libssh  0.10.90
The SSH library
Loading...
Searching...
No Matches
session.h
1/*
2 * This file is part of the SSH Library
3 *
4 * Copyright (c) 2009 by Aris Adamantiadis
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21#ifndef SESSION_H_
22#define SESSION_H_
23#include <stdbool.h>
24
25#include "libssh/priv.h"
26#include "libssh/callbacks.h"
27#include "libssh/kex.h"
28#include "libssh/packet.h"
29#include "libssh/pcap.h"
30#include "libssh/auth.h"
31#include "libssh/channels.h"
32#include "libssh/poll.h"
33#include "libssh/config.h"
34#include "libssh/misc.h"
35
36/* These are the different states a SSH session can be into its life */
37enum ssh_session_state_e {
38 SSH_SESSION_STATE_NONE=0,
39 SSH_SESSION_STATE_CONNECTING,
40 SSH_SESSION_STATE_SOCKET_CONNECTED,
41 SSH_SESSION_STATE_BANNER_RECEIVED,
42 SSH_SESSION_STATE_INITIAL_KEX,
43 SSH_SESSION_STATE_KEXINIT_RECEIVED,
44 SSH_SESSION_STATE_DH,
45 SSH_SESSION_STATE_AUTHENTICATING,
46 SSH_SESSION_STATE_AUTHENTICATED,
47 SSH_SESSION_STATE_ERROR,
48 SSH_SESSION_STATE_DISCONNECTED
49};
50
51enum ssh_dh_state_e {
52 DH_STATE_INIT=0,
53 DH_STATE_GROUP_SENT,
54 DH_STATE_REQUEST_SENT,
55 DH_STATE_INIT_SENT,
56 DH_STATE_NEWKEYS_SENT,
57 DH_STATE_FINISHED
58};
59
60enum ssh_pending_call_e {
61 SSH_PENDING_CALL_NONE = 0,
62 SSH_PENDING_CALL_CONNECT,
63 SSH_PENDING_CALL_AUTH_NONE,
64 SSH_PENDING_CALL_AUTH_PASSWORD,
65 SSH_PENDING_CALL_AUTH_OFFER_PUBKEY,
66 SSH_PENDING_CALL_AUTH_PUBKEY,
67 SSH_PENDING_CALL_AUTH_AGENT,
68 SSH_PENDING_CALL_AUTH_KBDINT_INIT,
69 SSH_PENDING_CALL_AUTH_KBDINT_SEND,
70 SSH_PENDING_CALL_AUTH_GSSAPI_MIC
71};
72
73/* libssh calls may block an undefined amount of time */
74#define SSH_SESSION_FLAG_BLOCKING 0x0001
75
76/* Client successfully authenticated */
77#define SSH_SESSION_FLAG_AUTHENTICATED 0x0002
78
79/* Do not accept new session channels (no-more-sessions@openssh.com) */
80#define SSH_SESSION_FLAG_NO_MORE_SESSIONS 0x0004
81
82/* The KEXINIT message can be sent first by either of the parties so this flag
83 * indicates that the message was already sent to make sure it is sent and avoid
84 * sending it twice during key exchange to simplify the state machine. */
85#define SSH_SESSION_FLAG_KEXINIT_SENT 0x0008
86
87/* The current SSH2 session implements the "strict KEX" feature and should behave
88 * differently on SSH2_MSG_NEWKEYS. */
89#define SSH_SESSION_FLAG_KEX_STRICT 0x0010
90/* Unexpected packets have been sent while the session was still unencrypted */
91#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
92
93/* codes to use with ssh_handle_packets*() */
94/* Infinite timeout */
95#define SSH_TIMEOUT_INFINITE -1
96/* Use the timeout defined by user if any. Mostly used with new connections */
97#define SSH_TIMEOUT_USER -2
98/* Use the default timeout, depending on ssh_is_blocking() */
99#define SSH_TIMEOUT_DEFAULT -3
100/* Don't block at all */
101#define SSH_TIMEOUT_NONBLOCKING 0
102
103/* options flags */
104/* Authentication with *** allowed */
105#define SSH_OPT_FLAG_PASSWORD_AUTH 0x1
106#define SSH_OPT_FLAG_PUBKEY_AUTH 0x2
107#define SSH_OPT_FLAG_KBDINT_AUTH 0x4
108#define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
109
110/* Escape expansion of different variables */
111#define SSH_OPT_EXP_FLAG_KNOWNHOSTS 0x1
112#define SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS 0x2
113#define SSH_OPT_EXP_FLAG_PROXYCOMMAND 0x4
114#define SSH_OPT_EXP_FLAG_IDENTITY 0x8
115#define SSH_OPT_EXP_FLAG_CONTROL_PATH 0x10
116
117/* extensions flags */
118/* negotiation enabled */
119#define SSH_EXT_NEGOTIATION 0x01
120/* server-sig-algs extension */
121#define SSH_EXT_SIG_RSA_SHA256 0x02
122#define SSH_EXT_SIG_RSA_SHA512 0x04
123
124/* members that are common to ssh_session and ssh_bind */
125struct ssh_common_struct {
126 struct error_struct error;
127 ssh_callbacks callbacks; /* Callbacks to user functions */
128 int log_verbosity; /* verbosity of the log functions */
129};
130
131struct ssh_session_struct {
132 struct ssh_common_struct common;
133 struct ssh_socket_struct *socket;
134 char *serverbanner;
135 char *clientbanner;
136 int protoversion;
137 int server;
138 int client;
139 int openssh;
140 uint32_t send_seq;
141 uint32_t recv_seq;
142 struct ssh_timestamp last_rekey_time;
143
144 int connected;
145 /* !=0 when the user got a session handle */
146 int alive;
147 /* two previous are deprecated */
148 /* int auth_service_asked; */
149
150 /* session flags (SSH_SESSION_FLAG_*) */
151 int flags;
152
153 /* Extensions negotiated using RFC 8308 */
154 uint32_t extensions;
155
156 ssh_string banner; /* that's the issue banner from the server */
157 char *peer_discon_msg; /* disconnect message from the remote host */
158 char *disconnect_message; /* disconnect message to be set */
159 ssh_buffer in_buffer;
160 PACKET in_packet;
161 ssh_buffer out_buffer;
162 struct ssh_list *out_queue; /* This list is used for delaying packets
163 when rekeying is required */
164
165 /* the states are used by the nonblocking stuff to remember */
166 /* where it was before being interrupted */
167 enum ssh_pending_call_e pending_call_state;
168 enum ssh_session_state_e session_state;
169 enum ssh_packet_state_e packet_state;
170 enum ssh_dh_state_e dh_handshake_state;
171 enum ssh_channel_request_state_e global_req_state;
172 struct ssh_agent_state_struct *agent_state;
173
174 struct {
175 struct ssh_auth_auto_state_struct *auto_state;
176 enum ssh_auth_service_state_e service_state;
177 enum ssh_auth_state_e state;
178 uint32_t supported_methods;
179 uint32_t current_method;
180 } auth;
181
182 /* Sending this flag before key exchange to save one round trip during the
183 * key exchange. This might make sense on high-latency connections.
184 * So far internal only for testing. Usable only on the client side --
185 * there is no key exchange method that would start with server message */
186 bool send_first_kex_follows;
187 /*
188 * RFC 4253, 7.1: if the first_kex_packet_follows flag was set in
189 * the received SSH_MSG_KEXINIT, but the guess was wrong, this
190 * field will be set such that the following guessed packet will
191 * be ignored on the receiving side. Once that packet has been received and
192 * ignored, this field is cleared.
193 * On the sending side, this is set after we got peer KEXINIT message and we
194 * need to resend the initial message of the negotiated KEX algorithm.
195 */
196 bool first_kex_follows_guess_wrong;
197
198 ssh_buffer in_hashbuf;
199 ssh_buffer out_hashbuf;
200 struct ssh_crypto_struct *current_crypto;
201 /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
202 struct ssh_crypto_struct *next_crypto;
203
204 struct ssh_list *channels; /* linked list of channels */
205 uint32_t maxchannel;
206 ssh_agent agent; /* ssh agent */
207
208 /* keyboard interactive data */
209 struct ssh_kbdint_struct *kbdint;
210 struct ssh_gssapi_struct *gssapi;
211
212 /* server host keys */
213 struct {
214 ssh_key rsa_key;
215 ssh_key ecdsa_key;
216 ssh_key ed25519_key;
217 /* The type of host key wanted by client */
218 enum ssh_keytypes_e hostkey;
219 enum ssh_digest_e hostkey_digest;
220 } srv;
221
222 /* auths accepted by server */
223 struct ssh_list *ssh_message_list; /* list of delayed SSH messages */
224 int (*ssh_message_callback)(struct ssh_session_struct *session,
225 ssh_message msg, void *userdata);
226 void *ssh_message_callback_data;
227 ssh_server_callbacks server_callbacks;
228 void (*ssh_connection_callback)( struct ssh_session_struct *session);
229 struct ssh_packet_callbacks_struct default_packet_callbacks;
230 struct ssh_list *packet_callbacks;
231 struct ssh_socket_callbacks_struct socket_callbacks;
232 ssh_poll_ctx default_poll_ctx;
233 /* options */
234#ifdef WITH_PCAP
235 ssh_pcap_context pcap_ctx; /* pcap debugging context */
236#endif
237 struct {
238 struct ssh_list *identity;
239 struct ssh_list *identity_non_exp;
240 struct ssh_list *certificate;
241 struct ssh_list *certificate_non_exp;
242 char *username;
243 char *host;
244 char *bindaddr; /* bind the client to an ip addr */
245 char *sshdir;
246 char *knownhosts;
247 char *global_knownhosts;
248 char *wanted_methods[SSH_KEX_METHODS];
249 char *pubkey_accepted_types;
250 char *ProxyCommand;
251 char *custombanner;
252 char *moduli_file;
253 char *agent_socket;
254 unsigned long timeout; /* seconds */
255 unsigned long timeout_usec;
256 uint16_t port;
257 socket_t fd;
258 int StrictHostKeyChecking;
259 char compressionlevel;
260 char *gss_server_identity;
261 char *gss_client_identity;
262 int gss_delegate_creds;
263 int flags;
264 int exp_flags;
265 int nodelay;
266 bool config_processed;
267 uint8_t options_seen[SOC_MAX];
268 uint64_t rekey_data;
269 uint32_t rekey_time;
270 int rsa_min_size;
271 bool identities_only;
272 int control_master;
273 char *control_path;
274 } opts;
275 /* counters */
276 ssh_counter socket_counter;
277 ssh_counter raw_counter;
278};
279
285typedef int (*ssh_termination_function)(void *user);
286int ssh_handle_packets(ssh_session session, int timeout);
287int ssh_handle_packets_termination(ssh_session session,
288 int timeout,
289 ssh_termination_function fct,
290 void *user);
291void ssh_socket_exception_callback(int code, int errno_code, void *user);
292
293#endif /* SESSION_H_ */
Definition callbacks.h:165
Definition callbacks.h:332
Definition callbacks.h:409