diff options
| author | Ingela Anderton Andin <ingela@erlang.org> | 2015-06-26 08:47:38 +0200 |
|---|---|---|
| committer | Ingela Anderton Andin <ingela@erlang.org> | 2015-06-26 11:35:31 +0200 |
| commit | fcbf2e682cedebdf768dc90273889b1f8d4b2ce4 (patch) | |
| tree | 28e429fafddc8b5cdb9e2e4141f2730fc3c1b3f9 | |
| parent | 0f3f8f5871a1ea503cc80ae17adc8dec96c79445 (diff) | |
| download | erlang-fcbf2e682cedebdf768dc90273889b1f8d4b2ce4.tar.gz | |
ssh: Use old crypto with newer ssh
Many issues with previous process design, causing for instance process leaks,
are compleatly gone in the redesigned ssh-3.0 and later.
This is a backport of newer ssh design to R15B
45 files changed, 2645 insertions, 2987 deletions
diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index b8eecd3fa2..2ef2859fd7 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -1,7 +1,7 @@ # # %CopyrightBegin% # -# Copyright Ericsson AB 2004-2012. All Rights Reserved. +# Copyright Ericsson AB 2004-2013. All Rights Reserved. # # The contents of this file are subject to the Erlang Public License, # Version 1.1, (the "License"); you may not use this file except in @@ -41,7 +41,9 @@ RELSYSDIR = $(RELEASE_PATH)/lib/ssh-$(VSN) BEHAVIOUR_MODULES= \ ssh_sftpd_file_api \ ssh_channel \ - ssh_key_api + ssh_daemon_channel \ + ssh_client_key_api \ + ssh_server_key_api MODULES= \ ssh \ @@ -51,7 +53,6 @@ MODULES= \ ssh_connection_sup \ ssh_connection \ ssh_connection_handler \ - ssh_connection_manager \ ssh_shell \ ssh_system_sup \ ssh_subsystem_sup \ @@ -65,12 +66,12 @@ MODULES= \ ssh_file \ ssh_io \ ssh_math \ + ssh_message \ ssh_no_io \ ssh_sftp \ ssh_sftpd \ ssh_sftpd_file\ ssh_transport \ - ssh_userreg \ ssh_xfer PUBLIC_HRL_FILES= ssh.hrl ssh_userauth.hrl ssh_xfer.hrl @@ -118,10 +119,10 @@ clean: rm -f errs core *~ $(APP_TARGET): $(APP_SRC) ../vsn.mk - sed -e 's;%VSN%;$(VSN);' $< > $@ + $(vsn_verbose)sed -e 's;%VSN%;$(VSN);' $< > $@ $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk - sed -e 's;%VSN%;$(VSN);' $< > $@ + $(vsn_verbose)sed -e 's;%VSN%;$(VSN);' $< > $@ docs: diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index 316c09eb06..74d7293be0 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -8,22 +8,24 @@ ssh_acceptor, ssh_acceptor_sup, ssh_auth, + ssh_message, ssh_bits, ssh_cli, + ssh_client_key_api, ssh_channel, ssh_channel_sup, ssh_connection, ssh_connection_handler, - ssh_connection_manager, ssh_connection_sup, + ssh_daemon_channel, ssh_shell, sshc_sup, sshd_sup, ssh_file, ssh_io, - ssh_key_api, ssh_math, ssh_no_io, + ssh_server_key_api, ssh_sftp, ssh_sftpd, ssh_sftpd_file, @@ -32,10 +34,9 @@ ssh_sup, ssh_system_sup, ssh_transport, - ssh_userreg, ssh_xfer]}, {registered, []}, - {applications, [kernel, stdlib, crypto]}, + {applications, [kernel, stdlib, crypto, public_key]}, {env, []}, {mod, {ssh_app, []}}]}. diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 08851dc445..ef99196712 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2012. All Rights Reserved. +%% Copyright Ericsson AB 2004-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -19,17 +19,11 @@ {"%VSN%", [ - {<<"2.1.2">>, [{restart_application, ssh}]}, - {<<"2.1.1">>, [{restart_application, ssh}]}, - {<<"2.1">>, [{restart_application, ssh}]}, - {<<"2.0\\.*">>, [{restart_application, ssh}]}, - {<<"1\\.*">>, [{restart_application, ssh}]} + {<<"2\\..*">>, [{restart_application, ssh}]}, + {<<"1\\..*">>, [{restart_application, ssh}]} ], [ - {<<"2.1.2">>, [{restart_application, ssh}]}, - {<<"2.1.1">>, [{restart_application, ssh}]}, - {<<"2.1">>,[{restart_application, ssh}]}, - {<<"2.0\\.*">>, [{restart_application, ssh}]}, - {<<"1\\.*">>, [{restart_application, ssh}]} + {<<"2\\..*">>, [{restart_application, ssh}]}, + {<<"1\\..*">>, [{restart_application, ssh}]} ] -}.
\ No newline at end of file +}. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index e5c016eb3f..2685b1553b 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2012. All Rights Reserved. +%% Copyright Ericsson AB 2004-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -31,41 +31,36 @@ stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2, shell/1, shell/2, shell/3]). --deprecated({sign_data, 2, next_major_release}). --deprecated({verify_data, 3, next_major_release}). - --export([sign_data/2, verify_data/3]). - %%-------------------------------------------------------------------- -%% Function: start([, Type]) -> ok -%% -%% Type = permanent | transient | temporary +-spec start() -> ok. +-spec start(permanent | transient | temporary) -> ok. %% -%% Description: Starts the inets application. Default type +%% Description: Starts the ssh application. Default type %% is temporary. see application(3) %%-------------------------------------------------------------------- start() -> + application:start(crypto), + application:start(asn1), + application:start(public_key), application:start(ssh). start(Type) -> + application:start(crypto, Type), + application:start(asn1), + application:start(public_key, Type), application:start(ssh, Type). %%-------------------------------------------------------------------- -%% Function: stop() -> ok +-spec stop() -> ok. %% -%% Description: Stops the inets application. +%% Description: Stops the ssh application. %%-------------------------------------------------------------------- stop() -> application:stop(ssh). %%-------------------------------------------------------------------- -%% Function: connect(Host, Port, Options) -> -%% connect(Host, Port, Options, Timeout -> ConnectionRef | {error, Reason} -%% -%% Host - string() -%% Port - integer() -%% Options - [{Option, Value}] -%% Timeout - infinity | integer(). +-spec connect(string(), integer(), proplists:proplists()) -> {ok, pid()} | {error, term()}. +-spec connect(string(), integer(), proplists:proplists(), timeout()) -> {ok, pid()} | {error, term()}. %% %% Description: Starts an ssh connection. %%-------------------------------------------------------------------- @@ -76,83 +71,52 @@ connect(Host, Port, Options, Timeout) -> {error, _Reason} = Error -> Error; {SocketOptions, SshOptions} -> - DisableIpv6 = proplists:get_value(ip_v6_disabled, SshOptions, false), - Inet = inetopt(DisableIpv6), - do_connect(Host, Port, [Inet | SocketOptions], - [{user_pid, self()}, {host, Host} | SshOptions], Timeout, DisableIpv6) + {_, Transport, _} = TransportOpts = + proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), + Inet = proplists:get_value(inet, SshOptions, inet), + try Transport:connect(Host, Port, [ {active, false}, Inet | SocketOptions], Timeout) of + {ok, Socket} -> + Opts = [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)], + ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); + {error, Reason} -> + {error, Reason} + catch + exit:{function_clause, _} -> + {error, {options, {transport, TransportOpts}}}; + exit:badarg -> + {error, {options, {socket_options, SocketOptions}}} + end end. -do_connect(Host, Port, SocketOptions, SshOptions, Timeout, DisableIpv6) -> - try sshc_sup:start_child([[{address, Host}, {port, Port}, - {role, client}, - {channel_pid, self()}, - {socket_opts, SocketOptions}, - {ssh_opts, SshOptions}]]) of - {ok, ConnectionSup} -> - {ok, Manager} = - ssh_connection_sup:connection_manager(ConnectionSup), - msg_loop(Manager, DisableIpv6, Host, Port, SocketOptions, SshOptions, Timeout) - catch - exit:{noproc, _} -> - {error, ssh_not_started} - end. -msg_loop(Manager, DisableIpv6, Host, Port, SocketOptions, SshOptions, Timeout) -> - receive - {Manager, is_connected} -> - {ok, Manager}; - %% When the connection fails - %% ssh_connection_sup:connection_manager - %% might return undefined as the connection manager - %% could allready have terminated, so we will not - %% match the Manager in this case - {_, not_connected, {error, econnrefused}} when DisableIpv6 == false -> - do_connect(Host, Port, proplists:delete(inet6, SocketOptions), - SshOptions, Timeout, true); - {_, not_connected, {error, Reason}} -> - {error, Reason}; - {_, not_connected, Other} -> - {error, Other}; - {From, user_password} -> - Pass = io:get_password(), - From ! Pass, - msg_loop(Manager, DisableIpv6, Host, Port, SocketOptions, SshOptions, Timeout); - {From, question} -> - Answer = io:get_line(""), - From ! Answer, - msg_loop(Manager, DisableIpv6, Host, Port, SocketOptions, SshOptions, Timeout) - after Timeout -> - ssh_connection_manager:stop(Manager), - {error, timeout} - end. %%-------------------------------------------------------------------- -%% Function: close(ConnectionRef) -> ok +-spec close(pid()) -> ok. %% %% Description: Closes an ssh connection. %%-------------------------------------------------------------------- close(ConnectionRef) -> - ssh_connection_manager:stop(ConnectionRef). + ssh_connection_handler:stop(ConnectionRef). %%-------------------------------------------------------------------- -%% Function: connection_info(ConnectionRef) -> [{Option, Value}] +-spec connection_info(pid(), [atom()]) -> [{atom(), term()}]. %% %% Description: Retrieves information about a connection. %%-------------------------------------------------------------------- connection_info(ConnectionRef, Options) -> - ssh_connection_manager:connection_info(ConnectionRef, Options). + ssh_connection_handler:connection_info(ConnectionRef, Options). %%-------------------------------------------------------------------- -%% Function: channel_info(ConnectionRef) -> [{Option, Value}] +-spec channel_info(pid(), channel_id(), [atom()]) -> [{atom(), term()}]. %% %% Description: Retrieves information about a connection. %%-------------------------------------------------------------------- channel_info(ConnectionRef, ChannelId, Options) -> - ssh_connection_manager:channel_info(ConnectionRef, ChannelId, Options). + ssh_connection_handler:channel_info(ConnectionRef, ChannelId, Options). %%-------------------------------------------------------------------- -%% Function: daemon(Port) -> -%% daemon(Port, Options) -> -%% daemon(Address, Port, Options) -> SshSystemRef -%% +-spec daemon(integer()) -> {ok, pid()}. +-spec daemon(integer(), proplists:proplist()) -> {ok, pid()}. +-spec daemon(any | inet:ip_address(), integer(), proplists:proplist()) -> {ok, pid()}. + %% Description: Starts a server listening for SSH connections %% on the given port. %%-------------------------------------------------------------------- @@ -169,11 +133,11 @@ daemon(HostAddr, Port, Options0) -> _ -> Options0 end, - DisableIpv6 = proplists:get_value(ip_v6_disabled, Options0, false), + {Host, Inet, Options} = case HostAddr of any -> {ok, Host0} = inet:gethostname(), - {Host0, inetopt(DisableIpv6), Options1}; + {Host0, proplists:get_value(inet, Options1, inet), Options1}; {_,_,_,_} -> {HostAddr, inet, [{ip, HostAddr} | Options1]}; @@ -184,9 +148,8 @@ daemon(HostAddr, Port, Options0) -> start_daemon(Host, Port, Options, Inet). %%-------------------------------------------------------------------- -%% Function: stop_listener(SysRef) -> ok -%% stop_listener(Address, Port) -> ok -%% +-spec stop_listener(pid()) -> ok. +-spec stop_listener(inet:ip_address(), integer()) -> ok. %% %% Description: Stops the listener, but leaves %% existing connections started by the listener up and running. @@ -197,9 +160,8 @@ stop_listener(Address, Port) -> ssh_system_sup:stop_listener(Address, Port). %%-------------------------------------------------------------------- -%% Function: stop_daemon(SysRef) -> ok -%%% stop_daemon(Address, Port) -> ok -%% +-spec stop_daemon(pid()) -> ok. +-spec stop_daemon(inet:ip_address(), integer()) -> ok. %% %% Description: Stops the listener and all connections started by %% the listener. @@ -210,9 +172,10 @@ stop_daemon(Address, Port) -> ssh_system_sup:stop_system(Address, Port). %%-------------------------------------------------------------------- -%% Function: shell(Host [,Port,Options]) -> {ok, ConnectionRef} | -%% {error, Reason} -%% +-spec shell(string()) -> _. +-spec shell(string(), proplists:proplist()) -> _. +-spec shell(string(), integer(), proplists:proplist()) -> _. + %% Host = string() %% Port = integer() %% Options = [{Option, Value}] @@ -246,6 +209,13 @@ shell(Host, Port, Options) -> %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- +fix_idle_time(SshOptions) -> + case proplists:get_value(idle_time, SshOptions) of + undefined -> + [{idle_time, infinity}|SshOptions]; + _ -> + SshOptions + end. start_daemon(Host, Port, Options, Inet) -> case handle_options(Options) of {error, _Reason} = Error -> @@ -257,7 +227,7 @@ start_daemon(Host, Port, Options, Inet) -> do_start_daemon(Host, Port, Options, SocketOptions) -> case ssh_system_sup:system_supervisor(Host, Port) of undefined -> - %% TODO: It would proably make more sense to call the + %% It would proably make more sense to call the %% address option host but that is a too big change at the %% monent. The name is a legacy name! try sshd_sup:start_child([{address, Host}, @@ -267,7 +237,9 @@ do_start_daemon(Host, Port, Options, SocketOptions) -> {ok, SysSup} -> {ok, SysSup}; {error, {already_started, _}} -> - {error, eaddrinuse} + {error, eaddrinuse}; + {error, R} -> + {error, R} catch exit:{noproc, _} -> {error, ssh_not_started} @@ -318,8 +290,6 @@ handle_option([{user_passwords, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{pwdfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -handle_option([{user_auth, _} = Opt | Rest],SocketOptions, SshOptions ) -> - handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{key_cb, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{role, _} = Opt | Rest], SocketOptions, SshOptions) -> @@ -337,7 +307,10 @@ handle_option([{disconnectfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{failfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -handle_option([{ip_v6_disabled, _} = Opt | Rest], SocketOptions, SshOptions) -> +%%Backwards compatibility should not be underscore between ip and v6 in API +handle_option([{ip_v6_disabled, Value} | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option({ipv6_disabled, Value}) | SshOptions]); +handle_option([{ipv6_disabled, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{transport, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); @@ -355,6 +328,10 @@ handle_option([{pref_public_key_algs, _} = Opt | Rest], SocketOptions, SshOption handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{quiet_mode, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{idle_time, _} = Opt | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{rekey_limit, _} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions). @@ -364,16 +341,20 @@ handle_ssh_option({user_dir, Value} = Opt) when is_list(Value) -> Opt; handle_ssh_option({user_dir_fun, Value} = Opt) when is_function(Value) -> Opt; -handle_ssh_option({silently_accept_hosts, Value} = Opt) when Value == true; Value == false -> +handle_ssh_option({silently_accept_hosts, Value} = Opt) when is_boolean(Value) -> Opt; -handle_ssh_option({user_interaction, Value} = Opt) when Value == true; Value == false -> +handle_ssh_option({user_interaction, Value} = Opt) when is_boolean(Value) -> Opt; -handle_ssh_option({public_key_alg, Value} = Opt) when Value == ssh_rsa; Value == ssh_dsa -> +handle_ssh_option({public_key_alg, ssh_dsa}) -> + {public_key_alg, 'ssh-dss'}; +handle_ssh_option({public_key_alg, ssh_rsa}) -> + {public_key_alg, 'ssh-rsa'}; +handle_ssh_option({public_key_alg, Value} = Opt) when Value == 'ssh-rsa'; Value == 'ssh-dss' -> Opt; handle_ssh_option({pref_public_key_algs, Value} = Opt) when is_list(Value), length(Value) >= 1 -> - case check_pref_algs(Value) of - true -> - Opt; + case handle_pref_algs(Value, []) of + {true, NewOpts} -> + NewOpts; _ -> throw({error, {eoptions, Opt}}) end; @@ -391,8 +372,6 @@ handle_ssh_option({user_passwords, Value} = Opt) when is_list(Value)-> Opt; handle_ssh_option({pwdfun, Value} = Opt) when is_function(Value) -> Opt; -handle_ssh_option({user_auth, Value} = Opt) when is_function(Value) -> - Opt; handle_ssh_option({key_cb, Value} = Opt) when is_atom(Value) -> Opt; handle_ssh_option({compression, Value} = Opt) when is_atom(Value) -> @@ -411,8 +390,9 @@ handle_ssh_option({disconnectfun , Value} = Opt) when is_function(Value) -> Opt; handle_ssh_option({failfun, Value} = Opt) when is_function(Value) -> Opt; -handle_ssh_option({ip_v6_disabled, Value} = Opt) when is_boolean(Value) -> - Opt; + +handle_ssh_option({ipv6_disabled, Value} = Opt) when is_boolean(Value) -> + throw({error, {{ipv6_disabled, Opt}, option_no_longer_valid_use_inet_option_instead}}); handle_ssh_option({transport, {Protocol, Cb, ClosTag}} = Opt) when is_atom(Protocol), is_atom(Cb), is_atom(ClosTag) -> @@ -421,13 +401,18 @@ handle_ssh_option({subsystems, Value} = Opt) when is_list(Value) -> Opt; handle_ssh_option({ssh_cli, {Cb, _}}= Opt) when is_atom(Cb) -> Opt; +handle_ssh_option({ssh_cli, no_cli} = Opt) -> + Opt; handle_ssh_option({shell, {Module, Function, _}} = Opt) when is_atom(Module), is_atom(Function) -> Opt; handle_ssh_option({shell, Value} = Opt) when is_function(Value) -> Opt; -handle_ssh_option({quiet_mode, Value} = Opt) when Value == true; - Value == false -> +handle_ssh_option({quiet_mode, Value} = Opt) when is_boolean(Value) -> + Opt; +handle_ssh_option({idle_time, Value} = Opt) when is_integer(Value), Value > 0 -> + Opt; +handle_ssh_option({rekey_limit, Value} = Opt) when is_integer(Value) -> Opt; handle_ssh_option(Opt) -> throw({error, {eoptions, Opt}}). @@ -436,10 +421,8 @@ handle_inet_option({active, _} = Opt) -> throw({error, {{eoptions, Opt}, "Ssh has built in flow control, " "and activ is handled internaly user is not allowd" "to specify this option"}}); -handle_inet_option({inet, _} = Opt) -> - throw({error, {{eoptions, Opt},"Is set internaly use ip_v6_disabled to" - " enforce iv4 in the server, client will fallback to ipv4 if" - " it can not use ipv6"}}); +handle_inet_option({inet, Value} = Opt) when (Value == inet) or (Value == inet6) -> + Opt; handle_inet_option({reuseaddr, _} = Opt) -> throw({error, {{eoptions, Opt},"Is set internaly user is not allowd" "to specify this option"}}); @@ -447,64 +430,18 @@ handle_inet_option({reuseaddr, _} = Opt) -> handle_inet_option(Opt) -> Opt. %% Check preferred algs -check_pref_algs([]) -> - true; -check_pref_algs([H|T]) -> +handle_pref_algs([], Acc) -> + {true, lists:reverse(Acc)}; +handle_pref_algs([H|T], Acc) -> case H of ssh_dsa -> - check_pref_algs(T); + handle_pref_algs(T, ['ssh-dss'| Acc]); ssh_rsa -> - check_pref_algs(T); + handle_pref_algs(T, ['ssh-rsa'| Acc]); + 'ssh-dss' -> + handle_pref_algs(T, ['ssh-dss'| Acc]); + 'ssh-rsa' -> + handle_pref_algs(T, ['ssh-rsa'| Acc]); _ -> false end. -%% Has IPv6 been disabled? -inetopt(true) -> - inet; -inetopt(false) -> - case gen_tcp:listen(0, [inet6]) of - {ok, Dummyport} -> - gen_tcp:close(Dummyport), - inet6; - _ -> - inet - end. - -%%% -%% Deprecated -%%% - -%%-------------------------------------------------------------------- -%% Function: sign_data(Data, Algorithm) -> binary() | -%% {error, Reason} -%% -%% Data = binary() -%% Algorithm = "ssh-rsa" -%% -%% Description: Use SSH key to sign data. -%%-------------------------------------------------------------------- -sign_data(Data, Algorithm) when is_binary(Data) -> - case ssh_file:user_key(Algorithm,[]) of - {ok, Key} when Algorithm == "ssh-rsa" -> - public_key:sign(Data, sha, Key); - Error -> - Error - end. - -%%-------------------------------------------------------------------- -%% Function: verify_data(Data, Signature, Algorithm) -> ok | -%% {error, Reason} -%% -%% Data = binary() -%% Signature = binary() -%% Algorithm = "ssh-rsa" -%% -%% Description: Use SSH signature to verify data. -%%-------------------------------------------------------------------- -verify_data(Data, Signature, Algorithm) when is_binary(Data), is_binary(Signature) -> - case ssh_file:user_key(Algorithm, []) of - {ok, #'RSAPrivateKey'{publicExponent = E, modulus = N}} when Algorithm == "ssh-rsa" -> - public_key:verify(Data, sha, Signature, #'RSAPublicKey'{publicExponent = E, modulus = N}); - Error -> - Error - end. diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index da5750b6c3..94ced9da6f 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2012. All Rights Reserved. +%% Copyright Ericsson AB 2004-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -29,6 +29,8 @@ -define(SSH_DEFAULT_PORT, 22). -define(SSH_MAX_PACKET_SIZE, (256*1024)). -define(SSH_LENGHT_INDICATOR_SIZE, 4). +-define(REKEY_TIMOUT, 3600000). +-define(REKEY_DATA_TIMOUT, 60000). -define(FALSE, 0). -define(TRUE, 1). @@ -127,7 +129,8 @@ userauth_supported_methods , % userauth_methods, userauth_preference, - available_host_keys + available_host_keys, + authenticated = false }). -record(alg, diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index d023656c32..91905b2eaf 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -25,7 +25,6 @@ -export([start_link/5]). %% spawn export -%% TODO: system messages -export([acceptor_init/6, acceptor_loop/6]). -define(SLEEP_TIME, 200). @@ -81,17 +80,15 @@ acceptor_loop(Callback, Port, Address, Opts, ListenSocket, AcceptTimeout) -> ListenSocket, AcceptTimeout) end. -handle_connection(Callback, Address, Port, Options, Socket) -> +handle_connection(_Callback, Address, Port, Options, Socket) -> SystemSup = ssh_system_sup:system_supervisor(Address, Port), {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options), - ConnectionSup = ssh_system_sup:connection_supervisor(SystemSup), - {ok, Pid} = - ssh_connection_sup:start_manager_child(ConnectionSup, - [server, Socket, Options]), - Callback:controlling_process(Socket, Pid), - SshOpts = proplists:get_value(ssh_opts, Options), - Pid ! {start_connection, server, [Address, Port, Socket, SshOpts, SubSysSup]}. - + ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup), + ssh_connection_handler:start_connection(server, Socket, + [{supervisors, [{system_sup, SystemSup}, + {subsystem_sup, SubSysSup}, + {connection_sup, ConnectionSup}]} + | Options], infinity). handle_error(timeout) -> ok; diff --git a/lib/ssh/src/ssh_acceptor_sup.erl b/lib/ssh/src/ssh_acceptor_sup.erl index f37e1fe4ff..2be729d305 100644 --- a/lib/ssh/src/ssh_acceptor_sup.erl +++ b/lib/ssh/src/ssh_acceptor_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -84,8 +84,8 @@ child_spec(ServerOpts) -> [{active, false}, {reuseaddr, true}] ++ SocketOpts, ServerOpts, Timeout]}, - Restart = permanent, - Shutdown = 3600, + Restart = transient, + Shutdown = brutal_kill, Modules = [ssh_acceptor], Type = worker, {Name, StartFunc, Restart, Shutdown, Type, Modules}. diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index c436793dc4..1fa3df847f 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -30,8 +30,7 @@ -export([publickey_msg/1, password_msg/1, keyboard_interactive_msg/1, service_request_msg/1, init_userauth_request_msg/1, userauth_request_msg/1, handle_userauth_request/3, - handle_userauth_info_request/3, handle_userauth_info_response/2, - userauth_messages/0 + handle_userauth_info_request/3, handle_userauth_info_response/2 ]). %%-------------------------------------------------------------------- @@ -43,22 +42,22 @@ publickey_msg([Alg, #ssh{user = User, opts = Opts} = Ssh]) -> Hash = sha, %% Maybe option?! - ssh_bits:install_messages(userauth_pk_messages()), KeyCb = proplists:get_value(key_cb, Opts, ssh_file), case KeyCb:user_key(Alg, Opts) of {ok, Key} -> + StrAlgo = algorithm_string(Alg), PubKeyBlob = encode_public_key(Key), SigData = build_sig_data(SessionId, - User, Service, PubKeyBlob, Alg), + User, Service, PubKeyBlob, StrAlgo), Sig = ssh_transport:sign(SigData, Hash, Key), - SigBlob = list_to_binary([?string(Alg), ?binary(Sig)]), + SigBlob = list_to_binary([?string(StrAlgo), ?binary(Sig)]), ssh_transport:ssh_packet( #ssh_msg_userauth_request{user = User, service = Service, method = "publickey", data = [?TRUE, - ?string(Alg), + ?string(StrAlgo), ?binary(PubKeyBlob), ?binary(SigBlob)]}, Ssh); @@ -68,7 +67,6 @@ publickey_msg([Alg, #ssh{user = User, password_msg([#ssh{opts = Opts, io_cb = IoCb, user = User, service = Service} = Ssh]) -> - ssh_bits:install_messages(userauth_passwd_messages()), Password = case proplists:get_value(password, Opts) of undefined -> user_interaction(IoCb, Ssh); @@ -98,7 +96,6 @@ user_interaction(IoCb, Ssh) -> %% See RFC 4256 for info on keyboard-interactive keyboard_interactive_msg([#ssh{user = User, service = Service} = Ssh]) -> - ssh_bits:install_messages(userauth_keyboard_interactive_messages()), ssh_transport:ssh_packet( #ssh_msg_userauth_request{user = User, service = Service, @@ -120,8 +117,7 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) -> data = <<>>}, case proplists:get_value(pref_public_key_algs, Opts, false) of false -> - FirstAlg = algorithm(proplists:get_value(public_key_alg, Opts, - ?PREFERRED_PK_ALG)), + FirstAlg = proplists:get_value(public_key_alg, Opts, ?PREFERRED_PK_ALG), SecondAlg = other_alg(FirstAlg), AllowUserInt = proplists:get_value(user_interaction, Opts, true), Prefs = method_preference(FirstAlg, SecondAlg, AllowUserInt), @@ -130,7 +126,7 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) -> userauth_methods = none, service = "ssh-connection"}); Algs -> - FirstAlg = algorithm(lists:nth(1, Algs)), + FirstAlg = lists:nth(1, Algs), case length(Algs) =:= 2 of true -> SecondAlg = other_alg(FirstAlg), @@ -239,7 +235,6 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, partial_success = false}, Ssh)} end; ?FALSE -> - ssh_bits:install_messages(userauth_pk_messages()), {not_authorized, {User, undefined}, ssh_transport:ssh_packet( #ssh_msg_userauth_pk_ok{algorithm_name = Alg, @@ -275,26 +270,10 @@ handle_userauth_info_request( handle_userauth_info_response(#ssh_msg_userauth_info_response{}, _Auth) -> throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = "Server does not support" - "keyboard-interactive", + description = "Server does not support" + "keyboard-interactive", language = "en"}). -userauth_messages() -> - [ {ssh_msg_userauth_request, ?SSH_MSG_USERAUTH_REQUEST, - [string, - string, - string, - '...']}, - - {ssh_msg_userauth_failure, ?SSH_MSG_USERAUTH_FAILURE, - [string, - boolean]}, - - {ssh_msg_userauth_success, ?SSH_MSG_USERAUTH_SUCCESS, - []}, - - {ssh_msg_userauth_banner, ?SSH_MSG_USERAUTH_BANNER, - [string, - string]}]. + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- @@ -358,7 +337,7 @@ verify_sig(SessionId, User, Service, Alg, KeyBlob, SigWLen, Opts) -> {ok, Key} = decode_public_key_v2(KeyBlob, Alg), KeyCb = proplists:get_value(key_cb, Opts, ssh_file), - case KeyCb:is_auth_key(Key, User, Alg, Opts) of + case KeyCb:is_auth_key(Key, User, Opts) of true -> PlainText = build_sig_data(SessionId, User, Service, KeyBlob, Alg), @@ -381,18 +360,13 @@ build_sig_data(SessionId, User, Service, KeyBlob, Alg) -> ?binary(KeyBlob)], list_to_binary(Sig). -algorithm(ssh_rsa) -> +algorithm_string('ssh-rsa') -> "ssh-rsa"; -algorithm(ssh_dsa) -> +algorithm_string('ssh-dss') -> "ssh-dss". -decode_keyboard_interactive_prompts(NumPrompts, Data) -> - Types = lists:append(lists:duplicate(NumPrompts, [string, boolean])), - pairwise_tuplify(ssh_bits:decode(Data, Types)). - -pairwise_tuplify([E1, E2 | Rest]) -> [{E1, E2} | pairwise_tuplify(Rest)]; -pairwise_tuplify([]) -> []. - +decode_keyboard_interactive_prompts(_NumPrompts, Data) -> + ssh_message:decode_keyboard_interactive_prompts(Data, []). keyboard_interact_get_responses(IoCb, Opts, Name, Instr, PromptInfos) -> NumPrompts = length(PromptInfos), @@ -431,50 +405,29 @@ keyboard_interact(IoCb, Name, Instr, Prompts, Opts) -> end, Prompts). -userauth_passwd_messages() -> - [ - {ssh_msg_userauth_passwd_changereq, ?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, - [string, - string]} - ]. - -userauth_keyboard_interactive_messages() -> - [ {ssh_msg_userauth_info_request, ?SSH_MSG_USERAUTH_INFO_REQUEST, - [string, - string, - string, - uint32, - '...']}, - - {ssh_msg_userauth_info_response, ?SSH_MSG_USERAUTH_INFO_RESPONSE, - [uint32, - '...']} - ]. - -userauth_pk_messages() -> - [ {ssh_msg_userauth_pk_ok, ?SSH_MSG_USERAUTH_PK_OK, - [string, % algorithm name - binary]} % key blob - ]. - -other_alg("ssh-rsa") -> - "ssh-dss"; -other_alg("ssh-dss") -> - "ssh-rsa". -decode_public_key_v2(K_S, "ssh-rsa") -> - case ssh_bits:decode(K_S,[string,mpint,mpint]) of - ["ssh-rsa", E, N] -> - {ok, #'RSAPublicKey'{publicExponent = E, modulus = N}}; - _ -> - {error, bad_format} - end; -decode_public_key_v2(K_S, "ssh-dss") -> - case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of - ["ssh-dss",P,Q,G,Y] -> - {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}}; - _ -> - {error, bad_format} - end; +other_alg('ssh-rsa') -> + 'ssh-dss'; +other_alg('ssh-dss') -> + 'ssh-rsa'. +decode_public_key_v2(<<?UINT32(Len0), _:Len0/binary, + ?UINT32(Len1), BinE:Len1/binary, + ?UINT32(Len2), BinN:Len2/binary>> + ,"ssh-rsa") -> + E = ssh_bits:erlint(Len1, BinE), + N = ssh_bits:erlint(Len2, BinN), + {ok, #'RSAPublicKey'{publicExponent = E, modulus = N}}; +decode_public_key_v2(<<?UINT32(Len0), _:Len0/binary, + ?UINT32(Len1), BinP:Len1/binary, + ?UINT32(Len2), BinQ:Len2/binary, + ?UINT32(Len3), BinG:Len3/binary, + ?UINT32(Len4), BinY:Len4/binary>> + , "ssh-dss") -> + P = ssh_bits:erlint(Len1, BinP), + Q = ssh_bits:erlint(Len2, BinQ), + G = ssh_bits:erlint(Len3, BinG), + Y = ssh_bits:erlint(Len4, BinY), + {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}}; + decode_public_key_v2(_, _) -> {error, bad_format}. diff --git a/lib/ssh/src/ssh_auth.hrl b/lib/ssh/src/ssh_auth.hrl index 7d7bad4436..6cd8e6bf14 100644 --- a/lib/ssh/src/ssh_auth.hrl +++ b/lib/ssh/src/ssh_auth.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2012. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -21,9 +21,9 @@ %%% Description: Ssh User Authentication Protocol --define(SUPPORTED_AUTH_METHODS, "publickey,keyboard_interactive,password"). +-define(SUPPORTED_AUTH_METHODS, "publickey,keyboard-interactive,password"). --define(PREFERRED_PK_ALG, ssh_rsa). +-define(PREFERRED_PK_ALG, 'ssh-rsa'). -define(SSH_MSG_USERAUTH_REQUEST, 50). -define(SSH_MSG_USERAUTH_FAILURE, 51). diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl index 5841f06d70..1351cde21c 100644 --- a/lib/ssh/src/ssh_bits.erl +++ b/lib/ssh/src/ssh_bits.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2012. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -25,24 +25,25 @@ -include("ssh.hrl"). --export([encode/1, encode/2]). --export([decode/1, decode/2, decode/3]). --export([mpint/1, bignum/1, string/1, name_list/1]). --export([b64_encode/1, b64_decode/1]). --export([install_messages/1, uninstall_messages/1]). +-export([encode/2]). +-export([mpint/1, erlint/2, string/1, name_list/1]). +-export([random/1]). -%% integer utils -export([isize/1]). -export([irandom/1, irandom/3]). --export([random/1]). --export([xor_bits/2, fill_bits/2]). +-export([fill_bits/2]). -export([i2bin/2, bin2i/1]). --import(lists, [foreach/2, reverse/1]). -define(name_list(X), (fun(B) -> ?binary(B) end)(list_to_binary(name_concat(X)))). +-define(VERSION_MAGIC, 131). +-define(SMALL_INTEGER_EXT, $a). +-define(INTEGER_EXT, $b). +-define(SMALL_BIG_EXT, $n). +-define(LARGE_BIG_EXT, $o). + name_concat([Name]) when is_atom(Name) -> atom_to_list(Name); name_concat([Name]) when is_list(Name) -> Name; @@ -96,38 +97,6 @@ mpint_pos(X,I,Ds) -> mpint_pos(X bsr 8,I+1,[(X band 255)|Ds]). -%% BIGNUM representation SSH1 -bignum(X) -> - XSz = isize(X), - Pad = (8 - (XSz rem 8)) rem 8, - <<?UINT16(XSz),0:Pad/unsigned-integer,X:XSz/big-unsigned-integer>>. - - -install_messages(Codes) -> - foreach(fun({Name, Code, Ts}) -> - put({msg_name,Code}, {Name,Ts}), - put({msg_code,Name}, {Code,Ts}) - end, Codes). - -uninstall_messages(Codes) -> - foreach(fun({Name, Code, _Ts}) -> - erase({msg_name,Code}), - erase({msg_code,Name}) - end, Codes). - -%% -%% Encode a record, the type spec is expected to be -%% in process dictionary under the key {msg_code, RecodeName} -%% -encode(Record) -> - case get({msg_code, element(1, Record)}) of - undefined -> - {error, unimplemented}; - {Code, Ts} -> - Data = enc(tl(tuple_to_list(Record)), Ts), - list_to_binary([Code, Data]) - end. - encode(List, Types) -> list_to_binary(enc(List, Types)). @@ -137,173 +106,83 @@ encode(List, Types) -> enc(Xs, Ts) -> enc(Xs, Ts, 0). -enc(Xs, [Type|Ts], Offset) -> - case Type of - boolean -> - X=hd(Xs), - [?boolean(X) | enc(tl(Xs), Ts, Offset+1)]; - byte -> - X=hd(Xs), - [?byte(X) | enc(tl(Xs), Ts,Offset+1)]; - uint16 -> - X=hd(Xs), - [?uint16(X) | enc(tl(Xs), Ts,Offset+2)]; - uint32 -> - X=hd(Xs), - [?uint32(X) | enc(tl(Xs), Ts,Offset+4)]; - uint64 -> - X=hd(Xs), - [?uint64(X) | enc(tl(Xs), Ts,Offset+8)]; - mpint -> - Y=mpint(hd(Xs)), - [Y | enc(tl(Xs), Ts,Offset+size(Y))]; - bignum -> - Y=bignum(hd(Xs)), - [Y | enc(tl(Xs),Ts,Offset+size(Y))]; - string -> - X0=hd(Xs), - Y=?string(X0), - [Y | enc(tl(Xs),Ts,Offset+size(Y))]; - binary -> - X0=hd(Xs), - Y=?binary(X0), - [Y | enc(tl(Xs), Ts,Offset+size(Y))]; - name_list -> - X0=hd(Xs), - Y=?name_list(X0), - [Y | enc(tl(Xs), Ts, Offset+size(Y))]; - cookie -> - [random(16) | enc(tl(Xs), Ts, Offset+16)]; - {pad,N} -> - K = (N - (Offset rem N)) rem N, - [fill_bits(K,0) | enc(Xs, Ts, Offset+K)]; - '...' when Ts==[] -> - X=hd(Xs), - if is_binary(X) -> - [X]; - is_list(X) -> - [list_to_binary(X)]; - X==undefined -> - [] - end +enc(Xs, [boolean|Ts], Offset) -> + X = hd(Xs), + [?boolean(X) | enc(tl(Xs), Ts, Offset+1)]; +enc(Xs, [byte|Ts], Offset) -> + X = hd(Xs), + [?byte(X) | enc(tl(Xs), Ts,Offset+1)]; +enc(Xs, [uint16|Ts], Offset) -> + X = hd(Xs), + [?uint16(X) | enc(tl(Xs), Ts,Offset+2)]; +enc(Xs, [uint32 |Ts], Offset) -> + X = hd(Xs), + [?uint32(X) | enc(tl(Xs), Ts,Offset+4)]; +enc(Xs, [uint64|Ts], Offset) -> + X = hd(Xs), + [?uint64(X) | enc(tl(Xs), Ts,Offset+8)]; +enc(Xs, [mpint|Ts], Offset) -> + Y = mpint(hd(Xs)), + [Y | enc(tl(Xs), Ts,Offset+size(Y))]; +enc(Xs, [string|Ts], Offset) -> + X0 = hd(Xs), + Y = ?string(X0), + [Y | enc(tl(Xs),Ts,Offset+size(Y))]; +enc(Xs, [binary|Ts], Offset) -> + X0 = hd(Xs), + Y = ?binary(X0), + [Y | enc(tl(Xs), Ts,Offset+size(Y))]; +enc(Xs, [name_list|Ts], Offset) -> + X0 = hd(Xs), + Y = ?name_list(X0), + [Y | enc(tl(Xs), Ts, Offset+size(Y))]; +enc(Xs, [cookie|Ts], Offset) -> + [random(16) | enc(tl(Xs), Ts, Offset+16)]; +enc(Xs, [{pad,N}|Ts], Offset) -> + K = (N - (Offset rem N)) rem N, + [fill_bits(K,0) | enc(Xs, Ts, Offset+K)]; +enc(Xs, ['...'| []], _Offset) -> + X = hd(Xs), + if is_binary(X) -> + [X]; + is_list(X) -> + [list_to_binary(X)]; + X==undefined -> + [] end; enc([], [],_) -> []. - - +erlint(Len, BinInt) -> + Sz = Len*8, + <<Int:Sz/big-signed-integer>> = BinInt, + Int. + %% -%% Decode a SSH record the type is encoded as the first byte -%% and the type spec MUST be installed in {msg_name, ID} +%% Create a binary with constant bytes %% +fill_bits(N,C) -> + list_to_binary(fill(N,C)). -decode(Binary = <<?BYTE(ID), _/binary>>) -> - case get({msg_name, ID}) of - undefined -> - {unknown, Binary}; - {Name, Ts} -> - {_, Elems} = decode(Binary,1,Ts), - list_to_tuple([Name | Elems]) +fill(0,_C) -> []; +fill(1,C) -> [C]; +fill(N,C) -> + Cs = fill(N div 2, C), + Cs1 = [Cs,Cs], + if N band 1 == 0 -> + Cs1; + true -> + [C,Cs,Cs] end. -%% -%% Decode a binary form offset 0 -%% - -decode(Binary, Types) when is_binary(Binary) andalso is_list(Types) -> - {_,Elems} = decode(Binary, 0, Types), - Elems. - +%% random/1 +%% Generate N random bytes %% -%% Decode a binary from byte offset Offset -%% return {UpdatedOffset, DecodedElements} -%% -decode(Binary, Offset, Types) -> - decode(Binary, Offset, Types, []). - -decode(Binary, Offset, [Type|Ts], Acc) -> - case Type of - boolean -> - <<_:Offset/binary, ?BOOLEAN(X0), _/binary>> = Binary, - X = if X0 == 0 -> false; true -> true end, - decode(Binary, Offset+1, Ts, [X | Acc]); - - byte -> - <<_:Offset/binary, ?BYTE(X), _/binary>> = Binary, - decode(Binary, Offset+1, Ts, [X | Acc]); - - uint16 -> - <<_:Offset/binary, ?UINT16(X), _/binary>> = Binary, - decode(Binary, Offset+2, Ts, [X | Acc]); - - uint32 -> - <<_:Offset/binary, ?UINT32(X), _/binary>> = Binary, - decode(Binary, Offset+4, Ts, [X | Acc]); - - uint64 -> - <<_:Offset/binary, ?UINT64(X), _/binary>> = Binary, - decode(Binary, Offset+8, Ts, [X | Acc]); - - mpint -> - <<_:Offset/binary, ?UINT32(L), X0:L/binary,_/binary>> = Binary, - Sz = L*8, - <<X:Sz/big-signed-integer>> = X0, - decode(Binary, Offset+4+L, Ts, [X | Acc]); - - bignum -> - <<_:Offset/binary, ?UINT16(Bits),_/binary>> = Binary, - L = (Bits+7) div 8, - Pad = (8 - (Bits rem 8)) rem 8, - <<_:Offset/binary, _:16, _:Pad, X:Bits/big-unsigned-integer, - _/binary>> = Binary, - decode(Binary, Offset+2+L, Ts, [X | Acc]); - - string -> - Size = size(Binary), - if Size < Offset + 4 -> - %% empty string at end - {Size, reverse(["" | Acc])}; - true -> - <<_:Offset/binary,?UINT32(L), X:L/binary,_/binary>> = - Binary, - decode(Binary, Offset+4+L, Ts, [binary_to_list(X) | - Acc]) - end; - - binary -> - <<_:Offset/binary,?UINT32(L), X:L/binary,_/binary>> = Binary, - decode(Binary, Offset+4+L, Ts, [X | Acc]); - - name_list -> - <<_:Offset/binary,?UINT32(L), X:L/binary,_/binary>> = Binary, - List = string:tokens(binary_to_list(X), ","), - decode(Binary, Offset+4+L, Ts, [List | Acc]); - - cookie -> - <<_:Offset/binary, X:16/binary, _/binary>> = Binary, - decode(Binary, Offset+16, Ts, [X | Acc]); - - {pad,N} -> %% pad offset to a multiple of N - K = (N - (Offset rem N)) rem N, - decode(Binary, Offset+K, Ts, Acc); - - - '...' when Ts==[] -> - <<_:Offset/binary, X/binary>> = Binary, - {Offset+size(X), reverse([X | Acc])} - end; -decode(_Binary, Offset, [], Acc) -> - {Offset, reverse(Acc)}. - +random(N) -> + crypto:strong_rand_bytes(N). -%% HACK WARNING :-) --define(VERSION_MAGIC, 131). --define(SMALL_INTEGER_EXT, $a). --define(INTEGER_EXT, $b). --define(SMALL_BIG_EXT, $n). --define(LARGE_BIG_EXT, $o). isize(N) when N > 0 -> case term_to_binary(N) of @@ -362,32 +241,6 @@ bin2i(X) -> Y. %% -%% Create a binary with constant bytes -%% -fill_bits(N,C) -> - list_to_binary(fill(N,C)). - -fill(0,_C) -> []; -fill(1,C) -> [C]; -fill(N,C) -> - Cs = fill(N div 2, C), - Cs1 = [Cs,Cs], - if N band 1 == 0 -> - Cs1; - true -> - [C,Cs,Cs] - end. - -%% xor 2 binaries -xor_bits(XBits, YBits) -> - XSz = size(XBits)*8, - YSz = size(YBits)*8, - Sz = if XSz < YSz -> XSz; true -> YSz end, %% min - <<X:Sz, _/binary>> = XBits, - <<Y:Sz, _/binary>> = YBits, - <<(X bxor Y):Sz>>. - -%% %% irandom(N) %% %% Generate a N bits size random number @@ -410,26 +263,3 @@ irandom(Bits) -> irandom(Bits, Top, Bottom) when is_integer(Top), 0 =< Top, Top =< 2 -> crypto:erlint(crypto:strong_rand_mpint(Bits, Top - 1, Bottom)). - -%% -%% random/1 -%% Generate N random bytes -%% -random(N) -> - crypto:strong_rand_bytes(N). - -%% -%% Base 64 encode/decode -%% - -b64_encode(Bs) when is_list(Bs) -> - base64:encode(Bs); -b64_encode(Bin) when is_binary(Bin) -> - base64:encode(Bin). - -b64_decode(Bin) when is_binary(Bin) -> - base64:mime_decode(Bin); -b64_decode(Cs) when is_list(Cs) -> - base64:mime_decode(Cs). - - diff --git a/lib/ssh/src/ssh_channel.erl b/lib/ssh/src/ssh_channel.erl index 1938858420..508ae637cf 100644 --- a/lib/ssh/src/ssh_channel.erl +++ b/lib/ssh/src/ssh_channel.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -23,14 +23,32 @@ -include("ssh_connect.hrl"). -%%% Optional callbacks handle_call/3, handle_cast/2, handle_msg/2, -%%% code_change/3 -%% Should be further specified later --callback init(Options::list()) -> - {ok, State::term()} | {ok, State::term(), Timeout::timeout()} | - {stop, Reason ::term()}. - --callback terminate(term(), term()) -> term(). +-callback init(Args :: term()) -> + {ok, State :: term()} | {ok, State :: term(), timeout() | hibernate} | + {stop, Reason :: term()} | ignore. +-callback handle_call(Request :: term(), From :: {pid(), Tag :: term()}, + State :: term()) -> + {reply, Reply :: term(), NewState :: term()} | + {reply, Reply :: term(), NewState :: term(), timeout() | hibernate} | + {noreply, NewState :: term()} | + {noreply, NewState :: term(), timeout() | hibernate} | + {stop, Reason :: term(), Reply :: term(), NewState :: term()} | + {stop, Reason :: term(), NewState :: term()}. +-callback handle_cast(Request :: term(), State :: term()) -> + {noreply, NewState :: term()} | + {noreply, NewState :: term(), timeout() | hibernate} | + {stop, Reason :: term(), NewState :: term()}. + +-callback terminate(Reason :: (normal | shutdown | {shutdown, term()} | + term()), + State :: term()) -> + term(). +-callback code_change(OldVsn :: (term() | {down, term()}), State :: term(), + Extra :: term()) -> + {ok, NewState :: term()} | {error, Reason :: term()}. + +-callback handle_msg(Msg ::term(), State :: term()) -> + {ok, State::term()} | {stop, ChannelId::integer(), State::term()}. -callback handle_ssh_msg({ssh_cm, ConnectionRef::term(), SshMsg::term()}, State::term()) -> {ok, State::term()} | @@ -266,7 +284,7 @@ handle_info(Msg, #state{cm = ConnectionManager, channel_cb = Module, terminate(Reason, #state{cm = ConnectionManager, channel_id = ChannelId, close_sent = false} = State) -> - ssh_connection:close(ConnectionManager, ChannelId), + catch ssh_connection:close(ConnectionManager, ChannelId), terminate(Reason, State#state{close_sent = true}); terminate(_, #state{channel_cb = Cb, channel_state = ChannelState}) -> catch Cb:terminate(Cb, ChannelState), diff --git a/lib/ssh/src/ssh_channel_sup.erl b/lib/ssh/src/ssh_channel_sup.erl index 0093bce9c2..ee37ed35f8 100644 --- a/lib/ssh/src/ssh_channel_sup.erl +++ b/lib/ssh/src/ssh_channel_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -31,7 +31,7 @@ -export([init/1]). %%%========================================================================= -%%% API +%%% Internal API %%%========================================================================= start_link(Args) -> supervisor:start_link(?MODULE, [Args]). diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 781e01b9d1..77453e8fd7 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2011. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -24,7 +24,7 @@ -module(ssh_cli). --behaviour(ssh_channel). +-behaviour(ssh_daemon_channel). -include("ssh.hrl"). -include("ssh_connect.hrl"). @@ -32,9 +32,6 @@ %% ssh_channel callbacks -export([init/1, handle_ssh_msg/2, handle_msg/2, terminate/2]). -%% backwards compatibility --export([listen/1, listen/2, listen/3, listen/4, stop/1]). - %% state -record(state, { cm, @@ -65,13 +62,14 @@ init([Shell]) -> %% %% Description: Handles channel messages received on the ssh-connection. %%-------------------------------------------------------------------- -handle_ssh_msg({ssh_cm, _ConnectionManager, +handle_ssh_msg({ssh_cm, _ConnectionHandler, {data, _ChannelId, _Type, Data}}, #state{group = Group} = State) -> - Group ! {self(), {data, binary_to_list(Data)}}, + List = binary_to_list(Data), + to_group(List, Group), {ok, State}; -handle_ssh_msg({ssh_cm, ConnectionManager, +handle_ssh_msg({ssh_cm, ConnectionHandler, {pty, ChannelId, WantReply, {TermName, Width, Height, PixWidth, PixHeight, Modes}}}, State0) -> @@ -81,55 +79,56 @@ handle_ssh_msg({ssh_cm, ConnectionManager, height = not_zero(Height, 24), pixel_width = PixWidth, pixel_height = PixHeight, - modes = Modes}}, + modes = Modes}, + buf = empty_buf()}, set_echo(State), - ssh_connection:reply_request(ConnectionManager, WantReply, + ssh_connection:reply_request(ConnectionHandler, WantReply, success, ChannelId), {ok, State}; -handle_ssh_msg({ssh_cm, ConnectionManager, +handle_ssh_msg({ssh_cm, ConnectionHandler, {env, ChannelId, WantReply, _Var, _Value}}, State) -> - ssh_connection:reply_request(ConnectionManager, + ssh_connection:reply_request(ConnectionHandler, WantReply, failure, ChannelId), {ok, State}; -handle_ssh_msg({ssh_cm, ConnectionManager, +handle_ssh_msg({ssh_cm, ConnectionHandler, {window_change, ChannelId, Width, Height, PixWidth, PixHeight}}, #state{buf = Buf, pty = Pty0} = State) -> Pty = Pty0#ssh_pty{width = Width, height = Height, pixel_width = PixWidth, pixel_height = PixHeight}, {Chars, NewBuf} = io_request({window_change, Pty0}, Buf, Pty), - write_chars(ConnectionManager, ChannelId, Chars), + write_chars(ConnectionHandler, ChannelId, Chars), {ok, State#state{pty = Pty, buf = NewBuf}}; -handle_ssh_msg({ssh_cm, ConnectionManager, +handle_ssh_msg({ssh_cm, ConnectionHandler, {shell, ChannelId, WantReply}}, State) -> - NewState = start_shell(ConnectionManager, State), - ssh_connection:reply_request(ConnectionManager, WantReply, + NewState = start_shell(ConnectionHandler, State), + ssh_connection:reply_request(ConnectionHandler, WantReply, success, ChannelId), {ok, NewState#state{channel = ChannelId, - cm = ConnectionManager}}; + cm = ConnectionHandler}}; -handle_ssh_msg({ssh_cm, ConnectionManager, +handle_ssh_msg({ssh_cm, ConnectionHandler, {exec, ChannelId, WantReply, Cmd}}, #state{exec=undefined} = State) -> {Reply, Status} = exec(Cmd), - write_chars(ConnectionManager, + write_chars(ConnectionHandler, ChannelId, io_lib:format("~p\n", [Reply])), - ssh_connection:reply_request(ConnectionManager, WantReply, + ssh_connection:reply_request(ConnectionHandler, WantReply, success, ChannelId), - ssh_connection:exit_status(ConnectionManager, ChannelId, Status), - ssh_connection:send_eof(ConnectionManager, ChannelId), - {stop, ChannelId, State#state{channel = ChannelId, cm = ConnectionManager}}; -handle_ssh_msg({ssh_cm, ConnectionManager, + ssh_connection:exit_status(ConnectionHandler, ChannelId, Status), + ssh_connection:send_eof(ConnectionHandler, ChannelId), + {stop, ChannelId, State#state{channel = ChannelId, cm = ConnectionHandler}}; +handle_ssh_msg({ssh_cm, ConnectionHandler, {exec, ChannelId, WantReply, Cmd}}, State) -> - NewState = start_shell(ConnectionManager, Cmd, State), - ssh_connection:reply_request(ConnectionManager, WantReply, + NewState = start_shell(ConnectionHandler, Cmd, State), + ssh_connection:reply_request(ConnectionHandler, WantReply, success, ChannelId), {ok, NewState#state{channel = ChannelId, - cm = ConnectionManager}}; + cm = ConnectionHandler}}; -handle_ssh_msg({ssh_cm, _ConnectionManager, {eof, _ChannelId}}, State) -> +handle_ssh_msg({ssh_cm, _ConnectionHandler, {eof, _ChannelId}}, State) -> {ok, State}; handle_ssh_msg({ssh_cm, _, {signal, _, _}}, State) -> @@ -157,16 +156,40 @@ handle_ssh_msg({ssh_cm, _, {exit_status, ChannelId, Status}}, State) -> %% %% Description: Handles other channel messages. %%-------------------------------------------------------------------- -handle_msg({ssh_channel_up, ChannelId, ConnectionManager}, +handle_msg({ssh_channel_up, ChannelId, ConnectionHandler}, #state{channel = ChannelId, - cm = ConnectionManager} = State) -> + cm = ConnectionHandler} = State) -> {ok, State}; +handle_msg({Group, set_unicode_state, _Arg}, State) -> + Group ! {self(), set_unicode_state, false}, + {ok, State}; + +handle_msg({Group, get_unicode_state}, State) -> + Group ! {self(), get_unicode_state, false}, + {ok, State}; + +handle_msg({Group, tty_geometry}, #state{group = Group, + pty = Pty + } = State) -> + case Pty of + #ssh_pty{width=Width,height=Height} -> + Group ! {self(),tty_geometry,{Width,Height}}; + _ -> + %% This is a dirty fix of the problem with the otp ssh:shell + %% client. That client will not allocate a tty, but someone + %% asks for the tty_geometry just before every erlang prompt. + %% If that question is not answered, there is a 2 sec timeout + %% Until the prompt is seen by the user at the client side ... + Group ! {self(),tty_geometry,{0,0}} + end, + {ok,State}; + handle_msg({Group, Req}, #state{group = Group, buf = Buf, pty = Pty, - cm = ConnectionManager, + cm = ConnectionHandler, channel = ChannelId} = State) -> {Chars, NewBuf} = io_request(Req, Buf, Pty), - write_chars(ConnectionManager, ChannelId, Chars), + write_chars(ConnectionHandler, ChannelId, Chars), {ok, State#state{buf = NewBuf}}; handle_msg({'EXIT', Group, _Reason}, #state{group = Group, @@ -187,8 +210,29 @@ terminate(_Reason, _State) -> %%% Internal functions %%-------------------------------------------------------------------- +to_group([], _Group) -> + ok; +to_group([$\^C | Tail], Group) -> + exit(Group, interrupt), + to_group(Tail, Group); +to_group(Data, Group) -> + Func = fun(C) -> C /= $\^C end, + Tail = case lists:splitwith(Func, Data) of + {[], Right} -> + Right; + {Left, Right} -> + Group ! {self(), {data, Left}}, + Right + end, + to_group(Tail, Group). + exec(Cmd) -> - eval(parse(scan(Cmd))). + case eval(parse(scan(Cmd))) of + {error, _} -> + {Cmd, 0}; %% This should be an external call + Term -> + Term + end. scan(Cmd) -> erl_scan:string(Cmd). @@ -224,11 +268,11 @@ io_request({window_change, OldTty}, Buf, Tty) -> io_request({put_chars, Cs}, Buf, Tty) -> put_chars(bin_to_list(Cs), Buf, Tty); io_request({put_chars, unicode, Cs}, Buf, Tty) -> - put_chars([Ch || Ch <- unicode:characters_to_list(Cs,unicode), Ch =< 255], Buf, Tty); + put_chars(unicode:characters_to_list(Cs,unicode), Buf, Tty); io_request({insert_chars, Cs}, Buf, Tty) -> insert_chars(bin_to_list(Cs), Buf, Tty); io_request({insert_chars, unicode, Cs}, Buf, Tty) -> - insert_chars([Ch || Ch <- unicode:characters_to_list(Cs,unicode), Ch =< 255], Buf, Tty); + insert_chars(unicode:characters_to_list(Cs,unicode), Buf, Tty); io_request({move_rel, N}, Buf, Tty) -> move_rel(N, Buf, Tty); io_request({delete_chars,N}, Buf, Tty) -> @@ -314,7 +358,7 @@ delete_chars(N, {Buf, BufTail, Col}, Tty) when N > 0 -> {Buf, NewBufTail, Col}}; delete_chars(N, {Buf, BufTail, Col}, Tty) -> % N < 0 NewBuf = nthtail(-N, Buf), - NewCol = Col + N, + NewCol = case Col + N of V when V >= 0 -> V; _ -> 0 end, M1 = move_cursor(Col, NewCol, Tty), M2 = move_cursor(NewCol + length(BufTail) - N, NewCol, Tty), {[M1, BufTail, lists:duplicate(-N, $ ) | M2], @@ -376,12 +420,12 @@ move_cursor(From, To, #ssh_pty{width=Width, term=Type}) -> %% %%% write out characters %% %%% make sure that there is data to send %% %%% before calling ssh_connection:send -write_chars(ConnectionManager, ChannelId, Chars) -> +write_chars(ConnectionHandler, ChannelId, Chars) -> case erlang:iolist_size(Chars) of 0 -> ok; _ -> - ssh_connection:send(ConnectionManager, ChannelId, + ssh_connection:send(ConnectionHandler, ChannelId, ?SSH_EXTENDED_DATA_DEFAULT, Chars) end. @@ -411,18 +455,20 @@ bin_to_list(L) when is_list(L) -> bin_to_list(I) when is_integer(I) -> I. -start_shell(ConnectionManager, State) -> +start_shell(ConnectionHandler, State) -> Shell = State#state.shell, + ConnectionInfo = ssh_connection_handler:info(ConnectionHandler, + [peer, user]), ShellFun = case is_function(Shell) of true -> {ok, User} = - ssh_userreg:lookup_user(ConnectionManager), + proplists:get_value(user, ConnectionInfo), case erlang:fun_info(Shell, arity) of {arity, 1} -> fun() -> Shell(User) end; {arity, 2} -> - {ok, PeerAddr} = - ssh_connection_manager:peer_addr(ConnectionManager), + [{_, PeerAddr}] = + proplists:get_value(peer, ConnectionInfo), fun() -> Shell(User, PeerAddr) end; _ -> Shell @@ -434,12 +480,15 @@ start_shell(ConnectionManager, State) -> Group = group:start(self(), ShellFun, [{echo, Echo}]), State#state{group = Group, buf = empty_buf()}. -start_shell(_ConnectionManager, Cmd, #state{exec={M, F, A}} = State) -> +start_shell(_ConnectionHandler, Cmd, #state{exec={M, F, A}} = State) -> Group = group:start(self(), {M, F, A++[Cmd]}, [{echo, false}]), State#state{group = Group, buf = empty_buf()}; -start_shell(ConnectionManager, Cmd, #state{exec=Shell} = State) when is_function(Shell) -> +start_shell(ConnectionHandler, Cmd, #state{exec=Shell} = State) when is_function(Shell) -> + + ConnectionInfo = ssh_connection_handler:info(ConnectionHandler, + [peer, user]), {ok, User} = - ssh_userreg:lookup_user(ConnectionManager), + proplists:get_value(user, ConnectionInfo), ShellFun = case erlang:fun_info(Shell, arity) of {arity, 1} -> @@ -447,8 +496,8 @@ start_shell(ConnectionManager, Cmd, #state{exec=Shell} = State) when is_function {arity, 2} -> fun() -> Shell(Cmd, User) end; {arity, 3} -> - {ok, PeerAddr} = - ssh_connection_manager:peer_addr(ConnectionManager), + [{_, PeerAddr}] = + proplists:get_value(peer, ConnectionInfo), fun() -> Shell(Cmd, User, PeerAddr) end; _ -> Shell @@ -482,31 +531,3 @@ not_zero(0, B) -> not_zero(A, _) -> A. -%%% Backwards compatibility - -%%-------------------------------------------------------------------- -%% Function: listen(...) -> {ok,Pid} | ignore | {error,Error} -%% Description: Starts a listening server -%% Note that the pid returned is NOT the pid of this gen_server; -%% this server is started when an SSH connection is made on the -%% listening port -%%-------------------------------------------------------------------- -listen(Shell) -> - listen(Shell, 22). - -listen(Shell, Port) -> - listen(Shell, Port, []). - -listen(Shell, Port, Opts) -> - listen(Shell, any, Port, Opts). - -listen(Shell, HostAddr, Port, Opts) -> - ssh:daemon(HostAddr, Port, [{shell, Shell} | Opts]). - - -%%-------------------------------------------------------------------- -%% Function: stop(Pid) -> ok -%% Description: Stops the listener -%%-------------------------------------------------------------------- -stop(Pid) -> - ssh:stop_listener(Pid). diff --git a/lib/ssh/src/ssh_client_key.erl b/lib/ssh/src/ssh_client_key.erl new file mode 100644 index 0000000000..2c48884dc2 --- /dev/null +++ b/lib/ssh/src/ssh_client_key.erl @@ -0,0 +1,34 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2011-2012. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +-module(ssh_client_key). + +-include_lib("public_key/include/public_key.hrl"). +-include("ssh.hrl"). + +-callback is_host_key(Key :: public_key(), Host :: string(), + Algorithm :: 'ssh-rsa'| 'ssh-dsa'| atom(), Options :: proplists:proplist()) -> + boolean(). + +-callback user_key(Algorithm :: 'ssh-rsa'| 'ssh-dsa'| atom(), Options :: list()) -> + {ok, PrivateKey :: term()} | {error, string()}. + + +-callback add_host_key(Host :: string(), PublicKey :: term(), Options :: list()) -> + ok | {error, Error::term()}. diff --git a/lib/ssh/src/ssh_client_key_api.erl b/lib/ssh/src/ssh_client_key_api.erl new file mode 100644 index 0000000000..a17c7cbc77 --- /dev/null +++ b/lib/ssh/src/ssh_client_key_api.erl @@ -0,0 +1,35 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2011-2013. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +-module(ssh_client_key_api). + +-include_lib("public_key/include/public_key.hrl"). +-include("ssh.hrl"). + +-callback is_host_key(PublicKey :: #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term() , Host :: string(), + Algorithm :: 'ssh-rsa'| 'ssh-dss'| atom(), ConnectOptions :: proplists:proplist()) -> + boolean(). + +-callback user_key(Algorithm :: 'ssh-rsa'| 'ssh-dss'| atom(), ConnectOptions :: proplists:proplist()) -> + {ok, PrivateKey :: #'RSAPrivateKey'{}| #'DSAPrivateKey'{} | term()} | {error, string()}. + + +-callback add_host_key(Host :: string(), PublicKey :: #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term(), + Options :: list()) -> + ok | {error, Error::term()}. diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index 932b0642f1..8421b07167 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2012. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -21,6 +21,8 @@ %%% Description : SSH connection protocol +-type channel_id() :: integer(). + -define(DEFAULT_PACKET_SIZE, 32768). -define(DEFAULT_WINDOW_SIZE, 2*?DEFAULT_PACKET_SIZE). -define(DEFAULT_TIMEOUT, 5000). @@ -260,6 +262,7 @@ port, options, exec, + system_supervisor, sub_system_supervisor, connection_supervisor }). diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index c2a7c63cbe..03dddae3c8 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -29,232 +29,205 @@ -include("ssh_connect.hrl"). -include("ssh_transport.hrl"). +%% API -export([session_channel/2, session_channel/4, exec/4, shell/2, subsystem/4, send/3, send/4, send/5, - send_eof/2, adjust_window/3, open_pty/3, open_pty/7, - open_pty/9, setenv/5, window_change/4, window_change/6, + send_eof/2, adjust_window/3, setenv/5, close/2, reply_request/4]). + +%% Potential API currently unsupported and not tested +-export([open_pty/3, open_pty/7, + open_pty/9, window_change/4, window_change/6, direct_tcpip/6, direct_tcpip/8, tcpip_forward/3, - cancel_tcpip_forward/3, signal/3, exit_status/3, encode_ip/1, close/2, - reply_request/4]). + cancel_tcpip_forward/3, signal/3, exit_status/3]). --export([channel_data/6, handle_msg/4, channel_eof_msg/1, +%% Internal application API +-export([channel_data/5, handle_msg/3, channel_eof_msg/1, channel_close_msg/1, channel_success_msg/1, channel_failure_msg/1, + channel_status_msg/1, channel_adjust_window_msg/2, channel_data_msg/3, channel_open_msg/5, channel_open_confirmation_msg/4, channel_open_failure_msg/4, channel_request_msg/4, global_request_msg/3, request_failure_msg/0, request_success_msg/1, bind/4, unbind/3, unbind_channel/2, - bound_channel/3, messages/0]). + bound_channel/3, encode_ip/1]). %%-------------------------------------------------------------------- -%%% Internal application API +%%% API %%-------------------------------------------------------------------- %%-------------------------------------------------------------------- -%% Function: session_channel(ConnectionManager -%% [, InitialWindowSize, MaxPacketSize], -%% Timeout) -> {ok, } -%% ConnectionManager = pid() -%% InitialWindowSize = integer() -%% MaxPacketSize = integer() -%% +-spec session_channel(pid(), timeout()) -> {ok, channel_id()} | {error, term()}. +-spec session_channel(pid(), integer(), integer(), timeout()) -> {ok, channel_id()} | {error, term()}. + %% Description: Opens a channel for a ssh session. A session is a %% remote execution of a program. The program may be a shell, an %% application, a system command, or some built-in subsystem. %% -------------------------------------------------------------------- -session_channel(ConnectionManager, Timeout) -> - session_channel(ConnectionManager, + +session_channel(ConnectionHandler, Timeout) -> + session_channel(ConnectionHandler, ?DEFAULT_WINDOW_SIZE, ?DEFAULT_PACKET_SIZE, Timeout). -session_channel(ConnectionManager, InitialWindowSize, + +session_channel(ConnectionHandler, InitialWindowSize, MaxPacketSize, Timeout) -> - ssh_connection_manager:open_channel(ConnectionManager, "session", <<>>, + case ssh_connection_handler:open_channel(ConnectionHandler, "session", <<>>, InitialWindowSize, - MaxPacketSize, Timeout). + MaxPacketSize, Timeout) of + {open, Channel} -> + {ok, Channel}; + Error -> + Error + end. + %%-------------------------------------------------------------------- -%% Function: exec(ConnectionManager, ChannelId, Command, Timeout) -> -%% -%% ConnectionManager = pid() -%% ChannelId = integer() -%% Cmd = string() -%% Timeout = integer() -%% +-spec exec(pid(), channel_id(), string(), timeout()) -> success | failure. + %% Description: Will request that the server start the %% execution of the given command. %%-------------------------------------------------------------------- -exec(ConnectionManager, ChannelId, Command, TimeOut) -> - ssh_connection_manager:request(ConnectionManager, self(), ChannelId, "exec", - true, [?string(Command)], TimeOut). +exec(ConnectionHandler, ChannelId, Command, TimeOut) -> + ssh_connection_handler:request(ConnectionHandler, self(), ChannelId, "exec", + true, [?string(Command)], TimeOut). + %%-------------------------------------------------------------------- -%% Function: shell(ConnectionManager, ChannelId) -> -%% -%% ConnectionManager = pid() -%% ChannelId = integer() -%% +-spec shell(pid(), channel_id()) -> _. + %% Description: Will request that the user's default shell (typically %% defined in /etc/passwd in UNIX systems) be started at the other %% end. %%-------------------------------------------------------------------- -shell(ConnectionManager, ChannelId) -> - ssh_connection_manager:request(ConnectionManager, self(), ChannelId, +shell(ConnectionHandler, ChannelId) -> + ssh_connection_handler:request(ConnectionHandler, self(), ChannelId, "shell", false, <<>>, 0). %%-------------------------------------------------------------------- -%% Function: subsystem(ConnectionManager, ChannelId, SubSystem, TimeOut) -> -%% -%% ConnectionManager = pid() -%% ChannelId = integer() -%% SubSystem = string() -%% TimeOut = integer() -%% +-spec subsystem(pid(), channel_id(), string(), timeout()) -> + success | failure | {error, timeout}. %% %% Description: Executes a predefined subsystem. %%-------------------------------------------------------------------- -subsystem(ConnectionManager, ChannelId, SubSystem, TimeOut) -> - ssh_connection_manager:request(ConnectionManager, self(), +subsystem(ConnectionHandler, ChannelId, SubSystem, TimeOut) -> + ssh_connection_handler:request(ConnectionHandler, self(), ChannelId, "subsystem", true, [?string(SubSystem)], TimeOut). %%-------------------------------------------------------------------- -%% Function: send(ConnectionManager, ChannelId, Type, Data, [TimeOut]) -> +-spec send(pid(), channel_id(), iodata()) -> + ok | {error, closed}. +-spec send(pid(), channel_id(), integer()| iodata(), timeout() | iodata()) -> + ok | {error, timeout} | {error, closed}. +-spec send(pid(), channel_id(), integer(), iodata(), timeout()) -> + ok | {error, timeout} | {error, closed}. %% %% %% Description: Sends channel data. %%-------------------------------------------------------------------- -send(ConnectionManager, ChannelId, Data) -> - send(ConnectionManager, ChannelId, 0, Data, infinity). -send(ConnectionManager, ChannelId, Data, TimeOut) when is_integer(TimeOut) -> - send(ConnectionManager, ChannelId, 0, Data, TimeOut); -send(ConnectionManager, ChannelId, Data, infinity) -> - send(ConnectionManager, ChannelId, 0, Data, infinity); -send(ConnectionManager, ChannelId, Type, Data) -> - send(ConnectionManager, ChannelId, Type, Data, infinity). -send(ConnectionManager, ChannelId, Type, Data, TimeOut) -> - ssh_connection_manager:send(ConnectionManager, ChannelId, +send(ConnectionHandler, ChannelId, Data) -> + send(ConnectionHandler, ChannelId, 0, Data, infinity). +send(ConnectionHandler, ChannelId, Data, TimeOut) when is_integer(TimeOut) -> + send(ConnectionHandler, ChannelId, 0, Data, TimeOut); +send(ConnectionHandler, ChannelId, Data, infinity) -> + send(ConnectionHandler, ChannelId, 0, Data, infinity); +send(ConnectionHandler, ChannelId, Type, Data) -> + send(ConnectionHandler, ChannelId, Type, Data, infinity). +send(ConnectionHandler, ChannelId, Type, Data, TimeOut) -> + ssh_connection_handler:send(ConnectionHandler, ChannelId, Type, Data, TimeOut). %%-------------------------------------------------------------------- -%% Function: send_eof(ConnectionManager, ChannelId) -> +-spec send_eof(pid(), channel_id()) -> ok | {error, closed}. %% %% %% Description: Sends eof on the channel <ChannelId>. %%-------------------------------------------------------------------- -send_eof(ConnectionManager, Channel) -> - ssh_connection_manager:send_eof(ConnectionManager, Channel). +send_eof(ConnectionHandler, Channel) -> + ssh_connection_handler:send_eof(ConnectionHandler, Channel). %%-------------------------------------------------------------------- -%% Function: adjust_window(ConnectionManager, Channel, Bytes) -> +-spec adjust_window(pid(), channel_id(), integer()) -> ok. %% %% %% Description: Adjusts the ssh flowcontrol window. %%-------------------------------------------------------------------- -adjust_window(ConnectionManager, Channel, Bytes) -> - ssh_connection_manager:adjust_window(ConnectionManager, Channel, Bytes). +adjust_window(ConnectionHandler, Channel, Bytes) -> + ssh_connection_handler:adjust_window(ConnectionHandler, Channel, Bytes). %%-------------------------------------------------------------------- -%% Function: setenv(ConnectionManager, ChannelId, Var, Value, TimeOut) -> +-spec setenv(pid(), channel_id(), string(), string(), timeout()) -> success | failure. %% %% %% Description: Environment variables may be passed to the shell/command to be %% started later. %%-------------------------------------------------------------------- -setenv(ConnectionManager, ChannelId, Var, Value, TimeOut) -> - ssh_connection_manager:request(ConnectionManager, ChannelId, +setenv(ConnectionHandler, ChannelId, Var, Value, TimeOut) -> + ssh_connection_handler:request(ConnectionHandler, ChannelId, "env", true, [?string(Var), ?string(Value)], TimeOut). %%-------------------------------------------------------------------- -%% Function: close(ConnectionManager, ChannelId) -> +-spec close(pid(), channel_id()) -> ok. %% %% %% Description: Sends a close message on the channel <ChannelId>. %%-------------------------------------------------------------------- -close(ConnectionManager, ChannelId) -> - ssh_connection_manager:close(ConnectionManager, ChannelId). - +close(ConnectionHandler, ChannelId) -> + ssh_connection_handler:close(ConnectionHandler, ChannelId). %%-------------------------------------------------------------------- -%% Function: reply_request(ConnectionManager, WantReply, Status, CannelId) ->_ +-spec reply_request(pid(), boolean(), success | failure, channel_id()) -> ok. %% %% %% Description: Send status replies to requests that want such replies. %%-------------------------------------------------------------------- -reply_request(ConnectionManager, true, Status, ChannelId) -> - ConnectionManager ! {ssh_cm, self(), {Status, ChannelId}}, - ok; +reply_request(ConnectionHandler, true, Status, ChannelId) -> + ssh_connection_handler:reply_request(ConnectionHandler, Status, ChannelId); reply_request(_,false, _, _) -> ok. - %%-------------------------------------------------------------------- -%% Function: window_change(ConnectionManager, Channel, Width, Height) -> -%% -%% -%% Description: Not yet officialy supported. +%% Not yet officialy supported! The following functions are part of the +%% initial contributed ssh application. They are untested. Do we want them? +%% Should they be documented and tested? %%-------------------------------------------------------------------- -window_change(ConnectionManager, Channel, Width, Height) -> - window_change(ConnectionManager, Channel, Width, Height, 0, 0). -window_change(ConnectionManager, Channel, Width, Height, +window_change(ConnectionHandler, Channel, Width, Height) -> + window_change(ConnectionHandler, Channel, Width, Height, 0, 0). +window_change(ConnectionHandler, Channel, Width, Height, PixWidth, PixHeight) -> - ssh_connection_manager:request(ConnectionManager, Channel, + ssh_connection_handler:request(ConnectionHandler, Channel, "window-change", false, [?uint32(Width), ?uint32(Height), ?uint32(PixWidth), ?uint32(PixHeight)], 0). -%%-------------------------------------------------------------------- -%% Function: signal(ConnectionManager, Channel, Sig) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -signal(ConnectionManager, Channel, Sig) -> - ssh_connection_manager:request(ConnectionManager, Channel, + +signal(ConnectionHandler, Channel, Sig) -> + ssh_connection_handler:request(ConnectionHandler, Channel, "signal", false, [?string(Sig)], 0). -%%-------------------------------------------------------------------- -%% Function: signal(ConnectionManager, Channel, Status) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -exit_status(ConnectionManager, Channel, Status) -> - ssh_connection_manager:request(ConnectionManager, Channel, - "exit-status", false, [?uint32(Status)], 0). +exit_status(ConnectionHandler, Channel, Status) -> + ssh_connection_handler:request(ConnectionHandler, Channel, + "exit-status", false, [?uint32(Status)], 0). -%%-------------------------------------------------------------------- -%% Function: open_pty(ConnectionManager, Channel, TimeOut) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -open_pty(ConnectionManager, Channel, TimeOut) -> - open_pty(ConnectionManager, Channel, +open_pty(ConnectionHandler, Channel, TimeOut) -> + open_pty(ConnectionHandler, Channel, os:getenv("TERM"), 80, 24, [], TimeOut). -open_pty(ConnectionManager, Channel, Term, Width, Height, PtyOpts, TimeOut) -> - open_pty(ConnectionManager, Channel, Term, Width, +open_pty(ConnectionHandler, Channel, Term, Width, Height, PtyOpts, TimeOut) -> + open_pty(ConnectionHandler, Channel, Term, Width, Height, 0, 0, PtyOpts, TimeOut). -open_pty(ConnectionManager, Channel, Term, Width, Height, +open_pty(ConnectionHandler, Channel, Term, Width, Height, PixWidth, PixHeight, PtyOpts, TimeOut) -> - ssh_connection_manager:request(ConnectionManager, + ssh_connection_handler:request(ConnectionHandler, Channel, "pty-req", true, [?string(Term), ?uint32(Width), ?uint32(Height), ?uint32(PixWidth),?uint32(PixHeight), encode_pty_opts(PtyOpts)], TimeOut). - -%%-------------------------------------------------------------------- -%% Function: direct_tcpip(ConnectionManager, RemoteHost, -%% RemotePort, OrigIP, OrigPort, Timeout) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -direct_tcpip(ConnectionManager, RemoteHost, +direct_tcpip(ConnectionHandler, RemoteHost, RemotePort, OrigIP, OrigPort, Timeout) -> - direct_tcpip(ConnectionManager, RemoteHost, RemotePort, OrigIP, OrigPort, + direct_tcpip(ConnectionHandler, RemoteHost, RemotePort, OrigIP, OrigPort, ?DEFAULT_WINDOW_SIZE, ?DEFAULT_PACKET_SIZE, Timeout). -direct_tcpip(ConnectionManager, RemoteIP, RemotePort, OrigIP, OrigPort, +direct_tcpip(ConnectionHandler, RemoteIP, RemotePort, OrigIP, OrigPort, InitialWindowSize, MaxPacketSize, Timeout) -> case {encode_ip(RemoteIP), encode_ip(OrigIP)} of {false, _} -> @@ -262,7 +235,7 @@ direct_tcpip(ConnectionManager, RemoteIP, RemotePort, OrigIP, OrigPort, {_, false} -> {error, einval}; {RIP, OIP} -> - ssh_connection_manager:open_channel(ConnectionManager, + ssh_connection_handler:open_channel(ConnectionHandler, "direct-tcpip", [?string(RIP), ?uint32(RemotePort), @@ -272,34 +245,24 @@ direct_tcpip(ConnectionManager, RemoteIP, RemotePort, OrigIP, OrigPort, MaxPacketSize, Timeout) end. -%%-------------------------------------------------------------------- -%% Function: tcpip_forward(ConnectionManager, BindIP, BindPort) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -tcpip_forward(ConnectionManager, BindIP, BindPort) -> + +tcpip_forward(ConnectionHandler, BindIP, BindPort) -> case encode_ip(BindIP) of false -> {error, einval}; IPStr -> - ssh_connection_manager:global_request(ConnectionManager, + ssh_connection_handler:global_request(ConnectionHandler, "tcpip-forward", true, [?string(IPStr), ?uint32(BindPort)]) end. -%%-------------------------------------------------------------------- -%% Function: cancel_tcpip_forward(ConnectionManager, BindIP, Port) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -cancel_tcpip_forward(ConnectionManager, BindIP, Port) -> + +cancel_tcpip_forward(ConnectionHandler, BindIP, Port) -> case encode_ip(BindIP) of false -> {error, einval}; IPStr -> - ssh_connection_manager:global_request(ConnectionManager, + ssh_connection_handler:global_request(ConnectionHandler, "cancel-tcpip-forward", true, [?string(IPStr), ?uint32(Port)]) @@ -308,31 +271,33 @@ cancel_tcpip_forward(ConnectionManager, BindIP, Port) -> %%-------------------------------------------------------------------- %%% Internal API %%-------------------------------------------------------------------- -channel_data(ChannelId, DataType, Data, Connection, ConnectionPid, From) +channel_data(ChannelId, DataType, Data, Connection, From) when is_list(Data)-> channel_data(ChannelId, DataType, - list_to_binary(Data), Connection, ConnectionPid, From); + list_to_binary(Data), Connection, From); channel_data(ChannelId, DataType, Data, - #connection{channel_cache = Cache} = Connection, ConnectionPid, + #connection{channel_cache = Cache} = Connection, From) -> case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id} = Channel0 -> - {SendList, Channel} = update_send_window(Channel0, DataType, - Data, Connection), + #channel{remote_id = Id, sent_close = false} = Channel0 -> + {SendList, Channel} = + update_send_window(Channel0#channel{flow_control = From}, DataType, + Data, Connection), Replies = lists:map(fun({SendDataType, SendData}) -> - {connection_reply, ConnectionPid, - channel_data_msg(Id, - SendDataType, - SendData)} + {connection_reply, + channel_data_msg(Id, + SendDataType, + SendData)} end, SendList), FlowCtrlMsgs = flow_control(Replies, - Channel#channel{flow_control = From}, + Channel, Cache), {{replies, Replies ++ FlowCtrlMsgs}, Connection}; - undefined -> + _ -> + gen_fsm:reply(From, {error, closed}), {noreply, Connection} end. @@ -340,7 +305,7 @@ handle_msg(#ssh_msg_channel_open_confirmation{recipient_channel = ChannelId, sender_channel = RemoteId, initial_window_size = WindowSz, maximum_packet_size = PacketSz}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> #channel{remote_id = undefined} = Channel = ssh_channel:cache_lookup(Cache, ChannelId), @@ -356,7 +321,7 @@ handle_msg(#ssh_msg_channel_open_failure{recipient_channel = ChannelId, reason = Reason, description = Descr, lang = Lang}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> Channel = ssh_channel:cache_lookup(Cache, ChannelId), ssh_channel:cache_delete(Cache, ChannelId), {Reply, Connection} = @@ -364,63 +329,84 @@ handle_msg(#ssh_msg_channel_open_failure{recipient_channel = ChannelId, {{replies, [Reply]}, Connection}; handle_msg(#ssh_msg_channel_success{recipient_channel = ChannelId}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> Channel = ssh_channel:cache_lookup(Cache, ChannelId), - {Reply, Connection} = reply_msg(Channel, Connection0, success), - {{replies, [Reply]}, Connection}; + case reply_msg(Channel, Connection0, success) of + {[], Connection} -> + {noreply, Connection}; + {Reply, Connection} -> + {{replies, [Reply]}, Connection} + end; handle_msg(#ssh_msg_channel_failure{recipient_channel = ChannelId}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> Channel = ssh_channel:cache_lookup(Cache, ChannelId), - {Reply, Connection} = reply_msg(Channel, Connection0, failure), - {{replies, [Reply]}, Connection}; + case reply_msg(Channel, Connection0, failure) of + {[], Connection} -> + {noreply, Connection}; + {Reply, Connection} -> + {{replies, [Reply]}, Connection} + end; + handle_msg(#ssh_msg_channel_eof{recipient_channel = ChannelId}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> Channel = ssh_channel:cache_lookup(Cache, ChannelId), {Reply, Connection} = reply_msg(Channel, Connection0, {eof, ChannelId}), {{replies, [Reply]}, Connection}; handle_msg(#ssh_msg_channel_close{recipient_channel = ChannelId}, - #connection{channel_cache = Cache} = Connection0, - ConnectionPid, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{sent_close = Closed, remote_id = RemoteId} = Channel -> + #channel{sent_close = Closed, remote_id = RemoteId, + flow_control = FlowControl} = Channel -> ssh_channel:cache_delete(Cache, ChannelId), {CloseMsg, Connection} = reply_msg(Channel, Connection0, {closed, ChannelId}), - case Closed of - true -> - {{replies, [CloseMsg]}, Connection}; - false -> - RemoteCloseMsg = channel_close_msg(RemoteId), - {{replies, - [{connection_reply, - ConnectionPid, RemoteCloseMsg}, - CloseMsg]}, Connection} - end; + ConnReplyMsgs = + case Closed of + true -> []; + false -> + RemoteCloseMsg = channel_close_msg(RemoteId), + [{connection_reply, RemoteCloseMsg}] + end, + + %% if there was a send() in progress, make it fail + SendReplyMsgs = + case FlowControl of + undefined -> []; + From -> + [{flow_control, From, {error, closed}}] + end, + + Replies = ConnReplyMsgs ++ [CloseMsg] ++ SendReplyMsgs, + {{replies, Replies}, Connection}; + undefined -> {{replies, []}, Connection0} end; handle_msg(#ssh_msg_channel_data{recipient_channel = ChannelId, data = Data}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> - #channel{recv_window_size = Size} = Channel = - ssh_channel:cache_lookup(Cache, ChannelId), - WantedSize = Size - size(Data), - ssh_channel:cache_update(Cache, Channel#channel{ - recv_window_size = WantedSize}), - {Replies, Connection} = - channel_data_reply(Cache, Channel, Connection0, 0, Data), - {{replies, Replies}, Connection}; + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{recv_window_size = Size} = Channel -> + WantedSize = Size - size(Data), + ssh_channel:cache_update(Cache, Channel#channel{ + recv_window_size = WantedSize}), + {Replies, Connection} = + channel_data_reply(Cache, Channel, Connection0, 0, Data), + {{replies, Replies}, Connection}; + undefined -> + {noreply, Connection0} + end; handle_msg(#ssh_msg_channel_extended_data{recipient_channel = ChannelId, data_type_code = DataType, data = Data}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> #channel{recv_window_size = Size} = Channel = ssh_channel:cache_lookup(Cache, ChannelId), @@ -433,19 +419,16 @@ handle_msg(#ssh_msg_channel_extended_data{recipient_channel = ChannelId, handle_msg(#ssh_msg_channel_window_adjust{recipient_channel = ChannelId, bytes_to_add = Add}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, _) -> - + #connection{channel_cache = Cache} = Connection, _) -> #channel{send_window_size = Size, remote_id = RemoteId} = Channel0 = ssh_channel:cache_lookup(Cache, ChannelId), {SendList, Channel} = %% TODO: Datatype 0 ? update_send_window(Channel0#channel{send_window_size = Size + Add}, - 0, <<>>, Connection), + 0, undefined, Connection), Replies = lists:map(fun({Type, Data}) -> - {connection_reply, ConnectionPid, - channel_data_msg(RemoteId, Type, Data)} + {connection_reply, channel_data_msg(RemoteId, Type, Data)} end, SendList), FlowCtrlMsgs = flow_control(Channel, Cache), {{replies, Replies ++ FlowCtrlMsgs}, Connection}; @@ -453,10 +436,9 @@ handle_msg(#ssh_msg_channel_window_adjust{recipient_channel = ChannelId, handle_msg(#ssh_msg_channel_open{channel_type = "session" = Type, sender_channel = RemoteId, initial_window_size = WindowSz, - maximum_packet_size = PacketSz}, Connection0, - ConnectionPid, server) -> + maximum_packet_size = PacketSz}, Connection0, server) -> - try setup_session(Connection0, ConnectionPid, RemoteId, + try setup_session(Connection0, RemoteId, Type, WindowSz, PacketSz) of Result -> Result @@ -464,20 +446,20 @@ handle_msg(#ssh_msg_channel_open{channel_type = "session" = Type, FailMsg = channel_open_failure_msg(RemoteId, ?SSH_OPEN_CONNECT_FAILED, "Connection refused", "en"), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, + {{replies, [{connection_reply, FailMsg}]}, Connection0} end; handle_msg(#ssh_msg_channel_open{channel_type = "session", sender_channel = RemoteId}, - Connection, ConnectionPid, client) -> + Connection, client) -> %% Client implementations SHOULD reject any session channel open %% requests to make it more difficult for a corrupt server to attack the %% client. See See RFC 4254 6.1. FailMsg = channel_open_failure_msg(RemoteId, ?SSH_OPEN_CONNECT_FAILED, "Connection refused", "en"), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, + {{replies, [{connection_reply, FailMsg}]}, Connection}; handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, @@ -485,8 +467,7 @@ handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, initial_window_size = RWindowSz, maximum_packet_size = RPacketSz, data = Data}, - #connection{channel_cache = Cache} = Connection0, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection0, server) -> <<?UINT32(ALen), Address:ALen/binary, ?UINT32(Port), ?UINT32(OLen), Orig:OLen/binary, ?UINT32(OrigPort)>> = Data, @@ -496,7 +477,7 @@ handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, ?SSH_OPEN_CONNECT_FAILED, "Connection refused", "en"), {{replies, - [{connection_reply, ConnectionPid, FailMsg}]}, Connection0}; + [{connection_reply, FailMsg}]}, Connection0}; ChannelPid -> {ChannelId, Connection1} = new_channel_id(Connection0), LWindowSz = ?DEFAULT_WINDOW_SIZE, @@ -517,32 +498,31 @@ handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, {open, Channel, {forwarded_tcpip, decode_ip(Address), Port, decode_ip(Orig), OrigPort}}), - {{replies, [{connection_reply, ConnectionPid, OpenConfMsg}, + {{replies, [{connection_reply, OpenConfMsg}, OpenMsg]}, Connection} end; handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip", sender_channel = RemoteId}, - Connection, ConnectionPid, client) -> + Connection, client) -> %% Client implementations SHOULD reject direct TCP/IP open requests for %% security reasons. See RFC 4254 7.2. FailMsg = channel_open_failure_msg(RemoteId, ?SSH_OPEN_CONNECT_FAILED, "Connection refused", "en"), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, Connection}; + {{replies, [{connection_reply, FailMsg}]}, Connection}; -handle_msg(#ssh_msg_channel_open{sender_channel = RemoteId}, Connection, - ConnectionPid, _) -> +handle_msg(#ssh_msg_channel_open{sender_channel = RemoteId}, Connection, _) -> FailMsg = channel_open_failure_msg(RemoteId, ?SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, "Not allowed", "en"), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, Connection}; + {{replies, [{connection_reply, FailMsg}]}, Connection}; handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "exit-status", data = Data}, - #connection{channel_cache = Cache} = Connection, _, _) -> + #connection{channel_cache = Cache} = Connection, _) -> <<?UINT32(Status)>> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), {Reply, Connection} = @@ -553,8 +533,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "exit-signal", want_reply = false, data = Data}, - #connection{channel_cache = Cache} = Connection0, - ConnectionPid, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> <<?UINT32(SigLen), SigName:SigLen/binary, ?BOOLEAN(_Core), ?UINT32(ErrLen), Err:ErrLen/binary, @@ -567,14 +546,14 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, binary_to_list(Err), binary_to_list(Lang)}), CloseMsg = channel_close_msg(RemoteId), - {{replies, [{connection_reply, ConnectionPid, CloseMsg}, Reply]}, + {{replies, [{connection_reply, CloseMsg}, Reply]}, Connection}; handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "xon-xoff", want_reply = false, data = Data}, - #connection{channel_cache = Cache} = Connection, _, _) -> + #connection{channel_cache = Cache} = Connection, _) -> <<?BOOLEAN(CDo)>> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), {Reply, Connection} = @@ -585,7 +564,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "window-change", want_reply = false, data = Data}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> <<?UINT32(Width),?UINT32(Height), ?UINT32(PixWidth), ?UINT32(PixHeight)>> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), @@ -598,7 +577,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "signal", data = Data}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> <<?UINT32(SigLen), SigName:SigLen/binary>> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), @@ -611,8 +590,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "subsystem", want_reply = WantReply, data = Data}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection, server) -> <<?UINT32(SsLen), SsName:SsLen/binary>> = Data, #channel{remote_id = RemoteId} = Channel0 = @@ -620,22 +598,23 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, ReplyMsg = {subsystem, ChannelId, WantReply, binary_to_list(SsName)}, - try start_subsytem(SsName, Connection, Channel0, ReplyMsg) of - {ok, Pid} -> - erlang:monitor(process, Pid), - Channel = Channel0#channel{user = Pid}, - ssh_channel:cache_update(Cache, Channel), - Reply = {connection_reply, ConnectionPid, - channel_success_msg(RemoteId)}, - {{replies, [Reply]}, Connection} - catch _:_ -> - Reply = {connection_reply, ConnectionPid, - channel_failure_msg(RemoteId)}, - {{replies, [Reply]}, Connection} + try + {ok, Pid} = start_subsytem(SsName, Connection, Channel0, ReplyMsg), + erlang:monitor(process, Pid), + Channel = Channel0#channel{user = Pid}, + ssh_channel:cache_update(Cache, Channel), + Reply = {connection_reply, + channel_success_msg(RemoteId)}, + {{replies, [Reply]}, Connection} + catch + _:_ -> + ErrorReply = {connection_reply, + channel_failure_msg(RemoteId)}, + {{replies, [ErrorReply]}, Connection} end; handle_msg(#ssh_msg_channel_request{request_type = "subsystem"}, - Connection, _, client) -> + Connection, client) -> %% The client SHOULD ignore subsystem requests. See RFC 4254 6.5. {{replies, []}, Connection}; @@ -643,8 +622,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "pty-req", want_reply = WantReply, data = Data}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection, server) -> <<?UINT32(TermLen), BTermName:TermLen/binary, ?UINT32(Width),?UINT32(Height), ?UINT32(PixWidth), ?UINT32(PixHeight), @@ -656,27 +634,26 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, Channel = ssh_channel:cache_lookup(Cache, ChannelId), - handle_cli_msg(Connection, ConnectionPid, Channel, + handle_cli_msg(Connection, Channel, {pty, ChannelId, WantReply, PtyRequest}); handle_msg(#ssh_msg_channel_request{request_type = "pty-req"}, - Connection, _, client) -> + Connection, client) -> %% The client SHOULD ignore pty requests. See RFC 4254 6.2. {{replies, []}, Connection}; handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "shell", want_reply = WantReply}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection, server) -> Channel = ssh_channel:cache_lookup(Cache, ChannelId), - handle_cli_msg(Connection, ConnectionPid, Channel, + handle_cli_msg(Connection, Channel, {shell, ChannelId, WantReply}); handle_msg(#ssh_msg_channel_request{request_type = "shell"}, - Connection, _, client) -> + Connection, client) -> %% The client SHOULD ignore shell requests. See RFC 4254 6.5. {{replies, []}, Connection}; @@ -684,17 +661,16 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "exec", want_reply = WantReply, data = Data}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection, server) -> <<?UINT32(Len), Command:Len/binary>> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), - handle_cli_msg(Connection, ConnectionPid, Channel, + handle_cli_msg(Connection, Channel, {exec, ChannelId, WantReply, binary_to_list(Command)}); handle_msg(#ssh_msg_channel_request{request_type = "exec"}, - Connection, _, client) -> + Connection, client) -> %% The client SHOULD ignore exec requests. See RFC 4254 6.5. {{replies, []}, Connection}; @@ -702,31 +678,30 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "env", want_reply = WantReply, data = Data}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection, server) -> <<?UINT32(VarLen), Var:VarLen/binary, ?UINT32(ValueLen), Value:ValueLen/binary>> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), - handle_cli_msg(Connection, ConnectionPid, Channel, + handle_cli_msg(Connection, Channel, {env, ChannelId, WantReply, Var, Value}); handle_msg(#ssh_msg_channel_request{request_type = "env"}, - Connection, _, client) -> + Connection, client) -> %% The client SHOULD ignore env requests. {{replies, []}, Connection}; handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = _Other, - want_reply = WantReply}, #connection{channel_cache = Cache} = Connection, - ConnectionPid, _) -> + want_reply = WantReply}, + #connection{channel_cache = Cache} = Connection, _) -> if WantReply == true -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{remote_id = RemoteId} -> FailMsg = channel_failure_msg(RemoteId), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, + {{replies, [{connection_reply, FailMsg}]}, Connection}; undefined -> %% Chanel has been closed {noreply, Connection} @@ -737,61 +712,74 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, handle_msg(#ssh_msg_global_request{name = _Type, want_reply = WantReply, - data = _Data}, Connection, - ConnectionPid, _) -> + data = _Data}, Connection, _) -> if WantReply == true -> FailMsg = request_failure_msg(), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, + {{replies, [{connection_reply, FailMsg}]}, Connection}; true -> {noreply, Connection} end; -%%% This transport message will also be handled at the connection level +handle_msg(#ssh_msg_request_failure{}, + #connection{requests = [{_, From} | Rest]} = Connection, _) -> + {{replies, [{channel_requst_reply, From, {failure, <<>>}}]}, + Connection#connection{requests = Rest}}; +handle_msg(#ssh_msg_request_success{data = Data}, + #connection{requests = [{_, From} | Rest]} = Connection, _) -> + {{replies, [{channel_requst_reply, From, {success, Data}}]}, + Connection#connection{requests = Rest}}; + handle_msg(#ssh_msg_disconnect{code = Code, description = Description, language = _Lang }, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> {Connection, Replies} = ssh_channel:cache_foldl(fun(Channel, {Connection1, Acc}) -> {Reply, Connection2} = reply_msg(Channel, - Connection1, {closed, Channel#channel.local_id}), + Connection1, + {closed, Channel#channel.local_id}), {Connection2, [Reply | Acc]} end, {Connection0, []}, Cache), ssh_channel:cache_delete(Cache), {disconnect, {Code, Description}, {{replies, Replies}, Connection}}. -handle_cli_msg(#connection{channel_cache = Cache} = Connection0, - ConnectionPid, +handle_cli_msg(#connection{channel_cache = Cache} = Connection, #channel{user = undefined, + remote_id = RemoteId, local_id = ChannelId} = Channel0, Reply0) -> - case (catch start_cli(Connection0, ChannelId)) of + case (catch start_cli(Connection, ChannelId)) of {ok, Pid} -> erlang:monitor(process, Pid), Channel = Channel0#channel{user = Pid}, ssh_channel:cache_update(Cache, Channel), - {Reply, Connection} = reply_msg(Channel, Connection0, Reply0), - {{replies, [Reply]}, Connection}; - _ -> - Reply = {connection_reply, ConnectionPid, - request_failure_msg()}, - {{replies, [Reply]}, Connection0} + Reply = {connection_reply, + channel_success_msg(RemoteId)}, + {{replies, [{channel_data, Pid, Reply0}, Reply]}, Connection}; + _Other -> + Reply = {connection_reply, + channel_failure_msg(RemoteId)}, + {{replies, [Reply]}, Connection} end; -handle_cli_msg(Connection0, _, Channel, Reply0) -> +handle_cli_msg(Connection0, Channel, Reply0) -> {Reply, Connection} = reply_msg(Channel, Connection0, Reply0), {{replies, [Reply]}, Connection}. - channel_eof_msg(ChannelId) -> #ssh_msg_channel_eof{recipient_channel = ChannelId}. channel_close_msg(ChannelId) -> #ssh_msg_channel_close {recipient_channel = ChannelId}. +channel_status_msg({success, ChannelId}) -> + channel_success_msg(ChannelId); +channel_status_msg({failure, ChannelId}) -> + channel_failure_msg(ChannelId). + channel_success_msg(ChannelId) -> #ssh_msg_channel_success{recipient_channel = ChannelId}. @@ -869,70 +857,6 @@ bound_channel(IP, Port, Connection) -> _ -> undefined end. -messages() -> - [ {ssh_msg_global_request, ?SSH_MSG_GLOBAL_REQUEST, - [string, - boolean, - '...']}, - - {ssh_msg_request_success, ?SSH_MSG_REQUEST_SUCCESS, - ['...']}, - - {ssh_msg_request_failure, ?SSH_MSG_REQUEST_FAILURE, - []}, - - {ssh_msg_channel_open, ?SSH_MSG_CHANNEL_OPEN, - [string, - uint32, - uint32, - uint32, - '...']}, - - {ssh_msg_channel_open_confirmation, ?SSH_MSG_CHANNEL_OPEN_CONFIRMATION, - [uint32, - uint32, - uint32, - uint32, - '...']}, - - {ssh_msg_channel_open_failure, ?SSH_MSG_CHANNEL_OPEN_FAILURE, - [uint32, - uint32, - string, - string]}, - - {ssh_msg_channel_window_adjust, ?SSH_MSG_CHANNEL_WINDOW_ADJUST, - [uint32, - uint32]}, - - {ssh_msg_channel_data, ?SSH_MSG_CHANNEL_DATA, - [uint32, - binary]}, - - {ssh_msg_channel_extended_data, ?SSH_MSG_CHANNEL_EXTENDED_DATA, - [uint32, - uint32, - binary]}, - - {ssh_msg_channel_eof, ?SSH_MSG_CHANNEL_EOF, - [uint32]}, - - {ssh_msg_channel_close, ?SSH_MSG_CHANNEL_CLOSE, - [uint32]}, - - {ssh_msg_channel_request, ?SSH_MSG_CHANNEL_REQUEST, - [uint32, - string, - boolean, - '...']}, - - {ssh_msg_channel_success, ?SSH_MSG_CHANNEL_SUCCESS, - [uint32]}, - - {ssh_msg_channel_failure, ?SSH_MSG_CHANNEL_FAILURE, - [uint32]} - ]. - encode_ip(Addr) when is_tuple(Addr) -> case catch inet_parse:ntoa(Addr) of {'EXIT',_} -> false; @@ -954,14 +878,14 @@ start_channel(Cb, Id, Args, SubSysSup) -> start_channel(Cb, Id, Args, SubSysSup, Exec) -> ChildSpec = child_spec(Cb, Id, Args, Exec), - ChannelSup =ssh_subsystem_sup:channel_supervisor(SubSysSup), + ChannelSup = ssh_subsystem_sup:channel_supervisor(SubSysSup), ssh_channel_sup:start_child(ChannelSup, ChildSpec). %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- setup_session(#connection{channel_cache = Cache} = Connection0, - ConnectionPid, RemoteId, + RemoteId, Type, WindowSize, PacketSize) -> {ChannelId, Connection} = new_channel_id(Connection0), @@ -979,7 +903,7 @@ setup_session(#connection{channel_cache = Cache} = Connection0, ?DEFAULT_WINDOW_SIZE, ?DEFAULT_PACKET_SIZE), - {{replies, [{connection_reply, ConnectionPid, OpenConfMsg}]}, Connection}. + {{replies, [{connection_reply, OpenConfMsg}]}, Connection}. check_subsystem("sftp"= SsName, Options) -> @@ -1008,35 +932,21 @@ child_spec(Callback, Id, Args, Exec) -> Type = worker, {Name, StartFunc, Restart, Shutdown, Type, [ssh_channel]}. -%% Backwards compatibility -start_cli(#connection{address = Address, port = Port, cli_spec = {Fun, [Shell]}, - options = Options}, - _ChannelId) when is_function(Fun) -> - case Fun(Shell, Address, Port, Options) of - NewFun when is_function(NewFun) -> - {ok, NewFun()}; - Pid when is_pid(Pid) -> - {ok, Pid} - end; - +start_cli(#connection{cli_spec = no_cli}, _) -> + {error, cli_disabled}; start_cli(#connection{cli_spec = {CbModule, Args}, exec = Exec, sub_system_supervisor = SubSysSup}, ChannelId) -> start_channel(CbModule, ChannelId, Args, SubSysSup, Exec). -start_subsytem(BinName, #connection{address = Address, port = Port, - options = Options, +start_subsytem(BinName, #connection{options = Options, sub_system_supervisor = SubSysSup}, - #channel{local_id = ChannelId, remote_id = RemoteChannelId}, - ReplyMsg) -> + #channel{local_id = ChannelId}, _ReplyMsg) -> Name = binary_to_list(BinName), case check_subsystem(Name, Options) of {Callback, Opts} when is_atom(Callback), Callback =/= none -> start_channel(Callback, ChannelId, Opts, SubSysSup); {Other, _} when Other =/= none -> - handle_backwards_compatibility(Other, self(), - ChannelId, RemoteChannelId, - Options, Address, Port, - {ssh_cm, self(), ReplyMsg}) + {error, legacy_option_not_supported} end. channel_data_reply(_, #channel{local_id = ChannelId} = Channel, @@ -1059,9 +969,12 @@ reply_msg(Channel, Connection, failure = Reply) -> request_reply_or_data(Channel, Connection, Reply); reply_msg(Channel, Connection, {closed, _} = Reply) -> request_reply_or_data(Channel, Connection, Reply); +reply_msg(undefined, Connection, _Reply) -> + {noreply, Connection}; reply_msg(#channel{user = ChannelPid}, Connection, Reply) -> {{channel_data, ChannelPid, Reply}, Connection}. + request_reply_or_data(#channel{local_id = ChannelId, user = ChannelPid}, #connection{requests = Requests} = Connection, Reply) -> @@ -1069,18 +982,22 @@ request_reply_or_data(#channel{local_id = ChannelId, user = ChannelPid}, {value, {ChannelId, From}} -> {{channel_requst_reply, From, Reply}, Connection#connection{requests = - lists:keydelete(ChannelId, 1, Requests)}}; + lists:keydelete(ChannelId, 1, Requests)}}; + false when (Reply == success) or (Reply == failure) -> + {[], Connection}; false -> {{channel_data, ChannelPid, Reply}, Connection} end. -update_send_window(Channel0, DataType, Data, - #connection{channel_cache = Cache}) -> - Buf0 = if Data == <<>> -> - Channel0#channel.send_buf; - true -> - Channel0#channel.send_buf ++ [{DataType, Data}] - end, +update_send_window(Channel, _, undefined, + #connection{channel_cache = Cache}) -> + do_update_send_window(Channel, Channel#channel.send_buf, Cache); + +update_send_window(Channel, DataType, Data, + #connection{channel_cache = Cache}) -> + do_update_send_window(Channel, Channel#channel.send_buf ++ [{DataType, Data}], Cache). + +do_update_send_window(Channel0, Buf0, Cache) -> {Buf1, NewSz, Buf2} = get_window(Buf0, Channel0#channel.send_packet_size, Channel0#channel.send_window_size), @@ -1125,13 +1042,13 @@ flow_control(Channel, Cache) -> flow_control([], Channel, Cache) -> ssh_channel:cache_update(Cache, Channel), []; -flow_control([_|_], #channel{flow_control = From} = Channel, Cache) -> - case From of - undefined -> - []; - _ -> - [{flow_control, Cache, Channel, From, ok}] - end. + +flow_control([_|_], #channel{flow_control = From, + send_buf = []} = Channel, Cache) when From =/= undefined -> + [{flow_control, Cache, Channel, From, ok}]; +flow_control(_,_,_) -> + []. + encode_pty_opts(Opts) -> Bin = list_to_binary(encode_pty_opts2(Opts)), @@ -1329,43 +1246,3 @@ decode_ip(Addr) when is_binary(Addr) -> {ok,A} -> A end. -%% This is really awful and that is why it is beeing phased out. -handle_backwards_compatibility({_,_,_,_,_,_} = ChildSpec, _, _, _, _, - Address, Port, _) -> - SystemSup = ssh_system_sup:system_supervisor(Address, Port), - ChannelSup = ssh_system_sup:channel_supervisor(SystemSup), - ssh_channel_sup:start_child(ChannelSup, ChildSpec); - -handle_backwards_compatibility(Module, ConnectionManager, ChannelId, - RemoteChannelId, Opts, - _, _, Msg) when is_atom(Module) -> - {ok, SubSystemPid} = gen_server:start_link(Module, [Opts], []), - SubSystemPid ! - {ssh_cm, ConnectionManager, - {open, ChannelId, RemoteChannelId, {session}}}, - SubSystemPid ! Msg, - {ok, SubSystemPid}; - -handle_backwards_compatibility(Fun, ConnectionManager, ChannelId, - RemoteChannelId, - _, _, _, Msg) when is_function(Fun) -> - SubSystemPid = Fun(), - SubSystemPid ! - {ssh_cm, ConnectionManager, - {open, ChannelId, RemoteChannelId, {session}}}, - SubSystemPid ! Msg, - {ok, SubSystemPid}; - -handle_backwards_compatibility(ChildSpec, - ConnectionManager, - ChannelId, RemoteChannelId, _, - Address, Port, Msg) -> - SystemSup = ssh_system_sup:system_supervisor(Address, Port), - ChannelSup = ssh_system_sup:channel_supervisor(SystemSup), - {ok, SubSystemPid} - = ssh_channel_sup:start_child(ChannelSup, ChildSpec), - SubSystemPid ! - {ssh_cm, ConnectionManager, - {open, ChannelId, RemoteChannelId, {session}}}, - SubSystemPid ! Msg, - {ok, SubSystemPid}. diff --git a/lib/ssh/src/ssh_connection_controler.erl b/lib/ssh/src/ssh_connection_controler.erl deleted file mode 100644 index ca3e62dc83..0000000000 --- a/lib/ssh/src/ssh_connection_controler.erl +++ /dev/null @@ -1,137 +0,0 @@ -%% -%% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2009-2010. All Rights Reserved. -%% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. -%% -%% %CopyrightEnd% -%% -%%-------------------------------------------------------------------- -%% File : ssh_connection_controler.erl -%% Description : -%% -%%-------------------------------------------------------------------- - --module(ssh_connection_controler). - --behaviour(gen_server). - -%%----------------------------------------------------------------- -%% External exports -%%----------------------------------------------------------------- --export([start_link/1, start_handler_child/2, start_manager_child/2, - connection_manager/1]). - -%%----------------------------------------------------------------- -%% Internal exports -%%----------------------------------------------------------------- --export([init/1, handle_call/3, handle_cast/2, handle_info/2, - code_change/3, terminate/2, stop/1]). - --record(state, {role, manager, handler, timeout}). - -%%----------------------------------------------------------------- -%% External interface functions -%%----------------------------------------------------------------- -%%----------------------------------------------------------------- -%% Func: start/0 -%%----------------------------------------------------------------- -start_link(Args) -> - gen_server:start_link(?MODULE, [Args], []). - -%% Will be called from the manager child process -start_handler_child(ServerRef, Args) -> - gen_server:call(ServerRef, {handler, self(), Args}, infinity). - -%% Will be called from the acceptor process -start_manager_child(ServerRef, Args) -> - gen_server:call(ServerRef, {manager, Args}, infinity). - -connection_manager(ServerRef) -> - {ok, gen_server:call(ServerRef, manager, infinity)}. - -%%----------------------------------------------------------------- -%% Internal interface functions -%%----------------------------------------------------------------- -%%----------------------------------------------------------------- -%% Func: stop/1 -%%----------------------------------------------------------------- -stop(Pid) -> - gen_server:cast(Pid, stop). - -%%----------------------------------------------------------------- -%% Server functions -%%----------------------------------------------------------------- -%%----------------------------------------------------------------- -%% Func: init/1 -%%----------------------------------------------------------------- -init([Opts]) -> - process_flag(trap_exit, true), - case proplists:get_value(role, Opts) of - client -> - {ok, Manager} = ssh_connection_manager:start_link([client, Opts]), - {ok, #state{role = client, manager = Manager}}; - _server -> - %% Children started by acceptor process - {ok, #state{role = server}} - end. - - -%%----------------------------------------------------------------- -%% Func: terminate/2 -%%----------------------------------------------------------------- -terminate(_Reason, #state{}) -> - ok. - -%%----------------------------------------------------------------- -%% Func: handle_call/3 -%%----------------------------------------------------------------- -handle_call({handler, Pid, [Role, Socket, Opts]}, _From, State) -> - {ok, Handler} = ssh_connection_handler:start_link(Role, Pid, Socket, Opts), - {reply, {ok, Handler}, State#state{handler = Handler}}; -handle_call({manager, [server = Role, Socket, Opts, SubSysSup]}, _From, State) -> - {ok, Manager} = ssh_connection_manager:start_link([Role, Socket, Opts, SubSysSup]), - {reply, {ok, Manager}, State#state{manager = Manager}}; -handle_call({manager, [client = Role | Opts]}, _From, State) -> - {ok, Manager} = ssh_connection_manager:start_link([Role, Opts]), - {reply, {ok, Manager}, State#state{manager = Manager}}; -handle_call(manager, _From, State) -> - {reply, State#state.manager, State}; -handle_call(stop, _From, State) -> - {stop, normal, ok, State}; -handle_call(_, _, State) -> - {noreply, State, State#state.timeout}. - -%%----------------------------------------------------------------- -%% Func: handle_cast/2 -%%----------------------------------------------------------------- -handle_cast(stop, State) -> - {stop, normal, State}; -handle_cast(_, State) -> - {noreply, State, State#state.timeout}. - -%%----------------------------------------------------------------- -%% Func: handle_info/2 -%%----------------------------------------------------------------- -%% handle_info(ssh_connected, State) -> -%% {stop, normal, State}; -%% Servant termination. -handle_info({'EXIT', _Pid, Reason}, State) -> - {stop, Reason, State}. - -%%----------------------------------------------------------------- -%% Func: code_change/3 -%%----------------------------------------------------------------- -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 0ec0424f74..3462b98172 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -18,10 +18,11 @@ %% %% %%---------------------------------------------------------------------- -%% Purpose: Handles the setup of an ssh connection, e.i. both the -%% setup SSH Transport Layer Protocol (RFC 4253) and Authentication -%% Protocol (RFC 4252). Details of the different protocols are -%% implemented in ssh_transport.erl, ssh_auth.erl +%% Purpose: Handles an ssh connection, e.i. both the +%% setup SSH Transport Layer Protocol (RFC 4253), Authentication +%% Protocol (RFC 4252) and SSH connection Protocol (RFC 4255) +%% Details of the different protocols are +%% implemented in ssh_transport.erl, ssh_auth.erl and ssh_connection.erl %% ---------------------------------------------------------------------- -module(ssh_connection_handler). @@ -33,9 +34,14 @@ -include("ssh_auth.hrl"). -include("ssh_connect.hrl"). --export([start_link/4, send/2, renegotiate/1, send_event/2, - connection_info/3, - peer_address/1]). +-export([start_link/3]). + +%% Internal application API +-export([open_channel/6, reply_request/3, request/6, request/7, + global_request/4, send/5, send_eof/2, info/1, info/2, + connection_info/2, channel_info/3, + adjust_window/3, close/2, stop/1, renegotiate/1, renegotiate_data/1, + start_connection/4]). %% gen_fsm callbacks -export([hello/2, kexinit/2, key_exchange/2, new_keys/2, @@ -44,10 +50,14 @@ -export([init/1, handle_event/3, handle_sync_event/4, handle_info/3, terminate/3, code_change/4]). -%% spawn export --export([ssh_info_handler/3]). - -record(state, { + role, + client, + starter, + auth_user, + connection_state, + latest_channel_id = 0, + idle_timer_ref, transport_protocol, % ex: tcp transport_cb, transport_close_tag, @@ -58,103 +68,234 @@ undecoded_packet_length, % integer() key_exchange_init_msg, % #ssh_msg_kexinit{} renegotiate = false, % boolean() - manager, % pid() connection_queue, address, port, opts }). --define(DBG_MESSAGE, true). +-type state_name() :: hello | kexinit | key_exchange | new_keys | userauth | connection. +-type gen_fsm_state_return() :: {next_state, state_name(), term()} | + {next_state, state_name(), term(), timeout()} | + {stop, term(), term()}. %%==================================================================== %% Internal application API %%==================================================================== + %%-------------------------------------------------------------------- -%% Function: start_link() -> ok,Pid} | ignore | {error,Error} -%% Description:Creates a gen_fsm process which calls Module:init/1 to -%% initialize. To ensure a synchronized start-up procedure, this function -%% does not return until Module:init/1 has returned. +-spec start_connection(client| server, port(), proplists:proplist(), + timeout()) -> {ok, pid()} | {error, term()}. %%-------------------------------------------------------------------- -start_link(Role, Manager, Socket, Options) -> - gen_fsm:start_link(?MODULE, [Role, Manager, Socket, Options], []). - -send(ConnectionHandler, Data) -> - send_all_state_event(ConnectionHandler, {send, Data}). +start_connection(client = Role, Socket, Options, Timeout) -> + try + {ok, Pid} = sshc_sup:start_child([Role, Socket, Options]), + {_, Callback, _} = + proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), + ok = socket_control(Socket, Pid, Callback), + Ref = erlang:monitor(process, Pid), + handshake(Pid, Ref, Timeout) + catch + exit:{noproc, _} -> + {error, ssh_not_started}; + _:Error -> + {error, Error} + end; -renegotiate(ConnectionHandler) -> - send_all_state_event(ConnectionHandler, renegotiate). - -connection_info(ConnectionHandler, From, Options) -> - send_all_state_event(ConnectionHandler, {info, From, Options}). +start_connection(server = Role, Socket, Options, Timeout) -> + try + Sups = proplists:get_value(supervisors, Options), + ConnectionSup = proplists:get_value(connection_sup, Sups), + Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])], + {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), + {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), + socket_control(Socket, Pid, Callback), + Ref = erlang:monitor(process, Pid), + handshake(Pid, Ref, Timeout) + catch + exit:{noproc, _} -> + {error, ssh_not_started}; + _:Error -> + {error, Error} + end. -%% Replaced with option to connection_info/3. For now keep -%% for backwards compatibility -peer_address(ConnectionHandler) -> - sync_send_all_state_event(ConnectionHandler, peer_address). +start_link(Role, Socket, Options) -> + {ok, proc_lib:spawn_link(?MODULE, init, [[Role, Socket, Options]])}. -%%==================================================================== -%% gen_fsm callbacks -%%==================================================================== -%%-------------------------------------------------------------------- -%% Function: init(Args) -> {ok, StateName, State} | -%% {ok, StateName, State, Timeout} | -%% ignore | -%% {stop, StopReason} -%% Description:Whenever a gen_fsm is started using gen_fsm:start/[3,4] or -%% gen_fsm:start_link/3,4, this function is called by the new process to -%% initialize. -%%-------------------------------------------------------------------- -init([Role, Manager, Socket, SshOpts]) -> +init([Role, Socket, SshOpts]) -> process_flag(trap_exit, true), {NumVsn, StrVsn} = ssh_transport:versions(Role, SshOpts), - ssh_bits:install_messages(ssh_transport:transport_messages(NumVsn)), {Protocol, Callback, CloseTag} = proplists:get_value(transport, SshOpts, {tcp, gen_tcp, tcp_closed}), + Cache = ssh_channel:cache_create(), + State0 = #state{ + role = Role, + connection_state = #connection{channel_cache = Cache, + channel_id_seed = 0, + port_bindings = [], + requests = [], + options = SshOpts}, + socket = Socket, + decoded_data_buffer = <<>>, + encoded_data_buffer = <<>>, + transport_protocol = Protocol, + transport_cb = Callback, + transport_close_tag = CloseTag, + opts = SshOpts + }, + + State = init_role(State0), + try init_ssh(Role, NumVsn, StrVsn, SshOpts, Socket) of Ssh -> - {ok, hello, #state{ssh_params = - Ssh#ssh{send_sequence = 0, recv_sequence = 0}, - socket = Socket, - decoded_data_buffer = <<>>, - encoded_data_buffer = <<>>, - transport_protocol = Protocol, - transport_cb = Callback, - transport_close_tag = CloseTag, - manager = Manager, - opts = SshOpts - }} + gen_fsm:enter_loop(?MODULE, [], hello, + State#state{ssh_params = Ssh}) catch - exit:Reason -> - {stop, {shutdown, Reason}} + _:Error -> + gen_fsm:enter_loop(?MODULE, [], error, {Error, State0}) end. + +%%-------------------------------------------------------------------- +-spec open_channel(pid(), string(), iodata(), integer(), integer(), + timeout()) -> {open, channel_id()} | {open_error, term(), string(), string()}. +%%-------------------------------------------------------------------- +open_channel(ConnectionHandler, ChannelType, ChannelSpecificData, + InitialWindowSize, + MaxPacketSize, Timeout) -> + sync_send_all_state_event(ConnectionHandler, {open, self(), ChannelType, + InitialWindowSize, MaxPacketSize, + ChannelSpecificData, + Timeout}). +%%-------------------------------------------------------------------- +-spec request(pid(), pid(), channel_id(), string(), boolean(), iodata(), + timeout()) -> success | failure | ok | {error, term()}. +%%-------------------------------------------------------------------- +request(ConnectionHandler, ChannelPid, ChannelId, Type, true, Data, Timeout) -> + sync_send_all_state_event(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data, + Timeout}); +request(ConnectionHandler, ChannelPid, ChannelId, Type, false, Data, _) -> + send_all_state_event(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data}). + +%%-------------------------------------------------------------------- +-spec request(pid(), channel_id(), string(), boolean(), iodata(), + timeout()) -> success | failure | {error, timeout}. +%%-------------------------------------------------------------------- +request(ConnectionHandler, ChannelId, Type, true, Data, Timeout) -> + sync_send_all_state_event(ConnectionHandler, {request, ChannelId, Type, Data, Timeout}); +request(ConnectionHandler, ChannelId, Type, false, Data, _) -> + send_all_state_event(ConnectionHandler, {request, ChannelId, Type, Data}). + %%-------------------------------------------------------------------- -%% Function: -%% state_name(Event, State) -> {next_state, NextStateName, NextState}| -%% {next_state, NextStateName, -%% NextState, Timeout} | -%% {stop, Reason, NewState} -%% Description:There should be one instance of this function for each possible -%% state name. Whenever a gen_fsm receives an event sent using -%% gen_fsm:send_event/2, the instance of this function with the same name as -%% the current state name StateName is called to handle the event. It is also -%% called if a timeout occurs. +-spec reply_request(pid(), success | failure, channel_id()) -> ok. %%-------------------------------------------------------------------- +reply_request(ConnectionHandler, Status, ChannelId) -> + send_all_state_event(ConnectionHandler, {reply_request, Status, ChannelId}). + +%%-------------------------------------------------------------------- +-spec global_request(pid(), string(), boolean(), iolist()) -> ok | error. +%%-------------------------------------------------------------------- +global_request(ConnectionHandler, Type, true = Reply, Data) -> + case sync_send_all_state_event(ConnectionHandler, + {global_request, self(), Type, Reply, Data}) of + {ssh_cm, ConnectionHandler, {success, _}} -> + ok; + {ssh_cm, ConnectionHandler, {failure, _}} -> + error + end; +global_request(ConnectionHandler, Type, false = Reply, Data) -> + send_all_state_event(ConnectionHandler, {global_request, self(), Type, Reply, Data}). + +%%-------------------------------------------------------------------- +-spec send(pid(), channel_id(), integer(), iolist(), timeout()) -> + ok | {error, timeout} | {error, closed}. +%%-------------------------------------------------------------------- +send(ConnectionHandler, ChannelId, Type, Data, Timeout) -> + sync_send_all_state_event(ConnectionHandler, {data, ChannelId, Type, Data, Timeout}). + +%%-------------------------------------------------------------------- +-spec send_eof(pid(), channel_id()) -> ok | {error, closed}. +%%-------------------------------------------------------------------- +send_eof(ConnectionHandler, ChannelId) -> + sync_send_all_state_event(ConnectionHandler, {eof, ChannelId}). + +%%-------------------------------------------------------------------- +-spec connection_info(pid(), [atom()]) -> proplists:proplist(). +%%-------------------------------------------------------------------- +connection_info(ConnectionHandler, Options) -> + sync_send_all_state_event(ConnectionHandler, {connection_info, Options}). + +%%-------------------------------------------------------------------- +-spec channel_info(pid(), channel_id(), [atom()]) -> proplists:proplist(). +%%-------------------------------------------------------------------- +channel_info(ConnectionHandler, ChannelId, Options) -> + sync_send_all_state_event(ConnectionHandler, {channel_info, ChannelId, Options}). + +%%-------------------------------------------------------------------- +-spec adjust_window(pid(), channel_id(), integer()) -> ok. +%%-------------------------------------------------------------------- +adjust_window(ConnectionHandler, Channel, Bytes) -> + send_all_state_event(ConnectionHandler, {adjust_window, Channel, Bytes}). +%%-------------------------------------------------------------------- +-spec renegotiate(pid()) -> ok. +%%-------------------------------------------------------------------- +renegotiate(ConnectionHandler) -> + send_all_state_event(ConnectionHandler, renegotiate). + +%%-------------------------------------------------------------------- +-spec renegotiate_data(pid()) -> ok. +%%-------------------------------------------------------------------- +renegotiate_data(ConnectionHandler) -> + send_all_state_event(ConnectionHandler, data_size). + +%%-------------------------------------------------------------------- +-spec close(pid(), channel_id()) -> ok. +%%-------------------------------------------------------------------- +close(ConnectionHandler, ChannelId) -> + sync_send_all_state_event(ConnectionHandler, {close, ChannelId}). + +%%-------------------------------------------------------------------- +-spec stop(pid()) -> ok | {error, term()}. +%%-------------------------------------------------------------------- +stop(ConnectionHandler)-> + case sync_send_all_state_event(ConnectionHandler, stop) of + {error, closed} -> + ok; + Other -> + Other + end. + +info(ConnectionHandler) -> + info(ConnectionHandler, {info, all}). + +info(ConnectionHandler, ChannelProcess) -> + sync_send_all_state_event(ConnectionHandler, {info, ChannelProcess}). + + +%%==================================================================== +%% gen_fsm callbacks +%%==================================================================== + +%%-------------------------------------------------------------------- +-spec hello(socket_control | {info_line, list()} | {version_exchange, list()}, + #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- + hello(socket_control, #state{socket = Socket, ssh_params = Ssh} = State) -> VsnMsg = ssh_transport:hello_version_msg(string_version(Ssh)), send_msg(VsnMsg, State), - inet:setopts(Socket, [{packet, line}]), - {next_state, hello, next_packet(State)}; + inet:setopts(Socket, [{packet, line}, {active, once}]), + {next_state, hello, State}; -hello({info_line, _Line}, State) -> - {next_state, hello, next_packet(State)}; +hello({info_line, _Line},#state{socket = Socket} = State) -> + inet:setopts(Socket, [{active, once}]), + {next_state, hello, State}; hello({version_exchange, Version}, #state{ssh_params = Ssh0, socket = Socket} = State) -> {NumVsn, StrVsn} = ssh_transport:handle_hello_version(Version), case handle_version(NumVsn, StrVsn, Ssh0) of {ok, Ssh1} -> - inet:setopts(Socket, [{packet,0}, {mode,binary}]), + inet:setopts(Socket, [{packet,0}, {mode,binary}, {active, once}]), {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh1), send_msg(SshPacket, State), {next_state, kexinit, next_packet(State#state{ssh_params = Ssh, @@ -170,12 +311,15 @@ hello({version_exchange, Version}, #state{ssh_params = Ssh0, handle_disconnect(DisconnectMsg, State) end. +%%-------------------------------------------------------------------- +-spec kexinit({#ssh_msg_kexinit{}, binary()}, #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- kexinit({#ssh_msg_kexinit{} = Kex, Payload}, #state{ssh_params = #ssh{role = Role} = Ssh0, - key_exchange_init_msg = OwnKex} = - State) -> + key_exchange_init_msg = OwnKex} = + State) -> Ssh1 = ssh_transport:key_init(opposite_role(Role), Ssh0, Payload), - try ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1) of + case ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1) of {ok, NextKexMsg, Ssh} when Role == client -> send_msg(NextKexMsg, State), {next_state, key_exchange, @@ -183,132 +327,75 @@ kexinit({#ssh_msg_kexinit{} = Kex, Payload}, {ok, Ssh} when Role == server -> {next_state, key_exchange, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) end. - + +%%-------------------------------------------------------------------- +-spec key_exchange(#ssh_msg_kexdh_init{} | #ssh_msg_kexdh_reply{} | + #ssh_msg_kex_dh_gex_group{} | #ssh_msg_kex_dh_gex_request{} | + #ssh_msg_kex_dh_gex_request{} | #ssh_msg_kex_dh_gex_reply{}, #state{}) + -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- + key_exchange(#ssh_msg_kexdh_init{} = Msg, - #state{ssh_params = #ssh{role = server} =Ssh0} = State) -> - try ssh_transport:handle_kexdh_init(Msg, Ssh0) of + #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> + case ssh_transport:handle_kexdh_init(Msg, Ssh0) of {ok, KexdhReply, Ssh1} -> send_msg(KexdhReply, State), {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), send_msg(NewKeys, State), {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) end; - + key_exchange(#ssh_msg_kexdh_reply{} = Msg, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> - try ssh_transport:handle_kexdh_reply(Msg, Ssh0) of - {ok, NewKeys, Ssh} -> - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) - end; + {ok, NewKeys, Ssh} = ssh_transport:handle_kexdh_reply(Msg, Ssh0), + send_msg(NewKeys, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; key_exchange(#ssh_msg_kex_dh_gex_group{} = Msg, #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> - try ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0) of - {ok, NextKexMsg, Ssh1} -> - send_msg(NextKexMsg, State), - {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) - end; + {ok, NextKexMsg, Ssh1} = ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0), + send_msg(NextKexMsg, State), + {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), + send_msg(NewKeys, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; key_exchange(#ssh_msg_kex_dh_gex_request{} = Msg, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> - try ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0) of - {ok, NextKexMsg, Ssh} -> - send_msg(NextKexMsg, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) - end; + {ok, NextKexMsg, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), + send_msg(NextKexMsg, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; + key_exchange(#ssh_msg_kex_dh_gex_reply{} = Msg, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> - try ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0) of - {ok, NewKeys, Ssh} -> - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) - end. + {ok, NewKeys, Ssh} = ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0), + send_msg(NewKeys, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}. + +%%-------------------------------------------------------------------- +-spec new_keys(#ssh_msg_newkeys{}, #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- new_keys(#ssh_msg_newkeys{} = Msg, #state{ssh_params = Ssh0} = State0) -> - try ssh_transport:handle_new_keys(Msg, Ssh0) of - {ok, Ssh} -> - {NextStateName, State} = - after_new_keys(State0#state{ssh_params = Ssh}), - {next_state, NextStateName, next_packet(State)} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State0); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State0) - end. + {ok, Ssh} = ssh_transport:handle_new_keys(Msg, Ssh0), + {NextStateName, State} = + after_new_keys(State0#state{ssh_params = Ssh}), + {next_state, NextStateName, next_packet(State)}. + +%%-------------------------------------------------------------------- +-spec userauth(#ssh_msg_service_request{} | #ssh_msg_service_accept{} | + #ssh_msg_userauth_request{} | #ssh_msg_userauth_info_request{} | + #ssh_msg_userauth_info_response{} | #ssh_msg_userauth_success{} | + #ssh_msg_userauth_failure{} | #ssh_msg_userauth_banner{}, + #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- userauth(#ssh_msg_service_request{name = "ssh-userauth"} = Msg, #state{ssh_params = #ssh{role = server, session_id = SessionId} = Ssh0} = State) -> - ssh_bits:install_messages(ssh_auth:userauth_messages()), - try ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of - {ok, {Reply, Ssh}} -> - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = Desc, - language = "en"}, State) - end; + {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; userauth(#ssh_msg_service_accept{name = "ssh-userauth"}, #state{ssh_params = #ssh{role = client, @@ -316,93 +403,55 @@ userauth(#ssh_msg_service_accept{name = "ssh-userauth"}, State) -> {Msg, Ssh} = ssh_auth:init_userauth_request_msg(Ssh0), send_msg(Msg, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; + {next_state, userauth, next_packet(State#state{auth_user = Ssh#ssh.user, ssh_params = Ssh})}; userauth(#ssh_msg_userauth_request{service = "ssh-connection", method = "none"} = Msg, #state{ssh_params = #ssh{session_id = SessionId, role = server, service = "ssh-connection"} = Ssh0 } = State) -> - try ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of - {not_authorized, {_User, _Reason}, {Reply, Ssh}} -> - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = Desc, - language = "en"}, State) - end; + {not_authorized, {_User, _Reason}, {Reply, Ssh}} = + ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; userauth(#ssh_msg_userauth_request{service = "ssh-connection", method = Method} = Msg, #state{ssh_params = #ssh{session_id = SessionId, role = server, service = "ssh-connection", peer = {_, Address}} = Ssh0, - opts = Opts, manager = Pid} = State) -> - try ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of + opts = Opts, starter = Pid} = State) -> + case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of {authorized, User, {Reply, Ssh}} -> send_msg(Reply, State), - ssh_userreg:register_user(User, Pid), Pid ! ssh_connected, connected_fun(User, Address, Method, Opts), {next_state, connected, - next_packet(State#state{ssh_params = Ssh})}; + next_packet(State#state{auth_user = User, ssh_params = Ssh})}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> - retry_fun(User, Reason, Opts), + retry_fun(User, Address, Reason, Opts), send_msg(Reply, State), {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = Desc, - language = "en"}, State) end; userauth(#ssh_msg_userauth_info_request{} = Msg, #state{ssh_params = #ssh{role = client, io_cb = IoCb} = Ssh0} = State) -> - try ssh_auth:handle_userauth_info_request(Msg, IoCb, Ssh0) of - {ok, {Reply, Ssh}} -> - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = Desc, - language = "en"}, State) - end; + {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_request(Msg, IoCb, Ssh0), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; userauth(#ssh_msg_userauth_info_response{} = Msg, #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> - try ssh_auth:handle_userauth_info_response(Msg, Ssh0) of - {ok, {Reply, Ssh}} -> - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = Desc, - language = "en"}, State) - end; + {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_response(Msg, Ssh0), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; -userauth(#ssh_msg_userauth_success{}, #state{ssh_params = #ssh{role = client}, - manager = Pid} = State) -> +userauth(#ssh_msg_userauth_success{}, #state{ssh_params = #ssh{role = client} = Ssh, + starter = Pid} = State) -> Pid ! ssh_connected, - {next_state, connected, next_packet(State)}; - + {next_state, connected, next_packet(State#state{ssh_params = + Ssh#ssh{authenticated = true}})}; userauth(#ssh_msg_userauth_failure{}, #state{ssh_params = #ssh{role = client, userauth_methods = []}} @@ -419,9 +468,9 @@ userauth(#ssh_msg_userauth_failure{authentications = Methodes}, #state{ssh_params = #ssh{role = client, userauth_methods = none} = Ssh0} = State) -> AuthMethods = string:tokens(Methodes, ","), - case ssh_auth:userauth_request_msg( - Ssh0#ssh{userauth_methods = AuthMethods}) of - {disconnect, DisconnectMsg,{Msg, Ssh}} -> + Ssh1 = Ssh0#ssh{userauth_methods = AuthMethods}, + case ssh_auth:userauth_request_msg(Ssh1) of + {disconnect, DisconnectMsg, {Msg, Ssh}} -> send_msg(Msg, State), handle_disconnect(DisconnectMsg, State#state{ssh_params = Ssh}); {Msg, Ssh} -> @@ -429,7 +478,6 @@ userauth(#ssh_msg_userauth_failure{authentications = Methodes}, {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} end; - %% The prefered authentication method failed try next method userauth(#ssh_msg_userauth_failure{}, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> @@ -452,29 +500,28 @@ userauth(#ssh_msg_userauth_banner{message = Msg}, io:format("~s", [Msg]), {next_state, userauth, next_packet(State)}. +%%-------------------------------------------------------------------- +-spec connected({#ssh_msg_kexinit{}, binary()}, %%| %% #ssh_msg_kexdh_init{}, + #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- connected({#ssh_msg_kexinit{}, _Payload} = Event, State) -> kexinit(Event, State#state{renegotiate = true}). +%% ; +%% connected(#ssh_msg_kexdh_init{} = Event, State) -> +%% key_exchange(Event, State#state{renegotiate = true}). %%-------------------------------------------------------------------- -%% Function: -%% handle_event(Event, StateName, State) -> {next_state, NextStateName, -%% NextState} | -%% {next_state, NextStateName, -%% NextState, Timeout} | -%% {stop, Reason, NewState} -%% Description: Whenever a gen_fsm receives an event sent using -%% gen_fsm:send_all_state_event/2, this function is called to handle -%% the event. -%%-------------------------------------------------------------------- -handle_event({send, Data}, StateName, #state{ssh_params = Ssh0} = State) -> - {Packet, Ssh} = ssh_transport:pack(Data, Ssh0), - send_msg(Packet, State), - {next_state, StateName, next_packet(State#state{ssh_params = Ssh})}; +-spec handle_event(#ssh_msg_disconnect{} | #ssh_msg_ignore{} | #ssh_msg_debug{} | + #ssh_msg_unimplemented{} | {adjust_window, integer(), integer()} | + {reply_request, success | failure, integer()} | renegotiate | + data_size | {request, pid(), integer(), integer(), iolist()} | + {request, integer(), integer(), iolist()}, state_name(), + #state{}) -> gen_fsm_state_return(). -handle_event(#ssh_msg_disconnect{} = Msg, _StateName, - #state{manager = Pid} = State) -> - (catch ssh_connection_manager:event(Pid, Msg)), - {stop, normal, State}; +%%-------------------------------------------------------------------- +handle_event(#ssh_msg_disconnect{description = Desc} = DisconnectMsg, _StateName, #state{} = State) -> + handle_disconnect(DisconnectMsg, State), + {stop, {shutdown, Desc}, State}; handle_event(#ssh_msg_ignore{}, StateName, State) -> {next_state, StateName, next_packet(State)}; @@ -490,59 +537,256 @@ handle_event(#ssh_msg_debug{}, StateName, State) -> handle_event(#ssh_msg_unimplemented{}, StateName, State) -> {next_state, StateName, next_packet(State)}; +handle_event({adjust_window, ChannelId, Bytes}, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + State = + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{recv_window_size = WinSize, remote_id = Id} = Channel -> + ssh_channel:cache_update(Cache, Channel#channel{recv_window_size = + WinSize + Bytes}), + Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes), + send_replies([{connection_reply, Msg}], State0); + undefined -> + State0 + end, + {next_state, StateName, next_packet(State)}; + +handle_event({reply_request, success, ChannelId}, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + State = case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = RemoteId} -> + Msg = ssh_connection:channel_success_msg(RemoteId), + send_replies([{connection_reply, Msg}], State0); + undefined -> + State0 + end, + {next_state, StateName, State}; + handle_event(renegotiate, connected, #state{ssh_params = Ssh0} = State) -> {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), send_msg(SshPacket, State), - {next_state, connected, + timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiate]), + {next_state, kexinit, next_packet(State#state{ssh_params = Ssh, key_exchange_init_msg = KeyInitMsg, renegotiate = true})}; handle_event(renegotiate, StateName, State) -> + timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiatie]), %% Allready in keyexcahange so ignore {next_state, StateName, State}; -handle_event({info, From, Options}, StateName, #state{ssh_params = Ssh} = State) -> - spawn(?MODULE, ssh_info_handler, [Options, Ssh, From]), +%% Rekey due to sent data limit reached? +handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> + {ok, [{send_oct,Sent}]} = inet:getstat(State#state.socket, [send_oct]), + MaxSent = proplists:get_value(rekey_limit, State#state.opts, 1024000000), + timer:apply_after(?REKEY_DATA_TIMOUT, gen_fsm, send_all_state_event, [self(), data_size]), + case Sent >= MaxSent of + true -> + {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), + send_msg(SshPacket, State), + {next_state, kexinit, + next_packet(State#state{ssh_params = Ssh, + key_exchange_init_msg = KeyInitMsg, + renegotiate = true})}; + _ -> + {next_state, connected, next_packet(State)} + end; +handle_event(data_size, StateName, State) -> {next_state, StateName, State}; +handle_event({request, ChannelPid, ChannelId, Type, Data}, StateName, State0) -> + {{replies, Replies}, State1} = handle_request(ChannelPid, ChannelId, + Type, Data, + false, none, State0), + State = send_replies(Replies, State1), + {next_state, StateName, next_packet(State)}; + +handle_event({request, ChannelId, Type, Data}, StateName, State0) -> + {{replies, Replies}, State1} = handle_request(ChannelId, Type, Data, + false, none, State0), + State = send_replies(Replies, State1), + {next_state, StateName, next_packet(State)}; + handle_event({unknown, Data}, StateName, State) -> Msg = #ssh_msg_unimplemented{sequence = Data}, send_msg(Msg, State), {next_state, StateName, next_packet(State)}. + %%-------------------------------------------------------------------- -%% Function: -%% handle_sync_event(Event, From, StateName, -%% State) -> {next_state, NextStateName, NextState} | -%% {next_state, NextStateName, NextState, -%% Timeout} | -%% {reply, Reply, NextStateName, NextState}| -%% {reply, Reply, NextStateName, NextState, -%% Timeout} | -%% {stop, Reason, NewState} | -%% {stop, Reason, Reply, NewState} -%% Description: Whenever a gen_fsm receives an event sent using -%% gen_fsm:sync_send_all_state_event/2,3, this function is called to handle -%% the event. -%%-------------------------------------------------------------------- - -%% Replaced with option to connection_info/3. For now keep -%% for backwards compatibility -handle_sync_event(peer_address, _From, StateName, - #state{ssh_params = #ssh{peer = {_, Address}}} = State) -> - {reply, {ok, Address}, StateName, State}. - -%%-------------------------------------------------------------------- -%% Function: -%% handle_info(Info,StateName,State)-> {next_state, NextStateName, NextState}| -%% {next_state, NextStateName, NextState, -%% Timeout} | -%% {stop, Reason, NewState} -%% Description: This function is called by a gen_fsm when it receives any -%% other message than a synchronous or asynchronous event -%% (or a system message). +-spec handle_sync_event({request, pid(), channel_id(), integer(), binary(), timeout()} | + {request, channel_id(), integer(), binary(), timeout()} | + {global_request, pid(), integer(), boolean(), binary()} | {eof, integer()} | + {open, pid(), integer(), channel_id(), integer(), binary(), _} | + {send_window, channel_id()} | {recv_window, channel_id()} | + {connection_info, [client_version | server_version | peer | + sockname]} | {channel_info, channel_id(), [recv_window | + send_window]} | + {close, channel_id()} | stop, term(), state_name(), #state{}) + -> gen_fsm_state_return(). %%-------------------------------------------------------------------- +handle_sync_event({request, ChannelPid, ChannelId, Type, Data, Timeout}, From, StateName, State0) -> + {{replies, Replies}, State1} = handle_request(ChannelPid, + ChannelId, Type, Data, + true, From, State0), + %% Note reply to channel will happen later when + %% reply is recived from peer on the socket + State = send_replies(Replies, State1), + start_timeout(ChannelId, From, Timeout), + handle_idle_timeout(State), + {next_state, StateName, next_packet(State)}; + +handle_sync_event({request, ChannelId, Type, Data, Timeout}, From, StateName, State0) -> + {{replies, Replies}, State1} = handle_request(ChannelId, Type, Data, + true, From, State0), + %% Note reply to channel will happen later when + %% reply is recived from peer on the socket + State = send_replies(Replies, State1), + start_timeout(ChannelId, From, Timeout), + handle_idle_timeout(State), + {next_state, StateName, next_packet(State)}; + +handle_sync_event({global_request, Pid, _, _, _} = Request, From, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + State1 = handle_global_request(Request, State0), + Channel = ssh_channel:cache_find(Pid, Cache), + State = add_request(true, Channel#channel.local_id, From, State1), + {next_state, StateName, next_packet(State)}; + +handle_sync_event({data, ChannelId, Type, Data, Timeout}, From, StateName, + #state{connection_state = #connection{channel_cache = _Cache} + = Connection0} = State0) -> + + case ssh_connection:channel_data(ChannelId, Type, Data, Connection0, From) of + {{replies, Replies}, Connection} -> + State = send_replies(Replies, State0#state{connection_state = Connection}), + start_timeout(ChannelId, From, Timeout), + {next_state, StateName, next_packet(State)}; + {noreply, Connection} -> + start_timeout(ChannelId, From, Timeout), + {next_state, StateName, next_packet(State0#state{connection_state = Connection})} + end; + +handle_sync_event({eof, ChannelId}, _From, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = Id, sent_close = false} -> + State = send_replies([{connection_reply, + ssh_connection:channel_eof_msg(Id)}], State0), + {reply, ok, StateName, next_packet(State)}; + _ -> + {reply, {error,closed}, StateName, State0} + end; + +handle_sync_event({open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data, Timeout}, + From, StateName, #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + erlang:monitor(process, ChannelPid), + {ChannelId, State1} = new_channel_id(State0), + Msg = ssh_connection:channel_open_msg(Type, ChannelId, + InitialWindowSize, + MaxPacketSize, Data), + State2 = send_replies([{connection_reply, Msg}], State1), + Channel = #channel{type = Type, + sys = "none", + user = ChannelPid, + local_id = ChannelId, + recv_window_size = InitialWindowSize, + recv_packet_size = MaxPacketSize}, + ssh_channel:cache_update(Cache, Channel), + State = add_request(true, ChannelId, From, State2), + start_timeout(ChannelId, From, Timeout), + {next_state, StateName, next_packet(remove_timer_ref(State))}; + +handle_sync_event({send_window, ChannelId}, _From, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State) -> + Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{send_window_size = WinSize, + send_packet_size = Packsize} -> + {ok, {WinSize, Packsize}}; + undefined -> + {error, einval} + end, + {reply, Reply, StateName, next_packet(State)}; + +handle_sync_event({recv_window, ChannelId}, _From, StateName, + #state{connection_state = #connection{channel_cache = Cache}} + = State) -> + + Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{recv_window_size = WinSize, + recv_packet_size = Packsize} -> + {ok, {WinSize, Packsize}}; + undefined -> + {error, einval} + end, + {reply, Reply, StateName, next_packet(State)}; + +handle_sync_event({connection_info, Options}, _From, StateName, State) -> + Info = ssh_info(Options, State, []), + {reply, Info, StateName, State}; + +handle_sync_event({channel_info, ChannelId, Options}, _From, StateName, + #state{connection_state = #connection{channel_cache = Cache}} = State) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{} = Channel -> + Info = ssh_channel_info(Options, Channel, []), + {reply, Info, StateName, State}; + undefined -> + {reply, [], StateName, State} + end; + +handle_sync_event({info, ChannelPid}, _From, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State) -> + Result = ssh_channel:cache_foldl( + fun(Channel, Acc) when ChannelPid == all; + Channel#channel.user == ChannelPid -> + [Channel | Acc]; + (_, Acc) -> + Acc + end, [], Cache), + {reply, {ok, Result}, StateName, State}; + +handle_sync_event({close, ChannelId}, _, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + State = + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = Id} = Channel -> + State1 = send_replies([{connection_reply, + ssh_connection:channel_close_msg(Id)}], State0), + ssh_channel:cache_update(Cache, Channel#channel{sent_close = true}), + handle_idle_timeout(State1), + State1; + undefined -> + State0 + end, + {reply, ok, StateName, next_packet(State)}; + +handle_sync_event(stop, _, _StateName, #state{connection_state = Connection0, + role = Role, + opts = Opts} = State0) -> + {disconnect, Reason, {{replies, Replies}, Connection}} = + ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "User closed down connection", + language = "en"}, Connection0, Role), + State = send_replies(Replies, State0), + SSHOpts = proplists:get_value(ssh_opts, Opts), + disconnect_fun(Reason, SSHOpts), + {stop, normal, ok, State#state{connection_state = Connection}}. + +%%-------------------------------------------------------------------- +-spec handle_info({atom(), port(), binary()} | {atom(), port()} | + term (), state_name(), #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- + handle_info({Protocol, Socket, "SSH-" ++ _ = Version}, hello, #state{socket = Socket, transport_protocol = Protocol} = State ) -> @@ -607,15 +851,39 @@ handle_info({Protocol, Socket, Data}, Statename, handle_info({CloseTag, _Socket}, _StateName, #state{transport_close_tag = CloseTag, ssh_params = #ssh{role = _Role, opts = _Opts}} = State) -> - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_CONNECTION_LOST, - description = "Connection Lost", + DisconnectMsg = + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "Connection closed", language = "en"}, - {stop, {shutdown, DisconnectMsg}, State}; + handle_disconnect(DisconnectMsg, State); + +handle_info({timeout, {_, From} = Request}, Statename, + #state{connection_state = #connection{requests = Requests} = Connection} = State) -> + case lists:member(Request, Requests) of + true -> + gen_fsm:reply(From, {error, timeout}), + {next_state, Statename, + State#state{connection_state = + Connection#connection{requests = + lists:delete(Request, Requests)}}}; + false -> + {next_state, Statename, State} + end; + +%%% Handle that ssh channels user process goes down +handle_info({'DOWN', _Ref, process, ChannelPid, _Reason}, Statename, State0) -> + {{replies, Replies}, State1} = handle_channel_down(ChannelPid, State0), + State = send_replies(Replies, State1), + {next_state, Statename, next_packet(State)}; %%% So that terminate will be run when supervisor is shutdown handle_info({'EXIT', _Sup, Reason}, _StateName, State) -> - {stop, Reason, State}; + {stop, {shutdown, Reason}, State}; + +handle_info({check_cache, _ , _}, + StateName, #state{connection_state = + #connection{channel_cache = Cache}} = State) -> + {next_state, StateName, check_cache(State, Cache)}; handle_info(UnexpectedMessage, StateName, #state{ssh_params = SshParams} = State) -> Msg = lists:flatten(io_lib:format( @@ -629,20 +897,16 @@ handle_info(UnexpectedMessage, StateName, #state{ssh_params = SshParams} = State {next_state, StateName, State}. %%-------------------------------------------------------------------- -%% Function: terminate(Reason, StateName, State) -> void() -%% Description:This function is called by a gen_fsm when it is about -%% to terminate. It should be the opposite of Module:init/1 and do any -%% necessary cleaning up. When it returns, the gen_fsm terminates with -%% Reason. The return value is ignored. +-spec terminate(Reason::term(), state_name(), #state{}) -> _. %%-------------------------------------------------------------------- terminate(normal, _, #state{transport_cb = Transport, - socket = Socket, - manager = Pid}) -> - (catch ssh_userreg:delete_user(Pid)), + connection_state = Connection, + socket = Socket}) -> + terminate_subsytem(Connection), (catch Transport:close(Socket)), ok; -%% Terminated as manager terminated +%% Terminated by supervisor terminate(shutdown, StateName, #state{ssh_params = Ssh0} = State) -> DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, @@ -652,26 +916,34 @@ terminate(shutdown, StateName, #state{ssh_params = Ssh0} = State) -> send_msg(SshPacket, State), terminate(normal, StateName, State#state{ssh_params = Ssh}); -terminate({shutdown, #ssh_msg_disconnect{} = Msg}, StateName, #state{ssh_params = Ssh0, manager = Pid} = State) -> - {SshPacket, Ssh} = ssh_transport:ssh_packet(Msg, Ssh0), +terminate({shutdown, #ssh_msg_disconnect{} = Msg}, StateName, + #state{ssh_params = Ssh0} = State) -> + {SshPacket, Ssh} = ssh_transport:ssh_packet(Msg, Ssh0), send_msg(SshPacket, State), - ssh_connection_manager:event(Pid, Msg), - terminate(normal, StateName, State#state{ssh_params = Ssh}); -terminate(Reason, StateName, #state{ssh_params = Ssh0, manager = Pid} = State) -> + terminate(normal, StateName, State#state{ssh_params = Ssh}); +terminate({shutdown, _}, StateName, State) -> + terminate(normal, StateName, State); +terminate(Reason, StateName, #state{ssh_params = Ssh0, starter = _Pid, + connection_state = Connection} = State) -> + terminate_subsytem(Connection), log_error(Reason), DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, description = "Internal error", language = "en"}, {SshPacket, Ssh} = ssh_transport:ssh_packet(DisconnectMsg, Ssh0), - ssh_connection_manager:event(Pid, DisconnectMsg), send_msg(SshPacket, State), terminate(normal, StateName, State#state{ssh_params = Ssh}). +terminate_subsytem(#connection{system_supervisor = SysSup, + sub_system_supervisor = SubSysSup}) when is_pid(SubSysSup) -> + ssh_system_sup:stop_subsystem(SysSup, SubSysSup); +terminate_subsytem(_) -> + ok. + %%-------------------------------------------------------------------- -%% Function: -%% code_change(OldVsn, StateName, State, Extra) -> {ok, StateName, NewState} -%% Description: Convert process state when code is changed +-spec code_change(OldVsn::term(), state_name(), Oldstate::term(), Extra::term()) -> + {ok, state_name(), #state{}}. %%-------------------------------------------------------------------- code_change(_OldVsn, StateName, State, _Extra) -> {ok, StateName, State}. @@ -679,6 +951,39 @@ code_change(_OldVsn, StateName, State, _Extra) -> %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- +init_role(#state{role = client, opts = Opts} = State0) -> + Pid = proplists:get_value(user_pid, Opts), + TimerRef = get_idle_time(Opts), + timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiate]), + timer:apply_after(?REKEY_DATA_TIMOUT, gen_fsm, send_all_state_event, + [self(), data_size]), + State0#state{starter = Pid, + idle_timer_ref = TimerRef}; +init_role(#state{role = server, opts = Opts, connection_state = Connection} = State) -> + Sups = proplists:get_value(supervisors, Opts), + Pid = proplists:get_value(user_pid, Opts), + SystemSup = proplists:get_value(system_sup, Sups), + SubSystemSup = proplists:get_value(subsystem_sup, Sups), + ConnectionSup = proplists:get_value(connection_sup, Sups), + Shell = proplists:get_value(shell, Opts), + Exec = proplists:get_value(exec, Opts), + CliSpec = proplists:get_value(ssh_cli, Opts, {ssh_cli, [Shell]}), + State#state{starter = Pid, connection_state = Connection#connection{ + cli_spec = CliSpec, + exec = Exec, + system_supervisor = SystemSup, + sub_system_supervisor = SubSystemSup, + connection_supervisor = ConnectionSup + }}. + +get_idle_time(SshOptions) -> + case proplists:get_value(idle_time, SshOptions) of + infinity -> + infinity; + _IdleTime -> %% We dont want to set the timeout on first connect + undefined + end. + init_ssh(client = Role, Vsn, Version, Options, Socket) -> IOCb = case proplists:get_value(user_interaction, Options, true) of true -> @@ -755,9 +1060,9 @@ extract_algs([], NewList) -> lists:reverse(NewList); extract_algs([H|T], NewList) -> case H of - ssh_dsa -> + 'ssh-dss' -> extract_algs(T, ["ssh-dss"|NewList]); - ssh_rsa -> + 'ssh-rsa' -> extract_algs(T, ["ssh-rsa"|NewList]) end. available_host_key(KeyCb, "ssh-dss"= Alg, Opts) -> @@ -796,7 +1101,15 @@ send_all_state_event(FsmPid, Event) -> gen_fsm:send_all_state_event(FsmPid, Event). sync_send_all_state_event(FsmPid, Event) -> - gen_fsm:sync_send_all_state_event(FsmPid, Event). + try gen_fsm:sync_send_all_state_event(FsmPid, Event, infinity) + catch + exit:{noproc, _} -> + {error, closed}; + exit:{normal, _} -> + {error, closed}; + exit:{{shutdown, _},_} -> + {error, closed} + end. %% simulate send_all_state_event(self(), Event) event(#ssh_msg_disconnect{} = Event, StateName, State) -> @@ -809,10 +1122,33 @@ event(#ssh_msg_unimplemented{} = Event, StateName, State) -> handle_event(Event, StateName, State); %% simulate send_event(self(), Event) event(Event, StateName, State) -> - ?MODULE:StateName(Event, State). + try + ?MODULE:StateName(Event, State) + catch + throw:#ssh_msg_disconnect{} = DisconnectMsg -> + handle_disconnect(DisconnectMsg, State); + throw:{ErrorToDisplay, #ssh_msg_disconnect{} = DisconnectMsg} -> + handle_disconnect(DisconnectMsg, State, ErrorToDisplay); + _:Error -> + log_error(Error), + handle_disconnect(#ssh_msg_disconnect{code = error_code(StateName), + description = "Internal error", + language = "en"}, State) + end. +error_code(key_exchange) -> + ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED; +error_code(new_keys) -> + ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED; +error_code(_) -> + ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE. generate_event(<<?BYTE(Byte), _/binary>> = Msg, StateName, - #state{manager = Pid} = State0, EncData) + #state{ + role = Role, + starter = User, + opts = Opts, + renegotiate = Renegotiation, + connection_state = Connection0} = State0, EncData) when Byte == ?SSH_MSG_GLOBAL_REQUEST; Byte == ?SSH_MSG_REQUEST_SUCCESS; Byte == ?SSH_MSG_REQUEST_FAILURE; @@ -827,18 +1163,40 @@ generate_event(<<?BYTE(Byte), _/binary>> = Msg, StateName, Byte == ?SSH_MSG_CHANNEL_REQUEST; Byte == ?SSH_MSG_CHANNEL_SUCCESS; Byte == ?SSH_MSG_CHANNEL_FAILURE -> - - try - ssh_connection_manager:event(Pid, Msg), - State = generate_event_new_state(State0, EncData), - next_packet(State), - {next_state, StateName, State} + ConnectionMsg = ssh_message:decode(Msg), + State1 = generate_event_new_state(State0, EncData), + try ssh_connection:handle_msg(ConnectionMsg, Connection0, Role) of + {{replies, Replies}, Connection} -> + State = send_replies(Replies, State1#state{connection_state = Connection}), + {next_state, StateName, next_packet(State)}; + {noreply, Connection} -> + {next_state, StateName, next_packet(State1#state{connection_state = Connection})}; + {disconnect, {_, Reason}, {{replies, Replies}, Connection}} when + Role == client andalso ((StateName =/= connected) and (not Renegotiation)) -> + State = send_replies(Replies, State1#state{connection_state = Connection}), + User ! {self(), not_connected, Reason}, + {stop, {shutdown, normal}, + next_packet(State#state{connection_state = Connection})}; + {disconnect, Reason, {{replies, Replies}, Connection}} -> + State = send_replies(Replies, State1#state{connection_state = Connection}), + SSHOpts = proplists:get_value(ssh_opts, Opts), + disconnect_fun(Reason, SSHOpts), + {stop, {shutdown, normal}, State#state{connection_state = Connection}} catch - exit:{noproc, Reason} -> - {stop, {shutdown, Reason}, State0} + _:Error -> + {disconnect, Reason, {{replies, Replies}, Connection}} = + ssh_connection:handle_msg( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "Internal error", + language = "en"}, Connection0, Role), + State = send_replies(Replies, State1#state{connection_state = Connection}), + SSHOpts = proplists:get_value(ssh_opts, Opts), + disconnect_fun(Reason, SSHOpts), + {stop, {shutdown, Error}, State#state{connection_state = Connection}} end; + generate_event(Msg, StateName, State0, EncData) -> - Event = ssh_bits:decode(Msg), + Event = ssh_message:decode(Msg), State = generate_event_new_state(State0, EncData), case Event of #ssh_msg_kexinit{} -> @@ -848,6 +1206,100 @@ generate_event(Msg, StateName, State0, EncData) -> event(Event, StateName, State) end. + +handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = Id} = Channel -> + update_sys(Cache, Channel, Type, ChannelPid), + Msg = ssh_connection:channel_request_msg(Id, Type, + WantReply, Data), + Replies = [{connection_reply, Msg}], + State = add_request(WantReply, ChannelId, From, State0), + {{replies, Replies}, State}; + undefined -> + {{replies, []}, State0} + end. + +handle_request(ChannelId, Type, Data, WantReply, From, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = Id} -> + Msg = ssh_connection:channel_request_msg(Id, Type, + WantReply, Data), + Replies = [{connection_reply, Msg}], + State = add_request(WantReply, ChannelId, From, State0), + {{replies, Replies}, State}; + undefined -> + {{replies, []}, State0} + end. + +handle_global_request({global_request, ChannelPid, + "tcpip-forward" = Type, WantReply, + <<?UINT32(IPLen), + IP:IPLen/binary, ?UINT32(Port)>> = Data}, + #state{connection_state = + #connection{channel_cache = Cache} + = Connection0} = State) -> + ssh_channel:cache_update(Cache, #channel{user = ChannelPid, + type = "forwarded-tcpip", + sys = none}), + Connection = ssh_connection:bind(IP, Port, ChannelPid, Connection0), + Msg = ssh_connection:global_request_msg(Type, WantReply, Data), + send_replies([{connection_reply, Msg}], State#state{connection_state = Connection}); + +handle_global_request({global_request, _Pid, "cancel-tcpip-forward" = Type, + WantReply, <<?UINT32(IPLen), + IP:IPLen/binary, ?UINT32(Port)>> = Data}, + #state{connection_state = Connection0} = State) -> + Connection = ssh_connection:unbind(IP, Port, Connection0), + Msg = ssh_connection:global_request_msg(Type, WantReply, Data), + send_replies([{connection_reply, Msg}], State#state{connection_state = Connection}); + +handle_global_request({global_request, _, "cancel-tcpip-forward" = Type, + WantReply, Data}, State) -> + Msg = ssh_connection:global_request_msg(Type, WantReply, Data), + send_replies([{connection_reply, Msg}], State). + +handle_idle_timeout(#state{opts = Opts}) -> + case proplists:get_value(idle_time, Opts, infinity) of + infinity -> + ok; + IdleTime -> + erlang:send_after(IdleTime, self(), {check_cache, [], []}) + end. + +handle_channel_down(ChannelPid, #state{connection_state = + #connection{channel_cache = Cache}} = + State) -> + ssh_channel:cache_foldl( + fun(Channel, Acc) when Channel#channel.user == ChannelPid -> + ssh_channel:cache_delete(Cache, + Channel#channel.local_id), + Acc; + (_,Acc) -> + Acc + end, [], Cache), + {{replies, []}, check_cache(State, Cache)}. + +update_sys(Cache, Channel, Type, ChannelPid) -> + ssh_channel:cache_update(Cache, + Channel#channel{sys = Type, user = ChannelPid}). +add_request(false, _ChannelId, _From, State) -> + State; +add_request(true, ChannelId, From, #state{connection_state = + #connection{requests = Requests0} = + Connection} = State) -> + Requests = [{ChannelId, From} | Requests0], + State#state{connection_state = Connection#connection{requests = Requests}}. + +new_channel_id(#state{connection_state = #connection{channel_id_seed = Id} = + Connection} + = State) -> + {Id, State#state{connection_state = + Connection#connection{channel_id_seed = Id + 1}}}. generate_event_new_state(#state{ssh_params = #ssh{recv_sequence = SeqNum0} = Ssh} = State, EncData) -> @@ -857,7 +1309,6 @@ generate_event_new_state(#state{ssh_params = encoded_data_buffer = EncData, undecoded_packet_length = undefined}. - next_packet(#state{decoded_data_buffer = <<>>, encoded_data_buffer = Buff, ssh_params = #ssh{decrypt_block_size = BlockSize}, @@ -882,7 +1333,6 @@ after_new_keys(#state{renegotiate = true} = State) -> {connected, State#state{renegotiate = false}}; after_new_keys(#state{renegotiate = false, ssh_params = #ssh{role = client} = Ssh0} = State) -> - ssh_bits:install_messages(ssh_auth:userauth_messages()), {Msg, Ssh} = ssh_auth:service_request_msg(Ssh0), send_msg(Msg, State), {userauth, State#state{ssh_params = Ssh}}; @@ -932,8 +1382,16 @@ handle_ssh_packet(Length, StateName, #state{decoded_data_buffer = DecData0, handle_disconnect(DisconnectMsg, State0) end. -handle_disconnect(#ssh_msg_disconnect{} = Msg, State) -> - {stop, {shutdown, Msg}, State}. +handle_disconnect(#ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, + role = Role} = State0) -> + {disconnect, _, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(Msg, Connection0, Role), + State = send_replies(Replies, State0), + {stop, {shutdown, Desc}, State#state{connection_state = Connection}}. +handle_disconnect(#ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, + role = Role} = State0, ErrorMsg) -> + {disconnect, _, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(Msg, Connection0, Role), + State = send_replies(Replies, State0), + {stop, {shutdown, {Desc, ErrorMsg}}, State#state{connection_state = Connection}}. counterpart_versions(NumVsn, StrVsn, #ssh{role = server} = Ssh) -> Ssh#ssh{c_vsn = NumVsn , c_version = StrVsn}; @@ -952,45 +1410,67 @@ connected_fun(User, PeerAddr, Method, Opts) -> catch Fun(User, PeerAddr, Method) end. -retry_fun(_, undefined, _) -> +retry_fun(_, _, undefined, _) -> ok; -retry_fun(User, {error, Reason}, Opts) -> +retry_fun(User, PeerAddr, {error, Reason}, Opts) -> case proplists:get_value(failfun, Opts) of undefined -> ok; Fun -> - catch Fun(User, Reason) + do_retry_fun(Fun, User, PeerAddr, Reason) end; -retry_fun(User, Reason, Opts) -> +retry_fun(User, PeerAddr, Reason, Opts) -> case proplists:get_value(infofun, Opts) of undefined -> ok; - Fun -> - catch Fun(User, Reason) + Fun -> + do_retry_fun(Fun, User, PeerAddr, Reason) end. -ssh_info_handler(Options, Ssh, From) -> - Info = ssh_info(Options, Ssh, []), - ssh_connection_manager:send_msg({channel_requst_reply, From, Info}). +do_retry_fun(Fun, User, PeerAddr, Reason) -> + case erlang:fun_info(Fun, arity) of + {arity, 2} -> %% Backwards compatible + catch Fun(User, Reason); + {arity, 3} -> + catch Fun(User, PeerAddr, Reason) + end. -ssh_info([], _, Acc) -> +ssh_info([], _State, Acc) -> + Acc; +ssh_info([client_version | Rest], #state{ssh_params = #ssh{c_vsn = IntVsn, + c_version = StringVsn}} = State, Acc) -> + ssh_info(Rest, State, [{client_version, {IntVsn, StringVsn}} | Acc]); + +ssh_info([server_version | Rest], #state{ssh_params =#ssh{s_vsn = IntVsn, + s_version = StringVsn}} = State, Acc) -> + ssh_info(Rest, State, [{server_version, {IntVsn, StringVsn}} | Acc]); +ssh_info([peer | Rest], #state{ssh_params = #ssh{peer = Peer}} = State, Acc) -> + ssh_info(Rest, State, [{peer, Peer} | Acc]); +ssh_info([sockname | Rest], #state{socket = Socket} = State, Acc) -> + {ok, SockName} = inet:sockname(Socket), + ssh_info(Rest, State, [{sockname, SockName}|Acc]); +ssh_info([user | Rest], #state{auth_user = User} = State, Acc) -> + ssh_info(Rest, State, [{user, User}|Acc]); +ssh_info([ _ | Rest], State, Acc) -> + ssh_info(Rest, State, Acc). + +ssh_channel_info([], _, Acc) -> Acc; -ssh_info([client_version | Rest], #ssh{c_vsn = IntVsn, - c_version = StringVsn} = SshParams, Acc) -> - ssh_info(Rest, SshParams, [{client_version, {IntVsn, StringVsn}} | Acc]); - -ssh_info([server_version | Rest], #ssh{s_vsn = IntVsn, - s_version = StringVsn} = SshParams, Acc) -> - ssh_info(Rest, SshParams, [{server_version, {IntVsn, StringVsn}} | Acc]); - -ssh_info([peer | Rest], #ssh{peer = Peer} = SshParams, Acc) -> - ssh_info(Rest, SshParams, [{peer, Peer} | Acc]); - -ssh_info([ _ | Rest], SshParams, Acc) -> - ssh_info(Rest, SshParams, Acc). +ssh_channel_info([recv_window | Rest], #channel{recv_window_size = WinSize, + recv_packet_size = Packsize + } = Channel, Acc) -> + ssh_channel_info(Rest, Channel, [{recv_window, {{win_size, WinSize}, + {packet_size, Packsize}}} | Acc]); +ssh_channel_info([send_window | Rest], #channel{send_window_size = WinSize, + send_packet_size = Packsize + } = Channel, Acc) -> + ssh_channel_info(Rest, Channel, [{send_window, {{win_size, WinSize}, + {packet_size, Packsize}}} | Acc]); +ssh_channel_info([ _ | Rest], Channel, Acc) -> + ssh_channel_info(Rest, Channel, Acc). log_error(Reason) -> Report = io_lib:format("Erlang ssh connection handler failed with reason: " @@ -999,3 +1479,101 @@ log_error(Reason) -> [Reason, erlang:get_stacktrace()]), error_logger:error_report(Report), "Internal error". + +send_replies([], State) -> + State; +send_replies([{connection_reply, Data} | Rest], #state{ssh_params = Ssh0} = State) -> + {Packet, Ssh} = ssh_transport:ssh_packet(Data, Ssh0), + send_msg(Packet, State), + send_replies(Rest, State#state{ssh_params = Ssh}); +send_replies([Msg | Rest], State) -> + catch send_reply(Msg), + send_replies(Rest, State). + +send_reply({channel_data, Pid, Data}) -> + Pid ! {ssh_cm, self(), Data}; +send_reply({channel_requst_reply, From, Data}) -> + gen_fsm:reply(From, Data); +send_reply({flow_control, Cache, Channel, From, Msg}) -> + ssh_channel:cache_update(Cache, Channel#channel{flow_control = undefined}), + gen_fsm:reply(From, Msg); +send_reply({flow_control, From, Msg}) -> + gen_fsm:reply(From, Msg). + +disconnect_fun(_, undefined) -> + ok; +disconnect_fun(Reason, Opts) -> + case proplists:get_value(disconnectfun, Opts) of + undefined -> + ok; + Fun -> + catch Fun(Reason) + end. + +check_cache(#state{opts = Opts} = State, Cache) -> + %% Check the number of entries in Cache + case proplists:get_value(size, ets:info(Cache)) of + 0 -> + case proplists:get_value(idle_time, Opts, infinity) of + infinity -> + State; + Time -> + handle_idle_timer(Time, State) + end; + _ -> + State + end. + +handle_idle_timer(Time, #state{idle_timer_ref = undefined} = State) -> + TimerRef = erlang:send_after(Time, self(), {'EXIT', [], "Timeout"}), + State#state{idle_timer_ref=TimerRef}; +handle_idle_timer(_, State) -> + State. + +remove_timer_ref(State) -> + case State#state.idle_timer_ref of + infinity -> %% If the timer is not activated + State; + undefined -> %% If we already has cancelled the timer + State; + TimerRef -> %% Timer is active + erlang:cancel_timer(TimerRef), + State#state{idle_timer_ref = undefined} + end. + +socket_control(Socket, Pid, Transport) -> + case Transport:controlling_process(Socket, Pid) of + ok -> + send_event(Pid, socket_control); + {error, Reason} -> + {error, Reason} + end. + +handshake(Pid, Ref, Timeout) -> + receive + ssh_connected -> + erlang:demonitor(Ref), + {ok, Pid}; + {Pid, not_connected, Reason} -> + {error, Reason}; + {Pid, user_password} -> + Pass = io:get_password(), + Pid ! Pass, + handshake(Pid, Ref, Timeout); + {Pid, question} -> + Answer = io:get_line(""), + Pid ! Answer, + handshake(Pid, Ref, Timeout); + {'DOWN', _, process, Pid, {shutdown, Reason}} -> + {error, Reason}; + {'DOWN', _, process, Pid, Reason} -> + {error, Reason} + after Timeout -> + stop(Pid), + {error, Timeout} + end. + +start_timeout(_,_, infinity) -> + ok; +start_timeout(Channel, From, Time) -> + erlang:send_after(Time, self(), {timeout, {Channel, From}}). diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl deleted file mode 100644 index 5aa79f978c..0000000000 --- a/lib/ssh/src/ssh_connection_manager.erl +++ /dev/null @@ -1,791 +0,0 @@ -%% -%% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. -%% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. -%% -%% %CopyrightEnd% -%% -%% -%%---------------------------------------------------------------------- -%% Purpose: Handles multiplexing to ssh channels and global connection -%% requests e.i. the SSH Connection Protocol (RFC 4254), that provides -%% interactive login sessions, remote execution of commands, forwarded -%% TCP/IP connections, and forwarded X11 connections. Details of the -%% protocol is implemented in ssh_connection.erl -%% ---------------------------------------------------------------------- --module(ssh_connection_manager). - --behaviour(gen_server). - --include("ssh.hrl"). --include("ssh_connect.hrl"). --include("ssh_transport.hrl"). - --export([start_link/1]). - --export([info/1, info/2, - renegotiate/1, connection_info/2, channel_info/3, - peer_addr/1, send_window/3, recv_window/3, adjust_window/3, - close/2, stop/1, send/5, - send_eof/2]). - --export([open_channel/6, request/6, request/7, global_request/4, event/2, - cast/2]). - -%% Internal application API and spawn --export([send_msg/1, ssh_channel_info_handler/3]). - -%% gen_server callbacks --export([init/1, handle_call/3, handle_cast/2, handle_info/2, - terminate/2, code_change/3]). - --define(DBG_MESSAGE, true). - --record(state, - { - role, - client, - starter, - connection, % pid() - connection_state, % #connection{} - latest_channel_id = 0, - opts, - channel_args, - connected - }). - -%%==================================================================== -%% Internal application API -%%==================================================================== - -start_link(Opts) -> - gen_server:start_link(?MODULE, Opts, []). - -open_channel(ConnectionManager, ChannelType, ChannelSpecificData, - InitialWindowSize, MaxPacketSize, Timeout) -> - case (catch call(ConnectionManager, {open, self(), ChannelType, - InitialWindowSize, - MaxPacketSize, ChannelSpecificData}, - Timeout)) of - {open, Channel} -> - {ok, Channel}; - Error -> - %% TODO: Best way? - Error - end. - -request(ConnectionManager, ChannelPid, ChannelId, Type, true, Data, Timeout) -> - call(ConnectionManager, {request, ChannelPid, ChannelId, Type, Data}, Timeout); -request(ConnectionManager, ChannelPid, ChannelId, Type, false, Data, _) -> - cast(ConnectionManager, {request, ChannelPid, ChannelId, Type, Data}). - -request(ConnectionManager, ChannelId, Type, true, Data, Timeout) -> - call(ConnectionManager, {request, ChannelId, Type, Data}, Timeout); -request(ConnectionManager, ChannelId, Type, false, Data, _) -> - cast(ConnectionManager, {request, ChannelId, Type, Data}). - -global_request(ConnectionManager, Type, true = Reply, Data) -> - case call(ConnectionManager, - {global_request, self(), Type, Reply, Data}) of - {ssh_cm, ConnectionManager, {success, _}} -> - ok; - {ssh_cm, ConnectionManager, {failure, _}} -> - error - end; - -global_request(ConnectionManager, Type, false = Reply, Data) -> - cast(ConnectionManager, {global_request, self(), Type, Reply, Data}). - -event(ConnectionManager, BinMsg) -> - call(ConnectionManager, {ssh_msg, self(), BinMsg}). - -info(ConnectionManager) -> - info(ConnectionManager, {info, all}). - -info(ConnectionManager, ChannelProcess) -> - call(ConnectionManager, {info, ChannelProcess}). - -%% TODO: Do we really want this function? Should not -%% renegotiation be triggered by configurable timer -%% or amount of data sent counter! -renegotiate(ConnectionManager) -> - cast(ConnectionManager, renegotiate). - -connection_info(ConnectionManager, Options) -> - call(ConnectionManager, {connection_info, Options}). - -channel_info(ConnectionManager, ChannelId, Options) -> - call(ConnectionManager, {channel_info, ChannelId, Options}). - -%% Replaced by option peer to connection_info/2 keep for now -%% for Backwards compatibility! -peer_addr(ConnectionManager) -> - call(ConnectionManager, {peer_addr, self()}). - -%% Backwards compatibility! -send_window(ConnectionManager, Channel, TimeOut) -> - call(ConnectionManager, {send_window, Channel}, TimeOut). -%% Backwards compatibility! -recv_window(ConnectionManager, Channel, TimeOut) -> - call(ConnectionManager, {recv_window, Channel}, TimeOut). - -adjust_window(ConnectionManager, Channel, Bytes) -> - cast(ConnectionManager, {adjust_window, Channel, Bytes}). - -close(ConnectionManager, ChannelId) -> - case call(ConnectionManager, {close, ChannelId}) of - ok -> - ok; - {error, channel_closed} -> - ok - end. - -stop(ConnectionManager) -> - case call(ConnectionManager, stop) of - ok -> - ok; - {error, channel_closed} -> - ok - end. - -send(ConnectionManager, ChannelId, Type, Data, Timeout) -> - call(ConnectionManager, {data, ChannelId, Type, Data}, Timeout). - -send_eof(ConnectionManager, ChannelId) -> - cast(ConnectionManager, {eof, ChannelId}). - -%%==================================================================== -%% gen_server callbacks -%%==================================================================== - -%%-------------------------------------------------------------------- -%% Function: init(Args) -> {ok, State} | -%% {ok, State, Timeout} | -%% ignore | -%% {stop, Reason} -%% Description: Initiates the server -%%-------------------------------------------------------------------- -init([server, _Socket, Opts]) -> - process_flag(trap_exit, true), - ssh_bits:install_messages(ssh_connection:messages()), - Cache = ssh_channel:cache_create(), - {ok, #state{role = server, - connection_state = #connection{channel_cache = Cache, - channel_id_seed = 0, - port_bindings = [], - requests = []}, - opts = Opts, - connected = false}}; - -init([client, Opts]) -> - process_flag(trap_exit, true), - {links, [Parent]} = process_info(self(), links), - ssh_bits:install_messages(ssh_connection:messages()), - Cache = ssh_channel:cache_create(), - Address = proplists:get_value(address, Opts), - Port = proplists:get_value(port, Opts), - SocketOpts = proplists:get_value(socket_opts, Opts), - Options = proplists:get_value(ssh_opts, Opts), - ChannelPid = proplists:get_value(channel_pid, Opts), - self() ! - {start_connection, client, [Parent, Address, Port, SocketOpts, Options]}, - {ok, #state{role = client, - client = ChannelPid, - connection_state = #connection{channel_cache = Cache, - channel_id_seed = 0, - port_bindings = [], - connection_supervisor = Parent, - requests = []}, - opts = Opts, - connected = false}}. - -%%-------------------------------------------------------------------- -%% Function: %% handle_call(Request, From, State) -> {reply, Reply, State} | -%% {reply, Reply, State, Timeout} | -%% {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, Reply, State} | -%% {stop, Reason, State} -%% Description: Handling call messages -%%-------------------------------------------------------------------- -handle_call({request, ChannelPid, ChannelId, Type, Data}, From, State0) -> - {{replies, Replies}, State} = handle_request(ChannelPid, - ChannelId, Type, Data, - true, From, State0), - %% Sends message to the connection handler process, reply to - %% channel is sent later when reply arrives from the connection - %% handler. - lists:foreach(fun send_msg/1, Replies), - {noreply, State}; - -handle_call({request, ChannelId, Type, Data}, From, State0) -> - {{replies, Replies}, State} = handle_request(ChannelId, Type, Data, - true, From, State0), - %% Sends message to the connection handler process, reply to - %% channel is sent later when reply arrives from the connection - %% handler. - lists:foreach(fun send_msg/1, Replies), - {noreply, State}; - -%% Message from ssh_connection_handler -handle_call({ssh_msg, Pid, Msg}, From, - #state{connection_state = Connection0, - role = Role, opts = Opts, connected = IsConnected, - client = ClientPid} - = State) -> - - %% To avoid that not all data sent by the other side is processes before - %% possible crash in ssh_connection_handler takes down the connection. - gen_server:reply(From, ok), - - ConnectionMsg = decode_ssh_msg(Msg), - try ssh_connection:handle_msg(ConnectionMsg, Connection0, Pid, Role) of - {{replies, Replies}, Connection} -> - lists:foreach(fun send_msg/1, Replies), - {noreply, State#state{connection_state = Connection}}; - {noreply, Connection} -> - {noreply, State#state{connection_state = Connection}}; - {disconnect, {_, Reason}, {{replies, Replies}, Connection}} - when Role == client andalso (not IsConnected) -> - lists:foreach(fun send_msg/1, Replies), - ClientPid ! {self(), not_connected, Reason}, - {stop, {shutdown, normal}, State#state{connection = Connection}}; - {disconnect, Reason, {{replies, Replies}, Connection}} -> - lists:foreach(fun send_msg/1, Replies), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), - {stop, {shutdown, normal}, State#state{connection_state = Connection}} - catch - _:Error -> - {disconnect, Reason, {{replies, Replies}, Connection}} = - ssh_connection:handle_msg( - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "Internal error", - language = "en"}, Connection0, undefined, - Role), - lists:foreach(fun send_msg/1, Replies), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), - {stop, {shutdown, Error}, State#state{connection_state = Connection}} - end; - -handle_call({global_request, Pid, _, _, _} = Request, From, - #state{connection_state = - #connection{channel_cache = Cache}} = State0) -> - State1 = handle_global_request(Request, State0), - Channel = ssh_channel:cache_find(Pid, Cache), - State = add_request(true, Channel#channel.local_id, From, State1), - {noreply, State}; - -handle_call({data, ChannelId, Type, Data}, From, - #state{connection_state = #connection{channel_cache = _Cache} - = Connection0, - connection = ConnectionPid} = State) -> - channel_data(ChannelId, Type, Data, Connection0, ConnectionPid, From, - State); - -handle_call({connection_info, Options}, From, - #state{connection = Connection} = State) -> - ssh_connection_handler:connection_info(Connection, From, Options), - %% Reply will be sent by the connection handler by calling - %% ssh_connection_handler:send_msg/1. - {noreply, State}; - -handle_call({channel_info, ChannelId, Options}, From, - #state{connection_state = #connection{channel_cache = Cache}} = State) -> - - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{} = Channel -> - spawn(?MODULE, ssh_channel_info_handler, [Options, Channel, From]), - {noreply, State}; - undefined -> - {reply, []} - end; - -handle_call({info, ChannelPid}, _From, - #state{connection_state = - #connection{channel_cache = Cache}} = State) -> - Result = ssh_channel:cache_foldl( - fun(Channel, Acc) when ChannelPid == all; - Channel#channel.user == ChannelPid -> - [Channel | Acc]; - (_, Acc) -> - Acc - end, [], Cache), - {reply, {ok, Result}, State}; - -handle_call({open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data}, - From, #state{connection = Pid, - connection_state = - #connection{channel_cache = Cache}} = State0) -> - erlang:monitor(process, ChannelPid), - {ChannelId, State1} = new_channel_id(State0), - Msg = ssh_connection:channel_open_msg(Type, ChannelId, - InitialWindowSize, - MaxPacketSize, Data), - send_msg({connection_reply, Pid, Msg}), - Channel = #channel{type = Type, - sys = "none", - user = ChannelPid, - local_id = ChannelId, - recv_window_size = InitialWindowSize, - recv_packet_size = MaxPacketSize}, - ssh_channel:cache_update(Cache, Channel), - State = add_request(true, ChannelId, From, State1), - {noreply, State}; - -handle_call({send_window, ChannelId}, _From, - #state{connection_state = - #connection{channel_cache = Cache}} = State) -> - Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{send_window_size = WinSize, - send_packet_size = Packsize} -> - {ok, {WinSize, Packsize}}; - undefined -> - {error, einval} - end, - {reply, Reply, State}; - -handle_call({recv_window, ChannelId}, _From, - #state{connection_state = #connection{channel_cache = Cache}} - = State) -> - - Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{recv_window_size = WinSize, - recv_packet_size = Packsize} -> - {ok, {WinSize, Packsize}}; - undefined -> - {error, einval} - end, - {reply, Reply, State}; - -%% Replaced by option peer to connection_info/2 keep for now -%% for Backwards compatibility! -handle_call({peer_addr, _ChannelId}, _From, - #state{connection = Pid} = State) -> - Reply = ssh_connection_handler:peer_address(Pid), - {reply, Reply, State}; - -handle_call(opts, _, #state{opts = Opts} = State) -> - {reply, Opts, State}; - -handle_call({close, ChannelId}, _, - #state{connection = Pid, connection_state = - #connection{channel_cache = Cache}} = State) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id} = Channel -> - send_msg({connection_reply, Pid, - ssh_connection:channel_close_msg(Id)}), - ssh_channel:cache_update(Cache, Channel#channel{sent_close = true}), - {reply, ok, State}; - undefined -> - {reply, ok, State} - end; - -handle_call(stop, _, #state{connection_state = Connection0, - role = Role, - opts = Opts} = State) -> - {disconnect, Reason, {{replies, Replies}, Connection}} = - ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "User closed down connection", - language = "en"}, Connection0, undefined, - Role), - lists:foreach(fun send_msg/1, Replies), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), - {stop, normal, ok, State#state{connection_state = Connection}}; - -%% API violation make it the violaters problem -%% by ignoring it. The violating process will get -%% a timeout or hang. -handle_call(_, _, State) -> - {noreply, State}. - -%%-------------------------------------------------------------------- -%% Function: handle_cast(Msg, State) -> {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, State} -%% Description: Handling cast messages -%%-------------------------------------------------------------------- -handle_cast({request, ChannelPid, ChannelId, Type, Data}, State0) -> - {{replies, Replies}, State} = handle_request(ChannelPid, ChannelId, - Type, Data, - false, none, State0), - lists:foreach(fun send_msg/1, Replies), - {noreply, State}; - -handle_cast({request, ChannelId, Type, Data}, State0) -> - {{replies, Replies}, State} = handle_request(ChannelId, Type, Data, - false, none, State0), - lists:foreach(fun send_msg/1, Replies), - {noreply, State}; - -handle_cast({global_request, _, _, _, _} = Request, State0) -> - State = handle_global_request(Request, State0), - {noreply, State}; - -handle_cast(renegotiate, #state{connection = Pid} = State) -> - ssh_connection_handler:renegotiate(Pid), - {noreply, State}; - -handle_cast({adjust_window, ChannelId, Bytes}, - #state{connection = Pid, connection_state = - #connection{channel_cache = Cache}} = State) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{recv_window_size = WinSize, remote_id = Id} = Channel -> - ssh_channel:cache_update(Cache, Channel#channel{recv_window_size = - WinSize + Bytes}), - Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes), - send_msg({connection_reply, Pid, Msg}); - undefined -> - ignore - end, - {noreply, State}; - -handle_cast({eof, ChannelId}, - #state{connection = Pid, connection_state = - #connection{channel_cache = Cache}} = State) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id} -> - send_msg({connection_reply, Pid, - ssh_connection:channel_eof_msg(Id)}), - {noreply, State}; - undefined -> - {noreply, State} - end; - -handle_cast({success, ChannelId}, #state{connection = Pid} = State) -> - Msg = ssh_connection:channel_success_msg(ChannelId), - send_msg({connection_reply, Pid, Msg}), - {noreply, State}; - -handle_cast({failure, ChannelId}, #state{connection = Pid} = State) -> - Msg = ssh_connection:channel_failure_msg(ChannelId), - send_msg({connection_reply, Pid, Msg}), - {noreply, State}. - -%%-------------------------------------------------------------------- -%% Function: handle_info(Info, State) -> {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, State} -%% Description: Handling all non call/cast messages -%%-------------------------------------------------------------------- -handle_info({start_connection, server, - [Address, Port, Socket, Options, SubSysSup]}, - #state{connection_state = CState} = State) -> - {ok, Connection} = ssh_transport:accept(Address, Port, Socket, Options), - Shell = proplists:get_value(shell, Options), - Exec = proplists:get_value(exec, Options), - CliSpec = proplists:get_value(ssh_cli, Options, {ssh_cli, [Shell]}), - ssh_connection_handler:send_event(Connection, socket_control), - {noreply, State#state{connection = Connection, - connection_state = - CState#connection{address = Address, - port = Port, - cli_spec = CliSpec, - options = Options, - exec = Exec, - sub_system_supervisor = SubSysSup - }}}; - -handle_info({start_connection, client, - [Parent, Address, Port, SocketOpts, Options]}, - #state{client = Pid} = State) -> - case (catch ssh_transport:connect(Parent, Address, - Port, SocketOpts, Options)) of - {ok, Connection} -> - {noreply, State#state{connection = Connection}}; - Reason -> - Pid ! {self(), not_connected, Reason}, - {stop, {shutdown, normal}, State} - end; - -handle_info({ssh_cm, _Sender, Msg}, State0) -> - %% Backwards compatibility! - State = cm_message(Msg, State0), - {noreply, State}; - -%% Nop backwards compatibility -handle_info({same_user, _}, State) -> - {noreply, State}; - -handle_info(ssh_connected, #state{role = client, client = Pid} - = State) -> - Pid ! {self(), is_connected}, - {noreply, State#state{connected = true, opts = handle_password(State#state.opts)}}; - -handle_info(ssh_connected, #state{role = server} = State) -> - {noreply, State#state{connected = true}}; - -%%% Handle that ssh channels user process goes down -handle_info({'DOWN', _Ref, process, ChannelPid, _Reason}, State) -> - handle_down(handle_channel_down(ChannelPid, State)); - -%%% So that terminate will be run when supervisor is shutdown -handle_info({'EXIT', _Sup, Reason}, State) -> - {stop, Reason, State}. - -handle_password(Opts) -> - handle_rsa_password(handle_dsa_password(handle_normal_password(Opts))). -handle_normal_password(Opts) -> - case proplists:get_value(ssh_opts, Opts, false) of - false -> - Opts; - SshOpts -> - case proplists:get_value(password, SshOpts, false) of - false -> - Opts; - _Password -> - NewOpts = [{password, undefined}|lists:keydelete(password, 1, SshOpts)], - [{ssh_opts, NewOpts}|lists:keydelete(ssh_opts, 1, Opts)] - end - end. -handle_dsa_password(Opts) -> - case proplists:get_value(ssh_opts, Opts, false) of - false -> - Opts; - SshOpts -> - case proplists:get_value(dsa_pass_phrase, SshOpts, false) of - false -> - Opts; - _Password -> - NewOpts = [{dsa_pass_phrase, undefined}|lists:keydelete(dsa_pass_phrase, 1, SshOpts)], - [{ssh_opts, NewOpts}|lists:keydelete(ssh_opts, 1, Opts)] - end - end. -handle_rsa_password(Opts) -> - case proplists:get_value(ssh_opts, Opts, false) of - false -> - Opts; - SshOpts -> - case proplists:get_value(rsa_pass_phrase, SshOpts, false) of - false -> - Opts; - _Password -> - NewOpts = [{rsa_pass_phrase, undefined}|lists:keydelete(rsa_pass_phrase, 1, SshOpts)], - [{ssh_opts, NewOpts}|lists:keydelete(ssh_opts, 1, Opts)] - end - end. -%%-------------------------------------------------------------------- -%% Function: terminate(Reason, State) -> void() -%% Description: This function is called by a gen_server when it is about to -%% terminate. It should be the opposite of Module:init/1 and do any necessary -%% cleaning up. When it returns, the gen_server terminates with Reason. -%% The return value is ignored. -%%-------------------------------------------------------------------- -terminate(_Reason, #state{role = client, - connection_state = - #connection{connection_supervisor = Supervisor}}) -> - sshc_sup:stop_child(Supervisor); - -terminate(_Reason, #state{role = server, - connection_state = - #connection{sub_system_supervisor = SubSysSup}, - opts = Opts}) -> - Address = proplists:get_value(address, Opts), - Port = proplists:get_value(port, Opts), - SystemSup = ssh_system_sup:system_supervisor(Address, Port), - ssh_system_sup:stop_subsystem(SystemSup, SubSysSup). - -%%-------------------------------------------------------------------- -%% Func: code_change(OldVsn, State, Extra) -> {ok, NewState} -%% Description: Convert process state when code is changed -%%-------------------------------------------------------------------- -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - -%%-------------------------------------------------------------------- -%%% Internal functions -%%-------------------------------------------------------------------- -channel_data(Id, Type, Data, Connection0, ConnectionPid, From, State) -> - case ssh_connection:channel_data(Id, Type, Data, Connection0, - ConnectionPid, From) of - {{replies, Replies}, Connection} -> - lists:foreach(fun send_msg/1, Replies), - {noreply, State#state{connection_state = Connection}}; - {noreply, Connection} -> - {noreply, State#state{connection_state = Connection}} - end. - -call(Pid, Msg) -> - call(Pid, Msg, infinity). -call(Pid, Msg, Timeout) -> - try gen_server:call(Pid, Msg, Timeout) of - Result -> - Result - catch - exit:{timeout, _} -> - {error, timeout}; - exit:{normal, _} -> - {error, channel_closed}; - exit:{{shutdown, _}, _} -> - {error, channel_closed}; - exit:{noproc,_} -> - {error, channel_closed} - end. - -cast(Pid, Msg) -> - gen_server:cast(Pid, Msg). - -decode_ssh_msg(BinMsg) when is_binary(BinMsg)-> - ssh_bits:decode(BinMsg); -decode_ssh_msg(Msg) -> - Msg. - - -send_msg(Msg) -> - catch do_send_msg(Msg). -do_send_msg({channel_data, Pid, Data}) -> - Pid ! {ssh_cm, self(), Data}; -do_send_msg({channel_requst_reply, From, Data}) -> - gen_server:reply(From, Data); -do_send_msg({connection_reply, Pid, Data}) -> - Msg = ssh_bits:encode(Data), - ssh_connection_handler:send(Pid, Msg); -do_send_msg({flow_control, Cache, Channel, From, Msg}) -> - ssh_channel:cache_update(Cache, Channel#channel{flow_control = undefined}), - gen_server:reply(From, Msg). - -handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, - #state{connection = Pid, - connection_state = - #connection{channel_cache = Cache}} = State0) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id} = Channel -> - update_sys(Cache, Channel, Type, ChannelPid), - Msg = ssh_connection:channel_request_msg(Id, Type, - WantReply, Data), - Replies = [{connection_reply, Pid, Msg}], - State = add_request(WantReply, ChannelId, From, State0), - {{replies, Replies}, State}; - undefined -> - {{replies, []}, State0} - end. - -handle_request(ChannelId, Type, Data, WantReply, From, - #state{connection = Pid, - connection_state = - #connection{channel_cache = Cache}} = State0) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id} -> - Msg = ssh_connection:channel_request_msg(Id, Type, - WantReply, Data), - Replies = [{connection_reply, Pid, Msg}], - State = add_request(WantReply, ChannelId, From, State0), - {{replies, Replies}, State}; - undefined -> - {{replies, []}, State0} - end. - -handle_down({{replies, Replies}, State}) -> - lists:foreach(fun send_msg/1, Replies), - {noreply, State}. - -handle_channel_down(ChannelPid, #state{connection_state = - #connection{channel_cache = Cache}} = - State) -> - ssh_channel:cache_foldl( - fun(Channel, Acc) when Channel#channel.user == ChannelPid -> - ssh_channel:cache_delete(Cache, - Channel#channel.local_id), - Acc; - (_,Acc) -> - Acc - end, [], Cache), - {{replies, []}, State}. - -update_sys(Cache, Channel, Type, ChannelPid) -> - ssh_channel:cache_update(Cache, - Channel#channel{sys = Type, user = ChannelPid}). - -add_request(false, _ChannelId, _From, State) -> - State; -add_request(true, ChannelId, From, #state{connection_state = - #connection{requests = Requests0} = - Connection} = State) -> - Requests = [{ChannelId, From} | Requests0], - State#state{connection_state = Connection#connection{requests = Requests}}. - -new_channel_id(#state{connection_state = #connection{channel_id_seed = Id} = - Connection} - = State) -> - {Id, State#state{connection_state = - Connection#connection{channel_id_seed = Id + 1}}}. - -handle_global_request({global_request, ChannelPid, - "tcpip-forward" = Type, WantReply, - <<?UINT32(IPLen), - IP:IPLen/binary, ?UINT32(Port)>> = Data}, - #state{connection = ConnectionPid, - connection_state = - #connection{channel_cache = Cache} - = Connection0} = State) -> - ssh_channel:cache_update(Cache, #channel{user = ChannelPid, - type = "forwarded-tcpip", - sys = none}), - Connection = ssh_connection:bind(IP, Port, ChannelPid, Connection0), - Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg({connection_reply, ConnectionPid, Msg}), - State#state{connection_state = Connection}; - -handle_global_request({global_request, _Pid, "cancel-tcpip-forward" = Type, - WantReply, <<?UINT32(IPLen), - IP:IPLen/binary, ?UINT32(Port)>> = Data}, - #state{connection = Pid, - connection_state = Connection0} = State) -> - Connection = ssh_connection:unbind(IP, Port, Connection0), - Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg({connection_reply, Pid, Msg}), - State#state{connection_state = Connection}; - -handle_global_request({global_request, _Pid, "cancel-tcpip-forward" = Type, - WantReply, Data}, #state{connection = Pid} = State) -> - Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg({connection_reply, Pid, Msg}), - State. - -cm_message(Msg, State) -> - {noreply, NewState} = handle_cast(Msg, State), - NewState. - -disconnect_fun(Reason, Opts) -> - case proplists:get_value(disconnectfun, Opts) of - undefined -> - ok; - Fun -> - catch Fun(Reason) - end. - -ssh_channel_info_handler(Options, Channel, From) -> - Info = ssh_channel_info(Options, Channel, []), - send_msg({channel_requst_reply, From, Info}). - -ssh_channel_info([], _, Acc) -> - Acc; - -ssh_channel_info([recv_window | Rest], #channel{recv_window_size = WinSize, - recv_packet_size = Packsize - } = Channel, Acc) -> - ssh_channel_info(Rest, Channel, [{recv_window, {{win_size, WinSize}, - {packet_size, Packsize}}} | Acc]); -ssh_channel_info([send_window | Rest], #channel{send_window_size = WinSize, - send_packet_size = Packsize - } = Channel, Acc) -> - ssh_channel_info(Rest, Channel, [{send_window, {{win_size, WinSize}, - {packet_size, Packsize}}} | Acc]); -ssh_channel_info([ _ | Rest], Channel, Acc) -> - ssh_channel_info(Rest, Channel, Acc). - - - diff --git a/lib/ssh/src/ssh_connection_sup.erl b/lib/ssh/src/ssh_connection_sup.erl index b620056310..c5abc8f23b 100644 --- a/lib/ssh/src/ssh_connection_sup.erl +++ b/lib/ssh/src/ssh_connection_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -25,8 +25,9 @@ -behaviour(supervisor). --export([start_link/1, start_handler_child/2, start_manager_child/2, - connection_manager/1]). +%% API +-export([start_link/1]). +-export([start_child/2]). %% Supervisor callback -export([init/1]). @@ -37,83 +38,23 @@ start_link(Args) -> supervisor:start_link(?MODULE, [Args]). -%% Will be called from the manager child process -start_handler_child(Sup, Args) -> - [Spec] = child_specs(handler, Args), - supervisor:start_child(Sup, Spec). - -%% Will be called from the acceptor process -start_manager_child(Sup, Args) -> - [Spec] = child_specs(manager, Args), - supervisor:start_child(Sup, Spec). - -connection_manager(SupPid) -> - try supervisor:which_children(SupPid) of - Children -> - {ok, ssh_connection_manager(Children)} - catch exit:{noproc,_} -> - {ok, undefined} - end. +start_child(Sup, Args) -> + supervisor:start_child(Sup, Args). %%%========================================================================= %%% Supervisor callback %%%========================================================================= -init([Args]) -> - RestartStrategy = one_for_all, +init(_) -> + RestartStrategy = simple_one_for_one, MaxR = 0, MaxT = 3600, - Children = child_specs(Args), - {ok, {{RestartStrategy, MaxR, MaxT}, Children}}. - -%%%========================================================================= -%%% Internal functions -%%%========================================================================= -child_specs(Opts) -> - case proplists:get_value(role, Opts) of - client -> - child_specs(manager, [client | Opts]); - server -> - %% Children started by acceptor process - [] - end. - -% The manager process starts the handler process -child_specs(manager, Opts) -> - [manager_spec(Opts)]; -child_specs(handler, Opts) -> - [handler_spec(Opts)]. - -manager_spec([server = Role, Socket, Opts]) -> - Name = make_ref(), - StartFunc = {ssh_connection_manager, start_link, [[Role, Socket, Opts]]}, - Restart = temporary, - Shutdown = 3600, - Modules = [ssh_connection_manager], - Type = worker, - {Name, StartFunc, Restart, Shutdown, Type, Modules}; - -manager_spec([client = Role | Opts]) -> - Name = make_ref(), - StartFunc = {ssh_connection_manager, start_link, [[Role, Opts]]}, - Restart = temporary, - Shutdown = 3600, - Modules = [ssh_connection_manager], - Type = worker, - {Name, StartFunc, Restart, Shutdown, Type, Modules}. -handler_spec([Role, Socket, Opts]) -> - Name = make_ref(), - StartFunc = {ssh_connection_handler, - start_link, [Role, self(), Socket, Opts]}, - Restart = temporary, - Shutdown = 3600, + Name = undefined, % As simple_one_for_one is used. + StartFunc = {ssh_connection_handler, start_link, []}, + Restart = temporary, % E.g. should not be restarted + Shutdown = 4000, Modules = [ssh_connection_handler], Type = worker, - {Name, StartFunc, Restart, Shutdown, Type, Modules}. -ssh_connection_manager([]) -> - undefined; -ssh_connection_manager([{_, Child, _, [ssh_connection_manager]} | _]) -> - Child; -ssh_connection_manager([_ | Rest]) -> - ssh_connection_manager(Rest). + ChildSpec = {Name, StartFunc, Restart, Shutdown, Type, Modules}, + {ok, {{RestartStrategy, MaxR, MaxT}, [ChildSpec]}}. diff --git a/lib/ssh/src/ssh_daemon_channel.erl b/lib/ssh/src/ssh_daemon_channel.erl new file mode 100644 index 0000000000..ab3efbcaff --- /dev/null +++ b/lib/ssh/src/ssh_daemon_channel.erl @@ -0,0 +1,68 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2013. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% +%% Description: a gen_server implementing a simple +%% terminal (using the group module) for a CLI +%% over SSH + +-module(ssh_daemon_channel). + +%% API to special server side channel that can be pluged into the erlang ssh daemeon +-callback init(Args :: term()) -> + {ok, State :: term()} | {ok, State :: term(), timeout() | hibernate} | + {stop, Reason :: term()} | ignore. + +-callback terminate(Reason :: (normal | shutdown | {shutdown, term()} | + term()), + State :: term()) -> + term(). + +-callback handle_msg(Msg ::term(), State :: term()) -> + {ok, State::term()} | {stop, ChannelId::integer(), State::term()}. +-callback handle_ssh_msg({ssh_cm, ConnectionRef::term(), SshMsg::term()}, + State::term()) -> {ok, State::term()} | + {stop, ChannelId::integer(), + State::term()}. + +%%% API +-export([start/4, start/5, start_link/4, start_link/5, enter_loop/1]). + +%% gen_server callbacks +-export([init/1, terminate/2]). + +start(ConnectionManager, ChannelId, CallBack, CbInitArgs) -> + ssh_channel:start(ConnectionManager, ChannelId, CallBack, CbInitArgs, undefined). + +start(ConnectionManager, ChannelId, CallBack, CbInitArgs, Exec) -> + ssh_channel:start(ConnectionManager, ChannelId, CallBack, CbInitArgs, Exec). + +start_link(ConnectionManager, ChannelId, CallBack, CbInitArgs) -> + ssh_channel:start_link(ConnectionManager, ChannelId, CallBack, CbInitArgs, undefined). + +start_link(ConnectionManager, ChannelId, CallBack, CbInitArgs, Exec) -> + ssh_channel:start_link(ConnectionManager, ChannelId, CallBack, CbInitArgs, Exec). + +enter_loop(State) -> + ssh_channel:enter_loop(State). + +init(Args) -> + ssh_channel:init(Args). +terminate(Reason, State) -> + ssh_channel:terminate(Reason, State). diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index a6b82a7a13..5692138a8a 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -23,7 +23,8 @@ -module(ssh_file). --behaviour(ssh_key_api). +-behaviour(ssh_server_key_api). +-behaviour(ssh_client_key_api). -include_lib("public_key/include/public_key.hrl"). -include_lib("kernel/include/file.hrl"). @@ -34,7 +35,7 @@ user_key/2, is_host_key/4, add_host_key/3, - is_auth_key/4]). + is_auth_key/3]). -define(PERM_700, 8#700). @@ -53,8 +54,8 @@ host_key(Algorithm, Opts) -> decode(File, Password). -is_auth_key(Key, User, Alg, Opts) -> - case lookup_user_key(Key, User, Alg, Opts) of +is_auth_key(Key, User,Opts) -> + case lookup_user_key(Key, User, Opts) of {ok, Key} -> true; _ -> @@ -64,7 +65,7 @@ is_auth_key(Key, User, Alg, Opts) -> %% Used by client is_host_key(Key, PeerName, Algorithm, Opts) -> - case lookup_host_key(PeerName, Algorithm, Opts) of + case lookup_host_key(Key, PeerName, Algorithm, Opts) of {ok, Key} -> true; _ -> @@ -120,9 +121,9 @@ decode_ssh_file(Pem, Password) -> %% return {ok, Key(s)} or {error, not_found} %% -lookup_host_key(Host, Alg, Opts) -> +lookup_host_key(KeyToMatch, Host, Alg, Opts) -> Host1 = replace_localhost(Host), - do_lookup_host_key(Host1, Alg, Opts). + do_lookup_host_key(KeyToMatch, Host1, Alg, Opts). add_host_key(Host, Key, Opts) -> @@ -138,13 +139,13 @@ add_host_key(Host, Key, Opts) -> Error end. -lookup_user_key(Key, User, Alg, Opts) -> +lookup_user_key(Key, User, Opts) -> SshDir = ssh_dir({remoteuser,User}, Opts), - case lookup_user_key_f(Key, User, SshDir, Alg, "authorized_keys", Opts) of + case lookup_user_key_f(Key, User, SshDir, "authorized_keys", Opts) of {ok, Key} -> {ok, Key}; _ -> - lookup_user_key_f(Key, User, SshDir, Alg, "authorized_keys2", Opts) + lookup_user_key_f(Key, User, SshDir, "authorized_keys2", Opts) end. @@ -203,19 +204,19 @@ replace_localhost("localhost") -> replace_localhost(Host) -> Host. -do_lookup_host_key(Host, Alg, Opts) -> +do_lookup_host_key(KeyToMatch, Host, Alg, Opts) -> case file:open(file_name(user, "known_hosts", Opts), [read, binary]) of {ok, Fd} -> - Res = lookup_host_key_fd(Fd, Host, Alg), + Res = lookup_host_key_fd(Fd, KeyToMatch, Host, Alg), file:close(Fd), {ok, Res}; {error, enoent} -> {error, not_found}; Error -> Error end. -identity_key_filename("ssh-dss") -> +identity_key_filename('ssh-dss') -> "id_dsa"; -identity_key_filename("ssh-rsa") -> +identity_key_filename('ssh-rsa') -> "id_rsa". identity_pass_phrase("ssh-dss") -> @@ -227,16 +228,16 @@ identity_pass_phrase('ssh-rsa') -> identity_pass_phrase("ssh-rsa") -> rsa_pass_phrase. -lookup_host_key_fd(Fd, Host, KeyType) -> +lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) -> case io:get_line(Fd, '') of eof -> {error, not_found}; Line -> case ssh_decode_line(Line, known_hosts) of [{Key, Attributes}] -> - handle_host(Fd, Host, proplists:get_value(hostnames, Attributes), Key, KeyType); + handle_host(Fd, KeyToMatch, Host, proplists:get_value(hostnames, Attributes), Key, KeyType); [] -> - lookup_host_key_fd(Fd, Host, KeyType) + lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) end end. @@ -247,13 +248,13 @@ ssh_decode_line(Line, Type) -> [] end. -handle_host(Fd, Host, HostList, Key, KeyType) -> +handle_host(Fd, KeyToMatch, Host, HostList, Key, KeyType) -> Host1 = host_name(Host), - case lists:member(Host1, HostList) and key_match(Key, KeyType) of - true -> + case lists:member(Host1, HostList) andalso key_match(Key, KeyType) of + true when KeyToMatch == Key -> Key; - false -> - lookup_host_key_fd(Fd, Host, KeyType) + _ -> + lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) end. host_name(Atom) when is_atom(Atom) -> @@ -261,9 +262,9 @@ host_name(Atom) when is_atom(Atom) -> host_name(List) -> List. -key_match(#'RSAPublicKey'{}, "ssh-rsa") -> +key_match(#'RSAPublicKey'{}, 'ssh-rsa') -> true; -key_match({_, #'Dss-Parms'{}}, "ssh-dss") -> +key_match({_, #'Dss-Parms'{}}, 'ssh-dss') -> true; key_match(_, _) -> false. @@ -272,11 +273,11 @@ add_key_fd(Fd, Host,Key) -> SshBin = public_key:ssh_encode([{Key, [{hostnames, [Host]}]}], known_hosts), file:write(Fd, SshBin). -lookup_user_key_f(_, _User, [], _Alg, _F, _Opts) -> +lookup_user_key_f(_, _User, [], _F, _Opts) -> {error, nouserdir}; -lookup_user_key_f(_, _User, nouserdir, _Alg, _F, _Opts) -> +lookup_user_key_f(_, _User, nouserdir, _F, _Opts) -> {error, nouserdir}; -lookup_user_key_f(Key, _User, Dir, _Alg, F, _Opts) -> +lookup_user_key_f(Key, _User, Dir, F, _Opts) -> FileName = filename:join(Dir, F), case file:open(FileName, [read, binary]) of {ok, Fd} -> @@ -314,5 +315,12 @@ default_user_dir()-> {ok,[[Home|_]]} = init:get_argument(home), UserDir = filename:join(Home, ".ssh"), ok = filelib:ensure_dir(filename:join(UserDir, "dummy")), - ok = file:change_mode(UserDir, ?PERM_700), + {ok,Info} = file:read_file_info(UserDir), + #file_info{mode=Mode} = Info, + case (Mode band 8#777) of + ?PERM_700 -> + ok; + _Other -> + ok = file:change_mode(UserDir, ?PERM_700) + end, UserDir. diff --git a/lib/ssh/src/ssh_io.erl b/lib/ssh/src/ssh_io.erl index 01fc713569..832b144db9 100644 --- a/lib/ssh/src/ssh_io.erl +++ b/lib/ssh/src/ssh_io.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2012. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -24,7 +24,6 @@ -module(ssh_io). -export([yes_no/2, read_password/2, read_line/2, format/2]). --import(lists, [reverse/1]). -include("ssh.hrl"). read_line(Prompt, Ssh) -> @@ -81,7 +80,7 @@ format(Fmt, Args) -> trim(Line) when is_list(Line) -> - reverse(trim1(reverse(trim1(Line)))); + lists:reverse(trim1(lists:reverse(trim1(Line)))); trim(Other) -> Other. trim1([$\s|Cs]) -> trim(Cs); diff --git a/lib/ssh/src/ssh_key_api.erl b/lib/ssh/src/ssh_key_api.erl deleted file mode 100644 index 8085c12e21..0000000000 --- a/lib/ssh/src/ssh_key_api.erl +++ /dev/null @@ -1,45 +0,0 @@ -%% -%% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2011-2012. All Rights Reserved. -%% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. -%% -%% %CopyrightEnd% -%% - --module(ssh_key_api). - --include_lib("public_key/include/public_key.hrl"). --include("ssh.hrl"). - --type ssh_algorithm() :: string(). --type file_error() :: file:posix() | badarg | system_limit | terminated. - --callback host_key(Algorithm :: ssh_algorithm(), Options :: list()) -> - {ok, [{public_key(), Attributes::list()}]} | public_key() - | {error, string()}. - --callback user_key(Algorithm :: ssh_algorithm(), Options :: list()) -> - {ok, [{public_key(), Attributes::list()}]} | public_key() - | {error, string()}. - --callback is_host_key(Key :: public_key(), PeerName :: string(), - Algorithm :: ssh_algorithm(), Options :: list()) -> - boolean(). - --callback add_host_key(Host :: string(), Key :: public_key(), Options :: list()) -> - ok | {error, file_error()}. - --callback is_auth_key(Key :: public_key(), User :: string(), - Algorithm :: ssh_algorithm(), Options :: list()) -> - boolean(). diff --git a/lib/ssh/src/ssh_math.erl b/lib/ssh/src/ssh_math.erl index 4aa385b18d..e4610377f8 100644 --- a/lib/ssh/src/ssh_math.erl +++ b/lib/ssh/src/ssh_math.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2011. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -23,8 +23,8 @@ -module(ssh_math). --export([ilog2/1, ipow/3, invert/2, ipow2/3]). - +-export([ipow/3]). +-export([ilog2/1, invert/2, ipow2/3]). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% @@ -32,20 +32,17 @@ %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% number of bits (used) in a integer = isize(N) = |log2(N)|+1 -ilog2(N) -> - ssh_bits:isize(N) - 1. - - %% calculate A^B mod M ipow(A, B, M) when M > 0, B >= 0 -> crypto:mod_exp(A, B, M). +ilog2(N) -> + ssh_bits:isize(N) - 1. ipow2(A, B, M) when M > 0, B >= 0 -> if A == 1 -> - 1; + 1; true -> - ipow2(A, B, M, 1) + ipow2(A, B, M, 1) end. ipow2(A, 1, M, Prod) -> @@ -56,50 +53,11 @@ ipow2(A, B, M, Prod) -> B1 = B bsr 1, A1 = (A*A) rem M, if B - B1 == B1 -> - ipow2(A1, B1, M, Prod); + ipow2(A1, B1, M, Prod); true -> - ipow2(A1, B1, M, (A*Prod) rem M) + ipow2(A1, B1, M, (A*Prod) rem M) end. -%% %% -%% %% Normal gcd -%% %% -%% gcd(R, Q) when abs(Q) < abs(R) -> gcd1(Q,R); -%% gcd(R, Q) -> gcd1(R,Q). - -%% gcd1(0, Q) -> Q; -%% gcd1(R, Q) -> -%% gcd1(Q rem R, R). - - -%% %% -%% %% Least common multiple of (R,Q) -%% %% -%% lcm(0, _Q) -> 0; -%% lcm(_R, 0) -> 0; -%% lcm(R, Q) -> -%% (Q div gcd(R, Q)) * R. - -%% %% -%% %% Extended gcd gcd(R,Q) -> {G, {A,B}} such that G == R*A + Q*B -%% %% -%% %% Here we could have use for a bif divrem(Q, R) -> {Quote, Remainder} -%% %% -%% egcd(R,Q) when abs(Q) < abs(R) -> egcd1(Q,R,1,0,0,1); -%% egcd(R,Q) -> egcd1(R,Q,0,1,1,0). - -%% egcd1(0,Q,_,_,Q1,Q2) -> {Q, {Q2,Q1}}; -%% egcd1(R,Q,R1,R2,Q1,Q2) -> -%% D = Q div R, -%% egcd1(Q rem R, R, Q1-D*R1, Q2-D*R2, R1, R2). - -%% -%% Invert an element X mod P -%% Calculated as {1, {A,B}} = egcd(X,P), -%% 1 == P*A + X*B == X*B (mod P) i.e B is the inverse element -%% -%% X > 0, P > 0, X < P (P should be prime) -%% invert(X,P) when X > 0, P > 0, X < P -> I = inv(X,P,1,0), if @@ -113,19 +71,5 @@ inv(X,P,R1,Q1) -> inv(P rem X, X, Q1 - D*R1, R1). -%% %% -%% %% Integer square root -%% %% - -%% isqrt(0) -> 0; -%% isqrt(1) -> 1; -%% isqrt(X) when X >= 0 -> -%% R = X div 2, -%% isqrt(X div R, R, X). - -%% isqrt(Q,R,X) when Q < R -> -%% R1 = (R+Q) div 2, -%% isqrt(X div R1, R1, X); -%% isqrt(_, R, _) -> R. diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl new file mode 100644 index 0000000000..486af30a5f --- /dev/null +++ b/lib/ssh/src/ssh_message.erl @@ -0,0 +1,553 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2013-2015. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%% +%% %CopyrightEnd% +%% + +%% + +%%------------------------------------------------------------------ +-module(ssh_message). + +-include_lib("public_key/include/public_key.hrl"). + +-include("ssh.hrl"). +-include("ssh_connect.hrl"). +-include("ssh_auth.hrl"). +-include("ssh_transport.hrl"). + +-export([encode/1, decode/1, encode_host_key/1, decode_keyboard_interactive_prompts/2]). + +encode(#ssh_msg_global_request{ + name = Name, + want_reply = Bool, + data = Data}) -> + ssh_bits:encode([?SSH_MSG_GLOBAL_REQUEST, + Name, Bool, Data], [byte, string, boolean, '...']); +encode(#ssh_msg_request_success{data = Data}) -> + <<?BYTE(?SSH_MSG_REQUEST_SUCCESS), Data/binary>>; +encode(#ssh_msg_request_failure{}) -> + <<?BYTE(?SSH_MSG_REQUEST_FAILURE)>>; +encode(#ssh_msg_channel_open{ + channel_type = Type, + sender_channel = Sender, + initial_window_size = Window, + maximum_packet_size = Max, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_OPEN, + Type, Sender, Window, Max, Data], [byte, string, uint32, + uint32, uint32, '...']); +encode(#ssh_msg_channel_open_confirmation{ + recipient_channel = Recipient, + sender_channel = Sender, + initial_window_size = InitWindowSize, + maximum_packet_size = MaxPacketSize, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_OPEN_CONFIRMATION, Recipient, + Sender, InitWindowSize, MaxPacketSize, Data], + [byte, uint32, uint32, uint32, uint32, '...']); +encode(#ssh_msg_channel_open_failure{ + recipient_channel = Recipient, + reason = Reason, + description = Desc, + lang = Lang + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_OPEN_FAILURE, Recipient, + Reason, Desc, Lang], [byte, uint32, uint32, string, string]); +encode(#ssh_msg_channel_window_adjust{ + recipient_channel = Recipient, + bytes_to_add = Bytes + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_WINDOW_ADJUST, Recipient, Bytes], + [byte, uint32, uint32]); +encode(#ssh_msg_channel_data{ + recipient_channel = Recipient, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_DATA, Recipient, Data], [byte, uint32, binary]); + +encode(#ssh_msg_channel_extended_data{ + recipient_channel = Recipient, + data_type_code = DataType, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_EXTENDED_DATA, Recipient, + DataType, Data], [byte, uint32, uint32, binary]); + +encode(#ssh_msg_channel_eof{recipient_channel = Recipient + }) -> + <<?BYTE(?SSH_MSG_CHANNEL_EOF), ?UINT32(Recipient)>>; +encode(#ssh_msg_channel_close{ + recipient_channel = Recipient + }) -> + <<?BYTE(?SSH_MSG_CHANNEL_CLOSE), ?UINT32(Recipient)>>; +encode(#ssh_msg_channel_request{ + recipient_channel = Recipient, + request_type = Type, + want_reply = Bool, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_REQUEST, Recipient, Type, Bool, Data], + [byte, uint32, string, boolean, '...']); +encode(#ssh_msg_channel_success{ + recipient_channel = Recipient + }) -> + <<?BYTE(?SSH_MSG_CHANNEL_SUCCESS), ?UINT32(Recipient)>>; +encode(#ssh_msg_channel_failure{ + recipient_channel = Recipient + }) -> + <<?BYTE(?SSH_MSG_CHANNEL_FAILURE), ?UINT32(Recipient)>>; + +encode(#ssh_msg_userauth_request{ + user = User, + service = Service, + method = Method, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_REQUEST, User, Service, Method, Data], + [byte, string, string, string, '...']); +encode(#ssh_msg_userauth_failure{ + authentications = Auths, + partial_success = Bool + }) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_FAILURE, Auths, Bool], + [byte, string, boolean]); +encode(#ssh_msg_userauth_success{}) -> + <<?BYTE(?SSH_MSG_USERAUTH_SUCCESS)>>; + +encode(#ssh_msg_userauth_banner{ + message = Banner, + language = Lang + }) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_BANNER, Banner, Lang], + [byte, string, string]); + +encode(#ssh_msg_userauth_pk_ok{ + algorithm_name = Alg, + key_blob = KeyBlob + }) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_PK_OK, Alg, KeyBlob], + [byte, string, binary]); + +encode(#ssh_msg_userauth_passwd_changereq{prompt = Prompt, + languge = Lang + })-> + ssh_bits:encode([?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, Prompt, Lang], + [byte, string, string]); + +encode(#ssh_msg_userauth_info_request{ + name = Name, + instruction = Inst, + language_tag = Lang, + num_prompts = NumPromtps, + data = Data}) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_INFO_REQUEST, Name, Inst, Lang, NumPromtps, Data], + [byte, string, string, string, uint32, '...']); + +encode(#ssh_msg_userauth_info_response{ + num_responses = Num, + data = Data}) -> + Responses = lists:map(fun("") -> + <<>>; + (Response) -> + ssh_bits:encode([Response], [string]) + end, Data), + Start = ssh_bits:encode([?SSH_MSG_USERAUTH_INFO_RESPONSE, Num], + [byte, uint32]), + iolist_to_binary([Start, Responses]); + +encode(#ssh_msg_disconnect{ + code = Code, + description = Desc, + language = Lang + }) -> + ssh_bits:encode([?SSH_MSG_DISCONNECT, Code, Desc, Lang], + [byte, uint32, string, string]); + +encode(#ssh_msg_service_request{ + name = Service + }) -> + ssh_bits:encode([?SSH_MSG_SERVICE_REQUEST, Service], [byte, string]); + +encode(#ssh_msg_service_accept{ + name = Service + }) -> + ssh_bits:encode([?SSH_MSG_SERVICE_ACCEPT, Service], [byte, string]); + +encode(#ssh_msg_newkeys{}) -> + <<?BYTE(?SSH_MSG_NEWKEYS)>>; + +encode(#ssh_msg_kexinit{ + cookie = Cookie, + kex_algorithms = KeyAlgs, + server_host_key_algorithms = HostKeyAlgs, + encryption_algorithms_client_to_server = EncAlgC2S, + encryption_algorithms_server_to_client = EncAlgS2C, + mac_algorithms_client_to_server = MacAlgC2S, + mac_algorithms_server_to_client = MacAlgS2C, + compression_algorithms_client_to_server = CompAlgS2C, + compression_algorithms_server_to_client = CompAlgC2S, + languages_client_to_server = LangC2S, + languages_server_to_client = LangS2C, + first_kex_packet_follows = Bool, + reserved = Reserved + }) -> + ssh_bits:encode([?SSH_MSG_KEXINIT, Cookie, KeyAlgs, HostKeyAlgs, EncAlgC2S, EncAlgS2C, + MacAlgC2S, MacAlgS2C, CompAlgS2C, CompAlgC2S, LangC2S, LangS2C, Bool, + Reserved], + [byte, cookie, + name_list, name_list, + name_list, name_list, + name_list, name_list, + name_list, name_list, + name_list, name_list, + boolean, uint32]); + +encode(#ssh_msg_kexdh_init{e = E}) -> + ssh_bits:encode([?SSH_MSG_KEXDH_INIT, E], [byte, mpint]); + +encode(#ssh_msg_kexdh_reply{ + public_host_key = Key, + f = F, + h_sig = Signature + }) -> + EncKey = encode_host_key(Key), + EncSign = encode_sign(Key, Signature), + ssh_bits:encode([?SSH_MSG_KEXDH_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); + +encode(#ssh_msg_kex_dh_gex_request{ + min = Min, + n = N, + max = Max + }) -> + ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REQUEST, Min, N, Max], + [byte, uint32, uint32, uint32, uint32]); +encode(#ssh_msg_kex_dh_gex_request_old{n = N}) -> + ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REQUEST_OLD, N], + [byte, uint32]); + +encode(#ssh_msg_kex_dh_gex_group{p = Prime, g = Generator}) -> + ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_GROUP, Prime, Generator], + [byte, mpint, mpint]); + +encode(#ssh_msg_kex_dh_gex_init{e = Public}) -> + ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_INIT, Public], [byte, mpint]); + +encode(#ssh_msg_kex_dh_gex_reply{ + %% Will be private key encode_host_key extracts only the public part! + public_host_key = Key, + f = F, + h_sig = Signature + }) -> + EncKey = encode_host_key(Key), + EncSign = encode_sign(Key, Signature), + ssh_bits:encode([?SSH_MSG_KEXDH_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); + +encode(#ssh_msg_ignore{data = Data}) -> + ssh_bits:encode([?SSH_MSG_IGNORE, Data], [byte, string]); + +encode(#ssh_msg_unimplemented{sequence = Seq}) -> + ssh_bits:encode([?SSH_MSG_UNIMPLEMENTED, Seq], [byte, uint32]); + +encode(#ssh_msg_debug{always_display = Bool, + message = Msg, + language = Lang}) -> + ssh_bits:encode([?SSH_MSG_DEBUG, Bool, Msg, Lang], [byte, boolean, string, string]). + + +%% Connection Messages +decode(<<?BYTE(?SSH_MSG_GLOBAL_REQUEST), ?UINT32(Len), Name:Len/binary, + ?BYTE(Bool), Data/binary>>) -> + #ssh_msg_global_request{ + name = Name, + want_reply = erl_boolean(Bool), + data = Data + }; +decode(<<?BYTE(?SSH_MSG_REQUEST_SUCCESS), Data/binary>>) -> + #ssh_msg_request_success{data = Data}; +decode(<<?BYTE(?SSH_MSG_REQUEST_FAILURE)>>) -> + #ssh_msg_request_failure{}; +decode(<<?BYTE(?SSH_MSG_CHANNEL_OPEN), + ?UINT32(Len), Type:Len/binary, + ?UINT32(Sender), ?UINT32(Window), ?UINT32(Max), + Data/binary>>) -> + #ssh_msg_channel_open{ + channel_type = binary_to_list(Type), + sender_channel = Sender, + initial_window_size = Window, + maximum_packet_size = Max, + data = Data + }; +decode(<<?BYTE(?SSH_MSG_CHANNEL_OPEN_CONFIRMATION), ?UINT32(Recipient), ?UINT32(Sender), + ?UINT32(InitWindowSize), ?UINT32(MaxPacketSize), + Data/binary>>) -> + #ssh_msg_channel_open_confirmation{ + recipient_channel = Recipient, + sender_channel = Sender, + initial_window_size = InitWindowSize, + maximum_packet_size = MaxPacketSize, + data = Data + }; +decode(<<?BYTE(?SSH_MSG_CHANNEL_OPEN_FAILURE), ?UINT32(Recipient), ?UINT32(Reason), + ?UINT32(Len0), Desc:Len0/binary, ?UINT32(Len1), Lang:Len1/binary >>) -> + #ssh_msg_channel_open_failure{ + recipient_channel = Recipient, + reason = Reason, + description = unicode:characters_to_list(Desc), + lang = Lang + }; +decode(<<?BYTE(?SSH_MSG_CHANNEL_WINDOW_ADJUST), ?UINT32(Recipient), ?UINT32(Bytes)>>) -> + #ssh_msg_channel_window_adjust{ + recipient_channel = Recipient, + bytes_to_add = Bytes + }; + +decode(<<?BYTE(?SSH_MSG_CHANNEL_DATA), ?UINT32(Recipient), ?UINT32(Len), Data:Len/binary>>) -> + #ssh_msg_channel_data{ + recipient_channel = Recipient, + data = Data + }; +decode(<<?BYTE(?SSH_MSG_CHANNEL_EXTENDED_DATA), ?UINT32(Recipient), + ?UINT32(DataType), ?UINT32(Len), Data:Len/binary>>) -> + #ssh_msg_channel_extended_data{ + recipient_channel = Recipient, + data_type_code = DataType, + data = Data + }; +decode(<<?BYTE(?SSH_MSG_CHANNEL_EOF), ?UINT32(Recipient)>>) -> + #ssh_msg_channel_eof{ + recipient_channel = Recipient + }; +decode(<<?BYTE(?SSH_MSG_CHANNEL_CLOSE), ?UINT32(Recipient)>>) -> + #ssh_msg_channel_close{ + recipient_channel = Recipient + }; +decode(<<?BYTE(?SSH_MSG_CHANNEL_REQUEST), ?UINT32(Recipient), + ?UINT32(Len), RequestType:Len/binary, + ?BYTE(Bool), Data/binary>>) -> + #ssh_msg_channel_request{ + recipient_channel = Recipient, + request_type = unicode:characters_to_list(RequestType), + want_reply = erl_boolean(Bool), + data = Data + }; +decode(<<?BYTE(?SSH_MSG_CHANNEL_SUCCESS), ?UINT32(Recipient)>>) -> + #ssh_msg_channel_success{ + recipient_channel = Recipient + }; +decode(<<?BYTE(?SSH_MSG_CHANNEL_FAILURE), ?UINT32(Recipient)>>) -> + #ssh_msg_channel_failure{ + recipient_channel = Recipient + }; + +%%% Auth Messages +decode(<<?BYTE(?SSH_MSG_USERAUTH_REQUEST), + ?UINT32(Len0), User:Len0/binary, + ?UINT32(Len1), Service:Len1/binary, + ?UINT32(Len2), Method:Len2/binary, + Data/binary>>) -> + #ssh_msg_userauth_request{ + user = unicode:characters_to_list(User), + service = unicode:characters_to_list(Service), + method = unicode:characters_to_list(Method), + data = Data + }; + +decode(<<?BYTE(?SSH_MSG_USERAUTH_FAILURE), + ?UINT32(Len0), Auths:Len0/binary, + ?BYTE(Bool)>>) -> + #ssh_msg_userauth_failure { + authentications = unicode:characters_to_list(Auths), + partial_success = erl_boolean(Bool) + }; + +decode(<<?BYTE(?SSH_MSG_USERAUTH_SUCCESS)>>) -> + #ssh_msg_userauth_success{}; + +decode(<<?BYTE(?SSH_MSG_USERAUTH_BANNER), + ?UINT32(Len0), Banner:Len0/binary, + ?UINT32(Len1), Lang:Len1/binary>>) -> + #ssh_msg_userauth_banner{ + message = Banner, + language = Lang + }; + +decode(<<?BYTE(?SSH_MSG_USERAUTH_INFO_REQUEST), ?UINT32(Len0), Name:Len0/binary, + ?UINT32(Len1), Inst:Len1/binary, ?UINT32(Len2), Lang:Len2/binary, + ?UINT32(NumPromtps), Data/binary>>) -> + #ssh_msg_userauth_info_request{ + name = Name, + instruction = Inst, + language_tag = Lang, + num_prompts = NumPromtps, + data = Data}; + +%%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST: +decode(<<?BYTE(?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ), ?UINT32(Len0), Prompt:Len0/binary, + ?UINT32(Len1), Lang:Len1/binary>>) -> + #ssh_msg_userauth_passwd_changereq{ + prompt = Prompt, + languge = Lang + }; + +%%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST: +decode(<<?BYTE(?SSH_MSG_USERAUTH_PK_OK), ?UINT32(Len), Alg:Len/binary, KeyBlob/binary>>) -> + #ssh_msg_userauth_pk_ok{ + algorithm_name = Alg, + key_blob = KeyBlob + }; + +decode(<<?BYTE(?SSH_MSG_USERAUTH_INFO_RESPONSE), ?UINT32(Num), Data/binary>>) -> + #ssh_msg_userauth_info_response{ + num_responses = Num, + data = Data}; + +%%% Keyexchange messages +decode(<<?BYTE(?SSH_MSG_KEXINIT), Cookie:128, Data/binary>>) -> + decode_kex_init(Data, [Cookie, ssh_msg_kexinit], 10); + +decode(<<?BYTE(?SSH_MSG_KEXDH_INIT), ?UINT32(Len), E:Len/big-signed-integer-unit:8>>) -> + #ssh_msg_kexdh_init{e = E + }; +decode(<<?BYTE(?SSH_MSG_KEX_DH_GEX_REQUEST), ?UINT32(Min), ?UINT32(N), ?UINT32(Max)>>) -> + #ssh_msg_kex_dh_gex_request{ + min = Min, + n = N, + max = Max + }; +decode(<<?BYTE(?SSH_MSG_KEX_DH_GEX_REQUEST_OLD), ?UINT32(N)>>) -> + #ssh_msg_kex_dh_gex_request_old{ + n = N + }; +decode(<<?BYTE(?SSH_MSG_KEX_DH_GEX_GROUP), + ?UINT32(Len0), Prime:Len0/big-signed-integer-unit:8, + ?UINT32(Len1), Generator:Len1/big-signed-integer-unit:8>>) -> + #ssh_msg_kex_dh_gex_group{ + p = Prime, + g = Generator + }; +decode(<<?BYTE(?SSH_MSG_KEXDH_REPLY), ?UINT32(Len0), Key:Len0/binary, + ?UINT32(Len1), F:Len1/big-signed-integer-unit:8, + ?UINT32(Len2), Hashsign:Len2/binary>>) -> + #ssh_msg_kexdh_reply{ + public_host_key = decode_host_key(Key), + f = F, + h_sig = decode_sign(Hashsign) + }; + +decode(<<?SSH_MSG_SERVICE_REQUEST, ?UINT32(Len0), Service:Len0/binary>>) -> + #ssh_msg_service_request{ + name = unicode:characters_to_list(Service) + }; + +decode(<<?SSH_MSG_SERVICE_ACCEPT, ?UINT32(Len0), Service:Len0/binary>>) -> + #ssh_msg_service_accept{ + name = unicode:characters_to_list(Service) + }; + +decode(<<?BYTE(?SSH_MSG_DISCONNECT), ?UINT32(Code), + ?UINT32(Len0), Desc:Len0/binary, ?UINT32(Len1), Lang:Len1/binary>>) -> + #ssh_msg_disconnect{ + code = Code, + description = unicode:characters_to_list(Desc), + language = Lang + }; + +%% Accept bad disconnects from ancient openssh clients that doesn't send language tag. Use english as a work-around. +decode(<<?BYTE(?SSH_MSG_DISCONNECT), ?UINT32(Code), + ?UINT32(Len0), Desc:Len0/binary>>) -> + #ssh_msg_disconnect{ + code = Code, + description = unicode:characters_to_list(Desc), + language = <<"en">> + }; + +decode(<<?SSH_MSG_NEWKEYS>>) -> + #ssh_msg_newkeys{}; + +decode(<<?BYTE(?SSH_MSG_IGNORE), ?UINT32(Len), Data:Len/binary>>) -> + #ssh_msg_ignore{data = Data}; + +decode(<<?BYTE(?SSH_MSG_UNIMPLEMENTED), ?UINT32(Seq)>>) -> + #ssh_msg_unimplemented{sequence = Seq}; + +decode(<<?BYTE(?SSH_MSG_DEBUG), ?BYTE(Bool), ?UINT32(Len0), Msg:Len0/binary, + ?UINT32(Len1), Lang:Len1/binary>>) -> + #ssh_msg_debug{always_display = erl_boolean(Bool), + message = Msg, + language = Lang}. + +decode_keyboard_interactive_prompts(<<>>, Acc) -> + lists:reverse(Acc); +decode_keyboard_interactive_prompts(<<?UINT32(Len), Prompt:Len/binary, ?BYTE(Bool), Bin/binary>>, + Acc) -> + decode_keyboard_interactive_prompts(Bin, [{Prompt, erl_boolean(Bool)} | Acc]). + +erl_boolean(0) -> + false; +erl_boolean(1) -> + true. + +decode_kex_init(<<?BYTE(Bool), ?UINT32(X)>>, Acc, 0) -> + list_to_tuple(lists:reverse([X, erl_boolean(Bool) | Acc])); +decode_kex_init(<<?BYTE(Bool)>>, Acc, 0) -> + %% The mandatory trailing UINT32 is missing. Assume the value it anyhow must have + %% See rfc 4253 7.1 + X = 0, + list_to_tuple(lists:reverse([X, erl_boolean(Bool) | Acc])); +decode_kex_init(<<?UINT32(Len), Data:Len/binary, Rest/binary>>, Acc, N) -> + Names = string:tokens(unicode:characters_to_list(Data), ","), + decode_kex_init(Rest, [Names | Acc], N -1). + + + +decode_sign(<<?UINT32(Len), _Alg:Len/binary, ?UINT32(_), Signature/binary>>) -> + Signature. + +decode_host_key(<<?UINT32(Len), Alg:Len/binary, Rest/binary>>) -> + decode_host_key(Alg, Rest). + +decode_host_key(<<"ssh-rsa">>, <<?UINT32(Len0), E:Len0/big-signed-integer-unit:8, + ?UINT32(Len1), N:Len1/big-signed-integer-unit:8>>) -> + #'RSAPublicKey'{publicExponent = E, + modulus = N}; + +decode_host_key(<<"ssh-dss">>, + <<?UINT32(Len0), P:Len0/big-signed-integer-unit:8, + ?UINT32(Len1), Q:Len1/big-signed-integer-unit:8, + ?UINT32(Len2), G:Len2/big-signed-integer-unit:8, + ?UINT32(Len3), Y:Len3/big-signed-integer-unit:8>>) -> + {Y, #'Dss-Parms'{p = P, + q = Q, + g = G}}. + +encode_host_key(#'RSAPublicKey'{modulus = N, publicExponent = E}) -> + ssh_bits:encode(["ssh-rsa", E, N], [string, mpint, mpint]); +encode_host_key({Y, #'Dss-Parms'{p = P, q = Q, g = G}}) -> + ssh_bits:encode(["ssh-dss", P, Q, G, Y], + [string, mpint, mpint, mpint, mpint]); +encode_host_key(#'RSAPrivateKey'{modulus = N, publicExponent = E}) -> + ssh_bits:encode(["ssh-rsa", E, N], [string, mpint, mpint]); +encode_host_key(#'DSAPrivateKey'{y = Y, p = P, q = Q, g = G}) -> + ssh_bits:encode(["ssh-dss", P, Q, G, Y], + [string, mpint, mpint, mpint, mpint]). +encode_sign(#'RSAPrivateKey'{}, Signature) -> + ssh_bits:encode(["ssh-rsa", Signature],[string, binary]); +encode_sign(#'DSAPrivateKey'{}, Signature) -> + ssh_bits:encode(["ssh-dss", Signature],[string, binary]). diff --git a/lib/ssh/src/ssh_no_io.erl b/lib/ssh/src/ssh_no_io.erl index 2c8dd92ee2..825a0d4af5 100644 --- a/lib/ssh/src/ssh_no_io.erl +++ b/lib/ssh/src/ssh_no_io.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2010. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -22,18 +22,31 @@ %%% Description: ssh_io replacement that throws on everything -module(ssh_no_io). - --export([yes_no/1, read_password/1, read_line/1, format/2]). - -yes_no(_Prompt) -> - throw({no_io_allowed, yes_no}). - -read_password(_Prompt) -> - throw({no_io_allowed, read_password}). - -read_line(_Prompt) -> - throw({no_io_allowed, read_line}). - -format(_Fmt, _Args) -> - throw({no_io_allowed, format}). +-include("ssh_transport.hrl"). + +-export([yes_no/2, read_password/2, read_line/2, format/2]). + +yes_no(_, _) -> + throw({{no_io_allowed, yes_no}, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed", + language = "en"}}). + +read_password(_, _) -> + throw({{no_io_allowed, read_password}, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed", + language = "en"}}). + +read_line(_, _) -> + throw({{no_io_allowed, read_line}, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed", + language = "en"}} ). + +format(_, _) -> + throw({{no_io_allowed, format}, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed", + language = "en"}}). diff --git a/lib/ssh/src/ssh_server_key.erl b/lib/ssh/src/ssh_server_key.erl new file mode 100644 index 0000000000..8140114990 --- /dev/null +++ b/lib/ssh/src/ssh_server_key.erl @@ -0,0 +1,33 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2011-2012. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +-module(ssh_server_key). + +-include_lib("public_key/include/public_key.hrl"). +-include("ssh.hrl"). + +-type ssh_algorithm() :: string(). + +-callback host_key(Algorithm :: ssh_algorithm(), Options :: list()) -> + {ok, [{public_key(), Attributes::list()}]} | public_key() + | {error, string()}. + +-callback is_auth_key(Key :: public_key(), User :: string(), + Algorithm :: ssh_algorithm(), Options :: list()) -> + boolean(). diff --git a/lib/ssh/src/ssh_server_key_api.erl b/lib/ssh/src/ssh_server_key_api.erl new file mode 100644 index 0000000000..4fd660ecb5 --- /dev/null +++ b/lib/ssh/src/ssh_server_key_api.erl @@ -0,0 +1,30 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2011-2012. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +-module(ssh_server_key_api). + +-include_lib("public_key/include/public_key.hrl"). +-include("ssh.hrl"). + +-callback host_key(Algorithm :: 'ssh-rsa'| 'ssh-dss'| atom(), DaemonOptions :: proplists:proplist()) -> + {ok, PrivateKey :: #'RSAPrivateKey'{}| #'DSAPrivateKey'{} | term()} | {error, string()}. + +-callback is_auth_key(PublicKey :: #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term(), + User :: string(), DaemonOptions :: proplists:proplist()) -> + boolean(). diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index f000558100..10167a9223 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2011. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -47,7 +47,7 @@ recv_window/2, list_dir/3, read_file/3, write_file/4]). %% ssh_channel callbacks --export([init/1, handle_call/3, handle_msg/2, handle_ssh_msg/2, terminate/2]). +-export([init/1, handle_call/3, handle_cast/2, code_change/3, handle_msg/2, handle_ssh_msg/2, terminate/2]). %% TODO: Should be placed elsewhere ssh_sftpd should not call functions in ssh_sftp! -export([info_to_attr/1, attr_to_info/1]). @@ -403,7 +403,7 @@ init([Cm, ChannelId, Timeout]) -> rep_buf = <<>>, inf = new_inf()}}; failure -> - {stop, {error, "server failed to start sftp subsystem"}}; + {stop, "server failed to start sftp subsystem"}; Error -> {stop, Error} end. @@ -436,6 +436,12 @@ handle_call({{timeout, Timeout}, Msg}, From, #state{req_id = Id} = State) -> timer:send_after(Timeout, {timeout, Id, From}), do_handle_call(Msg, From, State). +handle_cast(_,State) -> + {noreply, State}. + +code_change(_OldVsn, State, _Extra) -> + {ok, State}. + do_handle_call({open, Async,FileName,Mode}, From, #state{xf = XF} = State) -> {Access,Flags,Attrs} = open_mode(XF#ssh_xfer.vsn, Mode), ReqID = State#state.req_id, diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index ec7b76b0b3..174ca0126b 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2012. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -23,8 +23,7 @@ -module(ssh_sftpd). -%%-behaviour(gen_server). --behaviour(ssh_channel). +-behaviour(ssh_daemon_channel). -include_lib("kernel/include/file.hrl"). @@ -36,7 +35,7 @@ -export([subsystem_spec/1, listen/1, listen/2, listen/3, stop/1]). --export([init/1, handle_ssh_msg/2, handle_msg/2, terminate/2, code_change/3]). +-export([init/1, handle_ssh_msg/2, handle_msg/2, terminate/2]). -record(state, { xf, % [{channel,ssh_xfer states}...] @@ -77,7 +76,7 @@ listen(Addr, Port, Options) -> %% Description: Stops the listener %%-------------------------------------------------------------------- stop(Pid) -> - ssh_cli:stop(Pid). + ssh:stop_listener(Pid). %%% DEPRECATED END %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -119,23 +118,13 @@ init(Options) -> {Root0, State0} end, MaxLength = proplists:get_value(max_files, Options, 0), - - Vsn = proplists:get_value(vsn, Options, 5), - + Vsn = proplists:get_value(sftpd_vsn, Options, 5), {ok, State#state{cwd = CWD, root = Root, max_files = MaxLength, handles = [], pending = <<>>, xf = #ssh_xfer{vsn = Vsn, ext = []}}}. %%-------------------------------------------------------------------- -%% Function: code_change(OldVsn, State, Extra) -> {ok, NewState} -%% Description: -%%-------------------------------------------------------------------- -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - - -%%-------------------------------------------------------------------- %% Function: handle_ssh_msg(Args) -> {ok, State} | {stop, ChannelId, State} %% %% Description: Handles channel messages @@ -169,7 +158,7 @@ handle_ssh_msg({ssh_cm, _, {exit_status, ChannelId, Status}}, State) -> {stop, ChannelId, State}. %%-------------------------------------------------------------------- -%% Function: handle_ssh_msg(Args) -> {ok, State} | {stop, ChannelId, State} +%% Function: handle_msg(Args) -> {ok, State} | {stop, ChannelId, State} %% %% Description: Handles other messages %%-------------------------------------------------------------------- @@ -369,17 +358,21 @@ handle_op(?SSH_FXP_FSETSTAT, ReqId, <<?UINT32(HLen), BinHandle:HLen/binary, State0 end; handle_op(?SSH_FXP_REMOVE, ReqId, <<?UINT32(PLen), BPath:PLen/binary>>, - State0 = #state{file_handler = FileMod, file_state = FS0}) -> + State0 = #state{file_handler = FileMod, file_state = FS0, xf = #ssh_xfer{vsn = Vsn}}) -> Path = relate_file_name(BPath, State0), - %% case FileMod:is_dir(Path) of %% This version 6 we still have ver 5 - %% true -> - %% ssh_xfer:xf_send_status(State#state.xf, ReqId, - %% ?SSH_FX_FILE_IS_A_DIRECTORY); - %% false -> - {Status, FS1} = FileMod:delete(Path, FS0), - State1 = State0#state{file_state = FS1}, - send_status(Status, ReqId, State1); - %%end; + {IsDir, _FS1} = FileMod:is_dir(Path, FS0), + case IsDir of %% This version 6 we still have ver 5 + true when Vsn > 5 -> + ssh_xfer:xf_send_status(State0#state.xf, ReqId, + ?SSH_FX_FILE_IS_A_DIRECTORY, "File is a directory"); + true -> + ssh_xfer:xf_send_status(State0#state.xf, ReqId, + ?SSH_FX_FAILURE, "File is a directory"); + false -> + {Status, FS1} = FileMod:delete(Path, FS0), + State1 = State0#state{file_state = FS1}, + send_status(Status, ReqId, State1) + end; handle_op(?SSH_FXP_RMDIR, ReqId, <<?UINT32(PLen), BPath:PLen/binary>>, State0 = #state{file_handler = FileMod, file_state = FS0}) -> Path = relate_file_name(BPath, State0), @@ -637,31 +630,34 @@ open(Vsn, ReqId, Data, State) when Vsn >= 4 -> do_open(ReqId, State, Path, Flags). do_open(ReqId, State0, Path, Flags) -> - #state{file_handler = FileMod, file_state = FS0, root = Root} = State0, + #state{file_handler = FileMod, file_state = FS0, root = Root, xf = #ssh_xfer{vsn = Vsn}} = State0, XF = State0#state.xf, F = [binary | Flags], - %% case FileMod:is_dir(Path) of %% This is version 6 we still have 5 - %% true -> - %% ssh_xfer:xf_send_status(State#state.xf, ReqId, - %% ?SSH_FX_FILE_IS_A_DIRECTORY); - %% false -> - - AbsPath = case Root of - "" -> - Path; - _ -> - relate_file_name(Path, State0) - end, - - {Res, FS1} = FileMod:open(AbsPath, F, FS0), - State1 = State0#state{file_state = FS1}, - case Res of - {ok, IoDevice} -> - add_handle(State1, XF, ReqId, file, {Path,IoDevice}); - {error, Error} -> - ssh_xfer:xf_send_status(State1#state.xf, ReqId, - ssh_xfer:encode_erlang_status(Error)), - State1 + {IsDir, _FS1} = FileMod:is_dir(Path, FS0), + case IsDir of + true when Vsn > 5 -> + ssh_xfer:xf_send_status(State0#state.xf, ReqId, + ?SSH_FX_FILE_IS_A_DIRECTORY, "File is a directory"); + true -> + ssh_xfer:xf_send_status(State0#state.xf, ReqId, + ?SSH_FX_FAILURE, "File is a directory"); + false -> + AbsPath = case Root of + "" -> + Path; + _ -> + relate_file_name(Path, State0) + end, + {Res, FS1} = FileMod:open(AbsPath, F, FS0), + State1 = State0#state{file_state = FS1}, + case Res of + {ok, IoDevice} -> + add_handle(State1, XF, ReqId, file, {Path,IoDevice}); + {error, Error} -> + ssh_xfer:xf_send_status(State1#state.xf, ReqId, + ssh_xfer:encode_erlang_status(Error)), + State1 + end end. %% resolve all symlinks in a path diff --git a/lib/ssh/src/ssh_shell.erl b/lib/ssh/src/ssh_shell.erl index 6590486a4c..8031450617 100644 --- a/lib/ssh/src/ssh_shell.erl +++ b/lib/ssh/src/ssh_shell.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2009-2010. All Rights Reserved. +%% Copyright Ericsson AB 2009-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -23,7 +23,9 @@ -include("ssh_connect.hrl"). --behaviour(ssh_channel). +%%% As this is an user interactive client it behaves like a daemon +%%% channel inspite of it being a client. +-behaviour(ssh_daemon_channel). %% ssh_channel callbacks -export([init/1, handle_msg/2, handle_ssh_msg/2, terminate/2]). @@ -123,7 +125,7 @@ handle_ssh_msg({ssh_cm, _, {exit_status, ChannelId, Status}}, State) -> {stop, ChannelId, State}. %%-------------------------------------------------------------------- -%% Function: handle_ssh_msg(Args) -> {ok, State} | {stop, ChannelId, State} +%% Function: handle_msg(Args) -> {ok, State} | {stop, ChannelId, State} %% %% Description: Handles other channel messages %%-------------------------------------------------------------------- diff --git a/lib/ssh/src/ssh_subsystem_sup.erl b/lib/ssh/src/ssh_subsystem_sup.erl index cd6defd535..e8855b09ac 100644 --- a/lib/ssh/src/ssh_subsystem_sup.erl +++ b/lib/ssh/src/ssh_subsystem_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -25,7 +25,9 @@ -behaviour(supervisor). --export([start_link/1, connection_supervisor/1, channel_supervisor/1 +-export([start_link/1, + connection_supervisor/1, + channel_supervisor/1 ]). %% Supervisor callback @@ -61,9 +63,9 @@ init([Opts]) -> child_specs(Opts) -> case proplists:get_value(role, Opts) of client -> - [ssh_connectinon_child_spec(Opts)]; + []; server -> - [ssh_connectinon_child_spec(Opts), ssh_channel_child_spec(Opts)] + [ssh_channel_child_spec(Opts), ssh_connectinon_child_spec(Opts)] end. ssh_connectinon_child_spec(Opts) -> @@ -72,9 +74,9 @@ ssh_connectinon_child_spec(Opts) -> Role = proplists:get_value(role, Opts), Name = id(Role, ssh_connection_sup, Address, Port), StartFunc = {ssh_connection_sup, start_link, [Opts]}, - Restart = transient, + Restart = temporary, Shutdown = 5000, - Modules = [ssh_connection_sup], + Modules = [ssh_connection_sup], Type = supervisor, {Name, StartFunc, Restart, Shutdown, Type, Modules}. @@ -84,7 +86,7 @@ ssh_channel_child_spec(Opts) -> Role = proplists:get_value(role, Opts), Name = id(Role, ssh_channel_sup, Address, Port), StartFunc = {ssh_channel_sup, start_link, [Opts]}, - Restart = transient, + Restart = temporary, Shutdown = infinity, Modules = [ssh_channel_sup], Type = supervisor, diff --git a/lib/ssh/src/ssh_sup.erl b/lib/ssh/src/ssh_sup.erl index f307d1f833..6d2b9c107d 100644 --- a/lib/ssh/src/ssh_sup.erl +++ b/lib/ssh/src/ssh_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -51,8 +51,7 @@ children() -> Clients = [Service || Service <- Services, is_client(Service)], Servers = [Service || Service <- Services, is_server(Service)], - [server_child_spec(Servers), client_child_spec(Clients), - ssh_userauth_reg_spec()]. + [server_child_spec(Servers), client_child_spec(Clients)]. server_child_spec(Servers) -> Name = sshd_sup, @@ -72,16 +71,6 @@ client_child_spec(Clients) -> Type = supervisor, {Name, StartFunc, Restart, Shutdown, Type, Modules}. -ssh_userauth_reg_spec() -> - Name = ssh_userreg, - StartFunc = {ssh_userreg, start_link, []}, - Restart = transient, - Shutdown = 5000, - Modules = [ssh_userreg], - Type = worker, - {Name, StartFunc, Restart, Shutdown, Type, Modules}. - - is_server({sftpd, _}) -> true; is_server({shelld, _}) -> diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index 36daf3b1ac..848133f838 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -40,7 +40,7 @@ -export([init/1]). %%%========================================================================= -%%% API +%%% Internal API %%%========================================================================= start_link(ServerOpts) -> Address = proplists:get_value(address, ServerOpts), @@ -54,13 +54,15 @@ stop_listener(SysSup) -> stop_listener(Address, Port) -> Name = make_name(Address, Port), stop_acceptor(whereis(Name)). - + stop_system(SysSup) -> Name = sshd_sup:system_name(SysSup), - sshd_sup:stop_child(Name). - + spawn(fun() -> sshd_sup:stop_child(Name) end), + ok. + stop_system(Address, Port) -> - sshd_sup:stop_child(Address, Port). + spawn(fun() -> sshd_sup:stop_child(Address, Port) end), + ok. system_supervisor(Address, Port) -> Name = make_name(Address, Port), @@ -121,7 +123,7 @@ restart_acceptor(Address, Port) -> %%%========================================================================= init([ServerOpts]) -> RestartStrategy = one_for_one, - MaxR = 10, + MaxR = 0, MaxT = 3600, Children = child_specs(ServerOpts), {ok, {{RestartStrategy, MaxR, MaxT}, Children}}. @@ -137,7 +139,7 @@ ssh_acceptor_child_spec(ServerOpts) -> Port = proplists:get_value(port, ServerOpts), Name = id(ssh_acceptor_sup, Address, Port), StartFunc = {ssh_acceptor_sup, start_link, [ServerOpts]}, - Restart = permanent, + Restart = transient, Shutdown = infinity, Modules = [ssh_acceptor_sup], Type = supervisor, @@ -146,7 +148,7 @@ ssh_acceptor_child_spec(ServerOpts) -> ssh_subsystem_child_spec(ServerOpts) -> Name = make_ref(), StartFunc = {ssh_subsystem_sup, start_link, [ServerOpts]}, - Restart = transient, + Restart = temporary, Shutdown = infinity, Modules = [ssh_subsystem_sup], Type = supervisor, diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 7f6e7d9946..640996986f 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2012. All Rights Reserved. +%% Copyright Ericsson AB 2004-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -29,12 +29,12 @@ -include("ssh_transport.hrl"). -include("ssh.hrl"). --export([connect/5, accept/4]). -export([versions/2, hello_version_msg/1]). -export([next_seqnum/1, decrypt_first_block/2, decrypt_blocks/3, - is_valid_mac/3, transport_messages/1, kexdh_messages/0, - kex_dh_gex_messages/0, handle_hello_version/1, - key_exchange_init_msg/1, key_init/3, new_keys_message/1, + is_valid_mac/3, + handle_hello_version/1, + key_exchange_init_msg/1, + key_init/3, new_keys_message/1, handle_kexinit_msg/3, handle_kexdh_init/2, handle_kex_dh_gex_group/2, handle_kex_dh_gex_reply/2, handle_new_keys/2, handle_kex_dh_gex_request/2, @@ -74,113 +74,9 @@ is_valid_mac(Mac, Data, #ssh{recv_mac = Algorithm, recv_mac_key = Key, recv_sequence = SeqNum}) -> Mac == mac(Algorithm, Key, SeqNum, Data). -transport_messages(_) -> - [{ssh_msg_disconnect, ?SSH_MSG_DISCONNECT, - [uint32, string, string]}, - - {ssh_msg_ignore, ?SSH_MSG_IGNORE, - [string]}, - - {ssh_msg_unimplemented, ?SSH_MSG_UNIMPLEMENTED, - [uint32]}, - - {ssh_msg_debug, ?SSH_MSG_DEBUG, - [boolean, string, string]}, - - {ssh_msg_service_request, ?SSH_MSG_SERVICE_REQUEST, - [string]}, - - {ssh_msg_service_accept, ?SSH_MSG_SERVICE_ACCEPT, - [string]}, - - {ssh_msg_kexinit, ?SSH_MSG_KEXINIT, - [cookie, - name_list, name_list, - name_list, name_list, - name_list, name_list, - name_list, name_list, - name_list, name_list, - boolean, - uint32]}, - - {ssh_msg_newkeys, ?SSH_MSG_NEWKEYS, - []} - ]. - -kexdh_messages() -> - [{ssh_msg_kexdh_init, ?SSH_MSG_KEXDH_INIT, - [mpint]}, - - {ssh_msg_kexdh_reply, ?SSH_MSG_KEXDH_REPLY, - [binary, mpint, binary]} - ]. - -kex_dh_gex_messages() -> - [{ssh_msg_kex_dh_gex_request, ?SSH_MSG_KEX_DH_GEX_REQUEST, - [uint32, uint32, uint32]}, - - {ssh_msg_kex_dh_gex_request_old, ?SSH_MSG_KEX_DH_GEX_REQUEST_OLD, - [uint32]}, - - {ssh_msg_kex_dh_gex_group, ?SSH_MSG_KEX_DH_GEX_GROUP, - [mpint, mpint]}, - - {ssh_msg_kex_dh_gex_init, ?SSH_MSG_KEX_DH_GEX_INIT, - [mpint]}, - - {ssh_msg_kex_dh_gex_reply, ?SSH_MSG_KEX_DH_GEX_REPLY, - [binary, mpint, binary]} - ]. - yes_no(Ssh, Prompt) -> (Ssh#ssh.io_cb):yes_no(Prompt, Ssh). -connect(ConnectionSup, Address, Port, SocketOpts, Opts) -> - Timeout = proplists:get_value(connect_timeout, Opts, infinity), - {_, Callback, _} = - proplists:get_value(transport, Opts, {tcp, gen_tcp, tcp_closed}), - case do_connect(Callback, Address, Port, SocketOpts, Timeout) of - {ok, Socket} -> - {ok, Pid} = - ssh_connection_sup:start_handler_child(ConnectionSup, - [client, Socket, - [{address, Address}, - {port, Port} | - Opts]]), - Callback:controlling_process(Socket, Pid), - ssh_connection_handler:send_event(Pid, socket_control), - {ok, Pid}; - {error, Reason} -> - {error, Reason} - end. - -do_connect(Callback, Address, Port, SocketOpts, Timeout) -> - Opts = [{active, false} | SocketOpts], - case Callback:connect(Address, Port, Opts, Timeout) of - {error, nxdomain} -> - Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout); - {error, eafnosupport} -> - Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout); - {error, enetunreach} -> - Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout); - Other -> - Other - end. - -accept(Address, Port, Socket, Options) -> - {_, Callback, _} = - proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), - ConnectionSup = - ssh_system_sup:connection_supervisor( - ssh_system_sup:system_supervisor(Address, Port)), - {ok, Pid} = - ssh_connection_sup:start_handler_child(ConnectionSup, - [server, Socket, - [{address, Address}, - {port, Port} | Options]]), - Callback:controlling_process(Socket, Pid), - {ok, Pid}. - format_version({Major,Minor}) -> "SSH-" ++ integer_to_list(Major) ++ "." ++ integer_to_list(Minor) ++ "-Erlang". @@ -206,6 +102,7 @@ key_exchange_init_msg(Ssh0) -> kex_init(#ssh{role = Role, opts = Opts, available_host_keys = HostKeyAlgs}) -> Random = ssh_bits:random(16), Compression = case proplists:get_value(compression, Opts, none) of + openssh_zlib -> ["zlib@openssh.com", "none"]; zlib -> ["zlib", "none"]; none -> ["none", "zlib"] end, @@ -256,7 +153,6 @@ handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, {ok, Algoritms} = select_algorithm(client, Own, CounterPart), case verify_algorithm(Algoritms) of true -> - install_messages(Algoritms#alg.kex), key_exchange_first_msg(Algoritms#alg.kex, Ssh0#ssh{algorithms = Algoritms}); _ -> @@ -270,7 +166,6 @@ handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, #ssh{role = server} = Ssh) -> {ok, Algoritms} = select_algorithm(server, CounterPart, Own), - install_messages(Algoritms#alg.kex), {ok, Ssh#ssh{algorithms = Algoritms}}. @@ -283,11 +178,6 @@ verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> verify_algorithm(_) -> false. -install_messages('diffie-hellman-group1-sha1') -> - ssh_bits:install_messages(kexdh_messages()); -install_messages('diffie-hellman-group-exchange-sha1') -> - ssh_bits:install_messages(kex_dh_gex_messages()). - key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) -> {G, P} = dh_group1(), {Private, Public} = dh_gen_key(G, P, 1024), @@ -311,10 +201,10 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) -> {G, P} = dh_group1(), {Private, Public} = dh_gen_key(G, P, 1024), K = ssh_math:ipow(E, Private, P), - {Key, K_S} = get_host_key(Ssh0), - H = kex_h(Ssh0, K_S, E, Public, K), + Key = get_host_key(Ssh0), + H = kex_h(Ssh0, Key, E, Public, K), H_SIG = sign_host_key(Ssh0, Key, H), - {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = K_S, + {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = Key, f = Public, h_sig = H_SIG }, Ssh0), @@ -356,12 +246,12 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F, {ok, SshPacket, Ssh#ssh{shared_secret = K, exchanged_hash = H, session_id = sid(Ssh, H)}}; - _Error -> + Error -> Disconnect = #ssh_msg_disconnect{ code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, description = "Key exchange failed", language = "en"}, - throw(Disconnect) + throw({Error, Disconnect}) end. handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = _Min, @@ -410,65 +300,33 @@ get_host_key(SSH) -> #ssh{key_cb = Mod, opts = Opts, algorithms = ALG} = SSH, case Mod:host_key(ALG#alg.hkey, Opts) of - {ok, #'RSAPrivateKey'{modulus = N, publicExponent = E} = Key} -> - {Key, - ssh_bits:encode(["ssh-rsa",E,N],[string,mpint,mpint])}; - {ok, #'DSAPrivateKey'{y = Y, p = P, q = Q, g = G} = Key} -> - {Key, ssh_bits:encode(["ssh-dss",P,Q,G,Y], - [string,mpint,mpint,mpint,mpint])}; + {ok, #'RSAPrivateKey'{} = Key} -> + Key; + {ok, #'DSAPrivateKey'{} = Key} -> + Key; Result -> exit({error, {Result, unsupported_key_type}}) end. sign_host_key(_Ssh, #'RSAPrivateKey'{} = Private, H) -> Hash = sha, %% Option ?! - Signature = sign(H, Hash, Private), - ssh_bits:encode(["ssh-rsa", Signature],[string, binary]); + _Signature = sign(H, Hash, Private); sign_host_key(_Ssh, #'DSAPrivateKey'{} = Private, H) -> Hash = sha, %% Option ?! - RawSignature = sign(H, Hash, Private), - ssh_bits:encode(["ssh-dss", RawSignature],[string, binary]). + _RawSignature = sign(H, Hash, Private). -verify_host_key(SSH, K_S, H, H_SIG) -> - ALG = SSH#ssh.algorithms, - case ALG#alg.hkey of - 'ssh-rsa' -> - verify_host_key_rsa(SSH, K_S, H, H_SIG); - 'ssh-dss' -> - verify_host_key_dss(SSH, K_S, H, H_SIG); - _ -> - {error, bad_host_key_algorithm} - end. - -verify_host_key_rsa(SSH, K_S, H, H_SIG) -> - case ssh_bits:decode(K_S,[string,mpint,mpint]) of - ["ssh-rsa", E, N] -> - ["ssh-rsa",SIG] = ssh_bits:decode(H_SIG,[string,binary]), - Public = #'RSAPublicKey'{publicExponent = E, modulus = N}, - case verify(H, sha, SIG, Public) of - false -> - {error, bad_signature}; - true -> - known_host_key(SSH, Public, "ssh-rsa") - end; - _ -> - {error, bad_format} +verify_host_key(SSH, PublicKey, Digest, Signature) -> + case verify(Digest, sha, Signature, PublicKey) of + false -> + {error, bad_signature}; + true -> + known_host_key(SSH, PublicKey, public_algo(PublicKey)) end. -verify_host_key_dss(SSH, K_S, H, H_SIG) -> - case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of - ["ssh-dss",P,Q,G,Y] -> - ["ssh-dss",SIG] = ssh_bits:decode(H_SIG,[string,binary]), - Public = {Y, #'Dss-Parms'{p = P, q = Q, g = G}}, - case verify(H, sha, SIG, Public) of - false -> - {error, bad_signature}; - true -> - known_host_key(SSH, Public, "ssh-dss") - end; - _ -> - {error, bad_host_key_format} - end. +public_algo(#'RSAPublicKey'{}) -> + 'ssh-rsa'; +public_algo({_, #'Dss-Parms'{}}) -> + 'ssh-dss'. accepted_host(Ssh, PeerName, Opts) -> case proplists:get_value(silently_accept_hosts, Opts, false) of @@ -635,12 +493,12 @@ select(CL, SL) -> C. ssh_packet(#ssh_msg_kexinit{} = Msg, Ssh0) -> - BinMsg = ssh_bits:encode(Msg), + BinMsg = ssh_message:encode(Msg), Ssh = key_init(Ssh0#ssh.role, Ssh0, BinMsg), pack(BinMsg, Ssh); ssh_packet(Msg, Ssh) -> - BinMsg = ssh_bits:encode(Msg), + BinMsg = ssh_message:encode(Msg), pack(BinMsg, Ssh). pack(Data0, #ssh{encrypt_block_size = BlockSize, @@ -752,7 +610,6 @@ verify(PlainText, Hash, Sig, Key) -> %% none OPTIONAL no encryption; NOT RECOMMENDED %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - encrypt_init(#ssh{encrypt = none} = Ssh) -> {ok, Ssh}; encrypt_init(#ssh{encrypt = '3des-cbc', role = client} = Ssh) -> @@ -802,11 +659,9 @@ encrypt(#ssh{encrypt = 'aes128-cbc', IV = crypto:aes_cbc_ivec(Enc), {Ssh#ssh{encrypt_ctx = IV}, Enc}. - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Decryption %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - decrypt_init(#ssh{decrypt = none} = Ssh) -> {ok, Ssh}; decrypt_init(#ssh{decrypt = '3des-cbc', role = client} = Ssh) -> @@ -833,8 +688,7 @@ decrypt_init(#ssh{decrypt = 'aes128-cbc', role = server} = Ssh) -> <<K:16/binary>> = KD, {ok, Ssh#ssh{decrypt_keys = K, decrypt_ctx = IV, decrypt_block_size = 16}}. - - + decrypt_final(Ssh) -> {ok, Ssh#ssh {decrypt = none, decrypt_keys = undefined, @@ -855,13 +709,14 @@ decrypt(#ssh{decrypt = 'aes128-cbc', decrypt_keys = Key, IV = crypto:aes_cbc_ivec(Data), {Ssh#ssh{decrypt_ctx = IV}, Dec}. - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Compression %% -%% none REQUIRED no compression -%% zlib OPTIONAL ZLIB (LZ77) compression +%% none REQUIRED no compression +%% zlib OPTIONAL ZLIB (LZ77) compression +%% openssh_zlib OPTIONAL ZLIB (LZ77) compression %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + compress_init(SSH) -> compress_init(SSH, 1). @@ -870,19 +725,32 @@ compress_init(#ssh{compress = none} = Ssh, _) -> compress_init(#ssh{compress = zlib} = Ssh, Level) -> Zlib = zlib:open(), ok = zlib:deflateInit(Zlib, Level), + {ok, Ssh#ssh{compress_ctx = Zlib}}; +compress_init(#ssh{compress = 'zlib@openssh.com'} = Ssh, Level) -> + Zlib = zlib:open(), + ok = zlib:deflateInit(Zlib, Level), {ok, Ssh#ssh{compress_ctx = Zlib}}. - compress_final(#ssh{compress = none} = Ssh) -> {ok, Ssh}; compress_final(#ssh{compress = zlib, compress_ctx = Context} = Ssh) -> zlib:close(Context), + {ok, Ssh#ssh{compress = none, compress_ctx = undefined}}; +compress_final(#ssh{compress = 'zlib@openssh.com', authenticated = false} = Ssh) -> + {ok, Ssh}; +compress_final(#ssh{compress = 'zlib@openssh.com', compress_ctx = Context, authenticated = true} = Ssh) -> + zlib:close(Context), {ok, Ssh#ssh{compress = none, compress_ctx = undefined}}. compress(#ssh{compress = none} = Ssh, Data) -> {Ssh, Data}; compress(#ssh{compress = zlib, compress_ctx = Context} = Ssh, Data) -> Compressed = zlib:deflate(Context, Data, sync), + {Ssh, list_to_binary(Compressed)}; +compress(#ssh{compress = 'zlib@openssh.com', authenticated = false} = Ssh, Data) -> + {Ssh, Data}; +compress(#ssh{compress = 'zlib@openssh.com', compress_ctx = Context, authenticated = true} = Ssh, Data) -> + Compressed = zlib:deflate(Context, Data, sync), {Ssh, list_to_binary(Compressed)}. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -894,18 +762,32 @@ decompress_init(#ssh{decompress = none} = Ssh) -> decompress_init(#ssh{decompress = zlib} = Ssh) -> Zlib = zlib:open(), ok = zlib:inflateInit(Zlib), + {ok, Ssh#ssh{decompress_ctx = Zlib}}; +decompress_init(#ssh{decompress = 'zlib@openssh.com'} = Ssh) -> + Zlib = zlib:open(), + ok = zlib:inflateInit(Zlib), {ok, Ssh#ssh{decompress_ctx = Zlib}}. decompress_final(#ssh{decompress = none} = Ssh) -> {ok, Ssh}; decompress_final(#ssh{decompress = zlib, decompress_ctx = Context} = Ssh) -> zlib:close(Context), + {ok, Ssh#ssh{decompress = none, decompress_ctx = undefined}}; +decompress_final(#ssh{decompress = 'zlib@openssh.com', authenticated = false} = Ssh) -> + {ok, Ssh}; +decompress_final(#ssh{decompress = 'zlib@openssh.com', decompress_ctx = Context, authenticated = true} = Ssh) -> + zlib:close(Context), {ok, Ssh#ssh{decompress = none, decompress_ctx = undefined}}. decompress(#ssh{decompress = none} = Ssh, Data) -> {Ssh, Data}; decompress(#ssh{decompress = zlib, decompress_ctx = Context} = Ssh, Data) -> Decompressed = zlib:inflate(Context, Data), + {Ssh, list_to_binary(Decompressed)}; +decompress(#ssh{decompress = 'zlib@openssh.com', authenticated = false} = Ssh, Data) -> + {Ssh, Data}; +decompress(#ssh{decompress = 'zlib@openssh.com', decompress_ctx = Context, authenticated = true} = Ssh, Data) -> + Decompressed = zlib:inflate(Context, Data), {Ssh, list_to_binary(Decompressed)}. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -967,9 +849,9 @@ hash(SSH, Char, Bits) -> HASH = case SSH#ssh.kex of 'diffie-hellman-group1-sha1' -> - fun(Data) -> crypto:sha(Data) end; + fun(Data) -> crypto:hash(sha, Data) end; 'diffie-hellman-group-exchange-sha1' -> - fun(Data) -> crypto:sha(Data) end; + fun(Data) -> crypto:hash(sha, Data) end; _ -> exit({bad_algorithm,SSH#ssh.kex}) end, @@ -992,23 +874,23 @@ hash(K, H, Ki, N, HASH) -> Kj = HASH([K, H, Ki]), hash(K, H, <<Ki/binary, Kj/binary>>, N-128, HASH). -kex_h(SSH, K_S, E, F, K) -> +kex_h(SSH, Key, E, F, K) -> L = ssh_bits:encode([SSH#ssh.c_version, SSH#ssh.s_version, SSH#ssh.c_keyinit, SSH#ssh.s_keyinit, - K_S, E,F,K], + ssh_message:encode_host_key(Key), E,F,K], [string,string,binary,binary,binary, mpint,mpint,mpint]), - crypto:sha(L). + crypto:hash(sha,L). -kex_h(SSH, K_S, Min, NBits, Max, Prime, Gen, E, F, K) -> +kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> L = if Min==-1; Max==-1 -> Ts = [string,string,binary,binary,binary, uint32, mpint,mpint,mpint,mpint,mpint], ssh_bits:encode([SSH#ssh.c_version,SSH#ssh.s_version, SSH#ssh.c_keyinit,SSH#ssh.s_keyinit, - K_S, NBits, Prime, Gen, E,F,K], + ssh_message:encode_host_key(Key), NBits, Prime, Gen, E,F,K], Ts); true -> Ts = [string,string,binary,binary,binary, @@ -1016,10 +898,10 @@ kex_h(SSH, K_S, Min, NBits, Max, Prime, Gen, E, F, K) -> mpint,mpint,mpint,mpint,mpint], ssh_bits:encode([SSH#ssh.c_version,SSH#ssh.s_version, SSH#ssh.c_keyinit,SSH#ssh.s_keyinit, - K_S, Min, NBits, Max, + ssh_message:encode_host_key(Key), Min, NBits, Max, Prime, Gen, E,F,K], Ts) end, - crypto:sha(L). + crypto:hash(sha,L). mac_key_size('hmac-sha1') -> 20*8; mac_key_size('hmac-sha1-96') -> 20*8; @@ -1045,10 +927,10 @@ peer_name({Host, _}) -> dh_group1() -> {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF}. -dh_gen_key(G, P, _Bits) -> +dh_gen_key(G, P, _) -> Private = ssh_bits:irandom(ssh_bits:isize(P)-1, 1, 1), Public = ssh_math:ipow(G, Private, P), - {Private,Public}. + {Private, Public}. trim_tail(Str) -> lists:reverse(trim_head(lists:reverse(Str))). @@ -1058,3 +940,5 @@ trim_head([$\t|Cs]) -> trim_head(Cs); trim_head([$\n|Cs]) -> trim_head(Cs); trim_head([$\r|Cs]) -> trim_head(Cs); trim_head(Cs) -> Cs. + + diff --git a/lib/ssh/src/ssh_userreg.erl b/lib/ssh/src/ssh_userreg.erl deleted file mode 100644 index f901461aea..0000000000 --- a/lib/ssh/src/ssh_userreg.erl +++ /dev/null @@ -1,141 +0,0 @@ -%% -%% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2008-2011. All Rights Reserved. -%% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. -%% -%% %CopyrightEnd% -%% - -%% -%% Description: User register for ssh_cli - --module(ssh_userreg). - --behaviour(gen_server). - -%% API --export([start_link/0, - register_user/2, - lookup_user/1, - delete_user/1]). - -%% gen_server callbacks --export([init/1, - handle_call/3, - handle_cast/2, - handle_info/2, - terminate/2, - code_change/3]). - --record(state, {user_db = []}). - -%%==================================================================== -%% API -%%==================================================================== -%%-------------------------------------------------------------------- -%% Function: start_link() -> {ok,Pid} | ignore | {error,Error} -%% Description: Starts the server -%%-------------------------------------------------------------------- -start_link() -> - gen_server:start_link({local, ?MODULE}, ?MODULE, [], []). - -register_user(User, Cm) -> - gen_server:cast(?MODULE, {register, {User, Cm}}). - -delete_user(Cm) -> - gen_server:cast(?MODULE, {delete, Cm}). - -lookup_user(Cm) -> - gen_server:call(?MODULE, {get_user, Cm}, infinity). - -%%==================================================================== -%% gen_server callbacks -%%==================================================================== - -%%-------------------------------------------------------------------- -%% Function: init(Args) -> {ok, State} | -%% {ok, State, Timeout} | -%% ignore | -%% {stop, Reason} -%% Description: Initiates the server -%%-------------------------------------------------------------------- -init([]) -> - {ok, #state{}}. - -%%-------------------------------------------------------------------- -%% Function: %% handle_call(Request, From, State) -> {reply, Reply, State} | -%% {reply, Reply, State, Timeout} | -%% {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, Reply, State} | -%% {stop, Reason, State} -%% Description: Handling call messages -%%-------------------------------------------------------------------- -handle_call({get_user, Cm}, _From, #state{user_db = Db} = State) -> - User = lookup(Cm, Db), - {reply, {ok, User}, State}. - -%%-------------------------------------------------------------------- -%% Function: handle_cast(Msg, State) -> {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, State} -%% Description: Handling cast messages -%%-------------------------------------------------------------------- -handle_cast({register, UserCm}, State) -> - {noreply, insert(UserCm, State)}; -handle_cast({delete, UserCm}, State) -> - {noreply, delete(UserCm, State)}. - -%%-------------------------------------------------------------------- -%% Function: handle_info(Info, State) -> {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, State} -%% Description: Handling all non call/cast messages -%%-------------------------------------------------------------------- -handle_info(_Info, State) -> - {noreply, State}. - -%%-------------------------------------------------------------------- -%% Function: terminate(Reason, State) -> void() -%% Description: This function is called by a gen_server when it is about to -%% terminate. It should be the opposite of Module:init/1 and do any necessary -%% cleaning up. When it returns, the gen_server terminates with Reason. -%% The return value is ignored. -%%-------------------------------------------------------------------- -terminate(_Reason, _State) -> - ok. - -%%-------------------------------------------------------------------- -%% Func: code_change(OldVsn, State, Extra) -> {ok, NewState} -%% Description: Convert process state when code is changed -%%-------------------------------------------------------------------- -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - -%%-------------------------------------------------------------------- -%%% Internal functions -%%-------------------------------------------------------------------- -insert({User, Cm}, #state{user_db = Db} = State) -> - State#state{user_db = [{User, Cm} | Db]}. - -delete(Cm, #state{user_db = Db} = State) -> - State#state{user_db = lists:keydelete(Cm, 2, Db)}. - -lookup(_, []) -> - undefined; -lookup(Cm, [{User, Cm} | _Rest]) -> - User; -lookup(Cm, [_ | Rest]) -> - lookup(Cm, Rest). - diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl index d5b6dd03d1..e18e18a9a9 100644 --- a/lib/ssh/src/ssh_xfer.erl +++ b/lib/ssh/src/ssh_xfer.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2012. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -72,7 +72,7 @@ protocol_version_request(XF) -> open(XF, ReqID, FileName, Access, Flags, Attrs) -> Vsn = XF#ssh_xfer.vsn, - FileName1 = list_to_binary(FileName), + FileName1 = unicode:characters_to_binary(FileName), MBits = if Vsn >= 5 -> M = encode_ace_mask(Access), ?uint32(M); @@ -115,7 +115,7 @@ write(XF,ReqID, Handle, Offset, Data) -> is_binary(Data) -> Data; is_list(Data) -> - list_to_binary(Data) + unicode:characters_to_binary(Data) end, xf_request(XF,?SSH_FXP_WRITE, [?uint32(ReqID), @@ -132,8 +132,8 @@ remove(XF, ReqID, File) -> %% Rename a file/directory rename(XF, ReqID, Old, New, Flags) -> Vsn = XF#ssh_xfer.vsn, - OldPath = list_to_binary(Old), - NewPath = list_to_binary(New), + OldPath = unicode:characters_to_binary(Old), + NewPath = unicode:characters_to_binary(New), FlagBits = if Vsn >= 5 -> F0 = encode_rename_flags(Flags), @@ -151,7 +151,7 @@ rename(XF, ReqID, Old, New, Flags) -> %% Create directory mkdir(XF, ReqID, Path, Attrs) -> - Path1 = list_to_binary(Path), + Path1 = unicode:characters_to_binary(Path), xf_request(XF, ?SSH_FXP_MKDIR, [?uint32(ReqID), ?binary(Path1), @@ -159,14 +159,14 @@ mkdir(XF, ReqID, Path, Attrs) -> %% Remove a directory rmdir(XF, ReqID, Dir) -> - Dir1 = list_to_binary(Dir), + Dir1 = unicode:characters_to_binary(Dir), xf_request(XF, ?SSH_FXP_RMDIR, [?uint32(ReqID), ?binary(Dir1)]). %% Stat file stat(XF, ReqID, Path, Flags) -> - Path1 = list_to_binary(Path), + Path1 = unicode:characters_to_binary(Path), Vsn = XF#ssh_xfer.vsn, AttrFlags = if Vsn >= 5 -> F = encode_attr_flags(Vsn, Flags), @@ -182,7 +182,7 @@ stat(XF, ReqID, Path, Flags) -> %% Stat file - follow symbolic links lstat(XF, ReqID, Path, Flags) -> - Path1 = list_to_binary(Path), + Path1 = unicode:characters_to_binary(Path), Vsn = XF#ssh_xfer.vsn, AttrFlags = if Vsn >= 5 -> F = encode_attr_flags(Vsn, Flags), @@ -211,7 +211,7 @@ fstat(XF, ReqID, Handle, Flags) -> %% Modify file attributes setstat(XF, ReqID, Path, Attrs) -> - Path1 = list_to_binary(Path), + Path1 = unicode:characters_to_binary(Path), xf_request(XF, ?SSH_FXP_SETSTAT, [?uint32(ReqID), ?binary(Path1), @@ -227,7 +227,7 @@ fsetstat(XF, ReqID, Handle, Attrs) -> %% Read a symbolic link readlink(XF, ReqID, Path) -> - Path1 = list_to_binary(Path), + Path1 = unicode:characters_to_binary(Path), xf_request(XF, ?SSH_FXP_READLINK, [?uint32(ReqID), ?binary(Path1)]). @@ -235,8 +235,8 @@ readlink(XF, ReqID, Path) -> %% Create a symbolic link symlink(XF, ReqID, LinkPath, TargetPath) -> - LinkPath1 = list_to_binary(LinkPath), - TargetPath1 = list_to_binary(TargetPath), + LinkPath1 = unicode:characters_to_binary(LinkPath), + TargetPath1 = unicode:characters_to_binary(TargetPath), xf_request(XF, ?SSH_FXP_SYMLINK, [?uint32(ReqID), ?binary(LinkPath1), @@ -244,7 +244,7 @@ symlink(XF, ReqID, LinkPath, TargetPath) -> %% Convert a path into a 'canonical' form realpath(XF, ReqID, Path) -> - Path1 = list_to_binary(Path), + Path1 = unicode:characters_to_binary(Path), xf_request(XF, ?SSH_FXP_REALPATH, [?uint32(ReqID), ?binary(Path1)]). @@ -267,7 +267,7 @@ xf_request(XF, Op, Arg) -> list_to_binary(Arg) end, Size = 1+size(Data), - ssh_connection:send(CM, Channel, <<?UINT32(Size), Op, Data/binary>>). + ssh_connection:send(CM, Channel, [<<?UINT32(Size), Op, Data/binary>>]). xf_send_reply(#ssh_xfer{cm = CM, channel = Channel}, Op, Arg) -> Data = if @@ -277,7 +277,7 @@ xf_send_reply(#ssh_xfer{cm = CM, channel = Channel}, Op, Arg) -> list_to_binary(Arg) end, Size = 1 + size(Data), - ssh_connection:send(CM, Channel, <<?UINT32(Size), Op, Data/binary>>). + ssh_connection:send(CM, Channel, [<<?UINT32(Size), Op, Data/binary>>]). xf_send_name(XF, ReqId, Name, Attr) -> xf_send_names(XF, ReqId, [{Name, Attr}]). @@ -383,6 +383,8 @@ decode_status(Status) -> ?SSH_FX_UNKNOWN_PRINCIPLE -> unknown_principle; ?SSH_FX_LOCK_CONFlICT -> lock_conflict; ?SSH_FX_NOT_A_DIRECTORY -> not_a_directory; + ?SSH_FX_FILE_IS_A_DIRECTORY -> file_is_a_directory; + ?SSH_FX_CANNOT_DELETE -> cannot_delete; _ -> {error,Status} end. @@ -392,6 +394,9 @@ encode_erlang_status(Status) -> eof -> ?SSH_FX_EOF; enoent -> ?SSH_FX_NO_SUCH_FILE; eacces -> ?SSH_FX_PERMISSION_DENIED; + eisdir -> ?SSH_FX_FILE_IS_A_DIRECTORY; + eperm -> ?SSH_FX_CANNOT_DELETE; + eexist -> ?SSH_FX_FILE_ALREADY_EXISTS; _ -> ?SSH_FX_FAILURE end. diff --git a/lib/ssh/src/ssh_xfer.hrl b/lib/ssh/src/ssh_xfer.hrl index c13950eb6e..8dc9a40f92 100644 --- a/lib/ssh/src/ssh_xfer.hrl +++ b/lib/ssh/src/ssh_xfer.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2011. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -58,7 +58,6 @@ %%% # SSH_FX_xxx %%% Description: Response packet types for file transfer protocol. %%%---------------------------------------------------------------------- - -define(SSH_FX_OK, 0). -define(SSH_FX_EOF, 1). -define(SSH_FX_NO_SUCH_FILE, 2). @@ -79,7 +78,18 @@ -define(SSH_FX_LOCK_CONFlICT, 17). -define(SSH_FX_DIR_NOT_EMPTY, 18). -define(SSH_FX_NOT_A_DIRECTORY, 19). +-define(SSH_FX_INVALID_FILENAME, 20). +-define(SSH_FX_LINK_LOOP, 21). +-define(SSH_FX_CANNOT_DELETE, 22). +-define(SSH_FX_INVALID_PARAMETER, 23). -define(SSH_FX_FILE_IS_A_DIRECTORY, 24). +-define(SSH_FX_BYTE_RANGE_LOCK_CONFLICT,25). +-define(SSH_FX_BYTE_RANGE_LOCK_REFUSED, 26). +-define(SSH_FX_DELETE_PENDING, 27). +-define(SSH_FX_FILE_CORRUPT, 28). +-define(SSH_FX_OWNER_INVALID, 29). +-define(SSH_FX_GROUP_INVALID, 30). +-define(SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK,31). %%%---------------------------------------------------------------------- %%% # SSH_FILEXFER_xxx diff --git a/lib/ssh/src/sshc_sup.erl b/lib/ssh/src/sshc_sup.erl index 1d2779de23..e6b4b681a4 100644 --- a/lib/ssh/src/sshc_sup.erl +++ b/lib/ssh/src/sshc_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -61,9 +61,9 @@ init(Args) -> %%%========================================================================= child_spec(_) -> Name = undefined, % As simple_one_for_one is used. - StartFunc = {ssh_connection_sup, start_link, []}, + StartFunc = {ssh_connection_handler, start_link, []}, Restart = temporary, Shutdown = infinity, - Modules = [ssh_connection_sup], + Modules = [ssh_connection_handler], Type = supervisor, {Name, StartFunc, Restart, Shutdown, Type, Modules}. diff --git a/lib/ssh/src/sshd_sup.erl b/lib/ssh/src/sshd_sup.erl index 747906b2cf..60222f5172 100644 --- a/lib/ssh/src/sshd_sup.erl +++ b/lib/ssh/src/sshd_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -58,12 +58,7 @@ start_child(ServerOpts) -> end. stop_child(Name) -> - case supervisor:terminate_child(?MODULE, Name) of - ok -> - supervisor:delete_child(?MODULE, Name); - Error -> - Error - end. + supervisor:terminate_child(?MODULE, Name). stop_child(Address, Port) -> Name = id(Address, Port), @@ -94,7 +89,7 @@ init([Servers]) -> child_spec(Address, Port, ServerOpts) -> Name = id(Address, Port), StartFunc = {ssh_system_sup, start_link, [ServerOpts]}, - Restart = transient, + Restart = temporary, Shutdown = infinity, Modules = [ssh_system_sup], Type = supervisor, diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 2ceaa9daa5..6be1346752 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -525,10 +525,11 @@ internal_error(Config) when is_list(Config) -> {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, {failfun, fun ssh_test_lib:failfun/2}]), - {error,"Internal error"} = + {error, Error} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, {user_dir, UserDir}, {user_interaction, false}]), + check_error(Error), ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- @@ -571,3 +572,12 @@ basic_test(Config) -> {ok, CM} = ssh:connect(Host, Port, ClientOpts), ok = ssh:close(CM), ssh:stop_daemon(Pid). + +%% Due to timing the error message may or may not be delivered to +%% the "tcp-application" before the socket closed message is recived +check_error("Internal error") -> + ok; +check_error("Connection closed") -> + ok; +check_error(Error) -> + ct:fail(Error). diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 695a7caa7d..eabaca3248 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -395,7 +395,7 @@ mk_rm_dir(Config) when is_list(Config) -> _/binary>>, _} = mkdir(DirName, Cm, Channel, ReqId), NewReqId = 1, - {ok, <<?SSH_FXP_STATUS, ?UINT32(NewReqId), ?UINT32(?SSH_FX_FAILURE), + {ok, <<?SSH_FXP_STATUS, ?UINT32(NewReqId), ?UINT32(?SSH_FX_FILE_ALREADY_EXISTS), _/binary>>, _} = mkdir(DirName, Cm, Channel, NewReqId), NewReqId1 = 2, diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 37353707c2..c5584712dc 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 2.1.2.1 +SSH_VSN = 2.1.2.1.1 APP_VSN = "ssh-$(SSH_VSN)" |