Ejemplo n.º 1
0
 def invoke_shell(self):
     """
     Request an interactive shell session on this channel.  If the server
     allows it, the channel will then be directly connected to the stdin,
     stdout, and stderr of the shell.
     
     Normally you would call L{get_pty} before this, in which case the
     shell will operate through the pty, and the channel will be connected
     to the stdin and stdout of the pty.
     
     When the shell exits, the channel will be closed and can't be reused.
     You must open a new channel if you wish to open another shell.
     
     @raise SSHException: if the request was rejected or the channel was
         closed
     """
     if self.closed or self.eof_received or self.eof_sent or not self.active:
         raise SSHException('Channel is not open')
     m = Message()
     m.add_byte(chr(MSG_CHANNEL_REQUEST))
     m.add_int(self.remote_chanid)
     m.add_string('shell')
     m.add_boolean(1)
     self._event_pending()
     self.transport._send_user_message(m)
     self._wait_for_event()
Ejemplo n.º 2
0
Archivo: dsskey.py Proyecto: bobbyi/ssh 
 def __init__(self, msg=None, data=None, filename=None, password=None, vals=None, file_obj=None):
     self.p = None
     self.q = None
     self.g = None
     self.y = None
     self.x = None
     if file_obj is not None:
         self._from_private_key(file_obj, password)
         return
     if filename is not None:
         self._from_private_key_file(filename, password)
         return
     if (msg is None) and (data is not None):
         msg = Message(data)
     if vals is not None:
         self.p, self.q, self.g, self.y = vals
     else:
         if msg is None:
             raise SSHException('Key object may not be empty')
         if msg.get_string() != b'ssh-dss':
             raise SSHException('Invalid key')
         self.p = msg.get_mpint()
         self.q = msg.get_mpint()
         self.g = msg.get_mpint()
         self.y = msg.get_mpint()
     self.size = util.bit_length(self.p)
Ejemplo n.º 3
0
 def __init__(self,
              msg=None,
              data=None,
              filename=None,
              password=None,
              vals=None,
              file_obj=None):
     self.p = None
     self.q = None
     self.g = None
     self.y = None
     self.x = None
     if file_obj is not None:
         self._from_private_key(file_obj, password)
         return
     if filename is not None:
         self._from_private_key_file(filename, password)
         return
     if (msg is None) and (data is not None):
         msg = Message(data)
     if vals is not None:
         self.p, self.q, self.g, self.y = vals
     else:
         if msg is None:
             raise SSHException('Key object may not be empty')
         if msg.get_string() != 'ssh-dss':
             raise SSHException('Invalid key')
         self.p = msg.get_mpint()
         self.q = msg.get_mpint()
         self.g = msg.get_mpint()
         self.y = msg.get_mpint()
     self.size = util.bit_length(self.p)
Ejemplo n.º 4
0
 def _parse_kexdh_gex_request(self, m):
     minbits = m.get_int()
     preferredbits = m.get_int()
     maxbits = m.get_int()
     # smoosh the user's preferred size into our own limits
     if preferredbits > self.max_bits:
         preferredbits = self.max_bits
     if preferredbits < self.min_bits:
         preferredbits = self.min_bits
     # fix min/max if they're inconsistent.  technically, we could just pout
     # and hang up, but there's no harm in giving them the benefit of the
     # doubt and just picking a bitsize for them.
     if minbits > preferredbits:
         minbits = preferredbits
     if maxbits < preferredbits:
         maxbits = preferredbits
     # now save a copy
     self.min_bits = minbits
     self.preferred_bits = preferredbits
     self.max_bits = maxbits
     # generate prime
     pack = self.transport._get_modulus_pack()
     if pack is None:
         raise SSHException('Can\'t do server-side gex with no modulus pack')
     self.transport._log(DEBUG, 'Picking p (%d <= %d <= %d bits)' % (minbits, preferredbits, maxbits))
     self.g, self.p = pack.get_modulus(minbits, preferredbits, maxbits)
     m = Message()
     m.add_byte(chr(_MSG_KEXDH_GEX_GROUP))
     m.add_mpint(self.p)
     m.add_mpint(self.g)
     self.transport._send_message(m)
     self.transport._expect_packet(_MSG_KEXDH_GEX_INIT)
Ejemplo n.º 5
0
Archivo: rsakey.py Proyecto: bobbyi/ssh 
 def sign_ssh_data(self, rpool, data):
     digest = SHA.new(data).digest()
     rsa = RSA.construct((int(self.n), int(self.e), int(self.d)))
     sig = util.deflate_long(rsa.sign(self._pkcs1imify(digest), '')[0], 0)
     m = Message()
     m.add_string(b'ssh-rsa')
     m.add_string(sig)
     return m
Ejemplo n.º 6
0
 def test_3_add(self):
     msg = Message()
     msg.add(5)
     msg.add(0x1122334455L)
     msg.add(True)
     msg.add('cat')
     msg.add(['a', 'b'])
     self.assertEquals(str(msg), self.__d)
Ejemplo n.º 7
0
 def _disconnect_no_more_auth(self):
     m = Message()
     m.add_byte(chr(MSG_DISCONNECT))
     m.add_int(DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE)
     m.add_string('No more auth methods available')
     m.add_string('en')
     self.transport._send_message(m)
     self.transport.close()
Ejemplo n.º 8
0
 def _disconnect_service_not_available(self):
     m = Message()
     m.add_byte(chr(MSG_DISCONNECT))
     m.add_int(DISCONNECT_SERVICE_NOT_AVAILABLE)
     m.add_string('Service not available')
     m.add_string('en')
     self.transport._send_message(m)
     self.transport.close()
Ejemplo n.º 9
0
 def _send_eof(self):
     # you are holding the lock.
     if self.eof_sent:
         return None
     m = Message()
     m.add_byte(chr(MSG_CHANNEL_EOF))
     m.add_int(self.remote_chanid)
     self.eof_sent = True
     self._log(DEBUG, 'EOF sent (%s)', self._name)
     return m
Ejemplo n.º 10
0
 def sign_ssh_data(self, rng, data):
     msg = Message()
     msg.add_byte(chr(SSH2_AGENTC_SIGN_REQUEST))
     msg.add_string(self.blob)
     msg.add_string(data)
     msg.add_int(0)
     ptype, result = self.agent._send_message(msg)
     if ptype != SSH2_AGENT_SIGN_RESPONSE:
         raise SSHException('key cannot be used for signing')
     return result.get_string()
Ejemplo n.º 11
0
 def test_4_misc(self):
     msg = Message(self.__d)
     self.assertEquals(msg.get_int(), 5)
     self.assertEquals(msg.get_mpint(), 0x1122334455L)
     self.assertEquals(msg.get_so_far(), self.__d[:13])
     self.assertEquals(msg.get_remainder(), self.__d[13:])
     msg.rewind()
     self.assertEquals(msg.get_int(), 5)
     self.assertEquals(msg.get_so_far(), self.__d[:4])
     self.assertEquals(msg.get_remainder(), self.__d[4:])
Ejemplo n.º 12
0
 def invoke_shell(self):
     """
     Request an interactive shell session on this channel.  If the server
     allows it, the channel will then be directly connected to the stdin,
     stdout, and stderr of the shell.
     
     Normally you would call L{get_pty} before this, in which case the
     shell will operate through the pty, and the channel will be connected
     to the stdin and stdout of the pty.
     
     When the shell exits, the channel will be closed and can't be reused.
     You must open a new channel if you wish to open another shell.
     
     @raise SSHException: if the request was rejected or the channel was
         closed
     """
     if self.closed or self.eof_received or self.eof_sent or not self.active:
         raise SSHException('Channel is not open')
     m = Message()
     m.add_byte(chr(MSG_CHANNEL_REQUEST))
     m.add_int(self.remote_chanid)
     m.add_string('shell')
     m.add_boolean(1)
     self._event_pending()
     self.transport._send_user_message(m)
     self._wait_for_event()
Ejemplo n.º 13
0
 def _parse_service_request(self, m):
     service = m.get_string()
     if self.transport.server_mode and (service == 'ssh-userauth'):
         # accepted
         m = Message()
         m.add_byte(chr(MSG_SERVICE_ACCEPT))
         m.add_string(service)
         self.transport._send_message(m)
         return
     # dunno this one
     self._disconnect_service_not_available()
Ejemplo n.º 14
0
 def _disconnect_service_not_available(self):
     m = Message()
     m.add_byte(chr(MSG_DISCONNECT))
     m.add_int(DISCONNECT_SERVICE_NOT_AVAILABLE)
     m.add_string('Service not available')
     m.add_string('en')
     self.transport._send_message(m)
     self.transport.close()
Ejemplo n.º 15
0
 def _disconnect_no_more_auth(self):
     m = Message()
     m.add_byte(chr(MSG_DISCONNECT))
     m.add_int(DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE)
     m.add_string('No more auth methods available')
     m.add_string('en')
     self.transport._send_message(m)
     self.transport.close()
Ejemplo n.º 16
0
 def _close_internal(self):
     # you are holding the lock.
     if not self.active or self.closed:
         return None, None
     m1 = self._send_eof()
     m2 = Message()
     m2.add_byte(chr(MSG_CHANNEL_CLOSE))
     m2.add_int(self.remote_chanid)
     self._set_closed()
     # can't unlink from the Transport yet -- the remote side may still
     # try to send meta-data (exit-status, etc)
     return m1, m2
Ejemplo n.º 17
0
Archivo: agent.py Proyecto: goosemo/ssh 
 def sign_ssh_data(self, rng, data):
     msg = Message()
     msg.add_byte(chr(SSH2_AGENTC_SIGN_REQUEST))
     msg.add_string(self.blob)
     msg.add_string(data)
     msg.add_int(0)
     ptype, result = self.agent._send_message(msg)
     if ptype != SSH2_AGENT_SIGN_RESPONSE:
         raise SSHException('key cannot be used for signing')
     return result.get_string()
Ejemplo n.º 18
0
    def send(self, s):
        """
        Send data to the channel.  Returns the number of bytes sent, or 0 if
        the channel stream is closed.  Applications are responsible for
        checking that all data has been sent: if only some of the data was
        transmitted, the application needs to attempt delivery of the remaining
        data.

        @param s: data to send
        @type s: str
        @return: number of bytes actually sent
        @rtype: int

        @raise socket.timeout: if no data could be sent before the timeout set
            by L{settimeout}.
        """
        size = len(s)
        self.lock.acquire()
        try:
            size = self._wait_for_send_window(size)
            if size == 0:
                # eof or similar
                return 0
            m = Message()
            m.add_byte(chr(MSG_CHANNEL_DATA))
            m.add_int(self.remote_chanid)
            m.add_string(s[:size])
        finally:
            self.lock.release()
        # Note: We release self.lock before calling _send_user_message.
        # Otherwise, we can deadlock during re-keying.
        self.transport._send_user_message(m)
        return size
Ejemplo n.º 19
0
 def _send_server_version(self):
     # winscp will freak out if the server sends version info before the
     # client finishes sending INIT.
     t, data = self._read_packet()
     if t != CMD_INIT:
         raise SFTPError('Incompatible sftp protocol')
     version = struct.unpack('>I', data[:4])[0]
     # advertise that we support "check-file"
     extension_pairs = [ 'check-file', 'md5,sha1' ]
     msg = Message()
     msg.add_int(_VERSION)
     msg.add(*extension_pairs)
     self._send_packet(CMD_VERSION, str(msg))
     return version
Ejemplo n.º 20
0
 def __str__(self):
     m = Message()
     m.add_string('ssh-dss')
     m.add_mpint(self.p)
     m.add_mpint(self.q)
     m.add_mpint(self.g)
     m.add_mpint(self.y)
     return str(m)
Ejemplo n.º 21
0
 def _parse_kexdh_gex_group(self, m):
     self.p = m.get_mpint()
     self.g = m.get_mpint()
     # reject if p's bit length < 1024 or > 8192
     bitlen = util.bit_length(self.p)
     if (bitlen < 1024) or (bitlen > 8192):
         raise SSHException('Server-generated gex p (don\'t ask) is out of range (%d bits)' % bitlen)
     self.transport._log(DEBUG, 'Got server p (%d bits)' % bitlen)
     self._generate_x()
     # now compute e = g^x mod p
     self.e = pow(self.g, self.x, self.p)
     m = Message()
     m.add_byte(chr(_MSG_KEXDH_GEX_INIT))
     m.add_mpint(self.e)
     self.transport._send_message(m)
     self.transport._expect_packet(_MSG_KEXDH_GEX_REPLY)
Ejemplo n.º 22
0
 def _negotiate_keys_wrapper(self, m):
     if self.local_kex_init is None:  # Remote side sent KEXINIT
         # Simulate in-transit MSG_CHANNEL_WINDOW_ADJUST by sending it
         # before responding to the incoming MSG_KEXINIT.
         m2 = Message()
         m2.add_byte(chr(MSG_CHANNEL_WINDOW_ADJUST))
         m2.add_int(chan.remote_chanid)
         m2.add_int(1)  # bytes to add
         self._send_message(m2)
     return _negotiate_keys(self, m)
Ejemplo n.º 23
0
    def recv_stderr(self, nbytes):
        """
        Receive data from the channel's stderr stream.  Only channels using
        L{exec_command} or L{invoke_shell} without a pty will ever have data
        on the stderr stream.  The return value is a string representing the
        data received.  The maximum amount of data to be received at once is
        specified by C{nbytes}.  If a string of length zero is returned, the
        channel stream has closed.

        @param nbytes: maximum number of bytes to read.
        @type nbytes: int
        @return: data.
        @rtype: str
        
        @raise socket.timeout: if no data is ready before the timeout set by
            L{settimeout}.
        
        @since: 1.1
        """
        try:
            out = self.in_stderr_buffer.read(nbytes, self.timeout)
        except PipeTimeout as e:
            raise socket.timeout()
            
        ack = self._check_add_window(len(out))
        # no need to hold the channel lock when sending this
        if ack > 0:
            m = Message()
            m.add_byte(chr(MSG_CHANNEL_WINDOW_ADJUST))
            m.add_int(self.remote_chanid)
            m.add_int(ack)
            self.transport._send_user_message(m)

        return out
Ejemplo n.º 24
0
    def send(self, s):
        """
        Send data to the channel.  Returns the number of bytes sent, or 0 if
        the channel stream is closed.  Applications are responsible for
        checking that all data has been sent: if only some of the data was
        transmitted, the application needs to attempt delivery of the remaining
        data.

        @param s: data to send
        @type s: str
        @return: number of bytes actually sent
        @rtype: int

        @raise socket.timeout: if no data could be sent before the timeout set
            by L{settimeout}.
        """
        size = len(s)
        self.lock.acquire()
        try:
            size = self._wait_for_send_window(size)
            if size == 0:
                # eof or similar
                return 0
            m = Message()
            m.add_byte(chr(MSG_CHANNEL_DATA))
            m.add_int(self.remote_chanid)
            m.add_string(s[:size])
        finally:
            self.lock.release()
        # Note: We release self.lock before calling _send_user_message.
        # Otherwise, we can deadlock during re-keying.
        self.transport._send_user_message(m)
        return size
Ejemplo n.º 25
0
 def __str__(self):
     m = Message()
     m.add_string('ssh-dss')
     m.add_mpint(self.p)
     m.add_mpint(self.q)
     m.add_mpint(self.g)
     m.add_mpint(self.y)
     return str(m)
Ejemplo n.º 26
0
Archivo: dsskey.py Proyecto: bobbyi/ssh 
 def __bytes__(self):
     m = Message()
     m.add_string(b'ssh-dss')
     m.add_mpint(self.p)
     m.add_mpint(self.q)
     m.add_mpint(self.g)
     m.add_mpint(self.y)
     return bytes(m)
Ejemplo n.º 27
0
 def _parse_kexdh_reply(self, m):
     # client mode
     host_key = m.get_string()
     self.f = m.get_mpint()
     if (self.f < 1) or (self.f > P - 1):
         raise SSHException('Server kex "f" is out of range')
     sig = m.get_string()
     K = pow(self.f, self.x, P)
     # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || e || f || K)
     hm = Message()
     hm.add(self.transport.local_version, self.transport.remote_version,
            self.transport.local_kex_init, self.transport.remote_kex_init)
     hm.add_string(host_key)
     hm.add_mpint(self.e)
     hm.add_mpint(self.f)
     hm.add_mpint(K)
     self.transport._set_K_H(K, SHA.new(str(hm)).digest())
     self.transport._verify_key(host_key, sig)
     self.transport._activate_outbound()
Ejemplo n.º 28
0
Archivo: dsskey.py Proyecto: bobbyi/ssh 
 def sign_ssh_data(self, rng, data):
     digest = SHA.new(data).digest()
     dss = DSA.construct((int(self.y), int(self.g), int(self.p), int(self.q), int(self.x)))
     # generate a suitable k
     qsize = len(util.deflate_long(self.q, 0))
     while True:
         k = util.inflate_long(rng.read(qsize), 1)
         if (k > 2) and (k < self.q):
             break
     r, s = dss.sign(util.inflate_long(digest, 1), k)
     m = Message()
     m.add_string(b'ssh-dss')
     # apparently, in rare cases, r or s may be shorter than 20 bytes!
     rstr = util.deflate_long(r, 0)
     sstr = util.deflate_long(s, 0)
     if len(rstr) < 20:
         rstr = b'\x00' * (20 - len(rstr)) + rstr
     if len(sstr) < 20:
         sstr = b'\x00' * (20 - len(sstr)) + sstr
     m.add_string(rstr + sstr)
     return m
Ejemplo n.º 29
0
 def _parse_kexdh_gex_request_old(self, m):
     # same as above, but without min_bits or max_bits (used by older clients like putty)
     self.preferred_bits = m.get_int()
     # smoosh the user's preferred size into our own limits
     if self.preferred_bits > self.max_bits:
         self.preferred_bits = self.max_bits
     if self.preferred_bits < self.min_bits:
         self.preferred_bits = self.min_bits
     # generate prime
     pack = self.transport._get_modulus_pack()
     if pack is None:
         raise SSHException('Can\'t do server-side gex with no modulus pack')
     self.transport._log(DEBUG, 'Picking p (~ %d bits)' % (self.preferred_bits,))
     self.g, self.p = pack.get_modulus(self.min_bits, self.preferred_bits, self.max_bits)
     m = Message()
     m.add_byte(chr(_MSG_KEXDH_GEX_GROUP))
     m.add_mpint(self.p)
     m.add_mpint(self.g)
     self.transport._send_message(m)
     self.transport._expect_packet(_MSG_KEXDH_GEX_INIT)
     self.old_style = True
Ejemplo n.º 30
0
 def _negotiate_keys_wrapper(self, m):
     if self.local_kex_init is None: # Remote side sent KEXINIT
         # Simulate in-transit MSG_CHANNEL_WINDOW_ADJUST by sending it
         # before responding to the incoming MSG_KEXINIT.
         m2 = Message()
         m2.add_byte(chr(MSG_CHANNEL_WINDOW_ADJUST))
         m2.add_int(chan.remote_chanid)
         m2.add_int(1)    # bytes to add
         self._send_message(m2)
     return _negotiate_keys(self, m)
Ejemplo n.º 31
0
 def _parse_kexdh_gex_request(self, m):
     minbits = m.get_int()
     preferredbits = m.get_int()
     maxbits = m.get_int()
     # smoosh the user's preferred size into our own limits
     if preferredbits > self.max_bits:
         preferredbits = self.max_bits
     if preferredbits < self.min_bits:
         preferredbits = self.min_bits
     # fix min/max if they're inconsistent.  technically, we could just pout
     # and hang up, but there's no harm in giving them the benefit of the
     # doubt and just picking a bitsize for them.
     if minbits > preferredbits:
         minbits = preferredbits
     if maxbits < preferredbits:
         maxbits = preferredbits
     # now save a copy
     self.min_bits = minbits
     self.preferred_bits = preferredbits
     self.max_bits = maxbits
     # generate prime
     pack = self.transport._get_modulus_pack()
     if pack is None:
         raise SSHException(
             'Can\'t do server-side gex with no modulus pack')
     self.transport._log(
         DEBUG, 'Picking p (%d <= %d <= %d bits)' %
         (minbits, preferredbits, maxbits))
     self.g, self.p = pack.get_modulus(minbits, preferredbits, maxbits)
     m = Message()
     m.add_byte(chr(_MSG_KEXDH_GEX_GROUP))
     m.add_mpint(self.p)
     m.add_mpint(self.g)
     self.transport._send_message(m)
     self.transport._expect_packet(_MSG_KEXDH_GEX_INIT)
Ejemplo n.º 32
0
 def sign_ssh_data(self, rpool, data):
     digest = SHA.new(data).digest()
     rsa = RSA.construct((long(self.n), long(self.e), long(self.d)))
     sig = util.deflate_long(rsa.sign(self._pkcs1imify(digest), '')[0], 0)
     m = Message()
     m.add_string('ssh-rsa')
     m.add_string(sig)
     return m
Ejemplo n.º 33
0
    def request_forward_agent(self, handler):
        """
        Request for a forward SSH Agent on this channel.
        This is only valid for an ssh-agent from openssh !!!

        @param handler: a required handler to use for incoming SSH Agent connections
        @type handler: function

        @return: if we are ok or not (at that time we always return ok)
        @rtype: boolean

        @raise: SSHException in case of channel problem.
        """
        if self.closed or self.eof_received or self.eof_sent or not self.active:
            raise SSHException('Channel is not open')

        m = Message()
        m.add_byte(chr(MSG_CHANNEL_REQUEST))
        m.add_int(self.remote_chanid)
        m.add_string('*****@*****.**')
        m.add_boolean(False)
        self.transport._send_user_message(m)
        self.transport._set_forward_agent_handler(handler)
        return True
Ejemplo n.º 34
0
 def _send_eof(self):
     # you are holding the lock.
     if self.eof_sent:
         return None
     m = Message()
     m.add_byte(chr(MSG_CHANNEL_EOF))
     m.add_int(self.remote_chanid)
     self.eof_sent = True
     self._log(DEBUG, 'EOF sent (%s)', self._name)
     return m
Ejemplo n.º 35
0
 def _parse_service_request(self, m):
     service = m.get_string()
     if self.transport.server_mode and (service == 'ssh-userauth'):
         # accepted
         m = Message()
         m.add_byte(chr(MSG_SERVICE_ACCEPT))
         m.add_string(service)
         self.transport._send_message(m)
         return
     # dunno this one
     self._disconnect_service_not_available()
Ejemplo n.º 36
0
 def _close_internal(self):
     # you are holding the lock.
     if not self.active or self.closed:
         return None, None
     m1 = self._send_eof()
     m2 = Message()
     m2.add_byte(chr(MSG_CHANNEL_CLOSE))
     m2.add_int(self.remote_chanid)
     self._set_closed()
     # can't unlink from the Transport yet -- the remote side may still
     # try to send meta-data (exit-status, etc)
     return m1, m2
Ejemplo n.º 37
0
    def _parse_userauth_info_request(self, m):
        if self.auth_method != 'keyboard-interactive':
            raise SSHException('Illegal info request from server')
        title = m.get_string()
        instructions = m.get_string()
        m.get_string()  # lang
        prompts = m.get_int()
        prompt_list = []
        for i in range(prompts):
            prompt_list.append((m.get_string(), m.get_boolean()))
        response_list = self.interactive_handler(title, instructions,
                                                 prompt_list)

        m = Message()
        m.add_byte(chr(MSG_USERAUTH_INFO_RESPONSE))
        m.add_int(len(response_list))
        for r in response_list:
            m.add_string(r)
        self.transport._send_message(m)
Ejemplo n.º 38
0
    def request_forward_agent(self, handler):
        """
        Request for a forward SSH Agent on this channel.
        This is only valid for an ssh-agent from openssh !!!

        @param handler: a required handler to use for incoming SSH Agent connections
        @type handler: function

        @return: if we are ok or not (at that time we always return ok)
        @rtype: boolean

        @raise: SSHException in case of channel problem.
        """
        if self.closed or self.eof_received or self.eof_sent or not self.active:
            raise SSHException('Channel is not open')

        m = Message()
        m.add_byte(chr(MSG_CHANNEL_REQUEST))
        m.add_int(self.remote_chanid)
        m.add_string('*****@*****.**')
        m.add_boolean(False)
        self.transport._send_user_message(m)
        self.transport._set_forward_agent_handler(handler)
        return True
Ejemplo n.º 39
0
 def start_kex(self):
     self._generate_x()
     if self.transport.server_mode:
         # compute f = g^x mod p, but don't send it yet
         self.f = pow(G, self.x, P)
         self.transport._expect_packet(_MSG_KEXDH_INIT)
         return
     # compute e = g^x mod p (where g=2), and send it
     self.e = pow(G, self.x, P)
     m = Message()
     m.add_byte(chr(_MSG_KEXDH_INIT))
     m.add_mpint(self.e)
     self.transport._send_message(m)
     self.transport._expect_packet(_MSG_KEXDH_REPLY)
Ejemplo n.º 40
0
 def _send_server_version(self):
     # winscp will freak out if the server sends version info before the
     # client finishes sending INIT.
     t, data = self._read_packet()
     if t != CMD_INIT:
         raise SFTPError('Incompatible sftp protocol')
     version = struct.unpack('>I', data[:4])[0]
     # advertise that we support "check-file"
     extension_pairs = ['check-file', 'md5,sha1']
     msg = Message()
     msg.add_int(_VERSION)
     msg.add(*extension_pairs)
     self._send_packet(CMD_VERSION, str(msg))
     return version
Ejemplo n.º 41
0
 def _parse_userauth_info_request(self, m):
     if self.auth_method != 'keyboard-interactive':
         raise SSHException('Illegal info request from server')
     title = m.get_string()
     instructions = m.get_string()
     m.get_string()  # lang
     prompts = m.get_int()
     prompt_list = []
     for i in range(prompts):
         prompt_list.append((m.get_string(), m.get_boolean()))
     response_list = self.interactive_handler(title, instructions, prompt_list)
     
     m = Message()
     m.add_byte(chr(MSG_USERAUTH_INFO_RESPONSE))
     m.add_int(len(response_list))
     for r in response_list:
         m.add_string(r)
     self.transport._send_message(m)
Ejemplo n.º 42
0
 def _parse_kexdh_gex_group(self, m):
     self.p = m.get_mpint()
     self.g = m.get_mpint()
     # reject if p's bit length < 1024 or > 8192
     bitlen = util.bit_length(self.p)
     if (bitlen < 1024) or (bitlen > 8192):
         raise SSHException(
             'Server-generated gex p (don\'t ask) is out of range (%d bits)'
             % bitlen)
     self.transport._log(DEBUG, 'Got server p (%d bits)' % bitlen)
     self._generate_x()
     # now compute e = g^x mod p
     self.e = pow(self.g, self.x, self.p)
     m = Message()
     m.add_byte(chr(_MSG_KEXDH_GEX_INIT))
     m.add_mpint(self.e)
     self.transport._send_message(m)
     self.transport._expect_packet(_MSG_KEXDH_GEX_REPLY)
Ejemplo n.º 43
0
 def sign_ssh_data(self, rng, data):
     digest = SHA.new(data).digest()
     dss = DSA.construct((long(self.y), long(self.g), long(self.p), long(self.q), long(self.x)))
     # generate a suitable k
     qsize = len(util.deflate_long(self.q, 0))
     while True:
         k = util.inflate_long(rng.read(qsize), 1)
         if (k > 2) and (k < self.q):
             break
     r, s = dss.sign(util.inflate_long(digest, 1), k)
     m = Message()
     m.add_string('ssh-dss')
     # apparently, in rare cases, r or s may be shorter than 20 bytes!
     rstr = util.deflate_long(r, 0)
     sstr = util.deflate_long(s, 0)
     if len(rstr) < 20:
         rstr = '\x00' * (20 - len(rstr)) + rstr
     if len(sstr) < 20:
         sstr = '\x00' * (20 - len(sstr)) + sstr
     m.add_string(rstr + sstr)
     return m
Ejemplo n.º 44
0
 def _parse_kexdh_gex_request_old(self, m):
     # same as above, but without min_bits or max_bits (used by older clients like putty)
     self.preferred_bits = m.get_int()
     # smoosh the user's preferred size into our own limits
     if self.preferred_bits > self.max_bits:
         self.preferred_bits = self.max_bits
     if self.preferred_bits < self.min_bits:
         self.preferred_bits = self.min_bits
     # generate prime
     pack = self.transport._get_modulus_pack()
     if pack is None:
         raise SSHException(
             'Can\'t do server-side gex with no modulus pack')
     self.transport._log(DEBUG,
                         'Picking p (~ %d bits)' % (self.preferred_bits, ))
     self.g, self.p = pack.get_modulus(self.min_bits, self.preferred_bits,
                                       self.max_bits)
     m = Message()
     m.add_byte(chr(_MSG_KEXDH_GEX_GROUP))
     m.add_mpint(self.p)
     m.add_mpint(self.g)
     self.transport._send_message(m)
     self.transport._expect_packet(_MSG_KEXDH_GEX_INIT)
     self.old_style = True
Ejemplo n.º 45
0
 def _parse_kexdh_gex_init(self, m):
     self.e = m.get_mpint()
     if (self.e < 1) or (self.e > self.p - 1):
         raise SSHException('Client kex "e" is out of range')
     self._generate_x()
     self.f = pow(self.g, self.x, self.p)
     K = pow(self.e, self.x, self.p)
     key = str(self.transport.get_server_key())
     # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K)
     hm = Message()
     hm.add(self.transport.remote_version, self.transport.local_version,
            self.transport.remote_kex_init, self.transport.local_kex_init,
            key)
     if not self.old_style:
         hm.add_int(self.min_bits)
     hm.add_int(self.preferred_bits)
     if not self.old_style:
         hm.add_int(self.max_bits)
     hm.add_mpint(self.p)
     hm.add_mpint(self.g)
     hm.add_mpint(self.e)
     hm.add_mpint(self.f)
     hm.add_mpint(K)
     H = SHA.new(str(hm)).digest()
     self.transport._set_K_H(K, H)
     # sign it
     sig = self.transport.get_server_key().sign_ssh_data(self.transport.rng, H)
     # send reply
     m = Message()
     m.add_byte(chr(_MSG_KEXDH_GEX_REPLY))
     m.add_string(key)
     m.add_mpint(self.f)
     m.add_string(str(sig))
     self.transport._send_message(m)
     self.transport._activate_outbound()
Ejemplo n.º 46
0
 def _parse_kexdh_gex_reply(self, m):
     host_key = m.get_string()
     self.f = m.get_mpint()
     sig = m.get_string()
     if (self.f < 1) or (self.f > self.p - 1):
         raise SSHException('Server kex "f" is out of range')
     K = pow(self.f, self.x, self.p)
     # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K)
     hm = Message()
     hm.add(self.transport.local_version, self.transport.remote_version,
            self.transport.local_kex_init, self.transport.remote_kex_init,
            host_key)
     if not self.old_style:
         hm.add_int(self.min_bits)
     hm.add_int(self.preferred_bits)
     if not self.old_style:
         hm.add_int(self.max_bits)
     hm.add_mpint(self.p)
     hm.add_mpint(self.g)
     hm.add_mpint(self.e)
     hm.add_mpint(self.f)
     hm.add_mpint(K)
     self.transport._set_K_H(K, SHA.new(str(hm)).digest())
     self.transport._verify_key(host_key, sig)
     self.transport._activate_outbound()
Ejemplo n.º 47
0
 def __str__(self):
     m = Message()
     m.add_string('ssh-rsa')
     m.add_mpint(self.e)
     m.add_mpint(self.n)
     return str(m)
Ejemplo n.º 48
0
 def _handle_request(self, m):
     key = m.get_string()
     want_reply = m.get_boolean()
     server = self.transport.server_object
     ok = False
     if key == 'exit-status':
         self.exit_status = m.get_int()
         self.status_event.set()
         ok = True
     elif key == 'xon-xoff':
         # ignore
         ok = True
     elif key == 'pty-req':
         term = m.get_string()
         width = m.get_int()
         height = m.get_int()
         pixelwidth = m.get_int()
         pixelheight = m.get_int()
         modes = m.get_string()
         if server is None:
             ok = False
         else:
             ok = server.check_channel_pty_request(self, term, width,
                                                   height, pixelwidth,
                                                   pixelheight, modes)
     elif key == 'shell':
         if server is None:
             ok = False
         else:
             ok = server.check_channel_shell_request(self)
     elif key == 'exec':
         cmd = m.get_string()
         if server is None:
             ok = False
         else:
             ok = server.check_channel_exec_request(self, cmd)
     elif key == 'subsystem':
         name = m.get_string()
         if server is None:
             ok = False
         else:
             ok = server.check_channel_subsystem_request(self, name)
     elif key == 'window-change':
         width = m.get_int()
         height = m.get_int()
         pixelwidth = m.get_int()
         pixelheight = m.get_int()
         if server is None:
             ok = False
         else:
             ok = server.check_channel_window_change_request(
                 self, width, height, pixelwidth, pixelheight)
     elif key == 'x11-req':
         single_connection = m.get_boolean()
         auth_proto = m.get_string()
         auth_cookie = m.get_string()
         screen_number = m.get_int()
         if server is None:
             ok = False
         else:
             ok = server.check_channel_x11_request(self, single_connection,
                                                   auth_proto, auth_cookie,
                                                   screen_number)
     elif key == '*****@*****.**':
         if server is None:
             ok = False
         else:
             ok = server.check_channel_forward_agent_request(self)
     else:
         self._log(DEBUG, 'Unhandled channel request "%s"' % key)
         ok = False
     if want_reply:
         m = Message()
         if ok:
             m.add_byte(chr(MSG_CHANNEL_SUCCESS))
         else:
             m.add_byte(chr(MSG_CHANNEL_FAILURE))
         m.add_int(self.remote_chanid)
         self.transport._send_user_message(m)
Ejemplo n.º 49
0
 def _parse_kexdh_gex_init(self, m):
     self.e = m.get_mpint()
     if (self.e < 1) or (self.e > self.p - 1):
         raise SSHException('Client kex "e" is out of range')
     self._generate_x()
     self.f = pow(self.g, self.x, self.p)
     K = pow(self.e, self.x, self.p)
     key = str(self.transport.get_server_key())
     # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K)
     hm = Message()
     hm.add(self.transport.remote_version, self.transport.local_version,
            self.transport.remote_kex_init, self.transport.local_kex_init,
            key)
     if not self.old_style:
         hm.add_int(self.min_bits)
     hm.add_int(self.preferred_bits)
     if not self.old_style:
         hm.add_int(self.max_bits)
     hm.add_mpint(self.p)
     hm.add_mpint(self.g)
     hm.add_mpint(self.e)
     hm.add_mpint(self.f)
     hm.add_mpint(K)
     H = SHA.new(str(hm)).digest()
     self.transport._set_K_H(K, H)
     # sign it
     sig = self.transport.get_server_key().sign_ssh_data(
         self.transport.rng, H)
     # send reply
     m = Message()
     m.add_byte(chr(_MSG_KEXDH_GEX_REPLY))
     m.add_string(key)
     m.add_mpint(self.f)
     m.add_string(str(sig))
     self.transport._send_message(m)
     self.transport._activate_outbound()
Ejemplo n.º 50
0
 def _parse_kexdh_gex_reply(self, m):
     host_key = m.get_string()
     self.f = m.get_mpint()
     sig = m.get_string()
     if (self.f < 1) or (self.f > self.p - 1):
         raise SSHException('Server kex "f" is out of range')
     K = pow(self.f, self.x, self.p)
     # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || min || n || max || p || g || e || f || K)
     hm = Message()
     hm.add(self.transport.local_version, self.transport.remote_version,
            self.transport.local_kex_init, self.transport.remote_kex_init,
            host_key)
     if not self.old_style:
         hm.add_int(self.min_bits)
     hm.add_int(self.preferred_bits)
     if not self.old_style:
         hm.add_int(self.max_bits)
     hm.add_mpint(self.p)
     hm.add_mpint(self.g)
     hm.add_mpint(self.e)
     hm.add_mpint(self.f)
     hm.add_mpint(K)
     self.transport._set_K_H(K, SHA.new(str(hm)).digest())
     self.transport._verify_key(host_key, sig)
     self.transport._activate_outbound()
Ejemplo n.º 51
0
 def start_kex(self, _test_old_style=False):
     if self.transport.server_mode:
         self.transport._expect_packet(_MSG_KEXDH_GEX_REQUEST,
                                       _MSG_KEXDH_GEX_REQUEST_OLD)
         return
     # request a bit range: we accept (min_bits) to (max_bits), but prefer
     # (preferred_bits).  according to the spec, we shouldn't pull the
     # minimum up above 1024.
     m = Message()
     if _test_old_style:
         # only used for unit tests: we shouldn't ever send this
         m.add_byte(chr(_MSG_KEXDH_GEX_REQUEST_OLD))
         m.add_int(self.preferred_bits)
         self.old_style = True
     else:
         m.add_byte(chr(_MSG_KEXDH_GEX_REQUEST))
         m.add_int(self.min_bits)
         m.add_int(self.preferred_bits)
         m.add_int(self.max_bits)
     self.transport._send_message(m)
     self.transport._expect_packet(_MSG_KEXDH_GEX_GROUP)
Ejemplo n.º 52
0
 def _send_message(self, msg):
     msg = str(msg)
     self.conn.send(struct.pack('>I', len(msg)) + msg)
     l = self._read_all(4)
     msg = Message(self._read_all(struct.unpack('>I', l)[0]))
     return ord(msg.get_byte()), msg
Ejemplo n.º 53
0
 def start_kex(self, _test_old_style=False):
     if self.transport.server_mode:
         self.transport._expect_packet(_MSG_KEXDH_GEX_REQUEST, _MSG_KEXDH_GEX_REQUEST_OLD)
         return
     # request a bit range: we accept (min_bits) to (max_bits), but prefer
     # (preferred_bits).  according to the spec, we shouldn't pull the
     # minimum up above 1024.
     m = Message()
     if _test_old_style:
         # only used for unit tests: we shouldn't ever send this
         m.add_byte(chr(_MSG_KEXDH_GEX_REQUEST_OLD))
         m.add_int(self.preferred_bits)
         self.old_style = True
     else:
         m.add_byte(chr(_MSG_KEXDH_GEX_REQUEST))
         m.add_int(self.min_bits)
         m.add_int(self.preferred_bits)
         m.add_int(self.max_bits)
     self.transport._send_message(m)
     self.transport._expect_packet(_MSG_KEXDH_GEX_GROUP)
Ejemplo n.º 54
0
 def _parse_kexdh_init(self, m):
     # server mode
     self.e = m.get_mpint()
     if (self.e < 1) or (self.e > P - 1):
         raise SSHException('Client kex "e" is out of range')
     K = pow(self.e, self.x, P)
     key = str(self.transport.get_server_key())
     # okay, build up the hash H of (V_C || V_S || I_C || I_S || K_S || e || f || K)
     hm = Message()
     hm.add(self.transport.remote_version, self.transport.local_version,
            self.transport.remote_kex_init, self.transport.local_kex_init)
     hm.add_string(key)
     hm.add_mpint(self.e)
     hm.add_mpint(self.f)
     hm.add_mpint(K)
     H = SHA.new(str(hm)).digest()
     self.transport._set_K_H(K, H)
     # sign it
     sig = self.transport.get_server_key().sign_ssh_data(self.transport.rng, H)
     # send reply
     m = Message()
     m.add_byte(chr(_MSG_KEXDH_REPLY))
     m.add_string(key)
     m.add_mpint(self.f)
     m.add_string(str(sig))
     self.transport._send_message(m)
     self.transport._activate_outbound()
Ejemplo n.º 55
0
Archivo: agent.py Proyecto: goosemo/ssh 
 def _send_message(self, msg):
     msg = str(msg)
     self._conn.send(struct.pack('>I', len(msg)) + msg)
     l = self._read_all(4)
     msg = Message(self._read_all(struct.unpack('>I', l)[0]))
     return ord(msg.get_byte()), msg
Ejemplo n.º 56
0
 def __init__(self, agent, blob):
     self.agent = agent
     self.blob = blob
     self.name = Message(blob).get_string()
Ejemplo n.º 57
0
Archivo: rsakey.py Proyecto: bobbyi/ssh 
 def __bytes__(self):
     m = Message()
     m.add_string(b'ssh-rsa')
     m.add_mpint(self.e)
     m.add_mpint(self.n)
     return bytes(m)