release/src/router/dropbear/process-packet.c

   1 /*
   2  * Dropbear - a SSH2 server
   3  *
   4  * Copyright (c) 2002-2004 Matt Johnston
   5  * All rights reserved.
   6  *
   7  * Permission is hereby granted, free of charge, to any person obtaining a copy
   8  * of this software and associated documentation files (the "Software"), to deal
   9  * in the Software without restriction, including without limitation the rights
  10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  11  * copies of the Software, and to permit persons to whom the Software is
  12  * furnished to do so, subject to the following conditions:
  13  *
  14  * The above copyright notice and this permission notice shall be included in
  15  * all copies or substantial portions of the Software.
  16  *
  17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  20  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  23  * SOFTWARE. */
  24
  25 #include "includes.h"
  26 #include "packet.h"
  27 #include "session.h"
  28 #include "dbutil.h"
  29 #include "ssh.h"
  30 #include "algo.h"
  31 #include "buffer.h"
  32 #include "kex.h"
  33 #include "random.h"
  34 #include "service.h"
  35 #include "auth.h"
  36 #include "channel.h"
  37
  38 #define MAX_UNAUTH_PACKET_TYPE SSH_MSG_USERAUTH_PK_OK
  39
  40 static void recv_unimplemented();
  41
  42 /* process a decrypted packet, call the appropriate handler */
  43 void process_packet() {
  44
  45         unsigned char type;
  46         unsigned int i;
  47
  48         TRACE(("enter process_packet"))
  49
  50         type = buf_getbyte(ses.payload);
  51         TRACE(("process_packet: packet type = %d", type))
  52
  53         ses.lastpacket = type;
  54
  55     ses.last_packet_time = time(NULL);
  56
  57         /* These packets we can receive at any time */
  58         switch(type) {
  59
  60                 case SSH_MSG_IGNORE:
  61                         goto out;
  62                 case SSH_MSG_DEBUG:
  63                         goto out;
  64
  65                 case SSH_MSG_UNIMPLEMENTED:
  66                         /* debugging XXX */
  67                         TRACE(("SSH_MSG_UNIMPLEMENTED"))
  68                         dropbear_exit("Received SSH_MSG_UNIMPLEMENTED");
  69
  70                 case SSH_MSG_DISCONNECT:
  71                         /* TODO cleanup? */
  72                         dropbear_close("Disconnect received");
  73         }
  74
  75         /* This applies for KEX, where the spec says the next packet MUST be
  76          * NEWKEYS */
  77         if (ses.requirenext != 0) {
  78                 if (ses.requirenext != type) {
  79                         /* TODO send disconnect? */
  80                         dropbear_exit("Unexpected packet type %d, expected %d", type,
  81                                         ses.requirenext);
  82                 } else {
  83                         /* Got what we expected */
  84                         ses.requirenext = 0;
  85                 }
  86         }
  87
  88         /* Check if we should ignore this packet. Used currently only for
  89          * KEX code, with first_kex_packet_follows */
  90         if (ses.ignorenext) {
  91                 TRACE(("Ignoring packet, type = %d", type))
  92                 ses.ignorenext = 0;
  93                 goto out;
  94         }
  95
  96
  97         /* Kindly the protocol authors gave all the preauth packets type values
  98          * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ).
  99          * NOTE: if the protocol changes and new types are added, revisit this
 100          * assumption */
 101         if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) {
 102                 dropbear_exit("Received message %d before userauth", type);
 103         }
 104
 105         for (i = 0; ; i++) {
 106                 if (ses.packettypes[i].type == 0) {
 107                         /* end of list */
 108                         break;
 109                 }
 110
 111                 if (ses.packettypes[i].type == type) {
 112                         ses.packettypes[i].handler();
 113                         goto out;
 114                 }
 115         }
 116
 117
 118         /* TODO do something more here? */
 119         TRACE(("preauth unknown packet"))
 120         recv_unimplemented();
 121
 122 out:
 123         buf_free(ses.payload);
 124         ses.payload = NULL;
 125
 126         TRACE(("leave process_packet"))
 127 }
 128
 129
 130
 131 /* This must be called directly after receiving the unimplemented packet.
 132  * Isn't the most clean implementation, it relies on packet processing
 133  * occurring directly after decryption (direct use of ses.recvseq).
 134  * This is reasonably valid, since there is only a single decryption buffer */
 135 static void recv_unimplemented() {
 136
 137         CHECKCLEARTOWRITE();
 138
 139         buf_putbyte(ses.writepayload, SSH_MSG_UNIMPLEMENTED);
 140         /* the decryption routine increments the sequence number, we must
 141          * decrement */
 142         buf_putint(ses.writepayload, ses.recvseq - 1);
 143
 144         encrypt_packet();
 145 }