libssh  0.10.6
The SSH library
session.h
1 /*
2  * This file is part of the SSH Library
3  *
4  * Copyright (c) 2009 by Aris Adamantiadis
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19  */
20 
21 #ifndef SESSION_H_
22 #define SESSION_H_
23 #include <stdbool.h>
24 
25 #include "libssh/priv.h"
26 #include "libssh/callbacks.h"
27 #include "libssh/kex.h"
28 #include "libssh/packet.h"
29 #include "libssh/pcap.h"
30 #include "libssh/auth.h"
31 #include "libssh/channels.h"
32 #include "libssh/poll.h"
33 #include "libssh/config.h"
34 #include "libssh/misc.h"
35 
36 /* These are the different states a SSH session can be into its life */
37 enum ssh_session_state_e {
38  SSH_SESSION_STATE_NONE=0,
39  SSH_SESSION_STATE_CONNECTING,
40  SSH_SESSION_STATE_SOCKET_CONNECTED,
41  SSH_SESSION_STATE_BANNER_RECEIVED,
42  SSH_SESSION_STATE_INITIAL_KEX,
43  SSH_SESSION_STATE_KEXINIT_RECEIVED,
44  SSH_SESSION_STATE_DH,
45  SSH_SESSION_STATE_AUTHENTICATING,
46  SSH_SESSION_STATE_AUTHENTICATED,
47  SSH_SESSION_STATE_ERROR,
48  SSH_SESSION_STATE_DISCONNECTED
49 };
50 
51 enum ssh_dh_state_e {
52  DH_STATE_INIT=0,
53  DH_STATE_GROUP_SENT,
54  DH_STATE_REQUEST_SENT,
55  DH_STATE_INIT_SENT,
56  DH_STATE_NEWKEYS_SENT,
57  DH_STATE_FINISHED
58 };
59 
60 enum ssh_pending_call_e {
61  SSH_PENDING_CALL_NONE = 0,
62  SSH_PENDING_CALL_CONNECT,
63  SSH_PENDING_CALL_AUTH_NONE,
64  SSH_PENDING_CALL_AUTH_PASSWORD,
65  SSH_PENDING_CALL_AUTH_OFFER_PUBKEY,
66  SSH_PENDING_CALL_AUTH_PUBKEY,
67  SSH_PENDING_CALL_AUTH_AGENT,
68  SSH_PENDING_CALL_AUTH_KBDINT_INIT,
69  SSH_PENDING_CALL_AUTH_KBDINT_SEND,
70  SSH_PENDING_CALL_AUTH_GSSAPI_MIC
71 };
72 
73 /* libssh calls may block an undefined amount of time */
74 #define SSH_SESSION_FLAG_BLOCKING 1
75 
76 /* Client successfully authenticated */
77 #define SSH_SESSION_FLAG_AUTHENTICATED 2
78 
79 /* The KEXINIT message can be sent first by either of the parties so this flag
80  * indicates that the message was already sent to make sure it is sent and avoid
81  * sending it twice during key exchange to simplify the state machine. */
82 #define SSH_SESSION_FLAG_KEXINIT_SENT 4
83 
84 /* The current SSH2 session implements the "strict KEX" feature and should behave
85  * differently on SSH2_MSG_NEWKEYS. */
86 #define SSH_SESSION_FLAG_KEX_STRICT 0x0010
87 /* Unexpected packets have been sent while the session was still unencrypted */
88 #define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
89 
90 /* codes to use with ssh_handle_packets*() */
91 /* Infinite timeout */
92 #define SSH_TIMEOUT_INFINITE -1
93 /* Use the timeout defined by user if any. Mostly used with new connections */
94 #define SSH_TIMEOUT_USER -2
95 /* Use the default timeout, depending on ssh_is_blocking() */
96 #define SSH_TIMEOUT_DEFAULT -3
97 /* Don't block at all */
98 #define SSH_TIMEOUT_NONBLOCKING 0
99 
100 /* options flags */
101 /* Authentication with *** allowed */
102 #define SSH_OPT_FLAG_PASSWORD_AUTH 0x1
103 #define SSH_OPT_FLAG_PUBKEY_AUTH 0x2
104 #define SSH_OPT_FLAG_KBDINT_AUTH 0x4
105 #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
106 
107 /* Escape expansion of different variables */
108 #define SSH_OPT_EXP_FLAG_KNOWNHOSTS 0x1
109 #define SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS 0x2
110 #define SSH_OPT_EXP_FLAG_PROXYCOMMAND 0x4
111 #define SSH_OPT_EXP_FLAG_IDENTITY 0x8
112 
113 /* extensions flags */
114 /* negotiation enabled */
115 #define SSH_EXT_NEGOTIATION 0x01
116 /* server-sig-algs extension */
117 #define SSH_EXT_SIG_RSA_SHA256 0x02
118 #define SSH_EXT_SIG_RSA_SHA512 0x04
119 
120 /* members that are common to ssh_session and ssh_bind */
122  struct error_struct error;
123  ssh_callbacks callbacks; /* Callbacks to user functions */
124  int log_verbosity; /* verbosity of the log functions */
125 };
126 
128  struct ssh_common_struct common;
129  struct ssh_socket_struct *socket;
130  char *serverbanner;
131  char *clientbanner;
132  int protoversion;
133  int server;
134  int client;
135  int openssh;
136  uint32_t send_seq;
137  uint32_t recv_seq;
138  struct ssh_timestamp last_rekey_time;
139 
140  int connected;
141  /* !=0 when the user got a session handle */
142  int alive;
143  /* two previous are deprecated */
144  /* int auth_service_asked; */
145 
146  /* session flags (SSH_SESSION_FLAG_*) */
147  int flags;
148 
149  /* Extensions negotiated using RFC 8308 */
150  uint32_t extensions;
151 
152  ssh_string banner; /* that's the issue banner from the server */
153  char *peer_discon_msg; /* disconnect message from the remote host */
154  char *disconnect_message; /* disconnect message to be set */
155  ssh_buffer in_buffer;
156  PACKET in_packet;
157  ssh_buffer out_buffer;
158  struct ssh_list *out_queue; /* This list is used for delaying packets
159  when rekeying is required */
160 
161  /* the states are used by the nonblocking stuff to remember */
162  /* where it was before being interrupted */
163  enum ssh_pending_call_e pending_call_state;
164  enum ssh_session_state_e session_state;
165  enum ssh_packet_state_e packet_state;
166  enum ssh_dh_state_e dh_handshake_state;
167  enum ssh_channel_request_state_e global_req_state;
168  struct ssh_agent_state_struct *agent_state;
169 
170  struct {
171  struct ssh_auth_auto_state_struct *auto_state;
172  enum ssh_auth_service_state_e service_state;
173  enum ssh_auth_state_e state;
174  uint32_t supported_methods;
175  uint32_t current_method;
176  } auth;
177 
178  /* Sending this flag before key exchange to save one round trip during the
179  * key exchange. This might make sense on high-latency connections.
180  * So far internal only for testing. Usable only on the client side --
181  * there is no key exchange method that would start with server message */
182  bool send_first_kex_follows;
183  /*
184  * RFC 4253, 7.1: if the first_kex_packet_follows flag was set in
185  * the received SSH_MSG_KEXINIT, but the guess was wrong, this
186  * field will be set such that the following guessed packet will
187  * be ignored on the receiving side. Once that packet has been received and
188  * ignored, this field is cleared.
189  * On the sending side, this is set after we got peer KEXINIT message and we
190  * need to resend the initial message of the negotiated KEX algorithm.
191  */
192  bool first_kex_follows_guess_wrong;
193 
194  ssh_buffer in_hashbuf;
195  ssh_buffer out_hashbuf;
196  struct ssh_crypto_struct *current_crypto;
197  /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
198  struct ssh_crypto_struct *next_crypto;
199 
200  struct ssh_list *channels; /* linked list of channels */
201  uint32_t maxchannel;
202  ssh_agent agent; /* ssh agent */
203 
204  /* keyboard interactive data */
205  struct ssh_kbdint_struct *kbdint;
206  struct ssh_gssapi_struct *gssapi;
207 
208  /* server host keys */
209  struct {
210  ssh_key rsa_key;
211  ssh_key dsa_key;
212  ssh_key ecdsa_key;
213  ssh_key ed25519_key;
214  /* The type of host key wanted by client */
215  enum ssh_keytypes_e hostkey;
216  enum ssh_digest_e hostkey_digest;
217  } srv;
218 
219  /* auths accepted by server */
220  struct ssh_list *ssh_message_list; /* list of delayed SSH messages */
221  int (*ssh_message_callback)(struct ssh_session_struct *session,
222  ssh_message msg, void *userdata);
223  void *ssh_message_callback_data;
224  ssh_server_callbacks server_callbacks;
225  void (*ssh_connection_callback)( struct ssh_session_struct *session);
226  struct ssh_packet_callbacks_struct default_packet_callbacks;
227  struct ssh_list *packet_callbacks;
228  struct ssh_socket_callbacks_struct socket_callbacks;
229  ssh_poll_ctx default_poll_ctx;
230  /* options */
231 #ifdef WITH_PCAP
232  ssh_pcap_context pcap_ctx; /* pcap debugging context */
233 #endif
234  struct {
235  struct ssh_list *identity;
236  struct ssh_list *identity_non_exp;
237  char *username;
238  char *host;
239  char *bindaddr; /* bind the client to an ip addr */
240  char *sshdir;
241  char *knownhosts;
242  char *global_knownhosts;
243  char *wanted_methods[SSH_KEX_METHODS];
244  char *pubkey_accepted_types;
245  char *ProxyCommand;
246  char *custombanner;
247  char *moduli_file;
248  char *agent_socket;
249  unsigned long timeout; /* seconds */
250  unsigned long timeout_usec;
251  uint16_t port;
252  socket_t fd;
253  int StrictHostKeyChecking;
254  char compressionlevel;
255  char *gss_server_identity;
256  char *gss_client_identity;
257  int gss_delegate_creds;
258  int flags;
259  int exp_flags;
260  int nodelay;
261  bool config_processed;
262  uint8_t options_seen[SOC_MAX];
263  uint64_t rekey_data;
264  uint32_t rekey_time;
265  int rsa_min_size;
266  } opts;
267  /* counters */
268  ssh_counter socket_counter;
269  ssh_counter raw_counter;
270 };
271 
277 typedef int (*ssh_termination_function)(void *user);
278 int ssh_handle_packets(ssh_session session, int timeout);
279 int ssh_handle_packets_termination(ssh_session session,
280  int timeout,
281  ssh_termination_function fct,
282  void *user);
283 void ssh_socket_exception_callback(int code, int errno_code, void *user);
284 
285 #endif /* SESSION_H_ */
Definition: priv.h:263
Definition: packet.h:29
Definition: auth.c:864
Definition: agent.h:77
Definition: auth.c:1003
Definition: buffer.c:48
Definition: callbacks.h:144
Definition: session.h:121
Definition: libssh.h:95
Definition: crypto.h:106
Definition: gssapi.c:48
Definition: auth.h:41
Definition: pki.h:54
Definition: misc.h:43
Definition: messages.h:85
Definition: callbacks.h:535
Definition: poll.c:76
Definition: callbacks.h:306
Definition: session.h:127
Definition: callbacks.h:383
Definition: socket.c:85
Definition: string.h:33
Definition: misc.h:53