Mercurial > 510Connectbot
comparison app/src/main/java/com/five_ten_sg/connectbot/transport/SSH.java @ 438:d29cce60f393
migrate from Eclipse to Android Studio
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Thu, 03 Dec 2015 11:23:55 -0800 |
parents | src/com/five_ten_sg/connectbot/transport/SSH.java@5351641c8a46 |
children | 73fa7329dc87 |
comparison
equal
deleted
inserted
replaced
437:208b31032318 | 438:d29cce60f393 |
---|---|
1 /* | |
2 * ConnectBot: simple, powerful, open-source SSH client for Android | |
3 * Copyright 2007 Kenny Root, Jeffrey Sharkey | |
4 * | |
5 * Licensed under the Apache License, Version 2.0 (the "License"); | |
6 * you may not use this file except in compliance with the License. | |
7 * You may obtain a copy of the License at | |
8 * | |
9 * http://www.apache.org/licenses/LICENSE-2.0 | |
10 * | |
11 * Unless required by applicable law or agreed to in writing, software | |
12 * distributed under the License is distributed on an "AS IS" BASIS, | |
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
14 * See the License for the specific language governing permissions and | |
15 * limitations under the License. | |
16 */ | |
17 | |
18 package com.five_ten_sg.connectbot.transport; | |
19 | |
20 import java.io.File; | |
21 import java.io.IOException; | |
22 import java.io.InputStream; | |
23 import java.io.OutputStream; | |
24 import java.net.InetAddress; | |
25 import java.net.InetSocketAddress; | |
26 import java.net.URL; | |
27 import java.net.MalformedURLException; | |
28 import java.security.KeyPair; | |
29 import java.security.NoSuchAlgorithmException; | |
30 import java.security.PrivateKey; | |
31 import java.security.PublicKey; | |
32 import java.security.interfaces.DSAPrivateKey; | |
33 import java.security.interfaces.DSAPublicKey; | |
34 import java.security.interfaces.ECPrivateKey; | |
35 import java.security.interfaces.ECPublicKey; | |
36 import java.security.interfaces.RSAPrivateKey; | |
37 import java.security.interfaces.RSAPublicKey; | |
38 import java.security.spec.InvalidKeySpecException; | |
39 import java.util.Arrays; | |
40 import java.util.HashMap; | |
41 import java.util.LinkedList; | |
42 import java.util.List; | |
43 import java.util.Locale; | |
44 import java.util.Map; | |
45 import java.util.Map.Entry; | |
46 import java.util.regex.Matcher; | |
47 import java.util.regex.Pattern; | |
48 | |
49 import com.five_ten_sg.connectbot.R; | |
50 import com.five_ten_sg.connectbot.bean.HostBean; | |
51 import com.five_ten_sg.connectbot.bean.PortForwardBean; | |
52 import com.five_ten_sg.connectbot.bean.PubkeyBean; | |
53 import com.five_ten_sg.connectbot.service.TerminalBridge; | |
54 import com.five_ten_sg.connectbot.service.TerminalManager; | |
55 import com.five_ten_sg.connectbot.service.TerminalManager.KeyHolder; | |
56 import com.five_ten_sg.connectbot.util.HostDatabase; | |
57 import com.five_ten_sg.connectbot.util.PubkeyDatabase; | |
58 import com.five_ten_sg.connectbot.util.PubkeyUtils; | |
59 import android.content.Context; | |
60 import android.net.Uri; | |
61 import android.os.Environment; | |
62 import android.util.Log; | |
63 | |
64 import ch.ethz.ssh2.AuthAgentCallback; | |
65 import ch.ethz.ssh2.ChannelCondition; | |
66 import ch.ethz.ssh2.Connection; | |
67 import ch.ethz.ssh2.ConnectionInfo; | |
68 import ch.ethz.ssh2.ConnectionMonitor; | |
69 import ch.ethz.ssh2.DynamicPortForwarder; | |
70 import ch.ethz.ssh2.InteractiveCallback; | |
71 import ch.ethz.ssh2.KnownHosts; | |
72 import ch.ethz.ssh2.LocalPortForwarder; | |
73 import ch.ethz.ssh2.SCPClient; | |
74 import ch.ethz.ssh2.ServerHostKeyVerifier; | |
75 import ch.ethz.ssh2.Session; | |
76 import ch.ethz.ssh2.HTTPProxyData; | |
77 import ch.ethz.ssh2.HTTPProxyException; | |
78 import ch.ethz.ssh2.crypto.PEMDecoder; | |
79 import ch.ethz.ssh2.signature.DSASHA1Verify; | |
80 import ch.ethz.ssh2.signature.ECDSASHA2Verify; | |
81 import ch.ethz.ssh2.signature.RSASHA1Verify; | |
82 | |
83 /** | |
84 * @author Kenny Root | |
85 * | |
86 */ | |
87 public class SSH extends AbsTransport implements ConnectionMonitor, InteractiveCallback, AuthAgentCallback { | |
88 private static final String PROTOCOL = "ssh"; | |
89 private static final String TAG = "ConnectBot.SSH"; | |
90 private static final int DEFAULT_PORT = 22; | |
91 | |
92 private static final String AUTH_PUBLICKEY = "publickey", | |
93 AUTH_PASSWORD = "password", | |
94 AUTH_KEYBOARDINTERACTIVE = "keyboard-interactive"; | |
95 | |
96 private final static int AUTH_TRIES = 20; | |
97 | |
98 static final Pattern hostmask; | |
99 static { | |
100 hostmask = Pattern.compile("^(.+)@([0-9a-z.-]+)(:(\\d+))?$", Pattern.CASE_INSENSITIVE); | |
101 } | |
102 | |
103 private boolean compression = false; | |
104 private String httpproxy = null; | |
105 private volatile boolean authenticated = false; | |
106 private volatile boolean connected = false; | |
107 private volatile boolean sessionOpen = false; | |
108 | |
109 private boolean pubkeysExhausted = false; | |
110 private boolean interactiveCanContinue = true; | |
111 | |
112 private Connection connection; | |
113 private Session session; | |
114 private ConnectionInfo connectionInfo; | |
115 | |
116 private OutputStream stdin; | |
117 private InputStream stdout; | |
118 private InputStream stderr; | |
119 | |
120 private static final int conditions = ChannelCondition.STDOUT_DATA | |
121 | ChannelCondition.STDERR_DATA | |
122 | ChannelCondition.CLOSED | |
123 | ChannelCondition.EOF; | |
124 | |
125 private List<PortForwardBean> portForwards = new LinkedList<PortForwardBean>(); | |
126 | |
127 private int columns; | |
128 private int rows; | |
129 | |
130 private int width; | |
131 private int height; | |
132 | |
133 private String useAuthAgent = HostDatabase.AUTHAGENT_NO; | |
134 private String agentLockPassphrase; | |
135 | |
136 public class HostKeyVerifier implements ServerHostKeyVerifier { | |
137 public boolean verifyServerHostKey(String hostname, int port, | |
138 String serverHostKeyAlgorithm, byte[] serverHostKey) throws IOException { | |
139 // read in all known hosts from hostdb | |
140 KnownHosts hosts = manager.hostdb.getKnownHosts(); | |
141 Boolean result; | |
142 String matchName = String.format(Locale.US, "%s:%d", hostname, port); | |
143 String fingerprint = KnownHosts.createHexFingerprint(serverHostKeyAlgorithm, serverHostKey); | |
144 String algorithmName; | |
145 | |
146 if ("ssh-rsa".equals(serverHostKeyAlgorithm)) | |
147 algorithmName = "RSA"; | |
148 else if ("ssh-dss".equals(serverHostKeyAlgorithm)) | |
149 algorithmName = "DSA"; | |
150 else if (serverHostKeyAlgorithm.startsWith("ecdsa-sha2-")) | |
151 algorithmName = "EC"; | |
152 else | |
153 algorithmName = serverHostKeyAlgorithm; | |
154 | |
155 switch (hosts.verifyHostkey(matchName, serverHostKeyAlgorithm, serverHostKey)) { | |
156 case KnownHosts.HOSTKEY_IS_OK: | |
157 bridge.outputLine(manager.res.getString(R.string.terminal_sucess, algorithmName, fingerprint)); | |
158 return true; | |
159 | |
160 case KnownHosts.HOSTKEY_IS_NEW: | |
161 // prompt user | |
162 bridge.outputLine(manager.res.getString(R.string.host_authenticity_warning, hostname)); | |
163 bridge.outputLine(manager.res.getString(R.string.host_fingerprint, algorithmName, fingerprint)); | |
164 result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_continue_connecting)); | |
165 | |
166 if (result == null) return false; | |
167 | |
168 if (result.booleanValue()) { | |
169 // save this key in known database | |
170 manager.hostdb.saveKnownHost(hostname, port, serverHostKeyAlgorithm, serverHostKey); | |
171 } | |
172 | |
173 return result.booleanValue(); | |
174 | |
175 case KnownHosts.HOSTKEY_HAS_CHANGED: | |
176 String header = String.format("@ %s @", | |
177 manager.res.getString(R.string.host_verification_failure_warning_header)); | |
178 char[] atsigns = new char[header.length()]; | |
179 Arrays.fill(atsigns, '@'); | |
180 String border = new String(atsigns); | |
181 bridge.outputLine(border); | |
182 bridge.outputLine(manager.res.getString(R.string.host_verification_failure_warning)); | |
183 bridge.outputLine(border); | |
184 bridge.outputLine(String.format(manager.res.getString(R.string.host_fingerprint), | |
185 algorithmName, fingerprint)); | |
186 // Users have no way to delete keys, so we'll prompt them for now. | |
187 result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_continue_connecting)); | |
188 | |
189 if (result == null) return false; | |
190 | |
191 if (result.booleanValue()) { | |
192 // save this key in known database | |
193 manager.hostdb.saveKnownHost(hostname, port, serverHostKeyAlgorithm, serverHostKey); | |
194 } | |
195 | |
196 return result.booleanValue(); | |
197 | |
198 default: | |
199 return false; | |
200 } | |
201 } | |
202 | |
203 } | |
204 | |
205 | |
206 public SSH() { | |
207 super(); | |
208 } | |
209 | |
210 | |
211 /** | |
212 * @return protocol part of the URI | |
213 */ | |
214 public static String getProtocolName() { | |
215 return PROTOCOL; | |
216 } | |
217 | |
218 | |
219 public Uri getUri(String input) { | |
220 Matcher matcher = hostmask.matcher(input); | |
221 | |
222 if (!matcher.matches()) | |
223 return null; | |
224 | |
225 StringBuilder sb = new StringBuilder(); | |
226 sb.append(PROTOCOL) | |
227 .append("://") | |
228 .append(Uri.encode(matcher.group(1))) | |
229 .append('@') | |
230 .append(matcher.group(2)); | |
231 String portString = matcher.group(4); | |
232 int port = DEFAULT_PORT; | |
233 | |
234 if (portString != null) { | |
235 try { | |
236 port = Integer.parseInt(portString); | |
237 | |
238 if (port < 1 || port > 65535) { | |
239 port = DEFAULT_PORT; | |
240 } | |
241 } | |
242 catch (NumberFormatException nfe) { | |
243 // Keep the default port | |
244 } | |
245 } | |
246 | |
247 if (port != DEFAULT_PORT) { | |
248 sb.append(':') | |
249 .append(port); | |
250 } | |
251 | |
252 sb.append("/#") | |
253 .append(Uri.encode(input)); | |
254 Uri uri = Uri.parse(sb.toString()); | |
255 return uri; | |
256 } | |
257 | |
258 | |
259 private void authenticate() { | |
260 try { | |
261 if (connection.authenticateWithNone(host.getUsername())) { | |
262 finishConnection(); | |
263 return; | |
264 } | |
265 } | |
266 catch (Exception e) { | |
267 Log.d(TAG, "Host does not support 'none' authentication."); | |
268 } | |
269 | |
270 bridge.outputLine(manager.res.getString(R.string.terminal_auth)); | |
271 | |
272 try { | |
273 long pubkeyId = host.getPubkeyId(); | |
274 | |
275 if (!pubkeysExhausted && | |
276 pubkeyId != HostDatabase.PUBKEYID_NEVER && | |
277 connection.isAuthMethodAvailable(host.getUsername(), AUTH_PUBLICKEY)) { | |
278 // if explicit pubkey defined for this host, then prompt for password as needed | |
279 // otherwise just try all in-memory keys held in terminalmanager | |
280 if (pubkeyId == HostDatabase.PUBKEYID_ANY) { | |
281 // try each of the in-memory keys | |
282 bridge.outputLine(manager.res | |
283 .getString(R.string.terminal_auth_pubkey_any)); | |
284 | |
285 for (Entry<String, KeyHolder> entry : manager.loadedKeypairs.entrySet()) { | |
286 if (entry.getValue().bean.isConfirmUse() | |
287 && !promptForPubkeyUse(entry.getKey())) | |
288 continue; | |
289 | |
290 if (this.tryPublicKey(host.getUsername(), entry.getKey(), | |
291 entry.getValue().pair)) { | |
292 finishConnection(); | |
293 break; | |
294 } | |
295 } | |
296 } | |
297 else { | |
298 bridge.outputLine(manager.res.getString(R.string.terminal_auth_pubkey_specific)); | |
299 // use a specific key for this host, as requested | |
300 PubkeyBean pubkey = manager.pubkeydb.findPubkeyById(pubkeyId); | |
301 | |
302 if (pubkey == null) | |
303 bridge.outputLine(manager.res.getString(R.string.terminal_auth_pubkey_invalid)); | |
304 else if (tryPublicKey(pubkey)) | |
305 finishConnection(); | |
306 } | |
307 | |
308 pubkeysExhausted = true; | |
309 } | |
310 else if (interactiveCanContinue && | |
311 connection.isAuthMethodAvailable(host.getUsername(), AUTH_KEYBOARDINTERACTIVE)) { | |
312 // this auth method will talk with us using InteractiveCallback interface | |
313 // it blocks until authentication finishes | |
314 bridge.outputLine(manager.res.getString(R.string.terminal_auth_ki)); | |
315 interactiveCanContinue = false; | |
316 | |
317 if (connection.authenticateWithKeyboardInteractive(host.getUsername(), this)) { | |
318 finishConnection(); | |
319 } | |
320 else { | |
321 bridge.outputLine(manager.res.getString(R.string.terminal_auth_ki_fail)); | |
322 } | |
323 } | |
324 else if (connection.isAuthMethodAvailable(host.getUsername(), AUTH_PASSWORD)) { | |
325 bridge.outputLine(manager.res.getString(R.string.terminal_auth_pass)); | |
326 String password = bridge.getPromptHelper().requestPasswordPrompt(null, | |
327 manager.res.getString(R.string.prompt_password)); | |
328 | |
329 if (password != null | |
330 && connection.authenticateWithPassword(host.getUsername(), password)) { | |
331 finishConnection(); | |
332 } | |
333 else { | |
334 bridge.outputLine(manager.res.getString(R.string.terminal_auth_pass_fail)); | |
335 } | |
336 } | |
337 else { | |
338 bridge.outputLine(manager.res.getString(R.string.terminal_auth_fail)); | |
339 } | |
340 } | |
341 catch (IllegalStateException e) { | |
342 Log.e(TAG, "Connection went away while we were trying to authenticate", e); | |
343 return; | |
344 } | |
345 catch (Exception e) { | |
346 Log.e(TAG, "Problem during handleAuthentication()", e); | |
347 } | |
348 } | |
349 | |
350 | |
351 /** | |
352 * Attempt connection with database row pointed to by cursor. | |
353 * @param cursor | |
354 * @return true for successful authentication | |
355 * @throws NoSuchAlgorithmException | |
356 * @throws InvalidKeySpecException | |
357 * @throws IOException | |
358 */ | |
359 private boolean tryPublicKey(PubkeyBean pubkey) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { | |
360 KeyPair pair = null; | |
361 | |
362 if (manager.isKeyLoaded(pubkey.getNickname())) { | |
363 // load this key from memory if its already there | |
364 Log.d(TAG, String.format("Found unlocked key '%s' already in-memory", pubkey.getNickname())); | |
365 | |
366 if (pubkey.isConfirmUse()) { | |
367 if (!promptForPubkeyUse(pubkey.getNickname())) | |
368 return false; | |
369 } | |
370 | |
371 pair = manager.getKey(pubkey.getNickname()); | |
372 } | |
373 else { | |
374 // otherwise load key from database and prompt for password as needed | |
375 String password = null; | |
376 | |
377 if (pubkey.isEncrypted()) { | |
378 password = bridge.getPromptHelper().requestPasswordPrompt(null, | |
379 manager.res.getString(R.string.prompt_pubkey_password, pubkey.getNickname())); | |
380 | |
381 // Something must have interrupted the prompt. | |
382 if (password == null) | |
383 return false; | |
384 } | |
385 | |
386 if (PubkeyDatabase.KEY_TYPE_IMPORTED.equals(pubkey.getType())) { | |
387 // load specific key using pem format | |
388 pair = PEMDecoder.decode(new String(pubkey.getPrivateKey()).toCharArray(), password); | |
389 } | |
390 else { | |
391 // load using internal generated format | |
392 PrivateKey privKey; | |
393 | |
394 try { | |
395 privKey = PubkeyUtils.decodePrivate(pubkey.getPrivateKey(), | |
396 pubkey.getType(), password); | |
397 } | |
398 catch (Exception e) { | |
399 String message = String.format("Bad password for key '%s'. Authentication failed.", pubkey.getNickname()); | |
400 Log.e(TAG, message, e); | |
401 bridge.outputLine(message); | |
402 return false; | |
403 } | |
404 | |
405 PublicKey pubKey = PubkeyUtils.decodePublic(pubkey.getPublicKey(), pubkey.getType()); | |
406 // convert key to trilead format | |
407 pair = new KeyPair(pubKey, privKey); | |
408 Log.d(TAG, "Unlocked key " + PubkeyUtils.formatKey(pubKey)); | |
409 } | |
410 | |
411 Log.d(TAG, String.format("Unlocked key '%s'", pubkey.getNickname())); | |
412 // save this key in memory | |
413 manager.addKey(pubkey, pair); | |
414 } | |
415 | |
416 return tryPublicKey(host.getUsername(), pubkey.getNickname(), pair); | |
417 } | |
418 | |
419 | |
420 private boolean tryPublicKey(String username, String keyNickname, KeyPair pair) throws IOException { | |
421 //bridge.outputLine(String.format("Attempting 'publickey' with key '%s' [%s]...", keyNickname, trileadKey.toString())); | |
422 boolean success = connection.authenticateWithPublicKey(username, pair); | |
423 | |
424 if (!success) | |
425 bridge.outputLine(manager.res.getString(R.string.terminal_auth_pubkey_fail, keyNickname)); | |
426 | |
427 return success; | |
428 } | |
429 | |
430 | |
431 /** | |
432 * Internal method to request actual PTY terminal once we've finished | |
433 * authentication. If called before authenticated, it will just fail. | |
434 */ | |
435 private void finishConnection() { | |
436 authenticated = true; | |
437 | |
438 for (PortForwardBean portForward : portForwards) { | |
439 try { | |
440 enablePortForward(portForward); | |
441 bridge.outputLine(manager.res.getString(R.string.terminal_enable_portfoward, portForward.getDescription())); | |
442 } | |
443 catch (Exception e) { | |
444 Log.e(TAG, "Error setting up port forward during connect", e); | |
445 } | |
446 } | |
447 | |
448 if (!host.getWantSession()) { | |
449 bridge.outputLine(manager.res.getString(R.string.terminal_no_session)); | |
450 bridge.onConnected(); | |
451 return; | |
452 } | |
453 | |
454 try { | |
455 session = connection.openSession(); | |
456 | |
457 if (!useAuthAgent.equals(HostDatabase.AUTHAGENT_NO)) | |
458 session.requestAuthAgentForwarding(this); | |
459 | |
460 if (host.getWantX11Forward()) { | |
461 try { | |
462 session.requestX11Forwarding(host.getX11Host(), host.getX11Port(), null, false); | |
463 } | |
464 catch (IOException e2) { | |
465 Log.e(TAG, "Problem while trying to setup X11 forwarding in finishConnection()", e2); | |
466 } | |
467 } | |
468 | |
469 session.requestPTY(getEmulation(), columns, rows, width, height, null); | |
470 session.startShell(); | |
471 stdin = session.getStdin(); | |
472 stdout = session.getStdout(); | |
473 stderr = session.getStderr(); | |
474 sessionOpen = true; | |
475 bridge.onConnected(); | |
476 } | |
477 catch (IOException e1) { | |
478 Log.e(TAG, "Problem while trying to create PTY in finishConnection()", e1); | |
479 } | |
480 } | |
481 | |
482 | |
483 @Override | |
484 public void connect() { | |
485 connection = new Connection(host.getHostname(), host.getPort()); | |
486 connection.addConnectionMonitor(this); | |
487 | |
488 try { | |
489 connection.setCompression(compression); | |
490 } | |
491 catch (IOException e) { | |
492 Log.e(TAG, "Could not enable compression!", e); | |
493 } | |
494 | |
495 if (httpproxy != null && httpproxy.length() > 0) { | |
496 Log.d(TAG, "Want HTTP Proxy: " + httpproxy, null); | |
497 | |
498 try { | |
499 URL u; | |
500 | |
501 if (httpproxy.startsWith("http://")) { | |
502 u = new URL(httpproxy); | |
503 } | |
504 else { | |
505 u = new URL("http://" + httpproxy); | |
506 } | |
507 | |
508 connection.setProxyData(new HTTPProxyData( | |
509 u.getHost(), | |
510 u.getPort(), | |
511 u.getUserInfo(), | |
512 u.getAuthority())); | |
513 bridge.outputLine("Connecting via proxy: " + httpproxy); | |
514 } | |
515 catch (MalformedURLException e) { | |
516 Log.e(TAG, "Could not parse proxy " + httpproxy, e); | |
517 // Display the reason in the text. | |
518 bridge.outputLine("Bad proxy URL: " + httpproxy); | |
519 onDisconnect(); | |
520 return; | |
521 } | |
522 } | |
523 | |
524 try { | |
525 /* Uncomment when debugging SSH protocol: | |
526 DebugLogger logger = new DebugLogger() { | |
527 | |
528 public void log(int level, String className, String message) { | |
529 Log.d("SSH", message); | |
530 } | |
531 | |
532 }; | |
533 Logger.enabled = true; | |
534 Logger.logger = logger; | |
535 */ | |
536 connectionInfo = connection.connect(new HostKeyVerifier()); | |
537 connected = true; | |
538 | |
539 if (connectionInfo.clientToServerCryptoAlgorithm | |
540 .equals(connectionInfo.serverToClientCryptoAlgorithm) | |
541 && connectionInfo.clientToServerMACAlgorithm | |
542 .equals(connectionInfo.serverToClientMACAlgorithm)) { | |
543 bridge.outputLine(manager.res.getString(R.string.terminal_using_algorithm, | |
544 connectionInfo.clientToServerCryptoAlgorithm, | |
545 connectionInfo.clientToServerMACAlgorithm)); | |
546 } | |
547 else { | |
548 bridge.outputLine(manager.res.getString( | |
549 R.string.terminal_using_c2s_algorithm, | |
550 connectionInfo.clientToServerCryptoAlgorithm, | |
551 connectionInfo.clientToServerMACAlgorithm)); | |
552 bridge.outputLine(manager.res.getString( | |
553 R.string.terminal_using_s2c_algorithm, | |
554 connectionInfo.serverToClientCryptoAlgorithm, | |
555 connectionInfo.serverToClientMACAlgorithm)); | |
556 } | |
557 } | |
558 catch (HTTPProxyException e) { | |
559 Log.e(TAG, "Failed to connect to HTTP Proxy", e); | |
560 // Display the reason in the text. | |
561 bridge.outputLine("Failed to connect to HTTP Proxy."); | |
562 onDisconnect(); | |
563 return; | |
564 } | |
565 catch (IOException e) { | |
566 Log.e(TAG, "Problem in SSH connection thread during authentication", e); | |
567 // Display the reason in the text. | |
568 Throwable t = e.getCause(); | |
569 String m = (t == null) ? e.getMessage() : t.getMessage(); | |
570 bridge.outputLine(m); | |
571 onDisconnect(); | |
572 return; | |
573 } | |
574 | |
575 try { | |
576 // enter a loop to keep trying until authentication | |
577 int tries = 0; | |
578 | |
579 while (connected && !connection.isAuthenticationComplete() && tries++ < AUTH_TRIES) { | |
580 authenticate(); | |
581 // sleep to make sure we dont kill system | |
582 Thread.sleep(1000); | |
583 } | |
584 } | |
585 catch (Exception e) { | |
586 Log.e(TAG, "Problem in SSH connection thread during authentication", e); | |
587 } | |
588 } | |
589 | |
590 | |
591 @Override | |
592 public boolean willBlock() { | |
593 if (stdout == null) return true; | |
594 | |
595 try { | |
596 return stdout.available() == 0; | |
597 } | |
598 catch (Exception e) { | |
599 return true; | |
600 } | |
601 } | |
602 | |
603 | |
604 @Override | |
605 public int read(byte[] buffer, int start, int len) throws IOException { | |
606 int bytesRead = 0; | |
607 | |
608 if (session == null) | |
609 return 0; | |
610 | |
611 int newConditions = session.waitForCondition(conditions, 0); | |
612 | |
613 if ((newConditions & ChannelCondition.STDOUT_DATA) != 0) { | |
614 bytesRead = stdout.read(buffer, start, len); | |
615 } | |
616 | |
617 if ((newConditions & ChannelCondition.STDERR_DATA) != 0) { | |
618 byte discard[] = new byte[256]; | |
619 | |
620 while (stderr.available() > 0) { | |
621 stderr.read(discard); | |
622 } | |
623 } | |
624 | |
625 if ((newConditions & ChannelCondition.EOF) != 0) { | |
626 onDisconnect(); | |
627 throw new IOException("Remote end closed connection"); | |
628 } | |
629 | |
630 return bytesRead; | |
631 } | |
632 | |
633 | |
634 @Override | |
635 public void write(byte[] buffer) throws IOException { | |
636 if (stdin != null) | |
637 stdin.write(buffer); | |
638 } | |
639 | |
640 | |
641 @Override | |
642 public void write(int c) throws IOException { | |
643 if (stdin != null) | |
644 stdin.write(c); | |
645 } | |
646 | |
647 | |
648 @Override | |
649 public void flush() throws IOException { | |
650 if (stdin != null) | |
651 stdin.flush(); | |
652 } | |
653 | |
654 | |
655 public void connectionLost(Throwable reason) { | |
656 onDisconnect(); | |
657 } | |
658 | |
659 | |
660 private void onDisconnect() { | |
661 close(); | |
662 bridge.dispatchDisconnect(false); | |
663 } | |
664 | |
665 | |
666 @Override | |
667 public void close() { | |
668 connected = false; | |
669 | |
670 if (session != null) { | |
671 session.close(); | |
672 session = null; | |
673 } | |
674 | |
675 if (connection != null) { | |
676 connection.close(); | |
677 connection = null; | |
678 } | |
679 } | |
680 | |
681 | |
682 @Override | |
683 public void setDimensions(int columns, int rows, int width, int height) { | |
684 this.columns = columns; | |
685 this.rows = rows; | |
686 | |
687 if (sessionOpen) { | |
688 try { | |
689 session.resizePTY(columns, rows, width, height); | |
690 } | |
691 catch (IOException e) { | |
692 Log.e(TAG, "Couldn't send resize PTY packet", e); | |
693 } | |
694 } | |
695 } | |
696 | |
697 | |
698 @Override | |
699 public void setOptions(Map<String, String> options) { | |
700 if (options.containsKey("compression")) | |
701 compression = Boolean.parseBoolean(options.get("compression")); | |
702 | |
703 if (options.containsKey("httpproxy")) | |
704 httpproxy = options.get("httpproxy"); | |
705 } | |
706 | |
707 | |
708 @Override | |
709 public Map<String, String> getOptions() { | |
710 Map<String, String> options = new HashMap<String, String>(); | |
711 options.put("compression", Boolean.toString(compression)); | |
712 | |
713 if (httpproxy != null) | |
714 options.put("httpproxy", httpproxy); | |
715 | |
716 return options; | |
717 } | |
718 | |
719 | |
720 @Override | |
721 public void setCompression(boolean compression) { | |
722 this.compression = compression; | |
723 } | |
724 | |
725 | |
726 @Override | |
727 public void setHttpproxy(String httpproxy) { | |
728 this.httpproxy = httpproxy; | |
729 } | |
730 | |
731 | |
732 @Override | |
733 public void setUseAuthAgent(String useAuthAgent) { | |
734 this.useAuthAgent = useAuthAgent; | |
735 } | |
736 | |
737 @Override | |
738 public boolean canForwardPorts() { | |
739 return true; | |
740 } | |
741 | |
742 @Override | |
743 public List<PortForwardBean> getPortForwards() { | |
744 return portForwards; | |
745 } | |
746 | |
747 @Override | |
748 public boolean addPortForward(PortForwardBean portForward) { | |
749 return portForwards.add(portForward); | |
750 } | |
751 | |
752 @Override | |
753 public boolean removePortForward(PortForwardBean portForward) { | |
754 // Make sure we don't have a phantom forwarder. | |
755 disablePortForward(portForward); | |
756 return portForwards.remove(portForward); | |
757 } | |
758 | |
759 @Override | |
760 public boolean enablePortForward(PortForwardBean portForward) { | |
761 if (!portForwards.contains(portForward)) { | |
762 Log.e(TAG, "Attempt to enable port forward not in list"); | |
763 return false; | |
764 } | |
765 | |
766 if (!authenticated) | |
767 return false; | |
768 | |
769 if (HostDatabase.PORTFORWARD_LOCAL.equals(portForward.getType())) { | |
770 LocalPortForwarder lpf = null; | |
771 | |
772 try { | |
773 lpf = connection.createLocalPortForwarder( | |
774 new InetSocketAddress(InetAddress.getLocalHost(), portForward.getSourcePort()), | |
775 portForward.getDestAddr(), portForward.getDestPort()); | |
776 } | |
777 catch (Exception e) { | |
778 Log.e(TAG, "Could not create local port forward", e); | |
779 return false; | |
780 } | |
781 | |
782 if (lpf == null) { | |
783 Log.e(TAG, "returned LocalPortForwarder object is null"); | |
784 return false; | |
785 } | |
786 | |
787 portForward.setIdentifier(lpf); | |
788 portForward.setEnabled(true); | |
789 return true; | |
790 } | |
791 else if (HostDatabase.PORTFORWARD_REMOTE.equals(portForward.getType())) { | |
792 try { | |
793 connection.requestRemotePortForwarding("", portForward.getSourcePort(), portForward.getDestAddr(), portForward.getDestPort()); | |
794 } | |
795 catch (Exception e) { | |
796 Log.e(TAG, "Could not create remote port forward", e); | |
797 return false; | |
798 } | |
799 | |
800 portForward.setEnabled(true); | |
801 return true; | |
802 } | |
803 else if (HostDatabase.PORTFORWARD_DYNAMIC5.equals(portForward.getType())) { | |
804 DynamicPortForwarder dpf = null; | |
805 | |
806 try { | |
807 dpf = connection.createDynamicPortForwarder( | |
808 new InetSocketAddress(InetAddress.getLocalHost(), portForward.getSourcePort())); | |
809 } | |
810 catch (Exception e) { | |
811 Log.e(TAG, "Could not create dynamic port forward", e); | |
812 return false; | |
813 } | |
814 | |
815 portForward.setIdentifier(dpf); | |
816 portForward.setEnabled(true); | |
817 return true; | |
818 } | |
819 else { | |
820 // Unsupported type | |
821 Log.e(TAG, String.format("attempt to forward unknown type %s", portForward.getType())); | |
822 return false; | |
823 } | |
824 } | |
825 | |
826 @Override | |
827 public boolean disablePortForward(PortForwardBean portForward) { | |
828 if (!portForwards.contains(portForward)) { | |
829 Log.e(TAG, "Attempt to disable port forward not in list"); | |
830 return false; | |
831 } | |
832 | |
833 if (!authenticated) | |
834 return false; | |
835 | |
836 if (HostDatabase.PORTFORWARD_LOCAL.equals(portForward.getType())) { | |
837 LocalPortForwarder lpf = null; | |
838 lpf = (LocalPortForwarder)portForward.getIdentifier(); | |
839 | |
840 if (!portForward.isEnabled() || lpf == null) { | |
841 Log.d(TAG, String.format("Could not disable %s; it appears to be not enabled or have no handler", portForward.getNickname())); | |
842 return false; | |
843 } | |
844 | |
845 portForward.setEnabled(false); | |
846 | |
847 try { | |
848 lpf.close(); | |
849 } | |
850 catch (IOException e) { | |
851 Log.e(TAG, "Could not stop local port forwarder, setting enabled to false", e); | |
852 return false; | |
853 } | |
854 | |
855 return true; | |
856 } | |
857 else if (HostDatabase.PORTFORWARD_REMOTE.equals(portForward.getType())) { | |
858 portForward.setEnabled(false); | |
859 | |
860 try { | |
861 connection.cancelRemotePortForwarding(portForward.getSourcePort()); | |
862 } | |
863 catch (IOException e) { | |
864 Log.e(TAG, "Could not stop remote port forwarding, setting enabled to false", e); | |
865 return false; | |
866 } | |
867 | |
868 return true; | |
869 } | |
870 else if (HostDatabase.PORTFORWARD_DYNAMIC5.equals(portForward.getType())) { | |
871 DynamicPortForwarder dpf = null; | |
872 dpf = (DynamicPortForwarder)portForward.getIdentifier(); | |
873 | |
874 if (!portForward.isEnabled() || dpf == null) { | |
875 Log.d(TAG, String.format("Could not disable %s; it appears to be not enabled or have no handler", portForward.getNickname())); | |
876 return false; | |
877 } | |
878 | |
879 portForward.setEnabled(false); | |
880 | |
881 try { | |
882 dpf.close(); | |
883 } | |
884 catch (IOException e) { | |
885 Log.e(TAG, "Could not stop dynamic port forwarder, setting enabled to false", e); | |
886 return false; | |
887 } | |
888 | |
889 return true; | |
890 } | |
891 else { | |
892 // Unsupported type | |
893 Log.e(TAG, String.format("attempt to forward unknown type %s", portForward.getType())); | |
894 return false; | |
895 } | |
896 } | |
897 | |
898 @Override | |
899 public boolean canTransferFiles() { | |
900 return true; | |
901 } | |
902 | |
903 @Override | |
904 public boolean downloadFile(String remoteFile, String localFolder) { | |
905 try { | |
906 SCPClient client = new SCPClient(connection); | |
907 | |
908 if (localFolder == null || localFolder == "") | |
909 localFolder = Environment.getExternalStorageDirectory().getAbsolutePath(); | |
910 | |
911 File dir = new File(localFolder); | |
912 dir.mkdirs(); | |
913 client.get(remoteFile, localFolder); | |
914 return true; | |
915 } | |
916 catch (IOException e) { | |
917 Log.e(TAG, "Could not download remote file", e); | |
918 return false; | |
919 } | |
920 } | |
921 | |
922 @Override | |
923 public boolean uploadFile(String localFile, String remoteFile, | |
924 String remoteFolder, String mode) { | |
925 try { | |
926 SCPClient client = new SCPClient(connection); | |
927 | |
928 if (remoteFolder == null) | |
929 remoteFolder = ""; | |
930 | |
931 if (remoteFile == null || remoteFile == "") | |
932 client.put(localFile, remoteFolder, mode); | |
933 else | |
934 client.put(localFile, remoteFile, remoteFolder, mode); | |
935 | |
936 return true; | |
937 } | |
938 catch (IOException e) { | |
939 Log.e(TAG, "Could not upload local file", e); | |
940 return false; | |
941 } | |
942 } | |
943 | |
944 | |
945 @Override | |
946 public int getDefaultPort() { | |
947 return DEFAULT_PORT; | |
948 } | |
949 | |
950 | |
951 @Override | |
952 public boolean isConnected() { | |
953 return connected; | |
954 } | |
955 | |
956 | |
957 @Override | |
958 public boolean isSessionOpen() { | |
959 return sessionOpen; | |
960 } | |
961 | |
962 | |
963 @Override | |
964 public boolean isAuthenticated() { | |
965 return authenticated; | |
966 } | |
967 | |
968 | |
969 @Override | |
970 public String getDefaultNickname(String username, String hostname, int port) { | |
971 if (port == DEFAULT_PORT) { | |
972 return String.format(Locale.US, "%s@%s", username, hostname); | |
973 } | |
974 else { | |
975 return String.format(Locale.US, "%s@%s:%d", username, hostname, port); | |
976 } | |
977 } | |
978 | |
979 | |
980 @Override | |
981 public void getSelectionArgs(Uri uri, Map<String, String> selection) { | |
982 selection.put(HostDatabase.FIELD_HOST_PROTOCOL, PROTOCOL); | |
983 selection.put(HostDatabase.FIELD_HOST_NICKNAME, uri.getFragment()); | |
984 selection.put(HostDatabase.FIELD_HOST_HOSTNAME, uri.getHost()); | |
985 int port = uri.getPort(); | |
986 | |
987 if (port < 0) | |
988 port = DEFAULT_PORT; | |
989 | |
990 selection.put(HostDatabase.FIELD_HOST_PORT, Integer.toString(port)); | |
991 selection.put(HostDatabase.FIELD_HOST_USERNAME, uri.getUserInfo()); | |
992 } | |
993 | |
994 | |
995 @Override | |
996 public HostBean createHost(Uri uri) { | |
997 HostBean host = new HostBean(); | |
998 host.setProtocol(PROTOCOL); | |
999 host.setHostname(uri.getHost()); | |
1000 int port = uri.getPort(); | |
1001 | |
1002 if (port < 0) | |
1003 port = DEFAULT_PORT; | |
1004 | |
1005 host.setPort(port); | |
1006 host.setUsername(uri.getUserInfo()); | |
1007 String nickname = uri.getFragment(); | |
1008 | |
1009 if (nickname == null || nickname.length() == 0) { | |
1010 host.setNickname(getDefaultNickname(host.getUsername(), | |
1011 host.getHostname(), host.getPort())); | |
1012 } | |
1013 else { | |
1014 host.setNickname(uri.getFragment()); | |
1015 } | |
1016 | |
1017 return host; | |
1018 } | |
1019 | |
1020 | |
1021 public String getFormatHint(Context context) { | |
1022 return String.format("%s@%s:%s", | |
1023 context.getString(R.string.format_username), | |
1024 context.getString(R.string.format_hostname), | |
1025 context.getString(R.string.format_port)); | |
1026 } | |
1027 | |
1028 | |
1029 /** | |
1030 * @return do we use the network | |
1031 */ | |
1032 @Override | |
1033 public boolean usesNetwork() { | |
1034 return true; | |
1035 } | |
1036 | |
1037 | |
1038 /** | |
1039 * Handle challenges from keyboard-interactive authentication mode. | |
1040 */ | |
1041 public String[] replyToChallenge(String name, String instruction, int numPrompts, String[] prompt, boolean[] echo) { | |
1042 interactiveCanContinue = true; | |
1043 String[] responses = new String[numPrompts]; | |
1044 | |
1045 for (int i = 0; i < numPrompts; i++) { | |
1046 // request response from user for each prompt | |
1047 responses[i] = bridge.promptHelper.requestPasswordPrompt(instruction, prompt[i]); | |
1048 } | |
1049 | |
1050 return responses; | |
1051 } | |
1052 | |
1053 public Map<String, byte[]> retrieveIdentities() { | |
1054 Map<String, byte[]> pubKeys = new HashMap<String, byte[]> (manager.loadedKeypairs.size()); | |
1055 | |
1056 for (Entry<String, KeyHolder> entry : manager.loadedKeypairs.entrySet()) { | |
1057 KeyPair pair = entry.getValue().pair; | |
1058 | |
1059 try { | |
1060 PrivateKey privKey = pair.getPrivate(); | |
1061 | |
1062 if (privKey instanceof RSAPrivateKey) { | |
1063 RSAPublicKey pubkey = (RSAPublicKey) pair.getPublic(); | |
1064 pubKeys.put(entry.getKey(), RSASHA1Verify.encodeSSHRSAPublicKey(pubkey)); | |
1065 } | |
1066 else if (privKey instanceof DSAPrivateKey) { | |
1067 DSAPublicKey pubkey = (DSAPublicKey) pair.getPublic(); | |
1068 pubKeys.put(entry.getKey(), DSASHA1Verify.encodeSSHDSAPublicKey(pubkey)); | |
1069 } | |
1070 else if (privKey instanceof ECPrivateKey) { | |
1071 ECPublicKey pubkey = (ECPublicKey) pair.getPublic(); | |
1072 pubKeys.put(entry.getKey(), ECDSASHA2Verify.encodeSSHECDSAPublicKey(pubkey)); | |
1073 } | |
1074 else | |
1075 continue; | |
1076 } | |
1077 catch (IOException e) { | |
1078 continue; | |
1079 } | |
1080 } | |
1081 | |
1082 return pubKeys; | |
1083 } | |
1084 | |
1085 public KeyPair getKeyPair(byte[] publicKey) { | |
1086 String nickname = manager.getKeyNickname(publicKey); | |
1087 | |
1088 if (nickname == null) | |
1089 return null; | |
1090 | |
1091 if (useAuthAgent.equals(HostDatabase.AUTHAGENT_NO)) { | |
1092 Log.e(TAG, ""); | |
1093 return null; | |
1094 } | |
1095 else if (useAuthAgent.equals(HostDatabase.AUTHAGENT_CONFIRM) || | |
1096 manager.loadedKeypairs.get(nickname).bean.isConfirmUse()) { | |
1097 if (!promptForPubkeyUse(nickname)) | |
1098 return null; | |
1099 } | |
1100 | |
1101 return manager.getKey(nickname); | |
1102 } | |
1103 | |
1104 private boolean promptForPubkeyUse(String nickname) { | |
1105 Boolean result = bridge.promptHelper.requestBooleanPrompt(null, | |
1106 manager.res.getString(R.string.prompt_allow_agent_to_use_key, | |
1107 nickname)); | |
1108 return result; | |
1109 } | |
1110 | |
1111 public boolean addIdentity(KeyPair pair, String comment, boolean confirmUse, int lifetime) { | |
1112 PubkeyBean pubkey = new PubkeyBean(); | |
1113 // pubkey.setType(PubkeyDatabase.KEY_TYPE_IMPORTED); | |
1114 pubkey.setNickname(comment); | |
1115 pubkey.setConfirmUse(confirmUse); | |
1116 pubkey.setLifetime(lifetime); | |
1117 manager.addKey(pubkey, pair); | |
1118 return true; | |
1119 } | |
1120 | |
1121 public boolean removeAllIdentities() { | |
1122 manager.loadedKeypairs.clear(); | |
1123 return true; | |
1124 } | |
1125 | |
1126 public boolean removeIdentity(byte[] publicKey) { | |
1127 return manager.removeKey(publicKey); | |
1128 } | |
1129 | |
1130 public boolean isAgentLocked() { | |
1131 return agentLockPassphrase != null; | |
1132 } | |
1133 | |
1134 public boolean requestAgentUnlock(String unlockPassphrase) { | |
1135 if (agentLockPassphrase == null) | |
1136 return false; | |
1137 | |
1138 if (agentLockPassphrase.equals(unlockPassphrase)) | |
1139 agentLockPassphrase = null; | |
1140 | |
1141 return agentLockPassphrase == null; | |
1142 } | |
1143 | |
1144 public boolean setAgentLock(String lockPassphrase) { | |
1145 if (agentLockPassphrase != null) | |
1146 return false; | |
1147 | |
1148 agentLockPassphrase = lockPassphrase; | |
1149 return true; | |
1150 } | |
1151 | |
1152 } |