CCOM4030
/
artesanias
Watch 5
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Repositorio del curso CCOM4030 el semestre B91 del proyecto Artesanías con el Instituto de Cultura
8 Commits
9 Branches
Branch: Sprint1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'Sprint1'
${ noResults }
artesanias/node_modules/ssh2/lib/client.js

client.js 47KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571 
  1. var crypto = require('crypto');

  2. var Socket = require('net').Socket;

  3. var dnsLookup = require('dns').lookup;

  4. var EventEmitter = require('events').EventEmitter;

  5. var inherits = require('util').inherits;

  6. var HASHES = crypto.getHashes();

  7. 

  8. var ssh2_streams = require('ssh2-streams');

  9. var SSH2Stream = ssh2_streams.SSH2Stream;

  10. var SFTPStream = ssh2_streams.SFTPStream;

  11. var consts = ssh2_streams.constants;

  12. var BUGS = consts.BUGS;

  13. var ALGORITHMS = consts.ALGORITHMS;

  14. var EDDSA_SUPPORTED = consts.EDDSA_SUPPORTED;

  15. var parseKey = ssh2_streams.utils.parseKey;

  16. 

  17. var HTTPAgents = require('./http-agents');

  18. var Channel = require('./Channel');

  19. var agentQuery = require('./agent');

  20. var SFTPWrapper = require('./SFTPWrapper');

  21. var readUInt32BE = require('./buffer-helpers').readUInt32BE;

  22. 

  23. var MAX_CHANNEL = Math.pow(2, 32) - 1;

  24. var RE_OPENSSH = /^OpenSSH_(?:(?![0-4])\d)|(?:\d{2,})/;

  25. var DEBUG_NOOP = function(msg) {};

  26. 

  27. function Client() {

  28.   if (!(this instanceof Client))

  29.     return new Client();

  30. 

  31.   EventEmitter.call(this);

  32. 

  33.   this.config = {

  34.     host: undefined,

  35.     port: undefined,

  36.     localAddress: undefined,

  37.     localPort: undefined,

  38.     forceIPv4: undefined,

  39.     forceIPv6: undefined,

  40.     keepaliveCountMax: undefined,

  41.     keepaliveInterval: undefined,

  42.     readyTimeout: undefined,

  43. 

  44.     username: undefined,

  45.     password: undefined,

  46.     privateKey: undefined,

  47.     tryKeyboard: undefined,

  48.     agent: undefined,

  49.     allowAgentFwd: undefined,

  50.     authHandler: undefined,

  51. 

  52.     hostHashAlgo: undefined,

  53.     hostHashCb: undefined,

  54.     strictVendor: undefined,

  55.     debug: undefined

  56.   };

  57. 

  58.   this._readyTimeout = undefined;

  59.   this._channels = undefined;

  60.   this._callbacks = undefined;

  61.   this._forwarding = undefined;

  62.   this._forwardingUnix = undefined;

  63.   this._acceptX11 = undefined;

  64.   this._agentFwdEnabled = undefined;

  65.   this._curChan = undefined;

  66.   this._remoteVer = undefined;

  67. 

  68.   this._sshstream = undefined;

  69.   this._sock = undefined;

  70.   this._resetKA = undefined;

  71. }

  72. inherits(Client, EventEmitter);

  73. 

  74. Client.prototype.connect = function(cfg) {

  75.   var self = this;

  76. 

  77.   if (this._sock && this._sock.writable) {

  78.     this.once('close', function() {

  79.       self.connect(cfg);

  80.     });

  81.     this.end();

  82.     return;

  83.   }

  84. 

  85.   this.config.host = cfg.hostname || cfg.host || 'localhost';

  86.   this.config.port = cfg.port || 22;

  87.   this.config.localAddress = (typeof cfg.localAddress === 'string'

  88.                               ? cfg.localAddress

  89.                               : undefined);

  90.   this.config.localPort = (typeof cfg.localPort === 'string'

  91.                            || typeof cfg.localPort === 'number'

  92.                            ? cfg.localPort

  93.                            : undefined);

  94.   this.config.forceIPv4 = cfg.forceIPv4 || false;

  95.   this.config.forceIPv6 = cfg.forceIPv6 || false;

  96.   this.config.keepaliveCountMax = (typeof cfg.keepaliveCountMax === 'number'

  97.                                    && cfg.keepaliveCountMax >= 0

  98.                                    ? cfg.keepaliveCountMax

  99.                                    : 3);

  100.   this.config.keepaliveInterval = (typeof cfg.keepaliveInterval === 'number'

  101.                                    && cfg.keepaliveInterval > 0

  102.                                    ? cfg.keepaliveInterval

  103.                                    : 0);

  104.   this.config.readyTimeout = (typeof cfg.readyTimeout === 'number'

  105.                               && cfg.readyTimeout >= 0

  106.                               ? cfg.readyTimeout

  107.                               : 20000);

  108. 

  109.   var algorithms = {

  110.     kex: undefined,

  111.     kexBuf: undefined,

  112.     cipher: undefined,

  113.     cipherBuf: undefined,

  114.     serverHostKey: undefined,

  115.     serverHostKeyBuf: undefined,

  116.     hmac: undefined,

  117.     hmacBuf: undefined,

  118.     compress: undefined,

  119.     compressBuf: undefined

  120.   };

  121.   var i;

  122.   if (typeof cfg.algorithms === 'object' && cfg.algorithms !== null) {

  123.     var algosSupported;

  124.     var algoList;

  125. 

  126.     algoList = cfg.algorithms.kex;

  127.     if (Array.isArray(algoList) && algoList.length > 0) {

  128.       algosSupported = ALGORITHMS.SUPPORTED_KEX;

  129.       for (i = 0; i < algoList.length; ++i) {

  130.         if (algosSupported.indexOf(algoList[i]) === -1)

  131.           throw new Error('Unsupported key exchange algorithm: ' + algoList[i]);

  132.       }

  133.       algorithms.kex = algoList;

  134.     }

  135. 

  136.     algoList = cfg.algorithms.cipher;

  137.     if (Array.isArray(algoList) && algoList.length > 0) {

  138.       algosSupported = ALGORITHMS.SUPPORTED_CIPHER;

  139.       for (i = 0; i < algoList.length; ++i) {

  140.         if (algosSupported.indexOf(algoList[i]) === -1)

  141.           throw new Error('Unsupported cipher algorithm: ' + algoList[i]);

  142.       }

  143.       algorithms.cipher = algoList;

  144.     }

  145. 

  146.     algoList = cfg.algorithms.serverHostKey;

  147.     if (Array.isArray(algoList) && algoList.length > 0) {

  148.       algosSupported = ALGORITHMS.SUPPORTED_SERVER_HOST_KEY;

  149.       for (i = 0; i < algoList.length; ++i) {

  150.         if (algosSupported.indexOf(algoList[i]) === -1) {

  151.           throw new Error('Unsupported server host key algorithm: '

  152.                            + algoList[i]);

  153.         }

  154.       }

  155.       algorithms.serverHostKey = algoList;

  156.     }

  157. 

  158.     algoList = cfg.algorithms.hmac;

  159.     if (Array.isArray(algoList) && algoList.length > 0) {

  160.       algosSupported = ALGORITHMS.SUPPORTED_HMAC;

  161.       for (i = 0; i < algoList.length; ++i) {

  162.         if (algosSupported.indexOf(algoList[i]) === -1)

  163.           throw new Error('Unsupported HMAC algorithm: ' + algoList[i]);

  164.       }

  165.       algorithms.hmac = algoList;

  166.     }

  167. 

  168.     algoList = cfg.algorithms.compress;

  169.     if (Array.isArray(algoList) && algoList.length > 0) {

  170.       algosSupported = ALGORITHMS.SUPPORTED_COMPRESS;

  171.       for (i = 0; i < algoList.length; ++i) {

  172.         if (algosSupported.indexOf(algoList[i]) === -1)

  173.           throw new Error('Unsupported compression algorithm: ' + algoList[i]);

  174.       }

  175.       algorithms.compress = algoList;

  176.     }

  177.   }

  178.   if (algorithms.compress === undefined) {

  179.     if (cfg.compress) {

  180.       algorithms.compress = ['zlib@openssh.com', 'zlib'];

  181.       if (cfg.compress !== 'force')

  182.         algorithms.compress.push('none');

  183.     } else if (cfg.compress === false)

  184.       algorithms.compress = ['none'];

  185.   }

  186. 

  187.   if (typeof cfg.username === 'string')

  188.     this.config.username = cfg.username;

  189.   else if (typeof cfg.user === 'string')

  190.     this.config.username = cfg.user;

  191.   else

  192.     throw new Error('Invalid username');

  193. 

  194.   this.config.password = (typeof cfg.password === 'string'

  195.                           ? cfg.password

  196.                           : undefined);

  197.   this.config.privateKey = (typeof cfg.privateKey === 'string'

  198.                             || Buffer.isBuffer(cfg.privateKey)

  199.                             ? cfg.privateKey

  200.                             : undefined);

  201.   this.config.localHostname = (typeof cfg.localHostname === 'string'

  202.                                && cfg.localHostname.length

  203.                                ? cfg.localHostname

  204.                                : undefined);

  205.   this.config.localUsername = (typeof cfg.localUsername === 'string'

  206.                                && cfg.localUsername.length

  207.                                ? cfg.localUsername

  208.                                : undefined);

  209.   this.config.tryKeyboard = (cfg.tryKeyboard === true);

  210.   this.config.agent = (typeof cfg.agent === 'string' && cfg.agent.length

  211.                        ? cfg.agent

  212.                        : undefined);

  213.   this.config.allowAgentFwd = (cfg.agentForward === true

  214.                                && this.config.agent !== undefined);

  215.   var authHandler = this.config.authHandler = (

  216.     typeof cfg.authHandler === 'function' ? cfg.authHandler : undefined

  217.   );

  218. 

  219.   this.config.strictVendor = (typeof cfg.strictVendor === 'boolean'

  220.                               ? cfg.strictVendor

  221.                               : true);

  222. 

  223.   var debug = this.config.debug = (typeof cfg.debug === 'function'

  224.                                    ? cfg.debug

  225.                                    : DEBUG_NOOP);

  226. 

  227.   if (cfg.agentForward === true && !this.config.allowAgentFwd)

  228.     throw new Error('You must set a valid agent path to allow agent forwarding');

  229. 

  230.   var callbacks = this._callbacks = [];

  231.   this._channels = {};

  232.   this._forwarding = {};

  233.   this._forwardingUnix = {};

  234.   this._acceptX11 = 0;

  235.   this._agentFwdEnabled = false;

  236.   this._curChan = -1;

  237.   this._remoteVer = undefined;

  238.   var privateKey;

  239. 

  240.   if (this.config.privateKey) {

  241.     privateKey = parseKey(this.config.privateKey, cfg.passphrase);

  242.     if (privateKey instanceof Error)

  243.       throw new Error('Cannot parse privateKey: ' + privateKey.message);

  244.     if (Array.isArray(privateKey))

  245.       privateKey = privateKey[0]; // OpenSSH's newer format only stores 1 key for now

  246.     if (privateKey.getPrivatePEM() === null)

  247.       throw new Error('privateKey value does not contain a (valid) private key');

  248.   }

  249. 

  250.   var stream = this._sshstream = new SSH2Stream({

  251.     algorithms: algorithms,

  252.     debug: (debug === DEBUG_NOOP ? undefined : debug)

  253.   });

  254.   var sock = this._sock = (cfg.sock || new Socket());

  255. 

  256.   // drain stderr if we are connection hopping using an exec stream

  257.   if (this._sock.stderr && typeof this._sock.stderr.resume === 'function')

  258.     this._sock.stderr.resume();

  259. 

  260.   // keepalive-related

  261.   var kainterval = this.config.keepaliveInterval;

  262.   var kacountmax = this.config.keepaliveCountMax;

  263.   var kacount = 0;

  264.   var katimer;

  265.   function sendKA() {

  266.     if (++kacount > kacountmax) {

  267.       clearInterval(katimer);

  268.       if (sock.readable) {

  269.         var err = new Error('Keepalive timeout');

  270.         err.level = 'client-timeout';

  271.         self.emit('error', err);

  272.         sock.destroy();

  273.       }

  274.       return;

  275.     }

  276.     if (sock.writable) {

  277.       // append dummy callback to keep correct callback order

  278.       callbacks.push(resetKA);

  279.       stream.ping();

  280.     } else

  281.       clearInterval(katimer);

  282.   }

  283.   function resetKA() {

  284.     if (kainterval > 0) {

  285.       kacount = 0;

  286.       clearInterval(katimer);

  287.       if (sock.writable)

  288.         katimer = setInterval(sendKA, kainterval);

  289.     }

  290.   }

  291.   this._resetKA = resetKA;

  292. 

  293.   stream.on('USERAUTH_BANNER', function(msg) {

  294.     self.emit('banner', msg);

  295.   });

  296. 

  297.   sock.on('connect', function() {

  298.     debug('DEBUG: Client: Connected');

  299.     self.emit('connect');

  300.     if (!cfg.sock)

  301.       stream.pipe(sock).pipe(stream);

  302.   }).on('timeout', function() {

  303.     self.emit('timeout');

  304.   }).on('error', function(err) {

  305.     clearTimeout(self._readyTimeout);

  306.     err.level = 'client-socket';

  307.     self.emit('error', err);

  308.   }).on('end', function() {

  309.     stream.unpipe(sock);

  310.     clearTimeout(self._readyTimeout);

  311.     clearInterval(katimer);

  312.     self.emit('end');

  313.   }).on('close', function() {

  314.     stream.unpipe(sock);

  315.     clearTimeout(self._readyTimeout);

  316.     clearInterval(katimer);

  317.     self.emit('close');

  318. 

  319.     // notify outstanding channel requests of disconnection ...

  320.     var callbacks_ = callbacks;

  321.     var err = new Error('No response from server');

  322.     callbacks = self._callbacks = [];

  323.     for (i = 0; i < callbacks_.length; ++i)

  324.       callbacks_[i](err);

  325. 

  326.     // simulate error for any channels waiting to be opened. this is safe

  327.     // against successfully opened channels because the success and failure

  328.     // event handlers are automatically removed when a success/failure response

  329.     // is received

  330.     var channels = self._channels;

  331.     var chanNos = Object.keys(channels);

  332.     self._channels = {};

  333.     for (i = 0; i < chanNos.length; ++i) {

  334.       var ev1 = stream.emit('CHANNEL_OPEN_FAILURE:' + chanNos[i], err);

  335.       // emitting CHANNEL_CLOSE should be safe too and should help for any

  336.       // special channels which might otherwise keep the process alive, such

  337.       // as agent forwarding channels which have open unix sockets ...

  338.       var ev2 = stream.emit('CHANNEL_CLOSE:' + chanNos[i]);

  339.       var earlyCb;

  340.       if (!ev1 && !ev2 && (earlyCb = channels[chanNos[i]])

  341.           && typeof earlyCb === 'function') {

  342.         earlyCb(err);

  343.       }

  344.     }

  345.   });

  346.   stream.on('drain', function() {

  347.     self.emit('drain');

  348.   }).once('header', function(header) {

  349.     self._remoteVer = header.versions.software;

  350.     if (header.greeting)

  351.       self.emit('greeting', header.greeting);

  352.   }).on('continue', function() {

  353.     self.emit('continue');

  354.   }).on('error', function(err) {

  355.     if (err.level === undefined)

  356.       err.level = 'protocol';

  357.     else if (err.level === 'handshake')

  358.       clearTimeout(self._readyTimeout);

  359.     self.emit('error', err);

  360.   }).on('end', function() {

  361.     sock.resume();

  362.   });

  363. 

  364.   if (typeof cfg.hostVerifier === 'function') {

  365.     if (HASHES.indexOf(cfg.hostHash) === -1)

  366.       throw new Error('Invalid host hash algorithm: ' + cfg.hostHash);

  367.     var hashCb = cfg.hostVerifier;

  368.     var hasher = crypto.createHash(cfg.hostHash);

  369.     stream.once('fingerprint', function(key, verify) {

  370.       hasher.update(key);

  371.       var ret = hashCb(hasher.digest('hex'), verify);

  372.       if (ret !== undefined)

  373.         verify(ret);

  374.     });

  375.   }

  376. 

  377.   // begin authentication handling =============================================

  378.   var curAuth;

  379.   var curPartial = null;

  380.   var curAuthsLeft = null;

  381.   var agentKeys;

  382.   var agentKeyPos = 0;

  383.   var authsAllowed = ['none'];

  384.   if (this.config.password !== undefined)

  385.     authsAllowed.push('password');

  386.   if (privateKey !== undefined)

  387.     authsAllowed.push('publickey');

  388.   if (this.config.agent !== undefined)

  389.     authsAllowed.push('agent');

  390.   if (this.config.tryKeyboard)

  391.     authsAllowed.push('keyboard-interactive');

  392.   if (privateKey !== undefined

  393.       && this.config.localHostname !== undefined

  394.       && this.config.localUsername !== undefined) {

  395.     authsAllowed.push('hostbased');

  396.   }

  397. 

  398.   if (authHandler === undefined) {

  399.     var authPos = 0;

  400.     authHandler = function authHandler(authsLeft, partial, cb) {

  401.       if (authPos === authsAllowed.length)

  402.         return false;

  403.       return authsAllowed[authPos++];

  404.     };

  405.   }

  406. 

  407.   var hasSentAuth = false;

  408.   function doNextAuth(authName) {

  409.     hasSentAuth = true;

  410.     if (authName === false) {

  411.       stream.removeListener('USERAUTH_FAILURE', onUSERAUTH_FAILURE);

  412.       stream.removeListener('USERAUTH_PK_OK', onUSERAUTH_PK_OK);

  413.       var err = new Error('All configured authentication methods failed');

  414.       err.level = 'client-authentication';

  415.       self.emit('error', err);

  416.       if (stream.writable)

  417.         self.end();

  418.       return;

  419.     }

  420.     if (authsAllowed.indexOf(authName) === -1)

  421.       throw new Error('Authentication method not allowed: ' + authName);

  422.     curAuth = authName;

  423.     switch (curAuth) {

  424.       case 'password':

  425.         stream.authPassword(self.config.username, self.config.password);

  426.       break;

  427.       case 'publickey':

  428.         stream.authPK(self.config.username, privateKey);

  429.         stream.once('USERAUTH_PK_OK', onUSERAUTH_PK_OK);

  430.       break;

  431.       case 'hostbased':

  432.         function hostbasedCb(buf, cb) {

  433.           var signature = privateKey.sign(buf);

  434.           if (signature instanceof Error) {

  435.             signature.message = 'Error while signing data with privateKey: '

  436.                                 + signature.message;

  437.             signature.level = 'client-authentication';

  438.             self.emit('error', signature);

  439.             return tryNextAuth();

  440.           }

  441. 

  442.           cb(signature);

  443.         }

  444.         stream.authHostbased(self.config.username,

  445.                              privateKey,

  446.                              self.config.localHostname,

  447.                              self.config.localUsername,

  448.                              hostbasedCb);

  449.       break;

  450.       case 'agent':

  451.         agentQuery(self.config.agent, function(err, keys) {

  452.           if (err) {

  453.             err.level = 'agent';

  454.             self.emit('error', err);

  455.             agentKeys = undefined;

  456.             return tryNextAuth();

  457.           } else if (keys.length === 0) {

  458.             debug('DEBUG: Agent: No keys stored in agent');

  459.             agentKeys = undefined;

  460.             return tryNextAuth();

  461.           }

  462. 

  463.           agentKeys = keys;

  464.           agentKeyPos = 0;

  465. 

  466.           stream.authPK(self.config.username, keys[0]);

  467.           stream.once('USERAUTH_PK_OK', onUSERAUTH_PK_OK);

  468.         });

  469.       break;

  470.       case 'keyboard-interactive':

  471.         stream.authKeyboard(self.config.username);

  472.         stream.on('USERAUTH_INFO_REQUEST', onUSERAUTH_INFO_REQUEST);

  473.       break;

  474.       case 'none':

  475.         stream.authNone(self.config.username);

  476.       break;

  477.     }

  478.   }

  479.   function tryNextAuth() {

  480.     hasSentAuth = false;

  481.     var auth = authHandler(curAuthsLeft, curPartial, doNextAuth);

  482.     if (hasSentAuth || auth === undefined)

  483.       return;

  484.     doNextAuth(auth);

  485.   }

  486.   function tryNextAgentKey() {

  487.     if (curAuth === 'agent') {

  488.       if (agentKeyPos >= agentKeys.length)

  489.         return;

  490.       if (++agentKeyPos >= agentKeys.length) {

  491.         debug('DEBUG: Agent: No more keys left to try');

  492.         debug('DEBUG: Client: agent auth failed');

  493.         agentKeys = undefined;

  494.         tryNextAuth();

  495.       } else {

  496.         debug('DEBUG: Agent: Trying key #' + (agentKeyPos + 1));

  497.         stream.authPK(self.config.username, agentKeys[agentKeyPos]);

  498.         stream.once('USERAUTH_PK_OK', onUSERAUTH_PK_OK);

  499.       }

  500.     }

  501.   }

  502.   function onUSERAUTH_INFO_REQUEST(name, instructions, lang, prompts) {

  503.     var nprompts = (Array.isArray(prompts) ? prompts.length : 0);

  504.     if (nprompts === 0) {

  505.       debug('DEBUG: Client: Sending automatic USERAUTH_INFO_RESPONSE');

  506.       return stream.authInfoRes();

  507.     }

  508.     // we sent a keyboard-interactive user authentication request and now the

  509.     // server is sending us the prompts we need to present to the user

  510.     self.emit('keyboard-interactive',

  511.               name,

  512.               instructions,

  513.               lang,

  514.               prompts,

  515.               function(answers) {

  516.                 stream.authInfoRes(answers);

  517.               }

  518.     );

  519.   }

  520.   function onUSERAUTH_PK_OK() {

  521.     if (curAuth === 'agent') {

  522.       var agentKey = agentKeys[agentKeyPos];

  523.       var keyLen = readUInt32BE(agentKey, 0);

  524.       var pubKeyFullType = agentKey.toString('ascii', 4, 4 + keyLen);

  525.       var pubKeyType = pubKeyFullType.slice(4);

  526.       // Check that we support the key type first

  527.       // TODO: move key type checking logic to ssh2-streams

  528.       switch (pubKeyFullType) {

  529.         case 'ssh-rsa':

  530.         case 'ssh-dss':

  531.         case 'ecdsa-sha2-nistp256':

  532.         case 'ecdsa-sha2-nistp384':

  533.         case 'ecdsa-sha2-nistp521':

  534.           break;

  535.         default:

  536.           if (EDDSA_SUPPORTED && pubKeyFullType === 'ssh-ed25519')

  537.             break;

  538.           debug('DEBUG: Agent: Skipping unsupported key type: '

  539.                 + pubKeyFullType);

  540.           return tryNextAgentKey();

  541.       }

  542.       stream.authPK(self.config.username, 

  543.                     agentKey,

  544.                     function(buf, cb) {

  545.         agentQuery(self.config.agent,

  546.                    agentKey,

  547.                    pubKeyType,

  548.                    buf,

  549.                    function(err, signed) {

  550.           if (err) {

  551.             err.level = 'agent';

  552.             self.emit('error', err);

  553.           } else {

  554.             var sigFullTypeLen = readUInt32BE(signed, 0);

  555.             if (4 + sigFullTypeLen + 4 < signed.length) {

  556.               var sigFullType = signed.toString('ascii', 4, 4 + sigFullTypeLen);

  557.               if (sigFullType !== pubKeyFullType) {

  558.                 err = new Error('Agent key/signature type mismatch');

  559.                 err.level = 'agent';

  560.                 self.emit('error', err);

  561.               } else {

  562.                 // skip algoLen + algo + sigLen

  563.                 return cb(signed.slice(4 + sigFullTypeLen + 4));

  564.               }

  565.             }

  566.           }

  567. 

  568.           tryNextAgentKey();

  569.         });

  570.       });

  571.     } else if (curAuth === 'publickey') {

  572.       stream.authPK(self.config.username, privateKey, function(buf, cb) {

  573.         var signature = privateKey.sign(buf);

  574.         if (signature instanceof Error) {

  575.           signature.message = 'Error while signing data with privateKey: '

  576.                               + signature.message;

  577.           signature.level = 'client-authentication';

  578.           self.emit('error', signature);

  579.           return tryNextAuth();

  580.         }

  581.         cb(signature);

  582.       });

  583.     }

  584.   }

  585.   function onUSERAUTH_FAILURE(authsLeft, partial) {

  586.     stream.removeListener('USERAUTH_PK_OK', onUSERAUTH_PK_OK);

  587.     stream.removeListener('USERAUTH_INFO_REQUEST', onUSERAUTH_INFO_REQUEST);

  588.     if (curAuth === 'agent') {

  589.       debug('DEBUG: Client: Agent key #' + (agentKeyPos + 1) + ' failed');

  590.       return tryNextAgentKey();

  591.     } else {

  592.       debug('DEBUG: Client: ' + curAuth + ' auth failed');

  593.     }

  594. 

  595.     curPartial = partial;

  596.     curAuthsLeft = authsLeft;

  597.     tryNextAuth();

  598.   }

  599.   stream.once('USERAUTH_SUCCESS', function() {

  600.     stream.removeListener('USERAUTH_FAILURE', onUSERAUTH_FAILURE);

  601.     stream.removeListener('USERAUTH_INFO_REQUEST', onUSERAUTH_INFO_REQUEST);

  602. 

  603.     // start keepalive mechanism

  604.     resetKA();

  605. 

  606.     clearTimeout(self._readyTimeout);

  607. 

  608.     self.emit('ready');

  609.   }).on('USERAUTH_FAILURE', onUSERAUTH_FAILURE);

  610.   // end authentication handling ===============================================

  611. 

  612.   // handle initial handshake completion

  613.   stream.once('ready', function() {

  614.     stream.service('ssh-userauth');

  615.     stream.once('SERVICE_ACCEPT', function(svcName) {

  616.       if (svcName === 'ssh-userauth')

  617.         tryNextAuth();

  618.     });

  619.   });

  620. 

  621.   // handle incoming requests from server, typically a forwarded TCP or X11

  622.   // connection

  623.   stream.on('CHANNEL_OPEN', function(info) {

  624.     onCHANNEL_OPEN(self, info);

  625.   });

  626. 

  627.   // handle responses for tcpip-forward and other global requests

  628.   stream.on('REQUEST_SUCCESS', function(data) {

  629.     if (callbacks.length)

  630.       callbacks.shift()(false, data);

  631.   }).on('REQUEST_FAILURE', function() {

  632.     if (callbacks.length)

  633.       callbacks.shift()(true);

  634.   });

  635. 

  636.   stream.on('GLOBAL_REQUEST', function(name, wantReply, data) {

  637.     // auto-reject all global requests, this can be especially useful if the

  638.     // server is sending us dummy keepalive global requests

  639.     if (wantReply)

  640.       stream.requestFailure();

  641.   });

  642. 

  643.   if (!cfg.sock) {

  644.     var host = this.config.host;

  645.     var forceIPv4 = this.config.forceIPv4;

  646.     var forceIPv6 = this.config.forceIPv6;

  647. 

  648.     debug('DEBUG: Client: Trying '

  649.           + host

  650.           + ' on port '

  651.           + this.config.port

  652.           + ' ...');

  653. 

  654.     function doConnect() {

  655.       startTimeout();

  656.       self._sock.connect({

  657.         host: host,

  658.         port: self.config.port,

  659.         localAddress: self.config.localAddress,

  660.         localPort: self.config.localPort

  661.       });

  662.       self._sock.setNoDelay(true);

  663.       self._sock.setMaxListeners(0);

  664.       self._sock.setTimeout(typeof cfg.timeout === 'number' ? cfg.timeout : 0);

  665.     }

  666. 

  667.     if ((!forceIPv4 && !forceIPv6) || (forceIPv4 && forceIPv6))

  668.       doConnect();

  669.     else {

  670.       dnsLookup(host, (forceIPv4 ? 4 : 6), function(err, address, family) {

  671.         if (err) {

  672.           var error = new Error('Error while looking up '

  673.                                 + (forceIPv4 ? 'IPv4' : 'IPv6')

  674.                                 + ' address for host '

  675.                                 + host

  676.                                 + ': ' + err);

  677.           clearTimeout(self._readyTimeout);

  678.           error.level = 'client-dns';

  679.           self.emit('error', error);

  680.           self.emit('close');

  681.           return;

  682.         }

  683.         host = address;

  684.         doConnect();

  685.       });

  686.     }

  687.   } else {

  688.     startTimeout();

  689.     stream.pipe(sock).pipe(stream);

  690.   }

  691. 

  692.   function startTimeout() {

  693.     if (self.config.readyTimeout > 0) {

  694.       self._readyTimeout = setTimeout(function() {

  695.         var err = new Error('Timed out while waiting for handshake');

  696.         err.level = 'client-timeout';

  697.         self.emit('error', err);

  698.         sock.destroy();

  699.       }, self.config.readyTimeout);

  700.     }

  701.   }

  702. };

  703. 

  704. Client.prototype.end = function() {

  705.   if (this._sock

  706.       && this._sock.writable

  707.       && this._sshstream

  708.       && this._sshstream.writable)

  709.     return this._sshstream.disconnect();

  710.   return false;

  711. };

  712. 

  713. Client.prototype.destroy = function() {

  714.   this._sock && this._sock.destroy();

  715. };

  716. 

  717. Client.prototype.exec = function(cmd, opts, cb) {

  718.   if (!this._sock

  719.       || !this._sock.writable

  720.       || !this._sshstream

  721.       || !this._sshstream.writable)

  722.     throw new Error('Not connected');

  723. 

  724.   if (typeof opts === 'function') {

  725.     cb = opts;

  726.     opts = {};

  727.   }

  728. 

  729.   var self = this;

  730.   var extraOpts = { allowHalfOpen: (opts.allowHalfOpen !== false) };

  731. 

  732.   return openChannel(this, 'session', extraOpts, function(err, chan) {

  733.     if (err)

  734.       return cb(err);

  735. 

  736.     var todo = [];

  737. 

  738.     function reqCb(err) {

  739.       if (err) {

  740.         chan.close();

  741.         return cb(err);

  742.       }

  743.       if (todo.length)

  744.         todo.shift()();

  745.     }

  746. 

  747.     if (self.config.allowAgentFwd === true

  748.         || (opts

  749.             && opts.agentForward === true

  750.             && self.config.agent !== undefined)) {

  751.       todo.push(function() {

  752.         reqAgentFwd(chan, reqCb);

  753.       });

  754.     }

  755. 

  756.     if (typeof opts === 'object' && opts !== null) {

  757.       if (typeof opts.env === 'object' && opts.env !== null)

  758.         reqEnv(chan, opts.env);

  759.       if ((typeof opts.pty === 'object' && opts.pty !== null)

  760.           || opts.pty === true) {

  761.         todo.push(function() { reqPty(chan, opts.pty, reqCb); });

  762.       }

  763.       if ((typeof opts.x11 === 'object' && opts.x11 !== null)

  764.           || opts.x11 === 'number'

  765.           || opts.x11 === true) {

  766.         todo.push(function() { reqX11(chan, opts.x11, reqCb); });

  767.       }

  768.     }

  769. 

  770.     todo.push(function() { reqExec(chan, cmd, opts, cb); });

  771.     todo.shift()();

  772.   });

  773. };

  774. 

  775. Client.prototype.shell = function(wndopts, opts, cb) {

  776.   if (!this._sock

  777.       || !this._sock.writable

  778.       || !this._sshstream

  779.       || !this._sshstream.writable)

  780.     throw new Error('Not connected');

  781. 

  782.   // start an interactive terminal/shell session

  783.   var self = this;

  784. 

  785.   if (typeof wndopts === 'function') {

  786.     cb = wndopts;

  787.     wndopts = opts = undefined;

  788.   } else if (typeof opts === 'function') {

  789.     cb = opts;

  790.     opts = undefined;

  791.   }

  792.   if (wndopts && (wndopts.x11 !== undefined || wndopts.env !== undefined)) {

  793.     opts = wndopts;

  794.     wndopts = undefined;

  795.   }

  796. 

  797.   return openChannel(this, 'session', function(err, chan) {

  798.     if (err)

  799.       return cb(err);

  800. 

  801.     var todo = [];

  802. 

  803.     function reqCb(err) {

  804.       if (err) {

  805.         chan.close();

  806.         return cb(err);

  807.       }

  808.       if (todo.length)

  809.         todo.shift()();

  810.     }

  811. 

  812.     if (self.config.allowAgentFwd === true

  813.         || (opts

  814.             && opts.agentForward === true

  815.             && self.config.agent !== undefined)) {

  816.       todo.push(function() { reqAgentFwd(chan, reqCb); });

  817.     }

  818. 

  819.     if (wndopts !== false)

  820.       todo.push(function() { reqPty(chan, wndopts, reqCb); });

  821. 

  822.     if (typeof opts === 'object' && opts !== null) {

  823.       if (typeof opts.env === 'object' && opts.env !== null)

  824.         reqEnv(chan, opts.env);

  825.       if ((typeof opts.x11 === 'object' && opts.x11 !== null)

  826.           || opts.x11 === 'number'

  827.           || opts.x11 === true) {

  828.         todo.push(function() { reqX11(chan, opts.x11, reqCb); });

  829.       }

  830.     }

  831. 

  832.     todo.push(function() { reqShell(chan, cb); });

  833.     todo.shift()();

  834.   });

  835. };

  836. 

  837. Client.prototype.subsys = function(name, cb) {

  838.   if (!this._sock

  839.       || !this._sock.writable

  840.       || !this._sshstream

  841.       || !this._sshstream.writable)

  842.     throw new Error('Not connected');

  843. 

  844. 	return openChannel(this, 'session', function(err, chan) {

  845. 		if (err)

  846. 			return cb(err);

  847. 

  848. 		reqSubsystem(chan, name, function(err, stream) {

  849. 			if (err)

  850. 				return cb(err);

  851. 

  852. 			cb(undefined, stream);

  853. 		});

  854. 	});

  855. };

  856. 

  857. Client.prototype.sftp = function(cb) {

  858.   if (!this._sock

  859.       || !this._sock.writable

  860.       || !this._sshstream

  861.       || !this._sshstream.writable)

  862.     throw new Error('Not connected');

  863. 

  864.   var self = this;

  865. 

  866.   // start an SFTP session

  867.   return openChannel(this, 'session', function(err, chan) {

  868.     if (err)

  869.       return cb(err);

  870. 

  871.     reqSubsystem(chan, 'sftp', function(err, stream) {

  872.       if (err)

  873.         return cb(err);

  874. 

  875.       var serverIdentRaw = self._sshstream._state.incoming.identRaw;

  876.       var cfg = { debug: self.config.debug };

  877.       var sftp = new SFTPStream(cfg, serverIdentRaw);

  878. 

  879.       function onError(err) {

  880.         sftp.removeListener('ready', onReady);

  881.         stream.removeListener('exit', onExit);

  882.         cb(err);

  883.       }

  884. 

  885.       function onReady() {

  886.         sftp.removeListener('error', onError);

  887.         stream.removeListener('exit', onExit);

  888.         cb(undefined, new SFTPWrapper(sftp));

  889.       }

  890. 

  891.       function onExit(code, signal) {

  892.         sftp.removeListener('ready', onReady);

  893.         sftp.removeListener('error', onError);

  894.         var msg;

  895.         if (typeof code === 'number') {

  896.           msg = 'Received exit code '

  897.                 + code

  898.                 + ' while establishing SFTP session';

  899.         } else {

  900.           msg = 'Received signal '

  901.                 + signal

  902.                 + ' while establishing SFTP session';

  903.         }

  904.         var err = new Error(msg);

  905.         err.code = code;

  906.         err.signal = signal;

  907.         cb(err);

  908.       }

  909. 

  910.       sftp.once('error', onError)

  911.           .once('ready', onReady)

  912.           .once('close', function() {

  913.             stream.end();

  914.           });

  915. 

  916.       // OpenSSH server sends an exit-status if there was a problem spinning up

  917.       // an sftp server child process, so we listen for that here in order to

  918.       // properly raise an error.

  919.       stream.once('exit', onExit);

  920. 

  921.       sftp.pipe(stream).pipe(sftp);

  922.     });

  923.   });

  924. };

  925. 

  926. Client.prototype.forwardIn = function(bindAddr, bindPort, cb) {

  927.   if (!this._sock

  928.       || !this._sock.writable

  929.       || !this._sshstream

  930.       || !this._sshstream.writable)

  931.     throw new Error('Not connected');

  932. 

  933.   // send a request for the server to start forwarding TCP connections to us

  934.   // on a particular address and port

  935. 

  936.   var self = this;

  937.   var wantReply = (typeof cb === 'function');

  938. 

  939.   if (wantReply) {

  940.     this._callbacks.push(function(had_err, data) {

  941.       if (had_err) {

  942.         return cb(had_err !== true

  943.                   ? had_err

  944.                   : new Error('Unable to bind to ' + bindAddr + ':' + bindPort));

  945.       }

  946. 

  947.       var realPort = bindPort;

  948.       if (bindPort === 0 && data && data.length >= 4) {

  949.         realPort = readUInt32BE(data, 0);

  950.         if (!(self._sshstream.remoteBugs & BUGS.DYN_RPORT_BUG))

  951.           bindPort = realPort;

  952.       }

  953. 

  954.       self._forwarding[bindAddr + ':' + bindPort] = realPort;

  955. 

  956.       cb(undefined, realPort);

  957.     });

  958.   }

  959. 

  960.   return this._sshstream.tcpipForward(bindAddr, bindPort, wantReply);

  961. };

  962. 

  963. Client.prototype.unforwardIn = function(bindAddr, bindPort, cb) {

  964.   if (!this._sock

  965.       || !this._sock.writable

  966.       || !this._sshstream

  967.       || !this._sshstream.writable)

  968.     throw new Error('Not connected');

  969. 

  970.   // send a request to stop forwarding us new connections for a particular

  971.   // address and port

  972. 

  973.   var self = this;

  974.   var wantReply = (typeof cb === 'function');

  975. 

  976.   if (wantReply) {

  977.     this._callbacks.push(function(had_err) {

  978.       if (had_err) {

  979.         return cb(had_err !== true

  980.                   ? had_err

  981.                   : new Error('Unable to unbind from '

  982.                               + bindAddr + ':' + bindPort));

  983.       }

  984. 

  985.       delete self._forwarding[bindAddr + ':' + bindPort];

  986. 

  987.       cb();

  988.     });

  989.   }

  990. 

  991.   return this._sshstream.cancelTcpipForward(bindAddr, bindPort, wantReply);

  992. };

  993. 

  994. Client.prototype.forwardOut = function(srcIP, srcPort, dstIP, dstPort, cb) {

  995.   if (!this._sock

  996.       || !this._sock.writable

  997.       || !this._sshstream

  998.       || !this._sshstream.writable)

  999.     throw new Error('Not connected');

  1000. 

  1001.   // send a request to forward a TCP connection to the server

  1002. 

  1003.   var cfg = {

  1004.     srcIP: srcIP,

  1005.     srcPort: srcPort,

  1006.     dstIP: dstIP,

  1007.     dstPort: dstPort

  1008.   };

  1009. 

  1010.   return openChannel(this, 'direct-tcpip', cfg, cb);

  1011. };

  1012. 

  1013. Client.prototype.openssh_noMoreSessions = function(cb) {

  1014.   if (!this._sock

  1015.       || !this._sock.writable

  1016.       || !this._sshstream

  1017.       || !this._sshstream.writable)

  1018.     throw new Error('Not connected');

  1019. 

  1020.   var wantReply = (typeof cb === 'function');

  1021. 

  1022.   if (!this.config.strictVendor

  1023.       || (this.config.strictVendor && RE_OPENSSH.test(this._remoteVer))) {

  1024.     if (wantReply) {

  1025.       this._callbacks.push(function(had_err) {

  1026.         if (had_err) {

  1027.           return cb(had_err !== true

  1028.                     ? had_err

  1029.                     : new Error('Unable to disable future sessions'));

  1030.         }

  1031. 

  1032.         cb();

  1033.       });

  1034.     }

  1035. 

  1036.     return this._sshstream.openssh_noMoreSessions(wantReply);

  1037.   } else if (wantReply) {

  1038.     process.nextTick(function() {

  1039.       cb(new Error('strictVendor enabled and server is not OpenSSH or compatible version'));

  1040.     });

  1041.   }

  1042. 

  1043.   return true;

  1044. };

  1045. 

  1046. Client.prototype.openssh_forwardInStreamLocal = function(socketPath, cb) {

  1047.   if (!this._sock

  1048.       || !this._sock.writable

  1049.       || !this._sshstream

  1050.       || !this._sshstream.writable)

  1051.     throw new Error('Not connected');

  1052. 

  1053.   var wantReply = (typeof cb === 'function');

  1054.   var self = this;

  1055. 

  1056.   if (!this.config.strictVendor

  1057.       || (this.config.strictVendor && RE_OPENSSH.test(this._remoteVer))) {

  1058.     if (wantReply) {

  1059.       this._callbacks.push(function(had_err) {

  1060.         if (had_err) {

  1061.           return cb(had_err !== true

  1062.                     ? had_err

  1063.                     : new Error('Unable to bind to ' + socketPath));

  1064.         }

  1065.         self._forwardingUnix[socketPath] = true;

  1066.         cb();

  1067.       });

  1068.     }

  1069. 

  1070.     return this._sshstream.openssh_streamLocalForward(socketPath, wantReply);

  1071.   } else if (wantReply) {

  1072.     process.nextTick(function() {

  1073.       cb(new Error('strictVendor enabled and server is not OpenSSH or compatible version'));

  1074.     });

  1075.   }

  1076. 

  1077.   return true;

  1078. };

  1079. 

  1080. Client.prototype.openssh_unforwardInStreamLocal = function(socketPath, cb) {

  1081.   if (!this._sock

  1082.       || !this._sock.writable

  1083.       || !this._sshstream

  1084.       || !this._sshstream.writable)

  1085.     throw new Error('Not connected');

  1086. 

  1087.   var wantReply = (typeof cb === 'function');

  1088.   var self = this;

  1089. 

  1090.   if (!this.config.strictVendor

  1091.       || (this.config.strictVendor && RE_OPENSSH.test(this._remoteVer))) {

  1092.     if (wantReply) {

  1093.       this._callbacks.push(function(had_err) {

  1094.         if (had_err) {

  1095.           return cb(had_err !== true

  1096.                     ? had_err

  1097.                     : new Error('Unable to unbind on ' + socketPath));

  1098.         }

  1099.         delete self._forwardingUnix[socketPath];

  1100.         cb();

  1101.       });

  1102.     }

  1103. 

  1104.     return this._sshstream.openssh_cancelStreamLocalForward(socketPath,

  1105.                                                             wantReply);

  1106.   } else if (wantReply) {

  1107.     process.nextTick(function() {

  1108.       cb(new Error('strictVendor enabled and server is not OpenSSH or compatible version'));

  1109.     });

  1110.   }

  1111. 

  1112.   return true;

  1113. };

  1114. 

  1115. Client.prototype.openssh_forwardOutStreamLocal = function(socketPath, cb) {

  1116.   if (!this._sock

  1117.       || !this._sock.writable

  1118.       || !this._sshstream

  1119.       || !this._sshstream.writable)

  1120.     throw new Error('Not connected');

  1121. 

  1122.   if (!this.config.strictVendor

  1123.       || (this.config.strictVendor && RE_OPENSSH.test(this._remoteVer))) {

  1124.     var cfg = { socketPath: socketPath };

  1125.     return openChannel(this, 'direct-streamlocal@openssh.com', cfg, cb);

  1126.   } else {

  1127.     process.nextTick(function() {

  1128.       cb(new Error('strictVendor enabled and server is not OpenSSH or compatible version'));

  1129.     });

  1130.   }

  1131. 

  1132.   return true;

  1133. };

  1134. 

  1135. function openChannel(self, type, opts, cb) {

  1136.   // ask the server to open a channel for some purpose

  1137.   // (e.g. session (sftp, exec, shell), or forwarding a TCP connection

  1138.   var localChan = nextChannel(self);

  1139.   var initWindow = Channel.MAX_WINDOW;

  1140.   var maxPacket = Channel.PACKET_SIZE;

  1141.   var ret = true;

  1142. 

  1143.   if (localChan === false)

  1144.     return cb(new Error('No free channels available'));

  1145. 

  1146.   if (typeof opts === 'function') {

  1147.     cb = opts;

  1148.     opts = {};

  1149.   }

  1150. 

  1151.   self._channels[localChan] = cb;

  1152. 

  1153.   var sshstream = self._sshstream;

  1154.   sshstream.once('CHANNEL_OPEN_CONFIRMATION:' + localChan, onSuccess)

  1155.            .once('CHANNEL_OPEN_FAILURE:' + localChan, onFailure)

  1156.            .once('CHANNEL_CLOSE:' + localChan, onFailure);

  1157. 

  1158.   if (type === 'session')

  1159.     ret = sshstream.session(localChan, initWindow, maxPacket);

  1160.   else if (type === 'direct-tcpip')

  1161.     ret = sshstream.directTcpip(localChan, initWindow, maxPacket, opts);

  1162.   else if (type === 'direct-streamlocal@openssh.com') {

  1163.     ret = sshstream.openssh_directStreamLocal(localChan,

  1164.                                               initWindow,

  1165.                                               maxPacket,

  1166.                                               opts);

  1167.   }

  1168. 

  1169.   return ret;

  1170. 

  1171.   function onSuccess(info) {

  1172.     sshstream.removeListener('CHANNEL_OPEN_FAILURE:' + localChan, onFailure);

  1173.     sshstream.removeListener('CHANNEL_CLOSE:' + localChan, onFailure);

  1174. 

  1175.     var chaninfo = {

  1176.       type: type,

  1177.       incoming: {

  1178.         id: localChan,

  1179.         window: initWindow,

  1180.         packetSize: maxPacket,

  1181.         state: 'open'

  1182.       },

  1183.       outgoing: {

  1184.         id: info.sender,

  1185.         window: info.window,

  1186.         packetSize: info.packetSize,

  1187.         state: 'open'

  1188.       }

  1189.     };

  1190.     cb(undefined, new Channel(chaninfo, self));

  1191.   }

  1192. 

  1193.   function onFailure(info) {

  1194.     sshstream.removeListener('CHANNEL_OPEN_CONFIRMATION:' + localChan,

  1195.                              onSuccess);

  1196.     sshstream.removeListener('CHANNEL_OPEN_FAILURE:' + localChan, onFailure);

  1197.     sshstream.removeListener('CHANNEL_CLOSE:' + localChan, onFailure);

  1198. 

  1199.     delete self._channels[localChan];

  1200. 

  1201.     var err;

  1202.     if (info instanceof Error)

  1203.       err = info;

  1204.     else if (typeof info === 'object' && info !== null) {

  1205.       err = new Error('(SSH) Channel open failure: ' + info.description);

  1206.       err.reason = info.reason;

  1207.       err.lang = info.lang;

  1208.     } else {

  1209.       err = new Error('(SSH) Channel open failure: '

  1210.                       + 'server closed channel unexpectedly');

  1211.       err.reason = err.lang = '';

  1212.     }

  1213.     cb(err);

  1214.   }

  1215. }

  1216. 

  1217. function nextChannel(self) {

  1218.   // get the next available channel number

  1219. 

  1220.   // optimized path

  1221.   if (self._curChan < MAX_CHANNEL)

  1222.     return ++self._curChan;

  1223. 

  1224.   // slower lookup path

  1225.   for (var i = 0, channels = self._channels; i < MAX_CHANNEL; ++i)

  1226.     if (!channels[i])

  1227.       return i;

  1228. 

  1229.   return false;

  1230. }

  1231. 

  1232. function reqX11(chan, screen, cb) {

  1233.   // asks server to start sending us X11 connections

  1234.   var cfg = {

  1235.     single: false,

  1236.     protocol: 'MIT-MAGIC-COOKIE-1',

  1237.     cookie: undefined,

  1238.     screen: 0

  1239.   };

  1240. 

  1241.   if (typeof screen === 'function') {

  1242.     cb = screen;

  1243.   } else if (typeof screen === 'object' && screen !== null) {

  1244.     if (typeof screen.single === 'boolean')

  1245.       cfg.single = screen.single;

  1246.     if (typeof screen.screen === 'number')

  1247.       cfg.screen = screen.screen;

  1248.     if (typeof screen.protocol === 'string')

  1249.       cfg.protocol = screen.protocol;

  1250.     if (typeof screen.cookie === 'string')

  1251.       cfg.cookie = screen.cookie;

  1252.     else if (Buffer.isBuffer(screen.cookie))

  1253.       cfg.cookie = screen.cookie.toString('hex');

  1254.   }

  1255.   if (cfg.cookie === undefined)

  1256.     cfg.cookie = randomCookie();

  1257. 

  1258.   var wantReply = (typeof cb === 'function');

  1259. 

  1260.   if (chan.outgoing.state !== 'open') {

  1261.     wantReply && cb(new Error('Channel is not open'));

  1262.     return true;

  1263.   }

  1264. 

  1265.   if (wantReply) {

  1266.     chan._callbacks.push(function(had_err) {

  1267.       if (had_err) {

  1268.         return cb(had_err !== true

  1269.                   ? had_err

  1270.                   : new Error('Unable to request X11'));

  1271.       }

  1272. 

  1273.       chan._hasX11 = true;

  1274.       ++chan._client._acceptX11;

  1275.       chan.once('close', function() {

  1276.         if (chan._client._acceptX11)

  1277.           --chan._client._acceptX11;

  1278.       });

  1279. 

  1280.       cb();

  1281.     });

  1282.   }

  1283. 

  1284.   return chan._client._sshstream.x11Forward(chan.outgoing.id, cfg, wantReply);

  1285. }

  1286. 

  1287. function reqPty(chan, opts, cb) {

  1288.   var rows = 24;

  1289.   var cols = 80;

  1290.   var width = 640;

  1291.   var height = 480;

  1292.   var term = 'vt100';

  1293.   var modes = null;

  1294. 

  1295.   if (typeof opts === 'function')

  1296.     cb = opts;

  1297.   else if (typeof opts === 'object' && opts !== null) {

  1298.     if (typeof opts.rows === 'number')

  1299.       rows = opts.rows;

  1300.     if (typeof opts.cols === 'number')

  1301.       cols = opts.cols;

  1302.     if (typeof opts.width === 'number')

  1303.       width = opts.width;

  1304.     if (typeof opts.height === 'number')

  1305.       height = opts.height;

  1306.     if (typeof opts.term === 'string')

  1307.       term = opts.term;

  1308.     if (typeof opts.modes === 'object')

  1309.       modes = opts.modes;

  1310.   }

  1311. 

  1312.   var wantReply = (typeof cb === 'function');

  1313. 

  1314.   if (chan.outgoing.state !== 'open') {

  1315.     wantReply && cb(new Error('Channel is not open'));

  1316.     return true;

  1317.   }

  1318. 

  1319.   if (wantReply) {

  1320.     chan._callbacks.push(function(had_err) {

  1321.       if (had_err) {

  1322.         return cb(had_err !== true

  1323.                   ? had_err

  1324.                   : new Error('Unable to request a pseudo-terminal'));

  1325.       }

  1326.       cb();

  1327.     });

  1328.   }

  1329. 

  1330.   return chan._client._sshstream.pty(chan.outgoing.id,

  1331.                                      rows,

  1332.                                      cols,

  1333.                                      height,

  1334.                                      width,

  1335.                                      term,

  1336.                                      modes,

  1337.                                      wantReply);

  1338. }

  1339. 

  1340. function reqAgentFwd(chan, cb) {

  1341.   var wantReply = (typeof cb === 'function');

  1342. 

  1343.   if (chan.outgoing.state !== 'open') {

  1344.     wantReply && cb(new Error('Channel is not open'));

  1345.     return true;

  1346.   } else if (chan._client._agentFwdEnabled) {

  1347.     wantReply && cb(false);

  1348.     return true;

  1349.   }

  1350. 

  1351.   chan._client._agentFwdEnabled = true;

  1352. 

  1353.   chan._callbacks.push(function(had_err) {

  1354.     if (had_err) {

  1355.       chan._client._agentFwdEnabled = false;

  1356.       wantReply && cb(had_err !== true

  1357.                       ? had_err

  1358.                       : new Error('Unable to request agent forwarding'));

  1359.       return;

  1360.     }

  1361. 

  1362.     wantReply && cb();

  1363.   });

  1364. 

  1365.   return chan._client._sshstream.openssh_agentForward(chan.outgoing.id, true);

  1366. }

  1367. 

  1368. function reqShell(chan, cb) {

  1369.   if (chan.outgoing.state !== 'open') {

  1370.     cb(new Error('Channel is not open'));

  1371.     return true;

  1372.   }

  1373.   chan._callbacks.push(function(had_err) {

  1374.     if (had_err) {

  1375.       return cb(had_err !== true

  1376.                 ? had_err

  1377.                 : new Error('Unable to open shell'));

  1378.     }

  1379.     chan.subtype = 'shell';

  1380.     cb(undefined, chan);

  1381.   });

  1382. 

  1383.   return chan._client._sshstream.shell(chan.outgoing.id, true);

  1384. }

  1385. 

  1386. function reqExec(chan, cmd, opts, cb) {

  1387.   if (chan.outgoing.state !== 'open') {

  1388.     cb(new Error('Channel is not open'));

  1389.     return true;

  1390.   }

  1391.   chan._callbacks.push(function(had_err) {

  1392.     if (had_err) {

  1393.       return cb(had_err !== true

  1394.                 ? had_err

  1395.                 : new Error('Unable to exec'));

  1396.     }

  1397.     chan.subtype = 'exec';

  1398.     chan.allowHalfOpen = (opts.allowHalfOpen !== false);

  1399.     cb(undefined, chan);

  1400.   });

  1401. 

  1402.   return chan._client._sshstream.exec(chan.outgoing.id, cmd, true);

  1403. }

  1404. 

  1405. function reqEnv(chan, env) {

  1406.   if (chan.outgoing.state !== 'open')

  1407.     return true;

  1408.   var ret = true;

  1409.   var keys = Object.keys(env || {});

  1410.   var key;

  1411.   var val;

  1412. 

  1413.   for (var i = 0, len = keys.length; i < len; ++i) {

  1414.     key = keys[i];

  1415.     val = env[key];

  1416.     ret = chan._client._sshstream.env(chan.outgoing.id, key, val, false);

  1417.   }

  1418. 

  1419.   return ret;

  1420. }

  1421. 

  1422. function reqSubsystem(chan, name, cb) {

  1423.   if (chan.outgoing.state !== 'open') {

  1424.     cb(new Error('Channel is not open'));

  1425.     return true;

  1426.   }

  1427.   chan._callbacks.push(function(had_err) {

  1428.     if (had_err) {

  1429.       return cb(had_err !== true

  1430.                 ? had_err

  1431.                 : new Error('Unable to start subsystem: ' + name));

  1432.     }

  1433.     chan.subtype = 'subsystem';

  1434.     cb(undefined, chan);

  1435.   });

  1436. 

  1437.   return chan._client._sshstream.subsystem(chan.outgoing.id, name, true);

  1438. }

  1439. 

  1440. function onCHANNEL_OPEN(self, info) {

  1441.   // the server is trying to open a channel with us, this is usually when

  1442.   // we asked the server to forward us connections on some port and now they

  1443.   // are asking us to accept/deny an incoming connection on their side

  1444. 

  1445.   var localChan = false;

  1446.   var reason;

  1447. 

  1448.   function accept() {

  1449.     var chaninfo = {

  1450.       type: info.type,

  1451.       incoming: {

  1452.         id: localChan,

  1453.         window: Channel.MAX_WINDOW,

  1454.         packetSize: Channel.PACKET_SIZE,

  1455.         state: 'open'

  1456.       },

  1457.       outgoing: {

  1458.         id: info.sender,

  1459.         window: info.window,

  1460.         packetSize: info.packetSize,

  1461.         state: 'open'

  1462.       }

  1463.     };

  1464.     var stream = new Channel(chaninfo, self);

  1465. 

  1466.     self._sshstream.channelOpenConfirm(info.sender,

  1467.                                        localChan,

  1468.                                        Channel.MAX_WINDOW,

  1469.                                        Channel.PACKET_SIZE);

  1470.     return stream;

  1471.   }

  1472.   function reject() {

  1473.     if (reason === undefined) {

  1474.       if (localChan === false)

  1475.         reason = consts.CHANNEL_OPEN_FAILURE.RESOURCE_SHORTAGE;

  1476.       else

  1477.         reason = consts.CHANNEL_OPEN_FAILURE.CONNECT_FAILED;

  1478.     }

  1479. 

  1480.     self._sshstream.channelOpenFail(info.sender, reason, '', '');

  1481.   }

  1482. 

  1483.   if (info.type === 'forwarded-tcpip'

  1484.       || info.type === 'x11'

  1485.       || info.type === 'auth-agent@openssh.com'

  1486.       || info.type === 'forwarded-streamlocal@openssh.com') {

  1487. 

  1488.     // check for conditions for automatic rejection

  1489.     var rejectConn = (

  1490.      (info.type === 'forwarded-tcpip'

  1491.       && self._forwarding[info.data.destIP

  1492.                          + ':'

  1493.                          + info.data.destPort] === undefined)

  1494.      || (info.type === 'forwarded-streamlocal@openssh.com'

  1495.          && self._forwardingUnix[info.data.socketPath] === undefined)

  1496.      || (info.type === 'x11' && self._acceptX11 === 0)

  1497.      || (info.type === 'auth-agent@openssh.com'

  1498.          && !self._agentFwdEnabled)

  1499.     );

  1500. 

  1501.     if (!rejectConn) {

  1502.       localChan = nextChannel(self);

  1503. 

  1504.       if (localChan === false) {

  1505.         self.config.debug('DEBUG: Client: Automatic rejection of incoming channel open: no channels available');

  1506.         rejectConn = true;

  1507.       } else

  1508.         self._channels[localChan] = true;

  1509.     } else {

  1510.       reason = consts.CHANNEL_OPEN_FAILURE.ADMINISTRATIVELY_PROHIBITED;

  1511.       self.config.debug('DEBUG: Client: Automatic rejection of incoming channel open: unexpected channel open for: '

  1512.                         + info.type);

  1513.     }

  1514. 

  1515.     // TODO: automatic rejection after some timeout?

  1516. 

  1517.     if (rejectConn)

  1518.       reject();

  1519. 

  1520.     if (localChan !== false) {

  1521.       if (info.type === 'forwarded-tcpip') {

  1522.         if (info.data.destPort === 0) {

  1523.           info.data.destPort = self._forwarding[info.data.destIP

  1524.                                                 + ':'

  1525.                                                 + info.data.destPort];

  1526.         }

  1527.         self.emit('tcp connection', info.data, accept, reject);

  1528.       } else if (info.type === 'x11') {

  1529.         self.emit('x11', info.data, accept, reject);

  1530.       } else if (info.type === 'forwarded-streamlocal@openssh.com') {

  1531.         self.emit('unix connection', info.data, accept, reject);

  1532.       } else {

  1533.         agentQuery(self.config.agent, accept, reject);

  1534.       }

  1535.     }

  1536.   } else {

  1537.     // automatically reject any unsupported channel open requests

  1538.     self.config.debug('DEBUG: Client: Automatic rejection of incoming channel open: unsupported type: '

  1539.                       + info.type);

  1540.     reason = consts.CHANNEL_OPEN_FAILURE.UNKNOWN_CHANNEL_TYPE;

  1541.     reject();

  1542.   }

  1543. }

  1544. 

  1545. var randomCookie = (function() {

  1546.   if (typeof crypto.randomFillSync === 'function') {

  1547.     var buffer = Buffer.alloc(16);

  1548.     return function randomCookie() {

  1549.       crypto.randomFillSync(buffer, 0, 16);

  1550.       return buffer.toString('hex');

  1551.     };

  1552.   } else {

  1553.     return function randomCookie() {

  1554.       return crypto.randomBytes(16).toString('hex');

  1555.     };

  1556.   }

  1557. })();

  1558. 

  1559. Client.Client = Client;

  1560. Client.Server = require('./server');

  1561. // pass some useful utilities on to end user (e.g. parseKey())

  1562. Client.utils = ssh2_streams.utils;

  1563. // expose useful SFTPStream constants for sftp server usage

  1564. Client.SFTP_STATUS_CODE = SFTPStream.STATUS_CODE;

  1565. Client.SFTP_OPEN_MODE = SFTPStream.OPEN_MODE;

  1566. // expose http(s).Agent implementations to allow easy tunneling of HTTP(S)

  1567. // requests

  1568. Client.HTTPAgent = HTTPAgents.SSHTTPAgent;

  1569. Client.HTTPSAgent = HTTPAgents.SSHTTPSAgent;

  1570. 

  1571. module.exports = Client; // backwards compatibility