forked from AnttiTakala/SSH2DOS
-
Notifications
You must be signed in to change notification settings - Fork 0
/
negotiat.c
174 lines (146 loc) · 4.78 KB
/
negotiat.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
/* negotiat.c Copyright (c) 2000-2005 Nagy Daniel
*
* $Date: 2005/12/30 16:26:40 $
* $Revision: 1.5 $
*
* This module is the SSH negotiation part:
* - open TCP connection
* - protocol version check
* - initiate key exchange (transport layer)
* - initiate user authorization (authentication layer)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "tcp.h"
#include "auth.h"
#include "config.h"
#include "common.h"
#include "channel.h"
#include "sshsha.h"
#include "ssh.h"
#include "transprt.h"
#include "version.h"
/* external functions, data */
extern Config GlobalConfig; /* configuration variables */
extern unsigned short Configuration; /* configuration bitfields */
extern char *RemoteClosed;
extern char *ConnectionClosed;
/* global variables */
SHA256_State exhash256base;
/*
* SSH version string exchange: get server's SSH protocol
* version, examine it, and send ours if it seems that we
* can communicate
*/
static short SSH_Exchange_Identification(void)
{
char localstr[256], remotestr[256];
unsigned short remote_major, remote_minor;
int i;
if(Configuration & VERBOSE_MODE)
puts("Identification Exchange");
/* Read other side's version identification. */
do{
if(!(i = sock_gets(&GlobalConfig.s, remotestr, sizeof(remotestr)))){
fatal("Cannot read remote identification string");
}
} while(strncmp(remotestr, "SSH-", 4)); /* ignore other lines */
if(sscanf(remotestr, "SSH-%hu.%hu-", &remote_major, &remote_minor) != 2){
SSH_Disconnect(SSH_DISCONNECT_PROTOCOL_ERROR, "Bad remote protocol version identification");
return(1);
}
remotestr[i] = 0;
remotestr[strcspn(remotestr, "\r\n")] = 0; /* cut \r\n if exists */
if(Configuration & VERBOSE_MODE)
printf("Remote version: %s\r\n",remotestr);
sprintf(localstr, "SSH-%d.%d-SSHDOS_%s\r\n", PROTOCOL_MAJOR, PROTOCOL_MINOR, SSH_VERSION);
if(Configuration & VERBOSE_MODE)
printf("Local version: %s", localstr);
if(remote_major < 2 && remote_minor != 99){
SSH_Disconnect(SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED, "Unsupported remote protocol version");
return(1);
}
if(sock_write(&GlobalConfig.s, localstr, strlen(localstr)) != strlen(localstr))
fatal("Socket write error. File: %s, line: %u", __FILE__, __LINE__);
/*
* We must hash the version strings for the Diffie-Hellman
* key exchange
*/
SHA256_Init(&exhash256base);
sha256_string(&exhash256base, localstr, strcspn(localstr, "\r\n"));
sha256_string(&exhash256base, remotestr, strlen(remotestr));
return(0);
}
/*
* Run SSH negotiation process
*/
short SSH_Connect(char *username, char *password, char *keyfile)
{
int status;
/* Initialize important variables */
SSH2_init();
/* Wait for host version packet */
sock_wait_input(&GlobalConfig.s, sock_delay, NULL, &status);
/* Version string exchange and verification */
if(SSH_Exchange_Identification())
return(1);
/*
* Now we wait for host key exchange. This will also do
* our key exchange, done by the transport layer
*/
if(Configuration & VERBOSE_MODE)
puts("Receiving host's key exchange packet");
if(SSH_pkt_read(SSH_MSG_KEXINIT))
return(1);
/* Now we encrypt, hash and maybe compress */
Configuration |= CIPHER_ENABLED;
if((Configuration & COMPRESSION_REQUESTED))
Request_Compression(6);
/*
* Request authorization and wait a response to it.
*/
SSH_pkt_init(SSH_MSG_SERVICE_REQUEST);
SSH_putstring("ssh-userauth");
if(Configuration & VERBOSE_MODE)
puts("Requesting authorization");
SSH_pkt_send();
if(SSH_pkt_read(SSH_MSG_SERVICE_ACCEPT))
return(1);
/*
* Try public key authentication first
* Then keyboard-interactive
* Then password authentication
*/
if(SSH2_Auth_Pubkey(username, keyfile))
if(SSH2_Auth_KbdInt(username, password))
if(SSH2_Auth_Password(username, password))
return(1);
/* Open a channel */
SSH2_Channel_Open();
return(0);
sock_err:
switch(status){
case 1:
puts(ConnectionClosed);
break;
case -1:
puts(RemoteClosed);
break;
}
return(1);
}