packetstorm sync

1 files changed, 497 insertions, 0 deletions

diff --git a/other/ssharp/sshconnect.c b/other/ssharp/sshconnect.c
new file mode 100644
index 0000000..d964c5f
--- /dev/null
+++ b/other/ssharp/sshconnect.c
@@ -0,0 +1,497 @@
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ *                    All rights reserved
+ * Code to connect to a remote host, and to perform the client side of the
+ * login (authentication) dialog.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose.  Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: sshconnect.c,v 1.104 2001/04/12 19:15:25 markus Exp $");
+
+#include <openssl/bn.h>
+
+#include "ssh.h"
+#include "xmalloc.h"
+#include "rsa.h"
+#include "buffer.h"
+#include "packet.h"
+#include "uidswap.h"
+#include "compat.h"
+#include "key.h"
+#include "sshconnect.h"
+#include "hostfile.h"
+#include "log.h"
+#include "readconf.h"
+#include "atomicio.h"
+#include "misc.h"
+#include "ssharp.h"
+
+char *client_version_string = NULL;
+char *server_version_string = NULL;
+
+extern Options options;
+extern char *__progname;
+
+/* AF_UNSPEC or AF_INET or AF_INET6 */
+extern int IPv4or6;
+
+/*
+ * Connect to the given ssh server using a proxy command.
+ */
+int
+ssh_proxy_connect(const char *host, u_short port,
+                  const char *proxy_command)
+{
+        Buffer command;
+        const char *cp;
+        char *command_string;
+        int pin[2], pout[2];
+        pid_t pid;
+        char strport[NI_MAXSERV];
+
+        /* Convert the port number into a string. */
+        snprintf(strport, sizeof strport, "%hu", port);
+
+        /* Build the final command string in the buffer by making the
+           appropriate substitutions to the given proxy command. */
+        buffer_init(&command);
+        for (cp = proxy_command; *cp; cp++) {
+                if (cp[0] == '%' && cp[1] == '%') {
+                        buffer_append(&command, "%", 1);
+                        cp++;
+                        continue;
+                }
+                if (cp[0] == '%' && cp[1] == 'h') {
+                        buffer_append(&command, host, strlen(host));
+                        cp++;
+                        continue;
+                }
+                if (cp[0] == '%' && cp[1] == 'p') {
+                        buffer_append(&command, strport, strlen(strport));
+                        cp++;
+                        continue;
+                }
+                buffer_append(&command, cp, 1);
+        }
+        buffer_append(&command, "\0", 1);
+
+        /* Get the final command string. */
+        command_string = buffer_ptr(&command);
+
+        /* Create pipes for communicating with the proxy. */
+        if (pipe(pin) < 0 || pipe(pout) < 0)
+                fatal("Could not create pipes to communicate with the proxy: %.100s",
+                      strerror(errno));
+
+        debug("Executing proxy command: %.500s", command_string);
+
+        /* Fork and execute the proxy command. */
+        if ((pid = fork()) == 0) {
+                char *argv[10];
+
+
+                /* Redirect stdin and stdout. */
+                close(pin[1]);
+                if (pin[0] != 0) {
+                        if (dup2(pin[0], 0) < 0)
+                                perror("dup2 stdin");
+                        close(pin[0]);
+                }
+                close(pout[0]);
+                if (dup2(pout[1], 1) < 0)
+                        perror("dup2 stdout");
+                /* Cannot be 1 because pin allocated two descriptors. */
+                close(pout[1]);
+
+                /* Stderr is left as it is so that error messages get
+                   printed on the user's terminal. */
+                argv[0] = _PATH_BSHELL;
+                argv[1] = "-c";
+                argv[2] = command_string;
+                argv[3] = NULL;
+
+                /* Execute the proxy command.  Note that we gave up any
+                   extra privileges above. */
+                execv(argv[0], argv);
+                perror(argv[0]);
+                exit(1);
+        }
+        /* Parent. */
+        if (pid < 0)
+                fatal("fork failed: %.100s", strerror(errno));
+
+        /* Close child side of the descriptors. */
+        close(pin[0]);
+        close(pout[1]);
+
+        /* Free the command name. */
+        buffer_free(&command);
+
+        /* Set the connection file descriptors. */
+        packet_set_connection(pout[0], pin[1]);
+
+        return 1;
+}
+
+
+/*
+ * Creates a (possibly privileged) socket for use as the ssh connection.
+ */
+int
+ssh_create_socket(int family)
+{
+        int sock = socket(family, SOCK_STREAM, 0);
+        return sock;
+}
+
+/*
+ * Opens a TCP/IP connection to the remote server on the given host.
+ * The address of the remote host will be returned in hostaddr.
+ * If port is 0, the default port will be used.  If anonymous is zero,
+ * a privileged port will be allocated to make the connection.
+ * This requires super-user privileges if anonymous is false.
+ * Connection_attempts specifies the maximum number of tries (one per
+ * second).  If proxy_command is non-NULL, it specifies the command (with %h
+ * and %p substituted for host and port, respectively) to use to contact
+ * the daemon.
+ */
+int
+ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
+            u_short port, int connection_attempts,
+            int anonymous,
+            const char *proxy_command)
+{
+        int gaierr;
+        int on = 1;
+        int sock = -1, attempt;
+        char ntop[NI_MAXHOST], strport[NI_MAXSERV];
+        struct addrinfo hints, *ai, *aitop;
+        struct linger linger;
+        struct servent *sp;
+
+        debug("ssh_connect: getuid %u geteuid %u anon %d",
+              (u_int) getuid(), (u_int) geteuid(), anonymous);
+
+        /* Get default port if port has not been set. */
+        if (port == 0) {
+                sp = getservbyname(SSH_SERVICE_NAME, "tcp");
+                if (sp)
+                        port = ntohs(sp->s_port);
+                else
+                        port = SSH_DEFAULT_PORT;
+        }
+        /* If a proxy command is given, connect using it. */
+        if (proxy_command != NULL)
+                return ssh_proxy_connect(host, port, proxy_command);
+
+        /* No proxy command. */
+
+        memset(&hints, 0, sizeof(hints));
+        hints.ai_family = IPv4or6;
+        hints.ai_socktype = SOCK_STREAM;
+        snprintf(strport, sizeof strport, "%d", port);
+        if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
+                fatal("%s: %.100s: %s", __progname, host,
+                    gai_strerror(gaierr));
+
+        /*
+         * Try to connect several times.  On some machines, the first time
+         * will sometimes fail.  In general socket code appears to behave
+         * quite magically on many machines.
+         */
+        for (attempt = 0; attempt < connection_attempts; attempt++) {
+                if (attempt > 0)
+                        debug("Trying again...");
+
+                /* Loop through addresses for this host, and try each one in
+                   sequence until the connection succeeds. */
+                for (ai = aitop; ai; ai = ai->ai_next) {
+                        if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+                                continue;
+                        if (getnameinfo(ai->ai_addr, ai->ai_addrlen,
+                            ntop, sizeof(ntop), strport, sizeof(strport),
+                            NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+                                error("ssh_connect: getnameinfo failed");
+                                continue;
+                        }
+                        debug("Connecting to %.200s [%.100s] port %s.",
+                                host, ntop, strport);
+
+
+                        if ((sock = socket_connect_b(ai->ai_addr, ai->ai_addrlen, SSHARP_MINPORT)) >= 0) {
+                                /* Successful connection. */
+                                memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen);
+                                break;
+                        } else {
+                                debug("connect: %.100s", strerror(errno));
+                                /*
+                                 * Close the failed socket; there appear to
+                                 * be some problems when reusing a socket for
+                                 * which connect() has already returned an
+                                 * error.
+                                 */
+                                shutdown(sock, SHUT_RDWR);
+                                close(sock);
+                        }
+                }
+                if (ai)
+                        break;  /* Successful connection. */
+
+                /* Sleep a moment before retrying. */
+                sleep(1);
+        }
+
+        freeaddrinfo(aitop);
+
+        /* Return failure if we didn't get a successful connection. */
+        if (attempt >= connection_attempts)
+                return 0;
+
+        debug("Connection established.");
+
+        /*
+         * Set socket options.  We would like the socket to disappear as soon
+         * as it has been closed for whatever reason.
+         */
+        /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
+        linger.l_onoff = 1;
+        linger.l_linger = 5;
+        setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
+
+        /* Set keepalives if requested. */
+        if (options.keepalives &&
+            setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+            sizeof(on)) < 0)
+                error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
+
+        /* Set the connection. */
+        packet_set_connection(sock, sock);
+
+        return 1;
+}
+
+/*
+ * Waits for the server identification string, and sends our own
+ * identification string.
+ */
+void
+ssh_exchange_identification(void)
+{
+        char buf[256], remote_version[256];     /* must be same size! */
+        int remote_major, remote_minor, i, mismatch;
+        int connection_in = packet_get_connection_in();
+        int connection_out = packet_get_connection_out();
+        int minor1 = PROTOCOL_MINOR_1;
+
+        /* Read other side\'s version identification. */
+        for (;;) {
+                for (i = 0; i < sizeof(buf) - 1; i++) {
+                        int len = atomicio(read, connection_in, &buf[i], 1);
+                        if (len < 0)
+                                fatal("ssh_exchange_identification: read: %.100s", strerror(errno));
+                        if (len != 1)
+                                fatal("ssh_exchange_identification: Connection closed by remote host");
+                        if (buf[i] == '\r') {
+                                buf[i] = '\n';
+                                buf[i + 1] = 0;
+                                continue;               /**XXX wait for \n */
+                        }
+                        if (buf[i] == '\n') {
+                                buf[i + 1] = 0;
+                                break;
+                        }
+                }
+                buf[sizeof(buf) - 1] = 0;
+                if (strncmp(buf, "SSH-", 4) == 0)
+                        break;
+                debug("ssh_exchange_identification: %s", buf);
+        }
+        server_version_string = xstrdup(buf);
+
+        /*
+         * Check that the versions match.  In future this might accept
+         * several versions and set appropriate flags to handle them.
+         */
+        if (sscanf(server_version_string, "SSH-%d.%d-%[^\n]\n",
+            &remote_major, &remote_minor, remote_version) != 3)
+                fatal("Bad remote protocol version identification: '%.100s'", buf);
+        debug("Remote protocol version %d.%d, remote software version %.100s",
+              remote_major, remote_minor, remote_version);
+
+        compat_datafellows(remote_version);
+        mismatch = 0;
+
+        switch(remote_major) {
+        case 1:
+                if (remote_minor == 99 &&
+                    (options.protocol & SSH_PROTO_2) &&
+                    !(options.protocol & SSH_PROTO_1_PREFERRED)) {
+                        enable_compat20();
+                        break;
+                }
+                if (!(options.protocol & SSH_PROTO_1)) {
+                        mismatch = 1;
+                        break;
+                }
+                if (remote_minor < 3) {
+                        fatal("Remote machine has too old SSH software version.");
+                } else if (remote_minor == 3 || remote_minor == 4) {
+                        /* We speak 1.3, too. */
+                        enable_compat13();
+                        minor1 = 3;
+                        if (options.forward_agent) {
+                                log("Agent forwarding disabled for protocol 1.3");
+                                options.forward_agent = 0;
+                        }
+                }
+                break;
+        case 2:
+                if (options.protocol & SSH_PROTO_2) {
+                        enable_compat20();
+                        break;
+                }
+                /* FALLTHROUGH */
+        default:
+                mismatch = 1;
+                break;
+        }
+        if (mismatch)
+                fatal("Protocol major versions differ: %d vs. %d",
+                    (options.protocol & SSH_PROTO_2) ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
+                    remote_major);
+        if (compat20)
+                packet_set_ssh2_format();
+        /* Send our own protocol version identification. */
+        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n",
+            compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
+            compat20 ? PROTOCOL_MINOR_2 : minor1,
+            SSH_VERSION);
+        if (atomicio(write, connection_out, buf, strlen(buf)) != strlen(buf))
+                fatal("write: %.100s", strerror(errno));
+        client_version_string = xstrdup(buf);
+        chop(client_version_string);
+        chop(server_version_string);
+        debug("Local version string %.100s", client_version_string);
+}
+
+/* defaults to 'no' */
+int
+read_yes_or_no(const char *prompt, int defval)
+{
+        char buf[1024];
+        FILE *f;
+        int retval = -1;
+
+        if (options.batch_mode)
+                return 0;
+
+        if (isatty(STDIN_FILENO))
+                f = stdin;
+        else
+                f = fopen(_PATH_TTY, "rw");
+
+        if (f == NULL)
+                return 0;
+
+        fflush(stdout);
+
+        while (1) {
+                fprintf(stderr, "%s", prompt);
+                if (fgets(buf, sizeof(buf), f) == NULL) {
+                        /* Print a newline (the prompt probably didn\'t have one). */
+                        fprintf(stderr, "\n");
+                        strlcpy(buf, "no", sizeof buf);
+                }
+                /* Remove newline from response. */
+                if (strchr(buf, '\n'))
+                        *strchr(buf, '\n') = 0;
+
+                if (buf[0] == 0)
+                        retval = defval;
+                if (strcmp(buf, "yes") == 0)
+                        retval = 1;
+                else if (strcmp(buf, "no") == 0)
+                        retval = 0;
+                else
+                        fprintf(stderr, "Please type 'yes' or 'no'.\n");
+
+                if (retval != -1) {
+                        if (f != stdin)
+                                fclose(f);
+                        return retval;
+                }
+        }
+}
+
+/*
+ * check whether the supplied host key is valid, return only if ok.
+ */
+
+void
+check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
+        const char *user_hostfile, const char *system_hostfile)
+{
+        /* SSHARP: dummy */
+}
+
+/*
+ * Starts a dialog with the server, and authenticates the current user on the
+ * server.  This does not need any extra privileges.  The basic connection
+ * to the server must already have been established before this is called.
+ * If login fails, this function prints an error and never returns.
+ * This function does not require super-user privileges.
+ */
+void
+ssh_login(Key **keys, int nkeys, const char *orighost,
+    struct sockaddr *hostaddr, char *login, char *pass)
+{
+        char *host, *cp;
+
+        /* Convert the user-supplied hostname into all lowercase. */
+        host = xstrdup(orighost);
+        for (cp = host; *cp; cp++)
+                if (isupper(*cp))
+                        *cp = tolower(*cp);
+
+        /* Exchange protocol version identification strings with the server. */
+        ssh_exchange_identification();
+
+        /* Put the connection into non-blocking mode. */
+        packet_set_nonblocking();
+
+        /* key exchange */
+        /* authenticate user */
+        if (compat20) {
+                ssh_kex2(host, hostaddr);
+                ssh_userauth2(login, pass, host, keys, nkeys);
+        } else {
+                ssh_kex(host, hostaddr);
+                ssh_userauth1(login, pass, host, keys, nkeys);
+        }
+}
+
+void
+ssh_put_password(char *password)
+{
+        int size;
+        char *padded;
+
+        if (datafellows & SSH_BUG_PASSWORDPAD) {
+                packet_put_string(password, strlen(password));
+                return;
+        }
+        size = roundup(strlen(password) + 1, 32);
+        padded = xmalloc(size);
+        memset(padded, 0, size);
+        strlcpy(padded, password, size);
+        packet_put_string(padded, size);
+        memset(padded, 0, size);
+        xfree(padded);
+}