|
Packit |
6c0a39 |
/*
|
|
Packit |
6c0a39 |
* session.c - non-networking functions
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* This file is part of the SSH Library
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* Copyright (c) 2005-2013 by Aris Adamantiadis
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* The SSH Library is free software; you can redistribute it and/or modify
|
|
Packit |
6c0a39 |
* it under the terms of the GNU Lesser General Public License as published by
|
|
Packit |
6c0a39 |
* the Free Software Foundation; either version 2.1 of the License, or (at your
|
|
Packit |
6c0a39 |
* option) any later version.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* The SSH Library is distributed in the hope that it will be useful, but
|
|
Packit |
6c0a39 |
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
Packit |
6c0a39 |
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
|
Packit |
6c0a39 |
* License for more details.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
6c0a39 |
* along with the SSH Library; see the file COPYING. If not, write to
|
|
Packit |
6c0a39 |
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
|
|
Packit |
6c0a39 |
* MA 02111-1307, USA.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
#include "config.h"
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
#include <string.h>
|
|
Packit |
6c0a39 |
#include <stdlib.h>
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
#include "libssh/priv.h"
|
|
Packit |
6c0a39 |
#include "libssh/libssh.h"
|
|
Packit |
6c0a39 |
#include "libssh/crypto.h"
|
|
Packit |
6c0a39 |
#include "libssh/server.h"
|
|
Packit |
6c0a39 |
#include "libssh/socket.h"
|
|
Packit |
6c0a39 |
#include "libssh/ssh2.h"
|
|
Packit |
6c0a39 |
#include "libssh/agent.h"
|
|
Packit |
6c0a39 |
#include "libssh/packet.h"
|
|
Packit |
6c0a39 |
#include "libssh/session.h"
|
|
Packit |
6c0a39 |
#include "libssh/misc.h"
|
|
Packit |
6c0a39 |
#include "libssh/buffer.h"
|
|
Packit |
6c0a39 |
#include "libssh/poll.h"
|
|
Packit |
6c0a39 |
#include "libssh/pki.h"
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
#define FIRST_CHANNEL 42 // why not ? it helps to find bugs.
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @defgroup libssh_session The SSH session functions.
|
|
Packit |
6c0a39 |
* @ingroup libssh
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* Functions that manage a session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @{
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Create a new ssh session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @returns A new ssh_session pointer, NULL on error.
|
|
Packit |
6c0a39 |
*/
|
|
Packit Service |
fcc0d2 |
ssh_session ssh_new(void)
|
|
Packit Service |
fcc0d2 |
{
|
|
Packit Service |
fcc0d2 |
ssh_session session;
|
|
Packit Service |
fcc0d2 |
char *id = NULL;
|
|
Packit Service |
fcc0d2 |
int rc;
|
|
Packit |
6c0a39 |
|
|
Packit Service |
fcc0d2 |
session = calloc(1, sizeof (struct ssh_session_struct));
|
|
Packit Service |
fcc0d2 |
if (session == NULL) {
|
|
Packit Service |
fcc0d2 |
return NULL;
|
|
Packit Service |
fcc0d2 |
}
|
|
Packit |
6c0a39 |
|
|
Packit Service |
fcc0d2 |
session->next_crypto = crypto_new();
|
|
Packit Service |
fcc0d2 |
if (session->next_crypto == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit Service |
fcc0d2 |
}
|
|
Packit |
6c0a39 |
|
|
Packit Service |
fcc0d2 |
session->socket = ssh_socket_new(session);
|
|
Packit Service |
fcc0d2 |
if (session->socket == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit Service |
fcc0d2 |
}
|
|
Packit |
6c0a39 |
|
|
Packit Service |
fcc0d2 |
session->out_buffer = ssh_buffer_new();
|
|
Packit Service |
fcc0d2 |
if (session->out_buffer == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit Service |
fcc0d2 |
}
|
|
Packit |
6c0a39 |
|
|
Packit Service |
fcc0d2 |
session->in_buffer = ssh_buffer_new();
|
|
Packit Service |
fcc0d2 |
if (session->in_buffer == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit Service |
fcc0d2 |
}
|
|
Packit |
6c0a39 |
|
|
Packit Service |
fcc0d2 |
session->out_queue = ssh_list_new();
|
|
Packit Service |
fcc0d2 |
if (session->out_queue == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit Service |
fcc0d2 |
}
|
|
Packit |
6c0a39 |
|
|
Packit Service |
fcc0d2 |
session->alive = 0;
|
|
Packit Service |
fcc0d2 |
session->auth.supported_methods = 0;
|
|
Packit Service |
fcc0d2 |
ssh_set_blocking(session, 1);
|
|
Packit Service |
fcc0d2 |
session->maxchannel = FIRST_CHANNEL;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
#ifndef _WIN32
|
|
Packit |
6c0a39 |
session->agent = ssh_agent_new(session);
|
|
Packit |
6c0a39 |
if (session->agent == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
#endif /* _WIN32 */
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/* OPTIONS */
|
|
Packit |
6c0a39 |
session->opts.StrictHostKeyChecking = 1;
|
|
Packit |
6c0a39 |
session->opts.port = 0;
|
|
Packit |
6c0a39 |
session->opts.fd = -1;
|
|
Packit Service |
fcc0d2 |
session->opts.compressionlevel = 7;
|
|
Packit |
6c0a39 |
session->opts.nodelay = 0;
|
|
Packit Service |
fcc0d2 |
|
|
Packit Service |
fcc0d2 |
session->opts.flags = SSH_OPT_FLAG_PASSWORD_AUTH |
|
|
Packit Service |
fcc0d2 |
SSH_OPT_FLAG_PUBKEY_AUTH |
|
|
Packit Service |
fcc0d2 |
SSH_OPT_FLAG_KBDINT_AUTH |
|
|
Packit Service |
fcc0d2 |
SSH_OPT_FLAG_GSSAPI_AUTH;
|
|
Packit Service |
fcc0d2 |
|
|
Packit |
6c0a39 |
session->opts.identity = ssh_list_new();
|
|
Packit |
6c0a39 |
if (session->opts.identity == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
id = strdup("%d/id_ed25519");
|
|
Packit |
6c0a39 |
if (id == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit |
6c0a39 |
}
|
|
Packit Service |
fcc0d2 |
|
|
Packit |
6c0a39 |
rc = ssh_list_append(session->opts.identity, id);
|
|
Packit |
6c0a39 |
if (rc == SSH_ERROR) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
#ifdef HAVE_ECC
|
|
Packit |
6c0a39 |
id = strdup("%d/id_ecdsa");
|
|
Packit |
6c0a39 |
if (id == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
rc = ssh_list_append(session->opts.identity, id);
|
|
Packit |
6c0a39 |
if (rc == SSH_ERROR) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
#endif
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
id = strdup("%d/id_rsa");
|
|
Packit |
6c0a39 |
if (id == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
rc = ssh_list_append(session->opts.identity, id);
|
|
Packit |
6c0a39 |
if (rc == SSH_ERROR) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
#ifdef HAVE_DSA
|
|
Packit |
6c0a39 |
id = strdup("%d/id_dsa");
|
|
Packit |
6c0a39 |
if (id == NULL) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
rc = ssh_list_append(session->opts.identity, id);
|
|
Packit |
6c0a39 |
if (rc == SSH_ERROR) {
|
|
Packit Service |
fcc0d2 |
goto err;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
#endif
|
|
Packit |
6c0a39 |
|
|
Packit Service |
fcc0d2 |
/* Explicitly initialize states */
|
|
Packit Service |
fcc0d2 |
session->session_state = SSH_SESSION_STATE_NONE;
|
|
Packit Service |
fcc0d2 |
session->pending_call_state = SSH_PENDING_CALL_NONE;
|
|
Packit Service |
fcc0d2 |
session->packet_state = PACKET_STATE_INIT;
|
|
Packit Service |
fcc0d2 |
session->dh_handshake_state = DH_STATE_INIT;
|
|
Packit Service |
fcc0d2 |
session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
|
|
Packit Service |
fcc0d2 |
|
|
Packit Service |
fcc0d2 |
session->auth.state = SSH_AUTH_STATE_NONE;
|
|
Packit Service |
fcc0d2 |
session->auth.service_state = SSH_AUTH_SERVICE_NONE;
|
|
Packit Service |
fcc0d2 |
|
|
Packit |
6c0a39 |
return session;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
err:
|
|
Packit |
6c0a39 |
free(id);
|
|
Packit |
6c0a39 |
ssh_free(session);
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Deallocate a SSH session handle.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session to free.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @see ssh_disconnect()
|
|
Packit |
6c0a39 |
* @see ssh_new()
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
void ssh_free(ssh_session session)
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
int i;
|
|
Packit |
6c0a39 |
struct ssh_iterator *it = NULL;
|
|
Packit |
6c0a39 |
struct ssh_buffer_struct *b = NULL;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/*
|
|
Packit |
6c0a39 |
* Delete all channels
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* This needs the first thing we clean up cause if there is still an open
|
|
Packit |
6c0a39 |
* channel we call ssh_channel_close() first. So we need a working socket
|
|
Packit |
6c0a39 |
* and poll context for it.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
for (it = ssh_list_get_iterator(session->channels);
|
|
Packit |
6c0a39 |
it != NULL;
|
|
Packit |
6c0a39 |
it = ssh_list_get_iterator(session->channels)) {
|
|
Packit |
6c0a39 |
ssh_channel_do_free(ssh_iterator_value(ssh_channel,it));
|
|
Packit |
6c0a39 |
ssh_list_remove(session->channels, it);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
ssh_list_free(session->channels);
|
|
Packit |
6c0a39 |
session->channels = NULL;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
#ifdef WITH_PCAP
|
|
Packit |
6c0a39 |
if (session->pcap_ctx) {
|
|
Packit |
6c0a39 |
ssh_pcap_context_free(session->pcap_ctx);
|
|
Packit |
6c0a39 |
session->pcap_ctx = NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
#endif
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
ssh_socket_free(session->socket);
|
|
Packit |
6c0a39 |
session->socket = NULL;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session->default_poll_ctx) {
|
|
Packit |
6c0a39 |
ssh_poll_ctx_free(session->default_poll_ctx);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit Service |
fcc0d2 |
SSH_BUFFER_FREE(session->in_buffer);
|
|
Packit Service |
fcc0d2 |
SSH_BUFFER_FREE(session->out_buffer);
|
|
Packit |
6c0a39 |
session->in_buffer = session->out_buffer = NULL;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session->in_hashbuf != NULL) {
|
|
Packit Service |
fcc0d2 |
SSH_BUFFER_FREE(session->in_hashbuf);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
if (session->out_hashbuf != NULL) {
|
|
Packit Service |
fcc0d2 |
SSH_BUFFER_FREE(session->out_hashbuf);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
crypto_free(session->current_crypto);
|
|
Packit |
6c0a39 |
crypto_free(session->next_crypto);
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
#ifndef _WIN32
|
|
Packit |
6c0a39 |
ssh_agent_free(session->agent);
|
|
Packit |
6c0a39 |
#endif /* _WIN32 */
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
ssh_key_free(session->srv.dsa_key);
|
|
Packit |
6c0a39 |
session->srv.dsa_key = NULL;
|
|
Packit |
6c0a39 |
ssh_key_free(session->srv.rsa_key);
|
|
Packit |
6c0a39 |
session->srv.rsa_key = NULL;
|
|
Packit |
6c0a39 |
ssh_key_free(session->srv.ecdsa_key);
|
|
Packit |
6c0a39 |
session->srv.ecdsa_key = NULL;
|
|
Packit |
6c0a39 |
ssh_key_free(session->srv.ed25519_key);
|
|
Packit |
6c0a39 |
session->srv.ed25519_key = NULL;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session->ssh_message_list) {
|
|
Packit |
6c0a39 |
ssh_message msg;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
for (msg = ssh_list_pop_head(ssh_message, session->ssh_message_list);
|
|
Packit |
6c0a39 |
msg != NULL;
|
|
Packit |
6c0a39 |
msg = ssh_list_pop_head(ssh_message, session->ssh_message_list)) {
|
|
Packit |
6c0a39 |
ssh_message_free(msg);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
ssh_list_free(session->ssh_message_list);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session->kbdint != NULL) {
|
|
Packit |
6c0a39 |
ssh_kbdint_free(session->kbdint);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session->packet_callbacks) {
|
|
Packit |
6c0a39 |
ssh_list_free(session->packet_callbacks);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/* options */
|
|
Packit |
6c0a39 |
if (session->opts.identity) {
|
|
Packit |
6c0a39 |
char *id;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
for (id = ssh_list_pop_head(char *, session->opts.identity);
|
|
Packit |
6c0a39 |
id != NULL;
|
|
Packit |
6c0a39 |
id = ssh_list_pop_head(char *, session->opts.identity)) {
|
|
Packit |
6c0a39 |
SAFE_FREE(id);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
ssh_list_free(session->opts.identity);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
while ((b = ssh_list_pop_head(struct ssh_buffer_struct *,
|
|
Packit |
6c0a39 |
session->out_queue)) != NULL) {
|
|
Packit Service |
fcc0d2 |
SSH_BUFFER_FREE(b);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
ssh_list_free(session->out_queue);
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
#ifndef _WIN32
|
|
Packit |
6c0a39 |
ssh_agent_state_free (session->agent_state);
|
|
Packit |
6c0a39 |
#endif
|
|
Packit |
6c0a39 |
session->agent_state = NULL;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
SAFE_FREE(session->auth.auto_state);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->serverbanner);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->clientbanner);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->banner);
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.bindaddr);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.custombanner);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.username);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.host);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.sshdir);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.knownhosts);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.global_knownhosts);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.ProxyCommand);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.gss_server_identity);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.gss_client_identity);
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.pubkey_accepted_types);
|
|
Packit |
6c0a39 |
|
|
Packit Service |
fcc0d2 |
for (i = 0; i < SSH_KEX_METHODS; i++) {
|
|
Packit |
6c0a39 |
if (session->opts.wanted_methods[i]) {
|
|
Packit |
6c0a39 |
SAFE_FREE(session->opts.wanted_methods[i]);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/* burn connection, it could contain sensitive data */
|
|
Packit |
6c0a39 |
explicit_bzero(session, sizeof(struct ssh_session_struct));
|
|
Packit |
6c0a39 |
SAFE_FREE(session);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief get the client banner
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return Returns the client banner string or NULL.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
const char* ssh_get_clientbanner(ssh_session session) {
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return session->clientbanner;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief get the server banner
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return Returns the server banner string or NULL.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
const char* ssh_get_serverbanner(ssh_session session) {
|
|
Packit |
6c0a39 |
if(!session) {
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
return session->serverbanner;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief get the name of the current key exchange algorithm.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return Returns the key exchange algorithm string or NULL.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
const char* ssh_get_kex_algo(ssh_session session) {
|
|
Packit |
6c0a39 |
if ((session == NULL) ||
|
|
Packit |
6c0a39 |
(session->current_crypto == NULL)) {
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
switch (session->current_crypto->kex_type) {
|
|
Packit |
6c0a39 |
case SSH_KEX_DH_GROUP1_SHA1:
|
|
Packit |
6c0a39 |
return "diffie-hellman-group1-sha1";
|
|
Packit |
6c0a39 |
case SSH_KEX_DH_GROUP14_SHA1:
|
|
Packit |
6c0a39 |
return "diffie-hellman-group14-sha1";
|
|
Packit Service |
fcc0d2 |
case SSH_KEX_DH_GROUP14_SHA256:
|
|
Packit Service |
fcc0d2 |
return "diffie-hellman-group14-sha256";
|
|
Packit |
6c0a39 |
case SSH_KEX_DH_GROUP16_SHA512:
|
|
Packit |
6c0a39 |
return "diffie-hellman-group16-sha512";
|
|
Packit |
6c0a39 |
case SSH_KEX_DH_GROUP18_SHA512:
|
|
Packit |
6c0a39 |
return "diffie-hellman-group18-sha512";
|
|
Packit |
6c0a39 |
case SSH_KEX_ECDH_SHA2_NISTP256:
|
|
Packit |
6c0a39 |
return "ecdh-sha2-nistp256";
|
|
Packit |
6c0a39 |
case SSH_KEX_ECDH_SHA2_NISTP384:
|
|
Packit |
6c0a39 |
return "ecdh-sha2-nistp384";
|
|
Packit |
6c0a39 |
case SSH_KEX_ECDH_SHA2_NISTP521:
|
|
Packit |
6c0a39 |
return "ecdh-sha2-nistp521";
|
|
Packit |
6c0a39 |
case SSH_KEX_CURVE25519_SHA256:
|
|
Packit |
6c0a39 |
return "curve25519-sha256";
|
|
Packit |
6c0a39 |
case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
|
|
Packit |
6c0a39 |
return "curve25519-sha256@libssh.org";
|
|
Packit |
6c0a39 |
default:
|
|
Packit |
6c0a39 |
break;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief get the name of the input cipher for the given session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return Returns cipher name or NULL.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
const char* ssh_get_cipher_in(ssh_session session) {
|
|
Packit |
6c0a39 |
if ((session != NULL) &&
|
|
Packit |
6c0a39 |
(session->current_crypto != NULL) &&
|
|
Packit |
6c0a39 |
(session->current_crypto->in_cipher != NULL)) {
|
|
Packit |
6c0a39 |
return session->current_crypto->in_cipher->name;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief get the name of the output cipher for the given session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return Returns cipher name or NULL.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
const char* ssh_get_cipher_out(ssh_session session) {
|
|
Packit |
6c0a39 |
if ((session != NULL) &&
|
|
Packit |
6c0a39 |
(session->current_crypto != NULL) &&
|
|
Packit |
6c0a39 |
(session->current_crypto->out_cipher != NULL)) {
|
|
Packit |
6c0a39 |
return session->current_crypto->out_cipher->name;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief get the name of the input HMAC algorithm for the given session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return Returns HMAC algorithm name or NULL if unknown.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
const char* ssh_get_hmac_in(ssh_session session) {
|
|
Packit |
6c0a39 |
if ((session != NULL) &&
|
|
Packit |
6c0a39 |
(session->current_crypto != NULL)) {
|
|
Packit |
6c0a39 |
return ssh_hmac_type_to_string(session->current_crypto->in_hmac, session->current_crypto->in_hmac_etm);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief get the name of the output HMAC algorithm for the given session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return Returns HMAC algorithm name or NULL if unknown.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
const char* ssh_get_hmac_out(ssh_session session) {
|
|
Packit |
6c0a39 |
if ((session != NULL) &&
|
|
Packit |
6c0a39 |
(session->current_crypto != NULL)) {
|
|
Packit |
6c0a39 |
return ssh_hmac_type_to_string(session->current_crypto->out_hmac, session->current_crypto->out_hmac_etm);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Disconnect impolitely from a remote host by closing the socket.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* Suitable if you forked and want to destroy this session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session to disconnect.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
void ssh_silent_disconnect(ssh_session session) {
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
ssh_socket_close(session->socket);
|
|
Packit |
6c0a39 |
session->alive = 0;
|
|
Packit |
6c0a39 |
ssh_disconnect(session);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Set the session in blocking/nonblocking mode.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The ssh session to change.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] blocking Zero for nonblocking mode.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
void ssh_set_blocking(ssh_session session, int blocking)
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
session->flags &= ~SSH_SESSION_FLAG_BLOCKING;
|
|
Packit |
6c0a39 |
session->flags |= blocking ? SSH_SESSION_FLAG_BLOCKING : 0;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Return the blocking mode of libssh
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session
|
|
Packit |
6c0a39 |
* @returns 0 if the session is nonblocking,
|
|
Packit |
6c0a39 |
* @returns 1 if the functions may block.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_is_blocking(ssh_session session)
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
return (session->flags & SSH_SESSION_FLAG_BLOCKING) ? 1 : 0;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/* Waits until the output socket is empty */
|
|
Packit |
6c0a39 |
static int ssh_flush_termination(void *c){
|
|
Packit |
6c0a39 |
ssh_session session = c;
|
|
Packit |
6c0a39 |
if (ssh_socket_buffered_write_bytes(session->socket) == 0 ||
|
|
Packit |
6c0a39 |
session->session_state == SSH_SESSION_STATE_ERROR)
|
|
Packit |
6c0a39 |
return 1;
|
|
Packit |
6c0a39 |
else
|
|
Packit |
6c0a39 |
return 0;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Blocking flush of the outgoing buffer
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session
|
|
Packit |
6c0a39 |
* @param[in] timeout Set an upper limit on the time for which this function
|
|
Packit |
6c0a39 |
* will block, in milliseconds. Specifying -1
|
|
Packit |
6c0a39 |
* means an infinite timeout. This parameter is passed to
|
|
Packit |
6c0a39 |
* the poll() function.
|
|
Packit |
6c0a39 |
* @returns SSH_OK on success, SSH_AGAIN if timeout occurred,
|
|
Packit |
6c0a39 |
* SSH_ERROR otherwise.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
int ssh_blocking_flush(ssh_session session, int timeout){
|
|
Packit |
6c0a39 |
int rc;
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
rc = ssh_handle_packets_termination(session, timeout,
|
|
Packit |
6c0a39 |
ssh_flush_termination, session);
|
|
Packit |
6c0a39 |
if (rc == SSH_ERROR) {
|
|
Packit |
6c0a39 |
return rc;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
if (!ssh_flush_termination(session)) {
|
|
Packit |
6c0a39 |
rc = SSH_AGAIN;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return rc;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Check if we are connected.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The session to check if it is connected.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return 1 if we are connected, 0 if not.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_is_connected(ssh_session session) {
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return 0;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return session->alive;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Get the fd of a connection.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* In case you'd need the file descriptor of the connection to the server/client.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The ssh session to use.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return The file descriptor of the connection, or -1 if it is
|
|
Packit |
6c0a39 |
* not connected
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
socket_t ssh_get_fd(ssh_session session) {
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return -1;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return ssh_socket_get_fd(session->socket);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Tell the session it has data to read on the file descriptor without
|
|
Packit |
6c0a39 |
* blocking.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The ssh session to use.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
void ssh_set_fd_toread(ssh_session session) {
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
ssh_socket_set_read_wontblock(session->socket);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Tell the session it may write to the file descriptor without blocking.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The ssh session to use.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
void ssh_set_fd_towrite(ssh_session session) {
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
ssh_socket_set_write_wontblock(session->socket);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Tell the session it has an exception to catch on the file descriptor.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* \param[in] session The ssh session to use.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
void ssh_set_fd_except(ssh_session session) {
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
ssh_socket_set_except(session->socket);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @internal
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @brief Poll the current session for an event and call the appropriate
|
|
Packit |
6c0a39 |
* callbacks. This function will not loop until the timeout is expired.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* This will block until one event happens.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The session handle to use.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] timeout Set an upper limit on the time for which this function
|
|
Packit |
6c0a39 |
* will block, in milliseconds. Specifying SSH_TIMEOUT_INFINITE
|
|
Packit |
6c0a39 |
* (-1) means an infinite timeout.
|
|
Packit |
6c0a39 |
* Specifying SSH_TIMEOUT_USER means to use the timeout
|
|
Packit |
6c0a39 |
* specified in options. 0 means poll will return immediately.
|
|
Packit |
6c0a39 |
* This parameter is passed to the poll() function.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return SSH_OK on success, SSH_ERROR otherwise.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_handle_packets(ssh_session session, int timeout) {
|
|
Packit |
6c0a39 |
ssh_poll_handle spoll;
|
|
Packit |
6c0a39 |
ssh_poll_ctx ctx;
|
|
Packit |
6c0a39 |
int tm = timeout;
|
|
Packit |
6c0a39 |
int rc;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session == NULL || session->socket == NULL) {
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
spoll = ssh_socket_get_poll_handle(session->socket);
|
|
Packit |
6c0a39 |
ssh_poll_add_events(spoll, POLLIN);
|
|
Packit |
6c0a39 |
ctx = ssh_poll_get_ctx(spoll);
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (!ctx) {
|
|
Packit |
6c0a39 |
ctx = ssh_poll_get_default_ctx(session);
|
|
Packit |
6c0a39 |
ssh_poll_ctx_add(ctx, spoll);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (timeout == SSH_TIMEOUT_USER) {
|
|
Packit |
6c0a39 |
if (ssh_is_blocking(session))
|
|
Packit |
6c0a39 |
tm = ssh_make_milliseconds(session->opts.timeout,
|
|
Packit |
6c0a39 |
session->opts.timeout_usec);
|
|
Packit |
6c0a39 |
else
|
|
Packit |
6c0a39 |
tm = 0;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
rc = ssh_poll_ctx_dopoll(ctx, tm);
|
|
Packit |
6c0a39 |
if (rc == SSH_ERROR) {
|
|
Packit |
6c0a39 |
session->session_state = SSH_SESSION_STATE_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return rc;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @internal
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @brief Poll the current session for an event and call the appropriate
|
|
Packit |
6c0a39 |
* callbacks.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* This will block until termination function returns true, or timeout expired.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The session handle to use.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] timeout Set an upper limit on the time for which this function
|
|
Packit |
6c0a39 |
* will block, in milliseconds. Specifying
|
|
Packit |
6c0a39 |
* SSH_TIMEOUT_INFINITE (-1) means an infinite timeout.
|
|
Packit |
6c0a39 |
* Specifying SSH_TIMEOUT_USER means to use the timeout
|
|
Packit |
6c0a39 |
* specified in options. 0 means poll will return
|
|
Packit |
6c0a39 |
* immediately.
|
|
Packit |
6c0a39 |
* SSH_TIMEOUT_DEFAULT uses the session timeout if set or
|
|
Packit |
6c0a39 |
* uses blocking parameters of the session.
|
|
Packit |
6c0a39 |
* This parameter is passed to the poll() function.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] fct Termination function to be used to determine if it is
|
|
Packit |
6c0a39 |
* possible to stop polling.
|
|
Packit |
6c0a39 |
* @param[in] user User parameter to be passed to fct termination function.
|
|
Packit |
6c0a39 |
* @return SSH_OK on success, SSH_ERROR otherwise.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_handle_packets_termination(ssh_session session,
|
|
Packit |
6c0a39 |
long timeout,
|
|
Packit |
6c0a39 |
ssh_termination_function fct,
|
|
Packit |
6c0a39 |
void *user)
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
struct ssh_timestamp ts;
|
|
Packit |
6c0a39 |
long timeout_ms = SSH_TIMEOUT_INFINITE;
|
|
Packit |
6c0a39 |
long tm;
|
|
Packit |
6c0a39 |
int ret = SSH_OK;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/* If a timeout has been provided, use it */
|
|
Packit |
6c0a39 |
if (timeout >= 0) {
|
|
Packit |
6c0a39 |
timeout_ms = timeout;
|
|
Packit |
6c0a39 |
} else {
|
|
Packit |
6c0a39 |
if (ssh_is_blocking(session)) {
|
|
Packit |
6c0a39 |
if (timeout == SSH_TIMEOUT_USER || timeout == SSH_TIMEOUT_DEFAULT) {
|
|
Packit |
6c0a39 |
if (session->opts.timeout > 0 ||
|
|
Packit |
6c0a39 |
session->opts.timeout_usec > 0) {
|
|
Packit |
6c0a39 |
timeout_ms =
|
|
Packit |
6c0a39 |
ssh_make_milliseconds(session->opts.timeout,
|
|
Packit |
6c0a39 |
session->opts.timeout_usec);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
} else {
|
|
Packit |
6c0a39 |
timeout_ms = SSH_TIMEOUT_NONBLOCKING;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/* avoid unnecessary syscall for the SSH_TIMEOUT_NONBLOCKING case */
|
|
Packit |
6c0a39 |
if (timeout_ms != SSH_TIMEOUT_NONBLOCKING) {
|
|
Packit |
6c0a39 |
ssh_timestamp_init(&ts);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
tm = timeout_ms;
|
|
Packit |
6c0a39 |
while(!fct(user)) {
|
|
Packit |
6c0a39 |
ret = ssh_handle_packets(session, tm);
|
|
Packit |
6c0a39 |
if (ret == SSH_ERROR) {
|
|
Packit |
6c0a39 |
break;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
if (ssh_timeout_elapsed(&ts, timeout_ms)) {
|
|
Packit |
6c0a39 |
ret = fct(user) ? SSH_OK : SSH_AGAIN;
|
|
Packit |
6c0a39 |
break;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
tm = ssh_timeout_update(&ts, timeout_ms);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return ret;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Get session status
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param session The ssh session to use.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @returns A bitmask including SSH_CLOSED, SSH_READ_PENDING, SSH_WRITE_PENDING
|
|
Packit |
6c0a39 |
* or SSH_CLOSED_ERROR which respectively means the session is closed,
|
|
Packit |
6c0a39 |
* has data to read on the connection socket and session was closed
|
|
Packit |
6c0a39 |
* due to an error.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_get_status(ssh_session session) {
|
|
Packit |
6c0a39 |
int socketstate;
|
|
Packit |
6c0a39 |
int r = 0;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return 0;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
socketstate = ssh_socket_get_status(session->socket);
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session->session_state == SSH_SESSION_STATE_DISCONNECTED) {
|
|
Packit |
6c0a39 |
r |= SSH_CLOSED;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
if (socketstate & SSH_READ_PENDING) {
|
|
Packit |
6c0a39 |
r |= SSH_READ_PENDING;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
if (socketstate & SSH_WRITE_PENDING) {
|
|
Packit |
6c0a39 |
r |= SSH_WRITE_PENDING;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
if ((session->session_state == SSH_SESSION_STATE_DISCONNECTED &&
|
|
Packit |
6c0a39 |
(socketstate & SSH_CLOSED_ERROR)) ||
|
|
Packit |
6c0a39 |
session->session_state == SSH_SESSION_STATE_ERROR) {
|
|
Packit |
6c0a39 |
r |= SSH_CLOSED_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return r;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Get poll flags for an external mainloop
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param session The ssh session to use.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @returns A bitmask including SSH_READ_PENDING or SSH_WRITE_PENDING.
|
|
Packit |
6c0a39 |
* For SSH_READ_PENDING, your invocation of poll() should include
|
|
Packit |
6c0a39 |
* POLLIN. For SSH_WRITE_PENDING, your invocation of poll() should
|
|
Packit |
6c0a39 |
* include POLLOUT.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_get_poll_flags(ssh_session session)
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return 0;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return ssh_socket_get_poll_flags (session->socket);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Get the disconnect message from the server.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The ssh session to use.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return The message sent by the server along with the
|
|
Packit |
6c0a39 |
* disconnect, or NULL in which case the reason of the
|
|
Packit |
6c0a39 |
* disconnect may be found with ssh_get_error.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @see ssh_get_error()
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
const char *ssh_get_disconnect_message(ssh_session session) {
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session->session_state != SSH_SESSION_STATE_DISCONNECTED) {
|
|
Packit |
6c0a39 |
ssh_set_error(session, SSH_REQUEST_DENIED,
|
|
Packit |
6c0a39 |
"Connection not closed yet");
|
|
Packit |
6c0a39 |
} else if(!session->discon_msg) {
|
|
Packit |
6c0a39 |
ssh_set_error(session, SSH_FATAL,
|
|
Packit |
6c0a39 |
"Connection correctly closed but no disconnect message");
|
|
Packit |
6c0a39 |
} else {
|
|
Packit |
6c0a39 |
return session->discon_msg;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return NULL;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Get the protocol version of the session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param session The ssh session to use.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return The SSH version as integer, < 0 on error.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_get_version(ssh_session session) {
|
|
Packit |
6c0a39 |
if (session == NULL) {
|
|
Packit |
6c0a39 |
return -1;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return 2;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @internal
|
|
Packit |
6c0a39 |
* @brief Callback to be called when the socket received an exception code.
|
|
Packit |
6c0a39 |
* @param user is a pointer to session
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
void ssh_socket_exception_callback(int code, int errno_code, void *user){
|
|
Packit |
6c0a39 |
ssh_session session=(ssh_session)user;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
SSH_LOG(SSH_LOG_RARE,"Socket exception callback: %d (%d)",code, errno_code);
|
|
Packit |
6c0a39 |
session->session_state = SSH_SESSION_STATE_ERROR;
|
|
Packit |
6c0a39 |
if (errno_code == 0 && code == SSH_SOCKET_EXCEPTION_EOF) {
|
|
Packit |
6c0a39 |
ssh_set_error(session, SSH_FATAL, "Socket error: disconnected");
|
|
Packit |
6c0a39 |
} else {
|
|
Packit |
6c0a39 |
ssh_set_error(session, SSH_FATAL, "Socket error: %s", strerror(errno_code));
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
session->ssh_connection_callback(session);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Send a message that should be ignored
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session
|
|
Packit |
6c0a39 |
* @param[in] data Data to be sent
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return SSH_OK on success, SSH_ERROR otherwise.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_send_ignore (ssh_session session, const char *data) {
|
|
Packit |
6c0a39 |
const int type = SSH2_MSG_IGNORE;
|
|
Packit |
6c0a39 |
int rc;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (ssh_socket_is_open(session->socket)) {
|
|
Packit |
6c0a39 |
rc = ssh_buffer_pack(session->out_buffer,
|
|
Packit |
6c0a39 |
"bs",
|
|
Packit |
6c0a39 |
type,
|
|
Packit |
6c0a39 |
data);
|
|
Packit |
6c0a39 |
if (rc != SSH_OK){
|
|
Packit |
6c0a39 |
ssh_set_error_oom(session);
|
|
Packit |
6c0a39 |
goto error;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
ssh_packet_send(session);
|
|
Packit |
6c0a39 |
ssh_handle_packets(session, 0);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return SSH_OK;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
error:
|
|
Packit |
6c0a39 |
ssh_buffer_reinit(session->out_buffer);
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Send a debug message
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session
|
|
Packit |
6c0a39 |
* @param[in] message Data to be sent
|
|
Packit |
6c0a39 |
* @param[in] always_display Message SHOULD be displayed by the server. It
|
|
Packit |
6c0a39 |
* SHOULD NOT be displayed unless debugging
|
|
Packit |
6c0a39 |
* information has been explicitly requested.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return SSH_OK on success, SSH_ERROR otherwise.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_send_debug (ssh_session session, const char *message, int always_display) {
|
|
Packit |
6c0a39 |
int rc;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (ssh_socket_is_open(session->socket)) {
|
|
Packit |
6c0a39 |
rc = ssh_buffer_pack(session->out_buffer,
|
|
Packit |
6c0a39 |
"bbsd",
|
|
Packit |
6c0a39 |
SSH2_MSG_DEBUG,
|
|
Packit |
6c0a39 |
always_display != 0 ? 1 : 0,
|
|
Packit |
6c0a39 |
message,
|
|
Packit |
6c0a39 |
0); /* empty language tag */
|
|
Packit |
6c0a39 |
if (rc != SSH_OK) {
|
|
Packit |
6c0a39 |
ssh_set_error_oom(session);
|
|
Packit |
6c0a39 |
goto error;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
ssh_packet_send(session);
|
|
Packit |
6c0a39 |
ssh_handle_packets(session, 0);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return SSH_OK;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
error:
|
|
Packit |
6c0a39 |
ssh_buffer_reinit(session->out_buffer);
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Set the session data counters.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* This functions sets the counter structures to be used to calculate data
|
|
Packit |
6c0a39 |
* which comes in and goes out through the session at different levels.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @code
|
|
Packit |
6c0a39 |
* struct ssh_counter_struct scounter = {
|
|
Packit |
6c0a39 |
* .in_bytes = 0,
|
|
Packit |
6c0a39 |
* .out_bytes = 0,
|
|
Packit |
6c0a39 |
* .in_packets = 0,
|
|
Packit |
6c0a39 |
* .out_packets = 0
|
|
Packit |
6c0a39 |
* };
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* struct ssh_counter_struct rcounter = {
|
|
Packit |
6c0a39 |
* .in_bytes = 0,
|
|
Packit |
6c0a39 |
* .out_bytes = 0,
|
|
Packit |
6c0a39 |
* .in_packets = 0,
|
|
Packit |
6c0a39 |
* .out_packets = 0
|
|
Packit |
6c0a39 |
* };
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* ssh_set_counters(session, &scounter, &rcounter);
|
|
Packit |
6c0a39 |
* @endcode
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The SSH session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] scounter Counter for byte data handled by the session sockets.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] rcounter Counter for byte and packet data handled by the session,
|
|
Packit |
6c0a39 |
* prior compression and SSH overhead.
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
void ssh_set_counters(ssh_session session, ssh_counter scounter,
|
|
Packit |
6c0a39 |
ssh_counter rcounter) {
|
|
Packit |
6c0a39 |
if (session != NULL) {
|
|
Packit |
6c0a39 |
session->socket_counter = scounter;
|
|
Packit |
6c0a39 |
session->raw_counter = rcounter;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @deprecated Use ssh_get_publickey_hash()
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_get_pubkey_hash(ssh_session session, unsigned char **hash)
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
ssh_key pubkey = NULL;
|
|
Packit |
6c0a39 |
ssh_string pubkey_blob = NULL;
|
|
Packit |
6c0a39 |
MD5CTX ctx;
|
|
Packit |
6c0a39 |
unsigned char *h;
|
|
Packit |
6c0a39 |
int rc;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session == NULL || hash == NULL) {
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/* In FIPS mode, we cannot use MD5 */
|
|
Packit |
6c0a39 |
if (ssh_fips_mode()) {
|
|
Packit |
6c0a39 |
ssh_set_error(session,
|
|
Packit |
6c0a39 |
SSH_FATAL,
|
|
Packit |
6c0a39 |
"In FIPS mode MD5 is not allowed."
|
|
Packit |
6c0a39 |
"Try ssh_get_publickey_hash() with"
|
|
Packit |
6c0a39 |
"SSH_PUBLICKEY_HASH_SHA256");
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
*hash = NULL;
|
|
Packit |
6c0a39 |
if (session->current_crypto == NULL ||
|
|
Packit |
6c0a39 |
session->current_crypto->server_pubkey == NULL) {
|
|
Packit |
6c0a39 |
ssh_set_error(session,SSH_FATAL,"No current cryptographic context");
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
h = calloc(MD5_DIGEST_LEN, sizeof(unsigned char));
|
|
Packit |
6c0a39 |
if (h == NULL) {
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
ctx = md5_init();
|
|
Packit |
6c0a39 |
if (ctx == NULL) {
|
|
Packit |
6c0a39 |
SAFE_FREE(h);
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
rc = ssh_get_server_publickey(session, &pubkey);
|
|
Packit |
6c0a39 |
if (rc != SSH_OK) {
|
|
Packit |
6c0a39 |
md5_final(h, ctx);
|
|
Packit |
6c0a39 |
SAFE_FREE(h);
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
rc = ssh_pki_export_pubkey_blob(pubkey, &pubkey_blob);
|
|
Packit |
6c0a39 |
ssh_key_free(pubkey);
|
|
Packit |
6c0a39 |
if (rc != SSH_OK) {
|
|
Packit |
6c0a39 |
md5_final(h, ctx);
|
|
Packit |
6c0a39 |
SAFE_FREE(h);
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
md5_update(ctx, ssh_string_data(pubkey_blob), ssh_string_len(pubkey_blob));
|
|
Packit Service |
fcc0d2 |
SSH_STRING_FREE(pubkey_blob);
|
|
Packit |
6c0a39 |
md5_final(h, ctx);
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
*hash = h;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
return MD5_DIGEST_LEN;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Deallocate the hash obtained by ssh_get_pubkey_hash.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* This is required under Microsoft platform as this library might use a
|
|
Packit |
6c0a39 |
* different C library than your software, hence a different heap.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] hash The buffer to deallocate.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @see ssh_get_pubkey_hash()
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
void ssh_clean_pubkey_hash(unsigned char **hash) {
|
|
Packit |
6c0a39 |
SAFE_FREE(*hash);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Get the server public key from a session.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] session The session to get the key from.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[out] key A pointer to store the allocated key. You need to free
|
|
Packit |
6c0a39 |
* the key.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return SSH_OK on success, SSH_ERROR on errror.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @see ssh_key_free()
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_get_server_publickey(ssh_session session, ssh_key *key)
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
ssh_key pubkey = NULL;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
if (session == NULL ||
|
|
Packit |
6c0a39 |
session->current_crypto == NULL ||
|
|
Packit |
6c0a39 |
session->current_crypto->server_pubkey == NULL) {
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
pubkey = ssh_key_dup(session->current_crypto->server_pubkey);
|
|
Packit |
6c0a39 |
if (pubkey == NULL) {
|
|
Packit |
6c0a39 |
return SSH_ERROR;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
*key = pubkey;
|
|
Packit |
6c0a39 |
return SSH_OK;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @deprecated Use ssh_get_server_publickey()
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_get_publickey(ssh_session session, ssh_key *key)
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
return ssh_get_server_publickey(session, key);
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/**
|
|
Packit |
6c0a39 |
* @brief Allocates a buffer with the hash of the public key.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* This function allows you to get a hash of the public key. You can then
|
|
Packit |
6c0a39 |
* print this hash in a human-readable form to the user so that he is able to
|
|
Packit |
6c0a39 |
* verify it. Use ssh_get_hexa() or ssh_print_hash() to display it.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] key The public key to create the hash for.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] type The type of the hash you want.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] hash A pointer to store the allocated buffer. It can be
|
|
Packit |
6c0a39 |
* freed using ssh_clean_pubkey_hash().
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @param[in] hlen The length of the hash.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @return 0 on success, -1 if an error occured.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @warning It is very important that you verify at some moment that the hash
|
|
Packit |
6c0a39 |
* matches a known server. If you don't do it, cryptography wont help
|
|
Packit |
6c0a39 |
* you at making things secure.
|
|
Packit |
6c0a39 |
* OpenSSH uses SHA256 to print public key digests.
|
|
Packit |
6c0a39 |
*
|
|
Packit |
6c0a39 |
* @see ssh_session_update_known_hosts()
|
|
Packit |
6c0a39 |
* @see ssh_get_hexa()
|
|
Packit |
6c0a39 |
* @see ssh_print_hash()
|
|
Packit |
6c0a39 |
* @see ssh_clean_pubkey_hash()
|
|
Packit |
6c0a39 |
*/
|
|
Packit |
6c0a39 |
int ssh_get_publickey_hash(const ssh_key key,
|
|
Packit |
6c0a39 |
enum ssh_publickey_hash_type type,
|
|
Packit |
6c0a39 |
unsigned char **hash,
|
|
Packit |
6c0a39 |
size_t *hlen)
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
ssh_string blob;
|
|
Packit |
6c0a39 |
unsigned char *h;
|
|
Packit |
6c0a39 |
int rc;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
rc = ssh_pki_export_pubkey_blob(key, &blob;;
|
|
Packit |
6c0a39 |
if (rc < 0) {
|
|
Packit |
6c0a39 |
return rc;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
switch (type) {
|
|
Packit |
6c0a39 |
case SSH_PUBLICKEY_HASH_SHA1:
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
SHACTX ctx;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
h = calloc(1, SHA_DIGEST_LEN);
|
|
Packit |
6c0a39 |
if (h == NULL) {
|
|
Packit |
6c0a39 |
rc = -1;
|
|
Packit |
6c0a39 |
goto out;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
ctx = sha1_init();
|
|
Packit |
6c0a39 |
if (ctx == NULL) {
|
|
Packit |
6c0a39 |
free(h);
|
|
Packit |
6c0a39 |
rc = -1;
|
|
Packit |
6c0a39 |
goto out;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
sha1_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
|
|
Packit |
6c0a39 |
sha1_final(h, ctx);
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
*hlen = SHA_DIGEST_LEN;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
break;
|
|
Packit |
6c0a39 |
case SSH_PUBLICKEY_HASH_SHA256:
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
SHA256CTX ctx;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
h = calloc(1, SHA256_DIGEST_LEN);
|
|
Packit |
6c0a39 |
if (h == NULL) {
|
|
Packit |
6c0a39 |
rc = -1;
|
|
Packit |
6c0a39 |
goto out;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
ctx = sha256_init();
|
|
Packit |
6c0a39 |
if (ctx == NULL) {
|
|
Packit |
6c0a39 |
free(h);
|
|
Packit |
6c0a39 |
rc = -1;
|
|
Packit |
6c0a39 |
goto out;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
sha256_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
|
|
Packit |
6c0a39 |
sha256_final(h, ctx);
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
*hlen = SHA256_DIGEST_LEN;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
break;
|
|
Packit |
6c0a39 |
case SSH_PUBLICKEY_HASH_MD5:
|
|
Packit |
6c0a39 |
{
|
|
Packit |
6c0a39 |
MD5CTX ctx;
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/* In FIPS mode, we cannot use MD5 */
|
|
Packit |
6c0a39 |
if (ssh_fips_mode()) {
|
|
Packit |
6c0a39 |
SSH_LOG(SSH_LOG_WARN, "In FIPS mode MD5 is not allowed."
|
|
Packit |
6c0a39 |
"Try using SSH_PUBLICKEY_HASH_SHA256");
|
|
Packit |
6c0a39 |
rc = SSH_ERROR;
|
|
Packit |
6c0a39 |
goto out;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
h = calloc(1, MD5_DIGEST_LEN);
|
|
Packit |
6c0a39 |
if (h == NULL) {
|
|
Packit |
6c0a39 |
rc = -1;
|
|
Packit |
6c0a39 |
goto out;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
ctx = md5_init();
|
|
Packit |
6c0a39 |
if (ctx == NULL) {
|
|
Packit |
6c0a39 |
free(h);
|
|
Packit |
6c0a39 |
rc = -1;
|
|
Packit |
6c0a39 |
goto out;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
md5_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
|
|
Packit |
6c0a39 |
md5_final(h, ctx);
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
*hlen = MD5_DIGEST_LEN;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
break;
|
|
Packit |
6c0a39 |
default:
|
|
Packit |
6c0a39 |
rc = -1;
|
|
Packit |
6c0a39 |
goto out;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
*hash = h;
|
|
Packit |
6c0a39 |
rc = 0;
|
|
Packit |
6c0a39 |
out:
|
|
Packit Service |
fcc0d2 |
SSH_STRING_FREE(blob);
|
|
Packit |
6c0a39 |
return rc;
|
|
Packit |
6c0a39 |
}
|
|
Packit |
6c0a39 |
|
|
Packit |
6c0a39 |
/** @} */
|