diff options
Diffstat (limited to 'lib/ssh/src')
| -rw-r--r-- | lib/ssh/src/ssh.app.src | 2 | ||||
| -rw-r--r-- | lib/ssh/src/ssh.erl | 123 | ||||
| -rw-r--r-- | lib/ssh/src/ssh.hrl | 2 | ||||
| -rw-r--r-- | lib/ssh/src/ssh_auth.erl | 21 | ||||
| -rw-r--r-- | lib/ssh/src/ssh_connection_handler.erl | 104 | 
5 files changed, 144 insertions, 108 deletions
| diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index 3245ba5197..76b7d8cd55 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -45,7 +45,7 @@  			  "erts-6.0",  			  "kernel-3.0",  			  "public_key-1.1", -			  "stdlib-3.0" +			  "stdlib-3.1"  			 ]}]}. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 0570853a9b..1d7be3547b 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -52,16 +52,15 @@  %% is temporary. see application(3)  %%--------------------------------------------------------------------  start() -> -    application:start(crypto), -    application:start(asn1), -    application:start(public_key), -    application:start(ssh). +    start(temporary).  start(Type) -> -    application:start(crypto, Type), -    application:start(asn1), -    application:start(public_key, Type), -    application:start(ssh, Type). +    case application:ensure_all_started(ssh, Type) of +        {ok, _} -> +            ok; +        Other -> +            Other +    end.  %%--------------------------------------------------------------------  -spec stop() -> ok | {error, term()}. @@ -90,7 +89,7 @@ connect(Socket, Options, Timeout) when is_port(Socket) ->  	    {error, Error};  	{_SocketOptions, SshOptions} ->  	    case valid_socket_to_use(Socket, Options) of -		ok ->  +		ok ->  		    {ok, {Host,_Port}} = inet:sockname(Socket),  		    Opts =  [{user_pid,self()}, {host,fmt_host(Host)} | SshOptions],  		    ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); @@ -128,23 +127,23 @@ connect(Host, Port, Options, Timeout) ->  -spec close(pid()) -> ok.  %%  %% Description: Closes an ssh connection. -%%--------------------------------------------------------------------	 +%%--------------------------------------------------------------------  close(ConnectionRef) ->      ssh_connection_handler:stop(ConnectionRef).  %%--------------------------------------------------------------------  -spec connection_info(pid(), [atom()]) -> [{atom(), term()}].  %% -%% Description: Retrieves information about a connection.  -%%--------------------------------------------------------------------	 +%% Description: Retrieves information about a connection. +%%--------------------------------------------------------------------  connection_info(ConnectionRef, Options) ->      ssh_connection_handler:connection_info(ConnectionRef, Options).  %%--------------------------------------------------------------------  -spec channel_info(pid(), channel_id(), [atom()]) -> [{atom(), term()}].  %% -%% Description: Retrieves information about a connection.  -%%--------------------------------------------------------------------	 +%% Description: Retrieves information about a connection. +%%--------------------------------------------------------------------  channel_info(ConnectionRef, ChannelId, Options) ->      ssh_connection_handler:channel_info(ConnectionRef, ChannelId, Options). @@ -153,9 +152,9 @@ channel_info(ConnectionRef, ChannelId, Options) ->  -spec daemon(integer()|port(), proplists:proplist()) -> {ok, pid()} | {error, term()}.  -spec daemon(any | inet:ip_address(), integer(), proplists:proplist()) -> {ok, pid()} | {error, term()}. -%% Description: Starts a server listening for SSH connections  +%% Description: Starts a server listening for SSH connections  %% on the given port. -%%--------------------------------------------------------------------	 +%%--------------------------------------------------------------------  daemon(Port) ->      daemon(Port, []). @@ -188,9 +187,9 @@ daemon_info(Pid) ->  -spec stop_listener(pid()) -> ok.  -spec stop_listener(inet:ip_address(), integer()) -> ok.  %% -%% Description: Stops the listener, but leaves  +%% Description: Stops the listener, but leaves  %% existing connections started by the listener up and running. -%%--------------------------------------------------------------------	 +%%--------------------------------------------------------------------  stop_listener(SysSup) ->      ssh_system_sup:stop_listener(SysSup).  stop_listener(Address, Port) -> @@ -202,9 +201,9 @@ stop_listener(Address, Port, Profile) ->  -spec stop_daemon(pid()) -> ok.  -spec stop_daemon(inet:ip_address(), integer()) -> ok.  %% -%% Description: Stops the listener and all connections started by  +%% Description: Stops the listener and all connections started by  %% the listener. -%%--------------------------------------------------------------------	 +%%--------------------------------------------------------------------  stop_daemon(SysSup) ->      ssh_system_sup:stop_system(SysSup).  stop_daemon(Address, Port) -> @@ -243,7 +242,7 @@ start_shell({ok, ConnectionRef}) ->      case ssh_connection:session_channel(ConnectionRef, infinity) of  	{ok,ChannelId}  ->  	    success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId, []), -	    Args = [{channel_cb, ssh_shell},  +	    Args = [{channel_cb, ssh_shell},  		    {init_args,[ConnectionRef, ChannelId]},  		    {cm, ConnectionRef}, {channel_id, ChannelId}],  	    {ok, State} = ssh_channel:init([Args]), @@ -256,7 +255,7 @@ start_shell(Error) ->  %%--------------------------------------------------------------------  %%-------------------------------------------------------------------- -default_algorithms() ->  +default_algorithms() ->      ssh_transport:default_algorithms().  %%-------------------------------------------------------------------- @@ -296,13 +295,13 @@ daemon_shell_opt(Options) ->  daemon_host_inet_opt(HostAddr, Options1) ->      case HostAddr of  	any -> -	    {ok, Host0} = inet:gethostname(),  +	    {ok, Host0} = inet:gethostname(),  	    {Host0,  proplists:get_value(inet, Options1, inet), Options1};  	{_,_,_,_} -> -	    {HostAddr, inet,  +	    {HostAddr, inet,  	     [{ip, HostAddr} | Options1]};  	{_,_,_,_,_,_,_,_} -> -	    {HostAddr, inet6,  +	    {HostAddr, inet6,  	     [{ip, HostAddr} | Options1]}      end. @@ -313,8 +312,8 @@ start_daemon(Socket, Options) ->  	    {error, Error};  	{SocketOptions, SshOptions} ->  	    case valid_socket_to_use(Socket, Options) of -		ok ->  -		    try  +		ok -> +		    try  			do_start_daemon(Socket, [{role,server}|SshOptions], SocketOptions)  		    catch  			throw:bad_fd -> {error,bad_fd}; @@ -330,16 +329,16 @@ start_daemon(Host, Port, Options, Inet) ->  	{error, _Reason} = Error ->  	    Error;  	{SocketOptions, SshOptions}-> -	    try  +	    try  		do_start_daemon(Host, Port, [{role,server}|SshOptions] , [Inet|SocketOptions])  	    catch  		throw:bad_fd -> {error,bad_fd};  		_C:_E -> {error,{cannot_start_daemon,_C,_E}}  	    end      end. -     +  do_start_daemon(Socket, SshOptions, SocketOptions) -> -    {ok, {IP,Port}} =  +    {ok, {IP,Port}} =  	try {ok,_} = inet:sockname(Socket)  	catch  	    _:_ -> throw(bad_socket) @@ -351,7 +350,7 @@ do_start_daemon(Socket, SshOptions, SocketOptions) ->  	    {address, Host},  	    {port, Port},  	    {role, server}, -	    {socket_opts, SocketOptions},  +	    {socket_opts, SocketOptions},  	    {ssh_opts, SshOptions}],      {_, Callback, _} = proplists:get_value(transport, SshOptions, {tcp, gen_tcp, tcp_closed}),      case ssh_system_sup:system_supervisor(Host, Port, Profile) of @@ -385,7 +384,7 @@ do_start_daemon(Socket, SshOptions, SocketOptions) ->      end.  do_start_daemon(Host0, Port0, SshOptions, SocketOptions) -> -    {Host,Port1} =  +    {Host,Port1} =  	try  	    case proplists:get_value(fd, SocketOptions) of  		undefined -> @@ -402,21 +401,21 @@ do_start_daemon(Host0, Port0, SshOptions, SocketOptions) ->      {Port, WaitRequestControl, Opts0} =  	case Port1 of  	    0 -> %% Allocate the socket here to get the port number... -		{_, Callback, _} =   +		{_, Callback, _} =  		    proplists:get_value(transport, SshOptions, {tcp, gen_tcp, tcp_closed}),  		{ok,LSock} = ssh_acceptor:callback_listen(Callback, 0, SocketOptions),  		{ok,{_,LPort}} = inet:sockname(LSock), -		{LPort,  -		 {LSock,Callback},  +		{LPort, +		 {LSock,Callback},  		 [{lsocket,LSock},{lsock_owner,self()}]  		};  	    _ ->  		{Port1, false, []}  	end, -    Opts = [{address, Host},  +    Opts = [{address, Host},  	    {port, Port},  	    {role, server}, -	    {socket_opts, SocketOptions},  +	    {socket_opts, SocketOptions},  	    {ssh_opts, SshOptions} | Opts0],      case ssh_system_sup:system_supervisor(Host, Port, Profile) of  	undefined -> @@ -465,7 +464,7 @@ find_hostport(Fd) ->      {ok, HostPort} = inet:sockname(S),      ok = inet:close(S),      HostPort. -     +  handle_options(Opts) ->      try handle_option(algs_compatibility(proplists:unfold(Opts)), [], []) of @@ -480,9 +479,9 @@ handle_options(Opts) ->  algs_compatibility(Os0) ->      %% Take care of old options 'public_key_alg' and 'pref_public_key_algs'      case proplists:get_value(public_key_alg, Os0) of -	undefined ->  +	undefined ->  	    Os0; -	A when is_atom(A) ->  +	A when is_atom(A) ->  	    %% Skip public_key_alg if pref_public_key_algs is defined:  	    Os = lists:keydelete(public_key_alg, 1, Os0),  	    case proplists:get_value(pref_public_key_algs,Os) of @@ -492,7 +491,7 @@ algs_compatibility(Os0) ->  		    [{pref_public_key_algs,['ssh-dss','ssh-rsa']} | Os];  		undefined ->  		    throw({error, {eoptions, {public_key_alg,A} }}); -		_ ->  +		_ ->  		    Os  	    end;  	V -> @@ -620,7 +619,7 @@ handle_ssh_option({silently_accept_hosts, Value} = Opt) when is_boolean(Value) -      Opt;  handle_ssh_option({user_interaction, Value} = Opt) when is_boolean(Value) ->      Opt; -handle_ssh_option({preferred_algorithms,[_|_]} = Opt) ->  +handle_ssh_option({preferred_algorithms,[_|_]} = Opt) ->      handle_pref_algs(Opt);  handle_ssh_option({dh_gex_groups,L0}) when is_list(L0) -> @@ -629,7 +628,7 @@ handle_ssh_option({dh_gex_groups,L0}) when is_list(L0) ->         lists:foldl(  	 fun({N,G,P}, Acc) when is_integer(N),N>0,  				is_integer(G),G>0, -				is_integer(P),P>0 ->  +				is_integer(P),P>0 ->  		 [{N,{G,P}} | Acc];  	    ({N,{G,P}}, Acc) when is_integer(N),N>0,  				  is_integer(G),G>0, @@ -637,7 +636,7 @@ handle_ssh_option({dh_gex_groups,L0}) when is_list(L0) ->  		 [{N,{G,P}} | Acc];  	    ({N,GPs}, Acc) when is_list(GPs) ->  		 lists:foldr(fun({Gi,Pi}, Acci) when is_integer(Gi),Gi>0, -						     is_integer(Pi),Pi>0 ->  +						     is_integer(Pi),Pi>0 ->  				     [{N,{Gi,Pi}} | Acci]  			     end, Acc, GPs)  	 end, [], L0))}; @@ -647,7 +646,7 @@ handle_ssh_option({dh_gex_groups,{Tag,File=[C|_]}}=Opt) when is_integer(C), C>0,  							      Tag == ssh_moduli_file ->      {ok,GroupDefs} =  	case Tag of -	    file ->  +	    file ->  		file:consult(File);  	    ssh_moduli_file ->  		case file:open(File,[read]) of @@ -672,14 +671,14 @@ handle_ssh_option({dh_gex_groups,{Tag,File=[C|_]}}=Opt) when is_integer(C), C>0,      catch  	_:_ ->  	    throw({error, {{eoptions, Opt}, "Bad format in file: "++File}}) -    end;	     -     +    end; + -handle_ssh_option({dh_gex_limits,{Min,Max}} = Opt) when is_integer(Min), Min>0,  +handle_ssh_option({dh_gex_limits,{Min,Max}} = Opt) when is_integer(Min), Min>0,  							is_integer(Max), Max>=Min ->      %% Server      Opt; -handle_ssh_option({dh_gex_limits,{Min,I,Max}} = Opt) when is_integer(Min), Min>0,  +handle_ssh_option({dh_gex_limits,{Min,I,Max}} = Opt) when is_integer(Min), Min>0,  							  is_integer(I),   I>=Min,  							  is_integer(Max), Max>=I ->      %% Client @@ -724,7 +723,7 @@ handle_ssh_option({keyboard_interact_fun, Value} = Opt) when is_function(Value,3      Opt;  handle_ssh_option({compression, Value} = Opt) when is_atom(Value) ->      Opt; -handle_ssh_option({exec, {Module, Function, _}} = Opt) when is_atom(Module),  +handle_ssh_option({exec, {Module, Function, _}} = Opt) when is_atom(Module),  							    is_atom(Function) ->      Opt;  handle_ssh_option({exec, Function} = Opt) when is_function(Function) -> @@ -772,7 +771,7 @@ handle_ssh_option({quiet_mode, Value} = Opt) when is_boolean(Value) ->      Opt;  handle_ssh_option({idle_time, Value} = Opt) when is_integer(Value), Value > 0 ->      Opt; -handle_ssh_option({rekey_limit, Value} = Opt) when is_integer(Value) ->  +handle_ssh_option({rekey_limit, Value} = Opt) when is_integer(Value) ->      Opt;  handle_ssh_option({id_string, random}) ->      {id_string, {random,2,5}}; %% 2 - 5 random characters @@ -814,11 +813,11 @@ handle_pref_algs({preferred_algorithms,Algs}) ->  	      of  		  DefAlgs -> handle_pref_alg(Key,Vals,DefAlgs)  	      catch -		  _:_ -> throw({error, {{eoptions, {preferred_algorithms,Key}},  +		  _:_ -> throw({error, {{eoptions, {preferred_algorithms,Key}},  					"Bad preferred_algorithms key"}})  	      end  || {Key,Vals} <- Algs]  	    }; -		     +  	Dups ->  	    throw({error, {{eoptions, {preferred_algorithms,Dups}}, "Duplicates found"}})      catch @@ -857,13 +856,13 @@ handle_pref_alg(Key,  	       ) ->      handle_pref_alg(Key, lists:reverse(Vs), Sup); -handle_pref_alg(Key,  +handle_pref_alg(Key,  		Vs=[V|_],  		Sup=[{client2server,_},{server2client,_}]  	       ) when is_atom(V) ->      handle_pref_alg(Key, [{client2server,Vs},{server2client,Vs}], Sup); -handle_pref_alg(Key,  +handle_pref_alg(Key,  		Vs=[V|_],  		Sup=[S|_]  	       ) when is_atom(V), is_atom(S) -> @@ -878,14 +877,14 @@ chk_alg_vs(OptKey, Values, SupportedValues) ->  	[] -> Values;  	Bad -> throw({error, {{eoptions, {OptKey,Bad}}, "Unsupported value(s) found"}})      end. -	     +  handle_ip(Inet) -> %% Default to ipv4      case lists:member(inet, Inet) of  	true ->  	    Inet;  	false ->  	    case lists:member(inet6, Inet) of -		true ->  +		true ->  		    Inet;  		false ->  		    [inet | Inet] @@ -916,8 +915,8 @@ directory_exist_readable(Dir) ->  	{error, Error} ->  	    {error, Error}      end. -		 -		     + +  collect_per_size(L) ->      lists:foldr( @@ -948,7 +947,7 @@ read_moduli_file(D, I, Acc) ->  		    read_moduli_file(D, I+1, Acc)  	    end      end. -			    +  handle_user_pref_pubkey_algs([], Acc) ->      {true, lists:reverse(Acc)};  handle_user_pref_pubkey_algs([H|T], Acc) -> @@ -963,7 +962,7 @@ handle_user_pref_pubkey_algs([H|T], Acc) ->  	    false      end. -fmt_host({A,B,C,D}) ->  +fmt_host({A,B,C,D}) ->      lists:concat([A,".",B,".",C,".",D]); -fmt_host(T={_,_,_,_,_,_,_,_}) ->  +fmt_host(T={_,_,_,_,_,_,_,_}) ->      lists:flatten(string:join([io_lib:format("~.16B",[A]) || A <- tuple_to_list(T)], ":")). diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 868f3a9181..4cd91177f6 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -127,7 +127,7 @@  	  recv_sequence = 0,  	  keyex_key,  	  keyex_info, -	  random_length_padding = 255, % From RFC 4253 section 6. +	  random_length_padding = 15, % From RFC 4253 section 6.  	  %% User auth  	  user, diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index fb5e086656..1dcf5d0708 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -264,12 +264,23 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,  			SessionId,   			#ssh{opts = Opts,  			     userauth_supported_methods = Methods} = Ssh) -> -    <<?BYTE(HaveSig), ?UINT32(ALen), BAlg:ALen/binary,  -     ?UINT32(KLen), KeyBlob:KLen/binary, SigWLen/binary>> = Data, -    Alg = binary_to_list(BAlg), + +    <<?BYTE(HaveSig), +      ?UINT32(ALen), BAlg:ALen/binary, +      Rest/binary>> = Data, + +    {KeyBlob,  SigWLen} =  +	case Rest of  +	    <<?UINT32(KLen0), KeyBlob0:KLen0/binary, SigWLen0/binary>> -> +		{KeyBlob0,  SigWLen0}; +	    <<>> -> +		{<<>>, <<>>} +	end, +      case HaveSig of  	?TRUE -> -	    case verify_sig(SessionId, User, "ssh-connection", Alg, +	    case verify_sig(SessionId, User, "ssh-connection",  +			    binary_to_list(BAlg),  			    KeyBlob, SigWLen, Opts) of  		true ->  		    {authorized, User,  @@ -284,7 +295,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User,  	?FALSE ->  	    {not_authorized, {User, undefined},  	     ssh_transport:ssh_packet( -	       #ssh_msg_userauth_pk_ok{algorithm_name = Alg, +	       #ssh_msg_userauth_pk_ok{algorithm_name = binary_to_list(BAlg),  				       key_blob = KeyBlob}, Ssh)}      end; diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index f9f4c82351..2eb29c9b32 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -60,7 +60,8 @@  	]).  %%% Behaviour callbacks --export([handle_event/4, terminate/3, format_status/2, code_change/4]). +-export([callback_mode/0, handle_event/4, terminate/3, +	 format_status/2, code_change/4]).  %%% Exports not intended to be used :). They are used for spawning and tests  -export([init_connection_handler/3,	   % proc_lib:spawn needs this @@ -338,6 +339,7 @@ renegotiate_data(ConnectionHandler) ->  	  ssh_params                            :: #ssh{}  						 | undefined,  	  socket                                :: inet:socket(), +	  sender :: pid() | undefined,  	  decrypted_data_buffer     = <<>>      :: binary(),  	  encrypted_data_buffer     = <<>>      :: binary(),  	  undecrypted_packet_length             :: undefined | non_neg_integer(), @@ -366,22 +368,21 @@ init_connection_handler(Role, Socket, Opts) ->  	{Protocol, Callback, CloseTag} =  	    proplists:get_value(transport, Opts, ?DefaultTransport),  	S0#data{ssh_params = init_ssh_record(Role, Socket, Opts), -		 transport_protocol = Protocol, -		 transport_cb = Callback, -		 transport_close_tag = CloseTag +		sender = spawn_link(fun() -> nonblocking_sender(Socket, Callback) end), +		transport_protocol = Protocol, +		transport_cb = Callback, +		transport_close_tag = CloseTag  		}      of  	S ->  	    gen_statem:enter_loop(?MODULE,  				  [], %%[{debug,[trace,log,statistics,debug]} || Role==server], -				  handle_event_function,  				  {hello,Role},  				  S)      catch  	_:Error ->  	    gen_statem:enter_loop(?MODULE,  				  [], -				  handle_event_function,  				  {init_error,Error},  				  S0)      end. @@ -504,6 +505,9 @@ init_ssh_record(Role, Socket, Opts) ->  %%% ######## Error in the initialisation #### +callback_mode() -> +    handle_event_function. +  handle_event(_, _Event, {init_error,Error}, _) ->      case Error of  	{badmatch,{error,enotconn}} -> @@ -523,7 +527,7 @@ handle_event(_, _Event, {init_error,Error}, _) ->  %% The very first event that is sent when the we are set as controlling process of Socket  handle_event(_, socket_control, {hello,_}, D) ->      VsnMsg = ssh_transport:hello_version_msg(string_version(D#data.ssh_params)), -    ok = send_bytes(VsnMsg, D), +    send_bytes(VsnMsg, D),      case inet:getopts(Socket=D#data.socket, [recbuf]) of  	{ok, [{recbuf,Size}]} ->  	    %% Set the socket to the hello text line handling mode: @@ -548,7 +552,7 @@ handle_event(_, {info_line,_Line}, {hello,Role}, D) ->  	server ->  	    %% But the client may NOT send them to the server. Openssh answers with cleartext,  	    %% and so do we -	    ok = send_bytes("Protocol mismatch.", D), +	    send_bytes("Protocol mismatch.", D),  	    {stop, {shutdown,"Protocol mismatch in version exchange. Client sent info lines."}}      end; @@ -563,7 +567,7 @@ handle_event(_, {version_exchange,Version}, {hello,Role}, D) ->  					 {active, once},  					 {recbuf, D#data.inet_initial_recbuf_size}]),  	    {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh1), -	    ok = send_bytes(SshPacket, D), +	    send_bytes(SshPacket, D),  	    {next_state, {kexinit,Role,init}, D#data{ssh_params = Ssh,  						     key_exchange_init_msg = KeyInitMsg}};  	not_supported -> @@ -581,7 +585,7 @@ handle_event(_, {#ssh_msg_kexinit{}=Kex, Payload}, {kexinit,Role,ReNeg},      Ssh1 = ssh_transport:key_init(peer_role(Role), D#data.ssh_params, Payload),      Ssh = case ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1) of  	      {ok, NextKexMsg, Ssh2} when Role==client -> -		  ok = send_bytes(NextKexMsg, D), +		  send_bytes(NextKexMsg, D),  		  Ssh2;  	      {ok, Ssh2} when Role==server ->  		  Ssh2 @@ -594,43 +598,43 @@ handle_event(_, {#ssh_msg_kexinit{}=Kex, Payload}, {kexinit,Role,ReNeg},  %%%---- diffie-hellman  handle_event(_, #ssh_msg_kexdh_init{} = Msg, {key_exchange,server,ReNeg}, D) ->      {ok, KexdhReply, Ssh1} = ssh_transport:handle_kexdh_init(Msg, D#data.ssh_params), -    ok = send_bytes(KexdhReply, D), +    send_bytes(KexdhReply, D),      {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), -    ok = send_bytes(NewKeys, D), +    send_bytes(NewKeys, D),      {next_state, {new_keys,server,ReNeg}, D#data{ssh_params=Ssh}};  handle_event(_, #ssh_msg_kexdh_reply{} = Msg, {key_exchange,client,ReNeg}, D) ->      {ok, NewKeys, Ssh} = ssh_transport:handle_kexdh_reply(Msg, D#data.ssh_params), -    ok = send_bytes(NewKeys, D), +    send_bytes(NewKeys, D),      {next_state, {new_keys,client,ReNeg}, D#data{ssh_params=Ssh}};  %%%---- diffie-hellman group exchange  handle_event(_, #ssh_msg_kex_dh_gex_request{} = Msg, {key_exchange,server,ReNeg}, D) ->      {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, D#data.ssh_params), -    ok = send_bytes(GexGroup, D), +    send_bytes(GexGroup, D),      {next_state, {key_exchange_dh_gex_init,server,ReNeg}, D#data{ssh_params=Ssh}};  handle_event(_, #ssh_msg_kex_dh_gex_request_old{} = Msg, {key_exchange,server,ReNeg}, D) ->      {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, D#data.ssh_params), -    ok = send_bytes(GexGroup, D), +    send_bytes(GexGroup, D),      {next_state, {key_exchange_dh_gex_init,server,ReNeg}, D#data{ssh_params=Ssh}};  handle_event(_, #ssh_msg_kex_dh_gex_group{} = Msg, {key_exchange,client,ReNeg}, D) ->      {ok, KexGexInit, Ssh} = ssh_transport:handle_kex_dh_gex_group(Msg, D#data.ssh_params), -    ok = send_bytes(KexGexInit, D), +    send_bytes(KexGexInit, D),      {next_state, {key_exchange_dh_gex_reply,client,ReNeg}, D#data{ssh_params=Ssh}};  %%%---- elliptic curve diffie-hellman  handle_event(_, #ssh_msg_kex_ecdh_init{} = Msg, {key_exchange,server,ReNeg}, D) ->      {ok, KexEcdhReply, Ssh1} = ssh_transport:handle_kex_ecdh_init(Msg, D#data.ssh_params), -    ok = send_bytes(KexEcdhReply, D), +    send_bytes(KexEcdhReply, D),      {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), -    ok = send_bytes(NewKeys, D), +    send_bytes(NewKeys, D),      {next_state, {new_keys,server,ReNeg}, D#data{ssh_params=Ssh}};  handle_event(_, #ssh_msg_kex_ecdh_reply{} = Msg, {key_exchange,client,ReNeg}, D) ->      {ok, NewKeys, Ssh} = ssh_transport:handle_kex_ecdh_reply(Msg, D#data.ssh_params), -    ok = send_bytes(NewKeys, D), +    send_bytes(NewKeys, D),      {next_state, {new_keys,client,ReNeg}, D#data{ssh_params=Ssh}}; @@ -638,9 +642,9 @@ handle_event(_, #ssh_msg_kex_ecdh_reply{} = Msg, {key_exchange,client,ReNeg}, D)  handle_event(_, #ssh_msg_kex_dh_gex_init{} = Msg, {key_exchange_dh_gex_init,server,ReNeg}, D) ->      {ok, KexGexReply, Ssh1} =  ssh_transport:handle_kex_dh_gex_init(Msg, D#data.ssh_params), -    ok = send_bytes(KexGexReply, D), +    send_bytes(KexGexReply, D),      {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), -    ok = send_bytes(NewKeys, D), +    send_bytes(NewKeys, D),      {next_state, {new_keys,server,ReNeg}, D#data{ssh_params=Ssh}}; @@ -648,7 +652,7 @@ handle_event(_, #ssh_msg_kex_dh_gex_init{} = Msg, {key_exchange_dh_gex_init,serv  handle_event(_, #ssh_msg_kex_dh_gex_reply{} = Msg, {key_exchange_dh_gex_reply,client,ReNeg}, D) ->      {ok, NewKeys, Ssh1} = ssh_transport:handle_kex_dh_gex_reply(Msg, D#data.ssh_params), -    ok = send_bytes(NewKeys, D), +    send_bytes(NewKeys, D),      {next_state, {new_keys,client,ReNeg}, D#data{ssh_params=Ssh1}}; @@ -660,7 +664,7 @@ handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,Role,init}, D) ->      Ssh = case Role of  	      client ->  		  {MsgReq, Ssh2} = ssh_auth:service_request_msg(Ssh1), -		  ok = send_bytes(MsgReq, D), +		  send_bytes(MsgReq, D),  		  Ssh2;  	      server ->  		  Ssh1 @@ -678,7 +682,7 @@ handle_event(_, Msg = #ssh_msg_service_request{name=ServiceName}, StateName = {s  	"ssh-userauth" ->  	    Ssh0 = #ssh{session_id=SessionId} = D#data.ssh_params,  	    {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), -	    ok = send_bytes(Reply, D), +	    send_bytes(Reply, D),  	    {next_state, {userauth,server}, D#data{ssh_params = Ssh}};  	_ -> @@ -690,7 +694,7 @@ handle_event(_, Msg = #ssh_msg_service_request{name=ServiceName}, StateName = {s  handle_event(_, #ssh_msg_service_accept{name = "ssh-userauth"}, {service_request,client},  	     #data{ssh_params = #ssh{service="ssh-userauth"} = Ssh0} = State) ->      {Msg, Ssh} = ssh_auth:init_userauth_request_msg(Ssh0), -    ok = send_bytes(Msg, State), +    send_bytes(Msg, State),      {next_state, {userauth,client}, State#data{auth_user = Ssh#ssh.user, ssh_params = Ssh}}; @@ -707,7 +711,7 @@ handle_event(_,  	    %% Probably the very first userauth_request but we deny unauthorized login  	    {not_authorized, _, {Reply,Ssh}} =  		ssh_auth:handle_userauth_request(Msg, Ssh0#ssh.session_id, Ssh0), -	    ok = send_bytes(Reply, D), +	    send_bytes(Reply, D),  	    {keep_state, D#data{ssh_params = Ssh}};  	{"ssh-connection", "ssh-connection", Method} -> @@ -717,7 +721,7 @@ handle_event(_,  		    %% Yepp! we support this method  		    case ssh_auth:handle_userauth_request(Msg, Ssh0#ssh.session_id, Ssh0) of  			{authorized, User, {Reply, Ssh}} -> -			    ok = send_bytes(Reply, D), +			    send_bytes(Reply, D),  			    D#data.starter ! ssh_connected,  			    connected_fun(User, Method, D),  			    {next_state, {connected,server}, @@ -725,11 +729,11 @@ handle_event(_,  				    ssh_params = Ssh#ssh{authenticated = true}}};  			{not_authorized, {User, Reason}, {Reply, Ssh}} when Method == "keyboard-interactive" ->  			    retry_fun(User, Reason, D), -			    ok = send_bytes(Reply, D), +			    send_bytes(Reply, D),  			    {next_state, {userauth_keyboard_interactive,server}, D#data{ssh_params = Ssh}};  			{not_authorized, {User, Reason}, {Reply, Ssh}} ->  			    retry_fun(User, Reason, D), -			    ok = send_bytes(Reply, D), +			    send_bytes(Reply, D),  			    {keep_state, D#data{ssh_params = Ssh}}  		    end;  		false -> @@ -1401,12 +1405,12 @@ fmt_stat_rec(FieldNames, Rec, Exclude) ->  		  state_name(),  		  #data{},  		  term() -		 ) -> {gen_statem:callback_mode(), state_name(), #data{}}. +		 ) -> {ok, state_name(), #data{}}.  %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .  code_change(_OldVsn, StateName, State, _Extra) -> -    {handle_event_function, StateName, State}. +    {ok, StateName, State}.  %%==================================================================== @@ -1428,18 +1432,15 @@ start_the_connection_child(UserPid, Role, Socket, Options) ->  %% Stopping  -type finalize_termination_result() :: ok . -finalize_termination(_StateName, #data{transport_cb = Transport, -				       connection_state = Connection, -				       socket = Socket}) -> -    case Connection of +finalize_termination(_StateName, D) -> +    case D#data.connection_state of  	#connection{system_supervisor = SysSup,  		    sub_system_supervisor = SubSysSup} when is_pid(SubSysSup) ->  	    ssh_system_sup:stop_subsystem(SysSup, SubSysSup);  	_ ->  	    do_nothing      end, -    (catch Transport:close(Socket)), -    ok. +    close_transport(D).  %%--------------------------------------------------------------------  %% "Invert" the Role @@ -1494,8 +1495,33 @@ send_msg(Msg, State=#data{ssh_params=Ssh0}) when is_tuple(Msg) ->      send_bytes(Bytes, State),      State#data{ssh_params=Ssh}. -send_bytes(Bytes, #data{socket = Socket, transport_cb = Transport}) -> -    Transport:send(Socket, Bytes). +send_bytes(Bytes, #data{sender = Sender}) -> +    Sender ! {send,Bytes}, +    ok. + +close_transport(D) -> +    D#data.sender ! close, +    ok. + + +nonblocking_sender(Socket, Callback) -> +    receive +	{send, Bytes} -> +	    case Callback:send(Socket, Bytes) of +	    	ok -> +	    	    nonblocking_sender(Socket, Callback); +	    	E = {error,_} -> +	    	    exit({shutdown,E}) +	    end; +	 +	close -> +	    case Callback:close(Socket) of +		ok -> +		    ok; +		E = {error,_} -> +	    	    exit({shutdown,E}) +	    end +    end.  handle_version({2, 0} = NumVsn, StrVsn, Ssh0) ->      Ssh = counterpart_versions(NumVsn, StrVsn, Ssh0), | 
