def _new_connection(self, listener, *args): if self._closing: netlog.warn("ignoring new connection during shutdown") return False socktype = self.socket_types.get(listener) assert socktype, "cannot find socket type for %s" % listener try: sock, address = listener.accept() except socket.error as e: netlog.error("Error: cannot accept new connection:") netlog.error(" %s", e) return True if len(self._potential_protocols)>=self._max_connections: netlog.error("too many connections (%s), ignoring new one", len(self._potential_protocols)) sock.close() return True try: peername = sock.getpeername() except: peername = str(address) sockname = sock.getsockname() target = peername or sockname sock.settimeout(self._socket_timeout) netlog("new_connection(%s) sock=%s, timeout=%s, sockname=%s, address=%s, peername=%s", args, sock, self._socket_timeout, sockname, address, peername) conn = SocketConnection(sock, sockname, address, target, socktype) netlog("socket connection: %s", conn) frominfo = "" if peername: frominfo = " from %s" % pretty_socket(peername) elif socktype=="unix-domain": frominfo = " on %s" % sockname return self.make_protocol(socktype, conn, frominfo)
def _new_connection(self, listener, *args): if self._closing: netlog.warn("ignoring new connection during shutdown") return False socktype = self.socket_types.get(listener) assert socktype, "cannot find socket type for %s" % listener try: sock, address = listener.accept() except socket.error as e: netlog.error("Error: cannot accept new connection:") netlog.error(" %s", e) return True if len(self._potential_protocols) >= self._max_connections: netlog.error("too many connections (%s), ignoring new one", len(self._potential_protocols)) sock.close() return True try: peername = sock.getpeername() except: peername = str(address) sockname = sock.getsockname() target = peername or sockname sock.settimeout(self._socket_timeout) netlog( "new_connection(%s) sock=%s, timeout=%s, sockname=%s, address=%s, peername=%s", args, sock, self._socket_timeout, sockname, address, peername) conn = SocketConnection(sock, sockname, address, target, socktype) netlog("socket connection: %s", conn) frominfo = "" if peername: frominfo = " from %s" % pretty_socket(peername) elif socktype == "unix-domain": frominfo = " on %s" % sockname return self.make_protocol(socktype, conn, frominfo)
def _new_connection(self, listener, *args): if self._closing: netlog.warn("ignoring new connection during shutdown") return False socktype = self.socket_types.get(listener) assert socktype, "cannot find socket type for %s" % listener sock, address = listener.accept() if len(self._potential_protocols) >= self._max_connections: netlog.error("too many connections (%s), ignoring new one", len(self._potential_protocols)) sock.close() return True try: peername = sock.getpeername() except: peername = str(address) sockname = sock.getsockname() target = peername or sockname sock.settimeout(self._socket_timeout) netlog( "new_connection(%s) sock=%s, timeout=%s, sockname=%s, address=%s, peername=%s", args, sock, self._socket_timeout, sockname, address, peername) sc = SocketConnection(sock, sockname, address, target, socktype) netlog("socket connection: %s", sc) frominfo = "" if peername: frominfo = " from %s" % pretty_socket(peername) elif socktype == "unix-domain": frominfo = " on %s" % sockname netlog.info("New %s connection received%s", socktype, frominfo) protocol = Protocol(self, sc, self.process_packet) self._potential_protocols.append(protocol) protocol.large_packets.append("info-response") protocol.challenge_sent = False protocol.authenticator = None if socktype == "tcp": protocol.auth_class = self.tcp_auth_class protocol.encryption = self.tcp_encryption protocol.keyfile = self.tcp_encryption_keyfile else: protocol.auth_class = self.auth_class protocol.encryption = self.encryption protocol.keyfile = self.encryption_keyfile protocol.socket_type = socktype protocol.invalid_header = self.invalid_header protocol.receive_aliases.update(self._aliases) authlog("socktype=%s, auth class=%s, encryption=%s, keyfile=%s", socktype, protocol.auth_class, protocol.encryption, protocol.keyfile) if protocol.encryption and ENCRYPT_FIRST_PACKET: password = self.get_encryption_key(None, protocol.keyfile) protocol.set_cipher_in(protocol.encryption, DEFAULT_IV, password, DEFAULT_SALT, DEFAULT_ITERATIONS, INITIAL_PADDING) protocol.start() self.timeout_add(SOCKET_TIMEOUT * 1000, self.verify_connection_accepted, protocol) return True
def get_challenge_prompt(self): text = "Please enter the password" try: from xpra.net.bytestreams import pretty_socket conn = self._protocol._conn text += " for %s server %s" % (conn.socktype, pretty_socket(conn.remote)) except: pass return text
def get_challenge_prompt(self, prompt="password"): text = "Please enter the %s" % (prompt, ) try: from xpra.net.bytestreams import pretty_socket conn = self._protocol._conn text += " for user '%s',\n connecting to %s server %s" % ( self.username, conn.socktype, pretty_socket(conn.remote)) except: pass return text
def _new_connection(self, listener, *args): if self._closing: netlog.warn("ignoring new connection during shutdown") return False socktype = self.socket_types.get(listener) assert socktype, "cannot find socket type for %s" % listener sock, address = listener.accept() if len(self._potential_protocols)>=self._max_connections: netlog.error("too many connections (%s), ignoring new one", len(self._potential_protocols)) sock.close() return True try: peername = sock.getpeername() except: peername = str(address) sockname = sock.getsockname() target = peername or sockname sock.settimeout(self._socket_timeout) netlog("new_connection(%s) sock=%s, timeout=%s, sockname=%s, address=%s, peername=%s", args, sock, self._socket_timeout, sockname, address, peername) sc = SocketConnection(sock, sockname, address, target, socktype) netlog("socket connection: %s", sc) frominfo = "" if peername: frominfo = " from %s" % pretty_socket(peername) elif socktype=="unix-domain": frominfo = " on %s" % sockname netlog.info("New %s connection received%s", socktype, frominfo) protocol = Protocol(self, sc, self.process_packet) self._potential_protocols.append(protocol) protocol.large_packets.append("info-response") protocol.challenge_sent = False protocol.authenticator = None if socktype=="tcp": protocol.auth_class = self.tcp_auth_class protocol.encryption = self.tcp_encryption protocol.keyfile = self.tcp_encryption_keyfile else: protocol.auth_class = self.auth_class protocol.encryption = self.encryption protocol.keyfile = self.encryption_keyfile protocol.socket_type = socktype protocol.invalid_header = self.invalid_header protocol.receive_aliases.update(self._aliases) authlog("socktype=%s, auth class=%s, encryption=%s, keyfile=%s", socktype, protocol.auth_class, protocol.encryption, protocol.keyfile) if protocol.encryption and ENCRYPT_FIRST_PACKET: password = self.get_encryption_key(None, protocol.keyfile) protocol.set_cipher_in(protocol.encryption, DEFAULT_IV, password, DEFAULT_SALT, DEFAULT_ITERATIONS, INITIAL_PADDING) protocol.start() self.timeout_add(SOCKET_TIMEOUT*1000, self.verify_connection_accepted, protocol) return True
def get_tray_title(self) -> list: t = [] if self.session_name or self.server_session_name: t.append(self.session_name or self.server_session_name) p = self._protocol if p: conn = getattr(p, "_conn", None) if conn: from xpra.net.bytestreams import pretty_socket cinfo = conn.get_info() endpoint = pretty_socket(cinfo.get("endpoint", conn.target)).split("?")[0] t.append(endpoint) if not t: t.insert(0, "Xpra") v = "\n".join(str(x) for x in t) log("get_tray_title()=%r (items=%s)", v, tuple(bytestostr(x) for x in t)) return v
def cleanup_sd_listen_socket(): log.info("closing sd listen socket %s", pretty_socket(addr)) try: sock.close() except OSError: pass
def make_ssh_server_connection(conn, password_auth=None): log("make_ssh_server_connection(%s)", conn) ssh_server = SSHServer(password_auth=password_auth) DoGSSAPIKeyExchange = False t = None def close(): if t: log("close() closing %s", t) try: t.close() except Exception: log("%s.close()", t, exc_info=True) log("close() closing %s", conn) try: conn.close() except Exception: log("%s.close()", conn) ssh_key_dirs = get_ssh_conf_dirs() log("ssh key dirs=%s", ssh_key_dirs) try: t = paramiko.Transport(conn._socket, gss_kex=DoGSSAPIKeyExchange) t.set_gss_host(socket.getfqdn("")) host_keys = {} log("trying to load ssh host keys from: %s", csv(ssh_key_dirs)) for d in ssh_key_dirs: fd = osexpand(d) log("osexpand(%s)=%s", d, fd) if not os.path.exists(fd) or not os.path.isdir(fd): log("ssh host key directory '%s' is invalid", fd) continue for f in os.listdir(fd): PREFIX = "ssh_host_" SUFFIX = "_key" if f.startswith(PREFIX) and f.endswith(SUFFIX): ff = os.path.join(fd, f) keytype = f[len(PREFIX):-len(SUFFIX)] if keytype: keyclass = getattr(paramiko, "%sKey" % keytype.upper(), None) if keyclass is None: #Ed25519Key keyclass = getattr( paramiko, "%s%sKey" % (keytype[:1].upper(), keytype[1:]), None) if keyclass is None: log( "key type %s is not supported, cannot load '%s'", keytype, ff) continue log("loading %s key from '%s' using %s", keytype, ff, keyclass) try: host_key = keyclass(filename=ff) if host_key not in host_keys: host_keys[host_key] = ff t.add_server_key(host_key) except IOError as e: log("cannot add host key '%s'", ff, exc_info=True) except paramiko.SSHException as e: log("error adding host key '%s'", ff, exc_info=True) log.error("Error: cannot add %s host key '%s':", keytype, ff) log.error(" %s", e) if not host_keys: log.error("Error: cannot start SSH server,") log.error(" no readable SSH host keys found in:") log.error(" %s", csv(ssh_key_dirs)) close() return None log("loaded host keys: %s", tuple(host_keys.values())) t.start_server(server=ssh_server) except (paramiko.SSHException, EOFError) as e: log("failed to start ssh server", exc_info=True) log.error("Error handling SSH connection:") log.error(" %s", e) close() return None try: chan = t.accept(SERVER_WAIT) if chan is None: log.warn("Warning: SSH channel setup failed") #prevent errors trying to access this connection, now likely dead: conn.set_active(False) close() return None except paramiko.SSHException as e: log("failed to open ssh channel", exc_info=True) log.error("Error opening channel:") log.error(" %s", e) close() return None log("client authenticated, channel=%s", chan) ssh_server.event.wait(SERVER_WAIT) log("proxy channel=%s", ssh_server.proxy_channel) if not ssh_server.event.is_set() or not ssh_server.proxy_channel: from xpra.net.bytestreams import pretty_socket log.warn("Warning: timeout waiting for xpra SSH subcommand,") log.warn(" closing connection from %s", pretty_socket(conn.target)) close() return None #log("client authenticated, channel=%s", chan) return SSHSocketConnection(ssh_server.proxy_channel, conn._socket, target="ssh client")
def make_ssh_server_connection(conn, socket_options, none_auth=False, password_auth=None): log("make_ssh_server_connection%s", (conn, socket_options, none_auth, password_auth)) ssh_server = SSHServer(none_auth=none_auth, password_auth=password_auth, options=socket_options) DoGSSAPIKeyExchange = parse_bool( "ssh-gss-key-exchange", socket_options.get("ssh-gss-key-exchange", False), False) sock = conn._socket t = None def close(): if t: log("close() closing %s", t) try: t.close() except Exception: log("%s.close()", t, exc_info=True) log("close() closing %s", conn) try: conn.close() except Exception: log("%s.close()", conn) try: t = paramiko.Transport(sock, gss_kex=DoGSSAPIKeyExchange) gss_host = socket_options.get("ssh-gss-host", socket.getfqdn("")) t.set_gss_host(gss_host) #load host keys: PREFIX = "ssh_host_" SUFFIX = "_key" host_keys = {} def add_host_key(fd, f): ff = os.path.join(fd, f) keytype = f[len(PREFIX):-len(SUFFIX)] if not keytype: log.warn("Warning: unknown host key format '%s'", f) return False keyclass = getattr(paramiko, "%sKey" % keytype.upper(), None) if keyclass is None: #Ed25519Key keyclass = getattr( paramiko, "%s%sKey" % (keytype[:1].upper(), keytype[1:]), None) if keyclass is None: log("key type %s is not supported, cannot load '%s'", keytype, ff) return False log("loading %s key from '%s' using %s", keytype, ff, keyclass) try: host_key = keyclass(filename=ff) if host_key not in host_keys: host_keys[host_key] = ff t.add_server_key(host_key) return True except IOError as e: log("cannot add host key '%s'", ff, exc_info=True) except paramiko.SSHException as e: log("error adding host key '%s'", ff, exc_info=True) log.error("Error: cannot add %s host key '%s':", keytype, ff) log.error(" %s", e) return False host_key = socket_options.get("ssh-host-key") if host_key: d, f = os.path.split(host_key) if f.startswith(PREFIX) and f.endswith(SUFFIX): add_host_key(d, f) if not host_keys: log.error("Error: failed to load host key '%s'", host_key) close() return None else: ssh_key_dirs = get_ssh_conf_dirs() log("trying to load ssh host keys from: %s", csv(ssh_key_dirs)) for d in ssh_key_dirs: fd = osexpand(d) log("osexpand(%s)=%s", d, fd) if not os.path.exists(fd) or not os.path.isdir(fd): log("ssh host key directory '%s' is invalid", fd) continue for f in os.listdir(fd): if f.startswith(PREFIX) and f.endswith(SUFFIX): add_host_key(fd, f) if not host_keys: log.error("Error: cannot start SSH server,") log.error(" no readable SSH host keys found in:") log.error(" %s", csv(ssh_key_dirs)) close() return None log("loaded host keys: %s", tuple(host_keys.values())) t.start_server(server=ssh_server) except (paramiko.SSHException, EOFError) as e: log("failed to start ssh server", exc_info=True) log.error("Error handling SSH connection:") log.error(" %s", e) close() return None try: chan = t.accept(SERVER_WAIT) if chan is None: log.warn("Warning: SSH channel setup failed") #prevent errors trying to access this connection, now likely dead: conn.set_active(False) close() return None except paramiko.SSHException as e: log("failed to open ssh channel", exc_info=True) log.error("Error opening channel:") log.error(" %s", e) close() return None log("client authenticated, channel=%s", chan) timedout = not ssh_server.event.wait(SERVER_WAIT) proxy_channel = ssh_server.proxy_channel log("proxy channel=%s, timedout=%s", proxy_channel, timedout) if not ssh_server.event.is_set() or not proxy_channel: if timedout: log.warn("Warning: timeout waiting for xpra SSH subcommand,") log.warn(" closing connection from %s", pretty_socket(conn.target)) close() return None if getattr(proxy_channel, "proxy_process", None): log("proxy channel is handled using a subprocess") return None log("client authenticated, channel=%s", chan) return SSHSocketConnection(proxy_channel, sock, conn.local, conn.endpoint, conn.target, socket_options=socket_options)