libssh  0.10.6
The SSH library
Loading...
Searching...
No Matches
session.h
1/*
2 * This file is part of the SSH Library
3 *
4 * Copyright (c) 2009 by Aris Adamantiadis
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21#ifndef SESSION_H_
22#define SESSION_H_
23#include <stdbool.h>
24
25#include "libssh/priv.h"
26#include "libssh/callbacks.h"
27#include "libssh/kex.h"
28#include "libssh/packet.h"
29#include "libssh/pcap.h"
30#include "libssh/auth.h"
31#include "libssh/channels.h"
32#include "libssh/poll.h"
33#include "libssh/config.h"
34#include "libssh/misc.h"
35
36/* These are the different states a SSH session can be into its life */
37enum ssh_session_state_e {
38 SSH_SESSION_STATE_NONE=0,
39 SSH_SESSION_STATE_CONNECTING,
40 SSH_SESSION_STATE_SOCKET_CONNECTED,
41 SSH_SESSION_STATE_BANNER_RECEIVED,
42 SSH_SESSION_STATE_INITIAL_KEX,
43 SSH_SESSION_STATE_KEXINIT_RECEIVED,
44 SSH_SESSION_STATE_DH,
45 SSH_SESSION_STATE_AUTHENTICATING,
46 SSH_SESSION_STATE_AUTHENTICATED,
47 SSH_SESSION_STATE_ERROR,
48 SSH_SESSION_STATE_DISCONNECTED
49};
50
51enum ssh_dh_state_e {
52 DH_STATE_INIT=0,
53 DH_STATE_GROUP_SENT,
54 DH_STATE_REQUEST_SENT,
55 DH_STATE_INIT_SENT,
56 DH_STATE_NEWKEYS_SENT,
57 DH_STATE_FINISHED
58};
59
60enum ssh_pending_call_e {
61 SSH_PENDING_CALL_NONE = 0,
62 SSH_PENDING_CALL_CONNECT,
63 SSH_PENDING_CALL_AUTH_NONE,
64 SSH_PENDING_CALL_AUTH_PASSWORD,
65 SSH_PENDING_CALL_AUTH_OFFER_PUBKEY,
66 SSH_PENDING_CALL_AUTH_PUBKEY,
67 SSH_PENDING_CALL_AUTH_AGENT,
68 SSH_PENDING_CALL_AUTH_KBDINT_INIT,
69 SSH_PENDING_CALL_AUTH_KBDINT_SEND,
70 SSH_PENDING_CALL_AUTH_GSSAPI_MIC
71};
72
73/* libssh calls may block an undefined amount of time */
74#define SSH_SESSION_FLAG_BLOCKING 1
75
76/* Client successfully authenticated */
77#define SSH_SESSION_FLAG_AUTHENTICATED 2
78
79/* The KEXINIT message can be sent first by either of the parties so this flag
80 * indicates that the message was already sent to make sure it is sent and avoid
81 * sending it twice during key exchange to simplify the state machine. */
82#define SSH_SESSION_FLAG_KEXINIT_SENT 4
83
84/* The current SSH2 session implements the "strict KEX" feature and should behave
85 * differently on SSH2_MSG_NEWKEYS. */
86#define SSH_SESSION_FLAG_KEX_STRICT 0x0010
87/* Unexpected packets have been sent while the session was still unencrypted */
88#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
89
90/* codes to use with ssh_handle_packets*() */
91/* Infinite timeout */
92#define SSH_TIMEOUT_INFINITE -1
93/* Use the timeout defined by user if any. Mostly used with new connections */
94#define SSH_TIMEOUT_USER -2
95/* Use the default timeout, depending on ssh_is_blocking() */
96#define SSH_TIMEOUT_DEFAULT -3
97/* Don't block at all */
98#define SSH_TIMEOUT_NONBLOCKING 0
99
100/* options flags */
101/* Authentication with *** allowed */
102#define SSH_OPT_FLAG_PASSWORD_AUTH 0x1
103#define SSH_OPT_FLAG_PUBKEY_AUTH 0x2
104#define SSH_OPT_FLAG_KBDINT_AUTH 0x4
105#define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
106
107/* Escape expansion of different variables */
108#define SSH_OPT_EXP_FLAG_KNOWNHOSTS 0x1
109#define SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS 0x2
110#define SSH_OPT_EXP_FLAG_PROXYCOMMAND 0x4
111#define SSH_OPT_EXP_FLAG_IDENTITY 0x8
112
113/* extensions flags */
114/* negotiation enabled */
115#define SSH_EXT_NEGOTIATION 0x01
116/* server-sig-algs extension */
117#define SSH_EXT_SIG_RSA_SHA256 0x02
118#define SSH_EXT_SIG_RSA_SHA512 0x04
119
120/* members that are common to ssh_session and ssh_bind */
122 struct error_struct error;
123 ssh_callbacks callbacks; /* Callbacks to user functions */
124 int log_verbosity; /* verbosity of the log functions */
125};
126
128 struct ssh_common_struct common;
129 struct ssh_socket_struct *socket;
130 char *serverbanner;
131 char *clientbanner;
132 int protoversion;
133 int server;
134 int client;
135 int openssh;
136 uint32_t send_seq;
137 uint32_t recv_seq;
138 struct ssh_timestamp last_rekey_time;
139
140 int connected;
141 /* !=0 when the user got a session handle */
142 int alive;
143 /* two previous are deprecated */
144 /* int auth_service_asked; */
145
146 /* session flags (SSH_SESSION_FLAG_*) */
147 int flags;
148
149 /* Extensions negotiated using RFC 8308 */
150 uint32_t extensions;
151
152 ssh_string banner; /* that's the issue banner from the server */
153 char *peer_discon_msg; /* disconnect message from the remote host */
154 char *disconnect_message; /* disconnect message to be set */
155 ssh_buffer in_buffer;
156 PACKET in_packet;
157 ssh_buffer out_buffer;
158 struct ssh_list *out_queue; /* This list is used for delaying packets
159 when rekeying is required */
160
161 /* the states are used by the nonblocking stuff to remember */
162 /* where it was before being interrupted */
163 enum ssh_pending_call_e pending_call_state;
164 enum ssh_session_state_e session_state;
165 enum ssh_packet_state_e packet_state;
166 enum ssh_dh_state_e dh_handshake_state;
167 enum ssh_channel_request_state_e global_req_state;
168 struct ssh_agent_state_struct *agent_state;
169
170 struct {
171 struct ssh_auth_auto_state_struct *auto_state;
172 enum ssh_auth_service_state_e service_state;
173 enum ssh_auth_state_e state;
174 uint32_t supported_methods;
175 uint32_t current_method;
176 } auth;
177
178 /* Sending this flag before key exchange to save one round trip during the
179 * key exchange. This might make sense on high-latency connections.
180 * So far internal only for testing. Usable only on the client side --
181 * there is no key exchange method that would start with server message */
182 bool send_first_kex_follows;
183 /*
184 * RFC 4253, 7.1: if the first_kex_packet_follows flag was set in
185 * the received SSH_MSG_KEXINIT, but the guess was wrong, this
186 * field will be set such that the following guessed packet will
187 * be ignored on the receiving side. Once that packet has been received and
188 * ignored, this field is cleared.
189 * On the sending side, this is set after we got peer KEXINIT message and we
190 * need to resend the initial message of the negotiated KEX algorithm.
191 */
192 bool first_kex_follows_guess_wrong;
193
194 ssh_buffer in_hashbuf;
195 ssh_buffer out_hashbuf;
196 struct ssh_crypto_struct *current_crypto;
197 /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
198 struct ssh_crypto_struct *next_crypto;
199
200 struct ssh_list *channels; /* linked list of channels */
201 uint32_t maxchannel;
202 ssh_agent agent; /* ssh agent */
203
204 /* keyboard interactive data */
205 struct ssh_kbdint_struct *kbdint;
206 struct ssh_gssapi_struct *gssapi;
207
208 /* server host keys */
209 struct {
210 ssh_key rsa_key;
211 ssh_key dsa_key;
212 ssh_key ecdsa_key;
213 ssh_key ed25519_key;
214 /* The type of host key wanted by client */
215 enum ssh_keytypes_e hostkey;
216 enum ssh_digest_e hostkey_digest;
217 } srv;
218
219 /* auths accepted by server */
220 struct ssh_list *ssh_message_list; /* list of delayed SSH messages */
221 int (*ssh_message_callback)(struct ssh_session_struct *session,
222 ssh_message msg, void *userdata);
223 void *ssh_message_callback_data;
224 ssh_server_callbacks server_callbacks;
225 void (*ssh_connection_callback)( struct ssh_session_struct *session);
226 struct ssh_packet_callbacks_struct default_packet_callbacks;
227 struct ssh_list *packet_callbacks;
228 struct ssh_socket_callbacks_struct socket_callbacks;
229 ssh_poll_ctx default_poll_ctx;
230 /* options */
231#ifdef WITH_PCAP
232 ssh_pcap_context pcap_ctx; /* pcap debugging context */
233#endif
234 struct {
235 struct ssh_list *identity;
236 struct ssh_list *identity_non_exp;
237 char *username;
238 char *host;
239 char *bindaddr; /* bind the client to an ip addr */
240 char *sshdir;
241 char *knownhosts;
242 char *global_knownhosts;
243 char *wanted_methods[SSH_KEX_METHODS];
244 char *pubkey_accepted_types;
245 char *ProxyCommand;
246 char *custombanner;
247 char *moduli_file;
248 char *agent_socket;
249 unsigned long timeout; /* seconds */
250 unsigned long timeout_usec;
251 uint16_t port;
252 socket_t fd;
253 int StrictHostKeyChecking;
254 char compressionlevel;
255 char *gss_server_identity;
256 char *gss_client_identity;
257 int gss_delegate_creds;
258 int flags;
259 int exp_flags;
260 int nodelay;
261 bool config_processed;
262 uint8_t options_seen[SOC_MAX];
263 uint64_t rekey_data;
264 uint32_t rekey_time;
265 int rsa_min_size;
266 } opts;
267 /* counters */
268 ssh_counter socket_counter;
269 ssh_counter raw_counter;
270};
271
277typedef int (*ssh_termination_function)(void *user);
278int ssh_handle_packets(ssh_session session, int timeout);
279int ssh_handle_packets_termination(ssh_session session,
280 int timeout,
281 ssh_termination_function fct,
282 void *user);
283void ssh_socket_exception_callback(int code, int errno_code, void *user);
284
285#endif /* SESSION_H_ */
Definition priv.h:263
Definition packet.h:29
Definition auth.c:864
Definition agent.h:77
Definition auth.c:1003
Definition buffer.c:48
Definition callbacks.h:144
Definition session.h:121
Definition libssh.h:95
Definition crypto.h:106
Definition gssapi.c:48
Definition auth.h:41
Definition pki.h:54
Definition misc.h:43
Definition messages.h:85
Definition callbacks.h:535
Definition poll.c:76
Definition callbacks.h:306
Definition session.h:127
Definition callbacks.h:383
Definition socket.c:85
Definition string.h:33
Definition misc.h:53