version 1.117, 2005/06/17 02:44:32 |
version 1.118, 2005/07/25 11:59:39 |
|
|
/* Set to true if the connection is interactive. */ |
/* Set to true if the connection is interactive. */ |
static int interactive_mode = 0; |
static int interactive_mode = 0; |
|
|
|
/* Set to true if we are the server side. */ |
|
static int server_side = 0; |
|
|
|
/* Set to true if we are authenticated. */ |
|
static int after_authentication = 0; |
|
|
/* Session key information for Encryption and MAC */ |
/* Session key information for Encryption and MAC */ |
Newkeys *newkeys[MODE_MAX]; |
Newkeys *newkeys[MODE_MAX]; |
static struct packet_state { |
static struct packet_state { |
|
|
/* Deleting the keys does not gain extra security */ |
/* Deleting the keys does not gain extra security */ |
/* memset(enc->iv, 0, enc->block_size); |
/* memset(enc->iv, 0, enc->block_size); |
memset(enc->key, 0, enc->key_len); */ |
memset(enc->key, 0, enc->key_len); */ |
if (comp->type != 0 && comp->enabled == 0) { |
if ((comp->type == COMP_ZLIB || |
|
(comp->type == COMP_DELAYED && after_authentication)) && |
|
comp->enabled == 0) { |
packet_init_compression(); |
packet_init_compression(); |
if (mode == MODE_OUT) |
if (mode == MODE_OUT) |
buffer_compress_init_send(6); |
buffer_compress_init_send(6); |
|
|
} |
} |
|
|
/* |
/* |
|
* Delayed compression for SSH2 is enabled after authentication: |
|
* This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent, |
|
* and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received. |
|
*/ |
|
static void |
|
packet_enable_delayed_compress(void) |
|
{ |
|
Comp *comp = NULL; |
|
int mode; |
|
|
|
/* |
|
* Remember that we are past the authentication step, so rekeying |
|
* with COMP_DELAYED will turn on compression immediately. |
|
*/ |
|
after_authentication = 1; |
|
for (mode = 0; mode < MODE_MAX; mode++) { |
|
comp = &newkeys[mode]->comp; |
|
if (comp && !comp->enabled && comp->type == COMP_DELAYED) { |
|
if (mode == MODE_OUT) |
|
buffer_compress_init_send(6); |
|
else |
|
buffer_compress_init_recv(); |
|
comp->enabled = 1; |
|
} |
|
} |
|
} |
|
|
|
/* |
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) |
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) |
*/ |
*/ |
static void |
static void |
|
|
|
|
if (type == SSH2_MSG_NEWKEYS) |
if (type == SSH2_MSG_NEWKEYS) |
set_newkeys(MODE_OUT); |
set_newkeys(MODE_OUT); |
|
else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side) |
|
packet_enable_delayed_compress(); |
} |
} |
|
|
static void |
static void |
|
|
packet_disconnect("Invalid ssh2 packet type: %d", type); |
packet_disconnect("Invalid ssh2 packet type: %d", type); |
if (type == SSH2_MSG_NEWKEYS) |
if (type == SSH2_MSG_NEWKEYS) |
set_newkeys(MODE_IN); |
set_newkeys(MODE_IN); |
|
else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side) |
|
packet_enable_delayed_compress(); |
#ifdef PACKET_DEBUG |
#ifdef PACKET_DEBUG |
fprintf(stderr, "read/plain[%d]:\r\n", type); |
fprintf(stderr, "read/plain[%d]:\r\n", type); |
buffer_dump(&incoming_packet); |
buffer_dump(&incoming_packet); |
|
|
packet_set_rekey_limit(u_int32_t bytes) |
packet_set_rekey_limit(u_int32_t bytes) |
{ |
{ |
rekey_limit = bytes; |
rekey_limit = bytes; |
|
} |
|
|
|
void |
|
packet_set_server(void) |
|
{ |
|
server_side = 1; |
|
} |
|
|
|
void |
|
packet_set_authenticated(void) |
|
{ |
|
after_authentication = 1; |
} |
} |