mirror of
https://github.com/thegeeklab/ansible-later.git
synced 2024-06-29 13:40:59 +02:00
597 lines
20 KiB
Python
597 lines
20 KiB
Python
# Copyright (C) 2003-2007 Robey Pointer <robeypointer@gmail.com>
|
|
#
|
|
# This file is part of paramiko.
|
|
#
|
|
# Paramiko is free software; you can redistribute it and/or modify it under the
|
|
# terms of the GNU Lesser General Public License as published by the Free
|
|
# Software Foundation; either version 2.1 of the License, or (at your option)
|
|
# any later version.
|
|
#
|
|
# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
# A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
|
|
# details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public License
|
|
# along with Paramiko; if not, write to the Free Software Foundation, Inc.,
|
|
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
|
|
|
|
"""
|
|
Packet handling
|
|
"""
|
|
|
|
import errno
|
|
import os
|
|
import socket
|
|
import struct
|
|
import threading
|
|
import time
|
|
from hmac import HMAC
|
|
|
|
from paramiko import util
|
|
from paramiko.common import (
|
|
linefeed_byte,
|
|
cr_byte_value,
|
|
asbytes,
|
|
MSG_NAMES,
|
|
DEBUG,
|
|
xffffffff,
|
|
zero_byte,
|
|
)
|
|
from paramiko.py3compat import u, byte_ord
|
|
from paramiko.ssh_exception import SSHException, ProxyCommandFailure
|
|
from paramiko.message import Message
|
|
|
|
|
|
def compute_hmac(key, message, digest_class):
|
|
return HMAC(key, message, digest_class).digest()
|
|
|
|
|
|
class NeedRekeyException(Exception):
|
|
"""
|
|
Exception indicating a rekey is needed.
|
|
"""
|
|
|
|
pass
|
|
|
|
|
|
def first_arg(e):
|
|
arg = None
|
|
if type(e.args) is tuple and len(e.args) > 0:
|
|
arg = e.args[0]
|
|
return arg
|
|
|
|
|
|
class Packetizer(object):
|
|
"""
|
|
Implementation of the base SSH packet protocol.
|
|
"""
|
|
|
|
# READ the secsh RFC's before raising these values. if anything,
|
|
# they should probably be lower.
|
|
REKEY_PACKETS = pow(2, 29)
|
|
REKEY_BYTES = pow(2, 29)
|
|
|
|
# Allow receiving this many packets after a re-key request before
|
|
# terminating
|
|
REKEY_PACKETS_OVERFLOW_MAX = pow(2, 29)
|
|
# Allow receiving this many bytes after a re-key request before terminating
|
|
REKEY_BYTES_OVERFLOW_MAX = pow(2, 29)
|
|
|
|
def __init__(self, socket):
|
|
self.__socket = socket
|
|
self.__logger = None
|
|
self.__closed = False
|
|
self.__dump_packets = False
|
|
self.__need_rekey = False
|
|
self.__init_count = 0
|
|
self.__remainder = bytes()
|
|
|
|
# used for noticing when to re-key:
|
|
self.__sent_bytes = 0
|
|
self.__sent_packets = 0
|
|
self.__received_bytes = 0
|
|
self.__received_packets = 0
|
|
self.__received_bytes_overflow = 0
|
|
self.__received_packets_overflow = 0
|
|
|
|
# current inbound/outbound ciphering:
|
|
self.__block_size_out = 8
|
|
self.__block_size_in = 8
|
|
self.__mac_size_out = 0
|
|
self.__mac_size_in = 0
|
|
self.__block_engine_out = None
|
|
self.__block_engine_in = None
|
|
self.__sdctr_out = False
|
|
self.__mac_engine_out = None
|
|
self.__mac_engine_in = None
|
|
self.__mac_key_out = bytes()
|
|
self.__mac_key_in = bytes()
|
|
self.__compress_engine_out = None
|
|
self.__compress_engine_in = None
|
|
self.__sequence_number_out = 0
|
|
self.__sequence_number_in = 0
|
|
|
|
# lock around outbound writes (packet computation)
|
|
self.__write_lock = threading.RLock()
|
|
|
|
# keepalives:
|
|
self.__keepalive_interval = 0
|
|
self.__keepalive_last = time.time()
|
|
self.__keepalive_callback = None
|
|
|
|
self.__timer = None
|
|
self.__handshake_complete = False
|
|
self.__timer_expired = False
|
|
|
|
@property
|
|
def closed(self):
|
|
return self.__closed
|
|
|
|
def set_log(self, log):
|
|
"""
|
|
Set the Python log object to use for logging.
|
|
"""
|
|
self.__logger = log
|
|
|
|
def set_outbound_cipher(
|
|
self,
|
|
block_engine,
|
|
block_size,
|
|
mac_engine,
|
|
mac_size,
|
|
mac_key,
|
|
sdctr=False,
|
|
):
|
|
"""
|
|
Switch outbound data cipher.
|
|
"""
|
|
self.__block_engine_out = block_engine
|
|
self.__sdctr_out = sdctr
|
|
self.__block_size_out = block_size
|
|
self.__mac_engine_out = mac_engine
|
|
self.__mac_size_out = mac_size
|
|
self.__mac_key_out = mac_key
|
|
self.__sent_bytes = 0
|
|
self.__sent_packets = 0
|
|
# wait until the reset happens in both directions before clearing
|
|
# rekey flag
|
|
self.__init_count |= 1
|
|
if self.__init_count == 3:
|
|
self.__init_count = 0
|
|
self.__need_rekey = False
|
|
|
|
def set_inbound_cipher(
|
|
self, block_engine, block_size, mac_engine, mac_size, mac_key
|
|
):
|
|
"""
|
|
Switch inbound data cipher.
|
|
"""
|
|
self.__block_engine_in = block_engine
|
|
self.__block_size_in = block_size
|
|
self.__mac_engine_in = mac_engine
|
|
self.__mac_size_in = mac_size
|
|
self.__mac_key_in = mac_key
|
|
self.__received_bytes = 0
|
|
self.__received_packets = 0
|
|
self.__received_bytes_overflow = 0
|
|
self.__received_packets_overflow = 0
|
|
# wait until the reset happens in both directions before clearing
|
|
# rekey flag
|
|
self.__init_count |= 2
|
|
if self.__init_count == 3:
|
|
self.__init_count = 0
|
|
self.__need_rekey = False
|
|
|
|
def set_outbound_compressor(self, compressor):
|
|
self.__compress_engine_out = compressor
|
|
|
|
def set_inbound_compressor(self, compressor):
|
|
self.__compress_engine_in = compressor
|
|
|
|
def close(self):
|
|
self.__closed = True
|
|
self.__socket.close()
|
|
|
|
def set_hexdump(self, hexdump):
|
|
self.__dump_packets = hexdump
|
|
|
|
def get_hexdump(self):
|
|
return self.__dump_packets
|
|
|
|
def get_mac_size_in(self):
|
|
return self.__mac_size_in
|
|
|
|
def get_mac_size_out(self):
|
|
return self.__mac_size_out
|
|
|
|
def need_rekey(self):
|
|
"""
|
|
Returns ``True`` if a new set of keys needs to be negotiated. This
|
|
will be triggered during a packet read or write, so it should be
|
|
checked after every read or write, or at least after every few.
|
|
"""
|
|
return self.__need_rekey
|
|
|
|
def set_keepalive(self, interval, callback):
|
|
"""
|
|
Turn on/off the callback keepalive. If ``interval`` seconds pass with
|
|
no data read from or written to the socket, the callback will be
|
|
executed and the timer will be reset.
|
|
"""
|
|
self.__keepalive_interval = interval
|
|
self.__keepalive_callback = callback
|
|
self.__keepalive_last = time.time()
|
|
|
|
def read_timer(self):
|
|
self.__timer_expired = True
|
|
|
|
def start_handshake(self, timeout):
|
|
"""
|
|
Tells `Packetizer` that the handshake process started.
|
|
Starts a book keeping timer that can signal a timeout in the
|
|
handshake process.
|
|
|
|
:param float timeout: amount of seconds to wait before timing out
|
|
"""
|
|
if not self.__timer:
|
|
self.__timer = threading.Timer(float(timeout), self.read_timer)
|
|
self.__timer.start()
|
|
|
|
def handshake_timed_out(self):
|
|
"""
|
|
Checks if the handshake has timed out.
|
|
|
|
If `start_handshake` wasn't called before the call to this function,
|
|
the return value will always be `False`. If the handshake completed
|
|
before a timeout was reached, the return value will be `False`
|
|
|
|
:return: handshake time out status, as a `bool`
|
|
"""
|
|
if not self.__timer:
|
|
return False
|
|
if self.__handshake_complete:
|
|
return False
|
|
return self.__timer_expired
|
|
|
|
def complete_handshake(self):
|
|
"""
|
|
Tells `Packetizer` that the handshake has completed.
|
|
"""
|
|
if self.__timer:
|
|
self.__timer.cancel()
|
|
self.__timer_expired = False
|
|
self.__handshake_complete = True
|
|
|
|
def read_all(self, n, check_rekey=False):
|
|
"""
|
|
Read as close to N bytes as possible, blocking as long as necessary.
|
|
|
|
:param int n: number of bytes to read
|
|
:return: the data read, as a `str`
|
|
|
|
:raises:
|
|
``EOFError`` -- if the socket was closed before all the bytes could
|
|
be read
|
|
"""
|
|
out = bytes()
|
|
# handle over-reading from reading the banner line
|
|
if len(self.__remainder) > 0:
|
|
out = self.__remainder[:n]
|
|
self.__remainder = self.__remainder[n:]
|
|
n -= len(out)
|
|
while n > 0:
|
|
got_timeout = False
|
|
if self.handshake_timed_out():
|
|
raise EOFError()
|
|
try:
|
|
x = self.__socket.recv(n)
|
|
if len(x) == 0:
|
|
raise EOFError()
|
|
out += x
|
|
n -= len(x)
|
|
except socket.timeout:
|
|
got_timeout = True
|
|
except socket.error as e:
|
|
# on Linux, sometimes instead of socket.timeout, we get
|
|
# EAGAIN. this is a bug in recent (> 2.6.9) kernels but
|
|
# we need to work around it.
|
|
arg = first_arg(e)
|
|
if arg == errno.EAGAIN:
|
|
got_timeout = True
|
|
elif arg == errno.EINTR:
|
|
# syscall interrupted; try again
|
|
pass
|
|
elif self.__closed:
|
|
raise EOFError()
|
|
else:
|
|
raise
|
|
if got_timeout:
|
|
if self.__closed:
|
|
raise EOFError()
|
|
if check_rekey and (len(out) == 0) and self.__need_rekey:
|
|
raise NeedRekeyException()
|
|
self._check_keepalive()
|
|
return out
|
|
|
|
def write_all(self, out):
|
|
self.__keepalive_last = time.time()
|
|
iteration_with_zero_as_return_value = 0
|
|
while len(out) > 0:
|
|
retry_write = False
|
|
try:
|
|
n = self.__socket.send(out)
|
|
except socket.timeout:
|
|
retry_write = True
|
|
except socket.error as e:
|
|
arg = first_arg(e)
|
|
if arg == errno.EAGAIN:
|
|
retry_write = True
|
|
elif arg == errno.EINTR:
|
|
# syscall interrupted; try again
|
|
retry_write = True
|
|
else:
|
|
n = -1
|
|
except ProxyCommandFailure:
|
|
raise # so it doesn't get swallowed by the below catchall
|
|
except Exception:
|
|
# could be: (32, 'Broken pipe')
|
|
n = -1
|
|
if retry_write:
|
|
n = 0
|
|
if self.__closed:
|
|
n = -1
|
|
else:
|
|
if n == 0 and iteration_with_zero_as_return_value > 10:
|
|
# We shouldn't retry the write, but we didn't
|
|
# manage to send anything over the socket. This might be an
|
|
# indication that we have lost contact with the remote
|
|
# side, but are yet to receive an EOFError or other socket
|
|
# errors. Let's give it some iteration to try and catch up.
|
|
n = -1
|
|
iteration_with_zero_as_return_value += 1
|
|
if n < 0:
|
|
raise EOFError()
|
|
if n == len(out):
|
|
break
|
|
out = out[n:]
|
|
return
|
|
|
|
def readline(self, timeout):
|
|
"""
|
|
Read a line from the socket. We assume no data is pending after the
|
|
line, so it's okay to attempt large reads.
|
|
"""
|
|
buf = self.__remainder
|
|
while linefeed_byte not in buf:
|
|
buf += self._read_timeout(timeout)
|
|
n = buf.index(linefeed_byte)
|
|
self.__remainder = buf[n + 1 :]
|
|
buf = buf[:n]
|
|
if (len(buf) > 0) and (buf[-1] == cr_byte_value):
|
|
buf = buf[:-1]
|
|
return u(buf)
|
|
|
|
def send_message(self, data):
|
|
"""
|
|
Write a block of data using the current cipher, as an SSH block.
|
|
"""
|
|
# encrypt this sucka
|
|
data = asbytes(data)
|
|
cmd = byte_ord(data[0])
|
|
if cmd in MSG_NAMES:
|
|
cmd_name = MSG_NAMES[cmd]
|
|
else:
|
|
cmd_name = "${:x}".format(cmd)
|
|
orig_len = len(data)
|
|
self.__write_lock.acquire()
|
|
try:
|
|
if self.__compress_engine_out is not None:
|
|
data = self.__compress_engine_out(data)
|
|
packet = self._build_packet(data)
|
|
if self.__dump_packets:
|
|
self._log(
|
|
DEBUG,
|
|
"Write packet <{}>, length {}".format(cmd_name, orig_len),
|
|
)
|
|
self._log(DEBUG, util.format_binary(packet, "OUT: "))
|
|
if self.__block_engine_out is not None:
|
|
out = self.__block_engine_out.update(packet)
|
|
else:
|
|
out = packet
|
|
# + mac
|
|
if self.__block_engine_out is not None:
|
|
payload = (
|
|
struct.pack(">I", self.__sequence_number_out) + packet
|
|
)
|
|
out += compute_hmac(
|
|
self.__mac_key_out, payload, self.__mac_engine_out
|
|
)[: self.__mac_size_out]
|
|
self.__sequence_number_out = (
|
|
self.__sequence_number_out + 1
|
|
) & xffffffff
|
|
self.write_all(out)
|
|
|
|
self.__sent_bytes += len(out)
|
|
self.__sent_packets += 1
|
|
sent_too_much = (
|
|
self.__sent_packets >= self.REKEY_PACKETS
|
|
or self.__sent_bytes >= self.REKEY_BYTES
|
|
)
|
|
if sent_too_much and not self.__need_rekey:
|
|
# only ask once for rekeying
|
|
msg = "Rekeying (hit {} packets, {} bytes sent)"
|
|
self._log(
|
|
DEBUG, msg.format(self.__sent_packets, self.__sent_bytes)
|
|
)
|
|
self.__received_bytes_overflow = 0
|
|
self.__received_packets_overflow = 0
|
|
self._trigger_rekey()
|
|
finally:
|
|
self.__write_lock.release()
|
|
|
|
def read_message(self):
|
|
"""
|
|
Only one thread should ever be in this function (no other locking is
|
|
done).
|
|
|
|
:raises: `.SSHException` -- if the packet is mangled
|
|
:raises: `.NeedRekeyException` -- if the transport should rekey
|
|
"""
|
|
header = self.read_all(self.__block_size_in, check_rekey=True)
|
|
if self.__block_engine_in is not None:
|
|
header = self.__block_engine_in.update(header)
|
|
if self.__dump_packets:
|
|
self._log(DEBUG, util.format_binary(header, "IN: "))
|
|
packet_size = struct.unpack(">I", header[:4])[0]
|
|
# leftover contains decrypted bytes from the first block (after the
|
|
# length field)
|
|
leftover = header[4:]
|
|
if (packet_size - len(leftover)) % self.__block_size_in != 0:
|
|
raise SSHException("Invalid packet blocking")
|
|
buf = self.read_all(packet_size + self.__mac_size_in - len(leftover))
|
|
packet = buf[: packet_size - len(leftover)]
|
|
post_packet = buf[packet_size - len(leftover) :]
|
|
if self.__block_engine_in is not None:
|
|
packet = self.__block_engine_in.update(packet)
|
|
if self.__dump_packets:
|
|
self._log(DEBUG, util.format_binary(packet, "IN: "))
|
|
packet = leftover + packet
|
|
|
|
if self.__mac_size_in > 0:
|
|
mac = post_packet[: self.__mac_size_in]
|
|
mac_payload = (
|
|
struct.pack(">II", self.__sequence_number_in, packet_size)
|
|
+ packet
|
|
)
|
|
my_mac = compute_hmac(
|
|
self.__mac_key_in, mac_payload, self.__mac_engine_in
|
|
)[: self.__mac_size_in]
|
|
if not util.constant_time_bytes_eq(my_mac, mac):
|
|
raise SSHException("Mismatched MAC")
|
|
padding = byte_ord(packet[0])
|
|
payload = packet[1 : packet_size - padding]
|
|
|
|
if self.__dump_packets:
|
|
self._log(
|
|
DEBUG,
|
|
"Got payload ({} bytes, {} padding)".format(
|
|
packet_size, padding
|
|
),
|
|
)
|
|
|
|
if self.__compress_engine_in is not None:
|
|
payload = self.__compress_engine_in(payload)
|
|
|
|
msg = Message(payload[1:])
|
|
msg.seqno = self.__sequence_number_in
|
|
self.__sequence_number_in = (self.__sequence_number_in + 1) & xffffffff
|
|
|
|
# check for rekey
|
|
raw_packet_size = packet_size + self.__mac_size_in + 4
|
|
self.__received_bytes += raw_packet_size
|
|
self.__received_packets += 1
|
|
if self.__need_rekey:
|
|
# we've asked to rekey -- give them some packets to comply before
|
|
# dropping the connection
|
|
self.__received_bytes_overflow += raw_packet_size
|
|
self.__received_packets_overflow += 1
|
|
if (
|
|
self.__received_packets_overflow
|
|
>= self.REKEY_PACKETS_OVERFLOW_MAX
|
|
) or (
|
|
self.__received_bytes_overflow >= self.REKEY_BYTES_OVERFLOW_MAX
|
|
):
|
|
raise SSHException(
|
|
"Remote transport is ignoring rekey requests"
|
|
)
|
|
elif (self.__received_packets >= self.REKEY_PACKETS) or (
|
|
self.__received_bytes >= self.REKEY_BYTES
|
|
):
|
|
# only ask once for rekeying
|
|
err = "Rekeying (hit {} packets, {} bytes received)"
|
|
self._log(
|
|
DEBUG,
|
|
err.format(self.__received_packets, self.__received_bytes),
|
|
)
|
|
self.__received_bytes_overflow = 0
|
|
self.__received_packets_overflow = 0
|
|
self._trigger_rekey()
|
|
|
|
cmd = byte_ord(payload[0])
|
|
if cmd in MSG_NAMES:
|
|
cmd_name = MSG_NAMES[cmd]
|
|
else:
|
|
cmd_name = "${:x}".format(cmd)
|
|
if self.__dump_packets:
|
|
self._log(
|
|
DEBUG,
|
|
"Read packet <{}>, length {}".format(cmd_name, len(payload)),
|
|
)
|
|
return cmd, msg
|
|
|
|
# ...protected...
|
|
|
|
def _log(self, level, msg):
|
|
if self.__logger is None:
|
|
return
|
|
if issubclass(type(msg), list):
|
|
for m in msg:
|
|
self.__logger.log(level, m)
|
|
else:
|
|
self.__logger.log(level, msg)
|
|
|
|
def _check_keepalive(self):
|
|
if (
|
|
not self.__keepalive_interval
|
|
or not self.__block_engine_out
|
|
or self.__need_rekey
|
|
):
|
|
# wait till we're encrypting, and not in the middle of rekeying
|
|
return
|
|
now = time.time()
|
|
if now > self.__keepalive_last + self.__keepalive_interval:
|
|
self.__keepalive_callback()
|
|
self.__keepalive_last = now
|
|
|
|
def _read_timeout(self, timeout):
|
|
start = time.time()
|
|
while True:
|
|
try:
|
|
x = self.__socket.recv(128)
|
|
if len(x) == 0:
|
|
raise EOFError()
|
|
break
|
|
except socket.timeout:
|
|
pass
|
|
except EnvironmentError as e:
|
|
if first_arg(e) == errno.EINTR:
|
|
pass
|
|
else:
|
|
raise
|
|
if self.__closed:
|
|
raise EOFError()
|
|
now = time.time()
|
|
if now - start >= timeout:
|
|
raise socket.timeout()
|
|
return x
|
|
|
|
def _build_packet(self, payload):
|
|
# pad up at least 4 bytes, to nearest block-size (usually 8)
|
|
bsize = self.__block_size_out
|
|
padding = 3 + bsize - ((len(payload) + 8) % bsize)
|
|
packet = struct.pack(">IB", len(payload) + padding + 1, padding)
|
|
packet += payload
|
|
if self.__sdctr_out or self.__block_engine_out is None:
|
|
# cute trick i caught openssh doing: if we're not encrypting or
|
|
# SDCTR mode (RFC4344),
|
|
# don't waste random bytes for the padding
|
|
packet += zero_byte * padding
|
|
else:
|
|
packet += os.urandom(padding)
|
|
return packet
|
|
|
|
def _trigger_rekey(self):
|
|
# outside code should check for this flag
|
|
self.__need_rekey = True
|