Exemple #1
0
    def process_packet(self, data):
        """Handle an incoming SSH packet"""

        packet = SSHPacket(data)
        pkttype = packet.get_byte()

        self._kex.process_packet(pkttype, packet)
Exemple #2
0
    def test_packet(self):
        """Unit test SSH packet module"""

        for encode, decode, values in self.tests:
            for value, data in values:
                data = codecs.decode(data, 'hex')

                with self.subTest(msg='encode', value=value):
                    self.assertEqual(encode(value), data)

                with self.subTest(msg='decode', data=data):
                    packet = SSHPacket(data)
                    decoded_value = decode(packet)
                    packet.check_end()
                    self.assertEqual(decoded_value, value)
                    self.assertEqual(packet.get_consumed_payload(), data)
                    self.assertEqual(packet.get_remaining_payload(), b'')

        for encode, value, exc in self.encode_errors:
            with self.subTest(msg='encode error', encode=encode, value=value):
                with self.assertRaises(exc):
                    encode(value)

        for decode, data in self.decode_errors:
            with self.subTest(msg='decode error', data=data):
                with self.assertRaises(PacketDecodeError):
                    packet = SSHPacket(codecs.decode(data, 'hex'))
                    decode(packet)
                    packet.check_end()
Exemple #3
0
    def process_packet(self, data):
        """Process an incoming packet"""

        packet = SSHPacket(data)
        pkttype = packet.get_byte()

        if pkttype == MSG_USERAUTH_FAILURE:
            _ = packet.get_namelist()
            partial_success = packet.get_boolean()
            packet.check_end()

            if partial_success: # pragma: no cover
                # Partial success not implemented yet
                self._auth.auth_succeeded()
            else:
                self._auth.auth_failed()

            self._auth_waiter.set_result((False, self._password_changed))
            self._auth = None
            self._auth_waiter = None
        elif pkttype == MSG_USERAUTH_SUCCESS:
            packet.check_end()

            self._auth.auth_succeeded()
            self._auth_waiter.set_result((True, self._password_changed))
            self._auth = None
            self._auth_waiter = None
        else:
            self._auth.process_packet(pkttype, None, packet)
Exemple #4
0
    def process_packet(self, data):
        """Process an incoming packet"""

        packet = SSHPacket(data)
        pkttype = packet.get_byte()

        if pkttype == MSG_USERAUTH_FAILURE:
            _ = packet.get_namelist()
            partial_success = packet.get_boolean()
            packet.check_end()

            if partial_success: # pragma: no cover
                # Partial success not implemented yet
                self._auth.auth_succeeded()
            else:
                self._auth.auth_failed()

            self._auth_waiter.set_result((False, self._password_changed))
            self._auth = None
            self._auth_waiter = None
        elif pkttype == MSG_USERAUTH_SUCCESS:
            packet.check_end()

            self._auth.auth_succeeded()
            self._auth_waiter.set_result((True, self._password_changed))
            self._auth = None
            self._auth_waiter = None
        else:
            try:
                self._auth.process_packet(pkttype, packet)
            except DisconnectError as exc:
                self.connection_lost(exc)
Exemple #5
0
    def test_packet(self):
        """Unit test SSH packet module"""

        for encode, decode, values in self.tests:
            for value, data in values:
                data = codecs.decode(data, 'hex')

                with self.subTest(msg='encode', value=value):
                    self.assertEqual(encode(value), data)

                with self.subTest(msg='decode', data=data):
                    packet = SSHPacket(data)
                    decoded_value = decode(packet)
                    packet.check_end()
                    self.assertEqual(decoded_value, value)
                    self.assertEqual(packet.get_consumed_payload(), data)
                    self.assertEqual(packet.get_remaining_payload(), b'')

        for encode, value, exc in self.encode_errors:
            with self.subTest(msg='encode error', encode=encode, value=value):
                with self.assertRaises(exc):
                    encode(value)

        for decode, data in self.decode_errors:
            with self.subTest(msg='decode error', data=data):
                with self.assertRaises(PacketDecodeError):
                    packet = SSHPacket(codecs.decode(data, 'hex'))
                    decode(packet)
                    packet.check_end()
Exemple #6
0
    def test_server_auth_methods(self):
        """Test server auth methods"""

        with self.subTest('No auth methods'):
            server_conn = _AuthServerStub()
            self.assertEqual(get_server_auth_methods(server_conn), [])
            server_conn.close()

        with self.subTest('All auth methods'):
            gss_host = '1' if gss_available else None
            server_conn = _AuthServerStub(gss_host=gss_host,
                                          public_key_auth=True,
                                          password_auth=True, kbdint_auth=True)
            if gss_available: # pragma: no branch
                self.assertEqual(get_server_auth_methods(server_conn),
                                 [b'gssapi-keyex', b'gssapi-with-mic',
                                  b'publickey', b'keyboard-interactive',
                                  b'password'])
            else: # pragma: no cover
                self.assertEqual(get_server_auth_methods(server_conn),
                                 [b'publickey', b'keyboard-interactive',
                                  b'password'])
            server_conn.close()

        with self.subTest('Unknown auth method'):
            server_conn = _AuthServerStub()
            self.assertEqual(lookup_server_auth(server_conn, 'user', b'xxx',
                                                SSHPacket(b'')), None)
            server_conn.close()
Exemple #7
0
    def test_handler(self):
        """Unit test SSH packet handler"""
        class _TestPacketHandler(SSHPacketHandler):
            """Class for unit testing SSHPacketHandler"""
            def _handler1(self, pkttype, packet):
                """Packet handler for unit testing"""

            packet_handlers = {1: _handler1}

        handler = _TestPacketHandler()
        packet = SSHPacket(b'')
        self.assertTrue(handler.process_packet(1, packet))
        self.assertFalse(handler.process_packet(2, packet))
Exemple #8
0
    def process_packet(self, data):
        """Process an incoming packet"""

        packet = SSHPacket(data)
        pkttype = packet.get_byte()

        if pkttype == MSG_USERAUTH_REQUEST:
            _ = packet.get_string()         # username
            _ = packet.get_string()         # service
            method = packet.get_string()

            if self._auth:
                self._auth.cancel()

            if self._override_gss_mech:
                self.send_packet(MSG_USERAUTH_GSSAPI_RESPONSE,
                                 String('mismatch'))
            elif self._override_pk_ok:
                self.send_packet(MSG_USERAUTH_PK_OK, String(''), String(''))
            else:
                self._auth = lookup_server_auth(self, 'user', method, packet)
        else:
            self._auth.process_packet(pkttype, None, packet)
Exemple #9
0
    def process_packet(self, data):
        """Process an incoming packet"""

        packet = SSHPacket(data)
        pkttype = packet.get_byte()

        if pkttype == MSG_USERAUTH_REQUEST:
            _ = packet.get_string()         # username
            _ = packet.get_string()         # service
            method = packet.get_string()

            if self._auth:
                self._auth.cancel()

            if self._override_gss_mech:
                self.send_packet(MSG_USERAUTH_GSSAPI_RESPONSE,
                                 String('mismatch'))
            elif self._override_pk_ok:
                self.send_packet(MSG_USERAUTH_PK_OK, String(''), String(''))
            else:
                self._auth = lookup_server_auth(self, 'user', method, packet)
        else:
            self._auth.process_packet(pkttype, None, packet)
Exemple #10
0
    def communicate(self, request):
        """Process SSH key signing request"""

        # pylint: disable=no-self-use

        packet = SSHPacket(request)
        request = packet.get_string()
        packet.check_end()

        packet = SSHPacket(request)
        version = packet.get_byte()
        _ = packet.get_uint32()     # sock_fd
        data = packet.get_string()
        packet.check_end()

        if version == 0:
            return b'', b''
        elif version == 1:
            return b'', b'invalid request'
        else:
            skey = asyncssh.load_keypairs('skey')[0]
            sig = skey.sign(data)
            return String(Byte(KEYSIGN_VERSION) + String(sig)), b''
Exemple #11
0
    def process_packet(self, data):
        """Process an incoming packet"""

        packet = SSHPacket(data)
        pkttype = packet.get_byte()

        if pkttype == MSG_USERAUTH_REQUEST:
            _ = packet.get_string()  # username
            _ = packet.get_string()  # service
            method = packet.get_string()

            if self._auth:
                self._auth.cancel()

            if self._override_pk_ok:
                self.send_packet(Byte(MSG_USERAUTH_PK_OK), String(''),
                                 String(''))
            else:
                self._auth = lookup_server_auth(self, 'user', method, packet)
        else:
            try:
                self._auth.process_packet(pkttype, packet)
            except DisconnectError as exc:
                self.connection_lost(exc)
Exemple #12
0
    def process_packet(self, data):
        """Process an incoming packet"""

        packet = SSHPacket(data)
        pkttype = packet.get_byte()

        if pkttype == MSG_USERAUTH_REQUEST:
            _ = packet.get_string()         # username
            _ = packet.get_string()         # service
            method = packet.get_string()

            if self._auth:
                self._auth.cancel()

            if self._override_pk_ok:
                self.send_packet(Byte(MSG_USERAUTH_PK_OK),
                                 String(''), String(''))
            else:
                self._auth = lookup_server_auth(self, 'user', method, packet)
        else:
            try:
                self._auth.process_packet(pkttype, packet)
            except DisconnectError as exc:
                self.connection_lost(exc)
Exemple #13
0
    def test_handler(self):
        """Unit test SSH packet handler"""

        class _TestPacketHandler(SSHPacketHandler):
            """Class for unit testing SSHPacketHandler"""

            @property
            def logger(self):
                """A logger associated with this packet handler"""

                return logger

            def _handler1(self, pkttype, pktid, packet):
                """Packet handler for unit testing"""

            _packet_handlers = {
                1: _handler1
            }

        handler = _TestPacketHandler()
        packet = SSHPacket(b'')
        self.assertTrue(handler.process_packet(1, 1, packet))
        self.assertFalse(handler.process_packet(2, 2, packet))
Exemple #14
0
    def test_server_auth_methods(self):
        """Test server auth methods"""

        with self.subTest('No auth methods'):
            server_conn = _AuthServerStub()
            self.assertEqual(get_server_auth_methods(server_conn), [])
            server_conn.close()

        with self.subTest('All auth methods'):
            server_conn = _AuthServerStub(public_key_auth=True,
                                          password_auth=True,
                                          kbdint_auth=True)
            self.assertEqual(
                get_server_auth_methods(server_conn),
                [b'publickey', b'keyboard-interactive', b'password'])
            server_conn.close()

        with self.subTest('Unknown auth method'):
            server_conn = _AuthServerStub()
            self.assertEqual(
                lookup_server_auth(server_conn, 'user', b'xxx',
                                   SSHPacket(b'')), None)
            server_conn.close()
Exemple #15
0
    def process_packet(self, data):
        """Process an incoming packet"""

        packet = SSHPacket(data)
        pkttype = packet.get_byte()
        self._kex.process_packet(pkttype, None, packet)
Exemple #16
0
    def process_packet(self, data):
        """Process an incoming packet"""

        packet = SSHPacket(data)
        pkttype = packet.get_byte()
        self._kex.process_packet(pkttype, None, packet)
Exemple #17
0
    def communicate(self, request):
        """Process SSH key signing request"""

        # pylint: disable=no-self-use

        packet = SSHPacket(request)
        request = packet.get_string()
        packet.check_end()

        packet = SSHPacket(request)
        version = packet.get_byte()
        _ = packet.get_uint32()  # sock_fd
        data = packet.get_string()
        packet.check_end()

        if version == 0:
            return b'', b''
        elif version == 1:
            return b'', b'invalid request'
        else:
            skey = asyncssh.load_keypairs('skey')[0]
            sig = skey.sign(data)
            return String(Byte(KEYSIGN_VERSION) + String(sig)), b''