packet.c revision 69587
150476Speter/* 23455Sache * Author: Tatu Ylonen <ylo@cs.hut.fi> 3166130Srafan * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4156837Sru * All rights reserved 5156813Sru * This file contains code implementing the packet protocol and communication 6156813Sru * with the other side. This same code is used both on client and server side. 7167358Srafan * 83410Sache * As far as I am concerned, the code I have written for this software 9167359Srafan * can be used freely for any purpose. Any derived versions of this 10170826Srafan * software must be clearly marked as such, and if the derived work is 113410Sache * incompatible with the protocol description in the RFC file, it must be 12166130Srafan * called by a name other than "ssh" or "Secure Shell". 133523Sache * 14166130Srafan * 15166130Srafan * SSH2 packet format added by Markus Friedl. 16166130Srafan * Copyright (c) 2000 Markus Friedl. All rights reserved. 173410Sache * 1850624Speter * Redistribution and use in source and binary forms, with or without 19167359Srafan * modification, are permitted provided that the following conditions 20167359Srafan * are met: 21174999Srafan * 1. Redistributions of source code must retain the above copyright 22167359Srafan * notice, this list of conditions and the following disclaimer. 23167359Srafan * 2. Redistributions in binary form must reproduce the above copyright 24166130Srafan * notice, this list of conditions and the following disclaimer in the 25174999Srafan * documentation and/or other materials provided with the distribution. 26166130Srafan * 27167359Srafan * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 2897053Speter * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29166130Srafan * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 3097053Speter * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 31166130Srafan * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 3297053Speter * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 3397053Speter * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 34166130Srafan * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 35174999Srafan * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 36166130Srafan * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 37166130Srafan */ 38174999Srafan 39166130Srafan#include "includes.h" 40166130SrafanRCSID("$OpenBSD: packet.c,v 1.38 2000/10/12 14:21:12 markus Exp $"); 41166130Srafan 42166130Srafan#include "xmalloc.h" 4397053Speter#include "buffer.h" 4497053Speter#include "packet.h" 45166130Srafan#include "bufaux.h" 46174999Srafan#include "ssh.h" 47174999Srafan#include "crc32.h" 48166130Srafan#include "getput.h" 49166130Srafan 50166130Srafan#include "compress.h" 5197053Speter#include "deattack.h" 5297053Speter#include "channels.h" 53166130Srafan 54166130Srafan#include "compat.h" 55166130Srafan#include "ssh2.h" 56166130Srafan 5797053Speter#include <openssl/bn.h> 58174999Srafan#include <openssl/dh.h> 59166130Srafan#include <openssl/hmac.h> 603410Sache#include "buffer.h" 61167358Srafan#include "cipher.h" 62167358Srafan#include "kex.h" 63167358Srafan#include "hmac.h" 64167358Srafan 65167358Srafan#ifdef PACKET_DEBUG 66167358Srafan#define DBG(x) x 67167358Srafan#else 68167358Srafan#define DBG(x) 693410Sache#endif 70167358Srafan 71167358Srafan/* 72167358Srafan * This variable contains the file descriptors used for communicating with 73167358Srafan * the other side. connection_in is used for reading; connection_out for 74167358Srafan * writing. These can be the same descriptor, in which case it is assumed to 75167358Srafan * be a socket. 76167358Srafan */ 77167358Srafanstatic int connection_in = -1; 78167358Srafanstatic int connection_out = -1; 79167358Srafan 803410Sache/* 81167358Srafan * Cipher type. This value is only used to determine whether to pad the 823410Sache * packets with zeroes or random data. 83167358Srafan */ 84167358Srafanstatic int cipher_type = SSH_CIPHER_NONE; 85167358Srafan 86167358Srafan/* Protocol flags for the remote side. */ 87167358Srafanstatic unsigned int remote_protocol_flags = 0; 88167358Srafan 89167358Srafan/* Encryption context for receiving data. This is only used for decryption. */ 90167358Srafanstatic CipherContext receive_context; 91167358Srafan 92167358Srafan/* Encryption context for sending data. This is only used for encryption. */ 93167358Srafanstatic CipherContext send_context; 94167358Srafan 95167358Srafan/* Buffer for raw input data from the socket. */ 96167358Srafanstatic Buffer input; 97167358Srafan 98167358Srafan/* Buffer for raw output data going to the socket. */ 99167358Srafanstatic Buffer output; 100167358Srafan 101167358Srafan/* Buffer for the partial outgoing packet being constructed. */ 102167358Srafanstatic Buffer outgoing_packet; 103167358Srafan 104167358Srafan/* Buffer for the incoming packet currently being processed. */ 105167358Srafanstatic Buffer incoming_packet; 106167358Srafan 107167358Srafan/* Scratch buffer for packet compression/decompression. */ 108167358Srafanstatic Buffer compression_buffer; 109167358Srafan 110167358Srafan/* Flag indicating whether packet compression/decompression is enabled. */ 111167358Srafanstatic int packet_compression = 0; 112167358Srafan 113167358Srafan/* default maximum packet size */ 114167358Srafanint max_packet_size = 32768; 115167358Srafan 116167358Srafan/* Flag indicating whether this module has been initialized. */ 117167358Srafanstatic int initialized = 0; 118167358Srafan 119167358Srafan/* Set to true if the connection is interactive. */ 120167358Srafanstatic int interactive_mode = 0; 121167358Srafan 122167358Srafan/* True if SSH2 packet format is used */ 123167358Srafanint use_ssh2_packet_format = 0; 124167358Srafan 125167358Srafan/* Session key information for Encryption and MAC */ 126167358SrafanKex *kex = NULL; 127167358Srafan 128167358Srafanvoid 129167358Srafanpacket_set_kex(Kex *k) 130167358Srafan{ 131167358Srafan if( k->mac[MODE_IN ].key == NULL || 132167358Srafan k->enc[MODE_IN ].key == NULL || 133167358Srafan k->enc[MODE_IN ].iv == NULL || 134167358Srafan k->mac[MODE_OUT].key == NULL || 135167358Srafan k->enc[MODE_OUT].key == NULL || 136167358Srafan k->enc[MODE_OUT].iv == NULL) 137167358Srafan fatal("bad KEX"); 138167358Srafan kex = k; 139167358Srafan} 140167358Srafanvoid 141167358Srafanclear_enc_keys(Enc *enc, int len) 142167358Srafan{ 143167358Srafan memset(enc->iv, 0, len); 144167358Srafan memset(enc->key, 0, len); 145167358Srafan xfree(enc->iv); 146167358Srafan xfree(enc->key); 147167358Srafan enc->iv = NULL; 148167358Srafan enc->key = NULL; 149167358Srafan} 150167358Srafanvoid 151167358Srafanpacket_set_ssh2_format(void) 152167358Srafan{ 153167358Srafan DBG(debug("use_ssh2_packet_format")); 154167358Srafan use_ssh2_packet_format = 1; 155167358Srafan} 156167358Srafan 157167358Srafan/* 158167358Srafan * Sets the descriptors used for communication. Disables encryption until 159167358Srafan * packet_set_encryption_key is called. 160167358Srafan */ 161167358Srafanvoid 162167358Srafanpacket_set_connection(int fd_in, int fd_out) 163167358Srafan{ 164167358Srafan Cipher *none = cipher_by_name("none"); 165167358Srafan if (none == NULL) 166167358Srafan fatal("packet_set_connection: cannot load cipher 'none'"); 167167358Srafan connection_in = fd_in; 16850624Speter connection_out = fd_out; 169167358Srafan cipher_type = SSH_CIPHER_NONE; 170167358Srafan cipher_init(&send_context, none, (unsigned char *) "", 0, NULL, 0); 171167358Srafan cipher_init(&receive_context, none, (unsigned char *) "", 0, NULL, 0); 172167358Srafan if (!initialized) { 173167358Srafan initialized = 1; 174167358Srafan buffer_init(&input); 175167358Srafan buffer_init(&output); 176167358Srafan buffer_init(&outgoing_packet); 177167358Srafan buffer_init(&incoming_packet); 178167358Srafan } 179167358Srafan /* Kludge: arrange the close function to be called from fatal(). */ 180167358Srafan fatal_add_cleanup((void (*) (void *)) packet_close, NULL); 181167358Srafan} 182167358Srafan 183167358Srafan/* Returns 1 if remote host is connected via socket, 0 if not. */ 184174999Srafan 185167358Srafanint 186167358Srafanpacket_connection_is_on_socket() 187167358Srafan{ 188167358Srafan struct sockaddr_storage from, to; 189167358Srafan socklen_t fromlen, tolen; 190167358Srafan 191167358Srafan /* filedescriptors in and out are the same, so it's a socket */ 192167358Srafan if (connection_in == connection_out) 193167358Srafan return 1; 194167358Srafan fromlen = sizeof(from); 195167358Srafan memset(&from, 0, sizeof(from)); 196167358Srafan if (getpeername(connection_in, (struct sockaddr *)&from, &fromlen) < 0) 197167358Srafan return 0; 198167358Srafan tolen = sizeof(to); 199167358Srafan memset(&to, 0, sizeof(to)); 200167358Srafan if (getpeername(connection_out, (struct sockaddr *)&to, &tolen) < 0) 201167358Srafan return 0; 202167358Srafan if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0) 203167358Srafan return 0; 204167358Srafan if (from.ss_family != AF_INET && from.ss_family != AF_INET6) 205167358Srafan return 0; 206167358Srafan return 1; 207167358Srafan} 208167358Srafan 209167358Srafan/* returns 1 if connection is via ipv4 */ 210167358Srafan 211167358Srafanint 212167358Srafanpacket_connection_is_ipv4() 213167358Srafan{ 214167358Srafan struct sockaddr_storage to; 215167358Srafan socklen_t tolen = sizeof(to); 21650624Speter 217167358Srafan memset(&to, 0, sizeof(to)); 218167358Srafan if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0) 219167358Srafan return 0; 220167358Srafan if (to.ss_family != AF_INET) 221167358Srafan return 0; 222167358Srafan return 1; 223167358Srafan} 224167358Srafan 225167358Srafan/* Sets the connection into non-blocking mode. */ 22650624Speter 227167359Srafanvoid 228167359Srafanpacket_set_nonblocking() 229167359Srafan{ 230167359Srafan /* Set the socket into non-blocking mode. */ 231167359Srafan if (fcntl(connection_in, F_SETFL, O_NONBLOCK) < 0) 232167359Srafan error("fcntl O_NONBLOCK: %.100s", strerror(errno)); 233167359Srafan 234167359Srafan if (connection_out != connection_in) { 235167359Srafan if (fcntl(connection_out, F_SETFL, O_NONBLOCK) < 0) 236167359Srafan error("fcntl O_NONBLOCK: %.100s", strerror(errno)); 237167359Srafan } 238167359Srafan} 239167359Srafan 240167359Srafan/* Returns the socket used for reading. */ 241167359Srafan 242174999Srafanint 243167359Srafanpacket_get_connection_in() 244167359Srafan{ 245167359Srafan return connection_in; 246167359Srafan} 247167359Srafan 248167359Srafan/* Returns the descriptor used for writing. */ 249167359Srafan 250167359Srafanint 251167359Srafanpacket_get_connection_out() 252167358Srafan{ 253167358Srafan return connection_out; 254167358Srafan} 255167358Srafan 256166130Srafan/* Closes the connection and clears and frees internal data structures. */ 25797053Speter 258167358Srafanvoid 259167358Srafanpacket_close() 260167358Srafan{ 261167358Srafan if (!initialized) 262167358Srafan return; 263167358Srafan initialized = 0; 264167358Srafan if (connection_in == connection_out) { 265167358Srafan shutdown(connection_out, SHUT_RDWR); 266167358Srafan close(connection_out); 267167358Srafan } else { 26897053Speter close(connection_in); 26950624Speter close(connection_out); 27050624Speter } 271167358Srafan buffer_free(&input); 27250624Speter buffer_free(&output); 273167358Srafan buffer_free(&outgoing_packet); 274174999Srafan buffer_free(&incoming_packet); 27550624Speter if (packet_compression) { 276167358Srafan buffer_free(&compression_buffer); 277167358Srafan buffer_compress_uninit(); 278167358Srafan } 279167358Srafan} 280167358Srafan 281169971Srafan/* Sets remote side protocol flags. */ 282169971Srafan 283167358Srafanvoid 284167358Srafanpacket_set_protocol_flags(unsigned int protocol_flags) 285169971Srafan{ 286167358Srafan remote_protocol_flags = protocol_flags; 287172832Sru channel_set_options((protocol_flags & SSH_PROTOFLAG_HOST_IN_FWD_OPEN) != 0); 288167359Srafan} 289167359Srafan 290167359Srafan/* Returns the remote protocol flags set earlier by the above function. */ 291167359Srafan 292119581Sruunsigned int 293139106Srupacket_get_protocol_flags() 29450624Speter{ 295167359Srafan return remote_protocol_flags; 296167359Srafan} 297167359Srafan 298167359Srafan/* 29950624Speter * Starts packet compression from the next packet on in both directions. 300156854Sru * Level is compression level 1 (fastest) - 9 (slow, best) as in gzip. 301167359Srafan */ 302167359Srafan 303167359Srafan/*** XXXXX todo: kex means re-init */ 304167359Srafanvoid 30550624Speterpacket_start_compression(int level) 30650624Speter{ 307167358Srafan if (packet_compression) 308166130Srafan fatal("Compression already enabled."); 30955759Sphantom packet_compression = 1; 310156813Sru buffer_init(&compression_buffer); 311167358Srafan buffer_compress_init(level); 312136665Sru} 31355816Sgreen 31455759Sphantom/* 31550624Speter * Encrypts the given number of bytes, copying from src to dest. bytes is 316174999Srafan * known to be a multiple of 8. 31750624Speter */ 318174999Srafan 319174999Srafanvoid 32051687Speterpacket_encrypt(CipherContext * cc, void *dest, void *src, 321174999Srafan unsigned int bytes) 322174999Srafan{ 32350624Speter cipher_encrypt(cc, dest, src, bytes); 324167358Srafan} 325166130Srafan 32697053Speter/* 32750624Speter * Decrypts the given number of bytes, copying from src to dest. bytes is 328167358Srafan * known to be a multiple of 8. 329174999Srafan */ 33050624Speter 331167358Srafanvoid 332174999Srafanpacket_decrypt(CipherContext *context, void *dest, void *src, unsigned int bytes) 33350624Speter{ 334174999Srafan /* 335174999Srafan * Cryptographic attack detector for ssh - Modifications for packet.c 336174999Srafan * (C)1998 CORE-SDI, Buenos Aires Argentina Ariel Futoransky(futo@core-sdi.com) 337166130Srafan */ 33850624Speter if (!compat20 && 339167358Srafan context->cipher->number != SSH_CIPHER_NONE && 340166130Srafan detect_attack(src, bytes, NULL) == DEATTACK_DETECTED) 34150624Speter packet_disconnect("crc32 compensation attack: network attack detected"); 342167358Srafan 343166130Srafan cipher_decrypt(context, dest, src, bytes); 34450624Speter} 34550624Speter 346167358Srafan/* 347166130Srafan * Causes any further packets to be encrypted using the given key. The same 34897053Speter * key is used for both sending and reception. However, both directions are 34950624Speter * encrypted independently of each other. 350167358Srafan */ 35197053Speter 35250624Spetervoid 353167358Srafanpacket_set_encryption_key(const unsigned char *key, unsigned int keylen, 354166130Srafan int number) 35550624Speter{ 356167358Srafan Cipher *cipher = cipher_by_number(number); 357166130Srafan if (cipher == NULL) 358166130Srafan fatal("packet_set_encryption_key: unknown cipher number %d", number); 35950624Speter if (keylen < 20) 360167358Srafan fatal("packet_set_encryption_key: keylen too small: %d", keylen); 361166130Srafan cipher_init(&receive_context, cipher, key, keylen, NULL, 0); 362166130Srafan cipher_init(&send_context, cipher, key, keylen, NULL, 0); 36350624Speter} 36450624Speter 365167358Srafan/* Starts constructing a packet to send. */ 36697053Speter 367166130Srafanvoid 368166130Srafanpacket_start1(int type) 369167359Srafan{ 370167359Srafan char buf[9]; 371167359Srafan 372166130Srafan buffer_clear(&outgoing_packet); 37397053Speter memset(buf, 0, 8); 37497053Speter buf[8] = type; 37597053Speter buffer_append(&outgoing_packet, buf, 9); 376167358Srafan} 377166130Srafan 378166130Srafanvoid 37997053Speterpacket_start2(int type) 38050624Speter{ 38154576Smarcel char buf[4+1+1]; 38254576Smarcel 383167358Srafan buffer_clear(&outgoing_packet); 384166130Srafan memset(buf, 0, sizeof buf); 38550624Speter /* buf[0..3] = payload_len; */ 386167358Srafan /* buf[4] = pad_len; */ 38750624Speter buf[5] = type & 0xff; 388166130Srafan buffer_append(&outgoing_packet, buf, sizeof buf); 38950624Speter} 39050624Speter 391167358Srafanvoid 392166130Srafanpacket_start(int type) 393174999Srafan{ 39476731Speter DBG(debug("packet_start[%d]",type)); 39576731Speter if (use_ssh2_packet_format) 39676731Speter packet_start2(type); 397166130Srafan else 398166130Srafan packet_start1(type); 399166130Srafan} 400166130Srafan 401166130Srafan/* Appends a character to the packet data. */ 402174999Srafan 403174999Srafanvoid 40450624Speterpacket_put_char(int value) 405167358Srafan{ 406166130Srafan char ch = value; 40776731Speter buffer_append(&outgoing_packet, &ch, 1); 40876731Speter} 40976731Speter 41076731Speter/* Appends an integer to the packet data. */ 41150624Speter 412167358Srafanvoid 413166130Srafanpacket_put_int(unsigned int value) 41497053Speter{ 41597053Speter buffer_put_int(&outgoing_packet, value); 416166130Srafan} 41797053Speter 418166130Srafan/* Appends a string to packet data. */ 419166130Srafan 420166130Srafanvoid 421166130Srafanpacket_put_string(const char *buf, unsigned int len) 42276731Speter{ 423166130Srafan buffer_put_string(&outgoing_packet, buf, len); 42476731Speter} 425166130Srafanvoid 426174999Srafanpacket_put_cstring(const char *str) 427174999Srafan{ 42876731Speter buffer_put_string(&outgoing_packet, str, strlen(str)); 429174999Srafan} 430166130Srafan 431166130Srafanvoid 432166130Srafanpacket_put_raw(const char *buf, unsigned int len) 433166130Srafan{ 434166130Srafan buffer_append(&outgoing_packet, buf, len); 435166130Srafan} 43697053Speter 43776731Speter 438166130Srafan/* Appends an arbitrary precision integer to packet data. */ 439174999Srafan 440174999Srafanvoid 44197053Speterpacket_put_bignum(BIGNUM * value) 44276731Speter{ 44376731Speter buffer_put_bignum(&outgoing_packet, value); 444166130Srafan} 445102227Smikevoid 446166130Srafanpacket_put_bignum2(BIGNUM * value) 44750624Speter{ 448167358Srafan buffer_put_bignum2(&outgoing_packet, value); 449166130Srafan} 45076731Speter 45176731Speter/* 45250624Speter * Finalizes and sends the packet. If the encryption key has been set, 45350624Speter * encrypts the packet before sending. 454167358Srafan */ 455166130Srafan 456166130Srafanvoid 45750624Speterpacket_send1() 45850624Speter{ 45950624Speter char buf[8], *cp; 460167358Srafan int i, padding, len; 461167358Srafan unsigned int checksum; 462167358Srafan u_int32_t rand = 0; 463167358Srafan 464167358Srafan /* 465167358Srafan * If using packet compression, compress the payload of the outgoing 466167358Srafan * packet. 467167358Srafan */ 468167358Srafan if (packet_compression) { 469167358Srafan buffer_clear(&compression_buffer); 470167358Srafan /* Skip padding. */ 471167358Srafan buffer_consume(&outgoing_packet, 8); 472167358Srafan /* padding */ 473167358Srafan buffer_append(&compression_buffer, "\0\0\0\0\0\0\0\0", 8); 474167358Srafan buffer_compress(&outgoing_packet, &compression_buffer); 475167358Srafan buffer_clear(&outgoing_packet); 476167358Srafan buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), 477167358Srafan buffer_len(&compression_buffer)); 478167358Srafan } 479167358Srafan /* Compute packet length without padding (add checksum, remove padding). */ 480167358Srafan len = buffer_len(&outgoing_packet) + 4 - 8; 481167358Srafan 482167358Srafan /* Insert padding. Initialized to zero in packet_start1() */ 483167358Srafan padding = 8 - len % 8; 484167358Srafan if (cipher_type != SSH_CIPHER_NONE) { 485167358Srafan cp = buffer_ptr(&outgoing_packet); 486167358Srafan for (i = 0; i < padding; i++) { 487167358Srafan if (i % 4 == 0) 488167358Srafan rand = arc4random(); 489174999Srafan cp[7 - i] = rand & 0xff; 490167358Srafan rand >>= 8; 491167358Srafan } 492174999Srafan } 493167358Srafan buffer_consume(&outgoing_packet, 8 - padding); 494167358Srafan 495167358Srafan /* Add check bytes. */ 496167358Srafan checksum = ssh_crc32((unsigned char *) buffer_ptr(&outgoing_packet), 497167358Srafan buffer_len(&outgoing_packet)); 498167358Srafan PUT_32BIT(buf, checksum); 499167358Srafan buffer_append(&outgoing_packet, buf, 4); 500167358Srafan 501167358Srafan#ifdef PACKET_DEBUG 502167358Srafan fprintf(stderr, "packet_send plain: "); 503167358Srafan buffer_dump(&outgoing_packet); 504167358Srafan#endif 505167358Srafan 506167358Srafan /* Append to output. */ 507167358Srafan PUT_32BIT(buf, len); 508167358Srafan buffer_append(&output, buf, 4); 509167358Srafan buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); 510167358Srafan packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), 511167358Srafan buffer_len(&outgoing_packet)); 512167358Srafan 513167358Srafan#ifdef PACKET_DEBUG 514167358Srafan fprintf(stderr, "encrypted: "); 515167358Srafan buffer_dump(&output); 516167358Srafan#endif 51750624Speter 518167359Srafan buffer_clear(&outgoing_packet); 519167359Srafan 520167359Srafan /* 521167359Srafan * Note that the packet is now only buffered in output. It won\'t be 522167359Srafan * actually sent until packet_write_wait or packet_write_poll is 523167359Srafan * called. 524167359Srafan */ 525167359Srafan} 526167359Srafan 527167359Srafan/* 528167359Srafan * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) 529167359Srafan */ 530167359Srafanvoid 531167359Srafanpacket_send2() 532167359Srafan{ 533167358Srafan unsigned char *macbuf = NULL; 534166130Srafan char *cp; 535167358Srafan unsigned int packet_length = 0; 536167358Srafan unsigned int i, padlen, len; 53750624Speter u_int32_t rand = 0; 538167358Srafan static unsigned int seqnr = 0; 539167358Srafan int type; 540167358Srafan Enc *enc = NULL; 541167358Srafan Mac *mac = NULL; 542167358Srafan Comp *comp = NULL; 543167358Srafan int block_size; 544167358Srafan 545167358Srafan if (kex != NULL) { 546167358Srafan enc = &kex->enc[MODE_OUT]; 547167358Srafan mac = &kex->mac[MODE_OUT]; 548167358Srafan comp = &kex->comp[MODE_OUT]; 549167358Srafan } 550167358Srafan block_size = enc ? enc->cipher->block_size : 8; 551167358Srafan 552167358Srafan cp = buffer_ptr(&outgoing_packet); 553167358Srafan type = cp[5] & 0xff; 554167358Srafan 555168772Srafan#ifdef PACKET_DEBUG 556167358Srafan fprintf(stderr, "plain: "); 557167358Srafan buffer_dump(&outgoing_packet); 558167358Srafan#endif 559167358Srafan 560167358Srafan if (comp && comp->enabled) { 561167358Srafan len = buffer_len(&outgoing_packet); 562167358Srafan /* skip header, compress only payload */ 563167358Srafan buffer_consume(&outgoing_packet, 5); 564167358Srafan buffer_clear(&compression_buffer); 565167358Srafan buffer_compress(&outgoing_packet, &compression_buffer); 566167358Srafan buffer_clear(&outgoing_packet); 567167358Srafan buffer_append(&outgoing_packet, "\0\0\0\0\0", 5); 568167358Srafan buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer), 569167358Srafan buffer_len(&compression_buffer)); 570167358Srafan DBG(debug("compression: raw %d compressed %d", len, 571167358Srafan buffer_len(&outgoing_packet))); 572167358Srafan } 573167358Srafan 574167358Srafan /* sizeof (packet_len + pad_len + payload) */ 575167358Srafan len = buffer_len(&outgoing_packet); 576167358Srafan 577167358Srafan /* 578167358Srafan * calc size of padding, alloc space, get random data, 579167358Srafan * minimum padding is 4 bytes 580167358Srafan */ 581167358Srafan padlen = block_size - (len % block_size); 582167358Srafan if (padlen < 4) 583167358Srafan padlen += block_size; 584167358Srafan buffer_append_space(&outgoing_packet, &cp, padlen); 585167358Srafan if (enc && enc->cipher->number != SSH_CIPHER_NONE) { 586167358Srafan /* random padding */ 587167358Srafan for (i = 0; i < padlen; i++) { 588167358Srafan if (i % 4 == 0) 589167358Srafan rand = arc4random(); 590167358Srafan cp[i] = rand & 0xff; 591167358Srafan rand <<= 8; 592167358Srafan } 593168772Srafan } else { 594168772Srafan /* clear padding */ 595168772Srafan memset(cp, 0, padlen); 596168772Srafan } 597168772Srafan /* packet_length includes payload, padding and padding length field */ 598168772Srafan packet_length = buffer_len(&outgoing_packet) - 4; 599167358Srafan cp = buffer_ptr(&outgoing_packet); 600167358Srafan PUT_32BIT(cp, packet_length); 601167358Srafan cp[4] = padlen & 0xff; 602167358Srafan DBG(debug("send: len %d (includes padlen %d)", packet_length+4, padlen)); 603167358Srafan 604167358Srafan /* compute MAC over seqnr and packet(length fields, payload, padding) */ 605167358Srafan if (mac && mac->enabled) { 606167358Srafan macbuf = hmac( mac->md, seqnr, 607167358Srafan (unsigned char *) buffer_ptr(&outgoing_packet), 608167358Srafan buffer_len(&outgoing_packet), 609167358Srafan mac->key, mac->key_len 610167358Srafan ); 611167358Srafan DBG(debug("done calc MAC out #%d", seqnr)); 612167358Srafan } 613167358Srafan /* encrypt packet and append to output buffer. */ 614167358Srafan buffer_append_space(&output, &cp, buffer_len(&outgoing_packet)); 615167358Srafan packet_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet), 616167358Srafan buffer_len(&outgoing_packet)); 617167358Srafan /* append unencrypted MAC */ 618167358Srafan if (mac && mac->enabled) 619167358Srafan buffer_append(&output, (char *)macbuf, mac->mac_len); 620167358Srafan#ifdef PACKET_DEBUG 621167358Srafan fprintf(stderr, "encrypted: "); 622167358Srafan buffer_dump(&output); 623167358Srafan#endif 624167358Srafan /* increment sequence number for outgoing packets */ 625167358Srafan if (++seqnr == 0) 626167358Srafan log("outgoing seqnr wraps around"); 627167358Srafan buffer_clear(&outgoing_packet); 628167358Srafan 629167358Srafan if (type == SSH2_MSG_NEWKEYS) { 630167358Srafan if (kex==NULL || mac==NULL || enc==NULL || comp==NULL) 631167358Srafan fatal("packet_send2: no KEX"); 632167358Srafan if (mac->md != NULL) 633167358Srafan mac->enabled = 1; 634167358Srafan DBG(debug("cipher_init send_context")); 635167358Srafan cipher_init(&send_context, enc->cipher, 636167358Srafan enc->key, enc->cipher->key_len, 637167358Srafan enc->iv, enc->cipher->block_size); 638167358Srafan clear_enc_keys(enc, kex->we_need); 639167358Srafan if (comp->type != 0 && comp->enabled == 0) { 640167358Srafan comp->enabled = 1; 641167358Srafan if (! packet_compression) 642167358Srafan packet_start_compression(6); 643167358Srafan } 644167358Srafan } 645167358Srafan} 646167358Srafan 647167358Srafanvoid 648167358Srafanpacket_send() 649167358Srafan{ 650167358Srafan if (use_ssh2_packet_format) 651167358Srafan packet_send2(); 652167358Srafan else 653167358Srafan packet_send1(); 654167358Srafan DBG(debug("packet_send done")); 655167358Srafan} 656167358Srafan 657167358Srafan/* 658167358Srafan * Waits until a packet has been received, and returns its type. Note that 659167358Srafan * no other data is processed until this returns, so this function should not 660167358Srafan * be used during the interactive session. 661167358Srafan */ 662167358Srafan 663167358Srafanint 664167358Srafanpacket_read(int *payload_len_ptr) 665167358Srafan{ 666167358Srafan int type, len; 667167358Srafan fd_set set; 668167358Srafan char buf[8192]; 669167358Srafan DBG(debug("packet_read()")); 670167358Srafan 671167358Srafan /* Since we are blocking, ensure that all written packets have been sent. */ 672167358Srafan packet_write_wait(); 673167358Srafan 674167358Srafan /* Stay in the loop until we have received a complete packet. */ 675167358Srafan for (;;) { 676167358Srafan /* Try to read a packet from the buffer. */ 677167358Srafan type = packet_read_poll(payload_len_ptr); 678167358Srafan if (!use_ssh2_packet_format && ( 679167358Srafan type == SSH_SMSG_SUCCESS 680167358Srafan || type == SSH_SMSG_FAILURE 681167358Srafan || type == SSH_CMSG_EOF 682167358Srafan || type == SSH_CMSG_EXIT_CONFIRMATION)) 683167358Srafan packet_integrity_check(*payload_len_ptr, 0, type); 684167358Srafan /* If we got a packet, return it. */ 685167358Srafan if (type != SSH_MSG_NONE) 686167358Srafan return type; 687167358Srafan /* 688167358Srafan * Otherwise, wait for some data to arrive, add it to the 689167358Srafan * buffer, and try again. 690167358Srafan */ 691167358Srafan FD_ZERO(&set); 692167358Srafan FD_SET(connection_in, &set); 693167358Srafan 694167358Srafan /* Wait for some data to arrive. */ 695167358Srafan select(connection_in + 1, &set, NULL, NULL, NULL); 696167358Srafan 697167358Srafan /* Read data from the socket. */ 698167358Srafan len = read(connection_in, buf, sizeof(buf)); 699167358Srafan if (len == 0) { 700167358Srafan log("Connection closed by %.200s", get_remote_ipaddr()); 701167358Srafan fatal_cleanup(); 702167358Srafan } 703167358Srafan if (len < 0) 704167358Srafan fatal("Read from socket failed: %.100s", strerror(errno)); 705167358Srafan /* Append it to the buffer. */ 706167358Srafan packet_process_incoming(buf, len); 707167358Srafan } 708167358Srafan /* NOTREACHED */ 709167358Srafan} 710167358Srafan 711167358Srafan/* 712167358Srafan * Waits until a packet has been received, verifies that its type matches 713167358Srafan * that given, and gives a fatal error and exits if there is a mismatch. 714167358Srafan */ 715167358Srafan 716167358Srafanvoid 717167358Srafanpacket_read_expect(int *payload_len_ptr, int expected_type) 718167358Srafan{ 719167358Srafan int type; 720167358Srafan 721167358Srafan type = packet_read(payload_len_ptr); 722167358Srafan if (type != expected_type) 723167358Srafan packet_disconnect("Protocol error: expected packet type %d, got %d", 724167358Srafan expected_type, type); 725167358Srafan} 726167358Srafan 727167358Srafan/* Checks if a full packet is available in the data received so far via 728167358Srafan * packet_process_incoming. If so, reads the packet; otherwise returns 729167358Srafan * SSH_MSG_NONE. This does not wait for data from the connection. 730167358Srafan * 731167358Srafan * SSH_MSG_DISCONNECT is handled specially here. Also, 732167358Srafan * SSH_MSG_IGNORE messages are skipped by this function and are never returned 733167358Srafan * to higher levels. 734167358Srafan * 735174999Srafan * The returned payload_len does include space consumed by: 736174999Srafan * Packet length 737174999Srafan * Padding 738174999Srafan * Packet type 739174999Srafan * Check bytes 740174999Srafan */ 741174999Srafan 742174999Srafanint 743167358Srafanpacket_read_poll1(int *payload_len_ptr) 744167358Srafan{ 745167358Srafan unsigned int len, padded_len; 746167358Srafan unsigned char *ucp; 747167358Srafan char buf[8], *cp; 748167358Srafan unsigned int checksum, stored_checksum; 749167358Srafan 750167358Srafan /* Check if input size is less than minimum packet size. */ 751167358Srafan if (buffer_len(&input) < 4 + 8) 752174999Srafan return SSH_MSG_NONE; 753174999Srafan /* Get length of incoming packet. */ 754174999Srafan ucp = (unsigned char *) buffer_ptr(&input); 755174999Srafan len = GET_32BIT(ucp); 756174999Srafan if (len < 1 + 2 + 2 || len > 256 * 1024) 757174999Srafan packet_disconnect("Bad packet length %d.", len); 758174999Srafan padded_len = (len + 8) & ~7; 759174999Srafan 760174999Srafan /* Check if the packet has been entirely received. */ 761174999Srafan if (buffer_len(&input) < 4 + padded_len) 762174999Srafan return SSH_MSG_NONE; 763174999Srafan 764174999Srafan /* The entire packet is in buffer. */ 765167358Srafan 766167358Srafan /* Consume packet length. */ 767167358Srafan buffer_consume(&input, 4); 768167358Srafan 769167358Srafan /* Copy data to incoming_packet. */ 770167358Srafan buffer_clear(&incoming_packet); 771167358Srafan buffer_append_space(&incoming_packet, &cp, padded_len); 772167358Srafan packet_decrypt(&receive_context, cp, buffer_ptr(&input), padded_len); 773167358Srafan buffer_consume(&input, padded_len); 774167358Srafan 775167358Srafan#ifdef PACKET_DEBUG 776167358Srafan fprintf(stderr, "read_poll plain: "); 777167358Srafan buffer_dump(&incoming_packet); 778167358Srafan#endif 779167358Srafan 780167358Srafan /* Compute packet checksum. */ 781167358Srafan checksum = ssh_crc32((unsigned char *) buffer_ptr(&incoming_packet), 782167358Srafan buffer_len(&incoming_packet) - 4); 783167358Srafan 784167358Srafan /* Skip padding. */ 785167358Srafan buffer_consume(&incoming_packet, 8 - len % 8); 786167358Srafan 787167358Srafan /* Test check bytes. */ 788167358Srafan 789167358Srafan if (len != buffer_len(&incoming_packet)) 790167358Srafan packet_disconnect("packet_read_poll: len %d != buffer_len %d.", 791167358Srafan len, buffer_len(&incoming_packet)); 792167358Srafan 793167358Srafan ucp = (unsigned char *) buffer_ptr(&incoming_packet) + len - 4; 794167358Srafan stored_checksum = GET_32BIT(ucp); 795167358Srafan if (checksum != stored_checksum) 796167358Srafan packet_disconnect("Corrupted check bytes on input."); 797167358Srafan buffer_consume_end(&incoming_packet, 4); 798167358Srafan 799167358Srafan /* If using packet compression, decompress the packet. */ 800167358Srafan if (packet_compression) { 801167358Srafan buffer_clear(&compression_buffer); 802167358Srafan buffer_uncompress(&incoming_packet, &compression_buffer); 803167358Srafan buffer_clear(&incoming_packet); 804167358Srafan buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 805167358Srafan buffer_len(&compression_buffer)); 806167358Srafan } 807167358Srafan /* Get packet type. */ 808167358Srafan buffer_get(&incoming_packet, &buf[0], 1); 809167358Srafan 810167358Srafan /* Return length of payload (without type field). */ 811167358Srafan *payload_len_ptr = buffer_len(&incoming_packet); 812167358Srafan 813167358Srafan /* Return type. */ 814167358Srafan return (unsigned char) buf[0]; 815167358Srafan} 816167358Srafan 817167358Srafanint 818167358Srafanpacket_read_poll2(int *payload_len_ptr) 819167358Srafan{ 820167358Srafan unsigned int padlen, need; 821167358Srafan unsigned char buf[8], *macbuf; 822167358Srafan unsigned char *ucp; 823167358Srafan char *cp; 824167358Srafan static unsigned int packet_length = 0; 825167358Srafan static unsigned int seqnr = 0; 826167358Srafan int type; 827167358Srafan int maclen, block_size; 828167358Srafan Enc *enc = NULL; 829167358Srafan Mac *mac = NULL; 830167358Srafan Comp *comp = NULL; 831167358Srafan 832167358Srafan if (kex != NULL) { 833167358Srafan enc = &kex->enc[MODE_IN]; 834167358Srafan mac = &kex->mac[MODE_IN]; 835167358Srafan comp = &kex->comp[MODE_IN]; 836167358Srafan } 837167358Srafan maclen = mac && mac->enabled ? mac->mac_len : 0; 838167358Srafan block_size = enc ? enc->cipher->block_size : 8; 839167358Srafan 840167358Srafan if (packet_length == 0) { 841167358Srafan /* 842167358Srafan * check if input size is less than the cipher block size, 843167358Srafan * decrypt first block and extract length of incoming packet 844167358Srafan */ 845167358Srafan if (buffer_len(&input) < block_size) 846167358Srafan return SSH_MSG_NONE; 847167358Srafan buffer_clear(&incoming_packet); 848167358Srafan buffer_append_space(&incoming_packet, &cp, block_size); 849167358Srafan packet_decrypt(&receive_context, cp, buffer_ptr(&input), 850167358Srafan block_size); 851167358Srafan ucp = (unsigned char *) buffer_ptr(&incoming_packet); 852167358Srafan packet_length = GET_32BIT(ucp); 853167358Srafan if (packet_length < 1 + 4 || packet_length > 256 * 1024) { 854168772Srafan buffer_dump(&incoming_packet); 855168772Srafan packet_disconnect("Bad packet length %d.", packet_length); 856168772Srafan } 857168772Srafan DBG(debug("input: packet len %d", packet_length+4)); 858168772Srafan buffer_consume(&input, block_size); 859168772Srafan } 860168772Srafan /* we have a partial packet of block_size bytes */ 861168772Srafan need = 4 + packet_length - block_size; 862168772Srafan DBG(debug("partial packet %d, need %d, maclen %d", block_size, 863168774Sru need, maclen)); 864167358Srafan if (need % block_size != 0) 865167358Srafan fatal("padding error: need %d block %d mod %d", 866167358Srafan need, block_size, need % block_size); 867167358Srafan /* 868167358Srafan * check if the entire packet has been received and 869167358Srafan * decrypt into incoming_packet 870167358Srafan */ 871167358Srafan if (buffer_len(&input) < need + maclen) 872167358Srafan return SSH_MSG_NONE; 873167358Srafan#ifdef PACKET_DEBUG 874167358Srafan fprintf(stderr, "read_poll enc/full: "); 875167358Srafan buffer_dump(&input); 876167358Srafan#endif 877167358Srafan buffer_append_space(&incoming_packet, &cp, need); 878167358Srafan packet_decrypt(&receive_context, cp, buffer_ptr(&input), need); 879167358Srafan buffer_consume(&input, need); 880167358Srafan /* 881167358Srafan * compute MAC over seqnr and packet, 882167358Srafan * increment sequence number for incoming packet 883167358Srafan */ 884167358Srafan if (mac && mac->enabled) { 885167358Srafan macbuf = hmac( mac->md, seqnr, 886167358Srafan (unsigned char *) buffer_ptr(&incoming_packet), 887167358Srafan buffer_len(&incoming_packet), 888167358Srafan mac->key, mac->key_len 889167358Srafan ); 890167358Srafan if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0) 891167358Srafan packet_disconnect("Corrupted MAC on input."); 892167359Srafan DBG(debug("MAC #%d ok", seqnr)); 893167359Srafan buffer_consume(&input, mac->mac_len); 894167359Srafan } 895167359Srafan if (++seqnr == 0) 896167359Srafan log("incoming seqnr wraps around"); 897167359Srafan 898167359Srafan /* get padlen */ 899167359Srafan cp = buffer_ptr(&incoming_packet) + 4; 900167359Srafan padlen = *cp & 0xff; 901167359Srafan DBG(debug("input: padlen %d", padlen)); 902167359Srafan if (padlen < 4) 903167359Srafan packet_disconnect("Corrupted padlen %d on input.", padlen); 904167359Srafan 905167359Srafan /* skip packet size + padlen, discard padding */ 906167359Srafan buffer_consume(&incoming_packet, 4 + 1); 907167359Srafan buffer_consume_end(&incoming_packet, padlen); 908167359Srafan 909167359Srafan DBG(debug("input: len before de-compress %d", buffer_len(&incoming_packet))); 910167359Srafan if (comp && comp->enabled) { 911167359Srafan buffer_clear(&compression_buffer); 912167359Srafan buffer_uncompress(&incoming_packet, &compression_buffer); 913167359Srafan buffer_clear(&incoming_packet); 914167359Srafan buffer_append(&incoming_packet, buffer_ptr(&compression_buffer), 915167359Srafan buffer_len(&compression_buffer)); 916167359Srafan DBG(debug("input: len after de-compress %d", buffer_len(&incoming_packet))); 917167359Srafan } 918167359Srafan /* 919167359Srafan * get packet type, implies consume. 920167359Srafan * return length of payload (without type field) 921167359Srafan */ 922167359Srafan buffer_get(&incoming_packet, (char *)&buf[0], 1); 923167359Srafan *payload_len_ptr = buffer_len(&incoming_packet); 924167359Srafan 925167359Srafan /* reset for next packet */ 926167359Srafan packet_length = 0; 927167359Srafan 928167359Srafan /* extract packet type */ 929167359Srafan type = (unsigned char)buf[0]; 930167359Srafan 931167359Srafan if (type == SSH2_MSG_NEWKEYS) { 932167359Srafan if (kex==NULL || mac==NULL || enc==NULL || comp==NULL) 933167359Srafan fatal("packet_read_poll2: no KEX"); 934167359Srafan if (mac->md != NULL) 935167359Srafan mac->enabled = 1; 936167359Srafan DBG(debug("cipher_init receive_context")); 937167359Srafan cipher_init(&receive_context, enc->cipher, 938167359Srafan enc->key, enc->cipher->key_len, 939167359Srafan enc->iv, enc->cipher->block_size); 940167359Srafan clear_enc_keys(enc, kex->we_need); 941167359Srafan if (comp->type != 0 && comp->enabled == 0) { 942167359Srafan comp->enabled = 1; 943167359Srafan if (! packet_compression) 944167359Srafan packet_start_compression(6); 945167359Srafan } 946167359Srafan } 947167359Srafan 948167359Srafan#ifdef PACKET_DEBUG 949167359Srafan fprintf(stderr, "read/plain[%d]:\r\n",type); 950167359Srafan buffer_dump(&incoming_packet); 951167359Srafan#endif 952167359Srafan return (unsigned char)type; 953167359Srafan} 954167359Srafan 955167359Srafanint 956167359Srafanpacket_read_poll(int *payload_len_ptr) 957167359Srafan{ 958167359Srafan char *msg; 959167359Srafan for (;;) { 960167359Srafan int type = use_ssh2_packet_format ? 961167359Srafan packet_read_poll2(payload_len_ptr): 962167359Srafan packet_read_poll1(payload_len_ptr); 963167359Srafan 964167359Srafan if(compat20) { 965167359Srafan int reason; 966167359Srafan if (type != 0) 967167359Srafan DBG(debug("received packet type %d", type)); 968167359Srafan switch(type) { 969167359Srafan case SSH2_MSG_IGNORE: 970167359Srafan break; 971167359Srafan case SSH2_MSG_DEBUG: 972167359Srafan packet_get_char(); 973167359Srafan msg = packet_get_string(NULL); 974167359Srafan debug("Remote: %.900s", msg); 97550624Speter xfree(msg); 976167358Srafan msg = packet_get_string(NULL); 977167358Srafan xfree(msg); 978167358Srafan break; 979167358Srafan case SSH2_MSG_DISCONNECT: 980167358Srafan reason = packet_get_int(); 981 msg = packet_get_string(NULL); 982 log("Received disconnect: %d: %.900s", reason, msg); 983 xfree(msg); 984 fatal_cleanup(); 985 break; 986 default: 987 return type; 988 break; 989 } 990 } else { 991 switch(type) { 992 case SSH_MSG_IGNORE: 993 break; 994 case SSH_MSG_DEBUG: 995 msg = packet_get_string(NULL); 996 debug("Remote: %.900s", msg); 997 xfree(msg); 998 break; 999 case SSH_MSG_DISCONNECT: 1000 msg = packet_get_string(NULL); 1001 log("Received disconnect: %.900s", msg); 1002 fatal_cleanup(); 1003 xfree(msg); 1004 break; 1005 default: 1006 if (type != 0) 1007 DBG(debug("received packet type %d", type)); 1008 return type; 1009 break; 1010 } 1011 } 1012 } 1013} 1014 1015/* 1016 * Buffers the given amount of input characters. This is intended to be used 1017 * together with packet_read_poll. 1018 */ 1019 1020void 1021packet_process_incoming(const char *buf, unsigned int len) 1022{ 1023 buffer_append(&input, buf, len); 1024} 1025 1026/* Returns a character from the packet. */ 1027 1028unsigned int 1029packet_get_char() 1030{ 1031 char ch; 1032 buffer_get(&incoming_packet, &ch, 1); 1033 return (unsigned char) ch; 1034} 1035 1036/* Returns an integer from the packet data. */ 1037 1038unsigned int 1039packet_get_int() 1040{ 1041 return buffer_get_int(&incoming_packet); 1042} 1043 1044/* 1045 * Returns an arbitrary precision integer from the packet data. The integer 1046 * must have been initialized before this call. 1047 */ 1048 1049void 1050packet_get_bignum(BIGNUM * value, int *length_ptr) 1051{ 1052 *length_ptr = buffer_get_bignum(&incoming_packet, value); 1053} 1054 1055void 1056packet_get_bignum2(BIGNUM * value, int *length_ptr) 1057{ 1058 *length_ptr = buffer_get_bignum2(&incoming_packet, value); 1059} 1060 1061char * 1062packet_get_raw(int *length_ptr) 1063{ 1064 int bytes = buffer_len(&incoming_packet); 1065 if (length_ptr != NULL) 1066 *length_ptr = bytes; 1067 return buffer_ptr(&incoming_packet); 1068} 1069 1070int 1071packet_remaining(void) 1072{ 1073 return buffer_len(&incoming_packet); 1074} 1075 1076/* 1077 * Returns a string from the packet data. The string is allocated using 1078 * xmalloc; it is the responsibility of the calling program to free it when 1079 * no longer needed. The length_ptr argument may be NULL, or point to an 1080 * integer into which the length of the string is stored. 1081 */ 1082 1083char * 1084packet_get_string(unsigned int *length_ptr) 1085{ 1086 return buffer_get_string(&incoming_packet, length_ptr); 1087} 1088 1089/* 1090 * Sends a diagnostic message from the server to the client. This message 1091 * can be sent at any time (but not while constructing another message). The 1092 * message is printed immediately, but only if the client is being executed 1093 * in verbose mode. These messages are primarily intended to ease debugging 1094 * authentication problems. The length of the formatted message must not 1095 * exceed 1024 bytes. This will automatically call packet_write_wait. 1096 */ 1097 1098void 1099packet_send_debug(const char *fmt,...) 1100{ 1101 char buf[1024]; 1102 va_list args; 1103 1104 va_start(args, fmt); 1105 vsnprintf(buf, sizeof(buf), fmt, args); 1106 va_end(args); 1107 1108 if (compat20) { 1109 packet_start(SSH2_MSG_DEBUG); 1110 packet_put_char(0); /* bool: always display */ 1111 packet_put_cstring(buf); 1112 packet_put_cstring(""); 1113 } else { 1114 packet_start(SSH_MSG_DEBUG); 1115 packet_put_cstring(buf); 1116 } 1117 packet_send(); 1118 packet_write_wait(); 1119} 1120 1121/* 1122 * Logs the error plus constructs and sends a disconnect packet, closes the 1123 * connection, and exits. This function never returns. The error message 1124 * should not contain a newline. The length of the formatted message must 1125 * not exceed 1024 bytes. 1126 */ 1127 1128void 1129packet_disconnect(const char *fmt,...) 1130{ 1131 char buf[1024]; 1132 va_list args; 1133 static int disconnecting = 0; 1134 if (disconnecting) /* Guard against recursive invocations. */ 1135 fatal("packet_disconnect called recursively."); 1136 disconnecting = 1; 1137 1138 /* 1139 * Format the message. Note that the caller must make sure the 1140 * message is of limited size. 1141 */ 1142 va_start(args, fmt); 1143 vsnprintf(buf, sizeof(buf), fmt, args); 1144 va_end(args); 1145 1146 /* Send the disconnect message to the other side, and wait for it to get sent. */ 1147 if (compat20) { 1148 packet_start(SSH2_MSG_DISCONNECT); 1149 packet_put_int(SSH2_DISCONNECT_PROTOCOL_ERROR); 1150 packet_put_cstring(buf); 1151 packet_put_cstring(""); 1152 } else { 1153 packet_start(SSH_MSG_DISCONNECT); 1154 packet_put_string(buf, strlen(buf)); 1155 } 1156 packet_send(); 1157 packet_write_wait(); 1158 1159 /* Stop listening for connections. */ 1160 channel_stop_listening(); 1161 1162 /* Close the connection. */ 1163 packet_close(); 1164 1165 /* Display the error locally and exit. */ 1166 log("Disconnecting: %.100s", buf); 1167 fatal_cleanup(); 1168} 1169 1170/* Checks if there is any buffered output, and tries to write some of the output. */ 1171 1172void 1173packet_write_poll() 1174{ 1175 int len = buffer_len(&output); 1176 if (len > 0) { 1177 len = write(connection_out, buffer_ptr(&output), len); 1178 if (len <= 0) { 1179 if (errno == EAGAIN) 1180 return; 1181 else 1182 fatal("Write failed: %.100s", strerror(errno)); 1183 } 1184 buffer_consume(&output, len); 1185 } 1186} 1187 1188/* 1189 * Calls packet_write_poll repeatedly until all pending output data has been 1190 * written. 1191 */ 1192 1193void 1194packet_write_wait() 1195{ 1196 packet_write_poll(); 1197 while (packet_have_data_to_write()) { 1198 fd_set set; 1199 FD_ZERO(&set); 1200 FD_SET(connection_out, &set); 1201 select(connection_out + 1, NULL, &set, NULL, NULL); 1202 packet_write_poll(); 1203 } 1204} 1205 1206/* Returns true if there is buffered data to write to the connection. */ 1207 1208int 1209packet_have_data_to_write() 1210{ 1211 return buffer_len(&output) != 0; 1212} 1213 1214/* Returns true if there is not too much data to write to the connection. */ 1215 1216int 1217packet_not_very_much_data_to_write() 1218{ 1219 if (interactive_mode) 1220 return buffer_len(&output) < 16384; 1221 else 1222 return buffer_len(&output) < 128 * 1024; 1223} 1224 1225/* Informs that the current session is interactive. Sets IP flags for that. */ 1226 1227void 1228packet_set_interactive(int interactive, int keepalives) 1229{ 1230 int on = 1; 1231 1232 /* Record that we are in interactive mode. */ 1233 interactive_mode = interactive; 1234 1235 /* Only set socket options if using a socket. */ 1236 if (!packet_connection_is_on_socket()) 1237 return; 1238 if (keepalives) { 1239 /* Set keepalives if requested. */ 1240 if (setsockopt(connection_in, SOL_SOCKET, SO_KEEPALIVE, (void *) &on, 1241 sizeof(on)) < 0) 1242 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); 1243 } 1244 /* 1245 * IPTOS_LOWDELAY, TCP_NODELAY and IPTOS_THROUGHPUT are IPv4 only 1246 */ 1247 if (!packet_connection_is_ipv4()) 1248 return; 1249 if (interactive) { 1250 /* 1251 * Set IP options for an interactive connection. Use 1252 * IPTOS_LOWDELAY and TCP_NODELAY. 1253 */ 1254 int lowdelay = IPTOS_LOWDELAY; 1255 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &lowdelay, 1256 sizeof(lowdelay)) < 0) 1257 error("setsockopt IPTOS_LOWDELAY: %.100s", strerror(errno)); 1258 if (setsockopt(connection_in, IPPROTO_TCP, TCP_NODELAY, (void *) &on, 1259 sizeof(on)) < 0) 1260 error("setsockopt TCP_NODELAY: %.100s", strerror(errno)); 1261 } else { 1262 /* 1263 * Set IP options for a non-interactive connection. Use 1264 * IPTOS_THROUGHPUT. 1265 */ 1266 int throughput = IPTOS_THROUGHPUT; 1267 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput, 1268 sizeof(throughput)) < 0) 1269 error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno)); 1270 } 1271} 1272 1273/* Returns true if the current connection is interactive. */ 1274 1275int 1276packet_is_interactive() 1277{ 1278 return interactive_mode; 1279} 1280 1281int 1282packet_set_maxsize(int s) 1283{ 1284 static int called = 0; 1285 if (called) { 1286 log("packet_set_maxsize: called twice: old %d new %d", 1287 max_packet_size, s); 1288 return -1; 1289 } 1290 if (s < 4 * 1024 || s > 1024 * 1024) { 1291 log("packet_set_maxsize: bad size %d", s); 1292 return -1; 1293 } 1294 log("packet_set_maxsize: setting to %d", s); 1295 max_packet_size = s; 1296 return s; 1297} 1298