login1.c 46 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195
  1. /*
  2. * Packet protocol layer for the SSH-1 login phase (combining what
  3. * SSH-2 would think of as key exchange and user authentication).
  4. */
  5. #include <assert.h>
  6. #include "putty.h"
  7. #include "ssh.h"
  8. #include "mpint.h"
  9. #include "bpp.h"
  10. #include "ppl.h"
  11. #include "sshcr.h"
  12. typedef struct agent_key {
  13. RSAKey key;
  14. strbuf *comment;
  15. ptrlen blob; /* only used during initial parsing of agent response */
  16. } agent_key;
  17. struct ssh1_login_state {
  18. int crState;
  19. PacketProtocolLayer *successor_layer;
  20. Conf *conf;
  21. char *savedhost;
  22. int savedport;
  23. bool try_agent_auth, is_trivial_auth;
  24. int remote_protoflags;
  25. int local_protoflags;
  26. unsigned char session_key[32];
  27. char *username;
  28. agent_pending_query *auth_agent_query;
  29. int len;
  30. unsigned char *rsabuf;
  31. unsigned long supported_ciphers_mask, supported_auths_mask;
  32. bool tried_publickey, tried_agent;
  33. bool tis_auth_refused, ccard_auth_refused;
  34. unsigned char cookie[8];
  35. unsigned char session_id[16];
  36. int cipher_type;
  37. strbuf *publickey_blob;
  38. char *publickey_comment;
  39. bool privatekey_available, privatekey_encrypted;
  40. prompts_t *cur_prompt;
  41. SeatPromptResult spr;
  42. char c;
  43. int pwpkt_type;
  44. void *agent_response_to_free;
  45. ptrlen agent_response;
  46. BinarySource asrc[1]; /* response from SSH agent */
  47. size_t agent_keys_len;
  48. agent_key *agent_keys;
  49. size_t agent_key_index, agent_key_limit;
  50. bool authed;
  51. RSAKey key;
  52. Filename *keyfile;
  53. RSAKey servkey, hostkey;
  54. StripCtrlChars *tis_scc;
  55. bool tis_scc_initialised;
  56. PacketProtocolLayer ppl;
  57. };
  58. static void ssh1_login_free(PacketProtocolLayer *);
  59. static void ssh1_login_process_queue(PacketProtocolLayer *);
  60. static void ssh1_login_dialog_callback(void *, SeatPromptResult);
  61. static void ssh1_login_special_cmd(PacketProtocolLayer *ppl,
  62. SessionSpecialCode code, int arg);
  63. static void ssh1_login_reconfigure(PacketProtocolLayer *ppl, Conf *conf);
  64. static const PacketProtocolLayerVtable ssh1_login_vtable = {
  65. .free = ssh1_login_free,
  66. .process_queue = ssh1_login_process_queue,
  67. .get_specials = ssh1_common_get_specials,
  68. .special_cmd = ssh1_login_special_cmd,
  69. .reconfigure = ssh1_login_reconfigure,
  70. .queued_data_size = ssh_ppl_default_queued_data_size,
  71. .final_output = ssh_ppl_default_final_output,
  72. .name = NULL, /* no layer names in SSH-1 */
  73. };
  74. static void ssh1_login_agent_query(struct ssh1_login_state *s, strbuf *req);
  75. static void ssh1_login_agent_callback(void *loginv, void *reply, int replylen);
  76. PacketProtocolLayer *ssh1_login_new(
  77. Conf *conf, const char *host, int port,
  78. PacketProtocolLayer *successor_layer)
  79. {
  80. struct ssh1_login_state *s = snew(struct ssh1_login_state);
  81. memset(s, 0, sizeof(*s));
  82. s->ppl.vt = &ssh1_login_vtable;
  83. s->conf = conf_copy(conf);
  84. s->savedhost = dupstr(host);
  85. s->savedport = port;
  86. s->successor_layer = successor_layer;
  87. s->is_trivial_auth = true;
  88. return &s->ppl;
  89. }
  90. static void ssh1_login_free(PacketProtocolLayer *ppl)
  91. {
  92. struct ssh1_login_state *s =
  93. container_of(ppl, struct ssh1_login_state, ppl);
  94. if (s->successor_layer)
  95. ssh_ppl_free(s->successor_layer);
  96. conf_free(s->conf);
  97. sfree(s->savedhost);
  98. sfree(s->rsabuf);
  99. sfree(s->username);
  100. if (s->publickey_blob)
  101. strbuf_free(s->publickey_blob);
  102. sfree(s->publickey_comment);
  103. if (s->cur_prompt)
  104. free_prompts(s->cur_prompt);
  105. if (s->agent_keys) {
  106. for (size_t i = 0; i < s->agent_keys_len; i++) {
  107. freersakey(&s->agent_keys[i].key);
  108. strbuf_free(s->agent_keys[i].comment);
  109. }
  110. sfree(s->agent_keys);
  111. }
  112. sfree(s->agent_response_to_free);
  113. if (s->auth_agent_query)
  114. agent_cancel_query(s->auth_agent_query);
  115. sfree(s);
  116. }
  117. static bool ssh1_login_filter_queue(struct ssh1_login_state *s)
  118. {
  119. return ssh1_common_filter_queue(&s->ppl);
  120. }
  121. static PktIn *ssh1_login_pop(struct ssh1_login_state *s)
  122. {
  123. if (ssh1_login_filter_queue(s))
  124. return NULL;
  125. return pq_pop(s->ppl.in_pq);
  126. }
  127. static void ssh1_login_setup_tis_scc(struct ssh1_login_state *s);
  128. static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
  129. {
  130. struct ssh1_login_state *s =
  131. container_of(ppl, struct ssh1_login_state, ppl);
  132. PktIn *pktin;
  133. PktOut *pkt;
  134. int i;
  135. /* Filter centrally handled messages off the front of the queue on
  136. * every entry to this coroutine, no matter where we're resuming
  137. * from, even if we're _not_ looping on pq_pop. That way we can
  138. * still proactively handle those messages even if we're waiting
  139. * for a user response. */
  140. if (ssh1_login_filter_queue(s))
  141. return;
  142. crBegin(s->crState);
  143. crMaybeWaitUntilV((pktin = ssh1_login_pop(s)) != NULL);
  144. if (pktin->type != SSH1_SMSG_PUBLIC_KEY) {
  145. ssh_proto_error(s->ppl.ssh, "Public key packet not received");
  146. return;
  147. }
  148. ppl_logevent("Received public keys");
  149. {
  150. ptrlen pl = get_data(pktin, 8);
  151. memcpy(s->cookie, pl.ptr, pl.len);
  152. }
  153. get_rsa_ssh1_pub(pktin, &s->servkey, RSA_SSH1_EXPONENT_FIRST);
  154. get_rsa_ssh1_pub(pktin, &s->hostkey, RSA_SSH1_EXPONENT_FIRST);
  155. s->hostkey.comment = NULL; /* avoid confusing rsa_ssh1_fingerprint */
  156. /*
  157. * Log the host key fingerprint.
  158. */
  159. if (!get_err(pktin)) {
  160. char *fingerprint = rsa_ssh1_fingerprint(&s->hostkey);
  161. ppl_logevent("Host key fingerprint is:");
  162. ppl_logevent(" %s", fingerprint);
  163. sfree(fingerprint);
  164. }
  165. s->remote_protoflags = get_uint32(pktin);
  166. s->supported_ciphers_mask = get_uint32(pktin);
  167. s->supported_auths_mask = get_uint32(pktin);
  168. if (get_err(pktin)) {
  169. ssh_proto_error(s->ppl.ssh, "Bad SSH-1 public key packet");
  170. return;
  171. }
  172. if ((s->ppl.remote_bugs & BUG_CHOKES_ON_RSA))
  173. s->supported_auths_mask &= ~(1 << SSH1_AUTH_RSA);
  174. s->local_protoflags =
  175. s->remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
  176. s->local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
  177. ssh1_compute_session_id(s->session_id, s->cookie,
  178. &s->hostkey, &s->servkey);
  179. random_read(s->session_key, 32);
  180. /*
  181. * Verify that the `bits' and `bytes' parameters match.
  182. */
  183. if (s->hostkey.bits > s->hostkey.bytes * 8 ||
  184. s->servkey.bits > s->servkey.bytes * 8) {
  185. ssh_proto_error(s->ppl.ssh, "SSH-1 public keys were badly formatted");
  186. return;
  187. }
  188. s->len = 32;
  189. if (s->len < s->hostkey.bytes)
  190. s->len = s->hostkey.bytes;
  191. if (s->len < s->servkey.bytes)
  192. s->len = s->servkey.bytes;
  193. s->rsabuf = snewn(s->len, unsigned char);
  194. /*
  195. * Verify the host key.
  196. */
  197. {
  198. char *keystr = rsastr_fmt(&s->hostkey);
  199. char *keydisp = ssh1_pubkey_str(&s->hostkey);
  200. char **fingerprints = rsa_ssh1_fake_all_fingerprints(&s->hostkey);
  201. s->spr = verify_ssh_host_key(
  202. ppl_get_iseat(&s->ppl), s->conf, s->savedhost, s->savedport, NULL,
  203. "rsa", keystr, keydisp, fingerprints, 0,
  204. ssh1_login_dialog_callback, s);
  205. ssh2_free_all_fingerprints(fingerprints);
  206. sfree(keydisp);
  207. sfree(keystr);
  208. }
  209. #ifdef FUZZING
  210. s->spr = SPR_OK;
  211. #endif
  212. crMaybeWaitUntilV(s->spr.kind != SPRK_INCOMPLETE);
  213. if (spr_is_abort(s->spr)) {
  214. ssh_spr_close(s->ppl.ssh, s->spr, "host key verification");
  215. return;
  216. }
  217. for (i = 0; i < 32; i++) {
  218. s->rsabuf[i] = s->session_key[i];
  219. if (i < 16)
  220. s->rsabuf[i] ^= s->session_id[i];
  221. }
  222. {
  223. RSAKey *smaller = (s->hostkey.bytes > s->servkey.bytes ?
  224. &s->servkey : &s->hostkey);
  225. RSAKey *larger = (s->hostkey.bytes > s->servkey.bytes ?
  226. &s->hostkey : &s->servkey);
  227. if (!rsa_ssh1_encrypt(s->rsabuf, 32, smaller) ||
  228. !rsa_ssh1_encrypt(s->rsabuf, smaller->bytes, larger)) {
  229. ssh_proto_error(s->ppl.ssh, "SSH-1 public key encryptions failed "
  230. "due to bad formatting");
  231. return;
  232. }
  233. }
  234. ppl_logevent("Encrypted session key");
  235. {
  236. bool cipher_chosen = false, warn = false;
  237. const char *cipher_string = NULL;
  238. int i;
  239. for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
  240. int next_cipher = conf_get_int_int(
  241. s->conf, CONF_ssh_cipherlist, i);
  242. if (next_cipher == CIPHER_WARN) {
  243. /* If/when we choose a cipher, warn about it */
  244. warn = true;
  245. } else if (next_cipher == CIPHER_AES) {
  246. /* XXX Probably don't need to mention this. */
  247. ppl_logevent("AES not supported in SSH-1, skipping");
  248. } else {
  249. switch (next_cipher) {
  250. case CIPHER_3DES: s->cipher_type = SSH1_CIPHER_3DES;
  251. cipher_string = "3DES"; break;
  252. case CIPHER_BLOWFISH: s->cipher_type = SSH1_CIPHER_BLOWFISH;
  253. cipher_string = "Blowfish"; break;
  254. case CIPHER_DES: s->cipher_type = SSH1_CIPHER_DES;
  255. cipher_string = "single-DES"; break;
  256. }
  257. if (s->supported_ciphers_mask & (1 << s->cipher_type))
  258. cipher_chosen = true;
  259. }
  260. }
  261. if (!cipher_chosen) {
  262. if ((s->supported_ciphers_mask & (1 << SSH1_CIPHER_3DES)) == 0) {
  263. ssh_proto_error(s->ppl.ssh, "Server violates SSH-1 protocol "
  264. "by not supporting 3DES encryption");
  265. } else {
  266. /* shouldn't happen */
  267. ssh_sw_abort(s->ppl.ssh, "No supported ciphers found");
  268. }
  269. return;
  270. }
  271. /* Warn about chosen cipher if necessary. */
  272. if (warn) {
  273. s->spr = confirm_weak_crypto_primitive(
  274. ppl_get_iseat(&s->ppl), "cipher", cipher_string,
  275. ssh1_login_dialog_callback, s, WCR_BELOW_THRESHOLD);
  276. crMaybeWaitUntilV(s->spr.kind != SPRK_INCOMPLETE);
  277. if (spr_is_abort(s->spr)) {
  278. ssh_spr_close(s->ppl.ssh, s->spr, "cipher warning");
  279. return;
  280. }
  281. }
  282. }
  283. switch (s->cipher_type) {
  284. case SSH1_CIPHER_3DES:
  285. ppl_logevent("Using 3DES encryption");
  286. break;
  287. case SSH1_CIPHER_DES:
  288. ppl_logevent("Using single-DES encryption");
  289. break;
  290. case SSH1_CIPHER_BLOWFISH:
  291. ppl_logevent("Using Blowfish encryption");
  292. break;
  293. }
  294. pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_SESSION_KEY);
  295. put_byte(pkt, s->cipher_type);
  296. put_data(pkt, s->cookie, 8);
  297. put_uint16(pkt, s->len * 8);
  298. put_data(pkt, s->rsabuf, s->len);
  299. put_uint32(pkt, s->local_protoflags);
  300. pq_push(s->ppl.out_pq, pkt);
  301. ppl_logevent("Trying to enable encryption...");
  302. sfree(s->rsabuf);
  303. s->rsabuf = NULL;
  304. /*
  305. * Force the BPP to synchronously marshal all packets up to and
  306. * including the SESSION_KEY into wire format, before we turn on
  307. * crypto.
  308. */
  309. ssh_bpp_handle_output(s->ppl.bpp);
  310. {
  311. const ssh_cipheralg *cipher =
  312. (s->cipher_type == SSH1_CIPHER_BLOWFISH ? &ssh_blowfish_ssh1 :
  313. s->cipher_type == SSH1_CIPHER_DES ? &ssh_des : &ssh_3des_ssh1);
  314. ssh1_bpp_new_cipher(s->ppl.bpp, cipher, s->session_key);
  315. }
  316. freersakey(&s->servkey);
  317. freersakey(&s->hostkey);
  318. crMaybeWaitUntilV((pktin = ssh1_login_pop(s)) != NULL);
  319. if (pktin->type != SSH1_SMSG_SUCCESS) {
  320. ssh_proto_error(s->ppl.ssh, "Encryption not successfully enabled");
  321. return;
  322. }
  323. ppl_logevent("Successfully started encryption");
  324. if ((s->username = get_remote_username(s->conf)) == NULL) {
  325. s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
  326. s->cur_prompt->to_server = true;
  327. s->cur_prompt->from_server = false;
  328. s->cur_prompt->name = dupstr("SSH login name");
  329. add_prompt(s->cur_prompt, dupstr("login as: "), true);
  330. s->spr = seat_get_userpass_input(
  331. ppl_get_iseat(&s->ppl), s->cur_prompt);
  332. while (s->spr.kind == SPRK_INCOMPLETE) {
  333. crReturnV;
  334. s->spr = seat_get_userpass_input(
  335. ppl_get_iseat(&s->ppl), s->cur_prompt);
  336. }
  337. if (spr_is_abort(s->spr)) {
  338. /*
  339. * Failed to get a username. Terminate.
  340. */
  341. ssh_spr_close(s->ppl.ssh, s->spr, "username prompt");
  342. return;
  343. }
  344. s->username = prompt_get_result(s->cur_prompt->prompts[0]);
  345. free_prompts(s->cur_prompt);
  346. s->cur_prompt = NULL;
  347. }
  348. pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_USER);
  349. put_stringz(pkt, s->username);
  350. pq_push(s->ppl.out_pq, pkt);
  351. ppl_logevent("Sent username \"%s\"", s->username);
  352. if (seat_verbose(s->ppl.seat) || seat_interactive(s->ppl.seat))
  353. ppl_printf("Sent username \"%s\"\r\n", s->username);
  354. crMaybeWaitUntilV((pktin = ssh1_login_pop(s)) != NULL);
  355. if (!(s->supported_auths_mask & (1 << SSH1_AUTH_RSA))) {
  356. /* We must not attempt PK auth. Pretend we've already tried it. */
  357. s->tried_publickey = s->tried_agent = true;
  358. } else {
  359. s->tried_publickey = s->tried_agent = false;
  360. }
  361. s->tis_auth_refused = s->ccard_auth_refused = false;
  362. /*
  363. * Load the public half of any configured keyfile for later use.
  364. */
  365. s->keyfile = conf_get_filename(s->conf, CONF_keyfile);
  366. if (!filename_is_null(s->keyfile)) {
  367. int keytype;
  368. ppl_logevent("Reading key file \"%s\"", filename_to_str(s->keyfile));
  369. keytype = key_type(s->keyfile);
  370. if (keytype == SSH_KEYTYPE_SSH1 ||
  371. keytype == SSH_KEYTYPE_SSH1_PUBLIC) {
  372. const char *error;
  373. s->publickey_blob = strbuf_new();
  374. if (rsa1_loadpub_f(s->keyfile,
  375. BinarySink_UPCAST(s->publickey_blob),
  376. &s->publickey_comment, &error)) {
  377. s->privatekey_available = (keytype == SSH_KEYTYPE_SSH1);
  378. if (!s->privatekey_available)
  379. ppl_logevent("Key file contains public key only");
  380. s->privatekey_encrypted = rsa1_encrypted_f(s->keyfile, NULL);
  381. } else {
  382. ppl_logevent("Unable to load key (%s)", error);
  383. ppl_printf("Unable to load key file \"%s\" (%s)\r\n",
  384. filename_to_str(s->keyfile), error);
  385. strbuf_free(s->publickey_blob);
  386. s->publickey_blob = NULL;
  387. }
  388. } else {
  389. ppl_logevent("Unable to use this key file (%s)",
  390. key_type_to_str(keytype));
  391. ppl_printf("Unable to use key file \"%s\" (%s)\r\n",
  392. filename_to_str(s->keyfile),
  393. key_type_to_str(keytype));
  394. }
  395. }
  396. /* Check whether we're configured to try Pageant, and also whether
  397. * it's available. */
  398. s->try_agent_auth = (conf_get_bool(s->conf, CONF_tryagent) &&
  399. agent_exists());
  400. while (pktin->type == SSH1_SMSG_FAILURE) {
  401. s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
  402. if (s->try_agent_auth && !s->tried_agent) {
  403. /*
  404. * Attempt RSA authentication using Pageant.
  405. */
  406. s->authed = false;
  407. s->tried_agent = true;
  408. ppl_logevent("Pageant is running. Requesting keys.");
  409. /* Request the keys held by the agent. */
  410. {
  411. strbuf *request = strbuf_new_for_agent_query();
  412. put_byte(request, SSH1_AGENTC_REQUEST_RSA_IDENTITIES);
  413. ssh1_login_agent_query(s, request);
  414. strbuf_free(request);
  415. crMaybeWaitUntilV(!s->auth_agent_query);
  416. }
  417. BinarySource_BARE_INIT_PL(s->asrc, s->agent_response);
  418. get_uint32(s->asrc); /* skip length field */
  419. if (get_byte(s->asrc) == SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
  420. size_t nkeys = get_uint32(s->asrc);
  421. size_t origpos = s->asrc->pos;
  422. /*
  423. * Check that the agent response is well formed.
  424. */
  425. for (size_t i = 0; i < nkeys; i++) {
  426. get_rsa_ssh1_pub(s->asrc, NULL, RSA_SSH1_EXPONENT_FIRST);
  427. get_string(s->asrc); /* comment */
  428. if (get_err(s->asrc)) {
  429. ppl_logevent("Pageant's response was truncated");
  430. goto parsed_agent_query;
  431. }
  432. }
  433. /*
  434. * Copy the list of public-key blobs out of the Pageant
  435. * response.
  436. */
  437. BinarySource_REWIND_TO(s->asrc, origpos);
  438. s->agent_keys_len = nkeys;
  439. s->agent_keys = snewn(s->agent_keys_len, agent_key);
  440. for (size_t i = 0; i < nkeys; i++) {
  441. memset(&s->agent_keys[i].key, 0,
  442. sizeof(s->agent_keys[i].key));
  443. const char *blobstart = get_ptr(s->asrc);
  444. get_rsa_ssh1_pub(s->asrc, &s->agent_keys[i].key,
  445. RSA_SSH1_EXPONENT_FIRST);
  446. const char *blobend = get_ptr(s->asrc);
  447. s->agent_keys[i].comment = strbuf_dup(get_string(s->asrc));
  448. s->agent_keys[i].blob = make_ptrlen(
  449. blobstart, blobend - blobstart);
  450. }
  451. ppl_logevent("Pageant has %"SIZEu" SSH-1 keys", nkeys);
  452. if (s->publickey_blob) {
  453. /*
  454. * If we've been given a specific public key blob,
  455. * filter the list of keys to try from the agent
  456. * down to only that one, or none if it's not
  457. * there.
  458. */
  459. ptrlen our_blob = ptrlen_from_strbuf(s->publickey_blob);
  460. size_t i;
  461. for (i = 0; i < nkeys; i++) {
  462. if (ptrlen_eq_ptrlen(our_blob, s->agent_keys[i].blob))
  463. break;
  464. }
  465. if (i < nkeys) {
  466. ppl_logevent("Pageant key #%"SIZEu" matches "
  467. "configured key file", i);
  468. s->agent_key_index = i;
  469. s->agent_key_limit = i+1;
  470. } else {
  471. ppl_logevent("Configured key file not in Pageant");
  472. s->agent_key_index = 0;
  473. s->agent_key_limit = 0;
  474. }
  475. } else {
  476. /*
  477. * Otherwise, try them all.
  478. */
  479. s->agent_key_index = 0;
  480. s->agent_key_limit = nkeys;
  481. }
  482. } else {
  483. ppl_logevent("Failed to get reply from Pageant");
  484. }
  485. parsed_agent_query:;
  486. for (; s->agent_key_index < s->agent_key_limit;
  487. s->agent_key_index++) {
  488. ppl_logevent("Trying Pageant key #%"SIZEu, s->agent_key_index);
  489. pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_AUTH_RSA);
  490. put_mp_ssh1(pkt,
  491. s->agent_keys[s->agent_key_index].key.modulus);
  492. pq_push(s->ppl.out_pq, pkt);
  493. crMaybeWaitUntilV((pktin = ssh1_login_pop(s))
  494. != NULL);
  495. if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
  496. ppl_logevent("Key refused");
  497. continue;
  498. }
  499. ppl_logevent("Received RSA challenge");
  500. {
  501. mp_int *challenge = get_mp_ssh1(pktin);
  502. if (get_err(pktin)) {
  503. mp_free(challenge);
  504. ssh_proto_error(s->ppl.ssh, "Server's RSA challenge "
  505. "was badly formatted");
  506. return;
  507. }
  508. strbuf *agentreq = strbuf_new_for_agent_query();
  509. put_byte(agentreq, SSH1_AGENTC_RSA_CHALLENGE);
  510. rsa_ssh1_public_blob(
  511. BinarySink_UPCAST(agentreq),
  512. &s->agent_keys[s->agent_key_index].key,
  513. RSA_SSH1_EXPONENT_FIRST);
  514. put_mp_ssh1(agentreq, challenge);
  515. mp_free(challenge);
  516. put_data(agentreq, s->session_id, 16);
  517. put_uint32(agentreq, 1); /* response format */
  518. ssh1_login_agent_query(s, agentreq);
  519. strbuf_free(agentreq);
  520. crMaybeWaitUntilV(!s->auth_agent_query);
  521. }
  522. {
  523. const unsigned char *ret = s->agent_response.ptr;
  524. if (ret) {
  525. if (s->agent_response.len >= 5+16 &&
  526. ret[4] == SSH1_AGENT_RSA_RESPONSE) {
  527. ppl_logevent("Sending Pageant's response");
  528. pkt = ssh_bpp_new_pktout(
  529. s->ppl.bpp, SSH1_CMSG_AUTH_RSA_RESPONSE);
  530. put_data(pkt, ret + 5, 16);
  531. pq_push(s->ppl.out_pq, pkt);
  532. s->is_trivial_auth = false;
  533. crMaybeWaitUntilV(
  534. (pktin = ssh1_login_pop(s))
  535. != NULL);
  536. if (pktin->type == SSH1_SMSG_SUCCESS) {
  537. ppl_logevent("Pageant's response "
  538. "accepted");
  539. if (seat_verbose(s->ppl.seat)) {
  540. ptrlen comment = ptrlen_from_strbuf(
  541. s->agent_keys[s->agent_key_index].
  542. comment);
  543. ppl_printf("Authenticated using RSA "
  544. "key \"%.*s\" from "
  545. "agent\r\n",
  546. PTRLEN_PRINTF(comment));
  547. }
  548. s->authed = true;
  549. } else
  550. ppl_logevent("Pageant's response not "
  551. "accepted");
  552. } else {
  553. ppl_logevent("Pageant failed to answer "
  554. "challenge");
  555. sfree((char *)ret);
  556. }
  557. } else {
  558. ppl_logevent("No reply received from Pageant");
  559. }
  560. }
  561. if (s->authed)
  562. break;
  563. }
  564. if (s->authed)
  565. break;
  566. }
  567. if (s->publickey_blob && s->privatekey_available &&
  568. !s->tried_publickey) {
  569. /*
  570. * Try public key authentication with the specified
  571. * key file.
  572. */
  573. bool got_passphrase; /* need not be kept over crReturn */
  574. if (seat_verbose(s->ppl.seat))
  575. ppl_printf("Trying public key authentication.\r\n");
  576. ppl_logevent("Trying public key \"%s\"",
  577. filename_to_str(s->keyfile));
  578. s->tried_publickey = true;
  579. got_passphrase = false;
  580. while (!got_passphrase) {
  581. /*
  582. * Get a passphrase, if necessary.
  583. */
  584. int retd;
  585. char *passphrase = NULL; /* only written after crReturn */
  586. const char *error;
  587. if (!s->privatekey_encrypted) {
  588. if (seat_verbose(s->ppl.seat))
  589. ppl_printf("No passphrase required.\r\n");
  590. passphrase = NULL;
  591. } else {
  592. s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
  593. s->cur_prompt->to_server = false;
  594. s->cur_prompt->from_server = false;
  595. s->cur_prompt->name = dupstr("SSH key passphrase");
  596. add_prompt(s->cur_prompt,
  597. dupprintf("Passphrase for key \"%s\": ",
  598. s->publickey_comment), false);
  599. s->spr = seat_get_userpass_input(
  600. ppl_get_iseat(&s->ppl), s->cur_prompt);
  601. while (s->spr.kind == SPRK_INCOMPLETE) {
  602. crReturnV;
  603. s->spr = seat_get_userpass_input(
  604. ppl_get_iseat(&s->ppl), s->cur_prompt);
  605. }
  606. if (spr_is_abort(s->spr)) {
  607. /* Failed to get a passphrase. Terminate. */
  608. ssh_spr_close(s->ppl.ssh, s->spr, "passphrase prompt");
  609. return;
  610. }
  611. passphrase = prompt_get_result(s->cur_prompt->prompts[0]);
  612. free_prompts(s->cur_prompt);
  613. s->cur_prompt = NULL;
  614. }
  615. /*
  616. * Try decrypting key with passphrase.
  617. */
  618. retd = rsa1_load_f(s->keyfile, &s->key, passphrase, &error);
  619. if (passphrase) {
  620. smemclr(passphrase, strlen(passphrase));
  621. sfree(passphrase);
  622. }
  623. if (retd == 1) {
  624. /* Correct passphrase. */
  625. got_passphrase = true;
  626. } else if (retd == 0) {
  627. ppl_printf("Couldn't load private key from %s (%s).\r\n",
  628. filename_to_str(s->keyfile), error);
  629. got_passphrase = false;
  630. break; /* go and try something else */
  631. } else if (retd == -1) {
  632. ppl_printf("Wrong passphrase.\r\n");
  633. got_passphrase = false;
  634. /* and try again */
  635. } else {
  636. unreachable("unexpected return from rsa1_load_f()");
  637. }
  638. }
  639. if (got_passphrase) {
  640. /*
  641. * Send a public key attempt.
  642. */
  643. pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_AUTH_RSA);
  644. put_mp_ssh1(pkt, s->key.modulus);
  645. pq_push(s->ppl.out_pq, pkt);
  646. crMaybeWaitUntilV((pktin = ssh1_login_pop(s))
  647. != NULL);
  648. if (pktin->type == SSH1_SMSG_FAILURE) {
  649. ppl_printf("Server refused our public key.\r\n");
  650. continue; /* go and try something else */
  651. }
  652. if (pktin->type != SSH1_SMSG_AUTH_RSA_CHALLENGE) {
  653. ssh_proto_error(s->ppl.ssh, "Received unexpected packet"
  654. " in response to offer of public key, "
  655. "type %d (%s)", pktin->type,
  656. ssh1_pkt_type(pktin->type));
  657. return;
  658. }
  659. {
  660. int i;
  661. unsigned char buffer[32];
  662. mp_int *challenge, *response;
  663. challenge = get_mp_ssh1(pktin);
  664. if (get_err(pktin)) {
  665. mp_free(challenge);
  666. ssh_proto_error(s->ppl.ssh, "Server's RSA challenge "
  667. "was badly formatted");
  668. return;
  669. }
  670. response = rsa_ssh1_decrypt(challenge, &s->key);
  671. freersapriv(&s->key); /* burn the evidence */
  672. for (i = 0; i < 32; i++) {
  673. buffer[i] = mp_get_byte(response, 31 - i);
  674. }
  675. {
  676. ssh_hash *h = ssh_hash_new(&ssh_md5);
  677. put_data(h, buffer, 32);
  678. put_data(h, s->session_id, 16);
  679. ssh_hash_final(h, buffer);
  680. }
  681. pkt = ssh_bpp_new_pktout(
  682. s->ppl.bpp, SSH1_CMSG_AUTH_RSA_RESPONSE);
  683. put_data(pkt, buffer, 16);
  684. pq_push(s->ppl.out_pq, pkt);
  685. s->is_trivial_auth = false;
  686. mp_free(challenge);
  687. mp_free(response);
  688. }
  689. crMaybeWaitUntilV((pktin = ssh1_login_pop(s))
  690. != NULL);
  691. if (pktin->type == SSH1_SMSG_FAILURE) {
  692. if (seat_verbose(s->ppl.seat))
  693. ppl_printf("Failed to authenticate with"
  694. " our public key.\r\n");
  695. continue; /* go and try something else */
  696. } else if (pktin->type != SSH1_SMSG_SUCCESS) {
  697. ssh_proto_error(s->ppl.ssh, "Received unexpected packet"
  698. " in response to RSA authentication, "
  699. "type %d (%s)", pktin->type,
  700. ssh1_pkt_type(pktin->type));
  701. return;
  702. }
  703. break; /* we're through! */
  704. }
  705. }
  706. /*
  707. * Otherwise, try various forms of password-like authentication.
  708. */
  709. s->cur_prompt = ssh_ppl_new_prompts(&s->ppl);
  710. if (conf_get_bool(s->conf, CONF_try_tis_auth) &&
  711. (s->supported_auths_mask & (1 << SSH1_AUTH_TIS)) &&
  712. !s->tis_auth_refused) {
  713. ssh1_login_setup_tis_scc(s);
  714. s->pwpkt_type = SSH1_CMSG_AUTH_TIS_RESPONSE;
  715. ppl_logevent("Requested TIS authentication");
  716. pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_AUTH_TIS);
  717. pq_push(s->ppl.out_pq, pkt);
  718. crMaybeWaitUntilV((pktin = ssh1_login_pop(s)) != NULL);
  719. if (pktin->type == SSH1_SMSG_FAILURE) {
  720. ppl_logevent("TIS authentication declined");
  721. if (seat_interactive(s->ppl.seat))
  722. ppl_printf("TIS authentication refused.\r\n");
  723. s->tis_auth_refused = true;
  724. continue;
  725. } else if (pktin->type == SSH1_SMSG_AUTH_TIS_CHALLENGE) {
  726. ptrlen challenge = get_string(pktin);
  727. if (get_err(pktin)) {
  728. ssh_proto_error(s->ppl.ssh, "TIS challenge packet was "
  729. "badly formed");
  730. return;
  731. }
  732. ppl_logevent("Received TIS challenge");
  733. s->cur_prompt->to_server = true;
  734. s->cur_prompt->from_server = true;
  735. s->cur_prompt->name = dupstr("SSH TIS authentication");
  736. strbuf *sb = strbuf_new();
  737. put_datapl(sb, PTRLEN_LITERAL("\
  738. -- TIS authentication challenge from server: ---------------------------------\
  739. \r\n"));
  740. if (s->tis_scc) {
  741. stripctrl_retarget(s->tis_scc, BinarySink_UPCAST(sb));
  742. put_datapl(s->tis_scc, challenge);
  743. stripctrl_retarget(s->tis_scc, NULL);
  744. } else {
  745. put_datapl(sb, challenge);
  746. }
  747. if (!ptrlen_endswith(challenge, PTRLEN_LITERAL("\n"), NULL))
  748. put_datapl(sb, PTRLEN_LITERAL("\r\n"));
  749. put_datapl(sb, PTRLEN_LITERAL("\
  750. -- End of TIS authentication challenge from server: --------------------------\
  751. \r\n"));
  752. s->cur_prompt->instruction = strbuf_to_str(sb);
  753. s->cur_prompt->instr_reqd = true;
  754. add_prompt(s->cur_prompt, dupstr(
  755. "TIS authentication response: "), false);
  756. } else {
  757. ssh_proto_error(s->ppl.ssh, "Received unexpected packet"
  758. " in response to TIS authentication, "
  759. "type %d (%s)", pktin->type,
  760. ssh1_pkt_type(pktin->type));
  761. return;
  762. }
  763. } else if (conf_get_bool(s->conf, CONF_try_tis_auth) &&
  764. (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
  765. !s->ccard_auth_refused) {
  766. ssh1_login_setup_tis_scc(s);
  767. s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
  768. ppl_logevent("Requested CryptoCard authentication");
  769. pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_AUTH_CCARD);
  770. pq_push(s->ppl.out_pq, pkt);
  771. crMaybeWaitUntilV((pktin = ssh1_login_pop(s)) != NULL);
  772. if (pktin->type == SSH1_SMSG_FAILURE) {
  773. ppl_logevent("CryptoCard authentication declined");
  774. ppl_printf("CryptoCard authentication refused.\r\n");
  775. s->ccard_auth_refused = true;
  776. continue;
  777. } else if (pktin->type == SSH1_SMSG_AUTH_CCARD_CHALLENGE) {
  778. ptrlen challenge = get_string(pktin);
  779. if (get_err(pktin)) {
  780. ssh_proto_error(s->ppl.ssh, "CryptoCard challenge packet "
  781. "was badly formed");
  782. return;
  783. }
  784. ppl_logevent("Received CryptoCard challenge");
  785. s->cur_prompt->to_server = true;
  786. s->cur_prompt->from_server = true;
  787. s->cur_prompt->name = dupstr("SSH CryptoCard authentication");
  788. strbuf *sb = strbuf_new();
  789. put_datapl(sb, PTRLEN_LITERAL("\
  790. -- CryptoCard authentication challenge from server: --------------------------\
  791. \r\n"));
  792. if (s->tis_scc) {
  793. stripctrl_retarget(s->tis_scc, BinarySink_UPCAST(sb));
  794. put_datapl(s->tis_scc, challenge);
  795. stripctrl_retarget(s->tis_scc, NULL);
  796. } else {
  797. put_datapl(sb, challenge);
  798. }
  799. if (!ptrlen_endswith(challenge, PTRLEN_LITERAL("\n"), NULL))
  800. put_datapl(sb, PTRLEN_LITERAL("\r\n"));
  801. put_datapl(sb, PTRLEN_LITERAL("\
  802. -- End of CryptoCard authentication challenge from server: -------------------\
  803. \r\n"));
  804. s->cur_prompt->instruction = strbuf_to_str(sb);
  805. s->cur_prompt->instr_reqd = true;
  806. add_prompt(s->cur_prompt, dupstr(
  807. "CryptoCard authentication response: "), false);
  808. } else {
  809. ssh_proto_error(s->ppl.ssh, "Received unexpected packet"
  810. " in response to TIS authentication, "
  811. "type %d (%s)", pktin->type,
  812. ssh1_pkt_type(pktin->type));
  813. return;
  814. }
  815. }
  816. if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
  817. if ((s->supported_auths_mask & (1 << SSH1_AUTH_PASSWORD)) == 0) {
  818. ssh_sw_abort(s->ppl.ssh, "No supported authentication methods "
  819. "available");
  820. return;
  821. }
  822. s->cur_prompt->to_server = true;
  823. s->cur_prompt->from_server = false;
  824. s->cur_prompt->name = dupstr("SSH password");
  825. add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ",
  826. s->username, s->savedhost),
  827. false);
  828. }
  829. /*
  830. * Show password prompt, having first obtained it via a TIS
  831. * or CryptoCard exchange if we're doing TIS or CryptoCard
  832. * authentication.
  833. */
  834. s->spr = seat_get_userpass_input(
  835. ppl_get_iseat(&s->ppl), s->cur_prompt);
  836. while (s->spr.kind == SPRK_INCOMPLETE) {
  837. crReturnV;
  838. s->spr = seat_get_userpass_input(
  839. ppl_get_iseat(&s->ppl), s->cur_prompt);
  840. }
  841. if (spr_is_abort(s->spr)) {
  842. /*
  843. * Failed to get a password (for example
  844. * because one was supplied on the command line
  845. * which has already failed to work). Terminate.
  846. */
  847. ssh_spr_close(s->ppl.ssh, s->spr, "password prompt");
  848. return;
  849. }
  850. if (s->pwpkt_type == SSH1_CMSG_AUTH_PASSWORD) {
  851. /*
  852. * Defence against traffic analysis: we send a
  853. * whole bunch of packets containing strings of
  854. * different lengths. One of these strings is the
  855. * password, in a SSH1_CMSG_AUTH_PASSWORD packet.
  856. * The others are all random data in
  857. * SSH1_MSG_IGNORE packets. This way a passive
  858. * listener can't tell which is the password, and
  859. * hence can't deduce the password length.
  860. *
  861. * Anybody with a password length greater than 16
  862. * bytes is going to have enough entropy in their
  863. * password that a listener won't find it _that_
  864. * much help to know how long it is. So what we'll
  865. * do is:
  866. *
  867. * - if password length < 16, we send 15 packets
  868. * containing string lengths 1 through 15
  869. *
  870. * - otherwise, we let N be the nearest multiple
  871. * of 8 below the password length, and send 8
  872. * packets containing string lengths N through
  873. * N+7. This won't obscure the order of
  874. * magnitude of the password length, but it will
  875. * introduce a bit of extra uncertainty.
  876. *
  877. * A few servers can't deal with SSH1_MSG_IGNORE, at
  878. * least in this context. For these servers, we need
  879. * an alternative defence. We make use of the fact
  880. * that the password is interpreted as a C string:
  881. * so we can append a NUL, then some random data.
  882. *
  883. * A few servers can deal with neither SSH1_MSG_IGNORE
  884. * here _nor_ a padded password string.
  885. * For these servers we are left with no defences
  886. * against password length sniffing.
  887. */
  888. if (!(s->ppl.remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE) &&
  889. !(s->ppl.remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
  890. /*
  891. * The server can deal with SSH1_MSG_IGNORE, so
  892. * we can use the primary defence.
  893. */
  894. int bottom, top, pwlen, i;
  895. const char *pw = prompt_get_result_ref(
  896. s->cur_prompt->prompts[0]);
  897. pwlen = strlen(pw);
  898. if (pwlen < 16) {
  899. bottom = 0; /* zero length passwords are OK! :-) */
  900. top = 15;
  901. } else {
  902. bottom = pwlen & ~7;
  903. top = bottom + 7;
  904. }
  905. assert(pwlen >= bottom && pwlen <= top);
  906. for (i = bottom; i <= top; i++) {
  907. if (i == pwlen) {
  908. pkt = ssh_bpp_new_pktout(s->ppl.bpp, s->pwpkt_type);
  909. put_stringz(pkt, pw);
  910. pq_push(s->ppl.out_pq, pkt);
  911. } else {
  912. strbuf *random_data = strbuf_new_nm();
  913. random_read(strbuf_append(random_data, i), i);
  914. pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_MSG_IGNORE);
  915. put_stringsb(pkt, random_data);
  916. pq_push(s->ppl.out_pq, pkt);
  917. }
  918. }
  919. ppl_logevent("Sending password with camouflage packets");
  920. }
  921. else if (!(s->ppl.remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
  922. /*
  923. * The server can't deal with SSH1_MSG_IGNORE
  924. * but can deal with padded passwords, so we
  925. * can use the secondary defence.
  926. */
  927. strbuf *padded_pw = strbuf_new_nm();
  928. ppl_logevent("Sending length-padded password");
  929. pkt = ssh_bpp_new_pktout(s->ppl.bpp, s->pwpkt_type);
  930. put_asciz(padded_pw, prompt_get_result_ref(
  931. s->cur_prompt->prompts[0]));
  932. size_t pad = 63 & -padded_pw->len;
  933. random_read(strbuf_append(padded_pw, pad), pad);
  934. put_stringsb(pkt, padded_pw);
  935. pq_push(s->ppl.out_pq, pkt);
  936. } else {
  937. /*
  938. * The server is believed unable to cope with
  939. * any of our password camouflage methods.
  940. */
  941. ppl_logevent("Sending unpadded password");
  942. pkt = ssh_bpp_new_pktout(s->ppl.bpp, s->pwpkt_type);
  943. put_stringz(pkt, prompt_get_result_ref(
  944. s->cur_prompt->prompts[0]));
  945. pq_push(s->ppl.out_pq, pkt);
  946. }
  947. } else {
  948. pkt = ssh_bpp_new_pktout(s->ppl.bpp, s->pwpkt_type);
  949. put_stringz(pkt, prompt_get_result_ref(s->cur_prompt->prompts[0]));
  950. pq_push(s->ppl.out_pq, pkt);
  951. }
  952. s->is_trivial_auth = false;
  953. ppl_logevent("Sent password");
  954. free_prompts(s->cur_prompt);
  955. s->cur_prompt = NULL;
  956. crMaybeWaitUntilV((pktin = ssh1_login_pop(s)) != NULL);
  957. if (pktin->type == SSH1_SMSG_FAILURE) {
  958. if (seat_verbose(s->ppl.seat))
  959. ppl_printf("Access denied\r\n");
  960. ppl_logevent("Authentication refused");
  961. } else if (pktin->type != SSH1_SMSG_SUCCESS) {
  962. ssh_proto_error(s->ppl.ssh, "Received unexpected packet"
  963. " in response to password authentication, type %d "
  964. "(%s)", pktin->type, ssh1_pkt_type(pktin->type));
  965. return;
  966. }
  967. }
  968. if (conf_get_bool(s->conf, CONF_ssh_no_trivial_userauth) &&
  969. s->is_trivial_auth) {
  970. ssh_proto_error(s->ppl.ssh, "Authentication was trivial! "
  971. "Abandoning session as specified in configuration.");
  972. return;
  973. }
  974. ppl_logevent("Authentication successful");
  975. if (conf_get_bool(s->conf, CONF_compression)) {
  976. ppl_logevent("Requesting compression");
  977. pkt = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_CMSG_REQUEST_COMPRESSION);
  978. put_uint32(pkt, 6); /* gzip compression level */
  979. pq_push(s->ppl.out_pq, pkt);
  980. crMaybeWaitUntilV((pktin = ssh1_login_pop(s)) != NULL);
  981. if (pktin->type == SSH1_SMSG_SUCCESS) {
  982. /*
  983. * We don't have to actually do anything here: the SSH-1
  984. * BPP will take care of automatically starting the
  985. * compression, by recognising our outgoing request packet
  986. * and the success response. (Horrible, but it's the
  987. * easiest way to avoid race conditions if other packets
  988. * cross in transit.)
  989. */
  990. } else if (pktin->type == SSH1_SMSG_FAILURE) {
  991. ppl_logevent("Server refused to enable compression");
  992. ppl_printf("Server refused to compress\r\n");
  993. } else {
  994. ssh_proto_error(s->ppl.ssh, "Received unexpected packet"
  995. " in response to compression request, type %d "
  996. "(%s)", pktin->type, ssh1_pkt_type(pktin->type));
  997. return;
  998. }
  999. }
  1000. ssh1_connection_set_protoflags(
  1001. s->successor_layer, s->local_protoflags, s->remote_protoflags);
  1002. {
  1003. PacketProtocolLayer *successor = s->successor_layer;
  1004. s->successor_layer = NULL; /* avoid freeing it ourself */
  1005. ssh_ppl_replace(&s->ppl, successor);
  1006. return; /* we've just freed s, so avoid even touching s->crState */
  1007. }
  1008. crFinishV;
  1009. }
  1010. static void ssh1_login_setup_tis_scc(struct ssh1_login_state *s)
  1011. {
  1012. if (s->tis_scc_initialised)
  1013. return;
  1014. s->tis_scc = seat_stripctrl_new(s->ppl.seat, NULL, SIC_KI_PROMPTS);
  1015. if (s->tis_scc)
  1016. stripctrl_enable_line_limiting(s->tis_scc);
  1017. s->tis_scc_initialised = true;
  1018. }
  1019. static void ssh1_login_dialog_callback(void *loginv, SeatPromptResult spr)
  1020. {
  1021. struct ssh1_login_state *s = (struct ssh1_login_state *)loginv;
  1022. s->spr = spr;
  1023. ssh_ppl_process_queue(&s->ppl);
  1024. }
  1025. static void ssh1_login_agent_query(struct ssh1_login_state *s, strbuf *req)
  1026. {
  1027. void *response;
  1028. int response_len;
  1029. sfree(s->agent_response_to_free);
  1030. s->agent_response_to_free = NULL;
  1031. s->auth_agent_query = agent_query(req, &response, &response_len,
  1032. ssh1_login_agent_callback, s);
  1033. if (!s->auth_agent_query)
  1034. ssh1_login_agent_callback(s, response, response_len);
  1035. }
  1036. static void ssh1_login_agent_callback(void *loginv, void *reply, int replylen)
  1037. {
  1038. struct ssh1_login_state *s = (struct ssh1_login_state *)loginv;
  1039. s->auth_agent_query = NULL;
  1040. s->agent_response_to_free = reply;
  1041. s->agent_response = make_ptrlen(reply, replylen);
  1042. queue_idempotent_callback(&s->ppl.ic_process_queue);
  1043. }
  1044. static void ssh1_login_special_cmd(PacketProtocolLayer *ppl,
  1045. SessionSpecialCode code, int arg)
  1046. {
  1047. struct ssh1_login_state *s =
  1048. container_of(ppl, struct ssh1_login_state, ppl);
  1049. PktOut *pktout;
  1050. if (code == SS_PING || code == SS_NOP) {
  1051. if (!(s->ppl.remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE)) {
  1052. pktout = ssh_bpp_new_pktout(s->ppl.bpp, SSH1_MSG_IGNORE);
  1053. put_stringz(pktout, "");
  1054. pq_push(s->ppl.out_pq, pktout);
  1055. }
  1056. }
  1057. }
  1058. static void ssh1_login_reconfigure(PacketProtocolLayer *ppl, Conf *conf)
  1059. {
  1060. struct ssh1_login_state *s =
  1061. container_of(ppl, struct ssh1_login_state, ppl);
  1062. ssh_ppl_reconfigure(s->successor_layer, conf);
  1063. }