openssh/packet.h

221 lines
7.5 KiB
C
Raw Normal View History

1999-10-27 03:42:43 +00:00
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* Interface for the packet protocol functions.
*
- (djm) Merge OpenBSD changes: - markus@cvs.openbsd.org 2000/09/05 02:59:57 [session.c] print hostname (not hushlogin) - markus@cvs.openbsd.org 2000/09/05 13:18:48 [authfile.c ssh-add.c] enable ssh-add -d for DSA keys - markus@cvs.openbsd.org 2000/09/05 13:20:49 [sftp-server.c] cleanup - markus@cvs.openbsd.org 2000/09/06 03:46:41 [authfile.h] prototype - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 [ALL] cleanup copyright notices on all files. I have attempted to be accurate with the details. everything is now under Tatu's licence (which I copied from his readme), and/or the core-sdi bsd-ish thing for deattack, or various openbsd developers under a 2-term bsd licence. We're not changing any rules, just being accurate. - markus@cvs.openbsd.org 2000/09/07 14:40:30 [channels.c channels.h clientloop.c serverloop.c ssh.c] cleanup window and packet sizes for ssh2 flow control; ok niels - markus@cvs.openbsd.org 2000/09/07 14:53:00 [scp.c] typo - markus@cvs.openbsd.org 2000/09/07 15:13:37 [auth-options.c auth-options.h auth-rh-rsa.c auth-rsa.c auth.c] [authfile.h canohost.c channels.h compat.c hostfile.h log.c match.h] [pty.c readconf.c] some more Copyright fixes - markus@cvs.openbsd.org 2000/09/08 03:02:51 [README.openssh2] bye bye - deraadt@cvs.openbsd.org 2000/09/11 18:38:33 [LICENCE cipher.c] a few more comments about it being ARC4 not RC4 - markus@cvs.openbsd.org 2000/09/12 14:53:11 [log-client.c log-server.c log.c ssh.1 ssh.c ssh.h sshd.8 sshd.c] multiple debug levels - markus@cvs.openbsd.org 2000/09/14 14:25:15 [clientloop.c] typo - deraadt@cvs.openbsd.org 2000/09/15 01:13:51 [ssh-agent.c] check return value for setenv(3) for failure, and deal appropriately
2000-09-16 02:29:08 +00:00
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*/
/* RCSID("$OpenBSD: packet.h,v 1.23 2001/05/28 23:58:35 markus Exp $"); */
1999-10-27 03:42:43 +00:00
#ifndef PACKET_H
#define PACKET_H
#include <openssl/bn.h>
/*
* Sets the socket used for communication. Disables encryption until
* packet_set_encryption_key is called. It is permissible that fd_in and
* fd_out are the same descriptor; in that case it is assumed to be a socket.
*/
void packet_set_connection(int fd_in, int fd_out);
1999-10-27 03:42:43 +00:00
/* Puts the connection file descriptors into non-blocking mode. */
void packet_set_nonblocking(void);
1999-10-27 03:42:43 +00:00
/* Returns the file descriptor used for input. */
int packet_get_connection_in(void);
1999-10-27 03:42:43 +00:00
/* Returns the file descriptor used for output. */
int packet_get_connection_out(void);
1999-10-27 03:42:43 +00:00
/*
* Closes the connection (both descriptors) and clears and frees internal
* data structures.
*/
void packet_close(void);
1999-10-27 03:42:43 +00:00
/*
* Causes any further packets to be encrypted using the given key. The same
* key is used for both sending and reception. However, both directions are
* encrypted independently of each other. Cipher types are defined in ssh.h.
*/
void
packet_set_encryption_key(const u_char *key, u_int keylen,
int cipher_type);
1999-10-27 03:42:43 +00:00
/*
* Sets remote side protocol flags for the current connection. This can be
* called at any time.
*/
void packet_set_protocol_flags(u_int flags);
1999-10-27 03:42:43 +00:00
/* Returns the remote protocol flags set earlier by the above function. */
u_int packet_get_protocol_flags(void);
1999-10-27 03:42:43 +00:00
/* Enables compression in both directions starting from the next packet. */
void packet_start_compression(int level);
1999-10-27 03:42:43 +00:00
/*
* Informs that the current session is interactive. Sets IP flags for
* optimal performance in interactive use.
*/
NOTE: This update changes the RSA key generation. *NEW RSA KEYS NEED TO BE GENERATED* =) Refer to to entry "2001/01/16 19:20:06" for more details. 20010118 - (bal) Super Sized OpenBSD Resync - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus [sshd.c] maxfd+1 - markus@cvs.openbsd.org 2001/01/13 17:59:18 [ssh-keygen.1] small ssh-keygen manpage cleanup; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:03:07 [scp.c ssh-keygen.c sshd.c] getopt() returns -1 not EOF; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:06:54 [ssh-keyscan.c] use SSH_DEFAULT_PORT; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:12:47 [ssh-keyscan.c] free() -> xfree(); fix memory leak; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:14:13 [ssh-add.c] typo, from stevesk@sweden.hp.com - markus@cvs.openbsd.org 2001/01/13 18:32:50 [packet.c session.c ssh.c sshconnect.c sshd.c] split out keepalive from packet_interactive (from dale@accentre.com) set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. - markus@cvs.openbsd.org 2001/01/13 18:36:45 [packet.c packet.h] reorder, typo - markus@cvs.openbsd.org 2001/01/13 18:38:00 [auth-options.c] fix comment - markus@cvs.openbsd.org 2001/01/13 18:43:31 [session.c] Wall - markus@cvs.openbsd.org 2001/01/13 19:14:08 [clientloop.h clientloop.c ssh.c] move callback to headerfile - markus@cvs.openbsd.org 2001/01/15 21:40:10 [ssh.c] use log() instead of stderr - markus@cvs.openbsd.org 2001/01/15 21:43:51 [dh.c] use error() not stderr! - markus@cvs.openbsd.org 2001/01/15 21:45:29 [sftp-server.c] rename must fail if newpath exists, debug off by default - markus@cvs.openbsd.org 2001/01/15 21:46:38 [sftp-server.c] readable long listing for sftp-server, ok deraadt@ - markus@cvs.openbsd.org 2001/01/16 19:20:06 [key.c ssh-rsa.c] make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com. note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768. - markus@cvs.openbsd.org 2001/01/16 20:54:27 [sftp-server.c] remove some statics. simpler handles; idea from nisse@lysator.liu.se - deraadt@cvs.openbsd.org 2001/01/16 23:58:08 [bufaux.c radix.c sshconnect.h sshconnect1.c] indent - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may be missing such feature.
2001-01-18 02:04:35 +00:00
void packet_set_interactive(int interactive);
1999-10-27 03:42:43 +00:00
/* Returns true if the current connection is interactive. */
int packet_is_interactive(void);
1999-10-27 03:42:43 +00:00
/* Starts constructing a packet to send. */
void packet_start(u_char type);
1999-10-27 03:42:43 +00:00
/* Appends a character to the packet data. */
void packet_put_char(int ch);
1999-10-27 03:42:43 +00:00
/* Appends an integer to the packet data. */
void packet_put_int(u_int value);
1999-10-27 03:42:43 +00:00
/* Appends an arbitrary precision integer to packet data. */
void packet_put_bignum(BIGNUM * value);
void packet_put_bignum2(BIGNUM * value);
1999-10-27 03:42:43 +00:00
/* Appends a string to packet data. */
void packet_put_string(const char *buf, u_int len);
void packet_put_cstring(const char *str);
void packet_put_raw(const char *buf, u_int len);
1999-10-27 03:42:43 +00:00
/*
* Finalizes and sends the packet. If the encryption key has been set,
* encrypts the packet before sending.
*/
void packet_send(void);
1999-10-27 03:42:43 +00:00
/* Waits until a packet has been received, and returns its type. */
int packet_read(int *payload_len_ptr);
1999-10-27 03:42:43 +00:00
/*
* Waits until a packet has been received, verifies that its type matches
* that given, and gives a fatal error and exits if there is a mismatch.
*/
void packet_read_expect(int *payload_len_ptr, int type);
1999-10-27 03:42:43 +00:00
/*
* Checks if a full packet is available in the data received so far via
* packet_process_incoming. If so, reads the packet; otherwise returns
* SSH_MSG_NONE. This does not wait for data from the connection.
* SSH_MSG_DISCONNECT is handled specially here. Also, SSH_MSG_IGNORE
* messages are skipped by this function and are never returned to higher
* levels.
*/
int packet_read_poll(int *packet_len_ptr);
1999-10-27 03:42:43 +00:00
/*
* Buffers the given amount of input characters. This is intended to be used
* together with packet_read_poll.
*/
void packet_process_incoming(const char *buf, u_int len);
1999-10-27 03:42:43 +00:00
/* Returns a character (0-255) from the packet data. */
u_int packet_get_char(void);
1999-10-27 03:42:43 +00:00
/* Returns an integer from the packet data. */
u_int packet_get_int(void);
1999-10-27 03:42:43 +00:00
/*
* Returns an arbitrary precision integer from the packet data. The integer
* must have been initialized before this call.
*/
void packet_get_bignum(BIGNUM * value, int *length_ptr);
void packet_get_bignum2(BIGNUM * value, int *length_ptr);
char *packet_get_raw(int *length_ptr);
1999-10-27 03:42:43 +00:00
/*
* Returns a string from the packet data. The string is allocated using
* xmalloc; it is the responsibility of the calling program to free it when
* no longer needed. The length_ptr argument may be NULL, or point to an
* integer into which the length of the string is stored.
*/
char *packet_get_string(u_int *length_ptr);
1999-10-27 03:42:43 +00:00
/*
* Logs the error in syslog using LOG_INFO, constructs and sends a disconnect
* packet, closes the connection, and exits. This function never returns.
* The error message should not contain a newline. The total length of the
* message must not exceed 1024 bytes.
*/
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
1999-10-27 03:42:43 +00:00
/*
* Sends a diagnostic message to the other side. This message can be sent at
* any time (but not while constructing another message). The message is
* printed immediately, but only if the client is being executed in verbose
* mode. These messages are primarily intended to ease debugging
* authentication problems. The total length of the message must not exceed
* 1024 bytes. This will automatically call packet_write_wait. If the
* remote side protocol flags do not indicate that it supports SSH_MSG_DEBUG,
* this will do nothing.
*/
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
1999-10-27 03:42:43 +00:00
/* Checks if there is any buffered output, and tries to write some of the output. */
void packet_write_poll(void);
1999-10-27 03:42:43 +00:00
/* Waits until all pending output data has been written. */
void packet_write_wait(void);
1999-10-27 03:42:43 +00:00
/* Returns true if there is buffered data to write to the connection. */
int packet_have_data_to_write(void);
1999-10-27 03:42:43 +00:00
/* Returns true if there is not too much data to write to the connection. */
int packet_not_very_much_data_to_write(void);
1999-10-27 03:42:43 +00:00
/* maximum packet size, requested by client with SSH_CMSG_MAX_PACKET_SIZE */
extern int max_packet_size;
int packet_set_maxsize(int s);
#define packet_get_maxsize() max_packet_size
/* Stores tty modes from the fd or tiop into current packet. */
void tty_make_modes(int fd, struct termios *tiop);
1999-10-27 03:42:43 +00:00
/* Parses tty modes for the fd from the current packet. */
void tty_parse_modes(int fd, int *n_bytes_ptr);
1999-10-27 03:42:43 +00:00
#define packet_integrity_check(payload_len, expected_len, type) \
do { \
int _p = (payload_len), _e = (expected_len); \
if (_p != _e) { \
log("Packet integrity error (%d != %d) at %s:%d", \
_p, _e, __FILE__, __LINE__); \
packet_disconnect("Packet integrity error. (%d)", (type)); \
} \
} while (0)
#define packet_done() \
do { \
int _len = packet_remaining(); \
if (_len > 0) { \
log("Packet integrity error (%d bytes remaining) at %s:%d", \
_len ,__FILE__, __LINE__); \
packet_disconnect("Packet integrity error."); \
} \
} while (0)
/* remote host is connected via a socket/ipv4 */
int packet_connection_is_on_socket(void);
int packet_connection_is_ipv4(void);
/* returns remaining payload bytes */
int packet_remaining(void);
/* append an ignore message */
void packet_send_ignore(int nbytes);
/* add an ignore message and make sure size (current+ignore) = n*sumlen */
void packet_inject_ignore(int sumlen);
#endif /* PACKET_H */