search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / dropbear / session.h
blob91e306a7f7158696af7795a4c98273bf638e5540
1 /*
2 * Dropbear - a SSH2 server
3 *
4 * Copyright (c) 2002,2003 Matt Johnston
5 * All rights reserved.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE. */
24
25 #ifndef _SESSION_H_
26 #define _SESSION_H_
27
28 #include "includes.h"
29 #include "options.h"
30 #include "buffer.h"
31 #include "signkey.h"
32 #include "kex.h"
33 #include "auth.h"
34 #include "channel.h"
35 #include "queue.h"
36 #include "listener.h"
37 #include "packet.h"
38 #include "tcpfwd.h"
39 #include "chansession.h"
40 #include "dbutil.h"
41
42 extern int sessinitdone; /* Is set to 0 somewhere */
43 extern int exitflag;
44
45 void common_session_init(int sock_in, int sock_out);
46 void session_loop(void(*loophandler)());
47 void session_cleanup();
48 void send_session_identification();
49 void send_msg_ignore();
50
51 const char* get_user_shell();
52 void fill_passwd(const char* username);
53
54 /* Server */
55 void svr_session(int sock, int childpipe);
56 void svr_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
57 void svr_dropbear_log(int priority, const char* format, va_list param);
58
59 /* Client */
60 void cli_session(int sock_in, int sock_out);
61 void cleantext(unsigned char* dirtytext);
62
63 /* crypto parameters that are stored individually for transmit and receive */
64 struct key_context_directional {
65 const struct dropbear_cipher *algo_crypt;
66 const struct dropbear_cipher_mode *crypt_mode;
67 const struct dropbear_hash *algo_mac;
68 int hash_index; /* lookup for libtomcrypt */
69 int algo_comp; /* compression */
70 #ifndef DISABLE_ZLIB
71 z_streamp zstream;
72 #endif
73 /* actual keys */
74 union {
75 symmetric_CBC cbc;
76 #ifdef DROPBEAR_ENABLE_CTR_MODE
77 symmetric_CTR ctr;
78 #endif
79 } cipher_state;
80 unsigned char mackey[MAX_MAC_LEN];
81 int valid;
82 };
83
84 struct key_context {
85
86 struct key_context_directional recv;
87 struct key_context_directional trans;
88
89 const struct dropbear_kex *algo_kex;
90 int algo_hostkey;
91
92 int allow_compress; /* whether compression has started (useful in
93 zlib@openssh.com delayed compression case) */
94 };
95
96 struct packetlist;
97 struct packetlist {
98 struct packetlist *next;
99 buffer * payload;
100 };
101
102 struct sshsession {
103
104 /* Is it a client or server? */
105 unsigned char isserver;
106
107 time_t connect_time; /* time the connection was established
108 (cleared after auth once we're not
109 respecting AUTH_TIMEOUT any more) */
110
111 int sock_in;
112 int sock_out;
113
114 /* remotehost will be initially NULL as we delay
115 * reading the remote version string. it will be set
116 * by the time any recv_() packet methods are called */
117 unsigned char *remoteident;
118
119 int maxfd; /* the maximum file descriptor to check with select() */
120
121
122 /* Packet buffers/values etc */
123 buffer *writepayload; /* Unencrypted payload to write - this is used
124 throughout the code, as handlers fill out this
125 buffer with the packet to send. */
126 struct Queue writequeue; /* A queue of encrypted packets to send */
127 buffer *readbuf; /* From the wire, decrypted in-place */
128 buffer *payload; /* Post-decompression, the actual SSH packet */
129 unsigned int transseq, recvseq; /* Sequence IDs */
130
131 /* Packet-handling flags */
132 const packettype * packettypes; /* Packet handler mappings for this
133 session, see process-packet.c */
134
135 unsigned dataallowed : 1; /* whether we can send data packets or we are in
136 the middle of a KEX or something */
137
138 unsigned char requirenext[2]; /* bytes indicating what packets we require next,
139 or 0x00 for any. Second option can only be
140 used if the first byte is also set */
141
142 unsigned char ignorenext; /* whether to ignore the next packet,
143 used for kex_follows stuff */
144
145 unsigned char lastpacket; /* What the last received packet type was */
146
147 int signal_pipe[2]; /* stores endpoints of a self-pipe used for
148 race-free signal handling */
149
150 time_t last_trx_packet_time; /* time of the last packet transmission, for
151 keepalive purposes */
152
153 time_t last_packet_time; /* time of the last packet transmission or receive, for
154 idle timeout purposes */
155
156
157 /* KEX/encryption related */
158 struct KEXState kexstate;
159 struct key_context *keys;
160 struct key_context *newkeys;
161 buffer *session_id; /* this is the hash from the first kex */
162 /* The below are used temporarily during kex, are freed after use */
163 mp_int * dh_K; /* SSH_MSG_KEXDH_REPLY and sending SSH_MSH_NEWKEYS */
164 buffer *hash; /* the session hash */
165 buffer* kexhashbuf; /* session hash buffer calculated from various packets*/
166 buffer* transkexinit; /* the kexinit packet we send should be kept so we
167 can add it to the hash when generating keys */
168
169 /* Enables/disables compression */
170 algo_type *compress_algos;
171
172 /* a list of queued replies that should be sent after a KEX has
173 concluded (ie, while dataallowed was unset)*/
174 struct packetlist *reply_queue_head, *reply_queue_tail;
175
176 void(*remoteclosed)(); /* A callback to handle closure of the
177 remote connection */
178
179 void(*extra_session_cleanup)(); /* client or server specific cleanup */
180 void(*send_kex_first_guess)();
181
182 struct AuthState authstate; /* Common amongst client and server, since most
183 struct elements are common */
184
185 /* Channel related */
186 struct Channel ** channels; /* these pointers may be null */
187 unsigned int chansize; /* the number of Channel*s allocated for channels */
188 unsigned int chancount; /* the number of Channel*s in use */
189 const struct ChanType **chantypes; /* The valid channel types */
190
191
192 /* TCP forwarding - where manage listeners */
193 struct Listener ** listeners;
194 unsigned int listensize;
195
196 /* Whether to allow binding to privileged ports (<1024). This doesn't
197 * really belong here, but nowhere else fits nicely */
198 int allowprivport;
199
200 };
201
202 struct serversession {
203
204 /* Server specific options */
205 int childpipe; /* kept open until we successfully authenticate */
206 /* userauth */
207
208 struct ChildPid * childpids; /* array of mappings childpid<->channel */
209 unsigned int childpidsize;
210
211 /* Used to avoid a race in the exit returncode handling - see
212 * svr-chansession.c for details */
213 struct exitinfo lastexit;
214
215 /* The numeric address they connected from, used for logging */
216 char * addrstring;
217
218 /* The resolved remote address, used for lastlog etc */
219 char *remotehost;
220
221 #ifdef USE_VFORK
222 pid_t server_pid;
223 #endif
224
225 };
226
227 typedef enum {
228 KEX_NOTHING,
229 KEXINIT_RCVD,
230 KEXDH_INIT_SENT,
231 KEXDONE
232 } cli_kex_state;
233
234 typedef enum {
235 STATE_NOTHING,
236 USERAUTH_REQ_SENT,
237 USERAUTH_FAIL_RCVD,
238 USERAUTH_SUCCESS_RCVD,
239 SESSION_RUNNING
240 } cli_state;
241
242 struct clientsession {
243
244 /* XXX - move these to kexstate? */
245 struct kex_dh_param *dh_param;
246 struct kex_ecdh_param *ecdh_param;
247 struct kex_curve25519_param *curve25519_param;
248 const struct dropbear_kex *param_kex_algo; /* KEX algorithm corresponding to current dh_e and dh_x */
249
250 cli_kex_state kex_state; /* Used for progressing KEX */
251 cli_state state; /* Used to progress auth/channelsession etc */
252 unsigned donefirstkex : 1; /* Set when we set sentnewkeys, never reset */
253
254 int tty_raw_mode; /* Whether we're in raw mode (and have to clean up) */
255 struct termios saved_tio;
256 int stdincopy;
257 int stdinflags;
258 int stdoutcopy;
259 int stdoutflags;
260 int stderrcopy;
261 int stderrflags;
262
263 /* for escape char handling */
264 int last_char;
265
266 int winchange; /* Set to 1 when a windowchange signal happens */
267
268 int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
269 for the last type of auth we tried */
270 #ifdef ENABLE_CLI_INTERACT_AUTH
271 int auth_interact_failed; /* flag whether interactive auth can still
272 be used */
273 int interact_request_received; /* flag whether we've received an
274 info request from the server for
275 interactive auth.*/
276
277 int cipher_none_after_auth; /* Set to 1 if the user requested "none"
278 auth */
279 #endif
280 sign_key *lastprivkey;
281
282 int retval; /* What the command exit status was - we emulate it */
283 #if 0
284 TODO
285 struct AgentkeyList *agentkeys; /* Keys to use for public-key auth */
286 #endif
287
288 };
289
290 /* Global structs storing the state */
291 extern struct sshsession ses;
292
293 #ifdef DROPBEAR_SERVER
294 extern struct serversession svr_ses;
295 #endif /* DROPBEAR_SERVER */
296
297 #ifdef DROPBEAR_CLIENT
298 extern struct clientsession cli_ses;
299 #endif /* DROPBEAR_CLIENT */
300
301 #endif /* _SESSION_H_ */