1f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/* 2f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * Dropbear - a SSH2 server 3f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 4f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * Copyright (c) 2002-2004 Matt Johnston 5f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * All rights reserved. 6f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 7f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * Permission is hereby granted, free of charge, to any person obtaining a copy 8f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * of this software and associated documentation files (the "Software"), to deal 9f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * in the Software without restriction, including without limitation the rights 10f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * copies of the Software, and to permit persons to whom the Software is 12f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * furnished to do so, subject to the following conditions: 13f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 14f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * The above copyright notice and this permission notice shall be included in 15f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * all copies or substantial portions of the Software. 16f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 17f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * SOFTWARE. */ 24f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 25f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "includes.h" 26f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "packet.h" 27f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "session.h" 28f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "dbutil.h" 29f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "ssh.h" 30f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "algo.h" 31f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "buffer.h" 32f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "kex.h" 33f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "random.h" 34f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "service.h" 35f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "auth.h" 36f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "channel.h" 37f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 38f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#define MAX_UNAUTH_PACKET_TYPE SSH_MSG_USERAUTH_PK_OK 39f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 40f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Projectstatic void recv_unimplemented(); 41f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 42f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/* process a decrypted packet, call the appropriate handler */ 43f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Projectvoid process_packet() { 44f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 45f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project unsigned char type; 46f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project unsigned int i; 47f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 48f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project TRACE(("enter process_packet")) 49f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 50f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project type = buf_getbyte(ses.payload); 51f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project TRACE(("process_packet: packet type = %d", type)) 52f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 53f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project ses.lastpacket = type; 54f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 55f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* These packets we can receive at any time */ 56f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project switch(type) { 57f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 58f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project case SSH_MSG_IGNORE: 59f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project case SSH_MSG_DEBUG: 60f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project TRACE(("received SSH_MSG_IGNORE or SSH_MSG_DEBUG")) 61f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project goto out; 62f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 63f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project case SSH_MSG_UNIMPLEMENTED: 64f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* debugging XXX */ 65f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project TRACE(("SSH_MSG_UNIMPLEMENTED")) 66f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project dropbear_exit("received SSH_MSG_UNIMPLEMENTED"); 67f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 68f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project case SSH_MSG_DISCONNECT: 69f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* TODO cleanup? */ 70f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project dropbear_close("Disconnect received"); 71f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 72f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 73f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 74f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* This applies for KEX, where the spec says the next packet MUST be 75f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * NEWKEYS */ 76f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (ses.requirenext != 0) { 77f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (ses.requirenext != type) { 78f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* TODO send disconnect? */ 79f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project dropbear_exit("unexpected packet type %d, expected %d", type, 80f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project ses.requirenext); 81f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } else { 82f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* Got what we expected */ 83f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project ses.requirenext = 0; 84f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 85f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 86f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 87f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* Check if we should ignore this packet. Used currently only for 88f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * KEX code, with first_kex_packet_follows */ 89f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (ses.ignorenext) { 90f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project TRACE(("Ignoring packet, type = %d", type)) 91f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project ses.ignorenext = 0; 92f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project goto out; 93f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 94f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 95f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 96f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* Kindly the protocol authors gave all the preauth packets type values 97f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ). 98f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * NOTE: if the protocol changes and new types are added, revisit this 99f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * assumption */ 100f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) { 101f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project dropbear_exit("received message %d before userauth", type); 102f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 103f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 104f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project for (i = 0; ; i++) { 105f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (ses.packettypes[i].type == 0) { 106f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* end of list */ 107f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project break; 108f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 109f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 110f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (ses.packettypes[i].type == type) { 111f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project ses.packettypes[i].handler(); 112f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project goto out; 113f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 114f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 115f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 116f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 117f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* TODO do something more here? */ 118f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project TRACE(("preauth unknown packet")) 119f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project recv_unimplemented(); 120f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 121f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Projectout: 122f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project buf_free(ses.payload); 123f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project ses.payload = NULL; 124f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 125f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project TRACE(("leave process_packet")) 126f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project} 127f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 128f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 129f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 130f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/* This must be called directly after receiving the unimplemented packet. 131f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * Isn't the most clean implementation, it relies on packet processing 132f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * occurring directly after decryption (direct use of ses.recvseq). 133f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * This is reasonably valid, since there is only a single decryption buffer */ 134f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Projectstatic void recv_unimplemented() { 135f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 136f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project CHECKCLEARTOWRITE(); 137f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 138f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project buf_putbyte(ses.writepayload, SSH_MSG_UNIMPLEMENTED); 139f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* the decryption routine increments the sequence number, we must 140f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * decrement */ 141f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project buf_putint(ses.writepayload, ses.recvseq - 1); 142f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 143f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project encrypt_packet(); 144f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project} 145