diff options
Diffstat (limited to 'kioslave/sftp/ksshprocess.cpp')
-rw-r--r-- | kioslave/sftp/ksshprocess.cpp | 1114 |
1 files changed, 0 insertions, 1114 deletions
diff --git a/kioslave/sftp/ksshprocess.cpp b/kioslave/sftp/ksshprocess.cpp deleted file mode 100644 index 3393f8934..000000000 --- a/kioslave/sftp/ksshprocess.cpp +++ /dev/null @@ -1,1114 +0,0 @@ -/*************************************************************************** - ksshprocess.cpp - description - ------------------- - begin : Tue Jul 31 2001 - copyright : (C) 2001 by Lucas Fisher - email : [email protected] - ***************************************************************************/ - -/*************************************************************************** - * * - * This program is free software; you can redistribute it and/or modify * - * it under the terms of the GNU General Public License as published by * - * the Free Software Foundation; either version 2 of the License, or * - * (at your option) any later version. * - * * - ***************************************************************************/ - -/* - * See the KSshProcess header for examples on use. - * - * This class uses a hacked version of the PTYProcess - * class. This was needed because the tdelibs PTYProcess does not provide - * access to the pty file descriptor which we need, because ssh prints the - * password prompt to the pty and reads the password from the pty. I don't - * feel I know enough about ptys to confidently modify the orignial - * PTYProcess class. - * - * To start ssh we take the arguments the user gave us - * in the SshOptList and build the ssh command arguments based on the version - * of ssh we are using. This command and its arguments are passed to - * PTYProcess for execution. Once ssh is started we scan each line of input - * from stdin, stderr, and the pty for recognizable strings. The recognizable - * strings are taken from several string tables. Each table contains a string - * for each specific version of ssh we support and a string for a generic - * version of OpenSSH and commercial SSH incase we don't recognized the - * specific ssh version strings (as when a new SSH version is released after - * a release of KSshProcess). There are tables for ssh version strings, - * password prompts, new host key errors, different host key errors, - * messages than indicate a successful connect, authentication errors, etc. - * If we find user interaction is necessary, for instance to provide a - * password or passphrase, we return a err code to the user who can send - * a message to KSshProcess, using one of several methods, to correct - * the error. - * - * Determining when the ssh connection has successfully authenticationed has - * proved to be the most difficult challenge. OpenSSH does not print a message - * on successful authentication, thus the only way to know is to send data - * and wait for a return. The problem here is sometimes it can take a bit - * to establish the connection (for example, do to DNS lookups). This means - * the user may be sitting there waiting for a connection that failed. - * Instead, ssh is always started with the verbose flag. Then we look for - * a message that indicates auth succeeded. This is hazardous because - * debug messages are more likely to change between OpenSSH releases. - * Thus, we could become incompatible with new OpenSSH releases. - */ - -#include <config.h> - -#include "ksshprocess.h" - -#include <stdio.h> -#include <errno.h> - -#ifdef HAVE_SYS_TIME_H -#include <sys/time.h> -#endif - -#include <kstandarddirs.h> -#include <klocale.h> -#include <tqregexp.h> - -/* - * The following are tables of string and regexps we match - * against the output of ssh. An entry in each array - * corresponds the the version of ssh found in versionStrs[]. - * - * The version strings must be ordered in the array from most - * specific to least specific in cases where the beginning - * of several version strings are the similar. For example, - * consider the openssh version strings. The generic "OpenSSH" - * must be the last of the openssh version strings in the array - * so that is matched last. We use these generic version strings - * so we can do a best effor to support unknown ssh versions. - */ -TQRegExp KSshProcess::versionStrs[] = { - TQRegExp("OpenSSH_3\\.[6-9]|OpenSSH_[1-9]*[4-9]\\.[0-9]"), - TQRegExp("OpenSSH"), - TQRegExp("SSH Secure Shell") -}; - -const char * const KSshProcess::passwordPrompt[] = { - "password:", // OpenSSH - "password:", // OpenSSH - "password:" // SSH -}; - -const char * const KSshProcess::passphrasePrompt[] = { - "Enter passphrase for key", - "Enter passphrase for key", - "Passphrase for key" -}; - -const char * const KSshProcess::authSuccessMsg[] = { - "Authentication succeeded", - "ssh-userauth2 successful", - "Received SSH_CROSS_AUTHENTICATED packet" -}; - -const char* const KSshProcess::authFailedMsg[] = { - "Permission denied (", - "Permission denied (", - "Authentication failed." -}; - -const char* const KSshProcess::tryAgainMsg[] = { - "please try again", - "please try again", - "adjfhjsdhfdsjfsjdfhuefeufeuefe" -}; - -TQRegExp KSshProcess::hostKeyMissingMsg[] = { - TQRegExp("The authenticity of host|No (DSA|RSA) host key is known for"), - TQRegExp("The authenticity of host|No (DSA|RSA) host key is known for"), - TQRegExp("Host key not found from database") -}; - -const char* const KSshProcess::continuePrompt[] = { - "Are you sure you want to continue connecting (yes/no)?", - "Are you sure you want to continue connecting (yes/no)?", - "Are you sure you want to continue connecting (yes/no)?" -}; - -const char* const KSshProcess::hostKeyChangedMsg[] = { - "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!", - "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!", - "WARNING: HOST IDENTIFICATION HAS CHANGED!" -}; - -TQRegExp KSshProcess::keyFingerprintMsg[] = { - TQRegExp("..(:..){15}"), - TQRegExp("..(:..){15}"), - TQRegExp(".....(-.....){10}") -}; - -TQRegExp KSshProcess::knownHostsFileMsg[] = { - TQRegExp("Add correct host key in (.*) to get rid of this message."), - TQRegExp("Add correct host key in (.*) to get rid of this message."), - TQRegExp("Add correct host key to \"(.*)\"") -}; - - -// This prompt only applies to commerical ssh. -const char* const KSshProcess::changeHostKeyOnDiskPrompt[] = { - "as;jf;sajkfdslkfjas;dfjdsa;fj;dsajfdsajf", - "as;jf;sajkfdslkfjas;dfjdsa;fj;dsajfdsajf", - "Do you want to change the host key on disk (yes/no)?" -}; - -// We need this in addition the authFailedMsg because when -// OpenSSH gets a changed host key it will fail to connect -// depending on the StrictHostKeyChecking option. Depending -// how this option is set, it will print "Permission denied" -// and quit, or print "Host key verification failed." and -// quit. The later if StrictHostKeyChecking is "no". -// The former if StrictHostKeyChecking is -// "yes" or explicitly set to "ask". -TQRegExp KSshProcess::hostKeyVerifyFailedMsg[] = { - TQRegExp("Host key verification failed\\."), - TQRegExp("Host key verification failed\\."), - TQRegExp("Disconnected; key exchange or algorithm? negotiation failed \\(Key exchange failed\\.\\)\\.") -}; - -const char * const KSshProcess::connectionClosedMsg[] = { - "Connection closed by remote host", - "Connection closed by remote host", - "Connection closed by remote host" -}; - - -void KSshProcess::SIGCHLD_handler(int) { - while(waitpid(-1, NULL, WNOHANG) > 0); -} - -void KSshProcess::installSignalHandlers() { - struct sigaction act; - memset(&act,0,sizeof(act)); - act.sa_handler = SIGCHLD_handler; - act.sa_flags = 0 -#ifdef SA_NOCLDSTOP - | SA_NOCLDSTOP -#endif -#ifdef SA_RESTART - | SA_RESTART -#endif - ; - sigaction(SIGCHLD,&act,NULL); -} - -void KSshProcess::removeSignalHandlers() { - struct sigaction act; - memset(&act,0,sizeof(act)); - act.sa_handler = SIG_DFL; - sigaction(SIGCHLD,&act,NULL); -} - -KSshProcess::KSshProcess() - : mVersion(UNKNOWN_VER), mConnected(false), - mRunning(false), mConnectState(0) { - mSshPath = KStandardDirs::findExe(TQString::fromLatin1("ssh")); - kdDebug(KSSHPROC) << "KSshProcess::KSshProcess(): ssh path [" << - mSshPath << "]" << endl; - - installSignalHandlers(); -} - -KSshProcess::KSshProcess(TQString pathToSsh) - : mSshPath(pathToSsh), mVersion(UNKNOWN_VER), mConnected(false), - mRunning(false), mConnectState(0) { - installSignalHandlers(); -} - -KSshProcess::~KSshProcess(){ - disconnect(); - removeSignalHandlers(); - while(waitpid(-1, NULL, WNOHANG) > 0); -} - -bool KSshProcess::setSshPath(TQString pathToSsh) { - mSshPath = pathToSsh; - version(); - if( mVersion == UNKNOWN_VER ) - return false; - - return true; -} - -KSshProcess::SshVersion KSshProcess::version() { - TQString cmd; - cmd = mSshPath+" -V 2>&1"; - - // Get version string from ssh client. - FILE *p; - if( (p = popen(cmd.latin1(), "r")) == NULL ) { - kdDebug(KSSHPROC) << "KSshProcess::version(): " - "failed to start ssh: " << strerror(errno) << endl; - return UNKNOWN_VER; - } - - // Determine of the version from the version string. - size_t len; - char buf[128]; - if( (len = fread(buf, sizeof(char), sizeof(buf)-1, p)) == 0 ) { - kdDebug(KSSHPROC) << "KSshProcess::version(): " - "Read of ssh version string failed " << - strerror(ferror(p)) << endl; - return UNKNOWN_VER; - } - if( pclose(p) == -1 ) { - kdError(KSSHPROC) << "KSshProcess::version(): pclose failed." << endl; - } - buf[len] = '\0'; - TQString ver; - ver = buf; - kdDebug(KSSHPROC) << "KSshProcess::version(): " - "got version string [" << ver << "]" << endl; - - mVersion = UNKNOWN_VER; - for(int i = 0; i < SSH_VER_MAX; i++) { - if( ver.find(versionStrs[i]) != -1 ) { - mVersion = (SshVersion)i; - break; - } - } - - kdDebug(KSSHPROC) << "KSshPRocess::version(): version number = " - << mVersion << endl; - - if( mVersion == UNKNOWN_VER ) { - kdDebug(KSSHPROC) << "KSshProcess::version(): " - "Sorry, I don't know about this version of ssh" << endl; - mError = ERR_UNKNOWN_VERSION; - return UNKNOWN_VER; - } - - return mVersion; -} -/* -TQString KSshProcess::versionStr() { - if( mVersion == UNKNOWN_VER ) { - version(); - if( mVersion == UNKNOWN_VER ) - return TQString::null; - } - - return TQString::fromLatin1(versionStrs[mVersion]); -} -*/ - -bool KSshProcess::setOptions(const SshOptList& opts) { - kdDebug(KSSHPROC) << "KSshProcess::setOptions()" << endl; - mArgs.clear(); - SshOptListConstIterator it; - TQString cmd, subsystem; - mPassword = mUsername = mHost = TQString::null; - TQCString tmp; - for(it = opts.begin(); it != opts.end(); ++it) { - //kdDebug(KSSHPROC) << "opt.opt = " << (*it).opt << endl; - //kdDebug(KSSHPROC) << "opt.str = " << (*it).str << endl; - //kdDebug(KSSHPROC) << "opt.num = " << (*it).num << endl; - switch( (*it).opt ) { - case SSH_VERBOSE: - mArgs.append("-v"); - break; - - case SSH_SUBSYSTEM: - subsystem = (*it).str; - break; - - case SSH_PORT: - mArgs.append("-p"); - tmp.setNum((*it).num); - mArgs.append(tmp); - mPort = (*it).num; - break; - - case SSH_HOST: - mHost = (*it).str; - break; - - case SSH_USERNAME: - mArgs.append("-l"); - mArgs.append((*it).str.latin1()); - mUsername = (*it).str; - break; - - case SSH_PASSWD: - mPassword = (*it).str; - break; - - case SSH_PROTOCOL: - if( mVersion <= OPENSSH ) { - tmp = "Protocol="; - tmp += TQString::number((*it).num).latin1(); - mArgs.append("-o"); - mArgs.append(tmp); - } - else if( mVersion <= SSH ) { - if( (*it).num == 1 ) { - mArgs.append("-1"); - } - // else uses version 2 by default - } - break; - - case SSH_FORWARDX11: - tmp = "ForwardX11="; - tmp += (*it).boolean ? "yes" : "no"; - mArgs.append("-o"); - mArgs.append(tmp); - break; - - case SSH_FORWARDAGENT: - tmp = "ForwardAgent="; - tmp += (*it).boolean ? "yes" : "no"; - mArgs.append("-o"); - mArgs.append(tmp); - break; - - case SSH_ESCAPE_CHAR: - if( (*it).num == -1 ) - tmp = "none"; - else - tmp = (char)((*it).num); - mArgs.append("-e"); - mArgs.append(tmp); - break; - - case SSH_OPTION: - // don't allow NumberOfPasswordPrompts or StrictHostKeyChecking - // since KSshProcess depends on specific setting of these for - // preforming authentication correctly. - tmp = (*it).str.latin1(); - if( tmp.contains("NumberOfPasswordPrompts") || - tmp.contains("StrictHostKeyChecking") ) { - mError = ERR_INVALID_OPT; - return false; - } - else { - mArgs.append("-o"); - mArgs.append(tmp); - } - break; - - case SSH_COMMAND: - cmd = (*it).str; - break; - - default: - kdDebug(KSSHPROC) << "KSshProcess::setOptions(): " - "unrecognized ssh opt " << (*it).opt << endl; - } - } - - if( !subsystem.isEmpty() && !cmd.isEmpty() ) { - kdDebug(KSSHPROC) << "KSshProcess::setOptions(): " - "cannot use a subsystem and command at the same time" << endl; - mError = ERR_CMD_SUBSYS_CONFLICT; - mErrorMsg = i18n("Cannot specify a subsystem and command at the same time."); - return false; - } - - // These options govern the behavior of ssh and - // cannot be defined by the user - //mArgs.append("-o"); - //mArgs.append("StrictHostKeyChecking=ask"); - mArgs.append("-v"); // So we get a message that the - // connection was successful - if( mVersion <= OPENSSH ) { - // nothing - } - else if( mVersion <= SSH ) { - mArgs.append("-o"); // So we can check if the connection was successful - mArgs.append("AuthenticationSuccessMsg=yes"); - } - - if( mHost.isEmpty() ) { - kdDebug(KSSHPROC) << "KSshProcess::setOptions(): " - "a host name must be supplied" << endl; - return false; - } - else { - mArgs.append(mHost.latin1()); - } - - if( !subsystem.isEmpty() ) { - mArgs.append("-s"); - mArgs.append(subsystem.latin1()); - } - - if( !cmd.isEmpty() ) { - mArgs.append(cmd.latin1()); - } - - return true; -} - -void KSshProcess::printArgs() { - TQValueListIterator<TQCString> it; - for( it = mArgs.begin(); it != mArgs.end(); ++it) { - kdDebug(KSSHPROC) << "arg: " << *it << endl; - } -} - - -int KSshProcess::error(TQString& msg) { - kdDebug(KSSHPROC) << "KSshProcess::error()" << endl; - kdDebug() << mErrorMsg << endl; - msg = mErrorMsg; - return mError; -} - -void KSshProcess::kill(int signal) { - int pid = ssh.pid(); - - kdDebug(KSSHPROC) << "KSshProcess::kill(signal:" << signal - << "): ssh pid is " << pid << endl; - kdDebug(KSSHPROC) << "KSshPRocess::kill(): we are " - << (mConnected ? "" : "not ") << "connected" << endl; - kdDebug(KSSHPROC) << "KSshProcess::kill(): we are " - << (mRunning ? "" : "not ") << "running a ssh process" << endl; - - if( mRunning && pid > 1 ) { - // Kill the child process... - if ( ::kill(pid, signal) == 0 ) { - // clean up if we tried to kill the process - if( signal == SIGTERM || signal == SIGKILL ) { - while(waitpid(-1, NULL, WNOHANG) > 0); - mConnected = false; - mRunning = false; - } - } - else - kdDebug(KSSHPROC) << "KSshProcess::kill(): kill failed" << endl; - } - else - kdDebug(KSSHPROC) << "KSshProcess::kill(): " - "Refusing to kill ssh process" << endl; -} - - - -/** - * Try to open an ssh connection. - * SSH prints certain messages to certain file descriptiors: - * passwordPrompt - pty - * passphrasePrompt - pty - * authSuccessMsg - stderr (OpenSSH), - * authFailedMsg - stderr - * hostKeyMissing - stderr - * hostKeyChanged - stderr - * continuePrompt - stderr - * - * We will use a select to wait for a line on each descriptor. Then get - * each line that available and take action based on it. The type - * of messages we are looking for and the action we take on each - * message are: - * passwordPrompt - Return false, set error to ERR_NEED_PASSWD. - * On the next call to connect() we expect a password - * to be available. - * - * passpharsePrompt - Return false, set error to ERR_NEED_PASSPHRASE. - * On the next call to connect() we expect a - * passphrase to be available. - * - * authSuccessMsg - Return true, as we have successfully established a - * ssh connection. - * - * authFailedMsg - Return false, set error to ERR_AUTH_FAILED. We - * were unable to authenticate the connection given - * the available authentication information. - * - * hostKeyMissing - Return false, set error to ERR_NEW_HOST_KEY. Caller - * must call KSshProcess.acceptHostKey(bool) to accept - * or reject the key before calling connect() again. - * - * hostKeyChanged - Return false, set error to ERR_DIFF_HOST_KEY. Caller - * must call KSshProcess.acceptHostKey(bool) to accept - * or reject the key before calling connect() again. - * - * continuePrompt - Send 'yes' or 'no' to accept or reject a key, - * respectively. - * - */ - - -void KSshProcess::acceptHostKey(bool accept) { - kdDebug(KSSHPROC) << "KSshProcess::acceptHostKey(accept:" - << accept << ")" << endl; - mAcceptHostKey = accept; -} - -void KSshProcess::setPassword(TQString password) { - kdDebug(KSSHPROC) << "KSshProcess::setPassword(password:xxxxxxxx)" << endl; - mPassword = password; -} - -TQString KSshProcess::getLine() { - static TQStringList buffer; - TQString line = TQString::null; - TQCString ptyLine, errLine; - - if( buffer.empty() ) { - // PtyProcess buffers lines. First check that there - // isn't something on the PtyProces buffer or that there - // is not data ready to be read from the pty or stderr. - ptyLine = ssh.readLineFromPty(false); - errLine = ssh.readLineFromStderr(false); - - // If PtyProcess did have something for us, get it and - // place it in our line buffer. - if( ! ptyLine.isEmpty() ) { - buffer.prepend(TQString(ptyLine)); - } - - if( ! errLine.isEmpty() ) { - buffer.prepend(TQString(errLine)); - } - - // If we still don't have anything in our buffer so there must - // not be anything on the pty or stderr. Setup a select() - // to wait for some data from SSH. - // Hack around select() failure on newer systems - unsigned long milliseconds = 0; - while ((buffer.size() == 0) && (milliseconds < (60*1000))) { - //kdDebug(KSSHPROC) << "KSshProcess::getLine(): " << - // "Line buffer empty, calling select() to wait for data." << endl; - int errfd = ssh.stderrFd(); - int ptyfd = ssh.fd(); - fd_set rfds; - fd_set efds; - struct timeval tv; - - // find max file descriptor - int maxfd = ptyfd > errfd ? ptyfd : errfd; - - FD_ZERO(&rfds); - FD_SET(ptyfd, &rfds); // Add pty file descriptor - FD_SET(errfd, &rfds); // Add std error file descriptor - - FD_ZERO(&efds); - FD_SET(ptyfd, &efds); - FD_SET(errfd, &efds); - - tv.tv_sec = 60; tv.tv_usec = 0; // 60 second timeout - - // Wait for a message from ssh on stderr or the pty. - int ret = -1; - do - ret = ::select(maxfd+1, &rfds, NULL, &efds, &tv); - while( ret == -1 && errno == EINTR ); - - // Handle any errors from select - if( ret == 0 ) { - kdDebug(KSSHPROC) << "KSshProcess::connect(): " << - "timed out waiting for a response" << endl; - mError = ERR_TIMED_OUT; - return TQString::null; - } - else if( ret == -1 ) { - kdDebug(KSSHPROC) << "KSshProcess::connect(): " - << "select error: " << strerror(errno) << endl; - mError = ERR_INTERNAL; - return TQString::null; - } - - // We are not respecting any type of order in which the - // lines were received. Who knows whether pty or stderr - // had data on it first. - if( FD_ISSET(ptyfd, &rfds) ) { - ptyLine = ssh.readLineFromPty(false); - if (ptyLine.size() > 0) { - buffer.prepend(TQString(ptyLine)); - } - //kdDebug(KSSHPROC) << "KSshProcess::getLine(): " - // "line from pty -" << ptyLine << endl; - } - - if( FD_ISSET(errfd, &rfds) ) { - errLine = ssh.readLineFromStderr(false); - if (errLine.size() > 0) { - buffer.prepend(TQString(errLine)); - } - //kdDebug(KSSHPROC) << "KSshProcess::getLine(): " - // "line from err -" << errLine << endl; - } - - if( FD_ISSET(ptyfd, &efds) ) { - kdDebug(KSSHPROC) << "KSshProcess::getLine(): " - "Exception on pty file descriptor." << endl; - } - - if( FD_ISSET(errfd, &efds) ) { - kdDebug(KSSHPROC) << "KSshProcess::getLine(): " - "Exception on std err file descriptor." << endl; - } - - if (buffer.size() == 0) { - milliseconds++; - usleep(1000); - } - } - } - - // We should have something in our buffer now. - // Return the last line. - //it = buffer.end(); - //line = *it; - //buffer.remove(it); - - line = buffer.last(); - buffer.pop_back(); - - if( line.isNull() && buffer.count() > 0 ) { - line = buffer.last(); - buffer.pop_back(); - } - -// kdDebug(KSSHPROC) << "KSshProcess::getLine(): " << -// buffer.count() << " lines in buffer" << endl; - kdDebug(KSSHPROC) << "KSshProcess::getLine(): " - "ssh: " << line << endl; - - - return line; -} - -// All the different states we could go through while trying to connect. -enum sshConnectState { - STATE_START, STATE_TRY_PASSWD, STATE_WAIT_PROMPT, STATE_NEW_KEY_CONTINUE, - STATE_DIFF_KEY_CONTINUE, STATE_FATAL, STATE_WAIT_CONTINUE_PROMPT, - STATE_SEND_CONTINUE, STATE_AUTH_FAILED, STATE_NEW_KEY_WAIT_CONTINUE, - STATE_DIFF_KEY_WAIT_CONTINUE, STATE_TRY_PASSPHRASE -}; - -// Print the state as a string. Good for debugging -const char* stateStr(int state) { - switch(state) { - case STATE_START: - return "STATE_START"; - case STATE_TRY_PASSWD: - return "STATE_TRY_PASSWD"; - case STATE_WAIT_PROMPT: - return "STATE_WAIT_PROMPT"; - case STATE_NEW_KEY_CONTINUE: - return "STATE_NEW_KEY_CONTINUE"; - case STATE_DIFF_KEY_CONTINUE: - return "STATE_DIFF_KEY_CONTINUE"; - case STATE_FATAL: - return "STATE_FATAL"; - case STATE_WAIT_CONTINUE_PROMPT: - return "STATE_WAIT_CONTINUE_PROMPT"; - case STATE_SEND_CONTINUE: - return "STATE_SEND_CONTINE"; - case STATE_AUTH_FAILED: - return "STATE_AUTH_FAILED"; - case STATE_NEW_KEY_WAIT_CONTINUE: - return "STATE_NEW_KEY_WAIT_CONTINUE"; - case STATE_DIFF_KEY_WAIT_CONTINUE: - return "STATE_DIFF_KEY_WAIT_CONTINUE"; - case STATE_TRY_PASSPHRASE: - return "STATE_TRY_PASSPHRASE"; - } - return "UNKNOWN"; -} - -bool KSshProcess::connect() { - if( mVersion == UNKNOWN_VER ) { - // we don't know the ssh version yet, so find out - version(); - if( mVersion == -1 ) { - return false; - } - } - - // We'll put a limit on the number of state transitions - // to ensure we don't go out of control. - int transitionLimit = 500; - - while(--transitionLimit) { - kdDebug(KSSHPROC) << "KSshProcess::connect(): " - << "Connect state " << stateStr(mConnectState) << endl; - - TQString line; // a line from ssh - TQString msgBuf; // buffer for important messages from ssh - // which are to be returned to the user - - switch(mConnectState) { - // STATE_START: - // Executes the ssh binary with the options provided. If no options - // have been specified, sets error and returns false. Continue to - // state 1 if execution is successful, otherwise set error and - // return false. - case STATE_START: - // reset some key values to safe values - mAcceptHostKey = false; - mKeyFingerprint = TQString::null; - mKnownHostsFile = TQString::null; - - if( mArgs.isEmpty() ) { - kdDebug(KSSHPROC) << "KSshProcess::connect(): ssh options " - "need to be set first using setArgs()" << endl; - mError = ERR_NO_OPTIONS; - mErrorMsg = i18n("No options provided for ssh execution."); - return false; - } - - if( ssh.exec(mSshPath.latin1(), mArgs) ) { - kdDebug(KSSHPROC) << - "KSshProcess::connect(): ssh exec failed" << endl; - mError = ERR_CANNOT_LAUNCH; - mErrorMsg = i18n("Failed to execute ssh process."); - return false; - } - - kdDebug(KSSHPROC) << "KSshPRocess::connect(): ssh pid = " << ssh.pid() << endl; - - // set flag to indicate what have started a ssh process - mRunning = true; - mConnectState = STATE_WAIT_PROMPT; - break; - - // STATE_WAIT_PROMPT: - // Get a line of input from the ssh process. Check the contents - // of the line to determine the next state. Ignore the line - // if we don't recognize its contents. If the line contains - // the continue prompt, we have an error since we should never - // get that line in this state. Set ERR_INVALID_STATE error - // and return false. - case STATE_WAIT_PROMPT: - line = getLine(); - if( line.isNull() ) { - kdDebug(KSSHPROC) << "KSshProcess::connect(): " - "Got null line in STATE_WAIT_PROMPT." << endl; - mError = ERR_INTERACT; - mErrorMsg = - i18n("Error encountered while talking to ssh."); - mConnectState = STATE_FATAL; - } - else if( line.find(TQString::fromLatin1(passwordPrompt[mVersion]), 0, false) != -1 ) { - mConnectState = STATE_TRY_PASSWD; - } - else if( line.find(passphrasePrompt[mVersion]) != -1 ) { - mConnectState = STATE_TRY_PASSPHRASE; - } - else if( line.find(authSuccessMsg[mVersion]) != -1 ) { - return true; - } - else if( line.find(authFailedMsg[mVersion]) != -1 - && line.find(tryAgainMsg[mVersion]) == -1 ) { - mConnectState = STATE_AUTH_FAILED; - } - else if( line.find(hostKeyMissingMsg[mVersion]) != -1 ) { - mConnectState = STATE_NEW_KEY_WAIT_CONTINUE; - } - else if( line.find(hostKeyChangedMsg[mVersion]) != -1 ) { - mConnectState = STATE_DIFF_KEY_WAIT_CONTINUE; - } - else if( line.find(continuePrompt[mVersion]) != -1 ) { - //mConnectState = STATE_SEND_CONTINUE; - kdDebug(KSSHPROC) << "KSshProcess:connect(): " - "Got continue prompt where we shouldn't (STATE_WAIT_PROMPT)" - << endl; - mError = ERR_INTERACT; - mErrorMsg = - i18n("Error encountered while talking to ssh."); - } - else if( line.find(connectionClosedMsg[mVersion]) != -1 ) { - mConnectState = STATE_FATAL; - mError = ERR_CLOSED_BY_REMOTE_HOST; - mErrorMsg = i18n("Connection closed by remote host."); - } - else if( line.find(changeHostKeyOnDiskPrompt[mVersion]) != -1 ) { - // always say yes to this. It always comes after commerical ssh - // prints a "continue to connect prompt". We assume that if the - // user choose to continue, then they also want to save the - // host key to disk. - ssh.writeLine("yes"); - } - else { - // ignore line - } - break; - - // STATE_TRY_PASSWD: - // If we have password send it to the ssh process, else - // set error ERR_NEED_PASSWD and return false to the caller. - // The caller then must then call KSshProcess::setPassword(TQString) - // before calling KSshProcess::connect() again. - // - // Almost exactly liek STATE_TRY_PASSPHRASE. Check there if you - // make changes here. - case STATE_TRY_PASSWD: - // We have a password prompt waiting for us to supply - // a password. Send that password to ssh. If the caller - // did not supply a password like we asked, then ask - // again. - if( !mPassword.isEmpty() ) { -// ssh.WaitSlave(); - ssh.writeLine(mPassword.latin1()); - - // Overwrite the password so it isn't in memory. - mPassword.fill(TQChar('X')); - - // Set the password to null so we will request another - // password if this one fails. - mPassword = TQString::null; - - mConnectState = STATE_WAIT_PROMPT; - } - else { - kdDebug(KSSHPROC) << "KSshProcess::connect() " - "Need password from caller." << endl; - // The caller needs to supply a password before - // connecting can continue. - mError = ERR_NEED_PASSWD; - mErrorMsg = i18n("Please supply a password."); - mConnectState = STATE_TRY_PASSWD; - return false; - } - break; - - // STATE_TRY_KEY_PASSPHRASE: - // If we have passphrase send it to the ssh process, else - // set error ERR_NEED_PASSPHRASE and return false to the caller. - // The caller then must then call KSshProcess::setPassword(TQString) - // before calling KSshProcess::connect() again. - // - // Almost exactly like STATE_TRY_PASSWD. The only difference is - // the error we set if we don't have a passphrase. We duplicate - // this code to keep in the spirit of the state machine. - case STATE_TRY_PASSPHRASE: - // We have a passphrase prompt waiting for us to supply - // a passphrase. Send that passphrase to ssh. If the caller - // did not supply a passphrase like we asked, then ask - // again. - if( !mPassword.isEmpty() ) { -// ssh.WaitSlave(); - ssh.writeLine(mPassword.latin1()); - - // Overwrite the password so it isn't in memory. - mPassword.fill(TQChar('X')); - - // Set the password to null so we will request another - // password if this one fails. - mPassword = TQString::null; - - mConnectState = STATE_WAIT_PROMPT; - } - else { - kdDebug(KSSHPROC) << "KSshProcess::connect() " - "Need passphrase from caller." << endl; - // The caller needs to supply a passphrase before - // connecting can continue. - mError = ERR_NEED_PASSPHRASE; - mErrorMsg = i18n("Please supply the passphrase for " - "your SSH private key."); - mConnectState = STATE_TRY_PASSPHRASE; - return false; - } - break; - - // STATE_AUTH_FAILED: - // Authentication has failed. Tell the caller by setting the - // ERR_AUTH_FAILED error and returning false. If - // auth has failed then ssh should have exited, but - // we will kill it to make sure. - case STATE_AUTH_FAILED: - mError = ERR_AUTH_FAILED; - mErrorMsg = i18n("Authentication to %1 failed").arg(mHost); - mConnectState = STATE_FATAL; - break; - - // STATE_NEW_KEY_WAIT_CONTINUE: - // Grab lines from ssh until we get a continue prompt or a auth - // denied. We will get the later if StrictHostKeyChecking is set - // to yes. Go to STATE_NEW_KEY_CONTINUE if we get a continue prompt. - case STATE_NEW_KEY_WAIT_CONTINUE: - line = getLine(); - if( line.isNull() ) { - kdDebug(KSSHPROC) << "KSshProcess::connect(): " - "Got null line in STATE_NEW_KEY_WAIT_CONTINUE." << endl; - mError = ERR_INTERACT; - mErrorMsg = - i18n("Error encountered while talking to ssh."); - mConnectState = STATE_FATAL; - } - else if( (line.find(authFailedMsg[mVersion]) != -1 - && line.find(tryAgainMsg[mVersion]) == -1) - || line.find(hostKeyVerifyFailedMsg[mVersion]) != -1 ) { - mError = ERR_AUTH_FAILED_NEW_KEY; - mErrorMsg = i18n( - "The identity of the remote host '%1' could not be verified " - "because the host's key is not in the \"known hosts\" file." - ).arg(mHost); - - if( mKnownHostsFile.isEmpty() ) { - mErrorMsg += i18n( - " Manually, add the host's key to the \"known hosts\" " - "file or contact your administrator." - ); - } - else { - mErrorMsg += i18n( - " Manually, add the host's key to %1 " - "or contact your administrator." - ).arg(mKnownHostsFile); - } - - mConnectState = STATE_FATAL; - } - else if( line.find(continuePrompt[mVersion]) != -1 ) { - mConnectState = STATE_NEW_KEY_CONTINUE; - } - else if( line.find(connectionClosedMsg[mVersion]) != -1 ) { - mConnectState = STATE_FATAL; - mError = ERR_CLOSED_BY_REMOTE_HOST; - mErrorMsg = i18n("Connection closed by remote host."); - } - else if( line.find(keyFingerprintMsg[mVersion]) != -1 ) { - mKeyFingerprint = keyFingerprintMsg[mVersion].cap(); - kdDebug(KSSHPROC) << "Found key fingerprint: " << mKeyFingerprint << endl; - mConnectState = STATE_NEW_KEY_WAIT_CONTINUE; - } - else { - // ignore line - } - break; - - - // STATE_NEW_KEY_CONTINUE: - // We got a continue prompt for the new key message. Set the error - // message to reflect this, return false and hope for caller response. - case STATE_NEW_KEY_CONTINUE: - mError = ERR_NEW_HOST_KEY; - mErrorMsg = i18n( - "The identity of the remote host '%1' could not be " - "verified. The host's key fingerprint is:\n%2\nYou should " - "verify the fingerprint with the host's administrator before " - "connecting.\n\n" - "Would you like to accept the host's key and connect anyway? " - ).arg(mHost).arg(mKeyFingerprint); - mConnectState = STATE_SEND_CONTINUE; - return false; - - // STATE_DIFF_KEY_WAIT_CONTINUE: - // Grab lines from ssh until we get a continue prompt or a auth - // denied. We will get the later if StrictHostKeyChecking is set - // to yes. Go to STATE_DIFF_KEY_CONTINUE if we get a continue prompt. - case STATE_DIFF_KEY_WAIT_CONTINUE: - line = getLine(); - if( line.isNull() ) { - kdDebug(KSSHPROC) << "KSshProcess::connect(): " - "Got null line in STATE_DIFF_KEY_WAIT_CONTINUE." << endl; - mError = ERR_INTERACT; - mErrorMsg = - i18n("Error encountered while talking to ssh."); - mConnectState = STATE_FATAL; - } - else if( (line.find(authFailedMsg[mVersion]) != -1 - && line.find(tryAgainMsg[mVersion]) == -1) - || line.find(hostKeyVerifyFailedMsg[mVersion]) != -1 ) { - mError = ERR_AUTH_FAILED_DIFF_KEY; - mErrorMsg = i18n( - "WARNING: The identity of the remote host '%1' has changed!\n\n" - "Someone could be eavesdropping on your connection, or the " - "administrator may have just changed the host's key. " - "Either way, you should verify the host's key fingerprint with the host's " - "administrator. The key fingerprint is:\n%2\n" - "Add the correct host key to \"%3\" to " - "get rid of this message." - ).arg(mHost).arg(mKeyFingerprint).arg(mKnownHostsFile); - mConnectState = STATE_FATAL; - } - else if( line.find(continuePrompt[mVersion]) != -1 ) { - mConnectState = STATE_DIFF_KEY_CONTINUE; - } - else if( line.find(keyFingerprintMsg[mVersion]) != -1 ) { - mKeyFingerprint = keyFingerprintMsg[mVersion].cap(); - kdDebug(KSSHPROC) << "Found key fingerprint: " << mKeyFingerprint << endl; - mConnectState = STATE_DIFF_KEY_WAIT_CONTINUE; - } - else if( line.find(knownHostsFileMsg[mVersion]) != -1 ) { - mKnownHostsFile = (knownHostsFileMsg[mVersion]).cap(1); - kdDebug(KSSHPROC) << "Found known hosts file name: " << mKnownHostsFile << endl; - mConnectState = STATE_DIFF_KEY_WAIT_CONTINUE; - } - else { - // ignore line - } - break; - - // STATE_DIFF_KEY_CONTINUE: - // We got a continue prompt for the different key message. - // Set ERR_DIFF_HOST_KEY error - // and return false to signal need to caller action. - case STATE_DIFF_KEY_CONTINUE: - mError = ERR_DIFF_HOST_KEY; - mErrorMsg = i18n( - "WARNING: The identity of the remote host '%1' has changed!\n\n" - "Someone could be eavesdropping on your connection, or the " - "administrator may have just changed the host's key. " - "Either way, you should verify the host's key fingerprint with the host's " - "administrator before connecting. The key fingerprint is:\n%2\n\n" - "Would you like to accept the host's new key and connect anyway?" - ).arg(mHost).arg(mKeyFingerprint); - mConnectState = STATE_SEND_CONTINUE; - return false; - - // STATE_SEND_CONTINUE: - // We found a continue prompt. Send our answer. - case STATE_SEND_CONTINUE: - if( mAcceptHostKey ) { - kdDebug(KSSHPROC) << "KSshProcess::connect(): " - "host key accepted" << endl; - ssh.writeLine("yes"); - mConnectState = STATE_WAIT_PROMPT; - } - else { - kdDebug(KSSHPROC) << "KSshProcess::connect(): " - "host key rejected" << endl; - ssh.writeLine("no"); - mError = ERR_HOST_KEY_REJECTED; - mErrorMsg = i18n("Host key was rejected."); - mConnectState = STATE_FATAL; - } - break; - - // STATE_FATAL: - // Something bad happened that we cannot recover from. - // Kill the ssh process and set flags to show we have - // ended the connection and killed ssh. - // - // mError and mErrorMsg should be set by the immediately - // previous state. - case STATE_FATAL: - kill(); - mConnected = false; - mRunning = false; - mConnectState = STATE_START; - // mError, mErroMsg set by last state - return false; - - default: - kdDebug(KSSHPROC) << "KSshProcess::connect(): " - "Invalid state number - " << mConnectState << endl; - mError = ERR_INVALID_STATE; - mConnectState = STATE_FATAL; - } - } - - // we should never get here - kdDebug(KSSHPROC) << "KSshProcess::connect(): " << - "After switch(). We shouldn't be here." << endl; - mError = ERR_INTERNAL; - return false; -} - -void KSshProcess::disconnect() { - kill(); - mConnected = false; - mRunning = false; - mConnectState = STATE_START; -} - |