client.go 13.3 KB
Newer Older
Russ Cox's avatar
Russ Cox committed
1 2 3 4 5 6 7 8
// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package ssh

import (
	"crypto/rand"
9
	"encoding/binary"
Russ Cox's avatar
Russ Cox committed
10 11 12 13 14 15 16
	"errors"
	"fmt"
	"io"
	"net"
	"sync"
)

17 18
// clientVersion is the default identification string that the client will use.
var clientVersion = []byte("SSH-2.0-Go")
Russ Cox's avatar
Russ Cox committed
19 20 21 22

// ClientConn represents the client side of an SSH connection.
type ClientConn struct {
	*transport
23
	config      *ClientConfig
24
	chanList    // channels associated with this connection
25 26
	forwardList // forwarded tcpip connections from the remote side
	globalRequest
27 28 29

	// Address as passed to the Dial function.
	dialAddress string
30 31

	serverVersion string
32 33 34 35 36
}

type globalRequest struct {
	sync.Mutex
	response chan interface{}
Russ Cox's avatar
Russ Cox committed
37 38 39 40
}

// Client returns a new SSH client connection using c as the underlying transport.
func Client(c net.Conn, config *ClientConfig) (*ClientConn, error) {
41 42 43 44
	return clientWithAddress(c, "", config)
}

func clientWithAddress(c net.Conn, addr string, config *ClientConfig) (*ClientConn, error) {
Russ Cox's avatar
Russ Cox committed
45
	conn := &ClientConn{
46
		transport:     newTransport(c, config.rand(), true /* is client */),
47 48
		config:        config,
		globalRequest: globalRequest{response: make(chan interface{}, 1)},
49
		dialAddress:   addr,
Russ Cox's avatar
Russ Cox committed
50
	}
51

Russ Cox's avatar
Russ Cox committed
52 53
	if err := conn.handshake(); err != nil {
		conn.Close()
54
		return nil, fmt.Errorf("handshake failed: %v", err)
Russ Cox's avatar
Russ Cox committed
55 56 57 58 59 60 61
	}
	go conn.mainLoop()
	return conn, nil
}

// handshake performs the client side key exchange. See RFC 4253 Section 7.
func (c *ClientConn) handshake() error {
62
	var myVersion []byte
63
	if len(c.config.ClientVersion) > 0 {
64
		myVersion = []byte(c.config.ClientVersion)
65
	} else {
66
		myVersion = clientVersion
67
	}
68 69

	if _, err := c.Write(append(myVersion, '\r', '\n')); err != nil {
Russ Cox's avatar
Russ Cox committed
70 71 72 73 74 75 76
		return err
	}
	if err := c.Flush(); err != nil {
		return err
	}

	// read remote server version
77
	serverVersion, err := readVersion(c)
Russ Cox's avatar
Russ Cox committed
78 79 80
	if err != nil {
		return err
	}
81 82
	c.serverVersion = string(serverVersion)

Russ Cox's avatar
Russ Cox committed
83
	clientKexInit := kexInitMsg{
84
		KexAlgos:                c.config.Crypto.kexes(),
Russ Cox's avatar
Russ Cox committed
85 86 87
		ServerHostKeyAlgos:      supportedHostKeyAlgos,
		CiphersClientServer:     c.config.Crypto.ciphers(),
		CiphersServerClient:     c.config.Crypto.ciphers(),
88 89
		MACsClientServer:        c.config.Crypto.macs(),
		MACsServerClient:        c.config.Crypto.macs(),
Russ Cox's avatar
Russ Cox committed
90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
		CompressionClientServer: supportedCompressions,
		CompressionServerClient: supportedCompressions,
	}
	kexInitPacket := marshal(msgKexInit, clientKexInit)
	if err := c.writePacket(kexInitPacket); err != nil {
		return err
	}
	packet, err := c.readPacket()
	if err != nil {
		return err
	}

	var serverKexInit kexInitMsg
	if err = unmarshal(&serverKexInit, packet, msgKexInit); err != nil {
		return err
	}

107 108
	algs := findAgreedAlgorithms(&clientKexInit, &serverKexInit)
	if algs == nil {
Russ Cox's avatar
Russ Cox committed
109 110 111
		return errors.New("ssh: no common algorithms")
	}

112
	if serverKexInit.FirstKexFollows && algs.kex != serverKexInit.KexAlgos[0] {
Russ Cox's avatar
Russ Cox committed
113 114 115 116 117 118 119
		// The server sent a Kex message for the wrong algorithm,
		// which we have to ignore.
		if _, err := c.readPacket(); err != nil {
			return err
		}
	}

120
	kex, ok := kexAlgoMap[algs.kex]
121
	if !ok {
122
		return fmt.Errorf("ssh: unexpected key exchange algorithm %v", algs.kex)
Russ Cox's avatar
Russ Cox committed
123
	}
124 125 126 127 128 129 130 131

	magics := handshakeMagics{
		clientVersion: myVersion,
		serverVersion: serverVersion,
		clientKexInit: kexInitPacket,
		serverKexInit: packet,
	}
	result, err := kex.Client(c, c.config.rand(), &magics)
Russ Cox's avatar
Russ Cox committed
132 133 134 135
	if err != nil {
		return err
	}

136
	err = verifyHostKeySignature(algs.hostKey, result.HostKey, result.H, result.Signature)
137 138 139 140 141
	if err != nil {
		return err
	}

	if checker := c.config.HostKeyChecker; checker != nil {
142
		err = checker.Check(c.dialAddress, c.RemoteAddr(), algs.hostKey, result.HostKey)
143 144 145 146 147
		if err != nil {
			return err
		}
	}

148
	c.transport.prepareKeyChange(algs, result)
149

150
	if err = c.writePacket([]byte{msgNewKeys}); err != nil {
Russ Cox's avatar
Russ Cox committed
151 152 153 154 155 156 157 158
		return err
	}
	if packet, err = c.readPacket(); err != nil {
		return err
	}
	if packet[0] != msgNewKeys {
		return UnexpectedMessageError{msgNewKeys, packet[0]}
	}
159
	return c.authenticate(result.H)
Russ Cox's avatar
Russ Cox committed
160 161
}

162 163 164 165 166 167 168 169 170 171 172 173 174 175 176
// Verify the host key obtained in the key exchange.
func verifyHostKeySignature(hostKeyAlgo string, hostKeyBytes []byte, data []byte, signature []byte) error {
	hostKey, rest, ok := ParsePublicKey(hostKeyBytes)
	if len(rest) > 0 || !ok {
		return errors.New("ssh: could not parse hostkey")
	}

	sig, rest, ok := parseSignatureBody(signature)
	if len(rest) > 0 || !ok {
		return errors.New("ssh: signature parse error")
	}
	if sig.Format != hostKeyAlgo {
		return fmt.Errorf("ssh: unexpected signature type %q", sig.Format)
	}

177 178 179 180
	if !hostKey.Verify(data, sig.Blob) {
		return errors.New("ssh: host key signature error")
	}
	return nil
181 182
}

Russ Cox's avatar
Russ Cox committed
183 184 185
// mainLoop reads incoming messages and routes channel messages
// to their respective ClientChans.
func (c *ClientConn) mainLoop() {
186 187
	defer func() {
		c.Close()
188 189
		c.chanList.closeAll()
		c.forwardList.closeAll()
190 191
	}()

Russ Cox's avatar
Russ Cox committed
192 193 194 195 196 197
	for {
		packet, err := c.readPacket()
		if err != nil {
			break
		}
		// TODO(dfc) A note on blocking channel use.
198
		// The msg, data and dataExt channels of a clientChan can
Russ Cox's avatar
Russ Cox committed
199 200 201 202 203 204
		// cause this loop to block indefinately if the consumer does
		// not service them.
		switch packet[0] {
		case msgChannelData:
			if len(packet) < 9 {
				// malformed data packet
205
				return
Russ Cox's avatar
Russ Cox committed
206
			}
207 208
			remoteId := binary.BigEndian.Uint32(packet[1:5])
			length := binary.BigEndian.Uint32(packet[5:9])
209 210 211 212
			packet = packet[9:]

			if length != uint32(len(packet)) {
				return
Russ Cox's avatar
Russ Cox committed
213
			}
214 215 216 217 218
			ch, ok := c.getChan(remoteId)
			if !ok {
				return
			}
			ch.stdout.write(packet)
Russ Cox's avatar
Russ Cox committed
219 220 221
		case msgChannelExtendedData:
			if len(packet) < 13 {
				// malformed data packet
222
				return
Russ Cox's avatar
Russ Cox committed
223
			}
224 225 226
			remoteId := binary.BigEndian.Uint32(packet[1:5])
			datatype := binary.BigEndian.Uint32(packet[5:9])
			length := binary.BigEndian.Uint32(packet[9:13])
227 228 229 230 231 232 233 234 235
			packet = packet[13:]

			if length != uint32(len(packet)) {
				return
			}
			// RFC 4254 5.2 defines data_type_code 1 to be data destined
			// for stderr on interactive sessions. Other data types are
			// silently discarded.
			if datatype == 1 {
236 237 238 239 240
				ch, ok := c.getChan(remoteId)
				if !ok {
					return
				}
				ch.stderr.write(packet)
Russ Cox's avatar
Russ Cox committed
241 242
			}
		default:
243 244 245 246 247 248 249 250 251
			decoded, err := decode(packet)
			if err != nil {
				if _, ok := err.(UnexpectedMessageError); ok {
					fmt.Printf("mainLoop: unexpected message: %v\n", err)
					continue
				}
				return
			}
			switch msg := decoded.(type) {
Russ Cox's avatar
Russ Cox committed
252
			case *channelOpenMsg:
253
				c.handleChanOpen(msg)
Russ Cox's avatar
Russ Cox committed
254
			case *channelOpenConfirmMsg:
255 256 257 258 259
				ch, ok := c.getChan(msg.PeersId)
				if !ok {
					return
				}
				ch.msg <- msg
Russ Cox's avatar
Russ Cox committed
260
			case *channelOpenFailureMsg:
261 262 263 264 265
				ch, ok := c.getChan(msg.PeersId)
				if !ok {
					return
				}
				ch.msg <- msg
Russ Cox's avatar
Russ Cox committed
266
			case *channelCloseMsg:
267 268 269 270
				ch, ok := c.getChan(msg.PeersId)
				if !ok {
					return
				}
271
				ch.Close()
272
				close(ch.msg)
273
				c.chanList.remove(msg.PeersId)
Russ Cox's avatar
Russ Cox committed
274
			case *channelEOFMsg:
275 276 277 278
				ch, ok := c.getChan(msg.PeersId)
				if !ok {
					return
				}
Russ Cox's avatar
Russ Cox committed
279 280 281 282 283
				ch.stdout.eof()
				// RFC 4254 is mute on how EOF affects dataExt messages but
				// it is logical to signal EOF at the same time.
				ch.stderr.eof()
			case *channelRequestSuccessMsg:
284 285 286 287 288
				ch, ok := c.getChan(msg.PeersId)
				if !ok {
					return
				}
				ch.msg <- msg
Russ Cox's avatar
Russ Cox committed
289
			case *channelRequestFailureMsg:
290 291 292 293 294
				ch, ok := c.getChan(msg.PeersId)
				if !ok {
					return
				}
				ch.msg <- msg
Russ Cox's avatar
Russ Cox committed
295
			case *channelRequestMsg:
296 297 298 299 300
				ch, ok := c.getChan(msg.PeersId)
				if !ok {
					return
				}
				ch.msg <- msg
Russ Cox's avatar
Russ Cox committed
301
			case *windowAdjustMsg:
302 303 304 305 306
				ch, ok := c.getChan(msg.PeersId)
				if !ok {
					return
				}
				if !ch.remoteWin.add(msg.AdditionalBytes) {
307
					// invalid window update
308
					return
309
				}
310 311 312 313 314 315
			case *globalRequestMsg:
				// This handles keepalive messages and matches
				// the behaviour of OpenSSH.
				if msg.WantReply {
					c.writePacket(marshal(msgRequestFailure, globalRequestFailureMsg{}))
				}
316 317
			case *globalRequestSuccessMsg, *globalRequestFailureMsg:
				c.globalRequest.response <- msg
Russ Cox's avatar
Russ Cox committed
318
			case *disconnectMsg:
319
				return
Russ Cox's avatar
Russ Cox committed
320 321 322 323 324 325 326
			default:
				fmt.Printf("mainLoop: unhandled message %T: %v\n", msg, msg)
			}
		}
	}
}

327 328
// Handle channel open messages from the remote side.
func (c *ClientConn) handleChanOpen(msg *channelOpenMsg) {
329 330 331 332
	if msg.MaxPacketSize < minPacketLength || msg.MaxPacketSize > 1<<31 {
		c.sendConnectionFailed(msg.PeersId)
	}

333 334
	switch msg.ChanType {
	case "forwarded-tcpip":
335 336
		laddr, rest, ok := parseTCPAddr(msg.TypeSpecificData)
		if !ok {
337
			// invalid request
338
			c.sendConnectionFailed(msg.PeersId)
339 340
			return
		}
341 342

		l, ok := c.forwardList.lookup(*laddr)
343
		if !ok {
344
			// TODO: print on a more structured log.
345
			fmt.Println("could not find forward list entry for", laddr)
346 347
			// Section 7.2, implementations MUST reject suprious incoming
			// connections.
348 349 350 351 352 353 354
			c.sendConnectionFailed(msg.PeersId)
			return
		}
		raddr, rest, ok := parseTCPAddr(rest)
		if !ok {
			// invalid request
			c.sendConnectionFailed(msg.PeersId)
355 356 357
			return
		}
		ch := c.newChan(c.transport)
358
		ch.remoteId = msg.PeersId
359
		ch.remoteWin.add(msg.PeersWindow)
360
		ch.maxPacket = msg.MaxPacketSize
361 362

		m := channelOpenConfirmMsg{
363 364 365 366 367 368
			PeersId:  ch.remoteId,
			MyId:     ch.localId,
			MyWindow: 1 << 14,

			// As per RFC 4253 6.1, 32k is also the minimum.
			MaxPacketSize: 1 << 15,
369
		}
370

371
		c.writePacket(marshal(msgChannelOpenConfirm, m))
372
		l <- forward{ch, raddr}
373 374 375 376 377 378 379 380 381 382 383 384
	default:
		// unknown channel type
		m := channelOpenFailureMsg{
			PeersId:  msg.PeersId,
			Reason:   UnknownChannelType,
			Message:  fmt.Sprintf("unknown channel type: %v", msg.ChanType),
			Language: "en_US.UTF-8",
		}
		c.writePacket(marshal(msgChannelOpenFailure, m))
	}
}

385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400
// sendGlobalRequest sends a global request message as specified
// in RFC4254 section 4. To correctly synchronise messages, a lock
// is held internally until a response is returned.
func (c *ClientConn) sendGlobalRequest(m interface{}) (*globalRequestSuccessMsg, error) {
	c.globalRequest.Lock()
	defer c.globalRequest.Unlock()
	if err := c.writePacket(marshal(msgGlobalRequest, m)); err != nil {
		return nil, err
	}
	r := <-c.globalRequest.response
	if r, ok := r.(*globalRequestSuccessMsg); ok {
		return r, nil
	}
	return nil, errors.New("request failed")
}

Adam Langley's avatar
Adam Langley committed
401
// sendConnectionFailed rejects an incoming channel identified
402 403
// by remoteId.
func (c *ClientConn) sendConnectionFailed(remoteId uint32) error {
404
	m := channelOpenFailureMsg{
405
		PeersId:  remoteId,
406 407 408 409 410 411 412
		Reason:   ConnectionFailed,
		Message:  "invalid request",
		Language: "en_US.UTF-8",
	}
	return c.writePacket(marshal(msgChannelOpenFailure, m))
}

Adam Langley's avatar
Adam Langley committed
413
// parseTCPAddr parses the originating address from the remote into a *net.TCPAddr.
414 415
// RFC 4254 section 7.2 is mute on what to do if parsing fails but the forwardlist
// requires a valid *net.TCPAddr to operate, so we enforce that restriction here.
416
func parseTCPAddr(b []byte) (*net.TCPAddr, []byte, bool) {
417 418
	addr, b, ok := parseString(b)
	if !ok {
419
		return nil, b, false
420
	}
421
	port, b, ok := parseUint32(b)
422
	if !ok {
423
		return nil, b, false
424 425 426
	}
	ip := net.ParseIP(string(addr))
	if ip == nil {
427
		return nil, b, false
428
	}
429
	return &net.TCPAddr{IP: ip, Port: int(port)}, b, true
430 431
}

Russ Cox's avatar
Russ Cox committed
432 433 434 435 436 437 438
// Dial connects to the given network address using net.Dial and
// then initiates a SSH handshake, returning the resulting client connection.
func Dial(network, addr string, config *ClientConfig) (*ClientConn, error) {
	conn, err := net.Dial(network, addr)
	if err != nil {
		return nil, err
	}
439
	return clientWithAddress(conn, addr, config)
Russ Cox's avatar
Russ Cox committed
440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456
}

// A ClientConfig structure is used to configure a ClientConn. After one has
// been passed to an SSH function it must not be modified.
type ClientConfig struct {
	// Rand provides the source of entropy for key exchange. If Rand is
	// nil, the cryptographic random reader in package crypto/rand will
	// be used.
	Rand io.Reader

	// The username to authenticate.
	User string

	// A slice of ClientAuth methods. Only the first instance
	// of a particular RFC 4252 method will be used during authentication.
	Auth []ClientAuth

457 458 459 460 461
	// HostKeyChecker, if not nil, is called during the cryptographic
	// handshake to validate the server's host key. A nil HostKeyChecker
	// implies that all host keys are accepted.
	HostKeyChecker HostKeyChecker

Russ Cox's avatar
Russ Cox committed
462 463
	// Cryptographic-related configuration.
	Crypto CryptoConfig
464 465 466 467

	// The identification string that will be used for the connection.
	// If empty, a reasonable default is used.
	ClientVersion string
Russ Cox's avatar
Russ Cox committed
468 469 470 471 472 473 474 475 476 477
}

func (c *ClientConfig) rand() io.Reader {
	if c.Rand == nil {
		return rand.Reader
	}
	return c.Rand
}

// Thread safe channel list.
478
type chanList struct {
Russ Cox's avatar
Russ Cox committed
479 480
	// protects concurrent access to chans
	sync.Mutex
481
	// chans are indexed by the local id of the channel, clientChan.localId.
Russ Cox's avatar
Russ Cox committed
482 483 484 485 486 487
	// The PeersId value of messages received by ClientConn.mainLoop is
	// used to locate the right local clientChan in this slice.
	chans []*clientChan
}

// Allocate a new ClientChan with the next avail local id.
488
func (c *chanList) newChan(p packetConn) *clientChan {
Russ Cox's avatar
Russ Cox committed
489 490 491 492
	c.Lock()
	defer c.Unlock()
	for i := range c.chans {
		if c.chans[i] == nil {
493
			ch := newClientChan(p, uint32(i))
Russ Cox's avatar
Russ Cox committed
494 495 496 497 498
			c.chans[i] = ch
			return ch
		}
	}
	i := len(c.chans)
499
	ch := newClientChan(p, uint32(i))
Russ Cox's avatar
Russ Cox committed
500 501 502 503
	c.chans = append(c.chans, ch)
	return ch
}

504
func (c *chanList) getChan(id uint32) (*clientChan, bool) {
Russ Cox's avatar
Russ Cox committed
505 506
	c.Lock()
	defer c.Unlock()
507
	if id >= uint32(len(c.chans)) {
508
		return nil, false
509
	}
510
	return c.chans[id], true
Russ Cox's avatar
Russ Cox committed
511 512
}

513
func (c *chanList) remove(id uint32) {
Russ Cox's avatar
Russ Cox committed
514 515
	c.Lock()
	defer c.Unlock()
516
	c.chans[id] = nil
Russ Cox's avatar
Russ Cox committed
517 518
}

519
func (c *chanList) closeAll() {
520 521 522 523 524 525 526
	c.Lock()
	defer c.Unlock()

	for _, ch := range c.chans {
		if ch == nil {
			continue
		}
527
		ch.Close()
528
		close(ch.msg)
529 530
	}
}