def _parse_service_accept(self, m):
service = m.get_text()
if service == "ssh-userauth":
self._log(DEBUG, "userauth is OK")
m = Message()
m.add_byte(cMSG_USERAUTH_REQUEST)
m.add_string(self.username)
m.add_string("ssh-connection")
m.add_string(self.auth_method)
if self.auth_method == "password":
m.add_boolean(False)
password = b(self.password)
m.add_string(password)
elif self.auth_method == "publickey":
m.add_boolean(True)
# Use certificate contents, if available, plain pubkey
# otherwise
if self.private_key.public_blob:
m.add_string(self.private_key.public_blob.key_type)
m.add_string(self.private_key.public_blob.key_blob)
else:
m.add_string(self.private_key.get_name())
m.add_string(self.private_key)
blob = self._get_session_blob(self.private_key,
"ssh-connection", self.username)
sig = self.private_key.sign_ssh_data(blob)
m.add_string(sig)
elif self.auth_method == "keyboard-interactive":
m.add_string("")
m.add_string(self.submethods)
elif self.auth_method == "gssapi-with-mic":
sshgss = GSSAuth(self.auth_method, self.gss_deleg_creds)
m.add_bytes(sshgss.ssh_gss_oids())
# send the supported GSSAPI OIDs to the server
self.transport._send_message(m)
ptype, m = self.transport.packetizer.read_message()
if ptype == MSG_USERAUTH_BANNER:
self._parse_userauth_banner(m)
ptype, m = self.transport.packetizer.read_message()
if ptype == MSG_USERAUTH_GSSAPI_RESPONSE:
# Read the mechanism selected by the server. We send just
# the Kerberos V5 OID, so the server can only respond with
# this OID.
mech = m.get_string()
m = Message()
m.add_byte(cMSG_USERAUTH_GSSAPI_TOKEN)
try:
m.add_string(
sshgss.ssh_init_sec_context(
self.gss_host, mech, self.username))
except GSS_EXCEPTIONS as e:
return self._handle_local_gss_failure(e)
self.transport._send_message(m)
while True:
ptype, m = self.transport.packetizer.read_message()
if ptype == MSG_USERAUTH_GSSAPI_TOKEN:
srv_token = m.get_string()
try:
next_token = sshgss.ssh_init_sec_context(
self.gss_host,
mech,
self.username,
srv_token,
)
except GSS_EXCEPTIONS as e:
return self._handle_local_gss_failure(e)
# After this step the GSSAPI should not return any
# token. If it does, we keep sending the token to
# the server until no more token is returned.
if next_token is None:
break
else:
m = Message()
m.add_byte(cMSG_USERAUTH_GSSAPI_TOKEN)
m.add_string(next_token)
self.transport.send_message(m)
else:
raise SSHException("Received Package: {}".format(
MSG_NAMES[ptype]))
m = Message()
m.add_byte(cMSG_USERAUTH_GSSAPI_MIC)
# send the MIC to the server
m.add_string(sshgss.ssh_get_mic(self.transport.session_id))
elif ptype == MSG_USERAUTH_GSSAPI_ERRTOK:
# RFC 4462 says we are not required to implement GSS-API
# error messages.
# See RFC 4462 Section 3.8 in
# http://www.ietf.org/rfc/rfc4462.txt
raise SSHException("Server returned an error token")
elif ptype == MSG_USERAUTH_GSSAPI_ERROR:
maj_status = m.get_int()
min_status = m.get_int()
err_msg = m.get_string()
m.get_string() # Lang tag - discarded
raise SSHException("""GSS-API Error:
Major Status: {}
Minor Status: {}
Error Message: {}
""".format(maj_status, min_status, err_msg))
elif ptype == MSG_USERAUTH_FAILURE:
self._parse_userauth_failure(m)
return
else:
raise SSHException("Received Package: {}".format(
MSG_NAMES[ptype]))
elif (self.auth_method == "gssapi-keyex"
and self.transport.gss_kex_used):
kexgss = self.transport.kexgss_ctxt
kexgss.set_username(self.username)
mic_token = kexgss.ssh_get_mic(self.transport.session_id)
m.add_string(mic_token)
elif self.auth_method == "none":
pass
else:
raise SSHException('Unknown auth method "{}"'.format(
self.auth_method))
self.transport._send_message(m)
else:
self._log(DEBUG,
'Service request "{}" accepted (?)'.format(service))
def _parse_userauth_request(self, m):
if not self.transport.server_mode:
# er, uh... what?
m = Message()
m.add_byte(chr(MSG_USERAUTH_FAILURE))
m.add_string('none')
m.add_boolean(0)
self.transport._send_message(m)
return
if self.authenticated:
# ignore
return
username = m.get_string()
service = m.get_string()
method = m.get_string()
self.transport._log(
DEBUG, 'Auth request (type=%s) service=%s, username=%s' %
(method, service, username))
if service != 'ssh-connection':
self._disconnect_service_not_available()
return
if (self.auth_username
is not None) and (self.auth_username != username):
self.transport._log(
WARNING,
'Auth rejected because the client attempted to change username in mid-flight'
)
self._disconnect_no_more_auth()
return
self.auth_username = username
if method == 'none':
result = self.transport.server_object.check_auth_none(username)
elif method == 'password':
changereq = m.get_boolean()
password = m.get_string()
try:
password = password.decode('UTF-8')
except UnicodeError:
# some clients/servers expect non-utf-8 passwords!
# in this case, just return the raw byte string.
pass
if changereq:
# always treated as failure, since we don't support changing passwords, but collect
# the list of valid auth types from the callback anyway
self.transport._log(
DEBUG, 'Auth request to change passwords (rejected)')
newpassword = m.get_string()
try:
newpassword = newpassword.decode('UTF-8', 'replace')
except UnicodeError:
pass
result = AUTH_FAILED
else:
result = self.transport.server_object.check_auth_password(
username, password)
elif method == 'publickey':
sig_attached = m.get_boolean()
keytype = m.get_string()
keyblob = m.get_string()
try:
key = self.transport._key_info[keytype](Message(keyblob))
except SSHException, e:
self.transport._log(INFO,
'Auth rejected: public key: %s' % str(e))
key = None
except:
def _send_message(self, msg):
msg = asbytes(msg)
self._conn.send(struct.pack(">I", len(msg)) + msg)
l = self._read_all(4)
msg = Message(self._read_all(struct.unpack(">I", l)[0]))
return ord(msg.get_byte()), msg
def _handle_request(self, m):
key = m.get_text()
want_reply = m.get_boolean()
server = self.transport.server_object
ok = False
if key == 'exit-status':
self.exit_status = m.get_int()
self.status_event.set()
ok = True
elif key == 'xon-xoff':
# ignore
ok = True
elif key == 'pty-req':
term = m.get_string()
width = m.get_int()
height = m.get_int()
pixelwidth = m.get_int()
pixelheight = m.get_int()
modes = m.get_string()
if server is None:
ok = False
else:
ok = server.check_channel_pty_request(self, term, width,
height, pixelwidth,
pixelheight, modes)
elif key == 'shell':
if server is None:
ok = False
else:
ok = server.check_channel_shell_request(self)
elif key == 'env':
name = m.get_string()
value = m.get_string()
if server is None:
ok = False
else:
ok = server.check_channel_env_request(self, name, value)
elif key == 'exec':
cmd = m.get_string()
if server is None:
ok = False
else:
ok = server.check_channel_exec_request(self, cmd)
elif key == 'subsystem':
name = m.get_text()
if server is None:
ok = False
else:
ok = server.check_channel_subsystem_request(self, name)
elif key == 'window-change':
width = m.get_int()
height = m.get_int()
pixelwidth = m.get_int()
pixelheight = m.get_int()
if server is None:
ok = False
else:
ok = server.check_channel_window_change_request(
self, width, height, pixelwidth, pixelheight)
elif key == 'x11-req':
single_connection = m.get_boolean()
auth_proto = m.get_text()
auth_cookie = m.get_binary()
screen_number = m.get_int()
if server is None:
ok = False
else:
ok = server.check_channel_x11_request(self, single_connection,
auth_proto, auth_cookie,
screen_number)
elif key == '*****@*****.**':
if server is None:
ok = False
else:
ok = server.check_channel_forward_agent_request(self)
else:
self._log(DEBUG, 'Unhandled channel request "%s"' % key)
ok = False
if want_reply:
m = Message()
if ok:
m.add_byte(cMSG_CHANNEL_SUCCESS)
else:
m.add_byte(cMSG_CHANNEL_FAILURE)
m.add_int(self.remote_chanid)
self.transport._send_user_message(m)
def _parse_userauth_request(self, m):
if not self.transport.server_mode:
# er, uh... what?
m = Message()
m.add_byte(cMSG_USERAUTH_FAILURE)
m.add_string('none')
m.add_boolean(False)
self.transport._send_message(m)
return
if self.authenticated:
# ignore
return
username = m.get_text()
service = m.get_text()
method = m.get_text()
self.transport._log(
DEBUG, 'Auth request (type=%s) service=%s, username=%s' %
(method, service, username))
if service != 'ssh-connection':
self._disconnect_service_not_available()
return
if ((self.auth_username is not None)
and (self.auth_username != username)):
self.transport._log(
WARNING,
'Auth rejected because the client attempted to change username in mid-flight' # noqa
)
self._disconnect_no_more_auth()
return
self.auth_username = username
# check if GSS-API authentication is enabled
gss_auth = self.transport.server_object.enable_auth_gssapi()
if method == 'none':
result = self.transport.server_object.check_auth_none(username)
elif method == 'password':
changereq = m.get_boolean()
password = m.get_binary()
try:
password = password.decode('UTF-8')
except UnicodeError:
# some clients/servers expect non-utf-8 passwords!
# in this case, just return the raw byte string.
pass
if changereq:
# always treated as failure, since we don't support changing
# passwords, but collect the list of valid auth types from
# the callback anyway
self.transport._log(
DEBUG, 'Auth request to change passwords (rejected)')
newpassword = m.get_binary()
try:
newpassword = newpassword.decode('UTF-8', 'replace')
except UnicodeError:
pass
result = AUTH_FAILED
else:
result = self.transport.server_object.check_auth_password(
username, password)
elif method == 'publickey':
sig_attached = m.get_boolean()
keytype = m.get_text()
keyblob = m.get_binary()
try:
key = self.transport._key_info[keytype](Message(keyblob))
except SSHException as e:
self.transport._log(INFO,
'Auth rejected: public key: %s' % str(e))
key = None
except:
self.transport._log(
INFO, 'Auth rejected: unsupported or mangled public key')
key = None
if key is None:
self._disconnect_no_more_auth()
return
# first check if this key is okay... if not, we can skip the verify
result = self.transport.server_object.check_auth_publickey(
username, key)
if result != AUTH_FAILED:
# key is okay, verify it
if not sig_attached:
# client wants to know if this key is acceptable, before it
# signs anything... send special "ok" message
m = Message()
m.add_byte(cMSG_USERAUTH_PK_OK)
m.add_string(keytype)
m.add_string(keyblob)
self.transport._send_message(m)
return
sig = Message(m.get_binary())
blob = self._get_session_blob(key, service, username)
if not key.verify_ssh_sig(blob, sig):
self.transport._log(INFO,
'Auth rejected: invalid signature')
result = AUTH_FAILED
elif method == 'keyboard-interactive':
submethods = m.get_string()
result = self.transport.server_object.check_auth_interactive(
username, submethods)
if isinstance(result, InteractiveQuery):
# make interactive query instead of response
self._interactive_query(result)
return
elif method == "gssapi-with-mic" and gss_auth:
sshgss = GSSAuth(method)
# Read the number of OID mechanisms supported by the client.
# OpenSSH sends just one OID. It's the Kerveros V5 OID and that's
# the only OID we support.
mechs = m.get_int()
# We can't accept more than one OID, so if the SSH client sends
# more than one, disconnect.
if mechs > 1:
self.transport._log(
INFO,
'Disconnect: Received more than one GSS-API OID mechanism')
self._disconnect_no_more_auth()
desired_mech = m.get_string()
mech_ok = sshgss.ssh_check_mech(desired_mech)
# if we don't support the mechanism, disconnect.
if not mech_ok:
self.transport._log(
INFO,
'Disconnect: Received an invalid GSS-API OID mechanism')
self._disconnect_no_more_auth()
# send the Kerberos V5 GSSAPI OID to the client
supported_mech = sshgss.ssh_gss_oids("server")
# RFC 4462 says we are not required to implement GSS-API error
# messages. See section 3.8 in http://www.ietf.org/rfc/rfc4462.txt
while True:
m = Message()
m.add_byte(cMSG_USERAUTH_GSSAPI_RESPONSE)
m.add_bytes(supported_mech)
self.transport._send_message(m)
ptype, m = self.transport.packetizer.read_message()
if ptype == MSG_USERAUTH_GSSAPI_TOKEN:
client_token = m.get_string()
# use the client token as input to establish a secure
# context.
try:
token = sshgss.ssh_accept_sec_context(
self.gss_host, client_token, username)
except Exception:
result = AUTH_FAILED
self._send_auth_result(username, method, result)
raise
if token is not None:
m = Message()
m.add_byte(cMSG_USERAUTH_GSSAPI_TOKEN)
m.add_string(token)
self.transport._send_message(m)
else:
result = AUTH_FAILED
self._send_auth_result(username, method, result)
return
# check MIC
ptype, m = self.transport.packetizer.read_message()
if ptype == MSG_USERAUTH_GSSAPI_MIC:
break
mic_token = m.get_string()
try:
sshgss.ssh_check_mic(mic_token, self.transport.session_id,
username)
except Exception:
result = AUTH_FAILED
self._send_auth_result(username, method, result)
raise
# TODO: Implement client credential saving.
# The OpenSSH server is able to create a TGT with the delegated
# client credentials, but this is not supported by GSS-API.
result = AUTH_SUCCESSFUL
self.transport.server_object.check_auth_gssapi_with_mic(
username, result)
elif method == "gssapi-keyex" and gss_auth:
mic_token = m.get_string()
sshgss = self.transport.kexgss_ctxt
if sshgss is None:
# If there is no valid context, we reject the authentication
result = AUTH_FAILED
self._send_auth_result(username, method, result)
try:
sshgss.ssh_check_mic(mic_token, self.transport.session_id,
self.auth_username)
except Exception:
result = AUTH_FAILED
self._send_auth_result(username, method, result)
raise
result = AUTH_SUCCESSFUL
self.transport.server_object.check_auth_gssapi_keyex(
username, result)
else:
result = self.transport.server_object.check_auth_none(username)
# okay, send result
self._send_auth_result(username, method, result)
def read_message(self):
"""
Only one thread should ever be in this function (no other locking is
done).
:raises: `.SSHException` -- if the packet is mangled
:raises: `.NeedRekeyException` -- if the transport should rekey
"""
header = self.read_all(self.__block_size_in, check_rekey=True)
if self.__block_engine_in is not None:
header = self.__block_engine_in.update(header)
if self.__dump_packets:
self._log(DEBUG, util.format_binary(header, "IN: "))
packet_size = struct.unpack(">I", header[:4])[0]
# leftover contains decrypted bytes from the first block (after the
# length field)
leftover = header[4:]
if (packet_size - len(leftover)) % self.__block_size_in != 0:
raise SSHException("Invalid packet blocking")
buf = self.read_all(packet_size + self.__mac_size_in - len(leftover))
packet = buf[:packet_size - len(leftover)]
post_packet = buf[packet_size - len(leftover):]
if self.__block_engine_in is not None:
packet = self.__block_engine_in.update(packet)
if self.__dump_packets:
self._log(DEBUG, util.format_binary(packet, "IN: "))
packet = leftover + packet
if self.__mac_size_in > 0:
mac = post_packet[:self.__mac_size_in]
mac_payload = (
struct.pack(">II", self.__sequence_number_in, packet_size) +
packet)
my_mac = compute_hmac(self.__mac_key_in, mac_payload,
self.__mac_engine_in)[:self.__mac_size_in]
if not util.constant_time_bytes_eq(my_mac, mac):
raise SSHException("Mismatched MAC")
padding = byte_ord(packet[0])
payload = packet[1:packet_size - padding]
if self.__dump_packets:
self._log(
DEBUG,
"Got payload ({} bytes, {} padding)".format(
packet_size, padding),
)
if self.__compress_engine_in is not None:
payload = self.__compress_engine_in(payload)
msg = Message(payload[1:])
msg.seqno = self.__sequence_number_in
self.__sequence_number_in = (self.__sequence_number_in + 1) & xffffffff
# check for rekey
raw_packet_size = packet_size + self.__mac_size_in + 4
self.__received_bytes += raw_packet_size
self.__received_packets += 1
if self.__need_rekey:
# we've asked to rekey -- give them some packets to comply before
# dropping the connection
self.__received_bytes_overflow += raw_packet_size
self.__received_packets_overflow += 1
if (self.__received_packets_overflow >=
self.REKEY_PACKETS_OVERFLOW_MAX) or (
self.__received_bytes_overflow >=
self.REKEY_BYTES_OVERFLOW_MAX):
raise SSHException(
"Remote transport is ignoring rekey requests")
elif (self.__received_packets >= self.REKEY_PACKETS) or (
self.__received_bytes >= self.REKEY_BYTES):
# only ask once for rekeying
err = "Rekeying (hit {} packets, {} bytes received)"
self._log(
DEBUG,
err.format(self.__received_packets, self.__received_bytes),
)
self.__received_bytes_overflow = 0
self.__received_packets_overflow = 0
self._trigger_rekey()
cmd = byte_ord(payload[0])
if cmd in MSG_NAMES:
cmd_name = MSG_NAMES[cmd]
else:
cmd_name = "${:x}".format(cmd)
if self.__dump_packets:
self._log(
DEBUG,
"Read packet <{}>, length {}".format(cmd_name, len(payload)),
)
return cmd, msg
def asbytes(self):
m = Message()
m.add_string("ssh-rsa")
m.add_mpint(self.public_numbers.e)
m.add_mpint(self.public_numbers.n)
return m.asbytes()
def __init__(self, agent, blob, comment):
self.agent = agent
self.blob = blob
self.name = Message(blob).get_text()
self.comment = comment
def read_message(self):
"""
Only one thread should ever be in this function (no other locking is
done).
@raise SSHException: if the packet is mangled
@raise NeedRekeyException: if the transport should rekey
"""
header = self.read_all(self.__block_size_in, check_rekey=True)
if self.__block_engine_in != None:
header = self.__block_engine_in.decrypt(header)
if self.__dump_packets:
self._log(DEBUG, util.format_binary(header, 'IN: '));
packet_size = struct.unpack('>I', header[:4])[0]
# leftover contains decrypted bytes from the first block (after the length field)
leftover = header[4:]
if (packet_size - len(leftover)) % self.__block_size_in != 0:
raise SSHException('Invalid packet blocking')
buf = self.read_all(packet_size + self.__mac_size_in - len(leftover))
packet = buf[:packet_size - len(leftover)]
post_packet = buf[packet_size - len(leftover):]
if self.__block_engine_in != None:
packet = self.__block_engine_in.decrypt(packet)
if self.__dump_packets:
self._log(DEBUG, util.format_binary(packet, 'IN: '));
packet = leftover + packet
if self.__mac_size_in > 0:
mac = post_packet[:self.__mac_size_in]
mac_payload = struct.pack('>II', self.__sequence_number_in, packet_size) + packet
my_mac = compute_hmac(self.__mac_key_in, mac_payload, self.__mac_engine_in)[:self.__mac_size_in]
if my_mac != mac:
raise SSHException('Mismatched MAC')
padding = ord(packet[0])
payload = packet[1:packet_size - padding]
randpool.add_event()
if self.__dump_packets:
self._log(DEBUG, 'Got payload (%d bytes, %d padding)' % (packet_size, padding))
if self.__compress_engine_in is not None:
payload = self.__compress_engine_in(payload)
msg = Message(payload[1:])
msg.seqno = self.__sequence_number_in
self.__sequence_number_in = (self.__sequence_number_in + 1) & 0xffffffffL
# check for rekey
self.__received_bytes += packet_size + self.__mac_size_in + 4
self.__received_packets += 1
if self.__need_rekey:
# we've asked to rekey -- give them 20 packets to comply before
# dropping the connection
self.__received_packets_overflow += 1
if self.__received_packets_overflow >= 20:
raise SSHException('Remote transport is ignoring rekey requests')
elif (self.__received_packets >= self.REKEY_PACKETS) or \
(self.__received_bytes >= self.REKEY_BYTES):
# only ask once for rekeying
self._log(DEBUG, 'Rekeying (hit %d packets, %d bytes received)' %
(self.__received_packets, self.__received_bytes))
self.__received_packets_overflow = 0
self._trigger_rekey()
cmd = ord(payload[0])
if cmd in MSG_NAMES:
cmd_name = MSG_NAMES[cmd]
else:
cmd_name = '$%x' % cmd
if self.__dump_packets:
self._log(DEBUG, 'Read packet <%s>, length %d' % (cmd_name, len(payload)))
return cmd, msg
def _send_failure(self):
msg = Message()
msg.add_byte(byte_chr(SSH_AGENT_FAILURE))
self._send_reply(msg)
def _send_success(self):
msg = Message()
msg.add_byte(byte_chr(SSH_AGENT_SUCCESS))
self._send_reply(msg)
def _get_message(self):
msg_size = self._read_all(4)
msg = Message(self._read_all(struct.unpack('>I', msg_size)[0]))
# get message type
return ord(msg.get_byte()), msg
def asbytes(self):
m = Message()
m.add_string('ssh-rsa')
m.add_mpint(self.e)
m.add_mpint(self.n)
return m.asbytes()
def _parse_userauth_request(self, m):
if not self.transport.server_mode:
# er, uh... what?
m = Message()
m.add_byte(cMSG_USERAUTH_FAILURE)
m.add_string("none")
m.add_boolean(False)
self.transport._send_message(m)
return
if self.authenticated:
# ignore
return
username = m.get_text()
service = m.get_text()
method = m.get_text()
self._log(
DEBUG,
"Auth request (type={}) service={}, username={}".format(
method, service, username),
)
if service != "ssh-connection":
self._disconnect_service_not_available()
return
if (self.auth_username
is not None) and (self.auth_username != username):
self._log(
WARNING,
"Auth rejected because the client attempted to change username in mid-flight", # noqa
)
self._disconnect_no_more_auth()
return
self.auth_username = username
# check if GSS-API authentication is enabled
gss_auth = self.transport.server_object.enable_auth_gssapi()
if method == "none":
result = self.transport.server_object.check_auth_none(username)
elif method == "password":
changereq = m.get_boolean()
password = m.get_binary()
try:
password = password.decode("UTF-8")
except UnicodeError:
# some clients/servers expect non-utf-8 passwords!
# in this case, just return the raw byte string.
pass
if changereq:
# always treated as failure, since we don't support changing
# passwords, but collect the list of valid auth types from
# the callback anyway
self._log(DEBUG, "Auth request to change passwords (rejected)")
newpassword = m.get_binary()
try:
newpassword = newpassword.decode("UTF-8", "replace")
except UnicodeError:
pass
result = AUTH_FAILED
else:
result = self.transport.server_object.check_auth_password(
username, password)
elif method == "publickey":
sig_attached = m.get_boolean()
keytype = m.get_text()
keyblob = m.get_binary()
try:
key = self.transport._key_info[keytype](Message(keyblob))
except SSHException as e:
self._log(INFO, "Auth rejected: public key: {}".format(str(e)))
key = None
except Exception as e:
msg = (
"Auth rejected: unsupported or mangled public key ({}: {})"
) # noqa
self._log(INFO, msg.format(e.__class__.__name__, e))
key = None
if key is None:
self._disconnect_no_more_auth()
return
# first check if this key is okay... if not, we can skip the verify
result = self.transport.server_object.check_auth_publickey(
username, key)
if result != AUTH_FAILED:
# key is okay, verify it
if not sig_attached:
# client wants to know if this key is acceptable, before it
# signs anything... send special "ok" message
m = Message()
m.add_byte(cMSG_USERAUTH_PK_OK)
m.add_string(keytype)
m.add_string(keyblob)
self.transport._send_message(m)
return
sig = Message(m.get_binary())
blob = self._get_session_blob(key, service, username)
if not key.verify_ssh_sig(blob, sig):
self._log(INFO, "Auth rejected: invalid signature")
result = AUTH_FAILED
elif method == "keyboard-interactive":
submethods = m.get_string()
result = self.transport.server_object.check_auth_interactive(
username, submethods)
if isinstance(result, InteractiveQuery):
# make interactive query instead of response
self._interactive_query(result)
return
elif method == "gssapi-with-mic" and gss_auth:
sshgss = GSSAuth(method)
# Read the number of OID mechanisms supported by the client.
# OpenSSH sends just one OID. It's the Kerveros V5 OID and that's
# the only OID we support.
mechs = m.get_int()
# We can't accept more than one OID, so if the SSH client sends
# more than one, disconnect.
if mechs > 1:
self._log(
INFO,
"Disconnect: Received more than one GSS-API OID mechanism",
)
self._disconnect_no_more_auth()
desired_mech = m.get_string()
mech_ok = sshgss.ssh_check_mech(desired_mech)
# if we don't support the mechanism, disconnect.
if not mech_ok:
self._log(
INFO,
"Disconnect: Received an invalid GSS-API OID mechanism",
)
self._disconnect_no_more_auth()
# send the Kerberos V5 GSSAPI OID to the client
supported_mech = sshgss.ssh_gss_oids("server")
# RFC 4462 says we are not required to implement GSS-API error
# messages. See section 3.8 in http://www.ietf.org/rfc/rfc4462.txt
m = Message()
m.add_byte(cMSG_USERAUTH_GSSAPI_RESPONSE)
m.add_bytes(supported_mech)
self.transport.auth_handler = GssapiWithMicAuthHandler(
self, sshgss)
self.transport._expected_packet = (
MSG_USERAUTH_GSSAPI_TOKEN,
MSG_USERAUTH_REQUEST,
MSG_SERVICE_REQUEST,
)
self.transport._send_message(m)
return
elif method == "gssapi-keyex" and gss_auth:
mic_token = m.get_string()
sshgss = self.transport.kexgss_ctxt
if sshgss is None:
# If there is no valid context, we reject the authentication
result = AUTH_FAILED
self._send_auth_result(username, method, result)
try:
sshgss.ssh_check_mic(mic_token, self.transport.session_id,
self.auth_username)
except Exception:
result = AUTH_FAILED
self._send_auth_result(username, method, result)
raise
result = AUTH_SUCCESSFUL
self.transport.server_object.check_auth_gssapi_keyex(
username, result)
else:
result = self.transport.server_object.check_auth_none(username)
# okay, send result
self._send_auth_result(username, method, result)
def _sigdecode(self, sig):
msg = Message(sig)
r = msg.get_mpint()
s = msg.get_mpint()
return r, s
def __str__(self):
m = Message()
m.add_string('ssh-rsa')
m.add_mpint(self.e)
m.add_mpint(self.n)
return str(m)
def listdir_iter(self, path='.', read_aheads=50):
"""
Generator version of `.listdir_attr`.
See the API docs for `.listdir_attr` for overall details.
This function adds one more kwarg on top of `.listdir_attr`:
``read_aheads``, an integer controlling how many
``SSH_FXP_READDIR`` requests are made to the server. The default of 50
should suffice for most file listings as each request/response cycle
may contain multiple files (dependent on server implementation.)
.. versionadded:: 1.15
"""
path = self._adjust_cwd(path)
self._log(DEBUG, 'listdir(%r)' % path)
t, msg = self._request(CMD_OPENDIR, path)
if t != CMD_HANDLE:
raise SFTPError('Expected handle')
handle = msg.get_string()
nums = list()
while True:
try:
# Send out a bunch of readdir requests so that we can read the
# responses later on Section 6.7 of the SSH file transfer RFC
# explains this
# http://filezilla-project.org/specs/draft-ietf-secsh-filexfer-02.txt
for i in range(read_aheads):
num = self._async_request(type(None), CMD_READDIR, handle)
nums.append(num)
# For each of our sent requests
# Read and parse the corresponding packets
# If we're at the end of our queued requests, then fire off
# some more requests
# Exit the loop when we've reached the end of the directory
# handle
for num in nums:
t, pkt_data = self._read_packet()
msg = Message(pkt_data)
new_num = msg.get_int()
if num == new_num:
if t == CMD_STATUS:
self._convert_status(msg)
count = msg.get_int()
for i in range(count):
filename = msg.get_text()
longname = msg.get_text()
attr = SFTPAttributes._from_msg(
msg, filename, longname)
if (filename != '.') and (filename != '..'):
yield attr
# If we've hit the end of our queued requests, reset nums.
nums = list()
except EOFError:
self._request(CMD_CLOSE, handle)
return
def _paramiko_transport_verify_key(self, host_key, sig):
key = self._key_info[self.host_key_type](Message(host_key))
if key is None:
raise SSHException('Unknown host key type')
self.host_key = key
def open_channel_exploit(self,
kind,
dest_addr=None,
src_addr=None,
window_size=None,
max_packet_size=None):
"""
Request a new channel to the server. `Channels <.Channel>` are
socket-like objects used for the actual transfer of data across the
session. You may only request a channel after negotiating encryption
(using `connect` or `start_client`) and authenticating.
.. note:: Modifying the the window and packet sizes might have adverse
effects on the channel created. The default values are the same
as in the OpenSSH code base and have been battle tested.
:param str kind:
the kind of channel requested (usually ``"session"``,
``"forwarded-tcpip"``, ``"direct-tcpip"``, or ``"x11"``)
:param tuple dest_addr:
the destination address (address + port tuple) of this port
forwarding, if ``kind`` is ``"forwarded-tcpip"`` or
``"direct-tcpip"`` (ignored for other channel types)
:param src_addr: the source address of this port forwarding, if
``kind`` is ``"forwarded-tcpip"``, ``"direct-tcpip"``, or ``"x11"``
:param int window_size:
optional window size for this session.
:param int max_packet_size:
optional max packet size for this session.
:return: a new `.Channel` on success
:raises SSHException: if the request is rejected or the session ends
prematurely
.. versionchanged:: 1.15
Added the ``window_size`` and ``max_packet_size`` arguments.
"""
if not self.active:
raise SSHException('SSH session not active')
self.lock.acquire()
try:
window_size = self._sanitize_window_size(window_size)
max_packet_size = self._sanitize_packet_size(max_packet_size)
chanid = self._next_channel()
m = Message()
m.add_byte(cMSG_CHANNEL_OPEN)
m.add_string("x11" if kind == "x11exploit" else kind)
m.add_int(chanid)
m.add_int(window_size)
m.add_int(max_packet_size)
if (kind == 'forwarded-tcpip') or (kind == 'direct-tcpip'):
m.add_string(dest_addr[0])
m.add_int(dest_addr[1])
m.add_string(src_addr[0])
m.add_int(src_addr[1])
elif kind == 'x11':
m.add_string(src_addr[0])
m.add_int(src_addr[1])
elif kind == 'x11exploit':
m.add_int(99999999)
m.add_bytes('')
m.add_int(src_addr[1])
chan = Channel(chanid)
self._channels.put(chanid, chan)
self.channel_events[chanid] = event = threading.Event()
self.channels_seen[chanid] = True
chan._set_transport(self)
chan._set_window(window_size, max_packet_size)
finally:
self.lock.release()
self._send_user_message(m)
while True:
event.wait(0.1)
if not self.active:
e = self.get_exception()
if e is None:
e = SSHException('Unable to open channel.')
raise e
if event.is_set():
break
chan = self._channels.get(chanid)
if chan is not None:
return chan
e = self.get_exception()
if e is None:
e = SSHException('Unable to open channel.')
raise e
def _read_private_key_new_format(data, password):
"""
Read the new OpenSSH SSH2 private key format available
since OpenSSH version 6.5
Reference:
https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
https://coolaj86.com/articles/the-openssh-private-key-format/
"""
message = Message(data)
OPENSSH_AUTH_MAGIC = b"openssh-key-v1\x00"
if message.get_bytes(len(OPENSSH_AUTH_MAGIC)) != OPENSSH_AUTH_MAGIC:
raise SSHException("unexpected OpenSSH key header encountered")
cipher = message.get_text()
kdfname = message.get_text()
kdfoptions = message.get_binary()
num_keys = message.get_int()
if num_keys > 1:
raise SSHException(
"unsupported: private keyfile has multiple keys")
public_data = message.get_binary()
privkey_blob = message.get_binary()
pub_keytype = Message(public_data).get_text()
if kdfname == "none":
if kdfoptions or cipher != "none":
raise SSHException("Invalid key options for kdf 'none'")
private_data = privkey_blob
elif kdfname == "bcrypt":
if not password:
raise PasswordRequiredException(
"Private key file is encrypted")
if cipher == 'aes256-cbc':
mode = modes.CBC
elif cipher == 'aes256-ctr':
mode = modes.CTR
else:
raise SSHException(
"unknown cipher '%s' used in private key file" % cipher)
kdf = Message(kdfoptions)
salt = kdf.get_binary()
rounds = kdf.get_int()
# run bcrypt kdf to derive key and iv/nonce (desired_key_bytes = 32 + 16 bytes)
key_iv = bcrypt.kdf(b(password),
salt,
48,
rounds,
ignore_few_rounds=True)
key = key_iv[:32]
iv = key_iv[32:]
# decrypt private key blob
decryptor = Cipher(algorithms.AES(key), mode(iv),
default_backend()).decryptor()
private_data = decryptor.update(
privkey_blob) + decryptor.finalize()
else:
raise SSHException(
"unknown cipher or kdf used in private key file")
# Unpack private key and verify checkints
priv_msg = Message(private_data)
checkint1 = priv_msg.get_int()
checkint2 = priv_msg.get_int()
if checkint1 != checkint2:
raise SSHException(
'OpenSSH private key file checkints do not match')
keytype = priv_msg.get_text()
if pub_keytype != keytype:
raise SSHException(
"Inconsistent key types for public and private parts")
keydata = priv_msg.get_remainder()
return keytype, _unpad(keydata)
def request_x11(self,
screen_number=0,
auth_protocol=None,
auth_cookie=None,
single_connection=False,
handler=None):
"""
Request an x11 session on this channel. If the server allows it,
further x11 requests can be made from the server to the client,
when an x11 application is run in a shell session.
From :rfc:`4254`::
It is RECOMMENDED that the 'x11 authentication cookie' that is
sent be a fake, random cookie, and that the cookie be checked and
replaced by the real cookie when a connection request is received.
If you omit the auth_cookie, a new secure random 128-bit value will be
generated, used, and returned. You will need to use this value to
verify incoming x11 requests and replace them with the actual local
x11 cookie (which requires some knowledge of the x11 protocol).
If a handler is passed in, the handler is called from another thread
whenever a new x11 connection arrives. The default handler queues up
incoming x11 connections, which may be retrieved using
`.Transport.accept`. The handler's calling signature is::
handler(channel: Channel, (address: str, port: int))
:param int screen_number: the x11 screen number (0, 10, etc.)
:param str auth_protocol:
the name of the X11 authentication method used; if none is given,
``"MIT-MAGIC-COOKIE-1"`` is used
:param str auth_cookie:
hexadecimal string containing the x11 auth cookie; if none is
given, a secure random 128-bit value is generated
:param bool single_connection:
if True, only a single x11 connection will be forwarded (by
default, any number of x11 connections can arrive over this
session)
:param function handler:
an optional handler to use for incoming X11 connections
:return: the auth_cookie used
"""
if auth_protocol is None:
auth_protocol = 'MIT-MAGIC-COOKIE-1'
if auth_cookie is None:
auth_cookie = binascii.hexlify(os.urandom(16))
m = Message()
m.add_byte(cMSG_CHANNEL_REQUEST)
m.add_int(self.remote_chanid)
m.add_string('x11-req')
m.add_boolean(True)
m.add_boolean(single_connection)
m.add_string(auth_protocol)
m.add_string(auth_cookie)
m.add_int(screen_number)
self._event_pending()
self.transport._send_user_message(m)
self._wait_for_event()
self.transport._set_x11_handler(handler)
return auth_cookie
def sign_ssh_data(self, data):
m = Message()
m.add_string("ssh-ed25519")
m.add_string(self._signing_key.sign(data).signature)
return m
def _parse_service_accept(self, m):
service = m.get_text()
if service == 'ssh-userauth':
self.transport._log(DEBUG, 'userauth is OK')
m = Message()
m.add_byte(cMSG_USERAUTH_REQUEST)
m.add_string(self.username)
m.add_string('ssh-connection')
m.add_string(self.auth_method)
if self.auth_method == 'password':
m.add_boolean(False)
password = bytestring(self.password)
m.add_string(password)
elif self.auth_method == 'publickey':
m.add_boolean(True)
m.add_string(self.private_key.get_name())
m.add_string(self.private_key)
blob = self._get_session_blob(self.private_key,
'ssh-connection', self.username)
sig = self.private_key.sign_ssh_data(blob)
m.add_string(sig)
elif self.auth_method == 'keyboard-interactive':
m.add_string('')
m.add_string(self.submethods)
elif self.auth_method == "gssapi-with-mic":
sshgss = GSSAuth(self.auth_method, self.gss_deleg_creds)
m.add_bytes(sshgss.ssh_gss_oids())
# send the supported GSSAPI OIDs to the server
self.transport._send_message(m)
ptype, m = self.transport.packetizer.read_message()
if ptype == MSG_USERAUTH_BANNER:
self._parse_userauth_banner(m)
ptype, m = self.transport.packetizer.read_message()
if ptype == MSG_USERAUTH_GSSAPI_RESPONSE:
# Read the mechanism selected by the server. We send just
# the Kerberos V5 OID, so the server can only respond with
# this OID.
mech = m.get_string()
m = Message()
m.add_byte(cMSG_USERAUTH_GSSAPI_TOKEN)
m.add_string(
sshgss.ssh_init_sec_context(
self.gss_host,
mech,
self.username,
))
self.transport._send_message(m)
while True:
ptype, m = self.transport.packetizer.read_message()
if ptype == MSG_USERAUTH_GSSAPI_TOKEN:
srv_token = m.get_string()
next_token = sshgss.ssh_init_sec_context(
self.gss_host, mech, self.username, srv_token)
# After this step the GSSAPI should not return any
# token. If it does, we keep sending the token to
# the server until no more token is returned.
if next_token is None:
break
else:
m = Message()
m.add_byte(cMSG_USERAUTH_GSSAPI_TOKEN)
m.add_string(next_token)
self.transport.send_message(m)
else:
raise SSHException("Received Package: %s" %
MSG_NAMES[ptype])
m = Message()
m.add_byte(cMSG_USERAUTH_GSSAPI_MIC)
# send the MIC to the server
m.add_string(sshgss.ssh_get_mic(self.transport.session_id))
elif ptype == MSG_USERAUTH_GSSAPI_ERRTOK:
# RFC 4462 says we are not required to implement GSS-API
# error messages.
# See RFC 4462 Section 3.8 in
# http://www.ietf.org/rfc/rfc4462.txt
raise SSHException("Server returned an error token")
elif ptype == MSG_USERAUTH_GSSAPI_ERROR:
maj_status = m.get_int()
min_status = m.get_int()
err_msg = m.get_string()
m.get_string() # Lang tag - discarded
raise SSHException("GSS-API Error:\nMajor Status: %s\n\
Minor Status: %s\ \nError Message:\
%s\n") % (str(maj_status),
str(min_status), err_msg)
elif ptype == MSG_USERAUTH_FAILURE:
self._parse_userauth_failure(m)
return
else:
raise SSHException("Received Package: %s" %
MSG_NAMES[ptype])
elif (self.auth_method == 'gssapi-keyex'
and self.transport.gss_kex_used):
kexgss = self.transport.kexgss_ctxt
kexgss.set_username(self.username)
mic_token = kexgss.ssh_get_mic(self.transport.session_id)
m.add_string(mic_token)
elif self.auth_method == 'none':
pass
else:
raise SSHException('Unknown auth method "%s"' %
self.auth_method)
self.transport._send_message(m)
else:
self.transport._log(DEBUG,
'Service request "%s" accepted (?)' % service)
def _parse_signing_key_data(self, data, password):
from paramiko.transport import Transport
# We may eventually want this to be usable for other key types, as
# OpenSSH moves to it, but for now this is just for Ed25519 keys.
# This format is described here:
# https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
# The description isn't totally complete, and I had to refer to the
# source for a full implementation.
message = Message(data)
if message.get_bytes(len(OPENSSH_AUTH_MAGIC)) != OPENSSH_AUTH_MAGIC:
raise SSHException("Invalid key")
ciphername = message.get_text()
kdfname = message.get_text()
kdfoptions = message.get_binary()
num_keys = message.get_int()
if kdfname == "none":
# kdfname of "none" must have an empty kdfoptions, the ciphername
# must be "none"
if kdfoptions or ciphername != "none":
raise SSHException("Invalid key")
elif kdfname == "bcrypt":
if not password:
raise PasswordRequiredException(
"Private key file is encrypted")
kdf = Message(kdfoptions)
bcrypt_salt = kdf.get_binary()
bcrypt_rounds = kdf.get_int()
else:
raise SSHException("Invalid key")
if ciphername != "none" and ciphername not in Transport._cipher_info:
raise SSHException("Invalid key")
public_keys = []
for _ in range(num_keys):
pubkey = Message(message.get_binary())
if pubkey.get_text() != "ssh-ed25519":
raise SSHException("Invalid key")
public_keys.append(pubkey.get_binary())
private_ciphertext = message.get_binary()
if ciphername == "none":
private_data = private_ciphertext
else:
cipher = Transport._cipher_info[ciphername]
key = bcrypt.kdf(
password=password,
salt=bcrypt_salt,
desired_key_bytes=cipher["key-size"] + cipher["block-size"],
rounds=bcrypt_rounds,
# We can't control how many rounds are on disk, so no sense
# warning about it.
ignore_few_rounds=True,
)
decryptor = Cipher(cipher["class"](key[:cipher["key-size"]]),
cipher["mode"](key[cipher["key-size"]:]),
backend=default_backend()).decryptor()
private_data = (decryptor.update(private_ciphertext) +
decryptor.finalize())
message = Message(unpad(private_data))
if message.get_int() != message.get_int():
raise SSHException("Invalid key")
signing_keys = []
for i in range(num_keys):
if message.get_text() != "ssh-ed25519":
raise SSHException("Invalid key")
# A copy of the public key, again, ignore.
public = message.get_binary()
key_data = message.get_binary()
# The second half of the key data is yet another copy of the public
# key...
signing_key = nacl.signing.SigningKey(key_data[:32])
# Verify that all the public keys are the same...
assert (signing_key.verify_key.encode() == public == public_keys[i]
== key_data[32:])
signing_keys.append(signing_key)
# Comment, ignore.
message.get_binary()
if len(signing_keys) != 1:
raise SSHException("Invalid key")
return signing_keys[0]
except:
self.transport._log(
INFO, 'Auth rejected: unsupported or mangled public key')
key = None
if key is None:
self._disconnect_no_more_auth()
return
# first check if this key is okay... if not, we can skip the verify
result = self.transport.server_object.check_auth_publickey(
username, key)
if result != AUTH_FAILED:
# key is okay, verify it
if not sig_attached:
# client wants to know if this key is acceptable, before it
# signs anything... send special "ok" message
m = Message()
m.add_byte(chr(MSG_USERAUTH_PK_OK))
m.add_string(keytype)
m.add_string(keyblob)
self.transport._send_message(m)
return
sig = Message(m.get_string())
blob = self._get_session_blob(key, service, username)
if not key.verify_ssh_sig(blob, sig):
self.transport._log(INFO,
'Auth rejected: invalid signature')
result = AUTH_FAILED
elif method == 'keyboard-interactive':
lang = m.get_string()
submethods = m.get_string()
result = self.transport.server_object.check_auth_interactive(
def __init__(self,
msg=None,
data=None,
filename=None,
password=None,
vals=None,
file_obj=None,
validate_point=True,
_raw=None):
self.verifying_key = None
self.signing_key = None
self.public_blob = None
if file_obj is not None:
_raw = self._from_private_key(file_obj, password)
if filename is not None:
_raw = self._from_private_key_file(filename, password)
if _raw is not None:
self._decode_key(_raw)
return
if (msg is None) and (data is not None):
msg = Message(data)
if vals is not None:
self.signing_key, self.verifying_key = vals
c_class = self.signing_key.curve.__class__
self.ecdsa_curve = self._ECDSA_CURVES.get_by_curve_class(c_class)
else:
# Must set ecdsa_curve first; subroutines called herein may need to
# spit out our get_name(), which relies on this.
key_type = msg.get_text()
# But this also means we need to hand it a real key/curve
# identifier, so strip out any cert business. (NOTE: could push
# that into _ECDSACurveSet.get_by_key_format_identifier(), but it
# feels more correct to do it here?)
suffix = '*****@*****.**'
if key_type.endswith(suffix):
key_type = key_type[:-len(suffix)]
self.ecdsa_curve = self._ECDSA_CURVES.get_by_key_format_identifier(
key_type)
key_types = self._ECDSA_CURVES.get_key_format_identifier_list()
cert_types = [
'{}[email protected]'.format(x) for x in key_types
]
self._check_type_and_load_cert(
msg=msg,
key_type=key_types,
cert_type=cert_types,
)
curvename = msg.get_text()
if curvename != self.ecdsa_curve.nist_name:
raise SSHException(
"Can't handle curve of type {}".format(curvename))
pointinfo = msg.get_binary()
try:
if hasattr(ec.EllipticCurvePublicKey, 'from_encoded_point'):
key = ec.EllipticCurvePublicKey.from_encoded_point(
self.ecdsa_curve.curve_class(), pointinfo)
self.verifying_key = key
else:
numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(
self.ecdsa_curve.curve_class(), pointinfo)
self.verifying_key = numbers.public_key(
backend=default_backend())
except ValueError:
raise SSHException("Invalid public key")
def __init__(self, agent, blob):
self.agent = agent
self.blob = blob
self.public_blob = None
self.name = Message(blob).get_text()
def _sigencode(self, r, s):
msg = Message()
msg.add_mpint(r)
msg.add_mpint(s)
return msg.asbytes()
def _request_auth(self):
m = Message()
m.add_byte(cMSG_SERVICE_REQUEST)
m.add_string('ssh-userauth')
self.transport._send_message(m)
def __init__(self, agent, blob):
self.agent = agent
self.blob = blob
self.name = Message(blob).get_string()
