CCOM4030
/
artesanias
Observar 5
Favorito 0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Repositorio del curso CCOM4030 el semestre B91 del proyecto Artesanías con el Instituto de Cultura
8 Commits
9 Branches
Tag: 8df8a0d9ff
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 8df8a0d9ff
${ noResults }
artesanias/node_modules/ssh2/lib/server.js

server.js 32KB
Histórico Original

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160 
  1. var net = require('net');

  2. var EventEmitter = require('events').EventEmitter;

  3. var listenerCount = EventEmitter.listenerCount;

  4. var inherits = require('util').inherits;

  5. 

  6. var ssh2_streams = require('ssh2-streams');

  7. var parseKey = ssh2_streams.utils.parseKey;

  8. var SSH2Stream = ssh2_streams.SSH2Stream;

  9. var SFTPStream = ssh2_streams.SFTPStream;

  10. var consts = ssh2_streams.constants;

  11. var DISCONNECT_REASON = consts.DISCONNECT_REASON;

  12. var CHANNEL_OPEN_FAILURE = consts.CHANNEL_OPEN_FAILURE;

  13. var ALGORITHMS = consts.ALGORITHMS;

  14. 

  15. var Channel = require('./Channel');

  16. var KeepaliveManager = require('./keepalivemgr');

  17. var writeUInt32BE = require('./buffer-helpers').writeUInt32BE;

  18. 

  19. var MAX_CHANNEL = Math.pow(2, 32) - 1;

  20. var MAX_PENDING_AUTHS = 10;

  21. 

  22. var kaMgr;

  23. 

  24. function Server(cfg, listener) {

  25.   if (!(this instanceof Server))

  26.     return new Server(cfg, listener);

  27. 

  28.   var hostKeys = {

  29.     'ssh-rsa': null,

  30.     'ssh-dss': null,

  31.     'ssh-ed25519': null,

  32.     'ecdsa-sha2-nistp256': null,

  33.     'ecdsa-sha2-nistp384': null,

  34.     'ecdsa-sha2-nistp521': null

  35.   };

  36. 

  37.   var hostKeys_ = cfg.hostKeys;

  38.   if (!Array.isArray(hostKeys_))

  39.     throw new Error('hostKeys must be an array');

  40. 

  41.   var i;

  42.   for (i = 0; i < hostKeys_.length; ++i) {

  43.     var privateKey;

  44.     if (Buffer.isBuffer(hostKeys_[i]) || typeof hostKeys_[i] === 'string')

  45.       privateKey = parseKey(hostKeys_[i]);

  46.     else

  47.       privateKey = parseKey(hostKeys_[i].key, hostKeys_[i].passphrase);

  48.     if (privateKey instanceof Error)

  49.       throw new Error('Cannot parse privateKey: ' + privateKey.message);

  50.     if (Array.isArray(privateKey))

  51.       privateKey = privateKey[0]; // OpenSSH's newer format only stores 1 key for now

  52.     if (privateKey.getPrivatePEM() === null)

  53.       throw new Error('privateKey value contains an invalid private key');

  54.     if (hostKeys[privateKey.type])

  55.       continue;

  56.     hostKeys[privateKey.type] = privateKey;

  57.   }

  58. 

  59.   var algorithms = {

  60.     kex: undefined,

  61.     kexBuf: undefined,

  62.     cipher: undefined,

  63.     cipherBuf: undefined,

  64.     serverHostKey: undefined,

  65.     serverHostKeyBuf: undefined,

  66.     hmac: undefined,

  67.     hmacBuf: undefined,

  68.     compress: undefined,

  69.     compressBuf: undefined

  70.   };

  71.   if (typeof cfg.algorithms === 'object' && cfg.algorithms !== null) {

  72.     var algosSupported;

  73.     var algoList;

  74. 

  75.     algoList = cfg.algorithms.kex;

  76.     if (Array.isArray(algoList) && algoList.length > 0) {

  77.       algosSupported = ALGORITHMS.SUPPORTED_KEX;

  78.       for (i = 0; i < algoList.length; ++i) {

  79.         if (algosSupported.indexOf(algoList[i]) === -1)

  80.           throw new Error('Unsupported key exchange algorithm: ' + algoList[i]);

  81.       }

  82.       algorithms.kex = algoList;

  83.     }

  84. 

  85.     algoList = cfg.algorithms.cipher;

  86.     if (Array.isArray(algoList) && algoList.length > 0) {

  87.       algosSupported = ALGORITHMS.SUPPORTED_CIPHER;

  88.       for (i = 0; i < algoList.length; ++i) {

  89.         if (algosSupported.indexOf(algoList[i]) === -1)

  90.           throw new Error('Unsupported cipher algorithm: ' + algoList[i]);

  91.       }

  92.       algorithms.cipher = algoList;

  93.     }

  94. 

  95.     algoList = cfg.algorithms.serverHostKey;

  96.     var copied = false;

  97.     if (Array.isArray(algoList) && algoList.length > 0) {

  98.       algosSupported = ALGORITHMS.SUPPORTED_SERVER_HOST_KEY;

  99.       for (i = algoList.length - 1; i >= 0; --i) {

  100.         if (algosSupported.indexOf(algoList[i]) === -1) {

  101.           throw new Error('Unsupported server host key algorithm: '

  102.                            + algoList[i]);

  103.         }

  104.         if (!hostKeys[algoList[i]]) {

  105.           // Silently discard for now

  106.           if (!copied) {

  107.             algoList = algoList.slice();

  108.             copied = true;

  109.           }

  110.           algoList.splice(i, 1);

  111.         }

  112.       }

  113.       if (algoList.length > 0)

  114.         algorithms.serverHostKey = algoList;

  115.     }

  116. 

  117.     algoList = cfg.algorithms.hmac;

  118.     if (Array.isArray(algoList) && algoList.length > 0) {

  119.       algosSupported = ALGORITHMS.SUPPORTED_HMAC;

  120.       for (i = 0; i < algoList.length; ++i) {

  121.         if (algosSupported.indexOf(algoList[i]) === -1)

  122.           throw new Error('Unsupported HMAC algorithm: ' + algoList[i]);

  123.       }

  124.       algorithms.hmac = algoList;

  125.     }

  126. 

  127.     algoList = cfg.algorithms.compress;

  128.     if (Array.isArray(algoList) && algoList.length > 0) {

  129.       algosSupported = ALGORITHMS.SUPPORTED_COMPRESS;

  130.       for (i = 0; i < algoList.length; ++i) {

  131.         if (algosSupported.indexOf(algoList[i]) === -1)

  132.           throw new Error('Unsupported compression algorithm: ' + algoList[i]);

  133.       }

  134.       algorithms.compress = algoList;

  135.     }

  136.   }

  137. 

  138.   // Make sure we at least have some kind of valid list of support key

  139.   // formats

  140.   if (algorithms.serverHostKey === undefined) {

  141.     var hostKeyAlgos = Object.keys(hostKeys);

  142.     for (i = hostKeyAlgos.length - 1; i >= 0; --i) {

  143.       if (!hostKeys[hostKeyAlgos[i]])

  144.         hostKeyAlgos.splice(i, 1);

  145.     }

  146.     algorithms.serverHostKey = hostKeyAlgos;

  147.   }

  148. 

  149.   if (!kaMgr

  150.       && Server.KEEPALIVE_INTERVAL > 0

  151.       && Server.KEEPALIVE_CLIENT_INTERVAL > 0

  152.       && Server.KEEPALIVE_CLIENT_COUNT_MAX >= 0) {

  153.     kaMgr = new KeepaliveManager(Server.KEEPALIVE_INTERVAL,

  154.                                  Server.KEEPALIVE_CLIENT_INTERVAL,

  155.                                  Server.KEEPALIVE_CLIENT_COUNT_MAX);

  156.   }

  157. 

  158.   var self = this;

  159. 

  160.   EventEmitter.call(this);

  161. 

  162.   if (typeof listener === 'function')

  163.     self.on('connection', listener);

  164. 

  165.   var streamcfg = {

  166.     algorithms: algorithms,

  167.     hostKeys: hostKeys,

  168.     server: true

  169.   };

  170.   var keys;

  171.   var len;

  172.   for (i = 0, keys = Object.keys(cfg), len = keys.length; i < len; ++i) {

  173.     var key = keys[i];

  174.     if (key === 'privateKey'

  175.         || key === 'publicKey'

  176.         || key === 'passphrase'

  177.         || key === 'algorithms'

  178.         || key === 'hostKeys'

  179.         || key === 'server') {

  180.       continue;

  181.     }

  182.     streamcfg[key] = cfg[key];

  183.   }

  184. 

  185.   if (typeof streamcfg.debug === 'function') {

  186.     var oldDebug = streamcfg.debug;

  187.     var cfgKeys = Object.keys(streamcfg);

  188.   }

  189. 

  190.   this._srv = new net.Server(function(socket) {

  191.     if (self._connections >= self.maxConnections) {

  192.       socket.destroy();

  193.       return;

  194.     }

  195.     ++self._connections;

  196.     socket.once('close', function(had_err) {

  197.       --self._connections;

  198. 

  199.       // since joyent/node#993bb93e0a, we have to "read past EOF" in order to

  200.       // get an `end` event on streams. thankfully adding this does not

  201.       // negatively affect node versions pre-joyent/node#993bb93e0a.

  202.       sshstream.read();

  203.     }).on('error', function(err) {

  204.       sshstream.reset();

  205.       sshstream.emit('error', err);

  206.     });

  207. 

  208.     var conncfg = streamcfg;

  209. 

  210.     // prepend debug output with a unique identifier in case there are multiple

  211.     // clients connected at the same time

  212.     if (oldDebug) {

  213.       conncfg = {};

  214.       for (var i = 0, key; i < cfgKeys.length; ++i) {

  215.         key = cfgKeys[i];

  216.         conncfg[key] = streamcfg[key];

  217.       }

  218.       var debugPrefix = '[' + process.hrtime().join('.') + '] ';

  219.       conncfg.debug = function(msg) {

  220.         oldDebug(debugPrefix + msg);

  221.       };

  222.     }

  223. 

  224.     var sshstream = new SSH2Stream(conncfg);

  225.     var client = new Client(sshstream, socket);

  226. 

  227.     socket.pipe(sshstream).pipe(socket);

  228. 

  229.     // silence pre-header errors

  230.     function onClientPreHeaderError(err) {}

  231.     client.on('error', onClientPreHeaderError);

  232. 

  233.     sshstream.once('header', function(header) {

  234.       if (sshstream._readableState.ended) {

  235.         // already disconnected internally in SSH2Stream due to incompatible

  236.         // protocol version

  237.         return;

  238.       } else if (!listenerCount(self, 'connection')) {

  239.         // auto reject

  240.         return sshstream.disconnect(DISCONNECT_REASON.BY_APPLICATION);

  241.       }

  242. 

  243.       client.removeListener('error', onClientPreHeaderError);

  244. 

  245.       self.emit('connection',

  246.                 client,

  247.                 { ip: socket.remoteAddress,

  248.                   family: socket.remoteFamily,

  249.                   port: socket.remotePort,

  250.                   header: header });

  251.     });

  252.   }).on('error', function(err) {

  253.     self.emit('error', err);

  254.   }).on('listening', function() {

  255.     self.emit('listening');

  256.   }).on('close', function() {

  257.     self.emit('close');

  258.   });

  259.   this._connections = 0;

  260.   this.maxConnections = Infinity;

  261. }

  262. inherits(Server, EventEmitter);

  263. 

  264. Server.prototype.listen = function() {

  265.   this._srv.listen.apply(this._srv, arguments);

  266.   return this;

  267. };

  268. 

  269. Server.prototype.address = function() {

  270.   return this._srv.address();

  271. };

  272. 

  273. Server.prototype.getConnections = function(cb) {

  274.   this._srv.getConnections(cb);

  275. };

  276. 

  277. Server.prototype.close = function(cb) {

  278.   this._srv.close(cb);

  279.   return this;

  280. };

  281. 

  282. Server.prototype.ref = function() {

  283.   this._srv.ref();

  284. };

  285. 

  286. Server.prototype.unref = function() {

  287.   this._srv.unref();

  288. };

  289. 

  290. 

  291. function Client(stream, socket) {

  292.   EventEmitter.call(this);

  293. 

  294.   var self = this;

  295. 

  296.   this._sshstream = stream;

  297.   var channels = this._channels = {};

  298.   this._curChan = -1;

  299.   this._sock = socket;

  300.   this.noMoreSessions = false;

  301.   this.authenticated = false;

  302. 

  303.   stream.on('end', function() {

  304.     socket.resume();

  305.     self.emit('end');

  306.   }).on('close', function(hasErr) {

  307.     self.emit('close', hasErr);

  308.   }).on('error', function(err) {

  309.     self.emit('error', err);

  310.   }).on('drain', function() {

  311.     self.emit('drain');

  312.   }).on('continue', function() {

  313.     self.emit('continue');

  314.   });

  315. 

  316.   var exchanges = 0;

  317.   var acceptedAuthSvc = false;

  318.   var pendingAuths = [];

  319.   var authCtx;

  320. 

  321.   // begin service/auth-related ================================================

  322.   stream.on('SERVICE_REQUEST', function(service) {

  323.     if (exchanges === 0

  324.         || acceptedAuthSvc

  325.         || self.authenticated

  326.         || service !== 'ssh-userauth')

  327.       return stream.disconnect(DISCONNECT_REASON.SERVICE_NOT_AVAILABLE);

  328. 

  329.     acceptedAuthSvc = true;

  330.     stream.serviceAccept(service);

  331.   }).on('USERAUTH_REQUEST', onUSERAUTH_REQUEST);

  332.   function onUSERAUTH_REQUEST(username, service, method, methodData) {

  333.     if (exchanges === 0

  334.         || (authCtx

  335.             && (authCtx.username !== username || authCtx.service !== service))

  336.           // TODO: support hostbased auth

  337.         || (method !== 'password'

  338.             && method !== 'publickey'

  339.             && method !== 'hostbased'

  340.             && method !== 'keyboard-interactive'

  341.             && method !== 'none')

  342.         || pendingAuths.length === MAX_PENDING_AUTHS)

  343.       return stream.disconnect(DISCONNECT_REASON.PROTOCOL_ERROR);

  344.     else if (service !== 'ssh-connection')

  345.       return stream.disconnect(DISCONNECT_REASON.SERVICE_NOT_AVAILABLE);

  346. 

  347.     // XXX: this really shouldn't be reaching into private state ...

  348.     stream._state.authMethod = method;

  349. 

  350.     var ctx;

  351.     if (method === 'keyboard-interactive') {

  352.       ctx = new KeyboardAuthContext(stream, username, service, method,

  353.                                     methodData, onAuthDecide);

  354.     } else if (method === 'publickey') {

  355.       ctx = new PKAuthContext(stream, username, service, method, methodData,

  356.                               onAuthDecide);

  357.     } else if (method === 'hostbased') {

  358.       ctx = new HostbasedAuthContext(stream, username, service, method,

  359.                                      methodData, onAuthDecide);

  360.     } else if (method === 'password') {

  361.       ctx = new PwdAuthContext(stream, username, service, method, methodData,

  362.                                onAuthDecide);

  363.     } else if (method === 'none')

  364.       ctx = new AuthContext(stream, username, service, method, onAuthDecide);

  365. 

  366.     if (authCtx) {

  367.       if (!authCtx._initialResponse)

  368.         return pendingAuths.push(ctx);

  369.       else if (authCtx._multistep && !this._finalResponse) {

  370.         // RFC 4252 says to silently abort the current auth request if a new

  371.         // auth request comes in before the final response from an auth method

  372.         // that requires additional request/response exchanges -- this means

  373.         // keyboard-interactive for now ...

  374.         authCtx._cleanup && authCtx._cleanup();

  375.         authCtx.emit('abort');

  376.       }

  377.     }

  378. 

  379.     authCtx = ctx;

  380. 

  381.     if (listenerCount(self, 'authentication'))

  382.       self.emit('authentication', authCtx);

  383.     else

  384.       authCtx.reject();

  385.   }

  386.   function onAuthDecide(ctx, allowed, methodsLeft, isPartial) {

  387.     if (authCtx === ctx && !self.authenticated) {

  388.       if (allowed) {

  389.         stream.removeListener('USERAUTH_REQUEST', onUSERAUTH_REQUEST);

  390.         authCtx = undefined;

  391.         self.authenticated = true;

  392.         stream.authSuccess();

  393.         pendingAuths = [];

  394.         self.emit('ready');

  395.       } else {

  396.         stream.authFailure(methodsLeft, isPartial);

  397.         if (pendingAuths.length) {

  398.           authCtx = pendingAuths.pop();

  399.           if (listenerCount(self, 'authentication'))

  400.             self.emit('authentication', authCtx);

  401.           else

  402.             authCtx.reject();

  403.         }

  404.       }

  405.     }

  406.   }

  407.   // end service/auth-related ==================================================

  408. 

  409.   var unsentGlobalRequestsReplies = [];

  410. 

  411.   function sendReplies() {

  412.     var reply;

  413.     while (unsentGlobalRequestsReplies.length > 0

  414.            && unsentGlobalRequestsReplies[0].type) {

  415.       reply = unsentGlobalRequestsReplies.shift();

  416.       if (reply.type === 'SUCCESS')

  417.         stream.requestSuccess(reply.buf);

  418.       if (reply.type === 'FAILURE')

  419.         stream.requestFailure();

  420.     }

  421.   }

  422. 

  423.   stream.on('GLOBAL_REQUEST', function(name, wantReply, data) {

  424.     var reply = {

  425.       type: null,

  426.       buf: null

  427.     };

  428. 

  429.     function setReply(type, buf) {

  430.       reply.type = type;

  431.       reply.buf = buf;

  432.       sendReplies();

  433.     }

  434. 

  435.     if (wantReply)

  436.       unsentGlobalRequestsReplies.push(reply);

  437. 

  438.     if ((name === 'tcpip-forward'

  439.          || name === 'cancel-tcpip-forward'

  440.          || name === 'no-more-sessions@openssh.com'

  441.          || name === 'streamlocal-forward@openssh.com'

  442.          || name === 'cancel-streamlocal-forward@openssh.com')

  443.         && listenerCount(self, 'request')

  444.         && self.authenticated) {

  445.       var accept;

  446.       var reject;

  447. 

  448.       if (wantReply) {

  449.         var replied = false;

  450.         accept = function(chosenPort) {

  451.           if (replied)

  452.             return;

  453.           replied = true;

  454.           var bufPort;

  455.           if (name === 'tcpip-forward'

  456.               && data.bindPort === 0

  457.               && typeof chosenPort === 'number') {

  458.             bufPort = Buffer.allocUnsafe(4);

  459.             writeUInt32BE(bufPort, chosenPort, 0);

  460.           }

  461.           setReply('SUCCESS', bufPort);

  462.         };

  463.         reject = function() {

  464.           if (replied)

  465.             return;

  466.           replied = true;

  467.           setReply('FAILURE');

  468.         };

  469.       }

  470. 

  471.       if (name === 'no-more-sessions@openssh.com') {

  472.         self.noMoreSessions = true;

  473.         accept && accept();

  474.         return;

  475.       }

  476. 

  477.       self.emit('request', accept, reject, name, data);

  478.     } else if (wantReply)

  479.       setReply('FAILURE');

  480.   });

  481. 

  482.   stream.on('CHANNEL_OPEN', function(info) {

  483.     // do early reject in some cases to prevent wasteful channel allocation

  484.     if ((info.type === 'session' && self.noMoreSessions)

  485.         || !self.authenticated) {

  486.       var reasonCode = CHANNEL_OPEN_FAILURE.ADMINISTRATIVELY_PROHIBITED;

  487.       return stream.channelOpenFail(info.sender, reasonCode);

  488.     }

  489. 

  490.     var localChan = nextChannel(self);

  491.     var accept;

  492.     var reject;

  493.     var replied = false;

  494.     if (localChan === false) {

  495.       // auto-reject due to no channels available

  496.       return stream.channelOpenFail(info.sender,

  497.                                     CHANNEL_OPEN_FAILURE.RESOURCE_SHORTAGE);

  498.     }

  499. 

  500.     // be optimistic, reserve channel to prevent another request from trying to

  501.     // take the same channel

  502.     channels[localChan] = true;

  503. 

  504.     reject = function() {

  505.       if (replied)

  506.         return;

  507. 

  508.       replied = true;

  509. 

  510.       delete channels[localChan];

  511. 

  512.       var reasonCode = CHANNEL_OPEN_FAILURE.ADMINISTRATIVELY_PROHIBITED;

  513.       return stream.channelOpenFail(info.sender, reasonCode);

  514.     };

  515. 

  516.     switch (info.type) {

  517.       case 'session':

  518.         if (listenerCount(self, 'session')) {

  519.           accept = function() {

  520.             if (replied)

  521.               return;

  522. 

  523.             replied = true;

  524. 

  525.             stream.channelOpenConfirm(info.sender,

  526.                                       localChan,

  527.                                       Channel.MAX_WINDOW,

  528.                                       Channel.PACKET_SIZE);

  529. 

  530.             return new Session(self, info, localChan);

  531.           };

  532. 

  533.           self.emit('session', accept, reject);

  534.         } else

  535.           reject();

  536.       break;

  537.       case 'direct-tcpip':

  538.         if (listenerCount(self, 'tcpip')) {

  539.           accept = function() {

  540.             if (replied)

  541.               return;

  542. 

  543.             replied = true;

  544. 

  545.             stream.channelOpenConfirm(info.sender,

  546.                                       localChan,

  547.                                       Channel.MAX_WINDOW,

  548.                                       Channel.PACKET_SIZE);

  549. 

  550.             var chaninfo = {

  551.               type: undefined,

  552.               incoming: {

  553.                 id: localChan,

  554.                 window: Channel.MAX_WINDOW,

  555.                 packetSize: Channel.PACKET_SIZE,

  556.                 state: 'open'

  557.               },

  558.               outgoing: {

  559.                 id: info.sender,

  560.                 window: info.window,

  561.                 packetSize: info.packetSize,

  562.                 state: 'open'

  563.               }

  564.             };

  565. 

  566.             return new Channel(chaninfo, self);

  567.           };

  568. 

  569.           self.emit('tcpip', accept, reject, info.data);

  570.         } else

  571.           reject();

  572.       break;

  573.       case 'direct-streamlocal@openssh.com':

  574.         if (listenerCount(self, 'openssh.streamlocal')) {

  575.           accept = function() {

  576.             if (replied)

  577.               return;

  578. 

  579.             replied = true;

  580. 

  581.             stream.channelOpenConfirm(info.sender,

  582.                                       localChan,

  583.                                       Channel.MAX_WINDOW,

  584.                                       Channel.PACKET_SIZE);

  585. 

  586.             var chaninfo = {

  587.               type: undefined,

  588.               incoming: {

  589.                 id: localChan,

  590.                 window: Channel.MAX_WINDOW,

  591.                 packetSize: Channel.PACKET_SIZE,

  592.                 state: 'open'

  593.               },

  594.               outgoing: {

  595.                 id: info.sender,

  596.                 window: info.window,

  597.                 packetSize: info.packetSize,

  598.                 state: 'open'

  599.               }

  600.             };

  601. 

  602.             return new Channel(chaninfo, self);

  603.           };

  604. 

  605.           self.emit('openssh.streamlocal', accept, reject, info.data);

  606.         } else

  607.           reject();

  608.       break;

  609.       default:

  610.         // auto-reject unsupported channel types

  611.         reject();

  612.     }

  613.   });

  614. 

  615.   stream.on('NEWKEYS', function() {

  616.     if (++exchanges > 1)

  617.       self.emit('rekey');

  618.   });

  619. 

  620.   if (kaMgr) {

  621.     this.once('ready', function() {

  622.       kaMgr.add(stream);

  623.     });

  624.   }

  625. }

  626. inherits(Client, EventEmitter);

  627. 

  628. Client.prototype.end = function() {

  629.   return this._sshstream.disconnect(DISCONNECT_REASON.BY_APPLICATION);

  630. };

  631. 

  632. Client.prototype.x11 = function(originAddr, originPort, cb) {

  633.   var opts = {

  634.     originAddr: originAddr,

  635.     originPort: originPort

  636.   };

  637.   return openChannel(this, 'x11', opts, cb);

  638. };

  639. 

  640. Client.prototype.forwardOut = function(boundAddr, boundPort, remoteAddr,

  641.                                        remotePort, cb) {

  642.   var opts = {

  643.     boundAddr: boundAddr,

  644.     boundPort: boundPort,

  645.     remoteAddr: remoteAddr,

  646.     remotePort: remotePort

  647.   };

  648.   return openChannel(this, 'forwarded-tcpip', opts, cb);

  649. };

  650. 

  651. Client.prototype.openssh_forwardOutStreamLocal = function(socketPath, cb) {

  652.   var opts = {

  653.     socketPath: socketPath

  654.   };

  655.   return openChannel(this, 'forwarded-streamlocal@openssh.com', opts, cb);

  656. };

  657. 

  658. Client.prototype.rekey = function(cb) {

  659.   var stream = this._sshstream;

  660.   var ret = true;

  661.   var error;

  662. 

  663.   try {

  664.     ret = stream.rekey();

  665.   } catch (ex) {

  666.     error = ex;

  667.   }

  668. 

  669.   // TODO: re-throw error if no callback?

  670. 

  671.   if (typeof cb === 'function') {

  672.     if (error) {

  673.       process.nextTick(function() {

  674.         cb(error);

  675.       });

  676.     } else

  677.       this.once('rekey', cb);

  678.   }

  679. 

  680.   return ret;

  681. };

  682. 

  683. function Session(client, info, localChan) {

  684.   this.subtype = undefined;

  685. 

  686.   var ending = false;

  687.   var self = this;

  688.   var outgoingId = info.sender;

  689.   var channel;

  690. 

  691.   var chaninfo = {

  692.     type: 'session',

  693.     incoming: {

  694.       id: localChan,

  695.       window: Channel.MAX_WINDOW,

  696.       packetSize: Channel.PACKET_SIZE,

  697.       state: 'open'

  698.     },

  699.     outgoing: {

  700.       id: info.sender,

  701.       window: info.window,

  702.       packetSize: info.packetSize,

  703.       state: 'open'

  704.     }

  705.   };

  706. 

  707.   function onREQUEST(info) {

  708.     var replied = false;

  709.     var accept;

  710.     var reject;

  711. 

  712.     if (info.wantReply) {

  713.       // "real session" requests will have custom accept behaviors

  714.       if (info.request !== 'shell'

  715.           && info.request !== 'exec'

  716.           && info.request !== 'subsystem') {

  717.         accept = function() {

  718.           if (replied || ending || channel)

  719.             return;

  720. 

  721.           replied = true;

  722. 

  723.           return client._sshstream.channelSuccess(outgoingId);

  724.         };

  725.       }

  726. 

  727.       reject = function() {

  728.         if (replied || ending || channel)

  729.           return;

  730. 

  731.         replied = true;

  732. 

  733.         return client._sshstream.channelFailure(outgoingId);

  734.       };

  735.     }

  736. 

  737.     if (ending) {

  738.       reject && reject();

  739.       return;

  740.     }

  741. 

  742.     switch (info.request) {

  743.       // "pre-real session start" requests

  744.       case 'env':

  745.         if (listenerCount(self, 'env')) {

  746.           self.emit('env', accept, reject, {

  747.             key: info.key,

  748.             val: info.val

  749.           });

  750.         } else

  751.           reject && reject();

  752.       break;

  753.       case 'pty-req':

  754.         if (listenerCount(self, 'pty')) {

  755.           self.emit('pty', accept, reject, {

  756.             cols: info.cols,

  757.             rows: info.rows,

  758.             width: info.width,

  759.             height: info.height,

  760.             term: info.term,

  761.             modes: info.modes,

  762.           });

  763.         } else

  764.           reject && reject();

  765.       break;

  766.       case 'window-change':

  767.         if (listenerCount(self, 'window-change')) {

  768.           self.emit('window-change', accept, reject, {

  769.             cols: info.cols,

  770.             rows: info.rows,

  771.             width: info.width,

  772.             height: info.height

  773.           });

  774.         } else

  775.           reject && reject();

  776.       break;

  777.       case 'x11-req':

  778.         if (listenerCount(self, 'x11')) {

  779.           self.emit('x11', accept, reject, {

  780.             single: info.single,

  781.             protocol: info.protocol,

  782.             cookie: info.cookie,

  783.             screen: info.screen

  784.           });

  785.         } else

  786.           reject && reject();

  787.       break;

  788.       // "post-real session start" requests

  789.       case 'signal':

  790.         if (listenerCount(self, 'signal')) {

  791.           self.emit('signal', accept, reject, {

  792.             name: info.signal

  793.           });

  794.         } else

  795.           reject && reject();

  796.       break;

  797.       // XXX: is `auth-agent-req@openssh.com` really "post-real session start"?

  798.       case 'auth-agent-req@openssh.com':

  799.         if (listenerCount(self, 'auth-agent'))

  800.           self.emit('auth-agent', accept, reject);

  801.         else

  802.           reject && reject();

  803.       break;

  804.       // "real session start" requests

  805.       case 'shell':

  806.         if (listenerCount(self, 'shell')) {

  807.           accept = function() {

  808.             if (replied || ending || channel)

  809.               return;

  810. 

  811.             replied = true;

  812. 

  813.             if (info.wantReply)

  814.               client._sshstream.channelSuccess(outgoingId);

  815. 

  816.             channel = new Channel(chaninfo, client, { server: true });

  817. 

  818.             channel.subtype = self.subtype = info.request;

  819. 

  820.             return channel;

  821.           };

  822. 

  823.           self.emit('shell', accept, reject);

  824.         } else

  825.           reject && reject();

  826.       break;

  827.       case 'exec':

  828.         if (listenerCount(self, 'exec')) {

  829.           accept = function() {

  830.             if (replied || ending || channel)

  831.               return;

  832. 

  833.             replied = true;

  834. 

  835.             if (info.wantReply)

  836.               client._sshstream.channelSuccess(outgoingId);

  837. 

  838.             channel = new Channel(chaninfo, client, { server: true });

  839. 

  840.             channel.subtype = self.subtype = info.request;

  841. 

  842.             return channel;

  843.           };

  844. 

  845.           self.emit('exec', accept, reject, {

  846.             command: info.command

  847.           });

  848.         } else

  849.           reject && reject();

  850.       break;

  851.       case 'subsystem':

  852.         accept = function() {

  853.           if (replied || ending || channel)

  854.             return;

  855. 

  856.           replied = true;

  857. 

  858.           if (info.wantReply)

  859.             client._sshstream.channelSuccess(outgoingId);

  860. 

  861.           channel = new Channel(chaninfo, client, { server: true });

  862. 

  863.           channel.subtype = self.subtype = (info.request + ':' + info.subsystem);

  864. 

  865.           if (info.subsystem === 'sftp') {

  866.             var sftp = new SFTPStream({

  867.               server: true,

  868.               debug: client._sshstream.debug

  869.             });

  870.             channel.pipe(sftp).pipe(channel);

  871. 

  872.             return sftp;

  873.           } else

  874.             return channel;

  875.         };

  876. 

  877.         if (info.subsystem === 'sftp' && listenerCount(self, 'sftp'))

  878.           self.emit('sftp', accept, reject);

  879.         else if (info.subsystem !== 'sftp' && listenerCount(self, 'subsystem')) {

  880.           self.emit('subsystem', accept, reject, {

  881.             name: info.subsystem

  882.           });

  883.         } else

  884.           reject && reject();

  885.       break;

  886.       default:

  887.         reject && reject();

  888.     }

  889.   }

  890.   function onEOF() {

  891.     ending = true;

  892.     self.emit('eof');

  893.     self.emit('end');

  894.   }

  895.   function onCLOSE() {

  896.     ending = true;

  897.     self.emit('close');

  898.   }

  899.   client._sshstream

  900.         .on('CHANNEL_REQUEST:' + localChan, onREQUEST)

  901.         .once('CHANNEL_EOF:' + localChan, onEOF)

  902.         .once('CHANNEL_CLOSE:' + localChan, onCLOSE);

  903. }

  904. inherits(Session, EventEmitter);

  905. 

  906. 

  907. function AuthContext(stream, username, service, method, cb) {

  908.   EventEmitter.call(this);

  909. 

  910.   var self = this;

  911. 

  912.   this.username = this.user = username;

  913.   this.service = service;

  914.   this.method = method;

  915.   this._initialResponse = false;

  916.   this._finalResponse = false;

  917.   this._multistep = false;

  918.   this._cbfinal = function(allowed, methodsLeft, isPartial) {

  919.     if (!self._finalResponse) {

  920.       self._finalResponse = true;

  921.       cb(self, allowed, methodsLeft, isPartial);

  922.     }

  923.   };

  924.   this._stream = stream;

  925. }

  926. inherits(AuthContext, EventEmitter);

  927. AuthContext.prototype.accept = function() {

  928.   this._cleanup && this._cleanup();

  929.   this._initialResponse = true;

  930.   this._cbfinal(true);

  931. };

  932. AuthContext.prototype.reject = function(methodsLeft, isPartial) {

  933.   this._cleanup && this._cleanup();

  934.   this._initialResponse = true;

  935.   this._cbfinal(false, methodsLeft, isPartial);

  936. };

  937. 

  938. var RE_KBINT_SUBMETHODS = /[ \t\r\n]*,[ \t\r\n]*/g;

  939. function KeyboardAuthContext(stream, username, service, method, submethods, cb) {

  940.   AuthContext.call(this, stream, username, service, method, cb);

  941.   this._multistep = true;

  942. 

  943.   var self = this;

  944. 

  945.   this._cb = undefined;

  946.   this._onInfoResponse = function(responses) {

  947.     if (self._cb) {

  948.       var callback = self._cb;

  949.       self._cb = undefined;

  950.       callback(responses);

  951.     }

  952.   };

  953.   this.submethods = submethods.split(RE_KBINT_SUBMETHODS);

  954.   this.on('abort', function() {

  955.     self._cb && self._cb(new Error('Authentication request aborted'));

  956.   });

  957. }

  958. inherits(KeyboardAuthContext, AuthContext);

  959. KeyboardAuthContext.prototype._cleanup = function() {

  960.   this._stream.removeListener('USERAUTH_INFO_RESPONSE', this._onInfoResponse);

  961. };

  962. KeyboardAuthContext.prototype.prompt = function(prompts, title, instructions,

  963.                                                 cb) {

  964.   if (!Array.isArray(prompts))

  965.     prompts = [ prompts ];

  966. 

  967.   if (typeof title === 'function') {

  968.     cb = title;

  969.     title = instructions = undefined;

  970.   } else if (typeof instructions === 'function') {

  971.     cb = instructions;

  972.     instructions = undefined;

  973.   }

  974. 

  975.   for (var i = 0; i < prompts.length; ++i) {

  976.     if (typeof prompts[i] === 'string') {

  977.       prompts[i] = {

  978.         prompt: prompts[i],

  979.         echo: true

  980.       };

  981.     }

  982.   }

  983. 

  984.   this._cb = cb;

  985.   this._initialResponse = true;

  986.   this._stream.once('USERAUTH_INFO_RESPONSE', this._onInfoResponse);

  987. 

  988.   return this._stream.authInfoReq(title, instructions, prompts);

  989. };

  990. 

  991. function PKAuthContext(stream, username, service, method, pkInfo, cb) {

  992.   AuthContext.call(this, stream, username, service, method, cb);

  993. 

  994.   this.key = { algo: pkInfo.keyAlgo, data: pkInfo.key };

  995.   this.signature = pkInfo.signature;

  996.   var sigAlgo;

  997.   if (this.signature) {

  998.     // TODO: move key type checking logic to ssh2-streams

  999.     switch (pkInfo.keyAlgo) {

  1000.       case 'ssh-rsa':

  1001.       case 'ssh-dss':

  1002.         sigAlgo = 'sha1';

  1003.         break;

  1004.       case 'ssh-ed25519':

  1005.         sigAlgo = null;

  1006.         break;

  1007.       case 'ecdsa-sha2-nistp256':

  1008.         sigAlgo = 'sha256';

  1009.         break;

  1010.       case 'ecdsa-sha2-nistp384':

  1011.         sigAlgo = 'sha384';

  1012.         break;

  1013.       case 'ecdsa-sha2-nistp521':

  1014.         sigAlgo = 'sha512';

  1015.         break;

  1016.     }

  1017.   }

  1018.   this.sigAlgo = sigAlgo;

  1019.   this.blob = pkInfo.blob;

  1020. }

  1021. inherits(PKAuthContext, AuthContext);

  1022. PKAuthContext.prototype.accept = function() {

  1023.   if (!this.signature) {

  1024.     this._initialResponse = true;

  1025.     this._stream.authPKOK(this.key.algo, this.key.data);

  1026.   } else {

  1027.     AuthContext.prototype.accept.call(this);

  1028.   }

  1029. };

  1030. 

  1031. function HostbasedAuthContext(stream, username, service, method, pkInfo, cb) {

  1032.   AuthContext.call(this, stream, username, service, method, cb);

  1033. 

  1034.   this.key = { algo: pkInfo.keyAlgo, data: pkInfo.key };

  1035.   this.signature = pkInfo.signature;

  1036.   var sigAlgo;

  1037.   if (this.signature) {

  1038.     // TODO: move key type checking logic to ssh2-streams

  1039.     switch (pkInfo.keyAlgo) {

  1040.       case 'ssh-rsa':

  1041.       case 'ssh-dss':

  1042.         sigAlgo = 'sha1';

  1043.         break;

  1044.       case 'ssh-ed25519':

  1045.         sigAlgo = null;

  1046.         break;

  1047.       case 'ecdsa-sha2-nistp256':

  1048.         sigAlgo = 'sha256';

  1049.         break;

  1050.       case 'ecdsa-sha2-nistp384':

  1051.         sigAlgo = 'sha384';

  1052.         break;

  1053.       case 'ecdsa-sha2-nistp521':

  1054.         sigAlgo = 'sha512';

  1055.         break;

  1056.     }

  1057.   }

  1058.   this.sigAlgo = sigAlgo;

  1059.   this.blob = pkInfo.blob;

  1060.   this.localHostname = pkInfo.localHostname;

  1061.   this.localUsername = pkInfo.localUsername;

  1062. }

  1063. inherits(HostbasedAuthContext, AuthContext);

  1064. 

  1065. function PwdAuthContext(stream, username, service, method, password, cb) {

  1066.   AuthContext.call(this, stream, username, service, method, cb);

  1067. 

  1068.   this.password = password;

  1069. }

  1070. inherits(PwdAuthContext, AuthContext);

  1071. 

  1072. 

  1073. function openChannel(self, type, opts, cb) {

  1074.   // ask the client to open a channel for some purpose

  1075.   // (e.g. a forwarded TCP connection)

  1076.   var localChan = nextChannel(self);

  1077.   var initWindow = Channel.MAX_WINDOW;

  1078.   var maxPacket = Channel.PACKET_SIZE;

  1079.   var ret = true;

  1080. 

  1081.   if (localChan === false)

  1082.     return cb(new Error('No free channels available'));

  1083. 

  1084.   if (typeof opts === 'function') {

  1085.     cb = opts;

  1086.     opts = {};

  1087.   }

  1088. 

  1089.   self._channels[localChan] = true;

  1090. 

  1091.   var sshstream = self._sshstream;

  1092.   sshstream.once('CHANNEL_OPEN_CONFIRMATION:' + localChan, function(info) {

  1093.     sshstream.removeAllListeners('CHANNEL_OPEN_FAILURE:' + localChan);

  1094. 

  1095.     var chaninfo = {

  1096.       type: type,

  1097.       incoming: {

  1098.         id: localChan,

  1099.         window: initWindow,

  1100.         packetSize: maxPacket,

  1101.         state: 'open'

  1102.       },

  1103.       outgoing: {

  1104.         id: info.sender,

  1105.         window: info.window,

  1106.         packetSize: info.packetSize,

  1107.         state: 'open'

  1108.       }

  1109.     };

  1110.     cb(undefined, new Channel(chaninfo, self, { server: true }));

  1111.   }).once('CHANNEL_OPEN_FAILURE:' + localChan, function(info) {

  1112.     sshstream.removeAllListeners('CHANNEL_OPEN_CONFIRMATION:' + localChan);

  1113. 

  1114.     delete self._channels[localChan];

  1115. 

  1116.     var err = new Error('(SSH) Channel open failure: ' + info.description);

  1117.     err.reason = info.reason;

  1118.     err.lang = info.lang;

  1119.     cb(err);

  1120.   });

  1121. 

  1122.   if (type === 'forwarded-tcpip')

  1123.     ret = sshstream.forwardedTcpip(localChan, initWindow, maxPacket, opts);

  1124.   else if (type === 'x11')

  1125.     ret = sshstream.x11(localChan, initWindow, maxPacket, opts);

  1126.   else if (type === 'forwarded-streamlocal@openssh.com') {

  1127.     ret = sshstream.openssh_forwardedStreamLocal(localChan,

  1128.                                                  initWindow,

  1129.                                                  maxPacket,

  1130.                                                  opts);

  1131.   }

  1132. 

  1133.   return ret;

  1134. }

  1135. 

  1136. function nextChannel(self) {

  1137.   // get the next available channel number

  1138. 

  1139.   // fast path

  1140.   if (self._curChan < MAX_CHANNEL)

  1141.     return ++self._curChan;

  1142. 

  1143.   // slower lookup path

  1144.   for (var i = 0, channels = self._channels; i < MAX_CHANNEL; ++i)

  1145.     if (!channels[i])

  1146.       return i;

  1147. 

  1148.   return false;

  1149. }

  1150. 

  1151. 

  1152. Server.createServer = function(cfg, listener) {

  1153.   return new Server(cfg, listener);

  1154. };

  1155. Server.KEEPALIVE_INTERVAL = 1000;

  1156. Server.KEEPALIVE_CLIENT_INTERVAL = 15000;

  1157. Server.KEEPALIVE_CLIENT_COUNT_MAX = 3;

  1158. 

  1159. module.exports = Server;

  1160. module.exports.IncomingClient = Client;