aboutsummaryrefslogblamecommitdiffstats
path: root/lib/ssh/src/ssh_connection_handler.erl
blob: d26c586c54844bcc9b87e48748670265f44d6042 (plain) (tree)
1
2
3
4
5

                   
  
                                                        
  










                                                                           
  



                                                                        




                                                                        



                                                                         
                       




                              
                     

                        


                                          




                                                                             
                                    

                            
 

                                                                               
 
                

                  
                    


                                
                                           

                              



                                                          
                                               
                                                       
                              
                           


                           

                
            
 


                                                                      
 
                                                                      
                                                                      













                                                                                
 
                                                            
                                                          
       
                                                                    
                   

                                       






                                                                                                   
                    

                                                                                     
           





                                     
 
                                                             

                                                              
                                                                                                   


                                                                                            
        

 

                                                                        
 
                                
                                  
                                                             
                                    
                                                                            

                                       













                                                                     
                                    
 

                                                          





                                                                                               
         
                  





                                                        
        

                                                                      



                                                                      
                                                       



                                                                                   

                                                                               
                                                                        

                                                                          
                                                                          

                                                                      
                                                                      
                                                                   
                                                                       
                                                              
                                                              

                                                                      

                                                                      
                                                                

                                                                      

                                                                      
                                                                                





                                                               
                                                                         

                                                                      

                                                                      
                                                                    

                                                                      

                                                                      
                                              

                                                                      
                                                                      
                                    
                                                  
 
                                              
                                                        
 
                                                                      

                                                                      
                                                                

                                                                      

                                                                      
                                                             
                                                                      

                                                                      
                                         

                                                                      

                                                                      
                                       

                                                                      

                                                                      
                                                       

               
                          
              

        
                                                                      

                                                                      
                                         









                                          
                                                    

                                                                      
                       

                                                                      










                                                                                                
 



                                                                                 
                                                                  
                          

                                  

                                                                                                                 
                          
                                     
        
 
                                                                                        
                                                                 
                                           
                               
 
                                                        
                 

                                                                
 


                                                                                     


                                                                   
                                                                                              
                                                                                     


                                                                                           
                        



                                                                                               
        


























                                                                                
 

                                                                          
                                                                     

                                                                         
 

                                                                                 
                                                                             

                                                                                         
 

                                                                                     
                                                                             

                                                                                         
 

                                                                               
                                                                             

                                                                                          
 

                                                                            
                                                                             
                                    
                                                              

                                                                         
 

                                                                             
                                                                        

                                                                         
 



                                                                                          
                                                                               
                                   
                                                              

                                                                         
 
                                                                       
 













                                                                                            
 

                                                                 
                                                         
                                                                      
 






                                                                                                
                                                                                






                                                                                         
 

                                                                                         
                                                          

                                                                                             
 




                                                                                              
                                                                   

                                                                                                             

                                                               

                                                           
 


                                                                                              

                                                              
                                                       
                                                                                                             



                                                                          
                                             

                                                               


                                                                                                

                                                                                                       


                                                                                                        

                                                                 


                                                                          

                





                                                                                     
 








                                                                                                 
                        




                                                                                            
                                                                                   














                                                                                                  

                                                  

                                                                                
                                               

                                                                                                
                                

                                                                  
        
 


                                                                        
 

                                                                                     
                           
                                   
 
                                                           
 

                                                                                                
                                                                                

                                                                                                      
 



                                                                                                 

                                                             
                                     

                                                                       

                                                                                                      

                                                         

                                                                          
        

                                                                                           

                                                                  


                                                                   
 

                                                                                                             
 

                                                                                                             
 

                                                                                                                  
 


                                                                                                         

                                                                             










                                                                                     
 

                                                       
 



                                                                                           


                                                                                    









                                                                                     
 

                                                                                     
 

































                                                                                     
                                                                             






                                                                                              
                                                

                                   
                                        
                                                                                   

                                                                            
                                                                             

                                                                                 


                                                                                     



                                                                                                    
            
                                                 
        
                                                  


                                                


                                                                               
 
                                                                                

                                                                        























                                                                                             
 










                                                                              
 


                                                                                                
 


                                                                                     
 
                                                                     
                                                  
                                                 
 

                                                              










                                                                                                    
                                                         
 
                                                                          
                                        
                                                        
 

                                                                                    


                                                          
                                                                
                    
                                                             

        

                                                                                                                   






                                                                           
                                                                 
 
                                                                                              
                                                             
                                                                                            



                                                                                                   
 


                                                                                    
 

                                                                                                                    

                                                   

                                            
                                   
 

                                                                                                        

                                                   

                                            
                                   
 

                                                                                            


                                                                      
                                   
 

                                                                                                    

                                                                                 
                                                                                               
                                                    
                                                  

                                                    
                                                                                

        

                                                                                     

                                                       

                                                                         
            
                                                                          

        


                                                                                                    




                                                               
                                   




                                                            


                                                        


                                                       
                                                     
 

                                                                                      






                                                              
                                                         
 

                                                                                      






                                                              
                                                         
 











                                                                                
 

















                                                                                          
                                               
                                                                                         
      
























                                                                                                                 
                                                                         






                                                                                                 
                          
                           
                                                                              

                                                                                

                                                
                           
                                                                          


                                                                      
         

                           
                                                                          

                                                                
        
















                                                                                
                                                                  

                                                               
 
                                                             


                                                                                                
                                   

                                                             

                                                                                         
                
                                          


                                                   
                                                                                      
                                                                           

                                                   

                                                             

                                                   
 

                                                                                    
                                                       
 


                                                       









                                                                                                  

                                           

               
                                           







                                                                            

                                                                                   


                                                                                                           


                                           
 













                                                                              
 
                                                                      


                                                                                     
 
                                                        
                                                                                                       
                                                                                                    

























                                                                                                
 









                                                                                              
                                    

                                    
 
 
                                                           

                                                                                            
                         

       



                                                   














                                                       


                                                   
                                                            







                                                                 
 





                                                                      










                                                     

                                              

                                                                              


                                            
                                                                                























                                                                                         

                                                                       
                      
                          
                       


                            
                                                            

                                                               
 
                                                   
                                                            



                             
                        



                                                                               
                                     
                                                                         

                                                                               
                                                                                        


                                                         
                                                            
                                                               
                                                        
                                           

                                                            


                             
                        
                                                             
                        
                                                  
                                              
                           
                                      
                                                                         

                                                                               
                                                                                        

           

                                          
                                            

                                                                                     
                        
                                                             
                
                                                                      
           




                                                     



                                      
                                              
                                                            
                                                                                                      
                                                                                             

                                                             
      




                                                      
 











                                                                       









                                                       
 

                                   
 

                                  
 




                                                  


                            
         
                            
                            
                            
                            
                                  

                           
 


































                                                                                                          
         







                                                                                               
        
 
 
                                                                                 



                                              
                            




                                                
            







                                           
                                                                   







                                                                      
                                                                           
                    
                  








                                                                      
                                                                            
                    
                  

        
                                                                   











                                                                        
                                                              






                                                                            
                                                              



                                                                        
                         
 
                                                                   




































                                                                                
 



                                                                           







                                                                    




                                                                                              
 




                                                                                             
 


                                                                                                         
 
 






                                                                                    
 
                                                                   




                                                                  







                                                 
                                

       
                                                   



                                              
                                                     

        
                                          


                                              





                                                     
                                             
                                    
                     
                                             

        
                            
        


                                                                                                   
 


                                                                                                  
                                                                               
                                                
                                                                    



                                                                 

                                    
 
 














                                                                                        
 
 
                    



























                                                                                
                                                                               








                                                   
 
                                                                   

                                         









                                                    




                                                               
                                              


        

































                                                                        
                                                 
























                                                        
                            





                                                                







                                                       
%%
%% %CopyrightBegin%
%%
%% Copyright Ericsson AB 2008-2016. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%%     http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%
%% %CopyrightEnd%
%%
%%
%%----------------------------------------------------------------------
%% Purpose: Handles an ssh connection, e.i. both the
%% setup SSH Transport Layer Protocol (RFC 4253), Authentication
%% Protocol (RFC 4252) and SSH connection Protocol (RFC 4255)
%% Details of the different protocols are
%% implemented in ssh_transport.erl, ssh_auth.erl and ssh_connection.erl
%% ----------------------------------------------------------------------

-module(ssh_connection_handler).

-behaviour(gen_statem).

-include("ssh.hrl").
-include("ssh_transport.hrl").
-include("ssh_auth.hrl").
-include("ssh_connect.hrl").
-compile(export_all).
-export([start_link/3]).

%%-define(IO_FORMAT(F,A), io:format(F,A)).
-define(IO_FORMAT(F,A), ok).

%% Internal application API
-export([open_channel/6, reply_request/3, request/6, request/7,
	 global_request/4, send/5, send_eof/2, info/1, info/2,
	 connection_info/2, channel_info/3,
	 adjust_window/3, close/2, stop/1, renegotiate/1, renegotiate_data/1,
	 disconnect/1, disconnect/2,
	 start_connection/4,
	 get_print_info/1]).

%% gen_statem callbacks
-export([init/1, handle_event/4, terminate/3, format_status/2, code_change/4]).

-record(state, {
	  client,
	  starter,
	  auth_user,
	  connection_state,
	  latest_channel_id = 0,
	  idle_timer_ref,
	  transport_protocol,     % ex: tcp
	  transport_cb,
	  transport_close_tag,
	  ssh_params,             %  #ssh{} - from ssh.hrl
	  socket,                 %  socket()
	  decoded_data_buffer,    %  binary()
	  encoded_data_buffer,    %  binary()
	  undecoded_packet_length, %  integer()
	  key_exchange_init_msg,  %  #ssh_msg_kexinit{}
	  last_size_rekey = 0,
	  event_queue = [],
	  connection_queue,
	  address,
	  port,
	  opts,
	  recbuf
	 }).

%%====================================================================
%% Internal application API
%%====================================================================

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
start_connection(client = Role, Socket, Options, Timeout) ->
    try
	{ok, Pid} = sshc_sup:start_child([Role, Socket, Options]),
	{_, Callback, _} =
	    proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}),
	ok = socket_control(Socket, Pid, Callback),
	Ref = erlang:monitor(process, Pid),
	handshake(Pid, Ref, Timeout)
    catch
	exit:{noproc, _} ->
	    {error, ssh_not_started};
	_:Error ->
	    {error, Error}
    end;

start_connection(server = Role, Socket, Options, Timeout) ->
    SSH_Opts = proplists:get_value(ssh_opts, Options, []),
    try
	case proplists:get_value(parallel_login, SSH_Opts, false) of
	    true ->
		HandshakerPid =
		    spawn_link(fun() ->
				       receive
					   {do_handshake, Pid} ->
					       handshake(Pid, erlang:monitor(process,Pid), Timeout)
				       end
			       end),
		ChildPid = start_the_connection_child(HandshakerPid, Role, Socket, Options),
		HandshakerPid ! {do_handshake, ChildPid};
	    false ->
		ChildPid = start_the_connection_child(self(), Role, Socket, Options),
		handshake(ChildPid, erlang:monitor(process,ChildPid), Timeout)
	end
    catch
	exit:{noproc, _} ->
	    {error, ssh_not_started};
	_:Error ->
	    {error, Error}
    end.

start_the_connection_child(UserPid, Role, Socket, Options) ->
    Sups = proplists:get_value(supervisors, Options),
    ConnectionSup = proplists:get_value(connection_sup, Sups),
    Opts = [{supervisors, Sups}, {user_pid, UserPid} | proplists:get_value(ssh_opts, Options, [])],
    {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]),
    {_, Callback, _} =  proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}),
    socket_control(Socket, Pid, Callback),
    Pid.


start_link(Role, Socket, Options) ->
    {ok, proc_lib:spawn_link(?MODULE, init, [[Role, Socket, Options]])}.

init([Role, Socket, SshOpts]) ->
    process_flag(trap_exit, true),
    {NumVsn, StrVsn} = ssh_transport:versions(Role, SshOpts),
    {Protocol, Callback, CloseTag} =
	proplists:get_value(transport, SshOpts, {tcp, gen_tcp, tcp_closed}),
    Cache = ssh_channel:cache_create(),
    State0 = #state{
		connection_state = #connection{channel_cache = Cache,
					       channel_id_seed = 0,
					       port_bindings = [],
					       requests = [],
					       options = SshOpts},
		socket = Socket,
		decoded_data_buffer = <<>>,
		encoded_data_buffer = <<>>,
		transport_protocol = Protocol,
		transport_cb = Callback,
		transport_close_tag = CloseTag,
		opts = SshOpts
	       },

    State = init_role(Role, State0),

    try init_ssh(Role, NumVsn, StrVsn, SshOpts, Socket) of
	Ssh ->
	    gen_statem:enter_loop(?MODULE,
				  [], %%[{debug,[trace,log,statistics,debug]} || Role==server],
				  handle_event_function,
				  {hello,Role},
				  State#state{ssh_params = Ssh},
				  [])
    catch
	_:Error ->
	    gen_statem:enter_loop(?MODULE,
				  [],
				  handle_event_function,
				  {init_error,Error},
				  State,
				  [])
    end.

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
open_channel(ConnectionHandler, ChannelType, ChannelSpecificData,
					InitialWindowSize,
	     MaxPacketSize, Timeout) ->
    call(ConnectionHandler, {open, self(), ChannelType,
						  InitialWindowSize, MaxPacketSize,
						  ChannelSpecificData,
						  Timeout}).
%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
request(ConnectionHandler, ChannelPid, ChannelId, Type, true, Data, Timeout) ->
    call(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data,
						  Timeout});
request(ConnectionHandler, ChannelPid, ChannelId, Type, false, Data, _) ->
    cast(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data}).

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
request(ConnectionHandler, ChannelId, Type, true, Data, Timeout) ->
    call(ConnectionHandler, {request, ChannelId, Type, Data, Timeout});
request(ConnectionHandler, ChannelId, Type, false, Data, _) ->
    cast(ConnectionHandler, {request, ChannelId, Type, Data}).

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
reply_request(ConnectionHandler, Status, ChannelId) ->
    cast(ConnectionHandler, {reply_request, Status, ChannelId}).

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
global_request(ConnectionHandler, Type, true = Reply, Data) ->
    case call(ConnectionHandler, {global_request, self(), Type, Reply, Data}) of
	{ssh_cm, ConnectionHandler, {success, _}} ->
	    ok;
	{ssh_cm, ConnectionHandler, {failure, _}} ->
	    error
    end;
global_request(ConnectionHandler, Type, false = Reply, Data) ->
    cast(ConnectionHandler, {global_request, self(), Type, Reply, Data}).

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
send(ConnectionHandler, ChannelId, Type, Data, Timeout) ->
    call(ConnectionHandler, {data, ChannelId, Type, Data, Timeout}).

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
send_eof(ConnectionHandler, ChannelId) ->
    call(ConnectionHandler, {eof, ChannelId}).

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
get_print_info(ConnectionHandler) ->
    call(ConnectionHandler, get_print_info, 1000).

connection_info(ConnectionHandler, Options) ->
    call(ConnectionHandler, {connection_info, Options}).

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
channel_info(ConnectionHandler, ChannelId, Options) ->
    call(ConnectionHandler, {channel_info, ChannelId, Options}).

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
adjust_window(ConnectionHandler, Channel, Bytes) ->
    cast(ConnectionHandler, {adjust_window, Channel, Bytes}).
%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
renegotiate(ConnectionHandler) ->
    cast(ConnectionHandler, renegotiate).

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
renegotiate_data(ConnectionHandler) ->
    cast(ConnectionHandler, data_size).

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
close(ConnectionHandler, ChannelId) ->
    case call(ConnectionHandler, {close, ChannelId}) of
	ok ->
	    ok;
	{error, closed} ->
	    ok
    end.

%%--------------------------------------------------------------------
%%--------------------------------------------------------------------
stop(ConnectionHandler)->
    case call(ConnectionHandler, stop) of
       {error, closed} ->
	    ok;
	Other ->
	    Other
    end.

info(ConnectionHandler) ->
    info(ConnectionHandler, {info, all}).

info(ConnectionHandler, ChannelProcess) ->
    call(ConnectionHandler, {info, ChannelProcess}).

%%====================================================================
%% gen_statem callbacks
%%====================================================================

%% Temporary fix for the Nessus error.  SYN->   <-SYNACK  ACK->  RST-> ?
handle_event(_, _Event, {init_error,Error}, _State) ->
    case Error of
	{badmatch,{error,enotconn}} ->
	    %% {error,enotconn} probably from inet:peername in
	    %% init_ssh(server,..)/5 called from init/1
	    {stop, {shutdown,"TCP connenction to server was prematurely closed by the client"}};
	_ ->
	    {stop, {shutdown,{init,Error}}}
    end;


%%% ######## {hello, client|server} ####

handle_event(_, socket_control, StateName={hello,_}, S=#state{socket=Socket, 
							      ssh_params=Ssh}) ->
    VsnMsg = ssh_transport:hello_version_msg(string_version(Ssh)),
    send_bytes(VsnMsg, S),
    case getopt(recbuf, Socket) of
	{ok, Size} ->
	    inet:setopts(Socket, [{packet, line}, {active, once}, {recbuf, ?MAX_PROTO_VERSION}, {nodelay,true}]),
	    {next_state, StateName, S#state{recbuf=Size}};
	{error, Reason} ->
	    {stop, {shutdown,Reason}}
    end;

handle_event(_, {info_line,_Line}, StateName={hello,client}, S=#state{socket=Socket}) ->
    %% The server may send info lines before the version_exchange
    inet:setopts(Socket, [{active, once}]),
    {next_state, StateName, S};

handle_event(_, {info_line,_Line}, {hello,server}, S) ->
    %% as openssh
    send_bytes("Protocol mismatch.", S),
    {stop, {shutdown,"Protocol mismatch in version exchange."}};

handle_event(_, {version_exchange,Version}, {hello,Role}, S=#state{ssh_params = Ssh0,
								   socket = Socket,
								   recbuf = Size}) ->
    {NumVsn, StrVsn} = ssh_transport:handle_hello_version(Version),
    case handle_version(NumVsn, StrVsn, Ssh0) of
	{ok, Ssh1} ->
	    inet:setopts(Socket, [{packet,0}, {mode,binary}, {active, once}, {recbuf, Size}]),
	    {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh1),
	    send_bytes(SshPacket, S),
	    {next_state, {kexinit,Role,init}, S#state{ssh_params = Ssh,
						      key_exchange_init_msg = KeyInitMsg}};
	not_supported ->
	    disconnect(
	      #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED,
				  description = ["Protocol version ",StrVsn," not supported"]},
	      {next_state, {hello,Role}, S})
    end;
		  
%%% ######## {kexinit, client|server, init|renegotiate} ####

handle_event(_, {#ssh_msg_kexinit{} = Kex, Payload}, {kexinit,client,ReNeg},
	     S = #state{ssh_params = Ssh0,
			key_exchange_init_msg = OwnKex}) ->
    Ssh1 = ssh_transport:key_init(server, Ssh0, Payload), % Yes, *server*
    {ok, NextKexMsg, Ssh} = ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1),
    send_bytes(NextKexMsg, S),
    {next_state, {key_exchange,client,ReNeg}, S#state{ssh_params = Ssh}};

handle_event(_, {#ssh_msg_kexinit{} = Kex, Payload}, {kexinit,server,ReNeg},
	     S = #state{ssh_params = Ssh0,
			key_exchange_init_msg = OwnKex}) ->
    Ssh1 = ssh_transport:key_init(client, Ssh0, Payload), % Yes, *client*
    {ok, Ssh} = ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1),
    {next_state, {key_exchange,server,ReNeg}, S#state{ssh_params = Ssh}};

%%% ######## {key_exchange, client|server, init|renegotiate} ####

handle_event(_, #ssh_msg_kexdh_init{} = Msg, {key_exchange,server,ReNeg},
	     S = #state{ssh_params = Ssh0}) ->
    {ok, KexdhReply, Ssh1} = ssh_transport:handle_kexdh_init(Msg, Ssh0),
    send_bytes(KexdhReply, S),
    {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1),
    send_bytes(NewKeys, S),
    {next_state, {new_keys,server,ReNeg}, S#state{ssh_params = Ssh}};

handle_event(_, #ssh_msg_kexdh_reply{} = Msg, {key_exchange,client,ReNeg},
	     #state{ssh_params=Ssh0} = State) ->
    {ok, NewKeys, Ssh} = ssh_transport:handle_kexdh_reply(Msg, Ssh0),
    send_bytes(NewKeys, State),
    {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh}};

handle_event(_, #ssh_msg_kex_dh_gex_request{} = Msg, {key_exchange,server,ReNeg},
	     #state{ssh_params=Ssh0} = State) ->
    {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0),
    send_bytes(GexGroup, State),
    {next_state, {key_exchange_dh_gex_init,server,ReNeg}, State#state{ssh_params = Ssh}};

handle_event(_, #ssh_msg_kex_dh_gex_request_old{} = Msg, {key_exchange,server,ReNeg},
	     #state{ssh_params=Ssh0} = State) ->
    {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0),
    send_bytes(GexGroup, State),
    {next_state, {key_exchange_dh_gex_init,server,ReNeg}, State#state{ssh_params = Ssh}};

handle_event(_, #ssh_msg_kex_dh_gex_group{} = Msg, {key_exchange,client,ReNeg},
	     #state{ssh_params=Ssh0} = State) ->
    {ok, KexGexInit, Ssh} = ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0),
    send_bytes(KexGexInit, State),
    {next_state, {key_exchange_dh_gex_reply,client,ReNeg}, State#state{ssh_params = Ssh}};

handle_event(_, #ssh_msg_kex_ecdh_init{} = Msg, {key_exchange,server,ReNeg},
	     #state{ssh_params=Ssh0} = State) ->
    {ok, KexEcdhReply, Ssh1} = ssh_transport:handle_kex_ecdh_init(Msg, Ssh0),
    send_bytes(KexEcdhReply, State),
    {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1),
    send_bytes(NewKeys, State),
    {next_state, {new_keys,server,ReNeg}, State#state{ssh_params = Ssh}};

handle_event(_, #ssh_msg_kex_ecdh_reply{} = Msg, {key_exchange,client,ReNeg},
	     #state{ssh_params=Ssh0} = State) ->
    {ok, NewKeys, Ssh} = ssh_transport:handle_kex_ecdh_reply(Msg, Ssh0),
    send_bytes(NewKeys, State),
    {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh}};

%%% ######## {key_exchange_dh_gex_init, server, init|renegotiate} ####

handle_event(_, #ssh_msg_kex_dh_gex_init{} = Msg, {key_exchange_dh_gex_init,server,ReNeg},
	     #state{ssh_params=Ssh0} = State) ->
    {ok, KexGexReply, Ssh1} =  ssh_transport:handle_kex_dh_gex_init(Msg, Ssh0),
    send_bytes(KexGexReply, State),
    {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1),
    send_bytes(NewKeys, State),
    {next_state, {new_keys,server,ReNeg}, State#state{ssh_params = Ssh}};

%%% ######## {key_exchange_dh_gex_reply, client, init|renegotiate} ####

handle_event(_, #ssh_msg_kex_dh_gex_reply{} = Msg, {key_exchange_dh_gex_reply,client,ReNeg},
	     #state{ssh_params=Ssh0} = State) ->
    {ok, NewKeys, Ssh1} = ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0),
    send_bytes(NewKeys, State),
    {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh1}};

%%% ######## {new_keys, client|server} ####

handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,client,init},
	     #state{ssh_params = Ssh0} = State) ->
    {ok, Ssh1} = ssh_transport:handle_new_keys(Msg, Ssh0),
    {MsgReq, Ssh} = ssh_auth:service_request_msg(Ssh1),
    send_bytes(MsgReq, State),
    {next_state, {service_request,client}, State#state{ssh_params=Ssh}};

handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,server,init},
	     S = #state{ssh_params = Ssh0}) ->
    {ok, Ssh} = ssh_transport:handle_new_keys(Msg, Ssh0),
    {next_state, {service_request,server}, S#state{ssh_params = Ssh}};

handle_event(_, #ssh_msg_newkeys{}, {new_keys,Role,renegotiate}, S) ->
    {next_state, {connected,Role}, S};

%%% ######## {service_request, client|server}

handle_event(_, #ssh_msg_service_request{name = "ssh-userauth"} = Msg, {service_request,server},
	     #state{ssh_params = #ssh{session_id=SessionId} = Ssh0} = State) ->
    {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0),
    send_bytes(Reply, State),
    {next_state, {userauth,server}, State#state{ssh_params = Ssh}};

handle_event(_, #ssh_msg_service_request{}, {service_request,server}=StateName, State) ->
    Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE,
			      description = "Unknown service"},
    disconnect(Msg, StateName, State);

handle_event(_, #ssh_msg_service_accept{name = "ssh-userauth"}, {service_request,client},
	     #state{ssh_params = #ssh{service="ssh-userauth"} = Ssh0} = State) ->
    {Msg, Ssh} = ssh_auth:init_userauth_request_msg(Ssh0),
    send_bytes(Msg, State),
    {next_state, {userauth,client}, State#state{auth_user = Ssh#ssh.user, ssh_params = Ssh}};

%%% ######## {userauth, client|server} ####

handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection",
					  method = "none"} = Msg, StateName={userauth,server},
        #state{ssh_params = #ssh{session_id = SessionId,
                                 service = "ssh-connection"} = Ssh0
              } = State) ->
?IO_FORMAT('~p #ssh_msg_userauth_request{ssh-connection,~p}~n',[self(),Msg#ssh_msg_userauth_request.method]),
    {not_authorized, {_User, _Reason}, {Reply, Ssh}} =
	ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0),
    send_bytes(Reply, State),
    {next_state, StateName, State#state{ssh_params = Ssh}};

handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection",
					  method = Method} = Msg, StateName={userauth,server},
	 #state{ssh_params = #ssh{session_id = SessionId,
				  service = "ssh-connection",
				  peer = {_, Address}} = Ssh0,
		opts = Opts, starter = Pid} = State) ->
?IO_FORMAT('~p #ssh_msg_userauth_request{ssh-connection,~p}~n',[self(),Msg#ssh_msg_userauth_request.method]),
    case lists:member(Method, Ssh0#ssh.userauth_methods) of
	true ->
	    case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of
		{authorized, User, {Reply, Ssh}} ->
		    send_bytes(Reply, State),
		    Pid ! ssh_connected,
		    connected_fun(User, Address, Method, Opts),
?IO_FORMAT('~p CONNECTED!~n',[self()]),
		    {next_state, {connected,server},
		     State#state{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}}};
		{not_authorized, {User, Reason}, {Reply, Ssh}} when Method == "keyboard-interactive" ->
		    retry_fun(User, Address, Reason, Opts),
		    send_bytes(Reply, State),
?IO_FORMAT('~p not_authorized (1)~n',[self()]),
		    {next_state, {userauth_keyboard_interactive,server}, State#state{ssh_params = Ssh}};
		{not_authorized, {User, Reason}, {Reply, Ssh}} ->
		    retry_fun(User, Address, Reason, Opts),
		    send_bytes(Reply, State),
?IO_FORMAT('~p not_authorized (2)~n',[self()]),
		    {next_state, StateName, State#state{ssh_params = Ssh}}
	    end;
	false ->
	    %% At least one non-erlang client does like this. Retry as the next event
?IO_FORMAT('~p bug-fix~n',[self()]),
	    {next_state, StateName, State,
	     [{next_event, internal, Msg#ssh_msg_userauth_request{method="none"}}]
	    }
	     end;

handle_event(_, #ssh_msg_userauth_request{service = Service}, {userauth,server}=StateName, State)
  when Service =/= "ssh-connection" ->
?IO_FORMAT('~p #ssh_msg_userauth_request{~p,...}~n',[self(),Service]),
    Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE,
			      description = "Unknown service"},
    disconnect(Msg, StateName, State);

handle_event(_, #ssh_msg_userauth_success{}, {userauth,client}, #state{ssh_params = Ssh,
								       starter = Pid} = State) ->
    Pid ! ssh_connected,
    {next_state, {connected,client}, State#state{ssh_params=Ssh#ssh{authenticated = true}}};

handle_event(_, #ssh_msg_userauth_failure{}, {userauth,client}=StateName,
	     #state{ssh_params = #ssh{userauth_methods = []}}  = State) ->
    Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,
			      description = "Unable to connect using the available"
			                    " authentication methods"},
    disconnect(Msg, StateName, State);


handle_event(_, #ssh_msg_userauth_failure{authentications = Methods}, StateName={userauth,client},
	     #state{ssh_params = Ssh0 = #ssh{userauth_methods=AuthMthds}} = State) ->
    %% The prefered authentication method failed try next method
    Ssh1 = case AuthMthds of
	       none ->
		   %% Server tells us which authentication methods that are allowed
		   Ssh0#ssh{userauth_methods = string:tokens(Methods, ",")};
	       _ ->
		   %% We already know...
		   Ssh0
	   end,
    case ssh_auth:userauth_request_msg(Ssh1) of
	{disconnect, DisconnectMsg, {Msg, Ssh}} ->
	    send_bytes(Msg, State),
	    disconnect(DisconnectMsg, StateName, State#state{ssh_params = Ssh});
	{"keyboard-interactive", {Msg, Ssh}} ->
	    send_bytes(Msg, State),
	    {next_state, {userauth_keyboard_interactive,client}, State#state{ssh_params = Ssh}};
	{_Method, {Msg, Ssh}} ->
	    send_bytes(Msg, State),
	    {next_state, StateName, State#state{ssh_params = Ssh}}
    end;

handle_event(_, #ssh_msg_userauth_banner{}, StateName={userauth,client},
	 #state{ssh_params = #ssh{userauth_quiet_mode=true}} = State) ->
    {next_state, StateName, State};

handle_event(_, #ssh_msg_userauth_banner{message = Msg}, StateName={userauth,client},
	 #state{ssh_params = #ssh{userauth_quiet_mode=false}} = State) ->
    io:format("~s", [Msg]),
    {next_state, StateName, State};

%%% ######## {userauth_keyboard_interactive, client|server}

handle_event(_, #ssh_msg_userauth_info_request{} = Msg, {userauth_keyboard_interactive, client},
	     #state{ssh_params = #ssh{io_cb=IoCb} = Ssh0} = State) ->
    {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_request(Msg, IoCb, Ssh0),
    send_bytes(Reply, State),
    {next_state, {userauth_keyboard_interactive_info_response,client}, State#state{ssh_params = Ssh}};

handle_event(_, #ssh_msg_userauth_info_response{} = Msg, {userauth_keyboard_interactive, server},
	     #state{ssh_params = #ssh{peer = {_,Address}} = Ssh0,
		    opts = Opts,
		    starter = Pid} = State) ->
    case ssh_auth:handle_userauth_info_response(Msg, Ssh0) of
	{authorized, User, {Reply, Ssh}} ->
	    send_bytes(Reply, State),
	    Pid ! ssh_connected,
	    connected_fun(User, Address, "keyboard-interactive", Opts),
	    {next_state, {connected,server}, State#state{auth_user = User,
							 ssh_params = Ssh#ssh{authenticated = true}}};
	{not_authorized, {User, Reason}, {Reply, Ssh}} ->
	    retry_fun(User, Address, Reason, Opts),
	    send_bytes(Reply, State),
	    {next_state, {userauth,server}, State#state{ssh_params = Ssh}}
    end;
handle_event(_, Msg = #ssh_msg_userauth_failure{}, {userauth_keyboard_interactive, client},
	     #state{ssh_params = Ssh0 = #ssh{userauth_preference=Prefs0}} = State) ->
    Prefs = [{Method,M,F,A} || {Method,M,F,A} <- Prefs0,
			       Method =/= "keyboard-interactive"],
    {next_state, {userauth,client},
     State#state{ssh_params = Ssh0#ssh{userauth_preference=Prefs}},
     [{next_event, internal, Msg}]};

handle_event(_, Msg=#ssh_msg_userauth_failure{}, {userauth_keyboard_interactive_info_response, client}, S) ->
    {next_state, {userauth,client}, S, [{next_event, internal, Msg}]};

handle_event(_, Msg=#ssh_msg_userauth_success{}, {userauth_keyboard_interactive_info_response, client}, S) ->
    {next_state, {userauth,client}, S, [{next_event, internal, Msg}]};

handle_event(_, Msg=#ssh_msg_userauth_info_request{}, {userauth_keyboard_interactive_info_response, client}, S) ->
    {next_state, {userauth_keyboard_interactive,client}, S, [{next_event, internal, Msg}]};

%%% ######## {connected, client|server} ####

handle_event(_, {#ssh_msg_kexinit{},_} = Event, {connected,Role},  #state{ssh_params = Ssh0} = State0) ->
    {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0),
    State = State0#state{ssh_params = Ssh,
			 key_exchange_init_msg = KeyInitMsg},
    send_bytes(SshPacket, State),
    {next_state, {kexinit,Role,renegotiate}, State, [{next_event, internal, Event}]};

handle_event(_, #ssh_msg_disconnect{description=Desc} = Msg, StateName,
	     State0 = #state{connection_state = Connection0}) ->
    {disconnect, _, {{replies, Replies}, _Connection}} =
	ssh_connection:handle_msg(Msg, Connection0, role(StateName)),
    {Repls,State} = send_replies(Replies, State0),
    disconnect_fun(Desc, State#state.opts),
    {stop_and_reply, {shutdown,Desc}, Repls, State};

handle_event(_, #ssh_msg_ignore{}, StateName, State) ->
    {next_state, StateName, State};

handle_event(_, #ssh_msg_debug{always_display = Display,
			       message = DbgMsg,
			       language = Lang}, StateName, #state{opts = Opts} = State) ->
    F = proplists:get_value(ssh_msg_debug_fun, Opts,
			    fun(_ConnRef, _AlwaysDisplay, _Msg, _Language) -> ok end
			   ),
    catch F(self(), Display, DbgMsg, Lang),
    {next_state, StateName, State};

handle_event(_, #ssh_msg_unimplemented{}, StateName, State) ->
    {next_state, StateName, State};

handle_event(internal, Msg=#ssh_msg_global_request{},            StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_request_success{},           StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_request_failure{},           StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_open{},              StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_open_confirmation{}, StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_open_failure{},      StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_window_adjust{},     StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_data{},              StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_extended_data{},     StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_eof{},               StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_close{},             StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_request{},           StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_success{},           StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(internal, Msg=#ssh_msg_channel_failure{},           StateName, State) ->
    handle_connection_msg(Msg, StateName, State);

handle_event(cast, renegotiate, {connected,Role}, #state{ssh_params=Ssh0} = State) ->
    {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0),
    send_bytes(SshPacket, State),
%%% FIXME: timer
    timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]),
    {next_state, {kexinit,Role,renegotiate}, State#state{ssh_params = Ssh,
							 key_exchange_init_msg = KeyInitMsg}};

handle_event(cast, renegotiate, StateName, State) ->
    %% Already in key-exchange so safe to ignore
    {next_state, StateName, State};

%% Rekey due to sent data limit reached?
handle_event(cast, data_size, {connected,Role}, #state{ssh_params=Ssh0} = State) ->
    {ok, [{send_oct,Sent0}]} = inet:getstat(State#state.socket, [send_oct]),
    Sent = Sent0 - State#state.last_size_rekey,
    MaxSent = proplists:get_value(rekey_limit, State#state.opts, 1024000000),
%%% FIXME: timer
    timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, [self(), data_size]),
    case Sent >= MaxSent of
	true ->
	    {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0),
	    send_bytes(SshPacket, State),
	    {next_state, {kexinit,Role,renegotiate}, State#state{ssh_params = Ssh,
								 key_exchange_init_msg = KeyInitMsg,
								 last_size_rekey = Sent0}};
	_ ->
	    {next_state, {connected,Role}, State}
    end;
handle_event(cast, data_size, StateName, State) ->
    %% Already in key-exchange so safe to ignore
    {next_state, StateName, State};

handle_event(cast, _, StateName, State) when StateName /= {connected,server},
					     StateName /= {connected,client} ->
    {next_state, StateName, State, [postpone]};

handle_event(cast, {adjust_window,ChannelId,Bytes}, StateName={connected,_Role},
	     #state{connection_state =
			#connection{channel_cache = Cache}} = State0) ->
    case ssh_channel:cache_lookup(Cache, ChannelId) of
	#channel{recv_window_size = WinSize,
		 recv_window_pending = Pending,
		 recv_packet_size = PktSize} = Channel
	  when (WinSize-Bytes) >= 2*PktSize ->
	    %% The peer can send at least two more *full* packet, no hurry.
	    ssh_channel:cache_update(Cache,
				     Channel#channel{recv_window_pending = Pending + Bytes}),
	    {next_state, StateName, State0};
	
	#channel{recv_window_size = WinSize,
		 recv_window_pending = Pending,
		 remote_id = Id} = Channel ->
	    %% Now we have to update the window - we can't receive so many more pkts
	    ssh_channel:cache_update(Cache,
				     Channel#channel{recv_window_size =
							 WinSize + Bytes + Pending,
						     recv_window_pending = 0}),
	    Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes + Pending),
	    {next_state, StateName, send_msg(Msg,State0)};
	
	undefined ->
	    {next_state, StateName, State0}
    end;

handle_event(cast, {reply_request,success,ChannelId}, StateName={connected,_},
	     #state{connection_state =
			#connection{channel_cache = Cache}} = State0) ->
    case ssh_channel:cache_lookup(Cache, ChannelId) of
	#channel{remote_id = RemoteId} ->
	    Msg = ssh_connection:channel_success_msg(RemoteId),
	    {next_state, StateName, send_msg(Msg,State0)};
	
	undefined ->
	    {next_state, StateName, State0}
    end;

handle_event(cast, {request,ChannelPid,ChannelId,Type,Data}, StateName={connected,_}, State0) ->
    State = handle_request(ChannelPid, ChannelId, Type, Data, false, none, State0),
    {next_state, StateName, State};

handle_event(cast, {request,ChannelId,Type,Data}, StateName={connected,_}, State0) ->
    State = handle_request(ChannelId, Type, Data, false, none, State0),
    {next_state, StateName, State};

handle_event(cast, {unknown,Data}, StateName={connected,_}, State) ->
    Msg = #ssh_msg_unimplemented{sequence = Data},
    {next_state, StateName, send_msg(Msg,State)};

%%% Previously handle_sync_event began here
handle_event({call,From}, get_print_info, StateName, State) ->
    Reply =
	try
	    {inet:sockname(State#state.socket),
	     inet:peername(State#state.socket)
	    }
	of
	    {{ok,Local}, {ok,Remote}} -> {{Local,Remote},io_lib:format("statename=~p",[StateName])};
	    _ -> {{"-",0},"-"}
	catch
	    _:_ -> {{"?",0},"?"}
	end,
    {next_state, StateName, State, [{reply,From,Reply}]};

handle_event({call,From}, {connection_info, Options}, StateName, State) ->
    Info = ssh_info(Options, State, []),
    {next_state, StateName, State, [{reply,From,Info}]};

handle_event({call,From}, {channel_info,ChannelId,Options}, StateName,
	     State=#state{connection_state = #connection{channel_cache = Cache}}) ->
    case ssh_channel:cache_lookup(Cache, ChannelId) of
       #channel{} = Channel ->
	    Info = ssh_channel_info(Options, Channel, []),
	    {next_state, StateName, State, [{reply,From,Info}]};
	undefined ->
	    {next_state, StateName, State, [{reply,From,[]}]}
    end;

handle_event({call,From}, {info, ChannelPid}, StateName, State = #state{connection_state =
									    #connection{channel_cache = Cache}}) ->
    Result = ssh_channel:cache_foldl(
	       fun(Channel, Acc) when ChannelPid == all;
				      Channel#channel.user == ChannelPid ->
		       [Channel | Acc];
		  (_, Acc) ->
		       Acc
	       end, [], Cache),
    {next_state, StateName, State, [{reply, From, {ok,Result}}]};

handle_event({call,From}, stop, StateName, #state{connection_state = Connection0} = State0) ->
    {disconnect, _Reason, {{replies, Replies}, Connection}} =
	ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION,
						      description = "User closed down connection"},
				  Connection0, role(StateName)),
    {Repls,State} = send_replies(Replies, State0),
    {stop_and_reply, normal, [{reply,From,ok}|Repls], State#state{connection_state=Connection}};

handle_event({call,_}, _, StateName, State) when StateName /= {connected,server},
						 StateName /= {connected,client}  ->
    {next_state, StateName, State, [postpone]};

handle_event({call,From}, {request, ChannelPid, ChannelId, Type, Data, Timeout}, StateName={connected,_}, State0) ->
    State = handle_request(ChannelPid, ChannelId, Type, Data, true, From, State0),
    %% Note reply to channel will happen later when
    %% reply is recived from peer on the socket
    start_timeout(ChannelId, From, Timeout),
    handle_idle_timeout(State),
    {next_state, StateName, State};

handle_event({call,From}, {request, ChannelId, Type, Data, Timeout}, StateName={connected,_}, State0) ->
    State = handle_request(ChannelId, Type, Data, true, From, State0),
    %% Note reply to channel will happen later when
    %% reply is recived from peer on the socket
    start_timeout(ChannelId, From, Timeout),
    handle_idle_timeout(State),
    {next_state, StateName, State};

handle_event({call,From}, {global_request, Pid, _, _, _} = Request, StateName={connected,_},
	     #state{connection_state = #connection{channel_cache = Cache}} = State0) ->
    State1 = handle_global_request(Request, State0),
    Channel = ssh_channel:cache_find(Pid, Cache),
    State = add_request(true, Channel#channel.local_id, From, State1),
    {next_state, StateName, State};

handle_event({call,From}, {data, ChannelId, Type, Data, Timeout}, StateName={connected,_},
	     #state{connection_state = #connection{channel_cache=_Cache} = Connection0} = State0) ->
    case ssh_connection:channel_data(ChannelId, Type, Data, Connection0, From) of
	{{replies, Replies}, Connection} ->
	    {Repls,State} = send_replies(Replies, State0#state{connection_state = Connection}),
	    start_timeout(ChannelId, From, Timeout),
	    {next_state, StateName, State, Repls};
	{noreply, Connection} ->
	    start_timeout(ChannelId, From, Timeout),
	    {next_state, StateName, State0#state{connection_state = Connection}}
    end;

handle_event({call,From}, {eof, ChannelId}, StateName={connected,_},
	     #state{connection_state = #connection{channel_cache=Cache}} = State0) ->
    case ssh_channel:cache_lookup(Cache, ChannelId) of
	#channel{remote_id = Id, sent_close = false} ->
	    State = send_msg(ssh_connection:channel_eof_msg(Id), State0),
	    {next_state, StateName, State, [{reply,From,ok}]};
	_ ->
	    {next_state, StateName, State0, [{reply,From,{error,closed}}]}
    end;

handle_event({call,From}, {open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data, Timeout},
	     StateName={connected,_},
	     #state{connection_state = #connection{channel_cache = Cache}} = State0) ->
    erlang:monitor(process, ChannelPid),
    {ChannelId, State1}  = new_channel_id(State0),
    Msg = ssh_connection:channel_open_msg(Type, ChannelId,
					  InitialWindowSize,
					  MaxPacketSize, Data),
    State2 = send_msg(Msg, State1),
    Channel = #channel{type = Type,
		       sys = "none",
		       user = ChannelPid,
		       local_id = ChannelId,
		       recv_window_size = InitialWindowSize,
		       recv_packet_size = MaxPacketSize,
		       send_buf = queue:new()
		      },
    ssh_channel:cache_update(Cache, Channel),
    State = add_request(true, ChannelId, From, State2),
    start_timeout(ChannelId, From, Timeout),
    {next_state, StateName, remove_timer_ref(State)};

handle_event({call,From}, {send_window, ChannelId}, StateName={connected,_},
	     #state{connection_state = #connection{channel_cache = Cache}} = State) ->
    Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of
		#channel{send_window_size = WinSize,
			 send_packet_size = Packsize} ->
		    {ok, {WinSize, Packsize}};
		undefined ->
		    {error, einval}
	    end,
    {next_state, StateName, State, [{reply,From,Reply}]};

handle_event({call,From}, {recv_window, ChannelId}, StateName={connected,_},
	     #state{connection_state = #connection{channel_cache = Cache}} = State) ->
    Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of
		#channel{recv_window_size = WinSize,
			 recv_packet_size = Packsize} ->
		    {ok, {WinSize, Packsize}};
		undefined ->
		    {error, einval}
	    end,
    {next_state, StateName, State, [{reply,From,Reply}]};

handle_event({call,From}, {close, ChannelId}, StateName={connected,_},
	     #state{connection_state =
			#connection{channel_cache = Cache}} = State0) ->
    case ssh_channel:cache_lookup(Cache, ChannelId) of
	#channel{remote_id = Id} = Channel ->
	    State1 = send_msg(ssh_connection:channel_close_msg(Id), State0),
	    ssh_channel:cache_update(Cache, Channel#channel{sent_close = true}),
	    handle_idle_timeout(State1),
	    {next_state, StateName, State1, [{reply,From,ok}]};
	undefined ->
	    {next_state, StateName, State0, [{reply,From,ok}]}
    end;

handle_event(info, {Protocol, Socket, "SSH-" ++ _ = Version}, StateName={hello,_},
	     State=#state{socket = Socket,
			  transport_protocol = Protocol}) ->
    {next_state, StateName, State,  [{next_event, internal, {version_exchange,Version}}]};

handle_event(info, {Protocol, Socket, Info}, StateName={hello,_},
	     State=#state{socket = Socket,
			  transport_protocol = Protocol}) ->
    {next_state, StateName, State,  [{next_event, internal, {info_line,Info}}]};

handle_event(info, {Protocol, Socket, Data}, StateName, State0 =
		 #state{socket = Socket,
			transport_protocol = Protocol,
			decoded_data_buffer = DecData0,
			encoded_data_buffer = EncData0,
			undecoded_packet_length = RemainingSshPacketLen0,
			ssh_params = Ssh0}) ->
?IO_FORMAT('~p Recv tcp~n',[self()]),
    Encoded = <<EncData0/binary, Data/binary>>,
    try ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0)
    of
	{decoded, Bytes, EncDataRest, Ssh1} ->
	    State = State0#state{ssh_params =
				     Ssh1#ssh{recv_sequence = ssh_transport:next_seqnum(Ssh1#ssh.recv_sequence)},
				 decoded_data_buffer = <<>>,
				 undecoded_packet_length = undefined,
				 encoded_data_buffer = EncDataRest},
	    try
		ssh_message:decode(set_prefix_if_trouble(Bytes,State))
	    of
		Msg = #ssh_msg_kexinit{} ->
		    {next_state, StateName, State, [{next_event, internal, {Msg,Bytes}},
						    {next_event, internal, prepare_next_packet}
						   ]};
		Msg ->
		    {next_state, StateName, State, [{next_event, internal, Msg},
						    {next_event, internal, prepare_next_packet}
						   ]}
	    catch
		_C:_E  ->
		    DisconnectMsg =
			#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
					    description = "Encountered unexpected input"},
		    disconnect(DisconnectMsg, StateName, State)
	    end;

	{get_more, DecBytes, EncDataRest, RemainingSshPacketLen, Ssh1} ->
	    %% Here we know that there are not enough bytes in EncDataRest to use. Must wait.
	    inet:setopts(Socket, [{active, once}]),
	    {next_state, StateName, State0#state{encoded_data_buffer = EncDataRest,
						 decoded_data_buffer = DecBytes,
						 undecoded_packet_length = RemainingSshPacketLen,
						 ssh_params = Ssh1}};

	{bad_mac, Ssh1} ->
	    DisconnectMsg =
		    #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
					description = "Bad mac"},
	    disconnect(DisconnectMsg, StateName, State0#state{ssh_params=Ssh1});

	{error, {exceeds_max_size,PacketLen}} ->
	    DisconnectMsg =
		#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
				    description = "Bad packet length "
				    ++ integer_to_list(PacketLen)},
	    disconnect(DisconnectMsg, StateName, State0)
    catch
	_C:_E ->
	    DisconnectMsg =
		#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
				    description = "Bad packet"},
	    disconnect(DisconnectMsg, StateName, State0)
    end;

handle_event(internal, prepare_next_packet, StateName, State) ->
    Enough =  erlang:max(8, State#state.ssh_params#ssh.decrypt_block_size),
    case size(State#state.encoded_data_buffer) of
	Sz when Sz >= Enough ->
?IO_FORMAT('~p Send <<>> to self~n',[self()]),
	    self() ! {State#state.transport_protocol, State#state.socket, <<>>};
	_ ->
?IO_FORMAT('~p Set active_once~n',[self()]),
	    inet:setopts(State#state.socket, [{active, once}])
    end,
    {next_state, StateName, State};

handle_event(info, {CloseTag,Socket}, StateName,
	     State=#state{socket = Socket,
			  transport_close_tag = CloseTag}) ->
    DisconnectMsg =
	#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION,
			    description = "Connection closed"},
    disconnect(DisconnectMsg, StateName, State);

handle_event(info, {timeout, {_, From} = Request}, StateName,
	    #state{connection_state = #connection{requests = Requests} = Connection} = State) ->
    case lists:member(Request, Requests) of
	true ->
	    {next_state, StateName,
	     State#state{connection_state =
			     Connection#connection{requests =
						       lists:delete(Request, Requests)}},
	     [{reply,From,{error,timeout}}]};
	false ->
	    {next_state, StateName, State}
    end;

%%% Handle that ssh channels user process goes down
handle_event(info, {'DOWN', _Ref, process, ChannelPid, _Reason}, StateName, State0) ->
    {{replies, Replies}, State1} = handle_channel_down(ChannelPid, State0),
    {Repls, State} = send_replies(Replies, State1),
    {next_state, StateName, State, Repls};

%%% So that terminate will be run when supervisor is shutdown
handle_event(info, {'EXIT', _Sup, Reason}, _, _) ->
    {stop, {shutdown, Reason}};

handle_event(info, {check_cache, _ , _}, StateName,
	     #state{connection_state = #connection{channel_cache=Cache}} = State) ->
    {next_state, StateName, check_cache(State, Cache)};

handle_event(info, UnexpectedMessage, StateName,
	     State = #state{opts = Opts,
			    ssh_params = SshParams}) ->
    case unexpected_fun(UnexpectedMessage, Opts, SshParams) of
	report ->
	    Msg = lists:flatten(
		    io_lib:format(
		      "Unexpected message '~p' received in state '~p'\n"
		      "Role: ~p\n"
		      "Peer: ~p\n"
		      "Local Address: ~p\n", [UnexpectedMessage, StateName,
					      SshParams#ssh.role, SshParams#ssh.peer,
					      proplists:get_value(address, SshParams#ssh.opts)])),
	    error_logger:info_report(Msg),
	    {next_state, StateName, State};

	skip ->
	    {next_state, StateName, State};

	Other ->
	    Msg = lists:flatten(
		    io_lib:format("Call to fun in 'unexpectedfun' failed:~n"
				  "Return: ~p\n"
				  "Message: ~p\n"
				  "Role: ~p\n"
				  "Peer: ~p\n"
				  "Local Address: ~p\n", [Other, UnexpectedMessage,
							  SshParams#ssh.role,
							  element(2,SshParams#ssh.peer),
							  proplists:get_value(address, SshParams#ssh.opts)]
				 )),
	    error_logger:error_report(Msg),
	    {next_state, StateName, State}
    end;

handle_event(internal, {disconnect,Msg,_Reason}, StateName, State) ->
    disconnect(Msg, StateName, State);

handle_event(Type, Ev, StateName, State) ->
    case catch atom_to_list(element(1,Ev)) of
	"ssh_msg_" ++_ when Type==internal ->
	    Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
				      description = "Message in wrong state"},
	    disconnect(Msg, StateName, State);
	_ ->
	    Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR,
				      description = "Internal error"},
	    disconnect(Msg, StateName, State)
    end.

%%--------------------------------------------------------------------
terminate(normal, StateName, State) ->
    ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,normal,StateName]),
    normal_termination(StateName, State);

terminate({shutdown,{init,Reason}}, StateName, State) ->
    ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,{shutdown,{init,Reason}},StateName]),
    error_logger:info_report(io_lib:format("Erlang ssh in connection handler init: ~p~n",[Reason])),
    normal_termination(StateName, State);

terminate(shutdown, StateName, State) ->
    %% Terminated by supervisor
    ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,shutdown,StateName]),
    normal_termination(StateName,
		       #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION,
					   description = "Application shutdown"},
		       State);

%% terminate({shutdown,Msg}, StateName, State) when is_record(Msg,ssh_msg_disconnect)->
%%     ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,{shutdown,Msg},StateName]),
%%     normal_termination(StateName, Msg, State);

terminate({shutdown,_R}, StateName, State) ->
    ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,{shutdown,_R},StateName]),
    normal_termination(StateName, State);

terminate(Reason, StateName, State) ->
    %% Others, e.g  undef, {badmatch,_}
    ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,Reason,StateName]),
    log_error(Reason),
    normal_termination(StateName,
		       #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION,
					   description = "Internal error"},
		       State).


normal_termination(StateName, Msg, State0) ->
    State = send_msg(Msg,State0),
timer:sleep(400),  %% FIXME!!! gen_tcp:shutdown instead
    normal_termination(StateName, State).

normal_termination(_StateName, #state{transport_cb = Transport,
				      connection_state = Connection,
				      socket = Socket}) ->
    ?IO_FORMAT('~p ~p:~p normal_termination in state ~p~n',[self(),?MODULE,?LINE,_StateName]),
    terminate_subsystem(Connection),
    (catch Transport:close(Socket)),
    ok.


terminate_subsystem(#connection{system_supervisor = SysSup,
			       sub_system_supervisor = SubSysSup}) when is_pid(SubSysSup) ->
    ssh_system_sup:stop_subsystem(SysSup, SubSysSup);
terminate_subsystem(_) ->
    ok.


format_status(normal, [_, _StateName, State]) ->
    [{data, [{"State", State}]}];
format_status(terminate, [_, _StateName, State]) ->
    SshParams0 = (State#state.ssh_params),
    SshParams = SshParams0#ssh{c_keyinit = "***",
			       s_keyinit = "***",
			       send_mac_key = "***",
			       send_mac_size =  "***",
			       recv_mac_key = "***",
			       recv_mac_size = "***",
			       encrypt_keys = "***",
			       encrypt_ctx = "***",
			       decrypt_keys = "***",
			       decrypt_ctx = "***",
			       compress_ctx = "***",
			       decompress_ctx = "***",
			       shared_secret =  "***",
			       exchanged_hash =  "***",
			       session_id =  "***",
			       keyex_key =  "***",
			       keyex_info = "***",
			       available_host_keys = "***"},
    [{data, [{"State", State#state{decoded_data_buffer = "***",
				   encoded_data_buffer =  "***",
				   key_exchange_init_msg = "***",
				   opts =  "***",
				   recbuf =  "***",
				   ssh_params = SshParams
				  }}]}].


code_change(_OldVsn, StateName, State, _Extra) ->
    {ok, StateName, State}.

%%--------------------------------------------------------------------
%%% Internal functions
%%--------------------------------------------------------------------

%% StateName to Role
role({_,Role}) -> Role;
role({_,Role,_}) -> Role.

renegotiation({_,_,ReNeg}) -> ReNeg == renegotiation;
renegotiation(_) -> false.



init_role(client, #state{opts = Opts} = State0) ->
    Pid = proplists:get_value(user_pid, Opts),
    TimerRef = get_idle_time(Opts),
    timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]),
    timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast,
		       [self(), data_size]),
    State0#state{starter = Pid,
		 idle_timer_ref = TimerRef};
init_role(server, #state{opts = Opts, connection_state = Connection} = State) ->
    Sups = proplists:get_value(supervisors, Opts),
    Pid = proplists:get_value(user_pid, Opts),
    SystemSup = proplists:get_value(system_sup, Sups),
    SubSystemSup = proplists:get_value(subsystem_sup, Sups),
    ConnectionSup = proplists:get_value(connection_sup, Sups),
    Shell = proplists:get_value(shell, Opts),
    Exec = proplists:get_value(exec, Opts),
    CliSpec = proplists:get_value(ssh_cli, Opts, {ssh_cli, [Shell]}),
    State#state{starter = Pid, connection_state = Connection#connection{
						    cli_spec = CliSpec,
						    exec = Exec,
						    system_supervisor = SystemSup,
						    sub_system_supervisor = SubSystemSup,
						    connection_supervisor = ConnectionSup
						   }}.

get_idle_time(SshOptions) ->
    case proplists:get_value(idle_time, SshOptions) of
	infinity ->
	    infinity;
       _IdleTime -> %% We dont want to set the timeout on first connect
	    undefined
    end.

init_ssh(client = Role, Vsn, Version, Options, Socket) ->
    IOCb = case proplists:get_value(user_interaction, Options, true) of
	       true ->
		   ssh_io;
	       false ->
		   ssh_no_io
	   end,

    AuthMethods = proplists:get_value(auth_methods, Options,
				      ?SUPPORTED_AUTH_METHODS),
    {ok, PeerAddr} = inet:peername(Socket),

    PeerName =  proplists:get_value(host, Options),
    KeyCb =  proplists:get_value(key_cb, Options, ssh_file),

    #ssh{role = Role,
	 c_vsn = Vsn,
	 c_version = Version,
	 key_cb = KeyCb,
	 io_cb = IOCb,
	 userauth_quiet_mode = proplists:get_value(quiet_mode, Options, false),
	 opts = Options,
	 userauth_supported_methods = AuthMethods,
	 peer = {PeerName, PeerAddr},
	 available_host_keys = supported_host_keys(Role, KeyCb, Options),
	 random_length_padding = proplists:get_value(max_random_length_padding,
						     Options,
						     (#ssh{})#ssh.random_length_padding)
	};

init_ssh(server = Role, Vsn, Version, Options, Socket) ->
    AuthMethods = proplists:get_value(auth_methods, Options,
				      ?SUPPORTED_AUTH_METHODS),
    AuthMethodsAsList = string:tokens(AuthMethods, ","),
    {ok, PeerAddr} = inet:peername(Socket),
    KeyCb =  proplists:get_value(key_cb, Options, ssh_file),

    #ssh{role = Role,
	 s_vsn = Vsn,
	 s_version = Version,
	 key_cb = KeyCb,
	 io_cb = proplists:get_value(io_cb, Options, ssh_io),
	 opts = Options,
	 userauth_supported_methods = AuthMethods,
	 userauth_methods = AuthMethodsAsList,
	 kb_tries_left = 3,
	 peer = {undefined, PeerAddr},
	 available_host_keys = supported_host_keys(Role, KeyCb, Options),
	 random_length_padding = proplists:get_value(max_random_length_padding,
						     Options,
						     (#ssh{})#ssh.random_length_padding)
	 }.

supported_host_keys(client, _, Options) ->
    try
	case proplists:get_value(public_key,
				 proplists:get_value(preferred_algorithms,Options,[])
				) of
	    undefined ->
		ssh_transport:default_algorithms(public_key);
	    L ->
		L -- (L--ssh_transport:default_algorithms(public_key))
	end
    of
	[] ->
	    {stop, {shutdown, "No public key algs"}};
	Algs ->
	    [atom_to_list(A) || A<-Algs]
    catch
	exit:Reason ->
	    {stop, {shutdown, Reason}}
    end;
supported_host_keys(server, KeyCb, Options) ->
    [atom_to_list(A) || A <- proplists:get_value(public_key,
						 proplists:get_value(preferred_algorithms,Options,[]),
						 ssh_transport:default_algorithms(public_key)
						),
			available_host_key(KeyCb, A, Options)
    ].

%% Alg :: atom()
available_host_key(KeyCb, Alg, Opts) ->
    element(1, catch KeyCb:host_key(Alg, Opts)) == ok.


send_msg(Msg, State=#state{ssh_params=Ssh0}) when is_tuple(Msg) ->
    {Bytes, Ssh} = ssh_transport:ssh_packet(Msg, Ssh0),
    send_bytes(Bytes, State),
    State#state{ssh_params=Ssh}.

send_bytes(Bytes, #state{socket = Socket, transport_cb = Transport}) ->
    R = Transport:send(Socket, Bytes),
?IO_FORMAT('~p send_bytes ~p~n',[self(),R]),
    R.


handle_version({2, 0} = NumVsn, StrVsn, Ssh0) ->
    Ssh = counterpart_versions(NumVsn, StrVsn, Ssh0),
    {ok, Ssh};
handle_version(_,_,_) ->
    not_supported.

string_version(#ssh{role = client, c_version = Vsn}) ->
    Vsn;
string_version(#ssh{role = server, s_version = Vsn}) ->
    Vsn.


cast(FsmPid, Event) ->
    gen_statem:cast(FsmPid, Event).

call(FsmPid, Event) ->
    call(FsmPid, Event, infinity).

call(FsmPid, Event, Timeout) ->
    try gen_statem:call(FsmPid, Event, Timeout) of
	{closed, _R} ->
	    {error, closed};
	{killed, _R} ->
	    {error, closed};
	Result ->
	    Result
    catch
	exit:{noproc, _R} ->
	    {error, closed};
	exit:{normal, _R} ->
	    {error, closed};
	exit:{{shutdown, _R},_} ->
	    {error, closed}
    end.


handle_connection_msg(Msg, StateName, State0 =
			  #state{starter = User,
				 connection_state = Connection0,
				 event_queue = Qev0}) ->
    Renegotiation = renegotiation(StateName),
    Role = role(StateName),
    try ssh_connection:handle_msg(Msg, Connection0, Role) of
	{{replies, Replies}, Connection} ->
	    case StateName of
		{connected,_} ->
		    {Repls, State} = send_replies(Replies,
						  State0#state{connection_state=Connection}),
		    {next_state, StateName, State, Repls};
		_ ->
		    {ConnReplies, Replies} =
			lists:splitwith(fun not_connected_filter/1, Replies),
		    {Repls, State} = send_replies(Replies,
						  State0#state{event_queue = Qev0 ++ ConnReplies}),
		    {next_state, StateName, State, Repls}
	    end;

	{noreply, Connection} ->
	    {next_state, StateName, State0#state{connection_state = Connection}};

	{disconnect, Reason0, {{replies, Replies}, Connection}} ->
	    {Repls,State} = send_replies(Replies, State0#state{connection_state = Connection}),
	    case {Reason0,Role} of
		{{_, Reason}, client} when ((StateName =/= {connected,client}) and (not Renegotiation)) ->
		    User ! {self(), not_connected, Reason};
		_ ->
		    ok
	    end,
	    {stop, {shutdown,normal}, Repls, State#state{connection_state = Connection}}

    catch
	_:Error ->
	    {disconnect, _Reason, {{replies, Replies}, Connection}} =
		ssh_connection:handle_msg(
		  #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION,
				      description = "Internal error"},
		  Connection0, Role),
	    {Repls,State} = send_replies(Replies, State0#state{connection_state = Connection}),
	    {stop, {shutdown,Error}, Repls, State#state{connection_state = Connection}}
    end.


set_prefix_if_trouble(Msg = <<?BYTE(Op),_/binary>>, #state{ssh_params=SshParams})
  when Op == 30;
       Op == 31
       ->
    case catch atom_to_list(kex(SshParams)) of
	"ecdh-sha2-" ++ _ ->
	    <<"ecdh",Msg/binary>>;
	"diffie-hellman-group-exchange-" ++ _ ->
	    <<"dh_gex",Msg/binary>>;
	"diffie-hellman-group" ++ _ ->
	    <<"dh",Msg/binary>>;
	_ ->
	    Msg
    end;
set_prefix_if_trouble(Msg, _) ->
    Msg.

kex(#ssh{algorithms=#alg{kex=Kex}}) -> Kex;
kex(_) -> undefined.

%%%----------------------------------------------------------------
handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From,
	       #state{connection_state =
		      #connection{channel_cache = Cache}} = State0) ->
    case ssh_channel:cache_lookup(Cache, ChannelId) of
	#channel{remote_id = Id} = Channel ->
	    update_sys(Cache, Channel, Type, ChannelPid),
	    Msg = ssh_connection:channel_request_msg(Id, Type,
						     WantReply, Data),
	    send_msg(Msg, add_request(WantReply, ChannelId, From, State0));
	undefined ->
	    State0
    end.

handle_request(ChannelId, Type, Data, WantReply, From,
	       #state{connection_state =
		      #connection{channel_cache = Cache}} = State0) ->
    case ssh_channel:cache_lookup(Cache, ChannelId) of
	#channel{remote_id = Id}  ->
	    Msg = ssh_connection:channel_request_msg(Id, Type,
						     WantReply, Data),
	    send_msg(Msg,  add_request(WantReply, ChannelId, From, State0));
	undefined ->
	    State0
    end.

%%%----------------------------------------------------------------
handle_global_request({global_request, ChannelPid,
		       "tcpip-forward" = Type, WantReply,
		       <<?UINT32(IPLen),
			IP:IPLen/binary, ?UINT32(Port)>> = Data},
		      #state{connection_state =
				 #connection{channel_cache = Cache}
			     = Connection0} = State) ->
    ssh_channel:cache_update(Cache, #channel{user = ChannelPid,
					     type = "forwarded-tcpip",
					     sys = none}),
    Connection = ssh_connection:bind(IP, Port, ChannelPid, Connection0),
    Msg = ssh_connection:global_request_msg(Type, WantReply, Data),
    send_msg(Msg, State#state{connection_state = Connection});

handle_global_request({global_request, _Pid, "cancel-tcpip-forward" = Type,
		       WantReply, <<?UINT32(IPLen),
				   IP:IPLen/binary, ?UINT32(Port)>> = Data},
		      #state{connection_state = Connection0} = State) ->
    Connection = ssh_connection:unbind(IP, Port, Connection0),
    Msg = ssh_connection:global_request_msg(Type, WantReply, Data),
    send_msg(Msg, State#state{connection_state = Connection});

handle_global_request({global_request, _, "cancel-tcpip-forward" = Type,
		       WantReply, Data}, State) ->
    Msg = ssh_connection:global_request_msg(Type, WantReply, Data),
    send_msg(Msg, State).

%%%----------------------------------------------------------------
handle_idle_timeout(#state{opts = Opts}) ->
    case proplists:get_value(idle_time, Opts, infinity) of
	infinity ->
	    ok;
	IdleTime ->
	    erlang:send_after(IdleTime, self(), {check_cache, [], []})
    end.

handle_channel_down(ChannelPid, #state{connection_state =
					   #connection{channel_cache = Cache}} =
			State) ->
    ssh_channel:cache_foldl(
	       fun(Channel, Acc) when Channel#channel.user == ChannelPid ->
		       ssh_channel:cache_delete(Cache,
						Channel#channel.local_id),
		       Acc;
		  (_,Acc) ->
		       Acc
	       end, [], Cache),
    {{replies, []}, check_cache(State, Cache)}.

update_sys(Cache, Channel, Type, ChannelPid) ->
    ssh_channel:cache_update(Cache,
			     Channel#channel{sys = Type, user = ChannelPid}).
add_request(false, _ChannelId, _From, State) ->
    State;
add_request(true, ChannelId, From, #state{connection_state =
					#connection{requests = Requests0} =
					Connection} = State) ->
    Requests = [{ChannelId, From} | Requests0],
    State#state{connection_state = Connection#connection{requests = Requests}}.

new_channel_id(#state{connection_state = #connection{channel_id_seed = Id} =
		      Connection}
	       = State) ->
    {Id, State#state{connection_state =
		     Connection#connection{channel_id_seed = Id + 1}}}.

prepare_for_next_packet(State = #state{transport_protocol = Protocol,
				       socket = Socket},
			Ssh, EncDataRest) ->
    case size(EncDataRest) >=  erlang:max(8, Ssh#ssh.decrypt_block_size) of
	true ->
	    %% Enough data from the next packet has been received to
	    %% decode the length indicator, fake a socket-recive
	    %% message so that the data will be processed
	    self() ! {Protocol, Socket, <<>>};
	false ->
	    inet:setopts(Socket, [{active, once}])
    end,
    State#state{ssh_params =
		    Ssh#ssh{recv_sequence = ssh_transport:next_seqnum(Ssh#ssh.recv_sequence)},
		decoded_data_buffer = <<>>,
		undecoded_packet_length = undefined,
		encoded_data_buffer = EncDataRest}.

%%%----------------------------------------------------------------
%%% Some other module has decided to disconnect:
disconnect(Msg = #ssh_msg_disconnect{}) ->
    throw({keep_state_and_data, 
	   [{next_event, internal, {disconnect, Msg, Msg#ssh_msg_disconnect.description}}]}).

disconnect(Msg = #ssh_msg_disconnect{}, ExtraInfo) ->
    throw({keep_state_and_data,
	   [{next_event, internal, {disconnect, Msg, {Msg#ssh_msg_disconnect.description,ExtraInfo}}}]}).


%% %%% This server/client has decided to disconnect via the state machine:
disconnect(Msg=#ssh_msg_disconnect{description=Description}, _StateName, State0) ->
    ?IO_FORMAT('~p ~p:~p disconnect ~p ~p~n',[self(),?MODULE,?LINE,Msg,_StateName]),
    State = send_msg(Msg, State0),
    disconnect_fun(Description, State#state.opts),
timer:sleep(400),
    {stop, {shutdown,Description}, State}.

%%%----------------------------------------------------------------
counterpart_versions(NumVsn, StrVsn, #ssh{role = server} = Ssh) ->
    Ssh#ssh{c_vsn = NumVsn , c_version = StrVsn};
counterpart_versions(NumVsn, StrVsn, #ssh{role = client} = Ssh) ->
    Ssh#ssh{s_vsn = NumVsn , s_version = StrVsn}.

connected_fun(User, PeerAddr, Method, Opts) ->
    case proplists:get_value(connectfun, Opts) of
	undefined ->
	    ok;
	Fun ->
	    catch Fun(User, PeerAddr, Method)
    end.

retry_fun(_, _, undefined, _) ->
    ok;

retry_fun(User, PeerAddr, {error, Reason}, Opts) ->
    case proplists:get_value(failfun, Opts) of
	undefined ->
	    ok;
	Fun ->
	    do_retry_fun(Fun, User, PeerAddr, Reason)
    end;

retry_fun(User, PeerAddr, Reason, Opts) ->
    case proplists:get_value(infofun, Opts) of
	undefined ->
	    ok;
	Fun  ->
	    do_retry_fun(Fun, User, PeerAddr, Reason)
    end.

do_retry_fun(Fun, User, PeerAddr, Reason) ->
    case erlang:fun_info(Fun, arity) of
	{arity, 2} -> %% Backwards compatible
	    catch Fun(User, Reason);
	{arity, 3} ->
	    catch Fun(User, PeerAddr, Reason)
    end.

ssh_info([], _State, Acc) ->
    Acc;
ssh_info([client_version | Rest], #state{ssh_params = #ssh{c_vsn = IntVsn,
							   c_version = StringVsn}} = State, Acc) ->
    ssh_info(Rest, State, [{client_version, {IntVsn, StringVsn}} | Acc]);

ssh_info([server_version | Rest], #state{ssh_params =#ssh{s_vsn = IntVsn,
							  s_version = StringVsn}} = State, Acc) ->
    ssh_info(Rest, State, [{server_version, {IntVsn, StringVsn}} | Acc]);
ssh_info([peer | Rest], #state{ssh_params = #ssh{peer = Peer}} = State, Acc) ->
    ssh_info(Rest, State, [{peer, Peer} | Acc]);
ssh_info([sockname | Rest], #state{socket = Socket} = State, Acc) ->
    {ok, SockName} = inet:sockname(Socket),
   ssh_info(Rest, State, [{sockname, SockName}|Acc]);
ssh_info([user | Rest], #state{auth_user = User} = State, Acc) ->
    ssh_info(Rest, State, [{user, User}|Acc]);
ssh_info([ _ | Rest], State, Acc) ->
    ssh_info(Rest, State, Acc).


ssh_channel_info([], _, Acc) ->
    Acc;

ssh_channel_info([recv_window | Rest], #channel{recv_window_size = WinSize,
						   recv_packet_size = Packsize
						  } = Channel, Acc) ->
    ssh_channel_info(Rest, Channel, [{recv_window, {{win_size, WinSize},
						      {packet_size, Packsize}}} | Acc]);
ssh_channel_info([send_window | Rest], #channel{send_window_size = WinSize,
						send_packet_size = Packsize
					       } = Channel, Acc) ->
    ssh_channel_info(Rest, Channel, [{send_window, {{win_size, WinSize},
						      {packet_size, Packsize}}} | Acc]);
ssh_channel_info([ _ | Rest], Channel, Acc) ->
    ssh_channel_info(Rest, Channel, Acc).


log_error(Reason) ->
    Report = io_lib:format("Erlang ssh connection handler failed with reason:~n"
			   "    ~p~n"
			   "Stacktrace:~n"
			   "    ~p~n",
			   [Reason, erlang:get_stacktrace()]),
    error_logger:error_report(Report).


%%%----------------------------------------------------------------
not_connected_filter({connection_reply, _Data}) -> true;
not_connected_filter(_) -> false.

%%%----------------------------------------------------------------
send_replies(Repls, State) ->
    lists:foldl(fun get_repl/2,
		{[],State},
		Repls).

get_repl({connection_reply,Msg}, {CallRepls,S}) ->
    {CallRepls, send_msg(Msg,S)};
get_repl({channel_data,undefined,Data}, Acc) ->
    Acc;
get_repl({channel_data,Pid,Data}, Acc) ->
    Pid ! {ssh_cm, self(), Data},
    Acc;
get_repl({channel_request_reply,From,Data}, {CallRepls,S}) ->
    {[{reply,From,Data}|CallRepls], S};
get_repl({flow_control,Cache,Channel,From,Msg}, {CallRepls,S}) ->
    ssh_channel:cache_update(Cache, Channel#channel{flow_control = undefined}),
    {[{reply,From,Msg}|CallRepls], S};
get_repl({flow_control,From,Msg}, {CallRepls,S}) ->
    {[{reply,From,Msg}|CallRepls], S};
get_repl(noreply, Acc) ->
    Acc;
get_repl(X, Acc) ->
    exit({get_repl,X,Acc}).



%%%----------------------------------------------------------------
disconnect_fun({disconnect,Msg}, Opts) ->
    disconnect_fun(Msg, Opts);
disconnect_fun(_, undefined) ->
    ok;
disconnect_fun(Reason, Opts) ->
    case proplists:get_value(disconnectfun, Opts) of
	undefined ->
	    ok;
	Fun ->
	    catch Fun(Reason)
     end.

unexpected_fun(UnexpectedMessage, Opts, #ssh{peer={_,Peer}}) ->
    case proplists:get_value(unexpectedfun, Opts) of
	undefined ->
	    report;
	Fun ->
	    catch Fun(UnexpectedMessage, Peer)
    end.


check_cache(#state{opts = Opts} = State, Cache) ->
    %% Check the number of entries in Cache
    case proplists:get_value(size, ets:info(Cache)) of
	0 ->
	    case proplists:get_value(idle_time, Opts, infinity) of
		infinity ->
		    State;
		Time ->
		    handle_idle_timer(Time, State)
	    end;
	_ ->
	    State
    end.

handle_idle_timer(Time, #state{idle_timer_ref = undefined} = State) ->
    TimerRef = erlang:send_after(Time, self(), {'EXIT', [], "Timeout"}),
    State#state{idle_timer_ref=TimerRef};
handle_idle_timer(_, State) ->
    State.

remove_timer_ref(State) ->
    case State#state.idle_timer_ref of
	infinity -> %% If the timer is not activated
	    State;
	undefined -> %% If we already has cancelled the timer
	    State;
	TimerRef -> %% Timer is active
	    erlang:cancel_timer(TimerRef),
	    State#state{idle_timer_ref = undefined}
    end.

socket_control(Socket, Pid, Transport) ->
    case Transport:controlling_process(Socket, Pid) of
	ok ->
	    gen_statem:cast(Pid, socket_control);
	{error, Reason}	->
	    {error, Reason}
    end.

handshake(Pid, Ref, Timeout) ->
    receive
	ssh_connected ->
	    erlang:demonitor(Ref),
	    {ok, Pid};
	{Pid, not_connected, Reason} ->
	    {error, Reason};
	{Pid, user_password} ->
	    Pass = io:get_password(),
	    Pid ! Pass,
	    handshake(Pid, Ref, Timeout);
	{Pid, question} ->
	    Answer = io:get_line(""),
	    Pid ! Answer,
	    handshake(Pid, Ref, Timeout);
	{'DOWN', _, process, Pid, {shutdown, Reason}} ->
	    {error, Reason};
	{'DOWN', _, process, Pid, Reason} ->
	    {error, Reason}
    after Timeout ->
	    stop(Pid),
	    {error, timeout}
    end.

start_timeout(_,_, infinity) ->
    ok;
start_timeout(Channel, From, Time) ->
    erlang:send_after(Time, self(), {timeout, {Channel, From}}).

getopt(Opt, Socket) ->
    case inet:getopts(Socket, [Opt]) of
	{ok, [{Opt, Value}]} ->
	    {ok, Value};
	Other ->
	    {error, {unexpected_getopts_return, Other}}
    end.