli_finished() {

	cli_session_cleanup();
	common_session_cleanup();
	fprintf(stderr, "Connection to %[email protected]%s:%s closed.\n", cli_opts.username,
			cli_opts.remotehost, cli_opts.remoteport);
271
	exit(cli_ses.retval);
272
273
274
}


Matt Johnston's avatar
Matt Johnston committed
275
276
277
278
279
280
281
/* called when the remote side closes the connection */
static void cli_remoteclosed() {

	/* XXX TODO perhaps print a friendlier message if we get this but have
	 * already sent/received disconnect message(s) ??? */
	close(ses.sock);
	ses.sock = -1;
Matt Johnston's avatar
Matt Johnston committed
282
	dropbear_exit("remote closed the connection");
Matt Johnston's avatar
Matt Johnston committed
283
}
Matt Johnston's avatar
Matt Johnston committed
284
285

/* Operates in-place turning dirty (untrusted potentially containing control
286
287
 * characters) text into clean text. 
 * Note: this is safe only with ascii - other charsets could have problems. */
Matt Johnston's avatar
Matt Johnston committed
288
289
290
void cleantext(unsigned char* dirtytext) {

	unsigned int i, j;
Matt Johnston's avatar
Matt Johnston committed
291
	unsigned char c;
Matt Johnston's avatar
Matt Johnston committed
292
293
294
295
296
297
298
299
300
301
302
303
304
305

	j = 0;
	for (i = 0; dirtytext[i] != '\0'; i++) {

		c = dirtytext[i];
		/* We can ignore '\r's */
		if ( (c >= ' ' && c <= '~') || c == '\n' || c == '\t') {
			dirtytext[j] = c;
			j++;
		}
	}
	/* Null terminate */
	dirtytext[j] = '\0';
}