def _new_connection(self, listener, *args):
if self._closing:
netlog.warn("ignoring new connection during shutdown")
return False
socktype = self.socket_types.get(listener)
assert socktype, "cannot find socket type for %s" % listener
try:
sock, address = listener.accept()
except socket.error as e:
netlog.error("Error: cannot accept new connection:")
netlog.error(" %s", e)
return True
if len(self._potential_protocols)>=self._max_connections:
netlog.error("too many connections (%s), ignoring new one", len(self._potential_protocols))
sock.close()
return True
try:
peername = sock.getpeername()
except:
peername = str(address)
sockname = sock.getsockname()
target = peername or sockname
sock.settimeout(self._socket_timeout)
netlog("new_connection(%s) sock=%s, timeout=%s, sockname=%s, address=%s, peername=%s", args, sock, self._socket_timeout, sockname, address, peername)
conn = SocketConnection(sock, sockname, address, target, socktype)
netlog("socket connection: %s", conn)
frominfo = ""
if peername:
frominfo = " from %s" % pretty_socket(peername)
elif socktype=="unix-domain":
frominfo = " on %s" % sockname
return self.make_protocol(socktype, conn, frominfo)
def _new_connection(self, listener, *args):
if self._closing:
netlog.warn("ignoring new connection during shutdown")
return False
socktype = self.socket_types.get(listener)
assert socktype, "cannot find socket type for %s" % listener
try:
sock, address = listener.accept()
except socket.error as e:
netlog.error("Error: cannot accept new connection:")
netlog.error(" %s", e)
return True
if len(self._potential_protocols) >= self._max_connections:
netlog.error("too many connections (%s), ignoring new one",
len(self._potential_protocols))
sock.close()
return True
try:
peername = sock.getpeername()
except:
peername = str(address)
sockname = sock.getsockname()
target = peername or sockname
sock.settimeout(self._socket_timeout)
netlog(
"new_connection(%s) sock=%s, timeout=%s, sockname=%s, address=%s, peername=%s",
args, sock, self._socket_timeout, sockname, address, peername)
conn = SocketConnection(sock, sockname, address, target, socktype)
netlog("socket connection: %s", conn)
frominfo = ""
if peername:
frominfo = " from %s" % pretty_socket(peername)
elif socktype == "unix-domain":
frominfo = " on %s" % sockname
return self.make_protocol(socktype, conn, frominfo)
def _new_connection(self, listener, *args):
if self._closing:
netlog.warn("ignoring new connection during shutdown")
return False
socktype = self.socket_types.get(listener)
assert socktype, "cannot find socket type for %s" % listener
sock, address = listener.accept()
if len(self._potential_protocols) >= self._max_connections:
netlog.error("too many connections (%s), ignoring new one",
len(self._potential_protocols))
sock.close()
return True
try:
peername = sock.getpeername()
except:
peername = str(address)
sockname = sock.getsockname()
target = peername or sockname
sock.settimeout(self._socket_timeout)
netlog(
"new_connection(%s) sock=%s, timeout=%s, sockname=%s, address=%s, peername=%s",
args, sock, self._socket_timeout, sockname, address, peername)
sc = SocketConnection(sock, sockname, address, target, socktype)
netlog("socket connection: %s", sc)
frominfo = ""
if peername:
frominfo = " from %s" % pretty_socket(peername)
elif socktype == "unix-domain":
frominfo = " on %s" % sockname
netlog.info("New %s connection received%s", socktype, frominfo)
protocol = Protocol(self, sc, self.process_packet)
self._potential_protocols.append(protocol)
protocol.large_packets.append("info-response")
protocol.challenge_sent = False
protocol.authenticator = None
if socktype == "tcp":
protocol.auth_class = self.tcp_auth_class
protocol.encryption = self.tcp_encryption
protocol.keyfile = self.tcp_encryption_keyfile
else:
protocol.auth_class = self.auth_class
protocol.encryption = self.encryption
protocol.keyfile = self.encryption_keyfile
protocol.socket_type = socktype
protocol.invalid_header = self.invalid_header
protocol.receive_aliases.update(self._aliases)
authlog("socktype=%s, auth class=%s, encryption=%s, keyfile=%s",
socktype, protocol.auth_class, protocol.encryption,
protocol.keyfile)
if protocol.encryption and ENCRYPT_FIRST_PACKET:
password = self.get_encryption_key(None, protocol.keyfile)
protocol.set_cipher_in(protocol.encryption, DEFAULT_IV, password,
DEFAULT_SALT, DEFAULT_ITERATIONS,
INITIAL_PADDING)
protocol.start()
self.timeout_add(SOCKET_TIMEOUT * 1000,
self.verify_connection_accepted, protocol)
return True
def get_challenge_prompt(self):
text = "Please enter the password"
try:
from xpra.net.bytestreams import pretty_socket
conn = self._protocol._conn
text += " for %s server %s" % (conn.socktype, pretty_socket(conn.remote))
except:
pass
return text
def get_challenge_prompt(self, prompt="password"):
text = "Please enter the %s" % (prompt, )
try:
from xpra.net.bytestreams import pretty_socket
conn = self._protocol._conn
text += " for user '%s',\n connecting to %s server %s" % (
self.username, conn.socktype, pretty_socket(conn.remote))
except:
pass
return text
def _new_connection(self, listener, *args):
if self._closing:
netlog.warn("ignoring new connection during shutdown")
return False
socktype = self.socket_types.get(listener)
assert socktype, "cannot find socket type for %s" % listener
sock, address = listener.accept()
if len(self._potential_protocols)>=self._max_connections:
netlog.error("too many connections (%s), ignoring new one", len(self._potential_protocols))
sock.close()
return True
try:
peername = sock.getpeername()
except:
peername = str(address)
sockname = sock.getsockname()
target = peername or sockname
sock.settimeout(self._socket_timeout)
netlog("new_connection(%s) sock=%s, timeout=%s, sockname=%s, address=%s, peername=%s", args, sock, self._socket_timeout, sockname, address, peername)
sc = SocketConnection(sock, sockname, address, target, socktype)
netlog("socket connection: %s", sc)
frominfo = ""
if peername:
frominfo = " from %s" % pretty_socket(peername)
elif socktype=="unix-domain":
frominfo = " on %s" % sockname
netlog.info("New %s connection received%s", socktype, frominfo)
protocol = Protocol(self, sc, self.process_packet)
self._potential_protocols.append(protocol)
protocol.large_packets.append("info-response")
protocol.challenge_sent = False
protocol.authenticator = None
if socktype=="tcp":
protocol.auth_class = self.tcp_auth_class
protocol.encryption = self.tcp_encryption
protocol.keyfile = self.tcp_encryption_keyfile
else:
protocol.auth_class = self.auth_class
protocol.encryption = self.encryption
protocol.keyfile = self.encryption_keyfile
protocol.socket_type = socktype
protocol.invalid_header = self.invalid_header
protocol.receive_aliases.update(self._aliases)
authlog("socktype=%s, auth class=%s, encryption=%s, keyfile=%s", socktype, protocol.auth_class, protocol.encryption, protocol.keyfile)
if protocol.encryption and ENCRYPT_FIRST_PACKET:
password = self.get_encryption_key(None, protocol.keyfile)
protocol.set_cipher_in(protocol.encryption, DEFAULT_IV, password, DEFAULT_SALT, DEFAULT_ITERATIONS, INITIAL_PADDING)
protocol.start()
self.timeout_add(SOCKET_TIMEOUT*1000, self.verify_connection_accepted, protocol)
return True
def get_tray_title(self) -> list:
t = []
if self.session_name or self.server_session_name:
t.append(self.session_name or self.server_session_name)
p = self._protocol
if p:
conn = getattr(p, "_conn", None)
if conn:
from xpra.net.bytestreams import pretty_socket
cinfo = conn.get_info()
endpoint = pretty_socket(cinfo.get("endpoint",
conn.target)).split("?")[0]
t.append(endpoint)
if not t:
t.insert(0, "Xpra")
v = "\n".join(str(x) for x in t)
log("get_tray_title()=%r (items=%s)", v,
tuple(bytestostr(x) for x in t))
return v
def cleanup_sd_listen_socket():
log.info("closing sd listen socket %s", pretty_socket(addr))
try:
sock.close()
except OSError:
pass
def make_ssh_server_connection(conn, password_auth=None):
log("make_ssh_server_connection(%s)", conn)
ssh_server = SSHServer(password_auth=password_auth)
DoGSSAPIKeyExchange = False
t = None
def close():
if t:
log("close() closing %s", t)
try:
t.close()
except Exception:
log("%s.close()", t, exc_info=True)
log("close() closing %s", conn)
try:
conn.close()
except Exception:
log("%s.close()", conn)
ssh_key_dirs = get_ssh_conf_dirs()
log("ssh key dirs=%s", ssh_key_dirs)
try:
t = paramiko.Transport(conn._socket, gss_kex=DoGSSAPIKeyExchange)
t.set_gss_host(socket.getfqdn(""))
host_keys = {}
log("trying to load ssh host keys from: %s", csv(ssh_key_dirs))
for d in ssh_key_dirs:
fd = osexpand(d)
log("osexpand(%s)=%s", d, fd)
if not os.path.exists(fd) or not os.path.isdir(fd):
log("ssh host key directory '%s' is invalid", fd)
continue
for f in os.listdir(fd):
PREFIX = "ssh_host_"
SUFFIX = "_key"
if f.startswith(PREFIX) and f.endswith(SUFFIX):
ff = os.path.join(fd, f)
keytype = f[len(PREFIX):-len(SUFFIX)]
if keytype:
keyclass = getattr(paramiko, "%sKey" % keytype.upper(),
None)
if keyclass is None:
#Ed25519Key
keyclass = getattr(
paramiko,
"%s%sKey" % (keytype[:1].upper(), keytype[1:]),
None)
if keyclass is None:
log(
"key type %s is not supported, cannot load '%s'",
keytype, ff)
continue
log("loading %s key from '%s' using %s", keytype, ff,
keyclass)
try:
host_key = keyclass(filename=ff)
if host_key not in host_keys:
host_keys[host_key] = ff
t.add_server_key(host_key)
except IOError as e:
log("cannot add host key '%s'", ff, exc_info=True)
except paramiko.SSHException as e:
log("error adding host key '%s'",
ff,
exc_info=True)
log.error("Error: cannot add %s host key '%s':",
keytype, ff)
log.error(" %s", e)
if not host_keys:
log.error("Error: cannot start SSH server,")
log.error(" no readable SSH host keys found in:")
log.error(" %s", csv(ssh_key_dirs))
close()
return None
log("loaded host keys: %s", tuple(host_keys.values()))
t.start_server(server=ssh_server)
except (paramiko.SSHException, EOFError) as e:
log("failed to start ssh server", exc_info=True)
log.error("Error handling SSH connection:")
log.error(" %s", e)
close()
return None
try:
chan = t.accept(SERVER_WAIT)
if chan is None:
log.warn("Warning: SSH channel setup failed")
#prevent errors trying to access this connection, now likely dead:
conn.set_active(False)
close()
return None
except paramiko.SSHException as e:
log("failed to open ssh channel", exc_info=True)
log.error("Error opening channel:")
log.error(" %s", e)
close()
return None
log("client authenticated, channel=%s", chan)
ssh_server.event.wait(SERVER_WAIT)
log("proxy channel=%s", ssh_server.proxy_channel)
if not ssh_server.event.is_set() or not ssh_server.proxy_channel:
from xpra.net.bytestreams import pretty_socket
log.warn("Warning: timeout waiting for xpra SSH subcommand,")
log.warn(" closing connection from %s", pretty_socket(conn.target))
close()
return None
#log("client authenticated, channel=%s", chan)
return SSHSocketConnection(ssh_server.proxy_channel,
conn._socket,
target="ssh client")
def make_ssh_server_connection(conn,
socket_options,
none_auth=False,
password_auth=None):
log("make_ssh_server_connection%s",
(conn, socket_options, none_auth, password_auth))
ssh_server = SSHServer(none_auth=none_auth,
password_auth=password_auth,
options=socket_options)
DoGSSAPIKeyExchange = parse_bool(
"ssh-gss-key-exchange",
socket_options.get("ssh-gss-key-exchange", False), False)
sock = conn._socket
t = None
def close():
if t:
log("close() closing %s", t)
try:
t.close()
except Exception:
log("%s.close()", t, exc_info=True)
log("close() closing %s", conn)
try:
conn.close()
except Exception:
log("%s.close()", conn)
try:
t = paramiko.Transport(sock, gss_kex=DoGSSAPIKeyExchange)
gss_host = socket_options.get("ssh-gss-host", socket.getfqdn(""))
t.set_gss_host(gss_host)
#load host keys:
PREFIX = "ssh_host_"
SUFFIX = "_key"
host_keys = {}
def add_host_key(fd, f):
ff = os.path.join(fd, f)
keytype = f[len(PREFIX):-len(SUFFIX)]
if not keytype:
log.warn("Warning: unknown host key format '%s'", f)
return False
keyclass = getattr(paramiko, "%sKey" % keytype.upper(), None)
if keyclass is None:
#Ed25519Key
keyclass = getattr(
paramiko, "%s%sKey" % (keytype[:1].upper(), keytype[1:]),
None)
if keyclass is None:
log("key type %s is not supported, cannot load '%s'", keytype,
ff)
return False
log("loading %s key from '%s' using %s", keytype, ff, keyclass)
try:
host_key = keyclass(filename=ff)
if host_key not in host_keys:
host_keys[host_key] = ff
t.add_server_key(host_key)
return True
except IOError as e:
log("cannot add host key '%s'", ff, exc_info=True)
except paramiko.SSHException as e:
log("error adding host key '%s'", ff, exc_info=True)
log.error("Error: cannot add %s host key '%s':", keytype, ff)
log.error(" %s", e)
return False
host_key = socket_options.get("ssh-host-key")
if host_key:
d, f = os.path.split(host_key)
if f.startswith(PREFIX) and f.endswith(SUFFIX):
add_host_key(d, f)
if not host_keys:
log.error("Error: failed to load host key '%s'", host_key)
close()
return None
else:
ssh_key_dirs = get_ssh_conf_dirs()
log("trying to load ssh host keys from: %s", csv(ssh_key_dirs))
for d in ssh_key_dirs:
fd = osexpand(d)
log("osexpand(%s)=%s", d, fd)
if not os.path.exists(fd) or not os.path.isdir(fd):
log("ssh host key directory '%s' is invalid", fd)
continue
for f in os.listdir(fd):
if f.startswith(PREFIX) and f.endswith(SUFFIX):
add_host_key(fd, f)
if not host_keys:
log.error("Error: cannot start SSH server,")
log.error(" no readable SSH host keys found in:")
log.error(" %s", csv(ssh_key_dirs))
close()
return None
log("loaded host keys: %s", tuple(host_keys.values()))
t.start_server(server=ssh_server)
except (paramiko.SSHException, EOFError) as e:
log("failed to start ssh server", exc_info=True)
log.error("Error handling SSH connection:")
log.error(" %s", e)
close()
return None
try:
chan = t.accept(SERVER_WAIT)
if chan is None:
log.warn("Warning: SSH channel setup failed")
#prevent errors trying to access this connection, now likely dead:
conn.set_active(False)
close()
return None
except paramiko.SSHException as e:
log("failed to open ssh channel", exc_info=True)
log.error("Error opening channel:")
log.error(" %s", e)
close()
return None
log("client authenticated, channel=%s", chan)
timedout = not ssh_server.event.wait(SERVER_WAIT)
proxy_channel = ssh_server.proxy_channel
log("proxy channel=%s, timedout=%s", proxy_channel, timedout)
if not ssh_server.event.is_set() or not proxy_channel:
if timedout:
log.warn("Warning: timeout waiting for xpra SSH subcommand,")
log.warn(" closing connection from %s", pretty_socket(conn.target))
close()
return None
if getattr(proxy_channel, "proxy_process", None):
log("proxy channel is handled using a subprocess")
return None
log("client authenticated, channel=%s", chan)
return SSHSocketConnection(proxy_channel,
sock,
conn.local,
conn.endpoint,
conn.target,
socket_options=socket_options)
