Home Explore Help
Sign In
HSD
/
putty
mirror of https://git.tartarus.org/simon/putty.git
Watch 1
Star 0
Fork 0
Files
Branch: 0.76-demo-screenshots
Branches Tags
putty
/
cproxy.c

cproxy.c 6.3 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. /*
    2. 

  2.  * Routines to do cryptographic interaction with proxies in PuTTY.
    3. 

  3.  * This is in a separate module from proxy.c, so that it can be
    4. 

  4.  * conveniently removed in PuTTYtel by replacing this module with
    5. 

  5.  * the stub version nocproxy.c.
    6. 

  6.  */
    7. 

  7. 

  8. #include <assert.h>
    9. 

  9. #include <ctype.h>
    10. 

  10. #include <string.h>
    11. 

  11. 

  12. #include "putty.h"
    13. 

  13. #include "ssh.h" /* For MD5 support */
    14. 

  14. #include "network.h"
    15. 

  15. #include "proxy.h"
    16. 

  16. #include "marshal.h"
    17. 

  17. 

  18. static void hmacmd5_chap(const unsigned char *challenge, int challen,
    19. 

  19.                          const char *passwd, unsigned char *response)
    20. 

  20. {
    21. 

  21.     mac_simple(&ssh_hmac_md5, ptrlen_from_asciz(passwd),
    22. 

  22.                make_ptrlen(challenge, challen), response);
    23. 

  23. }
    24. 

  24. 

  25. void proxy_socks5_offerencryptedauth(BinarySink *bs)
    26. 

  26. {
    27. 

  27.     put_byte(bs, 0x03);              /* CHAP */
    28. 

  28. }
    29. 

  29. 

  30. int proxy_socks5_handlechap (ProxySocket *p)
    31. 

  31. {
    32. 

  32. 

  33.     /* CHAP authentication reply format:
    34. 

  34.      *  version number (1 bytes) = 1
    35. 

  35.      *  number of commands (1 byte)
    36. 

  36.      *
    37. 

  37.      * For each command:
    38. 

  38.      *  command identifier (1 byte)
    39. 

  39.      *  data length (1 byte)
    40. 

  40.      */
    41. 

  41.     unsigned char data[260];
    42. 

  42.     unsigned char outbuf[20];
    43. 

  43. 

  44.     while(p->chap_num_attributes == 0 ||
    45. 

  45.           p->chap_num_attributes_processed < p->chap_num_attributes) {
    46. 

  46.         if (p->chap_num_attributes == 0 ||
    47. 

  47.             p->chap_current_attribute == -1) {
    48. 

  48.             /* CHAP normally reads in two bytes, either at the
    49. 

  49.              * beginning or for each attribute/value pair.  But if
    50. 

  50.              * we're waiting for the value's data, we might not want
    51. 

  51.              * to read 2 bytes.
    52. 

  52.              */
    53. 

  53. 

  54.             if (bufchain_size(&p->pending_input_data) < 2)
    55. 

  55.                 return 1;              /* not got anything yet */
    56. 

  56. 

  57.             /* get the response */
    58. 

  58.             bufchain_fetch(&p->pending_input_data, data, 2);
    59. 

  59.             bufchain_consume(&p->pending_input_data, 2);
    60. 

  60.         }
    61. 

  61. 

  62.         if (p->chap_num_attributes == 0) {
    63. 

  63.             /* If there are no attributes, this is our first msg
    64. 

  64.              * with the server, where we negotiate version and
    65. 

  65.              * number of attributes
    66. 

  66.              */
    67. 

  67.             if (data[0] != 0x01) {
    68. 

  68.                 plug_closing(p->plug, "Proxy error: SOCKS proxy wants"
    69. 

  69.                              " a different CHAP version",
    70. 

  70.                              PROXY_ERROR_GENERAL, 0);
    71. 

  71.                 return 1;
    72. 

  72.             }
    73. 

  73.             if (data[1] == 0x00) {
    74. 

  74.                 plug_closing(p->plug, "Proxy error: SOCKS proxy won't"
    75. 

  75.                              " negotiate CHAP with us",
    76. 

  76.                              PROXY_ERROR_GENERAL, 0);
    77. 

  77.                 return 1;
    78. 

  78.             }
    79. 

  79.             p->chap_num_attributes = data[1];
    80. 

  80.         } else {
    81. 

  81.             if (p->chap_current_attribute == -1) {
    82. 

  82.                 /* We have to read in each attribute/value pair -
    83. 

  83.                  * those we don't understand can be ignored, but
    84. 

  84.                  * there are a few we'll need to handle.
    85. 

  85.                  */
    86. 

  86.                 p->chap_current_attribute = data[0];
    87. 

  87.                 p->chap_current_datalen = data[1];
    88. 

  88.             }
    89. 

  89.             if (bufchain_size(&p->pending_input_data) <
    90. 

  90.                 p->chap_current_datalen)
    91. 

  91.                 return 1;              /* not got everything yet */
    92. 

  92. 

  93.             /* get the response */
    94. 

  94.             bufchain_fetch(&p->pending_input_data, data,
    95. 

  95.                            p->chap_current_datalen);
    96. 

  96. 

  97.             bufchain_consume(&p->pending_input_data,
    98. 

  98.                              p->chap_current_datalen);
    99. 

  99. 

  100.             switch (p->chap_current_attribute) {
    101. 

  101.               case 0x00:
    102. 

  102.                 /* Successful authentication */
    103. 

  103.                 if (data[0] == 0x00)
    104. 

  104.                     p->state = 2;
    105. 

  105.                 else {
    106. 

  106.                     plug_closing(p->plug, "Proxy error: SOCKS proxy"
    107. 

  107.                                  " refused CHAP authentication",
    108. 

  108.                                  PROXY_ERROR_GENERAL, 0);
    109. 

  109.                     return 1;
    110. 

  110.                 }
    111. 

  111.               break;
    112. 

  112.               case 0x03:
    113. 

  113.                 outbuf[0] = 0x01; /* Version */
    114. 

  114.                 outbuf[1] = 0x01; /* One attribute */
    115. 

  115.                 outbuf[2] = 0x04; /* Response */
    116. 

  116.                 outbuf[3] = 0x10; /* Length */
    117. 

  117.                 hmacmd5_chap(data, p->chap_current_datalen,
    118. 

  118.                              conf_get_str(p->conf, CONF_proxy_password),
    119. 

  119.                              &outbuf[4]);
    120. 

  120.                 sk_write(p->sub_socket, outbuf, 20);
    121. 

  121.               break;
    122. 

  122.               case 0x11:
    123. 

  123.                 /* Chose a protocol */
    124. 

  124.                 if (data[0] != 0x85) {
    125. 

  125.                     plug_closing(p->plug, "Proxy error: Server chose "
    126. 

  126.                                  "CHAP of other than HMAC-MD5 but we "
    127. 

  127.                                  "didn't offer it!",
    128. 

  128.                                  PROXY_ERROR_GENERAL, 0);
    129. 

  129.                     return 1;
    130. 

  130.                 }
    131. 

  131.               break;
    132. 

  132.             }
    133. 

  133.             p->chap_current_attribute = -1;
    134. 

  134.             p->chap_num_attributes_processed++;
    135. 

  135.         }
    136. 

  136.         if (p->state == 8 &&
    137. 

  137.             p->chap_num_attributes_processed >= p->chap_num_attributes) {
    138. 

  138.             p->chap_num_attributes = 0;
    139. 

  139.             p->chap_num_attributes_processed = 0;
    140. 

  140.             p->chap_current_datalen = 0;
    141. 

  141.         }
    142. 

  142.     }
    143. 

  143.     return 0;
    144. 

  144. }
    145. 

  145. 

  146. int proxy_socks5_selectchap(ProxySocket *p)
    147. 

  147. {
    148. 

  148.     char *username = conf_get_str(p->conf, CONF_proxy_username);
    149. 

  149.     char *password = conf_get_str(p->conf, CONF_proxy_password);
    150. 

  150.     if (username[0] || password[0]) {
    151. 

  151.         char chapbuf[514];
    152. 

  152.         int ulen;
    153. 

  153.         chapbuf[0] = '\x01'; /* Version */
    154. 

  154.         chapbuf[1] = '\x02'; /* Number of attributes sent */
    155. 

  155.         chapbuf[2] = '\x11'; /* First attribute - algorithms list */
    156. 

  156.         chapbuf[3] = '\x01'; /* Only one CHAP algorithm */
    157. 

  157.         chapbuf[4] = '\x85'; /* ...and it's HMAC-MD5, the core one */
    158. 

  158.         chapbuf[5] = '\x02'; /* Second attribute - username */
    159. 

  159. 

  160.         ulen = strlen(username);
    161. 

  161.         if (ulen > 255) ulen = 255;
    162. 

  162.         if (ulen < 1) ulen = 1;
    163. 

  163. 

  164.         chapbuf[6] = ulen;
    165. 

  165.         memcpy(chapbuf+7, username, ulen);
    166. 

  166. 

  167.         sk_write(p->sub_socket, chapbuf, ulen + 7);
    168. 

  168.         p->chap_num_attributes = 0;
    169. 

  169.         p->chap_num_attributes_processed = 0;
    170. 

  170.         p->chap_current_attribute = -1;
    171. 

  171.         p->chap_current_datalen = 0;
    172. 

  172. 

  173.         p->state = 8;
    174. 

  174.     } else
    175. 

  175.         plug_closing(p->plug, "Proxy error: Server chose "
    176. 

  176.                      "CHAP authentication but we didn't offer it!",
    177. 

  177.                  PROXY_ERROR_GENERAL, 0);
    178. 

  178.     return 1;
    179. 

  179. }
    180. 

  180.