diff options
Diffstat (limited to 'lib/ssh/src')
-rw-r--r-- | lib/ssh/src/ssh.appup.src | 12 | ||||
-rw-r--r-- | lib/ssh/src/ssh.erl | 27 | ||||
-rw-r--r-- | lib/ssh/src/ssh_auth.erl | 49 | ||||
-rw-r--r-- | lib/ssh/src/ssh_connection_handler.erl | 28 | ||||
-rw-r--r-- | lib/ssh/src/ssh_connection_manager.erl | 43 |
5 files changed, 144 insertions, 15 deletions
diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index d08dbafc32..8914aeffdb 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,10 +19,15 @@ {"%VSN%", [ + {<<"2.1.1">>, [{load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh_connection_manager, soft_purge, soft_purge, []}, + {load_module, ssh_auth, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}]}, {<<"2.1">>, [{load_module, ssh_sftpd_file_api, soft_purge, soft_purge, []}, {load_module, ssh_connection, soft_purge, soft_purge, []}, {load_module, ssh_connection_manager, soft_purge, soft_purge, []}, {load_module, ssh_auth, soft_purge, soft_purge, []}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, {load_module, ssh_channel, soft_purge, soft_purge, []}, {load_module, ssh_file, soft_purge, soft_purge, []}]}, {load_module, ssh, soft_purge, soft_purge, []}]}, @@ -30,14 +35,19 @@ {<<"1\\.*">>, [{restart_application, ssh}]} ], [ + {<<"2.1.1">>, [{load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh_connection_manager, soft_purge, soft_purge, []}, + {load_module, ssh_auth, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}]}, {<<"2.1">>,[{load_module, ssh_sftpd_file_api, soft_purge, soft_purge, []}, {load_module, ssh_connection, soft_purge, soft_purge, []}, {load_module, ssh_connection_manager, soft_purge, soft_purge, []}, {load_module, ssh_auth, soft_purge, soft_purge, []}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, {load_module, ssh_channel, soft_purge, soft_purge, []}, {load_module, ssh_file, soft_purge, soft_purge, []}]}, {load_module, ssh, soft_purge, soft_purge, []}]}, {<<"2.0\\.*">>, [{restart_application, ssh}]}, {<<"1\\.*">>, [{restart_application, ssh}]} ] -}. +}.
\ No newline at end of file diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 3395f73884..d09f6cf34b 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -342,6 +342,10 @@ handle_option([{exec, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{auth_methods, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{pref_public_key_algs, _} = Opt | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{quiet_mode, _} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions). @@ -357,6 +361,13 @@ handle_ssh_option({user_interaction, Value} = Opt) when Value == true; Value == Opt; handle_ssh_option({public_key_alg, Value} = Opt) when Value == ssh_rsa; Value == ssh_dsa -> Opt; +handle_ssh_option({pref_public_key_algs, Value} = Opt) when is_list(Value), length(Value) >= 1 -> + case check_pref_algs(Value) of + true -> + Opt; + _ -> + throw({error, {eoptions, Opt}}) + end; handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; handle_ssh_option({user, Value} = Opt) when is_list(Value) -> @@ -407,6 +418,9 @@ handle_ssh_option({shell, {Module, Function, _}} = Opt) when is_atom(Module), Opt; handle_ssh_option({shell, Value} = Opt) when is_function(Value) -> Opt; +handle_ssh_option({quiet_mode, Value} = Opt) when Value == true; + Value == false -> + Opt; handle_ssh_option(Opt) -> throw({error, {eoptions, Opt}}). @@ -424,7 +438,18 @@ handle_inet_option({reuseaddr, _} = Opt) -> %% Option verified by inet handle_inet_option(Opt) -> Opt. - +%% Check preferred algs +check_pref_algs([]) -> + true; +check_pref_algs([H|T]) -> + case H of + ssh_dsa -> + check_pref_algs(T); + ssh_rsa -> + check_pref_algs(T); + _ -> + false + end. %% Has IPv6 been disabled? inetopt(true) -> inet; diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index aa452a8e09..27e44df554 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -118,15 +118,37 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) -> service = "ssh-connection", method = "none", data = <<>>}, - FirstAlg = algorithm(proplists:get_value(public_key_alg, Opts, - ?PREFERRED_PK_ALG)), - SecondAlg = other_alg(FirstAlg), - AllowUserInt = proplists:get_value(user_interaction, Opts, true), - Prefs = method_preference(FirstAlg, SecondAlg, AllowUserInt), - ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, - userauth_preference = Prefs, - userauth_methods = none, - service = "ssh-connection"}); + case proplists:get_value(pref_public_key_algs, Opts, false) of + false -> + FirstAlg = algorithm(proplists:get_value(public_key_alg, Opts, + ?PREFERRED_PK_ALG)), + SecondAlg = other_alg(FirstAlg), + AllowUserInt = proplists:get_value(user_interaction, Opts, true), + Prefs = method_preference(FirstAlg, SecondAlg, AllowUserInt), + ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, + userauth_preference = Prefs, + userauth_methods = none, + service = "ssh-connection"}); + Algs -> + FirstAlg = algorithm(lists:nth(1, Algs)), + case length(Algs) =:= 2 of + true -> + SecondAlg = other_alg(FirstAlg), + AllowUserInt = proplists:get_value(user_interaction, Opts, true), + Prefs = method_preference(FirstAlg, SecondAlg, AllowUserInt), + ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, + userauth_preference = Prefs, + userauth_methods = none, + service = "ssh-connection"}); + _ -> + AllowUserInt = proplists:get_value(user_interaction, Opts, true), + Prefs = method_preference(FirstAlg, AllowUserInt), + ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, + userauth_preference = Prefs, + userauth_methods = none, + service = "ssh-connection"}) + end + end; {error, no_user} -> ErrStr = "Could not determine the users name", throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_ILLEGAL_USER_NAME, @@ -287,6 +309,15 @@ method_preference(Alg1, Alg2, false) -> {"publickey", ?MODULE, publickey_msg,[Alg2]}, {"password", ?MODULE, password_msg, []} ]. +method_preference(Alg1, true) -> + [{"publickey", ?MODULE, publickey_msg, [Alg1]}, + {"password", ?MODULE, password_msg, []}, + {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []} + ]; +method_preference(Alg1, false) -> + [{"publickey", ?MODULE, publickey_msg, [Alg1]}, + {"password", ?MODULE, password_msg, []} + ]. user_name(Opts) -> Env = case os:type() of diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 5b3d1b8a1b..d8950a7b67 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -718,8 +718,18 @@ init_ssh(server = Role, Vsn, Version, Options, Socket) -> available_host_keys = supported_host_keys(Role, KeyCb, Options) }. -supported_host_keys(client, _, _) -> - ["ssh-rsa", "ssh-dss"]; +supported_host_keys(client, _, Options) -> + try + case extract_algs(proplists:get_value(pref_public_key_algs, Options, false), []) of + false -> + ["ssh-rsa", "ssh-dss"]; + Algs -> + Algs + end + catch + exit:Reason -> + {stop, {shutdown, Reason}} + end; supported_host_keys(server, KeyCb, Options) -> lists:foldl(fun(Type, Acc) -> case available_host_key(KeyCb, Type, Options) of @@ -731,7 +741,19 @@ supported_host_keys(server, KeyCb, Options) -> end, [], %% Prefered alg last so no need to reverse ["ssh-dss", "ssh-rsa"]). - +extract_algs(false, _) -> + false; +extract_algs([],[]) -> + false; +extract_algs([], NewList) -> + lists:reverse(NewList); +extract_algs([H|T], NewList) -> + case H of + ssh_dsa -> + extract_algs(T, ["ssh-dss"|NewList]); + ssh_rsa -> + extract_algs(T, ["ssh-rsa"|NewList]) + end. available_host_key(KeyCb, "ssh-dss"= Alg, Opts) -> case KeyCb:host_key('ssh-dss', Opts) of {ok, _} -> diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl index e53cd4f4f7..5aa79f978c 100644 --- a/lib/ssh/src/ssh_connection_manager.erl +++ b/lib/ssh/src/ssh_connection_manager.erl @@ -523,7 +523,7 @@ handle_info({same_user, _}, State) -> handle_info(ssh_connected, #state{role = client, client = Pid} = State) -> Pid ! {self(), is_connected}, - {noreply, State#state{connected = true}}; + {noreply, State#state{connected = true, opts = handle_password(State#state.opts)}}; handle_info(ssh_connected, #state{role = server} = State) -> {noreply, State#state{connected = true}}; @@ -536,6 +536,47 @@ handle_info({'DOWN', _Ref, process, ChannelPid, _Reason}, State) -> handle_info({'EXIT', _Sup, Reason}, State) -> {stop, Reason, State}. +handle_password(Opts) -> + handle_rsa_password(handle_dsa_password(handle_normal_password(Opts))). +handle_normal_password(Opts) -> + case proplists:get_value(ssh_opts, Opts, false) of + false -> + Opts; + SshOpts -> + case proplists:get_value(password, SshOpts, false) of + false -> + Opts; + _Password -> + NewOpts = [{password, undefined}|lists:keydelete(password, 1, SshOpts)], + [{ssh_opts, NewOpts}|lists:keydelete(ssh_opts, 1, Opts)] + end + end. +handle_dsa_password(Opts) -> + case proplists:get_value(ssh_opts, Opts, false) of + false -> + Opts; + SshOpts -> + case proplists:get_value(dsa_pass_phrase, SshOpts, false) of + false -> + Opts; + _Password -> + NewOpts = [{dsa_pass_phrase, undefined}|lists:keydelete(dsa_pass_phrase, 1, SshOpts)], + [{ssh_opts, NewOpts}|lists:keydelete(ssh_opts, 1, Opts)] + end + end. +handle_rsa_password(Opts) -> + case proplists:get_value(ssh_opts, Opts, false) of + false -> + Opts; + SshOpts -> + case proplists:get_value(rsa_pass_phrase, SshOpts, false) of + false -> + Opts; + _Password -> + NewOpts = [{rsa_pass_phrase, undefined}|lists:keydelete(rsa_pass_phrase, 1, SshOpts)], + [{ssh_opts, NewOpts}|lists:keydelete(ssh_opts, 1, Opts)] + end + end. %%-------------------------------------------------------------------- %% Function: terminate(Reason, State) -> void() %% Description: This function is called by a gen_server when it is about to |