release/src/router/dropbear/process-packet.c

   1 /*
   2  * Dropbear - a SSH2 server
   3  *
   4  * Copyright (c) 2002-2004 Matt Johnston
   5  * All rights reserved.
   6  *
   7  * Permission is hereby granted, free of charge, to any person obtaining a copy
   8  * of this software and associated documentation files (the "Software"), to deal
   9  * in the Software without restriction, including without limitation the rights
  10  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  11  * copies of the Software, and to permit persons to whom the Software is
  12  * furnished to do so, subject to the following conditions:
  13  *
  14  * The above copyright notice and this permission notice shall be included in
  15  * all copies or substantial portions of the Software.
  16  *
  17  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  18  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  19  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  20  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  21  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  22  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  23  * SOFTWARE. */
  24
  25 #include "includes.h"
  26 #include "packet.h"
  27 #include "session.h"
  28 #include "dbutil.h"
  29 #include "ssh.h"
  30 #include "algo.h"
  31 #include "buffer.h"
  32 #include "kex.h"
  33 #include "dbrandom.h"
  34 #include "service.h"
  35 #include "auth.h"
  36 #include "channel.h"
  37
  38 #define MAX_UNAUTH_PACKET_TYPE SSH_MSG_USERAUTH_PK_OK
  39
  40 static void recv_unimplemented();
  41
  42 /* process a decrypted packet, call the appropriate handler */
  43 void process_packet() {
  44
  45         unsigned char type;
  46         unsigned int i;
  47
  48         TRACE2(("enter process_packet"))
  49
  50         type = buf_getbyte(ses.payload);
  51         TRACE(("process_packet: packet type = %d,  len %d", type, ses.payload->len))
  52
  53         ses.lastpacket = type;
  54
  55     ses.last_packet_time = time(NULL);
  56
  57         /* These packets we can receive at any time */
  58         switch(type) {
  59
  60                 case SSH_MSG_IGNORE:
  61                         goto out;
  62                 case SSH_MSG_DEBUG:
  63                         goto out;
  64
  65                 case SSH_MSG_UNIMPLEMENTED:
  66                         /* debugging XXX */
  67                         TRACE(("SSH_MSG_UNIMPLEMENTED"))
  68                         dropbear_exit("Received SSH_MSG_UNIMPLEMENTED");
  69
  70                 case SSH_MSG_DISCONNECT:
  71                         /* TODO cleanup? */
  72                         dropbear_close("Disconnect received");
  73         }
  74
  75         /* This applies for KEX, where the spec says the next packet MUST be
  76          * NEWKEYS */
  77         if (ses.requirenext[0] != 0) {
  78                 if (ses.requirenext[0] != type
  79                                 && (ses.requirenext[1] == 0 || ses.requirenext[1] != type)) {
  80                         dropbear_exit("Unexpected packet type %d, expected [%d,%d]", type,
  81                                         ses.requirenext[0], ses.requirenext[1]);
  82                 } else {
  83                         /* Got what we expected */
  84                         ses.requirenext[0] = 0;
  85                         ses.requirenext[1] = 0;
  86                 }
  87         }
  88
  89         /* Check if we should ignore this packet. Used currently only for
  90          * KEX code, with first_kex_packet_follows */
  91         if (ses.ignorenext) {
  92                 TRACE(("Ignoring packet, type = %d", type))
  93                 ses.ignorenext = 0;
  94                 goto out;
  95         }
  96
  97
  98         /* Kindly the protocol authors gave all the preauth packets type values
  99          * less-than-or-equal-to 60 ( == MAX_UNAUTH_PACKET_TYPE ).
 100          * NOTE: if the protocol changes and new types are added, revisit this
 101          * assumption */
 102         if ( !ses.authstate.authdone && type > MAX_UNAUTH_PACKET_TYPE ) {
 103                 dropbear_exit("Received message %d before userauth", type);
 104         }
 105
 106         for (i = 0; ; i++) {
 107                 if (ses.packettypes[i].type == 0) {
 108                         /* end of list */
 109                         break;
 110                 }
 111
 112                 if (ses.packettypes[i].type == type) {
 113                         ses.packettypes[i].handler();
 114                         goto out;
 115                 }
 116         }
 117
 118
 119         /* TODO do something more here? */
 120         TRACE(("preauth unknown packet"))
 121         recv_unimplemented();
 122
 123 out:
 124         buf_free(ses.payload);
 125         ses.payload = NULL;
 126
 127         TRACE2(("leave process_packet"))
 128 }
 129
 130
 131
 132 /* This must be called directly after receiving the unimplemented packet.
 133  * Isn't the most clean implementation, it relies on packet processing
 134  * occurring directly after decryption (direct use of ses.recvseq).
 135  * This is reasonably valid, since there is only a single decryption buffer */
 136 static void recv_unimplemented() {
 137
 138         CHECKCLEARTOWRITE();
 139
 140         buf_putbyte(ses.writepayload, SSH_MSG_UNIMPLEMENTED);
 141         /* the decryption routine increments the sequence number, we must
 142          * decrement */
 143         buf_putint(ses.writepayload, ses.recvseq - 1);
 144
 145         encrypt_packet();
 146 }