libssh-rs-sys 0.2.6

Native bindings to the libssh library
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301

/*
 * This file is part of the SSH Library
 *
 * Copyright (c) 2009 by Aris Adamantiadis
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 */

#ifndef SESSION_H_
#define SESSION_H_
#include <stdbool.h>

#include "libssh/priv.h"
#include "libssh/callbacks.h"
#include "libssh/kex.h"
#include "libssh/packet.h"
#include "libssh/pcap.h"
#include "libssh/auth.h"
#include "libssh/channels.h"
#include "libssh/poll.h"
#include "libssh/config.h"
#include "libssh/misc.h"

/* These are the different states a SSH session can be into its life */
enum ssh_session_state_e {
	SSH_SESSION_STATE_NONE=0,
	SSH_SESSION_STATE_CONNECTING,
	SSH_SESSION_STATE_SOCKET_CONNECTED,
	SSH_SESSION_STATE_BANNER_RECEIVED,
	SSH_SESSION_STATE_INITIAL_KEX,
	SSH_SESSION_STATE_KEXINIT_RECEIVED,
	SSH_SESSION_STATE_DH,
	SSH_SESSION_STATE_AUTHENTICATING,
	SSH_SESSION_STATE_AUTHENTICATED,
	SSH_SESSION_STATE_ERROR,
	SSH_SESSION_STATE_DISCONNECTED
};

enum ssh_dh_state_e {
  DH_STATE_INIT=0,
  DH_STATE_GROUP_SENT,
  DH_STATE_REQUEST_SENT,
  DH_STATE_INIT_SENT,
  DH_STATE_NEWKEYS_SENT,
  DH_STATE_FINISHED
};

enum ssh_pending_call_e {
	SSH_PENDING_CALL_NONE = 0,
	SSH_PENDING_CALL_CONNECT,
	SSH_PENDING_CALL_AUTH_NONE,
	SSH_PENDING_CALL_AUTH_PASSWORD,
	SSH_PENDING_CALL_AUTH_OFFER_PUBKEY,
	SSH_PENDING_CALL_AUTH_PUBKEY,
	SSH_PENDING_CALL_AUTH_AGENT,
	SSH_PENDING_CALL_AUTH_KBDINT_INIT,
	SSH_PENDING_CALL_AUTH_KBDINT_SEND,
	SSH_PENDING_CALL_AUTH_GSSAPI_MIC
};

/* libssh calls may block an undefined amount of time */
#define SSH_SESSION_FLAG_BLOCKING 0x0001

/* Client successfully authenticated */
#define SSH_SESSION_FLAG_AUTHENTICATED 0x0002

/* Do not accept new session channels (no-more-sessions@openssh.com) */
#define SSH_SESSION_FLAG_NO_MORE_SESSIONS 0x0004

/* The KEXINIT message can be sent first by either of the parties so this flag
 * indicates that the message was already sent to make sure it is sent and avoid
 * sending it twice during key exchange to simplify the state machine. */
#define SSH_SESSION_FLAG_KEXINIT_SENT 0x0008

/* The current SSH2 session implements the "strict KEX" feature and should behave
 * differently on SSH2_MSG_NEWKEYS. */
#define SSH_SESSION_FLAG_KEX_STRICT 0x0010
/* Unexpected packets have been sent while the session was still unencrypted */
#define SSH_SESSION_FLAG_KEX_TAINTED 0x0020

/* codes to use with ssh_handle_packets*() */
/* Infinite timeout */
#define SSH_TIMEOUT_INFINITE -1
/* Use the timeout defined by user if any. Mostly used with new connections */
#define SSH_TIMEOUT_USER -2
/* Use the default timeout, depending on ssh_is_blocking() */
#define SSH_TIMEOUT_DEFAULT -3
/* Don't block at all */
#define SSH_TIMEOUT_NONBLOCKING 0

/* options flags */
/* Authentication with *** allowed */
#define SSH_OPT_FLAG_PASSWORD_AUTH 0x1
#define SSH_OPT_FLAG_PUBKEY_AUTH 0x2
#define SSH_OPT_FLAG_KBDINT_AUTH 0x4
#define SSH_OPT_FLAG_GSSAPI_AUTH 0x8

/* Escape expansion of different variables */
#define SSH_OPT_EXP_FLAG_KNOWNHOSTS 0x1
#define SSH_OPT_EXP_FLAG_GLOBAL_KNOWNHOSTS 0x2
#define SSH_OPT_EXP_FLAG_PROXYCOMMAND 0x4
#define SSH_OPT_EXP_FLAG_IDENTITY 0x8
#define SSH_OPT_EXP_FLAG_CONTROL_PATH 0x10

/* extensions flags */
/* negotiation enabled */
#define SSH_EXT_NEGOTIATION     0x01
/* server-sig-algs extension */
#define SSH_EXT_SIG_RSA_SHA256  0x02
#define SSH_EXT_SIG_RSA_SHA512  0x04

/* members that are common to ssh_session and ssh_bind */
struct ssh_common_struct {
    struct error_struct error;
    ssh_callbacks callbacks; /* Callbacks to user functions */
    int log_verbosity; /* verbosity of the log functions */
};

struct ssh_session_struct {
    struct ssh_common_struct common;
    struct ssh_socket_struct *socket;
    char *serverbanner;
    char *clientbanner;
    int protoversion;
    int server;
    int client;
    int openssh;
    uint32_t send_seq;
    uint32_t recv_seq;
    struct ssh_timestamp last_rekey_time;
    bool proxy_root;

    int connected;
    /* !=0 when the user got a session handle */
    int alive;
    /* two previous are deprecated */
    /* int auth_service_asked; */

    /* session flags (SSH_SESSION_FLAG_*) */
    int flags;

    /* Extensions negotiated using RFC 8308 */
    uint32_t extensions;

    ssh_string banner; /* that's the issue banner from the server */
    char *peer_discon_msg; /* disconnect message from the remote host */
    char *disconnect_message; /* disconnect message to be set */
    ssh_buffer in_buffer;
    PACKET in_packet;
    ssh_buffer out_buffer;
    struct ssh_list *out_queue; /* This list is used for delaying packets
                                   when rekeying is required */

    /* the states are used by the nonblocking stuff to remember */
    /* where it was before being interrupted */
    enum ssh_pending_call_e pending_call_state;
    enum ssh_session_state_e session_state;
    enum ssh_packet_state_e packet_state;
    enum ssh_dh_state_e dh_handshake_state;
    enum ssh_channel_request_state_e global_req_state;
    struct ssh_agent_state_struct *agent_state;

    struct {
        struct ssh_auth_auto_state_struct *auto_state;
        enum ssh_auth_service_state_e service_state;
        enum ssh_auth_state_e state;
        uint32_t supported_methods;
        uint32_t current_method;
    } auth;

    /* Sending this flag before key exchange to save one round trip during the
     * key exchange. This might make sense on high-latency connections.
     * So far internal only for testing. Usable only on the client side --
     * there is no key exchange method that would start with server message */
    bool send_first_kex_follows;
    /*
     * RFC 4253, 7.1: if the first_kex_packet_follows flag was set in
     * the received SSH_MSG_KEXINIT, but the guess was wrong, this
     * field will be set such that the following guessed packet will
     * be ignored on the receiving side.  Once that packet has been received and
     * ignored, this field is cleared.
     * On the sending side, this is set after we got peer KEXINIT message and we
     * need to resend the initial message of the negotiated KEX algorithm.
     */
    bool first_kex_follows_guess_wrong;

    ssh_buffer in_hashbuf;
    ssh_buffer out_hashbuf;
    struct ssh_crypto_struct *current_crypto;
    /* next_crypto is going to be used after a SSH2_MSG_NEWKEYS */
    struct ssh_crypto_struct *next_crypto;

    struct ssh_list *channels; /* linked list of channels */
    uint32_t maxchannel;
    ssh_agent agent; /* ssh agent */

    /* keyboard interactive data */
    struct ssh_kbdint_struct *kbdint;
    struct ssh_gssapi_struct *gssapi;

    /* server host keys */
    struct {
        ssh_key rsa_key;
        ssh_key ecdsa_key;
        ssh_key ed25519_key;
        /* The type of host key wanted by client */
        enum ssh_keytypes_e hostkey;
        enum ssh_digest_e hostkey_digest;
    } srv;

    /* auths accepted by server */
    struct ssh_list *ssh_message_list; /* list of delayed SSH messages */
    int (*ssh_message_callback)(struct ssh_session_struct *session,
                                ssh_message msg, void *userdata);
    void *ssh_message_callback_data;
    ssh_server_callbacks server_callbacks;
    void (*ssh_connection_callback)( struct ssh_session_struct *session);
    struct ssh_packet_callbacks_struct default_packet_callbacks;
    struct ssh_list *packet_callbacks;
    struct ssh_socket_callbacks_struct socket_callbacks;
    ssh_poll_ctx default_poll_ctx;
    /* options */
#ifdef WITH_PCAP
    ssh_pcap_context pcap_ctx; /* pcap debugging context */
#endif
    struct {
        struct ssh_list *identity;
        struct ssh_list *identity_non_exp;
        struct ssh_list *certificate;
        struct ssh_list *certificate_non_exp;
        struct ssh_list *proxy_jumps;
        struct ssh_list *proxy_jumps_user_cb;
        char *username;
        char *host;
        char *bindaddr; /* bind the client to an ip addr */
        char *sshdir;
        char *knownhosts;
        char *global_knownhosts;
        char *wanted_methods[SSH_KEX_METHODS];
        char *pubkey_accepted_types;
        char *ProxyCommand;
        char *agent_socket;
        unsigned long timeout; /* seconds */
        unsigned long timeout_usec;
        uint16_t port;
        socket_t fd;
        int StrictHostKeyChecking;
        char compressionlevel;
        char *gss_server_identity;
        char *gss_client_identity;
        int gss_delegate_creds;
        int flags;
        int exp_flags;
        int nodelay;
        bool config_processed;
        uint8_t options_seen[SOC_MAX];
        uint64_t rekey_data;
        uint32_t rekey_time;
        int rsa_min_size;
        bool identities_only;
        int control_master;
        char *control_path;
    } opts;

    /* server options */
    struct {
        char *custombanner;
        char *moduli_file;
    } server_opts;

    /* counters */
    ssh_counter socket_counter;
    ssh_counter raw_counter;
};

/** @internal
 * @brief a termination function evaluates the status of an object
 * @param user[in] object to evaluate
 * @returns 1 if the polling routine should terminate, 0 instead
 */
typedef int (*ssh_termination_function)(void *user);
int ssh_handle_packets(ssh_session session, int timeout);
int ssh_handle_packets_termination(ssh_session session,
                                   int timeout,
                                   ssh_termination_function fct,
                                   void *user);
void ssh_socket_exception_callback(int code, int errno_code, void *user);

#endif /* SESSION_H_ */