1 
2 /***************************************************************************
3  * opensshlib.h -- header file containing generic structure that is being  *
4  * passed along all hooked OpenSSH functions to track Ncrack state for the *
5  * SSH module.                                                             *
6  *                                                                         *
7  ***********************IMPORTANT NMAP LICENSE TERMS************************
8  *                                                                         *
9  * The Nmap Security Scanner is (C) 1996-2019 Insecure.Com LLC ("The Nmap  *
10  * Project"). Nmap is also a registered trademark of the Nmap Project.     *
11  * This program is free software; you may redistribute and/or modify it    *
12  * under the terms of the GNU General Public License as published by the   *
13  * Free Software Foundation; Version 2 ("GPL"), BUT ONLY WITH ALL OF THE   *
14  * CLARIFICATIONS AND EXCEPTIONS DESCRIBED HEREIN.  This guarantees your   *
15  * right to use, modify, and redistribute this software under certain      *
16  * conditions.  If you wish to embed Nmap technology into proprietary      *
17  * software, we sell alternative licenses (contact sales@nmap.com).        *
18  * Dozens of software vendors already license Nmap technology such as      *
19  * host discovery, port scanning, OS detection, version detection, and     *
20  * the Nmap Scripting Engine.                                              *
21  *                                                                         *
22  * Note that the GPL places important restrictions on "derivative works",  *
23  * yet it does not provide a detailed definition of that term.  To avoid   *
24  * misunderstandings, we interpret that term as broadly as copyright law   *
25  * allows.  For example, we consider an application to constitute a        *
26  * derivative work for the purpose of this license if it does any of the   *
27  * following with any software or content covered by this license          *
28  * ("Covered Software"):                                                   *
29  *                                                                         *
30  * o Integrates source code from Covered Software.                         *
31  *                                                                         *
32  * o Reads or includes copyrighted data files, such as Nmap's nmap-os-db   *
33  * or nmap-service-probes.                                                 *
34  *                                                                         *
35  * o Is designed specifically to execute Covered Software and parse the    *
36  * results (as opposed to typical shell or execution-menu apps, which will *
37  * execute anything you tell them to).                                     *
38  *                                                                         *
39  * o Includes Covered Software in a proprietary executable installer.  The *
40  * installers produced by InstallShield are an example of this.  Including *
41  * Nmap with other software in compressed or archival form does not        *
42  * trigger this provision, provided appropriate open source decompression  *
43  * or de-archiving software is widely available for no charge.  For the    *
44  * purposes of this license, an installer is considered to include Covered *
45  * Software even if it actually retrieves a copy of Covered Software from  *
46  * another source during runtime (such as by downloading it from the       *
47  * Internet).                                                              *
48  *                                                                         *
49  * o Links (statically or dynamically) to a library which does any of the  *
50  * above.                                                                  *
51  *                                                                         *
52  * o Executes a helper program, module, or script to do any of the above.  *
53  *                                                                         *
54  * This list is not exclusive, but is meant to clarify our interpretation  *
55  * of derived works with some common examples.  Other people may interpret *
56  * the plain GPL differently, so we consider this a special exception to   *
57  * the GPL that we apply to Covered Software.  Works which meet any of     *
58  * these conditions must conform to all of the terms of this license,      *
59  * particularly including the GPL Section 3 requirements of providing      *
60  * source code and allowing free redistribution of the work as a whole.    *
61  *                                                                         *
62  * As another special exception to the GPL terms, the Nmap Project grants  *
63  * permission to link the code of this program with any version of the     *
64  * OpenSSL library which is distributed under a license identical to that  *
65  * listed in the included docs/licenses/OpenSSL.txt file, and distribute   *
66  * linked combinations including the two.                                  *
67  *                                                                         *
68  * The Nmap Project has permission to redistribute Npcap, a packet         *
69  * capturing driver and library for the Microsoft Windows platform.        *
70  * Npcap is a separate work with it's own license rather than this Nmap    *
71  * license.  Since the Npcap license does not permit redistribution        *
72  * without special permission, our Nmap Windows binary packages which      *
73  * contain Npcap may not be redistributed without special permission.      *
74  *                                                                         *
75  * Any redistribution of Covered Software, including any derived works,    *
76  * must obey and carry forward all of the terms of this license, including *
77  * obeying all GPL rules and restrictions.  For example, source code of    *
78  * the whole work must be provided and free redistribution must be         *
79  * allowed.  All GPL references to "this License", are to be treated as    *
80  * including the terms and conditions of this license text as well.        *
81  *                                                                         *
82  * Because this license imposes special exceptions to the GPL, Covered     *
83  * Work may not be combined (even as part of a larger work) with plain GPL *
84  * software.  The terms, conditions, and exceptions of this license must   *
85  * be included as well.  This license is incompatible with some other open *
86  * source licenses as well.  In some cases we can relicense portions of    *
87  * Nmap or grant special permissions to use it in other open source        *
88  * software.  Please contact fyodor@nmap.org with any such requests.       *
89  * Similarly, we don't incorporate incompatible open source software into  *
90  * Covered Software without special permission from the copyright holders. *
91  *                                                                         *
92  * If you have any questions about the licensing restrictions on using     *
93  * Nmap in other works, we are happy to help.  As mentioned above, we also *
94  * offer an alternative license to integrate Nmap into proprietary         *
95  * applications and appliances.  These contracts have been sold to dozens  *
96  * of software vendors, and generally include a perpetual license as well  *
97  * as providing support and updates.  They also fund the continued         *
98  * development of Nmap.  Please email sales@nmap.com for further           *
99  * information.                                                            *
100  *                                                                         *
101  * If you have received a written license agreement or contract for        *
102  * Covered Software stating terms other than these, you may choose to use  *
103  * and redistribute Covered Software under those terms instead of these.   *
104  *                                                                         *
105  * Source is provided to this software because we believe users have a     *
106  * right to know exactly what a program is going to do before they run it. *
107  * This also allows you to audit the software for security holes.          *
108  *                                                                         *
109  * Source code also allows you to port Nmap to new platforms, fix bugs,    *
110  * and add new features.  You are highly encouraged to send your changes   *
111  * to the dev@nmap.org mailing list for possible incorporation into the    *
112  * main distribution.  By sending these changes to Fyodor or one of the    *
113  * Insecure.Org development mailing lists, or checking them into the Nmap  *
114  * source code repository, it is understood (unless you specify            *
115  * otherwise) that you are offering the Nmap Project the unlimited,        *
116  * non-exclusive right to reuse, modify, and relicense the code.  Nmap     *
117  * will always be available Open Source, but this is important because     *
118  * the inability to relicense code has caused devastating problems for     *
119  * other Free Software projects (such as KDE and NASM).  We also           *
120  * occasionally relicense the code to third parties as discussed above.    *
121  * If you wish to specify special license conditions of your               *
122  * contributions, just say so when you send them.                          *
123  *                                                                         *
124  * This program is distributed in the hope that it will be useful, but     *
125  * WITHOUT ANY WARRANTY; without even the implied warranty of              *
126  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the Nmap      *
127  * license file for more details (it's in a COPYING file included with     *
128  * Nmap, and also available from https://svn.nmap.org/nmap/COPYING)        *
129  *                                                                         *
130  ***************************************************************************/
131 
132 
133 
134 #ifndef OPENSSHLIB_H
135 #define OPENSSHLIB_H
136 
137 #include "buffer.h"
138 #include "sshbuf.h"
139 #include "cipher.h"
140 #include "ssh1.h"
141 
142 #ifdef __cplusplus
143 extern "C" {
144 #endif
145 
146 struct kex;
147 struct newkeys;
148 
149 typedef struct packet_state {
150   u_int32_t seqnr;
151   u_int32_t packets;
152   u_int64_t blocks;
153   u_int64_t bytes;
154 } packet_state;
155 
156 /*
157  * Every module invocation has its own Ncrack_state struct which holds every
158  * bit of information needed to keep track of things. Most of the variables
159  * found inside this object were usually static/global variables in the original
160  * OpenSSH codebase.
161  */
162 typedef struct ncrack_ssh_state {
163 
164   struct kex *kex;
165   DH *dh;
166   /* Session key information for Encryption and MAC */
167   struct newkeys *newkeys[2];
168   struct newkeys *current_keys[2];
169   char *client_version_string;
170   char *server_version_string;
171   /* Encryption context for receiving data. This is only used for decryption. */
172   struct sshcipher_ctx receive_context;
173   /* Encryption context for sending data. This is only used for encryption. */
174   struct sshcipher_ctx send_context;
175 
176   /* ***** IO Buffers ****** */
177   //Buffer ncrack_buf;
178 
179   /* Buffer for raw input data from the socket. */
180   struct sshbuf *input;
181   /* Buffer for raw output data going to the socket. */
182   struct sshbuf *output;
183   /* Buffer for the incoming packet currently being processed. */
184   struct sshbuf *incoming_packet;
185   /* Buffer for the partial outgoing packet being constructed. */
186   struct sshbuf *outgoing_packet;
187 
188   u_int64_t max_blocks_in;
189   u_int64_t max_blocks_out;
190   packet_state p_read;
191   packet_state p_send;
192 
193   /* Used in packet_read_poll2() */
194   u_int packlen;
195 
196 	int compat20;	/* boolean -> true if SSHv2 compatible */
197 
198   /* Compatibility mode for different bugs of various older sshd
199    * versions. It holds a list of these bug types in a binary OR list
200    */
201   int datafellows;
202   int compat;
203   int type;   /* type of packet returned */
204   u_char extra_pad; /* extra padding that might be needed */
205 
206   /*
207    * Reason that this connection was ended. It might be that we got a
208    * disconnnect packet from the server due to many authentication attempts
209    * or some other exotic reason.
210    */
211   char *disc_reason;
212 
213 	u_int packet_length; // TODO check this
214 
215   int 	rekeying;
216   u_int32_t 	rekey_limit;
217   u_int32_t 	rekey_interval;
218   time_t 	rekey_time;
219   int 	cipher_warning_done;
220 
221   int keep_alive_timeouts;
222   int 	dispatch_skip_packets;
223 
224   u_int packet_discard;
225   struct sshmac *packet_discard_mac;
226 
227   char *prev_user;
228 
229 
230 } ncrack_ssh_state;
231 
232 
233 #ifdef __cplusplus
234 } /* End of 'extern "C"' */
235 #endif
236 
237 
238 
239 #endif
240