1/* 2 * Dropbear SSH 3 * 4 * Copyright (c) 2002,2003 Matt Johnston 5 * Copyright (c) 2004 by Mihnea Stoenescu 6 * All rights reserved. 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 24 * SOFTWARE. */ 25 26#include "includes.h" 27#include "session.h" 28#include "dbutil.h" 29#include "kex.h" 30#include "ssh.h" 31#include "packet.h" 32#include "tcpfwd.h" 33#include "channel.h" 34#include "random.h" 35#include "service.h" 36#include "runopts.h" 37#include "chansession.h" 38 39static void cli_remoteclosed(); 40static void cli_sessionloop(); 41static void cli_session_init(); 42static void cli_finished(); 43 44struct clientsession cli_ses; /* GLOBAL */ 45 46/* Sorted in decreasing frequency will be more efficient - data and window 47 * should be first */ 48static const packettype cli_packettypes[] = { 49 /* TYPE, FUNCTION */ 50 {SSH_MSG_CHANNEL_DATA, recv_msg_channel_data}, 51 {SSH_MSG_CHANNEL_EXTENDED_DATA, recv_msg_channel_extended_data}, 52 {SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust}, 53 {SSH_MSG_USERAUTH_FAILURE, recv_msg_userauth_failure}, /* client */ 54 {SSH_MSG_USERAUTH_SUCCESS, recv_msg_userauth_success}, /* client */ 55 {SSH_MSG_KEXINIT, recv_msg_kexinit}, 56 {SSH_MSG_KEXDH_REPLY, recv_msg_kexdh_reply}, /* client */ 57 {SSH_MSG_NEWKEYS, recv_msg_newkeys}, 58 {SSH_MSG_SERVICE_ACCEPT, recv_msg_service_accept}, /* client */ 59 {SSH_MSG_CHANNEL_REQUEST, recv_msg_channel_request}, 60 {SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open}, 61 {SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof}, 62 {SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close}, 63 {SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation}, 64 {SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure}, 65 {SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */ 66 {SSH_MSG_USERAUTH_SPECIFIC_60, recv_msg_userauth_specific_60}, /* client */ 67 {0, 0} /* End */ 68}; 69 70static const struct ChanType *cli_chantypes[] = { 71#ifdef ENABLE_CLI_REMOTETCPFWD 72 &cli_chan_tcpremote, 73#endif 74 NULL /* Null termination */ 75}; 76 77void cli_session(int sock, char* remotehost) { 78 79 seedrandom(); 80 81 crypto_init(); 82 83 common_session_init(sock, remotehost); 84 85 chaninitialise(cli_chantypes); 86 87 /* Set up cli_ses vars */ 88 cli_session_init(); 89 90 /* Ready to go */ 91 sessinitdone = 1; 92 93 /* Exchange identification */ 94 session_identification(); 95 96 send_msg_kexinit(); 97 98 session_loop(cli_sessionloop); 99 100 /* Not reached */ 101 102} 103 104static void cli_session_init() { 105 106 cli_ses.state = STATE_NOTHING; 107 cli_ses.kex_state = KEX_NOTHING; 108 109 cli_ses.tty_raw_mode = 0; 110 cli_ses.winchange = 0; 111 112 /* We store std{in,out,err}'s flags, so we can set them back on exit 113 * (otherwise busybox's ash isn't happy */ 114 cli_ses.stdincopy = dup(STDIN_FILENO); 115 cli_ses.stdinflags = fcntl(STDIN_FILENO, F_GETFL, 0); 116 cli_ses.stdoutcopy = dup(STDOUT_FILENO); 117 cli_ses.stdoutflags = fcntl(STDOUT_FILENO, F_GETFL, 0); 118 cli_ses.stderrcopy = dup(STDERR_FILENO); 119 cli_ses.stderrflags = fcntl(STDERR_FILENO, F_GETFL, 0); 120 121 cli_ses.retval = EXIT_SUCCESS; /* Assume it's clean if we don't get a 122 specific exit status */ 123 124 /* Auth */ 125 cli_ses.lastprivkey = NULL; 126 cli_ses.lastauthtype = 0; 127 128 /* For printing "remote host closed" for the user */ 129 ses.remoteclosed = cli_remoteclosed; 130 ses.buf_match_algo = cli_buf_match_algo; 131 132 /* packet handlers */ 133 ses.packettypes = cli_packettypes; 134 135 ses.isserver = 0; 136} 137 138/* This function drives the progress of the session - it initiates KEX, 139 * service, userauth and channel requests */ 140static void cli_sessionloop() { 141 142 TRACE(("enter cli_sessionloop")) 143 144 if (ses.lastpacket == SSH_MSG_KEXINIT && cli_ses.kex_state == KEX_NOTHING) { 145 cli_ses.kex_state = KEXINIT_RCVD; 146 } 147 148 if (cli_ses.kex_state == KEXINIT_RCVD) { 149 150 /* We initiate the KEXDH. If DH wasn't the correct type, the KEXINIT 151 * negotiation would have failed. */ 152 send_msg_kexdh_init(); 153 cli_ses.kex_state = KEXDH_INIT_SENT; 154 TRACE(("leave cli_sessionloop: done with KEXINIT_RCVD")) 155 return; 156 } 157 158 /* A KEX has finished, so we should go back to our KEX_NOTHING state */ 159 if (cli_ses.kex_state != KEX_NOTHING && ses.kexstate.recvkexinit == 0 160 && ses.kexstate.sentkexinit == 0) { 161 cli_ses.kex_state = KEX_NOTHING; 162 } 163 164 /* We shouldn't do anything else if a KEX is in progress */ 165 if (cli_ses.kex_state != KEX_NOTHING) { 166 TRACE(("leave cli_sessionloop: kex_state != KEX_NOTHING")) 167 return; 168 } 169 170 /* We should exit if we haven't donefirstkex: we shouldn't reach here 171 * in normal operation */ 172 if (ses.kexstate.donefirstkex == 0) { 173 TRACE(("XXX XXX might be bad! leave cli_sessionloop: haven't donefirstkex")) 174 return; 175 } 176 177 switch (cli_ses.state) { 178 179 case STATE_NOTHING: 180 /* We've got the transport layer sorted, we now need to request 181 * userauth */ 182 send_msg_service_request(SSH_SERVICE_USERAUTH); 183 cli_ses.state = SERVICE_AUTH_REQ_SENT; 184 TRACE(("leave cli_sessionloop: sent userauth service req")) 185 return; 186 187 /* userauth code */ 188 case SERVICE_AUTH_ACCEPT_RCVD: 189 cli_auth_getmethods(); 190 cli_ses.state = USERAUTH_REQ_SENT; 191 TRACE(("leave cli_sessionloop: sent userauth methods req")) 192 return; 193 194 case USERAUTH_FAIL_RCVD: 195 cli_auth_try(); 196 cli_ses.state = USERAUTH_REQ_SENT; 197 TRACE(("leave cli_sessionloop: cli_auth_try")) 198 return; 199 200 /* 201 case USERAUTH_SUCCESS_RCVD: 202 send_msg_service_request(SSH_SERVICE_CONNECTION); 203 cli_ses.state = SERVICE_CONN_REQ_SENT; 204 TRACE(("leave cli_sessionloop: sent ssh-connection service req")) 205 return; 206 207 case SERVICE_CONN_ACCEPT_RCVD: 208 cli_send_chansess_request(); 209 TRACE(("leave cli_sessionloop: cli_send_chansess_request")) 210 cli_ses.state = SESSION_RUNNING; 211 return; 212 */ 213 214 case USERAUTH_SUCCESS_RCVD: 215 216 if (cli_opts.backgrounded) { 217 int devnull; 218 /* keeping stdin open steals input from the terminal and 219 is confusing, though stdout/stderr could be useful. */ 220 devnull = open(_PATH_DEVNULL, O_RDONLY); 221 if (devnull < 0) { 222 dropbear_exit("opening /dev/null: %d %s", 223 errno, strerror(errno)); 224 } 225 dup2(devnull, STDIN_FILENO); 226 if (daemon(0, 1) < 0) { 227 dropbear_exit("Backgrounding failed: %d %s", 228 errno, strerror(errno)); 229 } 230 } 231 232#ifdef ENABLE_CLI_LOCALTCPFWD 233 setup_localtcp(); 234#endif 235#ifdef ENABLE_CLI_REMOTETCPFWD 236 setup_remotetcp(); 237#endif 238 if (!cli_opts.no_cmd) { 239 cli_send_chansess_request(); 240 } 241 TRACE(("leave cli_sessionloop: running")) 242 cli_ses.state = SESSION_RUNNING; 243 return; 244 245 case SESSION_RUNNING: 246 if (ses.chancount < 1 && !cli_opts.no_cmd) { 247 cli_finished(); 248 } 249 250 if (cli_ses.winchange) { 251 cli_chansess_winchange(); 252 } 253 return; 254 255 /* XXX more here needed */ 256 257 258 default: 259 break; 260 } 261 262 TRACE(("leave cli_sessionloop: fell out")) 263 264} 265 266void cli_session_cleanup() { 267 268 if (!sessinitdone) { 269 return; 270 } 271 272 /* Set std{in,out,err} back to non-blocking - busybox ash dies nastily if 273 * we don't revert the flags */ 274 fcntl(cli_ses.stdincopy, F_SETFL, cli_ses.stdinflags); 275 fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags); 276 fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags); 277 278 cli_tty_cleanup(); 279 280} 281 282static void cli_finished() { 283 284 cli_session_cleanup(); 285 common_session_cleanup(); 286 fprintf(stderr, "Connection to %s@%s:%s closed.\n", cli_opts.username, 287 cli_opts.remotehost, cli_opts.remoteport); 288 exit(cli_ses.retval); 289} 290 291 292/* called when the remote side closes the connection */ 293static void cli_remoteclosed() { 294 295 /* XXX TODO perhaps print a friendlier message if we get this but have 296 * already sent/received disconnect message(s) ??? */ 297 close(ses.sock); 298 ses.sock = -1; 299 dropbear_exit("remote closed the connection"); 300} 301 302/* Operates in-place turning dirty (untrusted potentially containing control 303 * characters) text into clean text. 304 * Note: this is safe only with ascii - other charsets could have problems. */ 305void cleantext(unsigned char* dirtytext) { 306 307 unsigned int i, j; 308 unsigned char c; 309 310 j = 0; 311 for (i = 0; dirtytext[i] != '\0'; i++) { 312 313 c = dirtytext[i]; 314 /* We can ignore '\r's */ 315 if ( (c >= ' ' && c <= '~') || c == '\n' || c == '\t') { 316 dirtytext[j] = c; 317 j++; 318 } 319 } 320 /* Null terminate */ 321 dirtytext[j] = '\0'; 322} 323