1/*
2 * packet.c - packet building functions
3 *
4 * This file is part of the SSH Library
5 *
6 * Copyright (c) 2003-2013 by Aris Adamantiadis
7 *
8 * The SSH Library is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published by
10 * the Free Software Foundation; either version 2.1 of the License, or (at your
11 * option) any later version.
12 *
13 * The SSH Library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
15 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
16 * License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with the SSH Library; see the file COPYING. If not, write to
20 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
21 * MA 02111-1307, USA.
22 */
23
24#include "config.h"
25
26#include <stdlib.h>
27#include <stdio.h>
28#include <string.h>
29#include <errno.h>
30
31#ifndef _WIN32
32#include <netinet/in.h>
33#include <arpa/inet.h>
34#endif
35
36#include "libssh/priv.h"
37#include "libssh/ssh2.h"
38#include "libssh/crypto.h"
39#include "libssh/buffer.h"
40#include "libssh/packet.h"
41#include "libssh/socket.h"
42#include "libssh/channels.h"
43#include "libssh/misc.h"
44#include "libssh/session.h"
45#include "libssh/messages.h"
46#include "libssh/pcap.h"
47#include "libssh/kex.h"
48#include "libssh/auth.h"
49#include "libssh/gssapi.h"
50
51static ssh_packet_callback default_packet_handlers[]= {
52 ssh_packet_disconnect_callback, // SSH2_MSG_DISCONNECT 1
53 ssh_packet_ignore_callback, // SSH2_MSG_IGNORE 2
54 ssh_packet_unimplemented, // SSH2_MSG_UNIMPLEMENTED 3
55 ssh_packet_ignore_callback, // SSH2_MSG_DEBUG 4
56#if WITH_SERVER
57 ssh_packet_service_request, // SSH2_MSG_SERVICE_REQUEST 5
58#else
59 NULL,
60#endif
61 ssh_packet_service_accept, // SSH2_MSG_SERVICE_ACCEPT 6
62 NULL, NULL, NULL, NULL, NULL, NULL, NULL,
63 NULL, NULL, NULL, NULL, NULL, NULL, // 7-19
64 ssh_packet_kexinit, // SSH2_MSG_KEXINIT 20
65 ssh_packet_newkeys, // SSH2_MSG_NEWKEYS 21
66 NULL, NULL, NULL, NULL, NULL, NULL, NULL,
67 NULL, // 22-29
68#if WITH_SERVER
69 ssh_packet_kexdh_init, // SSH2_MSG_KEXDH_INIT 30
70 // SSH2_MSG_KEX_DH_GEX_REQUEST_OLD 30
71#else
72 NULL,
73#endif
74 ssh_packet_dh_reply, // SSH2_MSG_KEXDH_REPLY 31
75 // SSH2_MSG_KEX_DH_GEX_GROUP 31
76 NULL, // SSH2_MSG_KEX_DH_GEX_INIT 32
77 NULL, // SSH2_MSG_KEX_DH_GEX_REPLY 33
78 NULL, // SSH2_MSG_KEX_DH_GEX_REQUEST 34
79 NULL, NULL, NULL, NULL, NULL, NULL, NULL,
80 NULL, NULL, NULL, NULL, NULL, NULL, NULL,
81 NULL, // 35-49
82#if WITH_SERVER
83 ssh_packet_userauth_request, // SSH2_MSG_USERAUTH_REQUEST 50
84#else
85 NULL,
86#endif
87 ssh_packet_userauth_failure, // SSH2_MSG_USERAUTH_FAILURE 51
88 ssh_packet_userauth_success, // SSH2_MSG_USERAUTH_SUCCESS 52
89 ssh_packet_userauth_banner, // SSH2_MSG_USERAUTH_BANNER 53
90 NULL,NULL,NULL,NULL,NULL,NULL, // 54-59
91 ssh_packet_userauth_pk_ok, // SSH2_MSG_USERAUTH_PK_OK 60
92 // SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ 60
93 // SSH2_MSG_USERAUTH_INFO_REQUEST 60
94 // SSH2_MSG_USERAUTH_GSSAPI_RESPONSE 60
95 ssh_packet_userauth_info_response, // SSH2_MSG_USERAUTH_INFO_RESPONSE 61
96 // SSH2_MSG_USERAUTH_GSSAPI_TOKEN 61
97 NULL, // 62
98 NULL, // SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63
99 NULL, // SSH2_MSG_USERAUTH_GSSAPI_ERROR 64
100 NULL, // SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65
101#if defined(WITH_GSSAPI) && defined(WITH_SERVER)
102 ssh_packet_userauth_gssapi_mic, // SSH2_MSG_USERAUTH_GSSAPI_MIC 66
103#else /* WITH_GSSAPI && WITH_SERVER */
104 NULL,
105#endif /* WITH_GSSAPI && WITH_SERVER */
106 NULL, NULL,
107 NULL, NULL, NULL, NULL, NULL, NULL, NULL,
108 NULL, NULL, NULL, NULL, // 67-79
109#ifdef WITH_SERVER
110 ssh_packet_global_request, // SSH2_MSG_GLOBAL_REQUEST 80
111#else /* WITH_SERVER */
112 NULL,
113#endif /* WITH_SERVER */
114 ssh_request_success, // SSH2_MSG_REQUEST_SUCCESS 81
115 ssh_request_denied, // SSH2_MSG_REQUEST_FAILURE 82
116 NULL, NULL, NULL, NULL, NULL, NULL, NULL,// 83-89
117 ssh_packet_channel_open, // SSH2_MSG_CHANNEL_OPEN 90
118 ssh_packet_channel_open_conf, // SSH2_MSG_CHANNEL_OPEN_CONFIRMATION 91
119 ssh_packet_channel_open_fail, // SSH2_MSG_CHANNEL_OPEN_FAILURE 92
120 channel_rcv_change_window, // SSH2_MSG_CHANNEL_WINDOW_ADJUST 93
121 channel_rcv_data, // SSH2_MSG_CHANNEL_DATA 94
122 channel_rcv_data, // SSH2_MSG_CHANNEL_EXTENDED_DATA 95
123 channel_rcv_eof, // SSH2_MSG_CHANNEL_EOF 96
124 channel_rcv_close, // SSH2_MSG_CHANNEL_CLOSE 97
125 channel_rcv_request, // SSH2_MSG_CHANNEL_REQUEST 98
126 ssh_packet_channel_success, // SSH2_MSG_CHANNEL_SUCCESS 99
127 ssh_packet_channel_failure, // SSH2_MSG_CHANNEL_FAILURE 100
128};
129
130/** @internal
131 * @brief check if the received packet is allowed for the current session state
132 * @param session current ssh_session
133 * @returns SSH_PACKET_ALLOWED if the packet is allowed; SSH_PACKET_DENIED
134 * if the packet arrived in wrong state; SSH_PACKET_UNKNOWN if the packet type
135 * is unknown
136 */
137static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session session)
138{
139 enum ssh_packet_filter_result_e rc;
140
141#ifdef DEBUG_PACKET
142 SSH_LOG(SSH_LOG_PACKET, "Filtering packet type %d",
143 session->in_packet.type);
144#endif
145
146 switch(session->in_packet.type) {
147 case SSH2_MSG_DISCONNECT: // 1
148 /*
149 * States required:
150 * - None
151 *
152 * Transitions:
153 * - session->socket->state = SSH_SOCKET_CLOSED
154 * - session->session_state = SSH_SESSION_STATE_ERROR
155 * */
156
157 /* Always allowed */
158 rc = SSH_PACKET_ALLOWED;
159 break;
160 case SSH2_MSG_IGNORE: // 2
161 /*
162 * States required:
163 * - None
164 *
165 * Transitions:
166 * - None
167 * */
168
169 /* Always allowed */
170 rc = SSH_PACKET_ALLOWED;
171 break;
172 case SSH2_MSG_UNIMPLEMENTED: // 3
173 /*
174 * States required:
175 * - None
176 *
177 * Transitions:
178 * - None
179 * */
180
181 /* Always allowed */
182 rc = SSH_PACKET_ALLOWED;
183 break;
184 case SSH2_MSG_DEBUG: // 4
185 /*
186 * States required:
187 * - None
188 *
189 * Transitions:
190 * - None
191 * */
192
193 /* Always allowed */
194 rc = SSH_PACKET_ALLOWED;
195 break;
196 case SSH2_MSG_SERVICE_REQUEST: // 5
197 /* Server only */
198
199 /*
200 * States required:
201 * - session->session_state == SSH_SESSION_STATE_AUTHENTICATING
202 * or session->session_state == SSH_SESSION_STATE_AUTHENTICATED
203 * - session->dh_handshake_state == DH_STATE_FINISHED
204 *
205 * Transitions:
206 * - None
207 * */
208
209 /* If this is a client, reject the message */
210 if (session->client) {
211 rc = SSH_PACKET_DENIED;
212 break;
213 }
214
215 if ((session->session_state != SSH_SESSION_STATE_AUTHENTICATING) &&
216 (session->session_state != SSH_SESSION_STATE_AUTHENTICATED))
217 {
218 rc = SSH_PACKET_DENIED;
219 break;
220 }
221
222 if (session->dh_handshake_state != DH_STATE_FINISHED) {
223 rc = SSH_PACKET_DENIED;
224 break;
225 }
226
227 rc = SSH_PACKET_ALLOWED;
228 break;
229 case SSH2_MSG_SERVICE_ACCEPT: // 6
230 /*
231 * States required:
232 * - session->session_state == SSH_SESSION_STATE_AUTHENTICATING
233 * or session->session_state == SSH_SESSION_STATE_AUTHENTICATED
234 * - session->dh_handshake_state == DH_STATE_FINISHED
235 * - session->auth_service_state == SSH_AUTH_SERVICE_SENT
236 *
237 * Transitions:
238 * - auth_service_state = SSH_AUTH_SERVICE_ACCEPTED
239 * */
240
241 if ((session->session_state != SSH_SESSION_STATE_AUTHENTICATING) &&
242 (session->session_state != SSH_SESSION_STATE_AUTHENTICATED))
243 {
244 rc = SSH_PACKET_DENIED;
245 break;
246 }
247
248 if (session->dh_handshake_state != DH_STATE_FINISHED) {
249 rc = SSH_PACKET_DENIED;
250 break;
251 }
252
253 /* TODO check if only auth service can be requested */
254 if (session->auth_service_state != SSH_AUTH_SERVICE_SENT) {
255 rc = SSH_PACKET_DENIED;
256 break;
257 }
258
259 rc = SSH_PACKET_ALLOWED;
260 break;
261 case SSH2_MSG_KEXINIT: // 20
262 /*
263 * States required:
264 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
265 * or session_state == SSH_SESSION_STATE_INITIAL_KEX
266 * - dh_handshake_state == DH_STATE_INIT
267 * or dh_handshake_state == DH_STATE_FINISHED (re-exchange)
268 *
269 * Transitions:
270 * - session->dh_handshake_state = DH_STATE_INIT
271 * - session->session_state = SSH_SESSION_STATE_KEXINIT_RECEIVED
272 *
273 * On server:
274 * - session->session_state = SSH_SESSION_STATE_DH
275 * */
276
277 if ((session->session_state != SSH_SESSION_STATE_AUTHENTICATED) &&
278 (session->session_state != SSH_SESSION_STATE_INITIAL_KEX))
279 {
280 rc = SSH_PACKET_DENIED;
281 break;
282 }
283
284 if ((session->dh_handshake_state != DH_STATE_INIT) &&
285 (session->dh_handshake_state != DH_STATE_FINISHED))
286 {
287 rc = SSH_PACKET_DENIED;
288 }
289
290 rc = SSH_PACKET_ALLOWED;
291 break;
292 case SSH2_MSG_NEWKEYS: // 21
293 /*
294 * States required:
295 * - session_state == SSH_SESSION_STATE_DH
296 * - dh_handshake_state == DH_STATE_NEWKEYS_SENT
297 *
298 * Transitions:
299 * - session->dh_handshake_state = DH_STATE_FINISHED
300 * - session->session_state = SSH_SESSION_STATE_AUTHENTICATING
301 * if session->flags & SSH_SESSION_FLAG_AUTHENTICATED
302 * - session->session_state = SSH_SESSION_STATE_AUTHENTICATED
303 * */
304
305 /* If DH has not been started, reject message */
306 if (session->session_state != SSH_SESSION_STATE_DH) {
307 rc = SSH_PACKET_DENIED;
308 break;
309 }
310
311 /* Only allowed if dh_handshake_state is in NEWKEYS_SENT state */
312 if (session->dh_handshake_state != DH_STATE_NEWKEYS_SENT) {
313 rc = SSH_PACKET_DENIED;
314 break;
315 }
316
317 rc = SSH_PACKET_ALLOWED;
318 break;
319 case SSH2_MSG_KEXDH_INIT: // 30
320 // SSH2_MSG_KEX_ECDH_INIT: // 30
321 // SSH2_MSG_ECMQV_INIT: // 30
322 // SSH2_MSG_KEX_DH_GEX_REQUEST_OLD: // 30
323
324 /* Server only */
325
326 /*
327 * States required:
328 * - session_state == SSH_SESSION_STATE_DH
329 * - dh_handshake_state == DH_STATE_INIT
330 *
331 * Transitions:
332 * - session->dh_handshake_state = DH_STATE_INIT_SENT
333 * then calls dh_handshake_server which triggers:
334 * - session->dh_handhsake_state = DH_STATE_NEWKEYS_SENT
335 * */
336
337 if (session->session_state != SSH_SESSION_STATE_DH) {
338 rc = SSH_PACKET_DENIED;
339 break;
340 }
341
342 /* Only allowed if dh_handshake_state is in initial state */
343 if (session->dh_handshake_state != DH_STATE_INIT) {
344 rc = SSH_PACKET_DENIED;
345 break;
346 }
347
348 rc = SSH_PACKET_ALLOWED;
349 break;
350 case SSH2_MSG_KEXDH_REPLY: // 31
351 // SSH2_MSG_KEX_ECDH_REPLY: // 31
352 // SSH2_MSG_ECMQV_REPLY: // 31
353 // SSH2_MSG_KEX_DH_GEX_GROUP: // 31
354
355 /*
356 * States required:
357 * - session_state == SSH_SESSION_STATE_DH
358 * - dh_handshake_state == DH_STATE_INIT_SENT
359 *
360 * Transitions:
361 * - session->dh_handhsake_state = DH_STATE_NEWKEYS_SENT
362 * */
363
364 if (session->session_state != SSH_SESSION_STATE_DH) {
365 rc = SSH_PACKET_DENIED;
366 break;
367 }
368
369 if (session->dh_handshake_state != DH_STATE_INIT_SENT) {
370 rc = SSH_PACKET_DENIED;
371 break;
372 }
373
374 rc = SSH_PACKET_ALLOWED;
375 break;
376 case SSH2_MSG_KEX_DH_GEX_INIT: // 32
377 /* TODO Not filtered */
378 rc = SSH_PACKET_ALLOWED;
379 break;
380 case SSH2_MSG_KEX_DH_GEX_REPLY: // 33
381 /* TODO Not filtered */
382 rc = SSH_PACKET_ALLOWED;
383 break;
384 case SSH2_MSG_KEX_DH_GEX_REQUEST: // 34
385 /* TODO Not filtered */
386 rc = SSH_PACKET_ALLOWED;
387 break;
388 case SSH2_MSG_USERAUTH_REQUEST: // 50
389 /* Server only */
390
391 /*
392 * States required:
393 * - session_state == SSH_SESSION_STATE_AUTHENTICATING
394 * - dh_hanshake_state == DH_STATE_FINISHED
395 *
396 * Transitions:
397 * - if authentication was successful:
398 * - session_state = SSH_SESSION_STATE_AUTHENTICATED
399 * */
400
401 /* If this is a client, reject the message */
402 if (session->client) {
403 rc = SSH_PACKET_DENIED;
404 break;
405 }
406
407 if (session->dh_handshake_state != DH_STATE_FINISHED) {
408 rc = SSH_PACKET_DENIED;
409 break;
410 }
411
412 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) {
413 rc = SSH_PACKET_DENIED;
414 break;
415 }
416
417 rc = SSH_PACKET_ALLOWED;
418 break;
419 case SSH2_MSG_USERAUTH_FAILURE: // 51
420 /*
421 * States required:
422 * - session_state == SSH_SESSION_STATE_AUTHENTICATING
423 * - dh_hanshake_state == DH_STATE_FINISHED
424 * - session->auth_state == SSH_AUTH_STATE_KBDINT_SENT
425 * or session->auth_state == SSH_AUTH_STATE_PUBKEY_OFFER_SENT
426 * or session->auth_state == SSH_AUTH_STATE_PUBKEY_AUTH_SENT
427 * or session->auth_state == SSH_AUTH_STATE_PASSWORD_AUTH_SENT
428 * or session->auth_state == SSH_AUTH_STATE_GSSAPI_MIC_SENT
429 *
430 * Transitions:
431 * - if unpacking failed:
432 * - session->auth_state = SSH_AUTH_ERROR
433 * - if failure was partial:
434 * - session->auth_state = SSH_AUTH_PARTIAL
435 * - else:
436 * - session->auth_state = SSH_AUTH_STATE_FAILED
437 * */
438
439 /* If this is a server, reject the message */
440 if (session->server) {
441 rc = SSH_PACKET_DENIED;
442 break;
443 }
444
445 if (session->dh_handshake_state != DH_STATE_FINISHED) {
446 rc = SSH_PACKET_DENIED;
447 break;
448 }
449
450 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) {
451 rc = SSH_PACKET_DENIED;
452 break;
453 }
454
455 rc = SSH_PACKET_ALLOWED;
456 break;
457 case SSH2_MSG_USERAUTH_SUCCESS: // 52
458 /*
459 * States required:
460 * - session_state == SSH_SESSION_STATE_AUTHENTICATING
461 * - dh_hanshake_state == DH_STATE_FINISHED
462 * - session->auth_state == SSH_AUTH_STATE_KBDINT_SENT
463 * or session->auth_state == SSH_AUTH_STATE_PUBKEY_AUTH_SENT
464 * or session->auth_state == SSH_AUTH_STATE_PASSWORD_AUTH_SENT
465 * or session->auth_state == SSH_AUTH_STATE_GSSAPI_MIC_SENT
466 * or session->auth_state == SSH_AUTH_STATE_AUTH_NONE_SENT
467 *
468 * Transitions:
469 * - session->auth_state = SSH_AUTH_STATE_SUCCESS
470 * - session->session_state = SSH_SESSION_STATE_AUTHENTICATED
471 * - session->flags |= SSH_SESSION_FLAG_AUTHENTICATED
472 * - sessions->auth.current_method = SSH_AUTH_METHOD_UNKNOWN
473 * */
474
475 /* If this is a server, reject the message */
476 if (session->server) {
477 rc = SSH_PACKET_DENIED;
478 break;
479 }
480
481 if (session->dh_handshake_state != DH_STATE_FINISHED) {
482 rc = SSH_PACKET_DENIED;
483 break;
484 }
485
486 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) {
487 rc = SSH_PACKET_DENIED;
488 break;
489 }
490
491 if ((session->auth_state != SSH_AUTH_STATE_KBDINT_SENT) &&
492 (session->auth_state != SSH_AUTH_STATE_PUBKEY_AUTH_SENT) &&
493 (session->auth_state != SSH_AUTH_STATE_PASSWORD_AUTH_SENT) &&
494 (session->auth_state != SSH_AUTH_STATE_GSSAPI_MIC_SENT) &&
495 (session->auth_state != SSH_AUTH_STATE_AUTH_NONE_SENT))
496 {
497 rc = SSH_PACKET_DENIED;
498 break;
499 }
500
501 rc = SSH_PACKET_ALLOWED;
502 break;
503 case SSH2_MSG_USERAUTH_BANNER: // 53
504 /*
505 * States required:
506 * - session_state == SSH_SESSION_STATE_AUTHENTICATING
507 *
508 * Transitions:
509 * - None
510 * */
511
512 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) {
513 rc = SSH_PACKET_DENIED;
514 break;
515 }
516
517 rc = SSH_PACKET_ALLOWED;
518 break;
519 case SSH2_MSG_USERAUTH_PK_OK: // 60
520 // SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // 60
521 // SSH2_MSG_USERAUTH_INFO_REQUEST: // 60
522 // SSH2_MSG_USERAUTH_GSSAPI_RESPONSE: // 60
523
524 /*
525 * States required:
526 * - session_state == SSH_SESSION_STATE_AUTHENTICATING
527 * - session->auth_state == SSH_AUTH_STATE_KBDINT_SENT
528 * or
529 * session->auth_state == SSH_AUTH_STATE_GSSAPI_REQUEST_SENT
530 * or
531 * session->auth_state == SSH_AUTH_STATE_PUBKEY_OFFER_SENT
532 *
533 * Transitions:
534 * Depending on the current state, the message is treated
535 * differently:
536 * - session->auth_state == SSH_AUTH_STATE_KBDINT_SENT
537 * - session->auth_state = SSH_AUTH_STATE_INFO
538 * - session->auth_state == SSH_AUTH_STATE_GSSAPI_REQUEST_SENT
539 * - session->auth_state = SSH_AUTH_STATE_GSSAPI_TOKEN
540 * - session->auth_state == SSH_AUTH_STATE_PUBKEY_OFFER_SENT
541 * - session->auth_state = SSH_AUTH_STATE_PK_OK
542 * */
543
544 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) {
545 rc = SSH_PACKET_DENIED;
546 break;
547 }
548
549 if ((session->auth_state != SSH_AUTH_STATE_KBDINT_SENT) &&
550 (session->auth_state != SSH_AUTH_STATE_PUBKEY_OFFER_SENT) &&
551 (session->auth_state != SSH_AUTH_STATE_GSSAPI_REQUEST_SENT))
552 {
553 rc = SSH_PACKET_DENIED;
554 break;
555 }
556
557 rc = SSH_PACKET_ALLOWED;
558 break;
559 case SSH2_MSG_USERAUTH_INFO_RESPONSE: // 61
560 // SSH2_MSG_USERAUTH_GSSAPI_TOKEN: // 61
561
562 /*
563 * States required:
564 * - session_state == SSH_SESSION_STATE_AUTHENTICATING
565 * - session_state->auth_state == SSH_SESSION_STATE_GSSAPI_TOKEN
566 * or
567 * session_state->auth_state == SSH_SESSION_STATE_INFO
568 *
569 * Transitions:
570 * - None
571 * */
572
573 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) {
574 rc = SSH_PACKET_DENIED;
575 break;
576 }
577
578 if ((session->auth_state != SSH_AUTH_STATE_INFO) &&
579 (session->auth_state != SSH_AUTH_STATE_GSSAPI_TOKEN))
580 {
581 rc = SSH_PACKET_DENIED;
582 break;
583 }
584
585 rc = SSH_PACKET_ALLOWED;
586 break;
587 case SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE: // 63
588 /* TODO Not filtered */
589 rc = SSH_PACKET_ALLOWED;
590 break;
591 case SSH2_MSG_USERAUTH_GSSAPI_ERROR: // 64
592 /* TODO Not filtered */
593 rc = SSH_PACKET_ALLOWED;
594 break;
595 case SSH2_MSG_USERAUTH_GSSAPI_ERRTOK: // 65
596 /* TODO Not filtered */
597 rc = SSH_PACKET_ALLOWED;
598 break;
599 case SSH2_MSG_USERAUTH_GSSAPI_MIC: // 66
600 /* Server only */
601
602 /*
603 * States required:
604 * - session_state == SSH_SESSION_STATE_AUTHENTICATING
605 * - session->gssapi->state == SSH_GSSAPI_STATE_RCV_MIC
606 *
607 * Transitions:
608 * Depending on the result of the verification, the states are
609 * changed:
610 * - SSH_AUTH_SUCCESS:
611 * - session->session_state = SSH_SESSION_STATE_AUTHENTICATED
612 * - session->flags != SSH_SESSION_FLAG_AUTHENTICATED
613 * - SSH_AUTH_PARTIAL:
614 * - None
615 * - any other case:
616 * - None
617 * */
618
619 /* If this is a client, reject the message */
620 if (session->client) {
621 rc = SSH_PACKET_DENIED;
622 break;
623 }
624
625 if (session->dh_handshake_state != DH_STATE_FINISHED) {
626 rc = SSH_PACKET_DENIED;
627 break;
628 }
629
630 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) {
631 rc = SSH_PACKET_DENIED;
632 break;
633 }
634
635 rc = SSH_PACKET_ALLOWED;
636 break;
637 case SSH2_MSG_GLOBAL_REQUEST: // 80
638 /*
639 * States required:
640 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
641 *
642 * Transitions:
643 * - None
644 * */
645
646 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
647 rc = SSH_PACKET_DENIED;
648 break;
649 }
650
651 rc = SSH_PACKET_ALLOWED;
652 break;
653 case SSH2_MSG_REQUEST_SUCCESS: // 81
654 /*
655 * States required:
656 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
657 * - session->global_req_state == SSH_CHANNEL_REQ_STATE_PENDING
658 *
659 * Transitions:
660 * - session->global_req_state == SSH_CHANNEL_REQ_STATE_ACCEPTED
661 * */
662
663 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
664 rc = SSH_PACKET_DENIED;
665 break;
666 }
667
668 if (session->global_req_state != SSH_CHANNEL_REQ_STATE_PENDING) {
669 rc = SSH_PACKET_DENIED;
670 break;
671 }
672
673 rc = SSH_PACKET_ALLOWED;
674 break;
675 case SSH2_MSG_REQUEST_FAILURE: // 82
676 /*
677 * States required:
678 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
679 * - session->global_req_state == SSH_CHANNEL_REQ_STATE_PENDING
680 *
681 * Transitions:
682 * - session->global_req_state == SSH_CHANNEL_REQ_STATE_DENIED
683 * */
684
685 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
686 rc = SSH_PACKET_DENIED;
687 break;
688 }
689
690 if (session->global_req_state != SSH_CHANNEL_REQ_STATE_PENDING) {
691 rc = SSH_PACKET_DENIED;
692 break;
693 }
694
695 rc = SSH_PACKET_ALLOWED;
696 break;
697 case SSH2_MSG_CHANNEL_OPEN: // 90
698 /*
699 * States required:
700 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
701 *
702 * Transitions:
703 * - None
704 * */
705
706 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
707 rc = SSH_PACKET_DENIED;
708 break;
709 }
710
711 rc = SSH_PACKET_ALLOWED;
712 break;
713 case SSH2_MSG_CHANNEL_OPEN_CONFIRMATION: // 91
714 /*
715 * States required:
716 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
717 *
718 * Transitions:
719 * - channel->state = SSH_CHANNEL_STATE_OPEN
720 * - channel->flags &= ~SSH_CHANNEL_FLAG_NOT_BOUND
721 * */
722
723 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
724 rc = SSH_PACKET_DENIED;
725 break;
726 }
727
728 rc = SSH_PACKET_ALLOWED;
729 break;
730 case SSH2_MSG_CHANNEL_OPEN_FAILURE: // 92
731 /*
732 * States required:
733 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
734 *
735 * Transitions:
736 * - channel->state = SSH_CHANNEL_STATE_OPEN_DENIED
737 * */
738
739 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
740 rc = SSH_PACKET_DENIED;
741 break;
742 }
743
744 rc = SSH_PACKET_ALLOWED;
745 break;
746 case SSH2_MSG_CHANNEL_WINDOW_ADJUST: // 93
747 /*
748 * States required:
749 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
750 *
751 * Transitions:
752 * - None
753 * */
754
755 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
756 rc = SSH_PACKET_DENIED;
757 break;
758 }
759
760 rc = SSH_PACKET_ALLOWED;
761 break;
762 case SSH2_MSG_CHANNEL_DATA: // 94
763 /*
764 * States required:
765 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
766 *
767 * Transitions:
768 * - None
769 * */
770
771 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
772 rc = SSH_PACKET_DENIED;
773 break;
774 }
775
776 rc = SSH_PACKET_ALLOWED;
777 break;
778 case SSH2_MSG_CHANNEL_EXTENDED_DATA: // 95
779 /*
780 * States required:
781 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
782 *
783 * Transitions:
784 * - None
785 * */
786
787 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
788 rc = SSH_PACKET_DENIED;
789 break;
790 }
791
792 rc = SSH_PACKET_ALLOWED;
793 break;
794 case SSH2_MSG_CHANNEL_EOF: // 96
795 /*
796 * States required:
797 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
798 *
799 * Transitions:
800 * - None
801 * */
802
803 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
804 rc = SSH_PACKET_DENIED;
805 break;
806 }
807
808 rc = SSH_PACKET_ALLOWED;
809 break;
810 case SSH2_MSG_CHANNEL_CLOSE: // 97
811 /*
812 * States required:
813 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
814 *
815 * Transitions:
816 * - channel->state = SSH_CHANNEL_STATE_CLOSED
817 * - channel->flags |= SSH_CHANNEL_FLAG_CLOSED_REMOTE
818 * */
819
820 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
821 rc = SSH_PACKET_DENIED;
822 break;
823 }
824
825 rc = SSH_PACKET_ALLOWED;
826 break;
827 case SSH2_MSG_CHANNEL_REQUEST: // 98
828 /*
829 * States required:
830 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
831 *
832 * Transitions:
833 * - Depends on the request
834 * */
835
836 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
837 rc = SSH_PACKET_DENIED;
838 break;
839 }
840
841 rc = SSH_PACKET_ALLOWED;
842 break;
843 case SSH2_MSG_CHANNEL_SUCCESS: // 99
844 /*
845 * States required:
846 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
847 * - channel->request_state == SSH_CHANNEL_REQ_STATE_PENDING
848 *
849 * Transitions:
850 * - channel->request_state = SSH_CHANNEL_REQ_STATE_ACCEPTED
851 * */
852
853 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
854 rc = SSH_PACKET_DENIED;
855 break;
856 }
857
858 rc = SSH_PACKET_ALLOWED;
859 break;
860 case SSH2_MSG_CHANNEL_FAILURE: // 100
861 /*
862 * States required:
863 * - session_state == SSH_SESSION_STATE_AUTHENTICATED
864 * - channel->request_state == SSH_CHANNEL_REQ_STATE_PENDING
865 *
866 * Transitions:
867 * - channel->request_state = SSH_CHANNEL_REQ_STATE_DENIED
868 * */
869
870 if (session->session_state != SSH_SESSION_STATE_AUTHENTICATED) {
871 rc = SSH_PACKET_DENIED;
872 break;
873 }
874
875 rc = SSH_PACKET_ALLOWED;
876 break;
877 default:
878 /* Unknown message, do not filter */
879 rc = SSH_PACKET_UNKNOWN;
880 goto end;
881 }
882
883end:
884#ifdef DEBUG_PACKET
885 if (rc == SSH_PACKET_DENIED) {
886 SSH_LOG(SSH_LOG_PACKET, "REJECTED packet type %d: ",
887 session->in_packet.type);
888 }
889
890 if (rc == SSH_PACKET_UNKNOWN) {
891 SSH_LOG(SSH_LOG_PACKET, "UNKNOWN packet type %d",
892 session->in_packet.type);
893 }
894#endif
895
896 return rc;
897}
898
899/* in nonblocking mode, socket_read will read as much as it can, and return */
900/* SSH_OK if it has read at least len bytes, otherwise, SSH_AGAIN. */
901/* in blocking mode, it will read at least len bytes and will block until it's ok. */
902
903/** @internal
904 * @handles a data received event. It then calls the handlers for the different packet types
905 * or and exception handler callback.
906 * @param user pointer to current ssh_session
907 * @param data pointer to the data received
908 * @len length of data received. It might not be enough for a complete packet
909 * @returns number of bytes read and processed.
910 */
911int ssh_packet_socket_callback(const void *data, size_t receivedlen, void *user)
912{
913 ssh_session session= (ssh_session) user;
914 unsigned int blocksize = (session->current_crypto ?
915 session->current_crypto->in_cipher->blocksize : 8);
916 unsigned char mac[DIGEST_MAX_LEN] = {0};
917 char buffer[16] = {0};
918 size_t current_macsize = 0;
919 const uint8_t *packet;
920 int to_be_read;
921 int rc;
922 uint32_t len, compsize, payloadsize;
923 uint8_t padding;
924 size_t processed = 0; /* number of byte processed from the callback */
925 enum ssh_packet_filter_result_e filter_result;
926
927 if(session->current_crypto != NULL) {
928 current_macsize = hmac_digest_len(session->current_crypto->in_hmac);
929 }
930
931 if (data == NULL) {
932 goto error;
933 }
934
935 if (session->session_state == SSH_SESSION_STATE_ERROR) {
936 goto error;
937 }
938
939 switch(session->packet_state) {
940 case PACKET_STATE_INIT:
941 if (receivedlen < blocksize) {
942 /*
943 * We didn't receive enough data to read at least one
944 * block size, give up
945 */
946 return 0;
947 }
948
949 memset(&session->in_packet, 0, sizeof(PACKET));
950
951 if (session->in_buffer) {
952 rc = ssh_buffer_reinit(session->in_buffer);
953 if (rc < 0) {
954 goto error;
955 }
956 } else {
957 session->in_buffer = ssh_buffer_new();
958 if (session->in_buffer == NULL) {
959 goto error;
960 }
961 }
962
963 memcpy(buffer, data, blocksize);
964 processed += blocksize;
965 len = packet_decrypt_len(session, buffer);
966
967 rc = ssh_buffer_add_data(session->in_buffer, buffer, blocksize);
968 if (rc < 0) {
969 goto error;
970 }
971
972 if (len > MAX_PACKET_LEN) {
973 ssh_set_error(session,
974 SSH_FATAL,
975 "read_packet(): Packet len too high(%u %.4x)",
976 len, len);
977 goto error;
978 }
979
980 to_be_read = len - blocksize + sizeof(uint32_t);
981 if (to_be_read < 0) {
982 /* remote sshd sends invalid sizes? */
983 ssh_set_error(session,
984 SSH_FATAL,
985 "Given numbers of bytes left to be read < 0 (%d)!",
986 to_be_read);
987 goto error;
988 }
989
990 /* Saves the status of the current operations */
991 session->in_packet.len = len;
992 session->packet_state = PACKET_STATE_SIZEREAD;
993 /* FALL TROUGH */
994 case PACKET_STATE_SIZEREAD:
995 len = session->in_packet.len;
996 to_be_read = len - blocksize + sizeof(uint32_t) + current_macsize;
997 /* if to_be_read is zero, the whole packet was blocksize bytes. */
998 if (to_be_read != 0) {
999 if (receivedlen - processed < (unsigned int)to_be_read) {
1000 /* give up, not enough data in buffer */
1001 SSH_LOG(SSH_LOG_PACKET,"packet: partial packet (read len) [len=%d]",len);
1002 return processed;
1003 }
1004
1005 packet = ((uint8_t*)data) + processed;
1006#if 0
1007 ssh_socket_read(session->socket,
1008 packet,
1009 to_be_read - current_macsize);
1010#endif
1011
1012 rc = ssh_buffer_add_data(session->in_buffer,
1013 packet,
1014 to_be_read - current_macsize);
1015 if (rc < 0) {
1016 goto error;
1017 }
1018 processed += to_be_read - current_macsize;
1019 }
1020
1021 if (session->current_crypto) {
1022 /*
1023 * Decrypt the rest of the packet (blocksize bytes already
1024 * have been decrypted)
1025 */
1026 uint32_t buffer_len = buffer_get_rest_len(session->in_buffer);
1027
1028 /* The following check avoids decrypting zero bytes */
1029 if (buffer_len > blocksize) {
1030 uint8_t *payload = ((uint8_t*)buffer_get_rest(session->in_buffer) + blocksize);
1031 uint32_t plen = buffer_len - blocksize;
1032
1033 rc = packet_decrypt(session, payload, plen);
1034 if (rc < 0) {
1035 ssh_set_error(session, SSH_FATAL, "Decrypt error");
1036 goto error;
1037 }
1038 }
1039
1040 /* copy the last part from the incoming buffer */
1041 packet = ((uint8_t *)data) + processed;
1042 memcpy(mac, packet, current_macsize);
1043
1044 rc = packet_hmac_verify(session, session->in_buffer, mac, session->current_crypto->in_hmac);
1045 if (rc < 0) {
1046 ssh_set_error(session, SSH_FATAL, "HMAC error");
1047 goto error;
1048 }
1049 processed += current_macsize;
1050 }
1051
1052 /* skip the size field which has been processed before */
1053 buffer_pass_bytes(session->in_buffer, sizeof(uint32_t));
1054
1055 rc = buffer_get_u8(session->in_buffer, &padding);
1056 if (rc == 0) {
1057 ssh_set_error(session,
1058 SSH_FATAL,
1059 "Packet too short to read padding");
1060 goto error;
1061 }
1062
1063 if (padding > buffer_get_rest_len(session->in_buffer)) {
1064 ssh_set_error(session,
1065 SSH_FATAL,
1066 "Invalid padding: %d (%d left)",
1067 padding,
1068 buffer_get_rest_len(session->in_buffer));
1069 goto error;
1070 }
1071 buffer_pass_bytes_end(session->in_buffer, padding);
1072 compsize = buffer_get_rest_len(session->in_buffer);
1073
1074#ifdef WITH_ZLIB
1075 if (session->current_crypto
1076 && session->current_crypto->do_compress_in
1077 && buffer_get_rest_len(session->in_buffer) > 0) {
1078 rc = decompress_buffer(session, session->in_buffer,MAX_PACKET_LEN);
1079 if (rc < 0) {
1080 goto error;
1081 }
1082 }
1083#endif /* WITH_ZLIB */
1084 payloadsize = buffer_get_rest_len(session->in_buffer);
1085 session->recv_seq++;
1086 if (session->raw_counter != NULL) {
1087 session->raw_counter->in_bytes += payloadsize;
1088 session->raw_counter->in_packets++;
1089 }
1090
1091 /*
1092 * We don't want to rewrite a new packet while still executing the
1093 * packet callbacks
1094 */
1095 session->packet_state = PACKET_STATE_PROCESSING;
1096 ssh_packet_parse_type(session);
1097 SSH_LOG(SSH_LOG_PACKET,
1098 "packet: read type %hhd [len=%d,padding=%hhd,comp=%d,payload=%d]",
1099 session->in_packet.type, len, padding, compsize, payloadsize);
1100
1101 /* Check if the packet is expected */
1102 filter_result = ssh_packet_incoming_filter(session);
1103
1104 switch(filter_result) {
1105 case SSH_PACKET_ALLOWED:
1106 /* Execute callbacks */
1107 ssh_packet_process(session, session->in_packet.type);
1108 break;
1109 case SSH_PACKET_DENIED:
1110 goto error;
1111 case SSH_PACKET_UNKNOWN:
1112 ssh_packet_send_unimplemented(session, session->recv_seq - 1);
1113 break;
1114 }
1115
1116 session->packet_state = PACKET_STATE_INIT;
1117 if (processed < receivedlen) {
1118 /* Handle a potential packet left in socket buffer */
1119 SSH_LOG(SSH_LOG_PACKET,
1120 "Processing %" PRIdS " bytes left in socket buffer",
1121 receivedlen-processed);
1122
1123 packet = ((uint8_t*)data) + processed;
1124
1125 rc = ssh_packet_socket_callback(packet, receivedlen - processed,user);
1126 processed += rc;
1127 }
1128
1129 return processed;
1130 case PACKET_STATE_PROCESSING:
1131 SSH_LOG(SSH_LOG_PACKET, "Nested packet processing. Delaying.");
1132 return 0;
1133 }
1134
1135 ssh_set_error(session,
1136 SSH_FATAL,
1137 "Invalid state into packet_read2(): %d",
1138 session->packet_state);
1139
1140error:
1141 session->session_state= SSH_SESSION_STATE_ERROR;
1142
1143 return processed;
1144}
1145
1146void ssh_packet_register_socket_callback(ssh_session session, ssh_socket s){
1147 session->socket_callbacks.data=ssh_packet_socket_callback;
1148 session->socket_callbacks.connected=NULL;
1149 session->socket_callbacks.controlflow=NULL;
1150 session->socket_callbacks.exception=NULL;
1151 session->socket_callbacks.userdata=session;
1152 ssh_socket_set_callbacks(s,&session->socket_callbacks);
1153}
1154
1155/** @internal
1156 * @brief sets the callbacks for the packet layer
1157 */
1158void ssh_packet_set_callbacks(ssh_session session, ssh_packet_callbacks callbacks){
1159 if(session->packet_callbacks == NULL){
1160 session->packet_callbacks = ssh_list_new();
1161 }
1162 if (session->packet_callbacks != NULL) {
1163 ssh_list_append(session->packet_callbacks, callbacks);
1164 }
1165}
1166
1167/** @internal
1168 * @brief sets the default packet handlers
1169 */
1170void ssh_packet_set_default_callbacks(ssh_session session){
1171#ifdef WITH_SSH1
1172 if(session->version==1){
1173 ssh_packet_set_default_callbacks1(session);
1174 return;
1175 }
1176#endif
1177 session->default_packet_callbacks.start=1;
1178 session->default_packet_callbacks.n_callbacks=sizeof(default_packet_handlers)/sizeof(ssh_packet_callback);
1179 session->default_packet_callbacks.user=session;
1180 session->default_packet_callbacks.callbacks=default_packet_handlers;
1181 ssh_packet_set_callbacks(session, &session->default_packet_callbacks);
1182}
1183
1184/** @internal
1185 * @brief dispatch the call of packet handlers callbacks for a received packet
1186 * @param type type of packet
1187 */
1188void ssh_packet_process(ssh_session session, uint8_t type){
1189 struct ssh_iterator *i;
1190 int r=SSH_PACKET_NOT_USED;
1191 ssh_packet_callbacks cb;
1192
1193 SSH_LOG(SSH_LOG_PACKET, "Dispatching handler for packet type %d",type);
1194 if(session->packet_callbacks == NULL){
1195 SSH_LOG(SSH_LOG_RARE,"Packet callback is not initialized !");
1196
1197 return;
1198 }
1199 i=ssh_list_get_iterator(session->packet_callbacks);
1200 while(i != NULL){
1201 cb=ssh_iterator_value(ssh_packet_callbacks,i);
1202 i=i->next;
1203 if(!cb)
1204 continue;
1205 if(cb->start > type)
1206 continue;
1207 if(cb->start + cb->n_callbacks <= type)
1208 continue;
1209 if(cb->callbacks[type - cb->start]==NULL)
1210 continue;
1211 r=cb->callbacks[type - cb->start](session,type,session->in_buffer,cb->user);
1212 if(r==SSH_PACKET_USED)
1213 break;
1214 }
1215 if(r==SSH_PACKET_NOT_USED){
1216 SSH_LOG(SSH_LOG_RARE,"Couldn't do anything with packet type %d",type);
1217 ssh_packet_send_unimplemented(session, session->recv_seq-1);
1218 }
1219}
1220
1221/** @internal
1222 * @brief sends a SSH_MSG_UNIMPLEMENTED answer to an unhandled packet
1223 * @param session the SSH session
1224 * @param seqnum the sequence number of the unknown packet
1225 * @return SSH_ERROR on error, else SSH_OK
1226 */
1227int ssh_packet_send_unimplemented(ssh_session session, uint32_t seqnum){
1228 int rc;
1229
1230 rc = ssh_buffer_pack(session->out_buffer,
1231 "bd",
1232 SSH2_MSG_UNIMPLEMENTED,
1233 seqnum);
1234 if (rc != SSH_OK) {
1235 ssh_set_error_oom(session);
1236 return SSH_ERROR;
1237 }
1238 rc = packet_send(session);
1239
1240 return rc;
1241}
1242
1243/** @internal
1244 * @brief handles a SSH_MSG_UNIMPLEMENTED packet
1245 */
1246SSH_PACKET_CALLBACK(ssh_packet_unimplemented){
1247 uint32_t seq;
1248 int rc;
1249
1250 (void)session; /* unused */
1251 (void)type;
1252 (void)user;
1253
1254 rc = ssh_buffer_unpack(packet, "d", &seq);
1255 if (rc != SSH_OK) {
1256 SSH_LOG(SSH_LOG_WARNING,
1257 "Could not unpack SSH_MSG_UNIMPLEMENTED packet");
1258 }
1259
1260 SSH_LOG(SSH_LOG_RARE,
1261 "Received SSH_MSG_UNIMPLEMENTED (sequence number %d)",seq);
1262
1263 return SSH_PACKET_USED;
1264}
1265
1266/** @internal
1267 * @parse the "Type" header field of a packet and updates the session
1268 */
1269int ssh_packet_parse_type(ssh_session session) {
1270 memset(&session->in_packet, 0, sizeof(PACKET));
1271 if(session->in_buffer == NULL) {
1272 return SSH_ERROR;
1273 }
1274
1275 if(buffer_get_u8(session->in_buffer, &session->in_packet.type) == 0) {
1276 ssh_set_error(session, SSH_FATAL, "Packet too short to read type");
1277 return SSH_ERROR;
1278 }
1279
1280 session->in_packet.valid = 1;
1281
1282 return SSH_OK;
1283}
1284
1285/*
1286 * This function places the outgoing packet buffer into an outgoing
1287 * socket buffer
1288 */
1289static int ssh_packet_write(ssh_session session) {
1290 int rc = SSH_ERROR;
1291
1292 rc=ssh_socket_write(session->socket,
1293 buffer_get_rest(session->out_buffer),
1294 buffer_get_rest_len(session->out_buffer));
1295
1296 return rc;
1297}
1298
1299static int packet_send2(ssh_session session) {
1300 unsigned int blocksize = (session->current_crypto ?
1301 session->current_crypto->out_cipher->blocksize : 8);
1302 enum ssh_hmac_e hmac_type = (session->current_crypto ?
1303 session->current_crypto->out_hmac : session->next_crypto->out_hmac);
1304 uint32_t currentlen = buffer_get_rest_len(session->out_buffer);
1305 unsigned char *hmac = NULL;
1306 char padstring[32] = { 0 };
1307 int rc = SSH_ERROR;
1308 uint32_t finallen,payloadsize,compsize;
1309 uint8_t padding;
1310
1311 uint8_t header[sizeof(padding) + sizeof(finallen)] = { 0 };
1312
1313 payloadsize = currentlen;
1314#ifdef WITH_ZLIB
1315 if (session->current_crypto
1316 && session->current_crypto->do_compress_out
1317 && buffer_get_rest_len(session->out_buffer)) {
1318 if (compress_buffer(session,session->out_buffer) < 0) {
1319 goto error;
1320 }
1321 currentlen = buffer_get_rest_len(session->out_buffer);
1322 }
1323#endif /* WITH_ZLIB */
1324 compsize = currentlen;
1325 padding = (blocksize - ((currentlen +5) % blocksize));
1326 if(padding < 4) {
1327 padding += blocksize;
1328 }
1329
1330 if (session->current_crypto) {
1331 ssh_get_random(padstring, padding, 0);
1332 }
1333
1334 finallen = htonl(currentlen + padding + 1);
1335
1336 memcpy(&header[0], &finallen, sizeof(finallen));
1337 header[sizeof(finallen)] = padding;
1338 rc = buffer_prepend_data(session->out_buffer, &header, sizeof(header));
1339 if (rc < 0) {
1340 goto error;
1341 }
1342 rc = ssh_buffer_add_data(session->out_buffer, padstring, padding);
1343 if (rc < 0) {
1344 goto error;
1345 }
1346#ifdef WITH_PCAP
1347 if(session->pcap_ctx){
1348 ssh_pcap_context_write(session->pcap_ctx,SSH_PCAP_DIR_OUT,
1349 buffer_get_rest(session->out_buffer),buffer_get_rest_len(session->out_buffer)
1350 ,buffer_get_rest_len(session->out_buffer));
1351 }
1352#endif
1353 hmac = packet_encrypt(session, buffer_get_rest(session->out_buffer),
1354 buffer_get_rest_len(session->out_buffer));
1355 if (hmac) {
1356 rc = ssh_buffer_add_data(session->out_buffer, hmac, hmac_digest_len(hmac_type));
1357 if (rc < 0) {
1358 goto error;
1359 }
1360 }
1361
1362 rc = ssh_packet_write(session);
1363 session->send_seq++;
1364 if (session->raw_counter != NULL) {
1365 session->raw_counter->out_bytes += payloadsize;
1366 session->raw_counter->out_packets++;
1367 }
1368
1369 SSH_LOG(SSH_LOG_PACKET,
1370 "packet: wrote [len=%d,padding=%hhd,comp=%d,payload=%d]",
1371 ntohl(finallen), padding, compsize, payloadsize);
1372 if (ssh_buffer_reinit(session->out_buffer) < 0) {
1373 rc = SSH_ERROR;
1374 }
1375error:
1376
1377 return rc; /* SSH_OK, AGAIN or ERROR */
1378}
1379
1380
1381int packet_send(ssh_session session) {
1382#ifdef WITH_SSH1
1383 if (session->version == 1) {
1384 return packet_send1(session);
1385 }
1386#endif
1387 return packet_send2(session);
1388}
1389