libssh  0.8.7
The SSH library
session.h
1 /*
2  * This file is part of the SSH Library
3  *
4  * Copyright (c) 2009 by Aris Adamantiadis
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19  */
20 
21 #ifndef SESSION_H_
22 #define SESSION_H_
23 #include "libssh/priv.h"
24 #include "libssh/kex.h"
25 #include "libssh/packet.h"
26 #include "libssh/pcap.h"
27 #include "libssh/auth.h"
28 #include "libssh/channels.h"
29 #include "libssh/poll.h"
30 #include <stdbool.h>
31 
32 /* These are the different states a SSH session can be into its life */
33 enum ssh_session_state_e {
34  SSH_SESSION_STATE_NONE=0,
35  SSH_SESSION_STATE_CONNECTING,
36  SSH_SESSION_STATE_SOCKET_CONNECTED,
37  SSH_SESSION_STATE_BANNER_RECEIVED,
38  SSH_SESSION_STATE_INITIAL_KEX,
39  SSH_SESSION_STATE_KEXINIT_RECEIVED,
40  SSH_SESSION_STATE_DH,
41  SSH_SESSION_STATE_AUTHENTICATING,
42  SSH_SESSION_STATE_AUTHENTICATED,
43  SSH_SESSION_STATE_ERROR,
44  SSH_SESSION_STATE_DISCONNECTED
45 };
46 
47 enum ssh_dh_state_e {
48  DH_STATE_INIT=0,
49  DH_STATE_INIT_SENT,
50  DH_STATE_NEWKEYS_SENT,
51  DH_STATE_FINISHED
52 };
53 
54 enum ssh_pending_call_e {
55  SSH_PENDING_CALL_NONE = 0,
56  SSH_PENDING_CALL_CONNECT,
57  SSH_PENDING_CALL_AUTH_NONE,
58  SSH_PENDING_CALL_AUTH_PASSWORD,
59  SSH_PENDING_CALL_AUTH_OFFER_PUBKEY,
60  SSH_PENDING_CALL_AUTH_PUBKEY,
61  SSH_PENDING_CALL_AUTH_AGENT,
62  SSH_PENDING_CALL_AUTH_KBDINT_INIT,
63  SSH_PENDING_CALL_AUTH_KBDINT_SEND,
64  SSH_PENDING_CALL_AUTH_GSSAPI_MIC
65 };
66 
67 /* libssh calls may block an undefined amount of time */
68 #define SSH_SESSION_FLAG_BLOCKING 1
69 
70 /* Client successfully authenticated */
71 #define SSH_SESSION_FLAG_AUTHENTICATED 2
72 
73 /* The KEXINIT message can be sent first by either of the parties so this flag
74  * indicates that the message was already sent to make sure it is sent and avoid
75  * sending it twice during key exchange to simplify the state machine. */
76 #define SSH_SESSION_FLAG_KEXINIT_SENT 4
77 
78 /* The current SSH2 session implements the "strict KEX" feature and should behave
79  * differently on SSH2_MSG_NEWKEYS. */
80 #define SSH_SESSION_FLAG_KEX_STRICT 0x0010
81 /* Unexpected packets have been sent while the session was still unencrypted */
82 #define SSH_SESSION_FLAG_KEX_TAINTED 0x0020
83 
84 /* codes to use with ssh_handle_packets*() */
85 /* Infinite timeout */
86 #define SSH_TIMEOUT_INFINITE -1
87 /* Use the timeout defined by user if any. Mostly used with new connections */
88 #define SSH_TIMEOUT_USER -2
89 /* Use the default timeout, depending on ssh_is_blocking() */
90 #define SSH_TIMEOUT_DEFAULT -3
91 /* Don't block at all */
92 #define SSH_TIMEOUT_NONBLOCKING 0
93 
94 /* options flags */
95 /* Authentication with *** allowed */
96 #define SSH_OPT_FLAG_PASSWORD_AUTH 0x1
97 #define SSH_OPT_FLAG_PUBKEY_AUTH 0x2
98 #define SSH_OPT_FLAG_KBDINT_AUTH 0x4
99 #define SSH_OPT_FLAG_GSSAPI_AUTH 0x8
100 
101 /* extensions flags */
102 /* negotiation enabled */
103 #define SSH_EXT_NEGOTIATION 0x01
104 /* server-sig-algs extension */
105 #define SSH_EXT_SIG_RSA_SHA256 0x02
106 #define SSH_EXT_SIG_RSA_SHA512 0x04
107 
108 /* members that are common to ssh_session and ssh_bind */
109 struct ssh_common_struct {
110  struct error_struct error;
111  ssh_callbacks callbacks; /* Callbacks to user functions */
112  int log_verbosity; /* verbosity of the log functions */
113 };
114 
115 struct ssh_session_struct {
116  struct ssh_common_struct common;
117  struct ssh_socket_struct *socket;
118  char *serverbanner;
119  char *clientbanner;
120  int protoversion;
121  int server;
122  int client;
123  int openssh;
124  uint32_t send_seq;
125  uint32_t recv_seq;
126 
127  int connected;
128  /* !=0 when the user got a session handle */
129  int alive;
130  /* two previous are deprecated */
131  /* int auth_service_asked; */
132 
133  /* session flags (SSH_SESSION_FLAG_*) */
134  int flags;
135 
136  /* Extensions negotiated using RFC 8308 */
137  uint32_t extensions;
138 
139  ssh_string banner; /* that's the issue banner from
140  the server */
141  char *discon_msg; /* disconnect message from
142  the remote host */
143  ssh_buffer in_buffer;
144  PACKET in_packet;
145  ssh_buffer out_buffer;
146 
147  /* the states are used by the nonblocking stuff to remember */
148  /* where it was before being interrupted */
149  enum ssh_pending_call_e pending_call_state;
150  enum ssh_session_state_e session_state;
151  int packet_state;
152  enum ssh_dh_state_e dh_handshake_state;
153  enum ssh_channel_request_state_e global_req_state;
154  struct ssh_agent_state_struct *agent_state;
155 
156  struct {
157  struct ssh_auth_auto_state_struct *auto_state;
158  enum ssh_auth_service_state_e service_state;
159  enum ssh_auth_state_e state;
160  uint32_t supported_methods;
161  uint32_t current_method;
162  } auth;
163 
164  /* Sending this flag before key exchange to save one round trip during the
165  * key exchange. This might make sense on high-latency connections.
166  * So far internal only for testing. Usable only on the client side --
167  * there is no key exchange method that would start with server message */
168  bool send_first_kex_follows;
169  /*
170  * RFC 4253, 7.1: if the first_kex_packet_follows flag was set in
171  * the received SSH_MSG_KEXINIT, but the guess was wrong, this
172  * field will be set such that the following guessed packet will
173  * be ignored on the receiving side. Once that packet has been received and
174  * ignored, this field is cleared.
175  * On the sending side, this is set after we got peer KEXINIT message and we
176  * need to resend the initial message of the negotiated KEX algorithm.
177  */
178  bool first_kex_follows_guess_wrong;
179 
180  ssh_buffer in_hashbuf;
181  ssh_buffer out_hashbuf;
182  struct ssh_crypto_struct *current_crypto;
183  struct ssh_crypto_struct *next_crypto; /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
184 
185  struct ssh_list *channels; /* linked list of channels */
186  int maxchannel;
187  ssh_agent agent; /* ssh agent */
188 
189 /* keyb interactive data */
190  struct ssh_kbdint_struct *kbdint;
191  struct ssh_gssapi_struct *gssapi;
192 
193  /* server host keys */
194  struct {
195  ssh_key rsa_key;
196  ssh_key dsa_key;
197  ssh_key ecdsa_key;
198  ssh_key ed25519_key;
199  /* The type of host key wanted by client */
200  enum ssh_keytypes_e hostkey;
201  } srv;
202 
203  /* auths accepted by server */
204  struct ssh_list *ssh_message_list; /* list of delayed SSH messages */
205  int (*ssh_message_callback)( struct ssh_session_struct *session, ssh_message msg, void *userdata);
206  void *ssh_message_callback_data;
207  ssh_server_callbacks server_callbacks;
208  void (*ssh_connection_callback)( struct ssh_session_struct *session);
209  struct ssh_packet_callbacks_struct default_packet_callbacks;
210  struct ssh_list *packet_callbacks;
211  struct ssh_socket_callbacks_struct socket_callbacks;
212  ssh_poll_ctx default_poll_ctx;
213  /* options */
214 #ifdef WITH_PCAP
215  ssh_pcap_context pcap_ctx; /* pcap debugging context */
216 #endif
217  struct {
218  struct ssh_list *identity;
219  char *username;
220  char *host;
221  char *bindaddr; /* bind the client to an ip addr */
222  char *sshdir;
223  char *knownhosts;
224  char *global_knownhosts;
225  char *wanted_methods[10];
226  char *pubkey_accepted_types;
227  char *ProxyCommand;
228  char *custombanner;
229  unsigned long timeout; /* seconds */
230  unsigned long timeout_usec;
231  unsigned int port;
232  socket_t fd;
233  int StrictHostKeyChecking;
234  char compressionlevel;
235  char *gss_server_identity;
236  char *gss_client_identity;
237  int gss_delegate_creds;
238  int flags;
239  int nodelay;
240  } opts;
241  /* counters */
242  ssh_counter socket_counter;
243  ssh_counter raw_counter;
244 };
245 
251 typedef int (*ssh_termination_function)(void *user);
252 int ssh_handle_packets(ssh_session session, int timeout);
253 int ssh_handle_packets_termination(ssh_session session, int timeout,
254  ssh_termination_function fct, void *user);
255 void ssh_socket_exception_callback(int code, int errno_code, void *user);
256 
257 #endif /* SESSION_H_ */
ssh_key_struct
Definition: pki.h:42
ssh_socket_callbacks_struct
Definition: callbacks.h:378
ssh_kbdint_struct
Definition: auth.h:37
ssh_crypto_struct
Definition: crypto.h:84
ssh_agent_struct
Definition: agent.h:73
ssh_callbacks_struct
Definition: callbacks.h:142
ssh_message_struct
Definition: messages.h:84
ssh_poll_ctx_struct
Definition: poll.c:76
ssh_packet_callbacks_struct
Definition: callbacks.h:530
ssh_session_struct
Definition: session.h:115
ssh_gssapi_struct
Definition: gssapi.c:48
packet_struct
Definition: packet.h:29
ssh_auth_auto_state_struct
Definition: auth.c:980
ssh_list
Definition: misc.h:38
ssh_server_callbacks_struct
Definition: callbacks.h:304
ssh_string_struct
Definition: string.h:29
ssh_agent_state_struct
Definition: auth.c:842
error_struct
Definition: priv.h:227
ssh_socket_struct
Definition: socket.c:76
ssh_common_struct
Definition: session.h:109
ssh_buffer_struct
Definition: buffer.c:47
ssh_counter_struct
Definition: libssh.h:108
Generated by   doxygen 1.8.13