Skip to content

S
shrapnel
Commit 0d471126 authored by Sam Rushing's avatar Sam Rushing
Browse files
Options

_connect(): accept SERVICE_REQUEST, expect it to be ssh-userauth, then call authenticator

parent 54136d06
Show whitespace changes
Inline Side-by-side
Showing with 39 additions and 10 deletions
coro/ssh/transport/server.py
View file @ 0d471126
...@@ -8,37 +8,43 @@ ...@@ -8,37 +8,43 @@
from coro.ssh.util import debug from coro.ssh.util import debug
from coro.ssh.util import packet as ssh_packet from coro.ssh.util import packet as ssh_packet
from coro.ssh.transport import transport from coro.ssh.transport import transport as ssh_transport
from coro.ssh.keys import key_storage from coro.ssh.keys import key_storage
from coro.ssh.transport.constants import * from coro.ssh.transport.constants import *
from coro.ssh.auth import userauth
from coro import write_stderr as W from coro import write_stderr as W
class SSH_Server_Transport (transport.SSH_Transport): class SSH_Server_Transport (ssh_transport.SSH_Transport):
def __init__(self, server_key, client_transport=None, server_transport=None, debug=None): def __init__(self, server_key, client_transport=None, server_transport=None, debug=None):
transport.SSH_Transport.__init__(self, client_transport, server_transport, debug) ssh_transport.SSH_Transport.__init__(self, client_transport, server_transport, debug)
self.self2remote = self.s2c self.self2remote = self.s2c
self.remote2self = self.c2s self.remote2self = self.c2s
self.is_server = True self.is_server = True
self.s2c.supported_server_keys = [server_key] self.s2c.supported_server_keys = [server_key]
## self.register_callbacks (
## 'server', {
## SSH_MSG_SERVICE_REQUEST : self.msg_service_request,
## }
## )
def connect (self, transport): def connect (self, transport, authenticator):
"""connect(self, transport) -> None """connect(self, transport) -> None
Connect to the remote host. Connect to the remote host.
""" """
try: try:
self._connect(transport) self._connect(transport, authenticator)
except: except:
# Any exception is fatal. # Any exception is fatal.
self.disconnect() self.disconnect()
raise raise
def _connect(self, transport): def _connect(self, transport, authenticator):
# transport is already connected # transport is already connected
# Send identification string. # Send identification string.
self.transport = transport self.transport = transport
W ('_connect(): server_key=%r\n' % (self.server_key,))
if self.s2c.comments: if self.s2c.comments:
comments = ' ' + self.s2c.comments comments = ' ' + self.s2c.comments
else: else:
...@@ -59,16 +65,22 @@ class SSH_Server_Transport (transport.SSH_Transport): ...@@ -59,16 +65,22 @@ class SSH_Server_Transport (transport.SSH_Transport):
# Break up the identification string into its parts. # Break up the identification string into its parts.
parts = line.split('-') parts = line.split('-')
if len(parts) != 3: if len(parts) != 3:
self.send_disconnect(transport.SSH_DISCONNECT_PROTOCOL_ERROR, 'server identification invalid: %r' % line) self.send_disconnect (
ssh_transport.SSH_DISCONNECT_PROTOCOL_ERROR,
'server identification invalid: %r' % line
)
self.c2s.protocol_version = parts[1] self.c2s.protocol_version = parts[1]
self.c2s.software_version = parts[2] self.c2s.software_version = parts[2]
if self.c2s.protocol_version not in ('1.99', '2.0'): if self.c2s.protocol_version not in ('1.99', '2.0'):
self.send_disconnect(transport.SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED, 'protocol version not supported: %r' % self.c2s.protocol_version) self.send_disconnect (
ssh_transport.SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED,
'protocol version not supported: %r' % self.c2s.protocol_version
)
break break
self.send_kexinit() self.send_kexinit()
self.s2c.set_preferred('key_exchange') self.s2c.set_preferred('key_exchange')
#self.s2c.set_preferred('server_key') self.s2c.set_preferred('server_key')
if self.self2remote.proactive_kex: if self.self2remote.proactive_kex:
# Go ahead and send our kex packet with our preferred algorithm. # Go ahead and send our kex packet with our preferred algorithm.
...@@ -92,3 +104,20 @@ class SSH_Server_Transport (transport.SSH_Transport): ...@@ -92,3 +104,20 @@ class SSH_Server_Transport (transport.SSH_Transport):
# It is possible for a key exchange algorithm to not have # It is possible for a key exchange algorithm to not have
# an initial packet to send on the client side. # an initial packet to send on the client side.
self.send_packet(packet) self.send_packet(packet)
message_type, packet = self.receive_message ((SSH_MSG_SERVICE_REQUEST,))
msg, service_name = ssh_packet.unpack_payload (ssh_packet.PAYLOAD_MSG_SERVICE_REQUEST, packet)
self.debug.write (debug.DEBUG_1, 'service_request: %r' % (service_name,))
# XXX consider other possibilities
if service_name != 'ssh-userauth':
self.send_disconnect (SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, "not today, zurg")
else:
self.send_packet (
ssh_packet.pack_payload (
ssh_packet.PAYLOAD_MSG_SERVICE_ACCEPT, (
ssh_transport.SSH_MSG_SERVICE_ACCEPT,
'ssh-userauth',
)
)
)
authenticator.authenticate (service_name)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7